...motorized self-launching glider. That's an application for which 30-ish minutes of power would be just fine, and an electric motor plus NiCad pack of batteries may well beat out a gas motor plus fuel on weight. Additionally, there would likely be greater reliability for a high-altitude restart. Make it sexy like a Stemme S10 and you're in business!
I'll have to go read up on my copy of FAR/AIM, but a 30 minute cruise... for anything other than a developer-owned experimental, I'm not 100% sure that would even be legal for sale, even as a kit. It would certainly never make IFR, as that has a next-airport-plus 45-minute reserve hard requirement (FAR 91.167) regardless of commercial-vs-experimental status. Yes, I know, it's a development vehicle, not intended for sale. A little ways to go.
Climb is 1000 feet per minute. That would be under full power, which aerobatics would also almost certainly be under. So assuming you want a good 5000 feet of "oops" between you and a dirt-nap, that's 5 minutes burned in climb, leaving 10 minutes of playtime (they mention 15 minutes of "aerobatics power"), assuming you're fine with a glide home. Any retired Komet pilots or BD5-J jockeys out there want to give this one a shot?:) That being said, I'd have no hesitation to fly an all-electric as long as it has been demonstrated to have a good 5000-hour MTBF and 4 hours plus IFR reserve in real-world at-altitude conditions.
It's an interesting development on a path to all-electric or hybrid manned flight, certainly a milestone to be proud of, but I'll stick with a 172 until my RV10 is finished...
What do you suggest? Hire everybody then fire most? HR doesn't decide who's in. They just do the paperwork. The hiring manager, with input from their team, does.
Yes, we have a coding test, even for QA. We also do background checks to weed out people who are argumentative, confrontational, slackers, or can't stay on the good side of the law (meaning real crimes, not irrelevant stuff like "caught with a lid in college"). We have plenty of ways of knowing they're good before we hire them. So do most companies. It's not rocket science (unless that's the position, of course).
It's not "talking out of my ass", thank you very much.
As for "written entirely by themselves"... coders who have never had to work on a team, work on others' code, or have others work on their code will have a very bad time on a team of more than one. You have to be able to write to coding standards that differ from your personal habits whether you like it or not, you have to be able to read code written in a style other than your own, you have to produce code others can understand and maintain, and you have to do it without turning into Smartass Simpsons Comic Book Guy. Doing it all yourself demonstrates very little of that. A REAL coding test would be to hand someone existing, broken code and tell them to fix it, in the coding style shown... without bitching.
If someone is a standalone coder, then they're not interviewing anyway since they're already working for themself, right? Then they can be as prima dona as they like. Anybody else, check your ego at the door.
When I interview, I am on the lookout for more than just raw skills. I look for Apple haters. They don't get hired. I look for Windows haters. They don't get hired. I look for people who turn into raging assholes on hour fourteen in a row on the Sunday night before release. They don't get hired. Not being a jerk is a requirement, not an "plus", and that is not negotiable. And not to put too fine a point on it, I also look for people who think they know what "bullshit psuedo-qualifications ultimately don't matter". They don't get hired here either.
Agreed. Six percent? One in eighteen? Consider the people whom you know who are out of work. Are there at least one out of eighteen whose behavior or lack of skills means they're unemployed for a REASON? Consider the people whom you know who do have work. Are at least one of eighteen of those people whom you think are more of a liability than an asset?
I know several IT/engineering folks who are out of work. With perhaps one exception, I wouldn't hire any of the individuals in question. They're slackers, or in way over their heads, or behave badly in a professional environment. Sure, I'd have a beer with 'em, but hire them? No. That's a higher standard. Wages don't have anything to do with it; the people in question I wouldn't take on at any price.
Tech is doing just fine, at least here in San Jose. I get daily emails or calls from recruiters, my company has unfilled jobs (and is offering a bounty for referrals), and I know that others have the same experience. I'm no hot-shot super-star either, I'm almost 50 (so it's not a cheap-because-I'm-young factor) and it surely isn't because of my looks. I read the required H1B notices that get pinned to the break-room cork board that include the position and salary; we are certainly not lowballing imported labor (I have yet to see one that was less than six figures).
The fact is that a company's Board of Directors answers to the shareholders, not the employees. The shareholders elect... and unelect... the board. Employees don't. Right or wrong, that's reality.
They know which side their bread is buttered on.
