I actually had my physical plate stolen. This was 4 years ago - so fairly recent - in California. CA is a two plate (one front, one rear) state and they only stole the rear plate. They REPLACED the rear plate with one from the car they stole. I actually only noticed it at first because the orange sticker (that year the expiration date sticker on the plate was orange) had been partially removed. I saw that when approaching the car at my work parking lot. People sometimes steal the sticker to make it look like their license is still current. So I looked closer at the plate expecting to see that someone had tried to steal the sticker. On closer inspection I saw that it wasn't my plate number. I checked the front, and that one was still the correct plate number. I had to call the police and report it AND surrender the plate that wasn't mine to the police and my old front plate to the DMV and get completely new plates and numbers. It turns out the criminals had stolen a car like mine (Toyota Camry at the time) and stole my plate to make it look like they were not in a stolen car (and of course make it look like I WAS in a stolen car). So it does happen.
I go to movies too. Probably 8 times a year or so. There are some loud and rude people. But most of the folks aren't. I've had to give a shout and a death stare to one ass that kept kicking my chair. But normally it is pretty much OK. I still think movies should be available "day and date" (on streaming and theaters in the same day). I don't care if they tier the pricing over time. On day one, rental streaming $25, theaters their normal too high price. 30 days in, $8.99 for streaming and it goes to the bargain theaters. 90 days in and it goes to Netflix and others (free streaming with paid monthly account). Something like that. Work out the prices and set them to something that makes sense - that was just a broad strokes idea or pricing. There should also be global release and no region locking. It is proven that if you make access available people pay for it. Sure, there are you inveterate, never going to pay for anything people. But they aren't and won't ever be your customers. Make it available everywhere at the same time and you will get customers.
So, this is an improvement because it is just one step of the process. If it fails (due to the no data connection issue you mention), you just click to use another method and it fails back to the previous text message option. So no real downside on that count. The biggest drawback I have hit with it is that Google won't let you use both this new method and a hardware security key (I was using a Yubikey). You have to remove the hardware security key from your account in order to add this new method. That's really a bummer because the hardware keys didn't rely on your phone at all. You just have a small USB key that you pop into the computer and press a button when prompted.
This is interesting; the configuration on a device like this should be highly controlled. I have no experience with medical devices, but I know that process control equipment generally has vendor approved configuration (and often they only certify one AV vendor so even if our corporate contract is with vendor A, we have to use vendor B for the process control stuff because that is what is certified by the control system vendor. They also have very specific settings you have to use. Failure to follow the settings could result in lack of process control at a critical time. It seems medical stuff must be under similar (if not even more restrictive) configuration control. Having AV do a "scan" every hour is very stupid since any competent AV is doing on-access scanning anyway. I would expect the vendor for the software has specified folders / files / etc. that must be exempted from the scan as well (vendors for process stuff such as Yokogawa, etc. specify that). Seems to be a configuration failure on the part of the facility.
You know, it sort of made sense in the pre-internet days where you had only terrestrial broadcast and cable (and then eventually satellite). There, you had people with infrastructure, etc. in a country and you licensed your content to those entities to broadcast. Now it is a holdover. But, those broadcast entities still exist. They haven't been driven out of business yet. So they still license the content. And they complain like crazy if a streaming service based in another country is allowing that same content to be shown in "their" area (where their physical broadcasts can be seen). They say, "you'll put us out of business as nobody will pay us for our connections or broadcasts if you show the content we licensed over the internet". To which I say - Exactly.
It is time for channel based content to go. Who cares what channel or network the content they want to watch is on or even from? They just want to watch say Big Bang Theory or Orange is the New Black or whatever. It no longer needs to be on at a "time" on a "channel". But the old way of distribution is still pretty well entrenched at least for a little while longer.
Although it is very true that it is how windows was designed from the early days, modern versions of windows do have protections against loading DLLs from network locations that applications simply have to opt in to. For those that are designed to be locally installed to have NOT adopted those defenses is just like not bothering to enable ASLR (Address Space Layout Randomization), or other security measures. These applications should be updated to use the protections. Here's info on how to make the updates to applications: https://msdn.microsoft.com/lib...
