- You can also enable SmartLock which will lock the phone as soon as it gets out of range of another bluetooth device (smart watch or key fob)
- Use android device manager to lock and/or remote wipe the phone as soon as possible after the theft. My wife has the ability to lock and remote wipe my phone from her phone using Android Device Manager, and I can do the same to hers.. you should set this up.
- You could simply hold the power button in while handing over the phone, forcing a reboot and lock
- You could get a dimple.io NFC button that lets you password lock your phone with a keypress
When my kid reaches secondary school (aka High School), she will no longer be a "child", she will be a young adult. The idea that a 15+ year old can not be trusted with a smartphone, when they drinking, having sex, and in all likelihood doing drugs from time to time, is ridiculous.
People need to stop coddling their kids so much. Maybe that is the indirect cause of some of these issues, kids now unable to deal with the realities of the world as they get older because their helicopter parents never exposed them to it.
... Except in Sweden, Denmark, Germany, Austria, France, and Switzerland, where tickets are about a deterrent.
Because you know, they collect enough taxes to properly fund their civil services like police, so that, you know, they can do the jobs they are supposed to do and not focus on being tax collectors.
If you watch the interviews with Thicke, he readily admitted, long ago even before this court case, that they were trying to create a Gaye-inspired sound. The song is very explicitly NOT infringement, because it is not a copy.. all it is is a sound INSPIRED by the original (ie they are somewhat similar but noticeably different).
This is why this would be such a landmark change if left unchallenged. If inspiration means infringement, then for all intents and purposes, you can no longer listen to any music anymore that you did not personally create. Imagine all musicians being afraid of saying who inspires them, for fear of being sued.
That is what the outcome of this could very well be. Imagine if this was propegated to the written word... every derrivitive story about a prince and a princess, or about a angst-filled teenager playing with demons or vampires, would be considered infringement, since they all inspire from each other.
If an artist can no longer be inspired by another, art will cease to exist.
In a 2013 study that was funded by the Defense
Advanced Research Projects Agency (DARPA), two
researchers demonstrated their ability to connect a
laptop to two different vehiclesâ(TM) computer systems
using a cable, send commands to different ECUs
through the CAN, and thereby control the engine,
brakes, steering and other critical vehicle
components
So you're telling me that if you have direct physical access to a car's ECU, you can issue commands to it? No shit sherlock. That is THE WHOLE POINT of the CAN bus. The only alternative would be to close down the bus and only allow "authorized" accessories to be connected to it - hello sky-high diagnostic fees and goodbye to useful bluetooth OBD connectors.
Call me when this can be done wirelessly. Oh and yes I did read the "What
the companies failed to note is that the DARPA study
built on prior research that demonstrated that one
could remotely and wirelessly access a vehicleâ(TM)s CAN
bus through Bluetooth connections, OnStar systems,
malware in a synced Android smartphone, or a
malicious file on a CD in the stereo" blurb - which still failed to materialize an actual working example of exploiting a CAN wirelessly.
The primal roots of suicide are buried in religion and thoughts of an after-life. The sooner people wake up to that fact and seek to correct it, the better.
The whole notion of "something better than this" or "anything is better than this" assumes there is a "thing". There isn't. There is nothing. And nothing is not an "escape", it is nothing. Period.
If people did not feel there was somewhere or something better to escape to, they would not be offing themselves.
The Windows interface is a GUI, not an operating system. Microsoft wants to limit your applications to those that use the Win32 API to sort of simulate the "Windows is the OS" look and feel, but that's not really what's going on.
The Android interface is a runtime, not an operating system. Google wants to limit your applications to those that use the ART runtime to sort of simulate the "Android is the OS" look and feel, but that's not really what's going on.
The GNU stack is userspace, not an operating system. GNU wants to limit your applications to those that use the glib API, but that's not really what's going on.
FIPS level 3 has nothing to do with software, that is the level which requires safeguards against physical tampering - tamper-evident seals etc. Again, nothing to do with the actual operation of the software. Level 4 takes Level 3 up a notch requiring even more hardening around "the module"... but AGAIN, nothing about how your software actually USES the module. Such a thing is totally outside the scope of FIPS.
FIPS is an outdated standard. It made sense when it was created and crypto was not well understood and poorly standardized. Today it adds little value because almost all software on earth uses standard crypto libraries.
Don't even get me started on PCI, which isn't even worth the paper it is written on.
Company spends $10,000 on delivery drone. Company dispatches done on it's first delivery run. Rogue actor uses $100 worth of equipment to jam all transmissions to/from the drone, removes power source, and steals it. Company is now out $10,000.
Because they are unmanned, drones are simply far too easy to lose and far too easy to steal. They are impractical.