And frankly, I'd MUCH rather the Board was elected by shareholders, who have a financial interest in the company's long term well-being even if it means rough times for the workers; at least the company will survive to continue to have those jobs years from now. If employees elected the board, they'd pack it full of people who would give 32-hour weeks, 50% pay raises, 8 weeks of vacation, and a termination process so lengthy and convoluted that for practical purposes you can't be fired. The company would be bankrupt in months, and somehow that would be "management's fault".
If you're in Canada you can say "American society is so inferior to ours" to your friends as you drive south to receive quality medical care, and whoever agrees with you...
Not to put too fine a point on it, but is anyone surprised that the government of Australia is making (more) stone-age-stupid decisions regarding technology? Their track record on all things related to high tech demonstrates institutionalized ignorance. This is just another example of Australia's willful lack of understanding of the modern Internet-enabled world.
We'll just add this one to the list.
Re:Seymour Cray and Steve Jobs
on
Homebrew Cray-1
·
· Score: 1
This may be just a story or it may be the real deal. The folks I heard it from were in a position to know, so I favor the latter. Perhaps someone out there can be more certain on this.
Apple's Cray was used, among other things, to simulate plastic-flow and cooling for injection molding tasks. This was necessary because injection-molding complex shapes such that they did not have internal cleave-planes from cooling molten plastic from one injector coming into contact with cooling molten plastic from another injector (is) was very difficult, particularly in the mid-80s. Trial-and-error iterations is a bloody expensive way to go about developing injection-molding tooling; simulation of this sort of fluid-dynamics/thermodynamics problem is computationally expensive. Using the Cray was cheaper, though, than the cost of trial-and-error and low yield rates.
Insert comments about the annoying difficulty of cracking open an original Mac case here. You're on your own for Apple-hate.
Re:The originals really are something else
on
Homebrew Cray-1
·
· Score: 1
Anyhow, after that I sat on the couch. It was not comfy.
I guess the measure of the comfort of integrated seating on supercomputers is a kind of "bench"mark...
Learn to read. I did not mention the court. I did not mention the judge. I mentioned the good-for-nothing plaintiff and his good-for-nothing lawyer. My post is entirely about the motive for the lawsuit and its lack of merit.
The court has to function within the framework that others create for it. Tort reform must originate in the legislative branch, not the judicial. The judge is doing what he can in a broken system.
The headline should read "NCSoft Sued For Having Money And Coming To The Attention Of A Liability Lawyer".
The "plaintiff" has already demonstrated a complete disregard for concepts of personal responsibility or a work ethic. This is the exact personality-type which engages in lawsuits like this, hoping to never have to work again (as if they'd ever worked before). And of course there are always lawyers with an equally-commendable outlook on life willing to collect 40% of an ill-gotten settlement.
If there was ever an archetype of why we need tort reform, this is it.
The chief concern with RFID tags like this isn't that some passerby can trigger your RFID tag to cough up a number; that's possible but impractical. The risk is that someone can point a directional antenna at a point where the RFID tag is activated by its intended use at a predicable location, and passively collect the transaction. Examples: FastTrax, PayWave, RFID passports
PayWave uses a 13.56 MHz transceiver frequency. This is about a 25 meter wavelength, so a high-gain directional antenna would be pretty obvious (rule of thumb: antenna size is one quarter or one half the wavelength of the frequency in question). The antenna systems used in PayWave are extremely inefficient, but when the range is almost "touch", that's not a bug, it's a feature. Adjacent registers with PayWave won't be interfering with each other or reading each others' transactions. However, RFID systems that use the 900MHz band are another matter. 900MHz has a wavelength of about 33cm/13 inches. A high-gain directional antenna would be about six inches wide, and anywhere from six to twenty-four inches long, producing 12dBd or better of gain for the longer size. It's not hard to conceal something like that in a tree aimed at a 7-11, or in a radio-neutral briefcase in an airport aimed at the passport-checking station at the security point.
So yes, bad guys can easily see the transaction, depending upon the wavelength used. The security is in the encryption of the transaction (or lack thereof). If the RFID device just pukes it's ID when tickled, that's bad. If there is a challenge-and-response cycle, not quite as worrying as you'd need many transactions recorded for a single device to crack it, though with keyless car entry systems, that's already happened (see http://www.cosic.esat.kuleuven.be/keeloq/keeloq-rump.pdf ).
Like almost anything else, it's all about implementation. You can never assume the transport between two devices is absolutely secure, and RFID is most definitely not an exception; indeed, it's the poster-child.
Too bad this is an entitlement generation who don't feel they should face any consequences for their actions.
Don't worry, that's going to go away with the next major economic disaster.
