Considering that's kind of like saying that maybe life will evolve to live on the surface of our sun (this is actually slightly more likely than an organism evolving to utilize as power utilize an event that takes place once every thousands of millions of years and is every bit as hostile as the surface of our sun).
Yea, but it's also getting better. I have unlimited talk, text and 2.5GB of LTE, with unlimited after that. $40/mo (Straight Talk with discounts). Pretty close to what my friends who live in the EU pay if they get a plan that works everywhere in the continent. They can get cheaper ones that cover a limited area, but you can also do that in the states too. I'd personally just like more competition; the prices are actually coming down if you move off-carrier (similar to what is seen in Europe also).
A decent chunk of the money (but way less than half) gets distributed out to the industries that have to move out of this spectrum that they're allocating. There are *lots* of legacy users in this spectrum that will get a small chunk of this money to move out of this spectrum and into other spectrum. That's why these auctions can be so hellishly complicated; before it can even be auctioned, they have to find other spectrum available to move legacy users into, which might require an auction or consolidation itself, etc, etc. You really need a long-term plan to make these kinds of things happen. Some of these industries have been notified for nearly a decade now (if not longer) about their spectrum going away in the future, and hence they've planned for it and just need the money from the auction to wholesale upgrade their entire enterprise and their customers.
65MHz is TON of spectrum. Most LTE is operating on a couple of 10MHz chunks. 65MHz, nationwide is enough to start multiple *new* wireless companies. If it wasn't so impossible to actually build a competent telecom that can compete, we'd see a lot more interesting things happening here. Look at the continual T-Mobile and Sprint acquisition/merger talks to see that it would be a huge risk of $50B+ to try to start up a whole new carrier in the US. It would be amazing, but incredibly risky capital investment.
You just determine your own new epoch:) you're the only one that accurate to begin with, so make the magic number yourself. Obviously you keep it accurate with respect to other clocks, but you're now setting the specific epoch of that extra precision. Yes, time is relative -- you just need to have an agreement on it.
Set her up with Wifi calling and a small data/minutes SIM from T-Mobile for next to no cost to get her through the times when she is not at home with Wifi. Sounds like she's mostly at home, so take care of 90% of the needs with home internet + Wifi and then have a small $15/mo plan for when she's not at home.
I just posted this on Ars, but at least to me a distributed social network is screaming at Microsoft to be implemented. Let me explain:
They don't have a social network; I don't know if they want one, but they probably wouldn't *mind* one. More than wanting a social network, they probably wouldn't mind dishing out a bit of trouble to Google/Facebook.
They're also looking to transition everyone from licenses to yearly subscriptions, which lots of people are resisting. Microsoft also now has a very large, mature cloud.
Microsoft should make it so that if you pay for a Windows service that you get a small, configurable slice of the cloud. Then make it super easy to add services, and enable some by default. Make a distributed social media platform, or partner with some like WithKnown and establish an industry-wide API. Then enable it by default on the user's cloud account. Boom instant secure federate social media that the user controls, and Microsoft just enabled it. If successful, they also just increased their subscription rates and dealt a decent blow to Facebook and Google.
They could also do the same with basic webpages, email (for those paranoid, host your own Outlook.com instance), photo uploads, etc. That could be the hook to get onto the services and keep that service active and the money flowing. Honestly, I hate yearly subscriptions, but if someone had something like that set up, easy to use and administer I'd pay for that service. Hell, I'd even pay Microsoft which is something I really don't like doing.
I do wish Diaspora had taken off though. That seemed quite good. Needed a bit of polish, but definitely promising. Never got the critical mass though.
Yea, I wish that Diaspora wasn't Diaspora. It honestly was a bunch of guys without any idea of how to build a good, secure, scalable application trying to build one. That really poisoned the well for federated social network's. I gotta give it to the guys for coming up with the idea and generating the hype, and open sourcing the protocol. I was excited and willing to help out. But what they release was such a streaming pile that everyone whom looked at the source to help out (including me) after initial release pretty much thought the same thing about nuking it from orbit and starting from scratch really set back the entire concept. I definitely did not want to be part of a project and put my spare time into a project that was perpetually going to be in the headlines for security issues. Not worth the headache.
Are we sure that they're planning a true 50/50 or standard clinical trial?