FIPS 140-2 ensures your algorithm is part of a standard set - big deal. It does no investigation at all as to how you use that algorithm or why you use it. If you are using AES with a FIPS-certified library, you get the checkbox. Nevermind the fact that the private key you are using is sitting in plain text on the disk.
Its the same as all federal standards - FedRAMP, FIPS, FISMA, ISO 27K. They all do *SOME* things, but none of these standards, or any intersection of them, actually do anything with regards to real secure engineering. Note, I am not even sure it would be close to practical to do this. I am just raising awareness that saying that an application is "FIPS certified" is next to useless.
Source: I have dealt with getting applications certified in all of these umbrellas, and more. It is an extremely time consuming and expensive process for all involved to get certified - but in the end does very little in terms of real application security. But it sure makes the auditors a lot of money!
FIPS is a joke and doesn't really do much of anything to ensure real security. Its just a compliance checkbox. An appliance running a piece of software can be 100% insecure from the ground up and be FIPS certified quite easily.
While it is common for your card issuer to bundle them, EMV has nothing at all to do with RFID cards. Many EMV cards have no RFID chip at all.
EMV == "Chip and PIN". There is a private crypto key on the chip on the card and a two-way live handshake done at the terminal, and you must enter a PIN. No signature is used.
RFID == MasterCard PayPass and Visa PayWave. Again there is a private key on the card but there is no PIN used to guard it. Transactions done by RFID are normally limited to $50.
The fact that Swift *only* targets iOS and OSX makes it a non starter for most companies. Companies are not in the game of building an app twice from the ground up. Cross platform frameworks for apps and games are ESSENTIAL - even if the app has a different skin between iOS and Android, the internals all need to be cross-platform. Otherwise you are spending 2x the cost for none of the benefit.
FWIW, this is also why this survey is incredibly flawed. The vast majority of iOS and OSX apps are not open source so stats from Github are totally irrelevant as to what trends are actually occurring in industry.
If everyone who posted a reply to this story donated to the EFF with their dollars in addition to their words, that would be pretty substantial in aggregate, and they could do some real work with those funds.
Donate to the EFF. They have been fighting this fight for as long as I have been alive and are one of the only groups to has maintained the fight. While I have donated to them on and off over the years, I have been lax for quite awhile. I just donated to them and challenge everyone else to do the same.
PS: And, this comes from someone not in the USA who DOES NOT get a tax break from his donation since they are not registered in my country, but who recognizes the global impact of the EFF.
Unless you can give me all of Apache.org in Pascal I am not interested because it ewill mean lower quality applications that take 10x as long to develop because you will have to reinvent the wheel.... again and again and again.
If you want to play with research languages and esoteric forms of programming, then don't get a job in industry, and stick to academia. No one in industry uses Pascal, D, Go, or any of these languages du-jour on Slashdot, because they lack some combination of robust libraries, performance, online knowledge bases, or all 3.
Almost all business applications and consumer-facing applications written in industry today are done in 5 languages
- Java, because of it's incredibly rich library set under the Apache project. - Python, for anything that does not need to be compiled - JavaScript, for Web development and Node.JS development - C/C++, for performance oriented applications, or used with a cross-platform toolkit for Windows/OSX applications - C# Applications that are Windows platform exclusive - Objective C (and now Swift) Applications that are OSX/iOS exclusive
Before you villify me, yes I am not retarded and I know that you can compile and run C# applications on OSX and can compile and run Objective C applications on Windows. The truth however is, no one in industry actually does this. If you write an application you want cross platform, you do it using a cross-platform toolkit.
I often feel like everyone on Slashdot is a mix of two people
- Old 50+ year olds used to the good 'ol days when you would write your own stack from scratch whenever writing an application
- 20 year olds fresh out of (or still in) college who yell "squirrel!" at everything new and shiny
The truth is, that 75% - 90% of the business applications that make the world go 'round, and make nearly every startup today go 'round, are based on Java or some complimentary technology like Node.js with Java bindings. The reason for this is simple: The Apache foundation. There are SO MANY amazing enterprise-class Java libraries available via the Apache project that there is little to no reason to ever write your own. The mantra where I work, and it should be where EVERYONE works, is before you write any plumbing code at all, check Apache first. People who roll their own plumbing code INVARIABLY end up with subtle errors they did not think of or subtle problems that will manifest themselves in 2 or 3 year when they try to scale.. and all these problems were likely already figure out long ago.
When building a woodsheed, do you cut down the trees, mill the lumber, and forge the nails? Of course not, you take advantage of modern economies of scale so you can focus on the REAL building project, not the building blocks. The same is true for any halfway competent software developer.. The days of people writing their own libraries for DB MVC, for configuration management, for network access, for parsing libraries, for thread pools.. these days are gone, and thank god. The less you have to worry about the low-level plumbing, the more you can focus on the real business problem. And furthermore, the more people that make use of a low level plumbing libary, the better and more secure and stable it becomes, for everyone.