The next major economic disaster IS entitlement, and the hijacking of police guns to take money out of productive people's pocket to put into nonproductive pockets. Don't believe it's a police/lethal force issue? See who actually physically removes you from your home and what force is used to back up that eviction if you refuse to pay your taxes and your house is seized.
At least we're not the only ones with absolutely insane climate change related conspiracy theories.
We leave it as an exercise to the reader to determine which "side" the lunatic conspiracy theories are on (hint: BOTH)
Side note: HAARP is right up there with Area 51 and the residents of Sebastopol (the Northern Californian one) in promoting sales of aluminum foil hats.
And, of course, if you're running a turbo with about 20 pounds of boost... Talisker 10. If that don't kick your car in the teeth, nothing will.
Mind you, none of this is really all that new to the automotive industry. I mean, Irish whiskey has been good only for washing engine parts for years now... and this is the part where I go run and hide from offended Bushmill's partisans
So here's a question. If people are concerned about the magnitude of the sentence, what's the REAL problem? Some people say "others got light sentences so he should too"... I would ask "is the real problem that others' sentences were too light and this is the first time the punishment fit the crime?"
Now, whether Childs is actually guilty of a crime is another matter. I wasn't in the jury; neither was anyone else here. We don't have all the facts, and the facts we ARE seeing are carefully picked by people with an (understandable) bias. A jury has convicted him of essentially holding a city's IT infrastructure hostage, and if he is in fact guilty of that, probation or "time served" is inadequate. If he's guilty, I believe the sentence is wholly appropriate, and may even be on the light side. If he was, in fact, concerned about IT security, he certainly bungled how he handled it and certainly forced a lot of spending, but would be lacking the "guilty mind" that the law requires for a conviction of this sort.
What it all comes down to is intention. If he intended something malicious, the sentence is entirely appropriate. If he did not, he should not serve any prison at all. There's really not a lot of room for gray areas here.
As for the City of San Francisco being "as guilty"... well, yeah. Maybe someone should be sharing a cell with Childs. That's a separate matter, though. If Childs was malicious, it doesn't let him off the hook. And if Childs wasn't malicious, it doesn't excuse how he handled it. The smart play would have been to immediately give the passwords (and the reason for holding them, as well as the modems) to the FBI and then let the city and feds slug it out. The fact that he did nothing of the sort is probably what convinced the jury that there was malice, and therefore the "guilty mind". Whatever else Childs may or may not be, he handled this whole thing like an idiot.
Granted, an argument in favor:) With that sort of competition the FCC could become paralyzed with internal infighting between industry shills, and we'd achieve that wonderful state envisioned by the Constitution, "Congress shall make no law..."
1. If the FCC is allowed to regulate speed, it establishes an argument that they are allowed to regulate everything else, including content, rates, policies, contracts, and who owns the infrastructure that has already been paid for by a private entity.
2. If the FCC establishes "minimum service standards" and "maximum service standards", ISPs will deliver the minimum and not one byte more. Why should they do anything else? If they're in compliance, they cannot be displaced, as nobody else will enter into competition. I certainly wouldn't invest in a company trying to compete with an established player in a fully-regulated business that requires a significant infrastructure.
Do you like your cell phone service? That's exactly what your Internet service will resemble.
As a ham radio operator ("Extra" license), I've seen firsthand and experienced firsthand just how well the FCC protects the "public interest". They don't. The FCC in all cases sides against the general public and with major communications businesses, and once the FCC has authority to decide who is allowed to offer what bandwidth to whom, they will be back to their normal modus operandi: taking services, bandwidth, and other allocations from public use to give to the fattest lobbyists, or in this case crafting law and policy to favor established players (thus preventing new competition). A leopard doesn't change his spots just because it's in a new place, and the FCC will not change its essential character just because it's been granted sweeping new authority where before it had none.
It comes down to this: with government authority, there's no such thing as "just a little regulation", and with public utilities you get the minimum mandated and nothing more. I'd love to see an exception, but as far as I know, there is none. Why is this different?
What's the difference between "malicious" and "beneficial", when it comes to software?
Just about every "malicious" action that malware takes is not "malicious" for what it actually does (set cookies, record passwords, send data in response to user actions, create accounts, encrypt things). All of these things are also functions you sometimes want software to do. The maliciousness is in who data gets sent to, whether it does one thing when it presented another thing in the UI, or if it's not announced. Therefore, how can you programmatically tell malware from not-malware? You can't. And therefore, if the user has the ability to install software, all you have to do to get malware onto a device is lie about it.
Malware isn't defined by what it does. It's defined by deception and lack of consent, and only by deception and lack of consent.