You wouldn't NEED to hack into it (although it is certainly a legitimate vector). Less technical "terrorists" could simply use enough force to take over a tower or control center and send commands from an authorized terminal (likely with an authorized ID gotten by the "rubber hose" method). You would then be able to proceed to down any planes in the control area of that tower. I think I would rather have the smarts controlling the plane (whether it be computer or pilot controlled) on the plane with outside access limited to when it is requested by at least a couple of members of the flight crew.
I've been using the bluetooth trusted device for several days now with a Microsoft Band device and it seems to work pretty well. I generally only need to use my pass code unlock once a day or so. As you said, the idea is that a thief (or border agent or police) can see it as unlocked and leave and it will lock right away when it gets out of BT range. Seems like a decent security usability trade off, but of course it isn't secure enough for everyone. Fortunately we have knobs and levers like this that allow people to customize the settings to ones that are secure enough for their needs, but usable enough as well. I thought about the "on body" detection, but I don't think it will work as well for me as the BT with the Band. It is nice to have the choices though!
Well, that just calls for a reputation service so that the flagging gets the appropriate weight. Perhaps that is where meta-modding comes in (to give it a slashdot spin). But at some point, a pattern emerges that can be seen, analyzed, and corrected for when someone mods every story they see about a certain topic as false. I'm betting a company with the kind of data a Facebook or Google has can probably come up with a reputation engine for weighting the flags too that will work - not perfectly - but probably "good enough".
Although range is definitely a big issue, lack of the ability to extend the range (via "charging stations" or "battery swap stations"; something analogous to the common "gas station") is even more the issue. I can get by normally on 200 miles (my commute is 72 miles round trip), but on the odd time I want to say drive to see my daughter at college - 240 miles away - it is a non-starter mostly because I cannot fill up on the route.
Yes, the hard part is getting adoption. Just look how far Google's WebP image format has gotten. Or not gotten. (I'm not talking about their WebM video format which has also not gotten a lot of traction). Looks like they unveiled it in 2010 or before, but nobody has used it as far as I can see.
I wonder what percentage of folks got the Jerry was a man story reference without looking at the link or visiting the link? I am probably one of the few "old dudes" who read most all of Robert Heinlein's works and remembers them fondly. Cigret?
That has actually already happened for a lot of people. My daughter has a Nexus 7 tablet that she uses with a keyboard case to take notes in her college classes. Many people will come up and say, "oh, I like your iPad setup". Or "Which iPad is that?". Similarly on radio shows such as Leo Laporte's "The Tech Guy" (which is generally for "normals" - the not so technical folks who need help with tech), callers will often tell Leo that they want advice on picking out an "iPad" when they clearly mean they would like some sort of tablet device. It isn't to the point of Kleenex or Q-Tip, but there are quite a few people out there to whom any tablet device is an "iPad".
Bzzt! Wrong! Maybe not many folks do, but I sure do. When presented with an opportunity to go I always decline and say that I would rather see it on TV. (Sometimes this has even been with free tickets). At home, there is no a-hole standing up in front of me the whole game. At home, no jackass behind me spills their beer on me. At home, the noise level is very low. At home, I can see the play and can see it from multiple angles with amazing replays. At home, the beer doesn't cost $10. At home, the bathroom is clean and safe and doesn't consist of a long metal trough. At home, I am unlikely to get attacked by some crazy drunk asshole and my car is unlikely to get vandalized. At home, the parking doesn't cost $25. Yeah, I've BEEN to pro football games twice. Never again.
Well the first step in exploiting IE or other apps on a system in the wild is to bypass EMET. Remember, EMET is a mitigation technology designed to make it harder to exploit a vulnerability in IE, Flash, Acrobat Reader, etc. by adding extra protections. So if you are able to turn EMET off, you can then get back to your normal exploit.
They are probably more Pollyannas than Myrmidons. Either way, not good. Hopefully something will break this seeming juggernaut of government action suppressing information that people should have available to them.
While your definitions are correct, a lot of drive by downloads happen when you visit otherwise trusted pages - because the ad network servers either got successfully breached or they didn't vet their advertisers well enough (again). For example - go to cnn.com today and view the source of the page. ads.indeed.com, doubleclick.com, etc. All of these ad networks have had serious issues with serving malicious advertisements from time to time. They will allow someone's ad that uses a malware kit attacking all the Java, Flash, Adobe Reader, etc. vulnerabilities that are out there. People shouldn't get drive by downloads just because they visited what should be a trustworthy site. So yes, drive by downloads can and do come from what are supposed to be ads. They are purchased via legitimate ad networks and run on many sites.