Slashdot Mirror
Couple of mitigations
- You can disable this feature if you want
- You can also enable SmartLock which will lock the phone as soon as it gets out of range of another bluetooth device (smart watch or key fob)
- Use android device manager to lock and/or remote wipe the phone as soon as possible after the theft. My wife has the ability to lock and remote wipe my phone from her phone using Android Device Manager, and I can do the same to hers.. you should set this up.
- You could simply hold the power button in while handing over the phone, forcing a reboot and lock
- You could get a dimple.io NFC button that lets you password lock your phone with a keypress
When my kid reaches secondary school (aka High School), she will no longer be a "child", she will be a young adult. The idea that a 15+ year old can not be trusted with a smartphone, when they drinking, having sex, and in all likelihood doing drugs from time to time, is ridiculous.
People need to stop coddling their kids so much. Maybe that is the indirect cause of some of these issues, kids now unable to deal with the realities of the world as they get older because their helicopter parents never exposed them to it.
... Except in Sweden, Denmark, Germany, Austria, France, and Switzerland, where tickets are about a deterrent.
Because you know, they collect enough taxes to properly fund their civil services like police, so that, you know, they can do the jobs they are supposed to do and not focus on being tax collectors.
It actually isn't that cut and dry at all.
If you watch the interviews with Thicke, he readily admitted, long ago even before this court case, that they were trying to create a Gaye-inspired sound. The song is very explicitly NOT infringement, because it is not a copy.. all it is is a sound INSPIRED by the original (ie they are somewhat similar but noticeably different).
This is why this would be such a landmark change if left unchallenged. If inspiration means infringement, then for all intents and purposes, you can no longer listen to any music anymore that you did not personally create. Imagine all musicians being afraid of saying who inspires them, for fear of being sued.
That is what the outcome of this could very well be. Imagine if this was propegated to the written word... every derrivitive story about a prince and a princess, or about a angst-filled teenager playing with demons or vampires, would be considered infringement, since they all inspire from each other.
If an artist can no longer be inspired by another, art will cease to exist.
In a 2013 study that was funded by the Defense Advanced Research Projects Agency (DARPA), two researchers demonstrated their ability to connect a laptop to two different vehiclesâ(TM) computer systems using a cable, send commands to different ECUs through the CAN, and thereby control the engine, brakes, steering and other critical vehicle components
So you're telling me that if you have direct physical access to a car's ECU, you can issue commands to it? No shit sherlock. That is THE WHOLE POINT of the CAN bus. The only alternative would be to close down the bus and only allow "authorized" accessories to be connected to it - hello sky-high diagnostic fees and goodbye to useful bluetooth OBD connectors.
Call me when this can be done wirelessly. Oh and yes I did read the "What the companies failed to note is that the DARPA study built on prior research that demonstrated that one could remotely and wirelessly access a vehicleâ(TM)s CAN bus through Bluetooth connections, OnStar systems, malware in a synced Android smartphone, or a malicious file on a CD in the stereo" blurb - which still failed to materialize an actual working example of exploiting a CAN wirelessly.
Doesn't matter, because the person committing suicide is thinking "I don't care what it is, it has to be better than this".
You won't "plunge into the void". You need to alter your thinking.
If you think you are an atheist and not scared of death, IMO you are not a real atheist because you still have some kind of notion of something after.
The primal roots of suicide are buried in religion and thoughts of an after-life. The sooner people wake up to that fact and seek to correct it, the better.
The whole notion of "something better than this" or "anything is better than this" assumes there is a "thing". There isn't. There is nothing. And nothing is not an "escape", it is nothing. Period.
If people did not feel there was somewhere or something better to escape to, they would not be offing themselves.
The Windows interface is a GUI, not an operating system. Microsoft wants to limit your applications to those that use the Win32 API to sort of simulate the "Windows is the OS" look and feel, but that's not really what's going on.
The Android interface is a runtime, not an operating system. Google wants to limit your applications to those that use the ART runtime to sort of simulate the "Android is the OS" look and feel, but that's not really what's going on.
The GNU stack is userspace, not an operating system. GNU wants to limit your applications to those that use the glib API, but that's not really what's going on.
The problem with your statement is you make the assertion that Bing no longer sucks, which is false. Bing is still horrible.
FIPS level 3 has nothing to do with software, that is the level which requires safeguards against physical tampering - tamper-evident seals etc. Again, nothing to do with the actual operation of the software. Level 4 takes Level 3 up a notch requiring even more hardening around "the module"... but AGAIN, nothing about how your software actually USES the module. Such a thing is totally outside the scope of FIPS.