And if you want widespread adoption of your malware? Just wait. Make the "trojan" part of the malware (the game, app, etc.) useful, and do ONLY that part, for a while. Don't start stealing passwords until 6 months later. Include the encryption-extortware in the 3.2 update. Cache the keystrokes and send them only when you embed a keyphrase in your product website, and upload them during an "expected" transaction such as an upgrade or content download. Build the reputation for trust and the block of reviews saying "it's never caused me trouble", then cash it in all at once.
Short of human review of the software in question prior to general availability, you're screwed. (Even then you might be, as human review isn't infallable, but it's certainly not useless) With this in mind, whether you agree that it's worth the hassle/restrictions or not, isn't Apple's AppStore strategy just a little more understandable from an objective point of view?
Maybe it's not ALL about moustache-twirling and staking out new liver donors. Maybe, just maybe, at least part of Apple's "walled garden" motives are benevolent. Maybe it's not a simple question, but a complex one, requiring not simple answers, but complex and rigorous thought. And maybe it's not black-and-white, but shades of gray with the weighting different for every user.
In 1996, everyone was much less sophisticated in their understanding of IP networking and its exploitability (as evidenced by me having an open relay, no firewall, and all hosts fully exposed to the Internet without NAT). We look upon it in horror now, a decade and a half since, but consider. What network security practices did ANYONE have, other than "have good passwords and don't have your FTP incoming directory world-writable"? Who had a firewall in their house? Linux was on kernel 1.1, and few had even heard of it. SCO still had more engineers than lawyers. Steve Jobs still had a spleen. Network access was dialup or if you were lucky ISDN (except for people with big NerdPeens). Windows was on Win95 (with the worst TCP/IP stack in the history of everything, prompting many people to download replacement stacks).
Yeah, the instructor wasn't all that good. In fairness, neither was anyone else. The story does not reflect what training our best information warfare specialists ARE receiving; it's what ordinary Air Force net admins were being taught when the whole concept of the Internet being open to anyone but universities and the DoD was still a fresh idea.
We've learned quite a bit in 14 years. I'm a little wiser, and it's a good bet that the gentlecritters at Langley are a LOT wiser.
A long while ago (about 1996) I noticed unusual traffic coming in to my hobbyist server. Things that nowadays are just part of the background noise: port scans, SYNs to nonexistant hosts (I had a/28 block on a fractional T1. NerdPeen ACTIVATE!), that sort of thing. The source IP address in question then crawled my website and connected to my SMTP server and sent mail to itself (wisdom such as "don't be an open relay" was not widespread at the time... my diagnosic skills were better than my security skills at the time).
A few nslookups and whois later, and a traceroute or two, and I was at Langley. Huh. Was someone there doing something? Or was it spoofed in some way? It's not like I had ever done anything interesting in my life other than flip a significantly-non-stock VW Rabbit onto its roof and host a website for friends to post their dirty pictures. Hmmm, maybe that was it. 007 wanted pr0n!
A few emails and one phone call later and I was talking to an instructor at Langley who was teaching basic network forensics. He said they were choosing random domains then learning what they could about them and presenting that knowledge as a classroom exercise, and apologized if their was any disruption; he said it was only an attempt to do basic recon of non-NATted networks, not penetration (insert joke here). My response was something to the effect of "OK, no problem, I understand. But... I noticed. I shouldn't have. And I'm a total amateur at this. If your students are going to be able to do their jobs, they need to be less obvious about it."
If you find a BatBug on your car, the cops need to know of their incompetence. Then send it to Gizmodo!
Personally, I'm much more interested in the extent to which this decision will allow nVidia to make motherboard chipsets for current (post-Socket 775) and future Intel CPUs. Intel needs some competition in that space, and the market needs some chipsets for Core i(3-5-7-?) CPUs that have serious integrated graphics capability. I'd love to see, for instance, a motherboard that uses Socket 1156 processors with an integrated-into-chipset GT 240-class GPU in ITX form factor. That would be rockin for an HTPC/compact PC build.
The bit about shooting exclusives in the head is nice and all, but as a build-it-yourself guy, I've always been able to build an AMD-based system whenever I felt like it. Certainly the bulk of the market (which buys prebuilt systems) is more important, but we all care about what affects us personally the most:)
Slashdot Mirror
...motorized self-launching glider. That's an application for which 30-ish minutes of power would be just fine, and an electric motor plus NiCad pack of batteries may well beat out a gas motor plus fuel on weight. Additionally, there would likely be greater reliability for a high-altitude restart. Make it sexy like a Stemme S10 and you're in business!