It doesn't really matter if it is external or internal. Any time you remove it from a search index you have effectively taken the material down. If people can't find it, it doesn't exist for them. If you remove a book from the card catalog, it can exist in the stacks for years with nobody ever seeing it. Web pages are the same way. If it isn't on the first couple of pages of results on Google, Bing, Duck Duck Go, Yandex, Baidu or whatever - forget it; it no longer exists as far as the world is concerned: they will never see it. Sure you can always send out links to a few people and those people can see it. You can post links on MyTwitFace+ and a few people will see it. But for the vast majority, the index is their view into the internet. Remove it from the index and it ceases to exist for all practical purposes.
I actually got a text message the other day (purporting to be Yahoo - turns out it was them) saying that unusual activity had been seen on my account and they had disabled it until I went to the site on a PC. (I hardly ever use it - so this was a surprise - it is just a catch all for crap sites I may have to sign up for to keep them out of my "real" email). Anyway, I have two factor auth turned on (for Google, MS, and Yahoo) so I was surprised to see this. I guess they used the right password, but couldn't pass the two factor test. Just signing on to my account sent me to a special page saying there was unusual activity and having me input my password and a new password (once only; no "type it twice" thing). The new password had to meet some criteria and their regex or whatever they were using is broken beyond belief. It says it must be between 8 and 32 characters, have upper and lower case, and numbers. However, my old password met most of this already and was 8 chars (it was only missing the upper case character). Adding a "Y" to the end did not pass - because apparently that is not an upper case character. Neither is any other upper case character. It looks like they need all of the character types in the first 8 positions in order to accept it. Very poor coding and design on that page. I finally just had KeePass generate a random PW for me and used that.
I think this is a "score one for two factor" moment - but the poor implementation of the "fix" on Yahoo's part was a turn off.
Spammers didn't typically scan the phone book and use automated bots to email all the people in it. So although phone books were "databases" they weren't easily accessible with some scripting.
The OP may believe that the Google+ "SPAMagedon" isn't coming - however - I have noticed that, over the last week, I have been added to the "circles" of well over one hundred "accounts". When I click on these, most of them are marketing accounts or sock puppets. Some of the names are clearly marketing: "Angry Birds Lösung 3 Stars Games.J500", "Anime TV and Title Loans Chicago", "Fred's Best Title Loans", etc. Others, when you go look at them, are pretty clearly similar. 10 people have them in circles but they have 5,000+ circled. The posts (if there are any) are just advertisements. Does anybody really think that this was random? I am pretty sure these folks are getting ready to spam using G+. Sure, they will eventually get shut down. But I'd advise people to go change the setting in GMail that allows these folks to send you mail without knowing your gmail account.
I have two access points as well. House is a two-story, 2,590 square feet. Cable access is at one end of the house and the main router is there as well. At the far end of the house, the signal has to go through several walls, a washer and dryer, and a staircase to get to the Chromecast plugged in behind the TV against the outer wall. It is about 1 bar and I am not about to try to use it like that as it will likely stutter and degrade. So I pulled wire to that end of the house and there is a second router (in simple bridge mode) there. As a bonus, I now have coverage in the upstairs master bedroom / bathroom where there was basically no signal before. BTW, this isn't a single router / brand issue. I have used about 7 or 8 different routers - all sorts of brands from Linksys, Netgear, Buffalo, etc. and they all had the same issue getting to the other end of the house.
Interesting point about the "reasonable person". I don't know any of them though. Most people I personally know (aside from my kids, who think like I do) think the meta data collection is OK. They equate it with survey data that is aggregated and anonymous - even though the meta data includes non-anonymous stuff like your phone number. I don't consider them reasonable, but they seem to be in the majority. Generally, if put to a vote, the majority - assuming they aren't apathetic and don't vote - will win and will be considered the reasonable ones. Maybe I am unreasonable? But I sure don't like the NSA collecting all of this info...
Well, my wife and I are getting older (late 40s) and our eyes are not the best anymore. It is much easier to read an ebook on a Nexus 7 or a Kindle because you can increase the font size and lower the eye strain. Unfortunately you can't increase the font size on a paper book.