In situations like this, you usually see a study that tries to use a "time as a placebo group" mechanism. Essentially, you give the damn vaccine to everyone, and see how mortality rates compare against what was happening before the vaccine. Obviously this is a bit complicated by improved public health awareness, improved standards of care, improved procedures, etc. It definitely muddies the study up somewhat, but you can still get the information needed about effectiveness of different candidate vaccines while still doing the morally correct thing.
I'd be surprised if using a time-based placebo concept or something very similar wasn't their plan.
They don't have it relatively tame. I've been stalked online, had my computer RAT'd, had personal threats and personal addresses posted and I'm a guy. Wasn't a big deal because well, I'm a guy -- I was at college and generally hung around with lots of other bros and lived in a dorm. Basic tribe logic indicated that unless that internet loner brought 20+ people to the party, I was going to be ok. But I've seen lots worse for women, and now that I'm a father of two little kids you can be damned sure that if something similar happened today that I would be a bit freaked out. I have a lot more pain points now.
But generally, women always have some of that vulnerability, and there are more creeps out there targeted the women than the men. I also sometimes post with female usernames to get answers quicker in a forum. Typically by the time I have answers, I also have 10+ PM's on the forum. Half of them are just endearing, sad nerds that you just feel for. But invariably, there's a couple of outright creep a-holes. I usually report those to the forum administrators.
You do realize that streaming video also includes online coursework, right? Like the exact type of thing that could improve your knowledge base, which leads to better jobs which leads to more money being made and more taxes being brought in? Streaming coursework is *huge* in a number of these countries, as it's one of the cheapest, most readily available ways to improve your lot in life.
You fail to realize that this is a product, and some of the scope of the device is defined by what the users do with it, intended or not. I regularly add featuresets or support use cases that are outside of the scope of our device, but are reasonable alternative use cases or scopes. If I didn't do that, and was super rigid and only stuck to our initial plans of the scope, then there wouldn't be much growth or new opportunity in our product.
I already plug up my "regular-ass" USB storage decies into Android via a USB OTG cable. I routinely mount my external 1TB drive into both my Android phone and tablet.
Now I do agree that making apps support use of that space would be nice, but right now all the music, movie, etc apps seem to support it. So, it's nice to be able to transfer across without a computer in the middle.
Good god, Fidelity kills me. Their password constraints are just arbitrary and crap and totally non-standard. Just waiting for them to get hit, because the password space compared to the number of users is a better ratio than just about anywhere else I can think of.
My guess is that they use that to actually minimize reception distance.
Fun fact: 63GHz is the peak of absorption by the atmosphere. So, when the US was designing low-observable links that they didn't want eavesdropped on, they used that spectrum.
Something similar could be happening here -- it's for devices in the room, and one way to ensure that you don't get room to room interference would be to use a frequency around 60GHz. Well, that and because it's fairly worthless to most major telecoms it's basically an open band.
To be fair, part of the "breaking" is not being able to de-duplicate data. Very large portions of what gets stored in the cloud is redundant. You might well have over 10 million copies of one song on a cloud service. If they're all encrypted with different keys you can't de-dupe and your storage needs rise by 10 million. Ditto for some email lists that millions subscribe to. If you can't de-dupe that email then you have a problem! Personally, I couldn't care less, but there at least is a technical argument. I'm really just waiting on a good private cloud that I can host and regularly backup the binary blob to an external server for redundancy. Maybe if Comcast ever gets off their asses I could have enough upstream to feasibly do something like that. Or if the solution is there, maybe I just upgrade to business class...
If you have half a cart or more of groceries it can easily be faster than the self checkout. The self-checkouts usually have space for 1, maybe 2 bags and flip out if you remove bags. Not to mention you're bagging 5-6 bags yourself.
The checkout line usually has a bagger that can bag as fast as they can scan them. In self checkout, I can do the same, but once you start having to shuffle bags you lose the efficiency. So, I just make the call based upon how many groceries I have (and whether I have a kid or not in my arms).
Well, when we invested over $300 billion of our money to get these companies to build networks out and get people access to standard internet like everyone else had. Then after they take your money and get a bunch of new subscribers decide to change how that network we just subsidized building with huge piles of cash and free usage of public rights of way (which can be a larger cost than the $300 billion we outright gave them) in order to make them more money and do a *worse* job of delivering the product to end customers that we just subsidized their build out to, it seems like we might want to have a conversation about whether that's reasonable or not.