I'll have to go read up on my copy of FAR/AIM, but a 30 minute cruise... for anything other than a developer-owned experimental, I'm not 100% sure that would even be legal for sale, even as a kit. It would certainly never make IFR, as that has a next-airport-plus 45-minute reserve hard requirement (FAR 91.167) regardless of commercial-vs-experimental status. Yes, I know, it's a development vehicle, not intended for sale. A little ways to go.
Climb is 1000 feet per minute. That would be under full power, which aerobatics would also almost certainly be under. So assuming you want a good 5000 feet of "oops" between you and a dirt-nap, that's 5 minutes burned in climb, leaving 10 minutes of playtime (they mention 15 minutes of "aerobatics power"), assuming you're fine with a glide home. Any retired Komet pilots or BD5-J jockeys out there want to give this one a shot? :) That being said, I'd have no hesitation to fly an all-electric as long as it has been demonstrated to have a good 5000-hour MTBF and 4 hours plus IFR reserve in real-world at-altitude conditions.
It's an interesting development on a path to all-electric or hybrid manned flight, certainly a milestone to be proud of, but I'll stick with a 172 until my RV10 is finished...
What do you suggest? Hire everybody then fire most? HR doesn't decide who's in. They just do the paperwork. The hiring manager, with input from their team, does.
Yes, we have a coding test, even for QA. We also do background checks to weed out people who are argumentative, confrontational, slackers, or can't stay on the good side of the law (meaning real crimes, not irrelevant stuff like "caught with a lid in college"). We have plenty of ways of knowing they're good before we hire them. So do most companies. It's not rocket science (unless that's the position, of course).
It's not "talking out of my ass", thank you very much.
As for "written entirely by themselves"... coders who have never had to work on a team, work on others' code, or have others work on their code will have a very bad time on a team of more than one. You have to be able to write to coding standards that differ from your personal habits whether you like it or not, you have to be able to read code written in a style other than your own, you have to produce code others can understand and maintain, and you have to do it without turning into Smartass Simpsons Comic Book Guy. Doing it all yourself demonstrates very little of that. A REAL coding test would be to hand someone existing, broken code and tell them to fix it, in the coding style shown... without bitching.
If someone is a standalone coder, then they're not interviewing anyway since they're already working for themself, right? Then they can be as prima dona as they like. Anybody else, check your ego at the door.
When I interview, I am on the lookout for more than just raw skills. I look for Apple haters. They don't get hired. I look for Windows haters. They don't get hired. I look for people who turn into raging assholes on hour fourteen in a row on the Sunday night before release. They don't get hired. Not being a jerk is a requirement, not an "plus", and that is not negotiable. And not to put too fine a point on it, I also look for people who think they know what "bullshit psuedo-qualifications ultimately don't matter". They don't get hired here either.
Agreed. Six percent? One in eighteen? Consider the people whom you know who are out of work. Are there at least one out of eighteen whose behavior or lack of skills means they're unemployed for a REASON? Consider the people whom you know who do have work. Are at least one of eighteen of those people whom you think are more of a liability than an asset?
I know several IT/engineering folks who are out of work. With perhaps one exception, I wouldn't hire any of the individuals in question. They're slackers, or in way over their heads, or behave badly in a professional environment. Sure, I'd have a beer with 'em, but hire them? No. That's a higher standard. Wages don't have anything to do with it; the people in question I wouldn't take on at any price.
Tech is doing just fine, at least here in San Jose. I get daily emails or calls from recruiters, my company has unfilled jobs (and is offering a bounty for referrals), and I know that others have the same experience. I'm no hot-shot super-star either, I'm almost 50 (so it's not a cheap-because-I'm-young factor) and it surely isn't because of my looks. I read the required H1B notices that get pinned to the break-room cork board that include the position and salary; we are certainly not lowballing imported labor (I have yet to see one that was less than six figures).
If you're good, you're in.
Other regions may differ; I can't speak to that.
The fact is that a company's Board of Directors answers to the shareholders, not the employees. The shareholders elect... and unelect... the board. Employees don't. Right or wrong, that's reality.
They know which side their bread is buttered on.
And frankly, I'd MUCH rather the Board was elected by shareholders, who have a financial interest in the company's long term well-being even if it means rough times for the workers; at least the company will survive to continue to have those jobs years from now. If employees elected the board, they'd pack it full of people who would give 32-hour weeks, 50% pay raises, 8 weeks of vacation, and a termination process so lengthy and convoluted that for practical purposes you can't be fired. The company would be bankrupt in months, and somehow that would be "management's fault".