Slashdot Mirror
I actually had my physical plate stolen. This was 4 years ago - so fairly recent - in California. CA is a two plate (one front, one rear) state and they only stole the rear plate. They REPLACED the rear plate with one from the car they stole. I actually only noticed it at first because the orange sticker (that year the expiration date sticker on the plate was orange) had been partially removed. I saw that when approaching the car at my work parking lot. People sometimes steal the sticker to make it look like their license is still current. So I looked closer at the plate expecting to see that someone had tried to steal the sticker. On closer inspection I saw that it wasn't my plate number. I checked the front, and that one was still the correct plate number. I had to call the police and report it AND surrender the plate that wasn't mine to the police and my old front plate to the DMV and get completely new plates and numbers. It turns out the criminals had stolen a car like mine (Toyota Camry at the time) and stole my plate to make it look like they were not in a stolen car (and of course make it look like I WAS in a stolen car). So it does happen.
I go to movies too. Probably 8 times a year or so. There are some loud and rude people. But most of the folks aren't. I've had to give a shout and a death stare to one ass that kept kicking my chair. But normally it is pretty much OK. I still think movies should be available "day and date" (on streaming and theaters in the same day). I don't care if they tier the pricing over time. On day one, rental streaming $25, theaters their normal too high price. 30 days in, $8.99 for streaming and it goes to the bargain theaters. 90 days in and it goes to Netflix and others (free streaming with paid monthly account). Something like that. Work out the prices and set them to something that makes sense - that was just a broad strokes idea or pricing. There should also be global release and no region locking. It is proven that if you make access available people pay for it. Sure, there are you inveterate, never going to pay for anything people. But they aren't and won't ever be your customers. Make it available everywhere at the same time and you will get customers.
So, this is an improvement because it is just one step of the process. If it fails (due to the no data connection issue you mention), you just click to use another method and it fails back to the previous text message option. So no real downside on that count. The biggest drawback I have hit with it is that Google won't let you use both this new method and a hardware security key (I was using a Yubikey). You have to remove the hardware security key from your account in order to add this new method. That's really a bummer because the hardware keys didn't rely on your phone at all. You just have a small USB key that you pop into the computer and press a button when prompted.
This is interesting; the configuration on a device like this should be highly controlled. I have no experience with medical devices, but I know that process control equipment generally has vendor approved configuration (and often they only certify one AV vendor so even if our corporate contract is with vendor A, we have to use vendor B for the process control stuff because that is what is certified by the control system vendor. They also have very specific settings you have to use. Failure to follow the settings could result in lack of process control at a critical time. It seems medical stuff must be under similar (if not even more restrictive) configuration control. Having AV do a "scan" every hour is very stupid since any competent AV is doing on-access scanning anyway. I would expect the vendor for the software has specified folders / files / etc. that must be exempted from the scan as well (vendors for process stuff such as Yokogawa, etc. specify that). Seems to be a configuration failure on the part of the facility.
You know, it sort of made sense in the pre-internet days where you had only terrestrial broadcast and cable (and then eventually satellite). There, you had people with infrastructure, etc. in a country and you licensed your content to those entities to broadcast. Now it is a holdover. But, those broadcast entities still exist. They haven't been driven out of business yet. So they still license the content. And they complain like crazy if a streaming service based in another country is allowing that same content to be shown in "their" area (where their physical broadcasts can be seen). They say, "you'll put us out of business as nobody will pay us for our connections or broadcasts if you show the content we licensed over the internet". To which I say - Exactly.
It is time for channel based content to go. Who cares what channel or network the content they want to watch is on or even from? They just want to watch say Big Bang Theory or Orange is the New Black or whatever. It no longer needs to be on at a "time" on a "channel". But the old way of distribution is still pretty well entrenched at least for a little while longer.
Although it is very true that it is how windows was designed from the early days, modern versions of windows do have protections against loading DLLs from network locations that applications simply have to opt in to. For those that are designed to be locally installed to have NOT adopted those defenses is just like not bothering to enable ASLR (Address Space Layout Randomization), or other security measures. These applications should be updated to use the protections. Here's info on how to make the updates to applications: https://msdn.microsoft.com/lib...
You wouldn't NEED to hack into it (although it is certainly a legitimate vector). Less technical "terrorists" could simply use enough force to take over a tower or control center and send commands from an authorized terminal (likely with an authorized ID gotten by the "rubber hose" method). You would then be able to proceed to down any planes in the control area of that tower. I think I would rather have the smarts controlling the plane (whether it be computer or pilot controlled) on the plane with outside access limited to when it is requested by at least a couple of members of the flight crew.