Exactly. Good passwords are obscure enough that they make really, really good security. That's kind of my point that obscurity makes a good layer of security and shouldn't just be dismissed by people who like to say "security through obscurity is no security at all", which was what the OP was referring to when he said 'Slashdot users pretty regularly complain about this with bumper sticker wisdom about "security through obscurity"'.
Of course, bad passwords, like "password" even with salts makes pretty poor security, as when someone goes to generate a rainbow table (generally if they have your hash they also got enough access to get the salt too), that will be one of the first generated.
Furthermore, people inferred that there was probably a Xen vulnerability from Amazon's downtime, before the official announcement. So how, exactly, was that better than having the Xen project actually announce that fact, with or without details or a patch?
There was no inferring. Amazon made an oops in their announcement and said that it was due to a bug in Xen. If they hadn't named Xen, then people may have inferred Xen but not known. There are quite a few other parts of the stack that can require system reboots.
None of the other Xen hosts specified that it was a bug in Xen until the embargo was lifted, and Amazon has indicated that in the future they won't specify which part of the stack is making them do the reboot. AWS gives users notifications of reboots all the time for various reasons, so all that was out of the ordinary was that it was such a large reboot wave that they made an official announcement.
It seems all pretty reasonable to me. If known exploits are out there, or if the vulnerability is known then the fix gets published right away and there's no two-week embargo. But if it appears that no one else knows about this vulnerability, then the two-week wait seems to be a great policy. Give most people that can keep their mouths shut two weeks to get everything patched up and tested.
I get that a lot of people just chant the "security through obscurity" mantra, but obscurity really is a layer of security. It just shouldn't be your only defense. Hell, a password is a form of security through obscurity -- your salted password hash is just an obscured version of your password. So, as long as the obscurity is managed well, and in this case it appears to be, then we're good. Their document says that even small projects with no money can get on the pre-disclosure list.
Slashdot Mirror
Considering that's kind of like saying that maybe life will evolve to live on the surface of our sun (this is actually slightly more likely than an organism evolving to utilize as power utilize an event that takes place once every thousands of millions of years and is every bit as hostile as the surface of our sun).
Aka, they're not really talking out their asses.
Yea, but it's also getting better. I have unlimited talk, text and 2.5GB of LTE, with unlimited after that. $40/mo (Straight Talk with discounts). Pretty close to what my friends who live in the EU pay if they get a plan that works everywhere in the continent. They can get cheaper ones that cover a limited area, but you can also do that in the states too. I'd personally just like more competition; the prices are actually coming down if you move off-carrier (similar to what is seen in Europe also).
A decent chunk of the money (but way less than half) gets distributed out to the industries that have to move out of this spectrum that they're allocating. There are *lots* of legacy users in this spectrum that will get a small chunk of this money to move out of this spectrum and into other spectrum. That's why these auctions can be so hellishly complicated; before it can even be auctioned, they have to find other spectrum available to move legacy users into, which might require an auction or consolidation itself, etc, etc. You really need a long-term plan to make these kinds of things happen. Some of these industries have been notified for nearly a decade now (if not longer) about their spectrum going away in the future, and hence they've planned for it and just need the money from the auction to wholesale upgrade their entire enterprise and their customers.
65MHz is TON of spectrum. Most LTE is operating on a couple of 10MHz chunks. 65MHz, nationwide is enough to start multiple *new* wireless companies. If it wasn't so impossible to actually build a competent telecom that can compete, we'd see a lot more interesting things happening here. Look at the continual T-Mobile and Sprint acquisition/merger talks to see that it would be a huge risk of $50B+ to try to start up a whole new carrier in the US. It would be amazing, but incredibly risky capital investment.
You just determine your own new epoch :) you're the only one that accurate to begin with, so make the magic number yourself. Obviously you keep it accurate with respect to other clocks, but you're now setting the specific epoch of that extra precision. Yes, time is relative -- you just need to have an agreement on it.
LOL @ Straight Talk. Your data just stops working at the cap with Straight Talk.
No it doesn't. It just slows down.
Set her up with Wifi calling and a small data/minutes SIM from T-Mobile for next to no cost to get her through the times when she is not at home with Wifi. Sounds like she's mostly at home, so take care of 90% of the needs with home internet + Wifi and then have a small $15/mo plan for when she's not at home.