If you're in Canada you can say "American society is so inferior to ours" to your friends as you drive south to receive quality medical care, and whoever agrees with you...
Sauce for the goose, neh?
Not to put too fine a point on it, but is anyone surprised that the government of Australia is making (more) stone-age-stupid decisions regarding technology? Their track record on all things related to high tech demonstrates institutionalized ignorance. This is just another example of Australia's willful lack of understanding of the modern Internet-enabled world.
We'll just add this one to the list.
This may be just a story or it may be the real deal. The folks I heard it from were in a position to know, so I favor the latter. Perhaps someone out there can be more certain on this.
Apple's Cray was used, among other things, to simulate plastic-flow and cooling for injection molding tasks. This was necessary because injection-molding complex shapes such that they did not have internal cleave-planes from cooling molten plastic from one injector coming into contact with cooling molten plastic from another injector (is) was very difficult, particularly in the mid-80s. Trial-and-error iterations is a bloody expensive way to go about developing injection-molding tooling; simulation of this sort of fluid-dynamics/thermodynamics problem is computationally expensive. Using the Cray was cheaper, though, than the cost of trial-and-error and low yield rates.
Insert comments about the annoying difficulty of cracking open an original Mac case here. You're on your own for Apple-hate.
Anyhow, after that I sat on the couch. It was not comfy.
I guess the measure of the comfort of integrated seating on supercomputers is a kind of "bench"mark...
Nice reasoning there. Take a seat next to the tea party morons and the birthers.
What does your argumentum-ad-hominem-based politics have to do with DLL linking?
Stay on topic, please.
Learn to read. I did not mention the court. I did not mention the judge. I mentioned the good-for-nothing plaintiff and his good-for-nothing lawyer. My post is entirely about the motive for the lawsuit and its lack of merit.
The court has to function within the framework that others create for it. Tort reform must originate in the legislative branch, not the judicial. The judge is doing what he can in a broken system.
There. NOW I've mentioned the court.
The headline should read "NCSoft Sued For Having Money And Coming To The Attention Of A Liability Lawyer".
The "plaintiff" has already demonstrated a complete disregard for concepts of personal responsibility or a work ethic. This is the exact personality-type which engages in lawsuits like this, hoping to never have to work again (as if they'd ever worked before). And of course there are always lawyers with an equally-commendable outlook on life willing to collect 40% of an ill-gotten settlement.
If there was ever an archetype of why we need tort reform, this is it.
The chief concern with RFID tags like this isn't that some passerby can trigger your RFID tag to cough up a number; that's possible but impractical. The risk is that someone can point a directional antenna at a point where the RFID tag is activated by its intended use at a predicable location, and passively collect the transaction. Examples: FastTrax, PayWave, RFID passports
PayWave uses a 13.56 MHz transceiver frequency. This is about a 25 meter wavelength, so a high-gain directional antenna would be pretty obvious (rule of thumb: antenna size is one quarter or one half the wavelength of the frequency in question). The antenna systems used in PayWave are extremely inefficient, but when the range is almost "touch", that's not a bug, it's a feature. Adjacent registers with PayWave won't be interfering with each other or reading each others' transactions. However, RFID systems that use the 900MHz band are another matter. 900MHz has a wavelength of about 33cm/13 inches. A high-gain directional antenna would be about six inches wide, and anywhere from six to twenty-four inches long, producing 12dBd or better of gain for the longer size. It's not hard to conceal something like that in a tree aimed at a 7-11, or in a radio-neutral briefcase in an airport aimed at the passport-checking station at the security point.
So yes, bad guys can easily see the transaction, depending upon the wavelength used. The security is in the encryption of the transaction (or lack thereof). If the RFID device just pukes it's ID when tickled, that's bad. If there is a challenge-and-response cycle, not quite as worrying as you'd need many transactions recorded for a single device to crack it, though with keyless car entry systems, that's already happened (see http://www.cosic.esat.kuleuven.be/keeloq/keeloq-rump.pdf ).
Like almost anything else, it's all about implementation. You can never assume the transport between two devices is absolutely secure, and RFID is most definitely not an exception; indeed, it's the poster-child.
I Why don't they put that data to use send send me coupons and deals for stuff that I would buy?
Because you're already buying it, without coupons. Why would they discount something you're already paying full price for?
Too bad this is an entitlement generation who don't feel they should face any consequences for their actions.
Don't worry, that's going to go away with the next major economic disaster.