I've been using the bluetooth trusted device for several days now with a Microsoft Band device and it seems to work pretty well. I generally only need to use my pass code unlock once a day or so. As you said, the idea is that a thief (or border agent or police) can see it as unlocked and leave and it will lock right away when it gets out of BT range. Seems like a decent security usability trade off, but of course it isn't secure enough for everyone. Fortunately we have knobs and levers like this that allow people to customize the settings to ones that are secure enough for their needs, but usable enough as well. I thought about the "on body" detection, but I don't think it will work as well for me as the BT with the Band. It is nice to have the choices though!
Well, that just calls for a reputation service so that the flagging gets the appropriate weight. Perhaps that is where meta-modding comes in (to give it a slashdot spin). But at some point, a pattern emerges that can be seen, analyzed, and corrected for when someone mods every story they see about a certain topic as false. I'm betting a company with the kind of data a Facebook or Google has can probably come up with a reputation engine for weighting the flags too that will work - not perfectly - but probably "good enough".
Although range is definitely a big issue, lack of the ability to extend the range (via "charging stations" or "battery swap stations"; something analogous to the common "gas station") is even more the issue. I can get by normally on 200 miles (my commute is 72 miles round trip), but on the odd time I want to say drive to see my daughter at college - 240 miles away - it is a non-starter mostly because I cannot fill up on the route.
Yes, the hard part is getting adoption. Just look how far Google's WebP image format has gotten. Or not gotten. (I'm not talking about their WebM video format which has also not gotten a lot of traction). Looks like they unveiled it in 2010 or before, but nobody has used it as far as I can see.
I wonder what percentage of folks got the Jerry was a man story reference without looking at the link or visiting the link? I am probably one of the few "old dudes" who read most all of Robert Heinlein's works and remembers them fondly. Cigret?
That has actually already happened for a lot of people. My daughter has a Nexus 7 tablet that she uses with a keyboard case to take notes in her college classes. Many people will come up and say, "oh, I like your iPad setup". Or "Which iPad is that?". Similarly on radio shows such as Leo Laporte's "The Tech Guy" (which is generally for "normals" - the not so technical folks who need help with tech), callers will often tell Leo that they want advice on picking out an "iPad" when they clearly mean they would like some sort of tablet device. It isn't to the point of Kleenex or Q-Tip, but there are quite a few people out there to whom any tablet device is an "iPad".
Bzzt! Wrong! Maybe not many folks do, but I sure do. When presented with an opportunity to go I always decline and say that I would rather see it on TV. (Sometimes this has even been with free tickets). At home, there is no a-hole standing up in front of me the whole game. At home, no jackass behind me spills their beer on me. At home, the noise level is very low. At home, I can see the play and can see it from multiple angles with amazing replays. At home, the beer doesn't cost $10. At home, the bathroom is clean and safe and doesn't consist of a long metal trough. At home, I am unlikely to get attacked by some crazy drunk asshole and my car is unlikely to get vandalized. At home, the parking doesn't cost $25. Yeah, I've BEEN to pro football games twice. Never again.
Well the first step in exploiting IE or other apps on a system in the wild is to bypass EMET. Remember, EMET is a mitigation technology designed to make it harder to exploit a vulnerability in IE, Flash, Acrobat Reader, etc. by adding extra protections. So if you are able to turn EMET off, you can then get back to your normal exploit.
They are probably more Pollyannas than Myrmidons. Either way, not good. Hopefully something will break this seeming juggernaut of government action suppressing information that people should have available to them.
While your definitions are correct, a lot of drive by downloads happen when you visit otherwise trusted pages - because the ad network servers either got successfully breached or they didn't vet their advertisers well enough (again). For example - go to cnn.com today and view the source of the page. ads.indeed.com, doubleclick.com, etc. All of these ad networks have had serious issues with serving malicious advertisements from time to time. They will allow someone's ad that uses a malware kit attacking all the Java, Flash, Adobe Reader, etc. vulnerabilities that are out there. People shouldn't get drive by downloads just because they visited what should be a trustworthy site. So yes, drive by downloads can and do come from what are supposed to be ads. They are purchased via legitimate ad networks and run on many sites.