I just posted this on Ars, but at least to me a distributed social network is screaming at Microsoft to be implemented. Let me explain:
They don't have a social network; I don't know if they want one, but they probably wouldn't *mind* one. More than wanting a social network, they probably wouldn't mind dishing out a bit of trouble to Google/Facebook.
They're also looking to transition everyone from licenses to yearly subscriptions, which lots of people are resisting. Microsoft also now has a very large, mature cloud.
Microsoft should make it so that if you pay for a Windows service that you get a small, configurable slice of the cloud. Then make it super easy to add services, and enable some by default. Make a distributed social media platform, or partner with some like WithKnown and establish an industry-wide API. Then enable it by default on the user's cloud account. Boom instant secure federate social media that the user controls, and Microsoft just enabled it. If successful, they also just increased their subscription rates and dealt a decent blow to Facebook and Google.
They could also do the same with basic webpages, email (for those paranoid, host your own Outlook.com instance), photo uploads, etc. That could be the hook to get onto the services and keep that service active and the money flowing. Honestly, I hate yearly subscriptions, but if someone had something like that set up, easy to use and administer I'd pay for that service. Hell, I'd even pay Microsoft which is something I really don't like doing.
I do wish Diaspora had taken off though. That seemed quite good. Needed a bit of polish, but definitely promising. Never got the critical mass though.
Yea, I wish that Diaspora wasn't Diaspora. It honestly was a bunch of guys without any idea of how to build a good, secure, scalable application trying to build one. That really poisoned the well for federated social network's. I gotta give it to the guys for coming up with the idea and generating the hype, and open sourcing the protocol. I was excited and willing to help out. But what they release was such a streaming pile that everyone whom looked at the source to help out (including me) after initial release pretty much thought the same thing about nuking it from orbit and starting from scratch really set back the entire concept. I definitely did not want to be part of a project and put my spare time into a project that was perpetually going to be in the headlines for security issues. Not worth the headache.
Are we sure that they're planning a true 50/50 or standard clinical trial?
In situations like this, you usually see a study that tries to use a "time as a placebo group" mechanism. Essentially, you give the damn vaccine to everyone, and see how mortality rates compare against what was happening before the vaccine. Obviously this is a bit complicated by improved public health awareness, improved standards of care, improved procedures, etc. It definitely muddies the study up somewhat, but you can still get the information needed about effectiveness of different candidate vaccines while still doing the morally correct thing.
I'd be surprised if using a time-based placebo concept or something very similar wasn't their plan.
Don't try to apply logic to ITAR. Just don't.
They don't have it relatively tame. I've been stalked online, had my computer RAT'd, had personal threats and personal addresses posted and I'm a guy. Wasn't a big deal because well, I'm a guy -- I was at college and generally hung around with lots of other bros and lived in a dorm. Basic tribe logic indicated that unless that internet loner brought 20+ people to the party, I was going to be ok. But I've seen lots worse for women, and now that I'm a father of two little kids you can be damned sure that if something similar happened today that I would be a bit freaked out. I have a lot more pain points now.
But generally, women always have some of that vulnerability, and there are more creeps out there targeted the women than the men. I also sometimes post with female usernames to get answers quicker in a forum. Typically by the time I have answers, I also have 10+ PM's on the forum. Half of them are just endearing, sad nerds that you just feel for. But invariably, there's a couple of outright creep a-holes. I usually report those to the forum administrators.
You do realize that streaming video also includes online coursework, right? Like the exact type of thing that could improve your knowledge base, which leads to better jobs which leads to more money being made and more taxes being brought in? Streaming coursework is *huge* in a number of these countries, as it's one of the cheapest, most readily available ways to improve your lot in life.
You fail to realize that this is a product, and some of the scope of the device is defined by what the users do with it, intended or not. I regularly add featuresets or support use cases that are outside of the scope of our device, but are reasonable alternative use cases or scopes. If I didn't do that, and was super rigid and only stuck to our initial plans of the scope, then there wouldn't be much growth or new opportunity in our product.
I already plug up my "regular-ass" USB storage decies into Android via a USB OTG cable. I routinely mount my external 1TB drive into both my Android phone and tablet.