The next major economic disaster IS entitlement, and the hijacking of police guns to take money out of productive people's pocket to put into nonproductive pockets. Don't believe it's a police/lethal force issue? See who actually physically removes you from your home and what force is used to back up that eviction if you refuse to pay your taxes and your house is seized.
At least we're not the only ones with absolutely insane climate change related conspiracy theories.
We leave it as an exercise to the reader to determine which "side" the lunatic conspiracy theories are on (hint: BOTH)
Side note: HAARP is right up there with Area 51 and the residents of Sebastopol (the Northern Californian one) in promoting sales of aluminum foil hats.
"Regular or premium?"
"Cask strength!"
And, of course, if you're running a turbo with about 20 pounds of boost... Talisker 10. If that don't kick your car in the teeth, nothing will.
Mind you, none of this is really all that new to the automotive industry. I mean, Irish whiskey has been good only for washing engine parts for years now... and this is the part where I go run and hide from offended Bushmill's partisans
So here's a question. If people are concerned about the magnitude of the sentence, what's the REAL problem? Some people say "others got light sentences so he should too"... I would ask "is the real problem that others' sentences were too light and this is the first time the punishment fit the crime?"
Now, whether Childs is actually guilty of a crime is another matter. I wasn't in the jury; neither was anyone else here. We don't have all the facts, and the facts we ARE seeing are carefully picked by people with an (understandable) bias. A jury has convicted him of essentially holding a city's IT infrastructure hostage, and if he is in fact guilty of that, probation or "time served" is inadequate. If he's guilty, I believe the sentence is wholly appropriate, and may even be on the light side. If he was, in fact, concerned about IT security, he certainly bungled how he handled it and certainly forced a lot of spending, but would be lacking the "guilty mind" that the law requires for a conviction of this sort.
What it all comes down to is intention. If he intended something malicious, the sentence is entirely appropriate. If he did not, he should not serve any prison at all. There's really not a lot of room for gray areas here.
As for the City of San Francisco being "as guilty"... well, yeah. Maybe someone should be sharing a cell with Childs. That's a separate matter, though. If Childs was malicious, it doesn't let him off the hook. And if Childs wasn't malicious, it doesn't excuse how he handled it. The smart play would have been to immediately give the passwords (and the reason for holding them, as well as the modems) to the FBI and then let the city and feds slug it out. The fact that he did nothing of the sort is probably what convinced the jury that there was malice, and therefore the "guilty mind". Whatever else Childs may or may not be, he handled this whole thing like an idiot.
Granted, an argument in favor :) With that sort of competition the FCC could become paralyzed with internal infighting between industry shills, and we'd achieve that wonderful state envisioned by the Constitution, "Congress shall make no law..."
Two points:
1. If the FCC is allowed to regulate speed, it establishes an argument that they are allowed to regulate everything else, including content, rates, policies, contracts, and who owns the infrastructure that has already been paid for by a private entity.
2. If the FCC establishes "minimum service standards" and "maximum service standards", ISPs will deliver the minimum and not one byte more. Why should they do anything else? If they're in compliance, they cannot be displaced, as nobody else will enter into competition. I certainly wouldn't invest in a company trying to compete with an established player in a fully-regulated business that requires a significant infrastructure.
Do you like your cell phone service? That's exactly what your Internet service will resemble.
As a ham radio operator ("Extra" license), I've seen firsthand and experienced firsthand just how well the FCC protects the "public interest". They don't. The FCC in all cases sides against the general public and with major communications businesses, and once the FCC has authority to decide who is allowed to offer what bandwidth to whom, they will be back to their normal modus operandi: taking services, bandwidth, and other allocations from public use to give to the fattest lobbyists, or in this case crafting law and policy to favor established players (thus preventing new competition). A leopard doesn't change his spots just because it's in a new place, and the FCC will not change its essential character just because it's been granted sweeping new authority where before it had none.
It comes down to this: with government authority, there's no such thing as "just a little regulation", and with public utilities you get the minimum mandated and nothing more. I'd love to see an exception, but as far as I know, there is none. Why is this different?
What's the difference between "malicious" and "beneficial", when it comes to software?
Just about every "malicious" action that malware takes is not "malicious" for what it actually does (set cookies, record passwords, send data in response to user actions, create accounts, encrypt things). All of these things are also functions you sometimes want software to do. The maliciousness is in who data gets sent to, whether it does one thing when it presented another thing in the UI, or if it's not announced. Therefore, how can you programmatically tell malware from not-malware? You can't. And therefore, if the user has the ability to install software, all you have to do to get malware onto a device is lie about it.