It doesn't really matter if it is external or internal. Any time you remove it from a search index you have effectively taken the material down. If people can't find it, it doesn't exist for them. If you remove a book from the card catalog, it can exist in the stacks for years with nobody ever seeing it. Web pages are the same way. If it isn't on the first couple of pages of results on Google, Bing, Duck Duck Go, Yandex, Baidu or whatever - forget it; it no longer exists as far as the world is concerned: they will never see it. Sure you can always send out links to a few people and those people can see it. You can post links on MyTwitFace+ and a few people will see it. But for the vast majority, the index is their view into the internet. Remove it from the index and it ceases to exist for all practical purposes.
I actually got a text message the other day (purporting to be Yahoo - turns out it was them) saying that unusual activity had been seen on my account and they had disabled it until I went to the site on a PC. (I hardly ever use it - so this was a surprise - it is just a catch all for crap sites I may have to sign up for to keep them out of my "real" email). Anyway, I have two factor auth turned on (for Google, MS, and Yahoo) so I was surprised to see this. I guess they used the right password, but couldn't pass the two factor test. Just signing on to my account sent me to a special page saying there was unusual activity and having me input my password and a new password (once only; no "type it twice" thing). The new password had to meet some criteria and their regex or whatever they were using is broken beyond belief. It says it must be between 8 and 32 characters, have upper and lower case, and numbers. However, my old password met most of this already and was 8 chars (it was only missing the upper case character). Adding a "Y" to the end did not pass - because apparently that is not an upper case character. Neither is any other upper case character. It looks like they need all of the character types in the first 8 positions in order to accept it. Very poor coding and design on that page. I finally just had KeePass generate a random PW for me and used that.
I think this is a "score one for two factor" moment - but the poor implementation of the "fix" on Yahoo's part was a turn off.
Oh, if it plays a tune ASCAP will be there asking for their live performance fee. Run. Just run.
Spammers didn't typically scan the phone book and use automated bots to email all the people in it. So although phone books were "databases" they weren't easily accessible with some scripting.
The OP may believe that the Google+ "SPAMagedon" isn't coming - however - I have noticed that, over the last week, I have been added to the "circles" of well over one hundred "accounts". When I click on these, most of them are marketing accounts or sock puppets. Some of the names are clearly marketing: "Angry Birds Lösung 3 Stars Games.J500", "Anime TV and Title Loans Chicago", "Fred's Best Title Loans", etc. Others, when you go look at them, are pretty clearly similar. 10 people have them in circles but they have 5,000+ circled. The posts (if there are any) are just advertisements. Does anybody really think that this was random? I am pretty sure these folks are getting ready to spam using G+. Sure, they will eventually get shut down. But I'd advise people to go change the setting in GMail that allows these folks to send you mail without knowing your gmail account.
I had an amazing solution for just this problem. But, I had a small stroke and can no longer remember the solution. Sorry.
I have two access points as well. House is a two-story, 2,590 square feet. Cable access is at one end of the house and the main router is there as well. At the far end of the house, the signal has to go through several walls, a washer and dryer, and a staircase to get to the Chromecast plugged in behind the TV against the outer wall. It is about 1 bar and I am not about to try to use it like that as it will likely stutter and degrade. So I pulled wire to that end of the house and there is a second router (in simple bridge mode) there. As a bonus, I now have coverage in the upstairs master bedroom / bathroom where there was basically no signal before. BTW, this isn't a single router / brand issue. I have used about 7 or 8 different routers - all sorts of brands from Linksys, Netgear, Buffalo, etc. and they all had the same issue getting to the other end of the house.
Interesting point about the "reasonable person". I don't know any of them though. Most people I personally know (aside from my kids, who think like I do) think the meta data collection is OK. They equate it with survey data that is aggregated and anonymous - even though the meta data includes non-anonymous stuff like your phone number. I don't consider them reasonable, but they seem to be in the majority. Generally, if put to a vote, the majority - assuming they aren't apathetic and don't vote - will win and will be considered the reasonable ones. Maybe I am unreasonable? But I sure don't like the NSA collecting all of this info...
Well, my wife and I are getting older (late 40s) and our eyes are not the best anymore. It is much easier to read an ebook on a Nexus 7 or a Kindle because you can increase the font size and lower the eye strain. Unfortunately you can't increase the font size on a paper book.