Now I do agree that making apps support use of that space would be nice, but right now all the music, movie, etc apps seem to support it. So, it's nice to be able to transfer across without a computer in the middle.
Exactly. There need to be better hooks. I'd love for KeePass or similar to be able to hook into Chrome securely or something like that.
Good god, Fidelity kills me. Their password constraints are just arbitrary and crap and totally non-standard. Just waiting for them to get hit, because the password space compared to the number of users is a better ratio than just about anywhere else I can think of.
My guess is that they use that to actually minimize reception distance.
Fun fact: 63GHz is the peak of absorption by the atmosphere. So, when the US was designing low-observable links that they didn't want eavesdropped on, they used that spectrum.
Something similar could be happening here -- it's for devices in the room, and one way to ensure that you don't get room to room interference would be to use a frequency around 60GHz. Well, that and because it's fairly worthless to most major telecoms it's basically an open band.
To be fair, part of the "breaking" is not being able to de-duplicate data. Very large portions of what gets stored in the cloud is redundant. You might well have over 10 million copies of one song on a cloud service. If they're all encrypted with different keys you can't de-dupe and your storage needs rise by 10 million. Ditto for some email lists that millions subscribe to. If you can't de-dupe that email then you have a problem! Personally, I couldn't care less, but there at least is a technical argument. I'm really just waiting on a good private cloud that I can host and regularly backup the binary blob to an external server for redundancy. Maybe if Comcast ever gets off their asses I could have enough upstream to feasibly do something like that. Or if the solution is there, maybe I just upgrade to business class...
If you have half a cart or more of groceries it can easily be faster than the self checkout. The self-checkouts usually have space for 1, maybe 2 bags and flip out if you remove bags. Not to mention you're bagging 5-6 bags yourself.
The checkout line usually has a bagger that can bag as fast as they can scan them. In self checkout, I can do the same, but once you start having to shuffle bags you lose the efficiency. So, I just make the call based upon how many groceries I have (and whether I have a kid or not in my arms).
Well, when we invested over $300 billion of our money to get these companies to build networks out and get people access to standard internet like everyone else had. Then after they take your money and get a bunch of new subscribers decide to change how that network we just subsidized building with huge piles of cash and free usage of public rights of way (which can be a larger cost than the $300 billion we outright gave them) in order to make them more money and do a *worse* job of delivering the product to end customers that we just subsidized their build out to, it seems like we might want to have a conversation about whether that's reasonable or not.
Exactly. Good passwords are obscure enough that they make really, really good security. That's kind of my point that obscurity makes a good layer of security and shouldn't just be dismissed by people who like to say "security through obscurity is no security at all", which was what the OP was referring to when he said 'Slashdot users pretty regularly complain about this with bumper sticker wisdom about "security through obscurity"'.
Of course, bad passwords, like "password" even with salts makes pretty poor security, as when someone goes to generate a rainbow table (generally if they have your hash they also got enough access to get the salt too), that will be one of the first generated.
Furthermore, people inferred that there was probably a Xen vulnerability from Amazon's downtime, before the official announcement. So how, exactly, was that better than having the Xen project actually announce that fact, with or without details or a patch?
There was no inferring. Amazon made an oops in their announcement and said that it was due to a bug in Xen. If they hadn't named Xen, then people may have inferred Xen but not known. There are quite a few other parts of the stack that can require system reboots.
None of the other Xen hosts specified that it was a bug in Xen until the embargo was lifted, and Amazon has indicated that in the future they won't specify which part of the stack is making them do the reboot. AWS gives users notifications of reboots all the time for various reasons, so all that was out of the ordinary was that it was such a large reboot wave that they made an official announcement.
No money is required to be a member of the pre-disclosure list.
It seems all pretty reasonable to me. If known exploits are out there, or if the vulnerability is known then the fix gets published right away and there's no two-week embargo. But if it appears that no one else knows about this vulnerability, then the two-week wait seems to be a great policy. Give most people that can keep their mouths shut two weeks to get everything patched up and tested.
I get that a lot of people just chant the "security through obscurity" mantra, but obscurity really is a layer of security. It just shouldn't be your only defense. Hell, a password is a form of security through obscurity -- your salted password hash is just an obscured version of your password. So, as long as the obscurity is managed well, and in this case it appears to be, then we're good. Their document says that even small projects with no money can get on the pre-disclosure list.