Malware isn't defined by what it does. It's defined by deception and lack of consent, and only by deception and lack of consent.
And if you want widespread adoption of your malware? Just wait. Make the "trojan" part of the malware (the game, app, etc.) useful, and do ONLY that part, for a while. Don't start stealing passwords until 6 months later. Include the encryption-extortware in the 3.2 update. Cache the keystrokes and send them only when you embed a keyphrase in your product website, and upload them during an "expected" transaction such as an upgrade or content download. Build the reputation for trust and the block of reviews saying "it's never caused me trouble", then cash it in all at once.
Short of human review of the software in question prior to general availability, you're screwed. (Even then you might be, as human review isn't infallable, but it's certainly not useless) With this in mind, whether you agree that it's worth the hassle/restrictions or not, isn't Apple's AppStore strategy just a little more understandable from an objective point of view?
Maybe it's not ALL about moustache-twirling and staking out new liver donors. Maybe, just maybe, at least part of Apple's "walled garden" motives are benevolent. Maybe it's not a simple question, but a complex one, requiring not simple answers, but complex and rigorous thought. And maybe it's not black-and-white, but shades of gray with the weighting different for every user.
In 1996, everyone was much less sophisticated in their understanding of IP networking and its exploitability (as evidenced by me having an open relay, no firewall, and all hosts fully exposed to the Internet without NAT). We look upon it in horror now, a decade and a half since, but consider. What network security practices did ANYONE have, other than "have good passwords and don't have your FTP incoming directory world-writable"? Who had a firewall in their house? Linux was on kernel 1.1, and few had even heard of it. SCO still had more engineers than lawyers. Steve Jobs still had a spleen. Network access was dialup or if you were lucky ISDN (except for people with big NerdPeens). Windows was on Win95 (with the worst TCP/IP stack in the history of everything, prompting many people to download replacement stacks).
Yeah, the instructor wasn't all that good. In fairness, neither was anyone else. The story does not reflect what training our best information warfare specialists ARE receiving; it's what ordinary Air Force net admins were being taught when the whole concept of the Internet being open to anyone but universities and the DoD was still a fresh idea.
We've learned quite a bit in 14 years. I'm a little wiser, and it's a good bet that the gentlecritters at Langley are a LOT wiser.
A long while ago (about 1996) I noticed unusual traffic coming in to my hobbyist server. Things that nowadays are just part of the background noise: port scans, SYNs to nonexistant hosts (I had a /28 block on a fractional T1. NerdPeen ACTIVATE!), that sort of thing. The source IP address in question then crawled my website and connected to my SMTP server and sent mail to itself (wisdom such as "don't be an open relay" was not widespread at the time... my diagnosic skills were better than my security skills at the time).
A few nslookups and whois later, and a traceroute or two, and I was at Langley. Huh. Was someone there doing something? Or was it spoofed in some way? It's not like I had ever done anything interesting in my life other than flip a significantly-non-stock VW Rabbit onto its roof and host a website for friends to post their dirty pictures. Hmmm, maybe that was it. 007 wanted pr0n!
A few emails and one phone call later and I was talking to an instructor at Langley who was teaching basic network forensics. He said they were choosing random domains then learning what they could about them and presenting that knowledge as a classroom exercise, and apologized if their was any disruption; he said it was only an attempt to do basic recon of non-NATted networks, not penetration (insert joke here). My response was something to the effect of "OK, no problem, I understand. But... I noticed . I shouldn't have. And I'm a total amateur at this. If your students are going to be able to do their jobs, they need to be less obvious about it."
If you find a BatBug on your car, the cops need to know of their incompetence. Then send it to Gizmodo!
When you're stranded high up on Olympus Mons
And your suit-gauge shows your O2's all but gone
Open your faceplate and face vaccuum's dawn
And go to your god like a spaceman.
Personally, I'm much more interested in the extent to which this decision will allow nVidia to make motherboard chipsets for current (post-Socket 775) and future Intel CPUs. Intel needs some competition in that space, and the market needs some chipsets for Core i(3-5-7-?) CPUs that have serious integrated graphics capability. I'd love to see, for instance, a motherboard that uses Socket 1156 processors with an integrated-into-chipset GT 240-class GPU in ITX form factor. That would be rockin for an HTPC/compact PC build.
The bit about shooting exclusives in the head is nice and all, but as a build-it-yourself guy, I've always been able to build an AMD-based system whenever I felt like it. Certainly the bulk of the market (which buys prebuilt systems) is more important, but we all care about what affects us personally the most :)