FIPS is an outdated standard. It made sense when it was created and crypto was not well understood and poorly standardized. Today it adds little value because almost all software on earth uses standard crypto libraries.
Don't even get me started on PCI, which isn't even worth the paper it is written on.
Detecting the position of jamming sources is not as easy as it is in the movies.
And if you are trying to commit grand theft, I don't think you are worried about the FCC.
Company spends $10,000 on delivery drone. Company dispatches done on it's first delivery run. Rogue actor uses $100 worth of equipment to jam all transmissions to/from the drone, removes power source, and steals it. Company is now out $10,000.
Because they are unmanned, drones are simply far too easy to lose and far too easy to steal. They are impractical.
*sigh*
YES, there is a specification for it.
NO, it is NOT mandatory for an EMV card to have contactless payment.
To imply as such is misleading.
MANY EMV cards do not have contactless payment, it is up to the issuing bank if they want to do that.
It is a total joke.
FIPS 140-2 ensures your algorithm is part of a standard set - big deal. It does no investigation at all as to how you use that algorithm or why you use it. If you are using AES with a FIPS-certified library, you get the checkbox. Nevermind the fact that the private key you are using is sitting in plain text on the disk.
Its the same as all federal standards - FedRAMP, FIPS, FISMA, ISO 27K. They all do *SOME* things, but none of these standards, or any intersection of them, actually do anything with regards to real secure engineering. Note, I am not even sure it would be close to practical to do this. I am just raising awareness that saying that an application is "FIPS certified" is next to useless.
Source: I have dealt with getting applications certified in all of these umbrellas, and more. It is an extremely time consuming and expensive process for all involved to get certified - but in the end does very little in terms of real application security. But it sure makes the auditors a lot of money!
FIPS is a joke and doesn't really do much of anything to ensure real security. Its just a compliance checkbox. An appliance running a piece of software can be 100% insecure from the ground up and be FIPS certified quite easily.
While it is common for your card issuer to bundle them, EMV has nothing at all to do with RFID cards. Many EMV cards have no RFID chip at all.
EMV == "Chip and PIN". There is a private crypto key on the chip on the card and a two-way live handshake done at the terminal, and you must enter a PIN. No signature is used.
RFID == MasterCard PayPass and Visa PayWave. Again there is a private key on the card but there is no PIN used to guard it. Transactions done by RFID are normally limited to $50.
The fact that Swift *only* targets iOS and OSX makes it a non starter for most companies. Companies are not in the game of building an app twice from the ground up. Cross platform frameworks for apps and games are ESSENTIAL - even if the app has a different skin between iOS and Android, the internals all need to be cross-platform. Otherwise you are spending 2x the cost for none of the benefit.
FWIW, this is also why this survey is incredibly flawed. The vast majority of iOS and OSX apps are not open source so stats from Github are totally irrelevant as to what trends are actually occurring in industry.
Donate
Donate
DONATE
If everyone who posted a reply to this story donated to the EFF with their dollars in addition to their words, that would be pretty substantial in aggregate, and they could do some real work with those funds.
Donate to the EFF. They have been fighting this fight for as long as I have been alive and are one of the only groups to has maintained the fight. While I have donated to them on and off over the years, I have been lax for quite awhile. I just donated to them and challenge everyone else to do the same.
PS: And, this comes from someone not in the USA who DOES NOT get a tax break from his donation since they are not registered in my country, but who recognizes the global impact of the EFF.
Unless you can give me all of Apache.org in Pascal I am not interested because it ewill mean lower quality applications that take 10x as long to develop because you will have to reinvent the wheel.... again and again and again.
If you are in management, then I imagine you agree with my post.
If you want to play with research languages and esoteric forms of programming, then don't get a job in industry, and stick to academia. No one in industry uses Pascal, D, Go, or any of these languages du-jour on Slashdot, because they lack some combination of robust libraries, performance, online knowledge bases, or all 3.
Almost all business applications and consumer-facing applications written in industry today are done in 5 languages
- Java, because of it's incredibly rich library set under the Apache project.
- Python, for anything that does not need to be compiled
- JavaScript, for Web development and Node.JS development
- C/C++, for performance oriented applications, or used with a cross-platform toolkit for Windows/OSX applications
- C# Applications that are Windows platform exclusive
- Objective C (and now Swift) Applications that are OSX/iOS exclusive
Before you villify me, yes I am not retarded and I know that you can compile and run C# applications on OSX and can compile and run Objective C applications on Windows. The truth however is, no one in industry actually does this. If you write an application you want cross platform, you do it using a cross-platform toolkit.
I often feel like everyone on Slashdot is a mix of two people
- Old 50+ year olds used to the good 'ol days when you would write your own stack from scratch whenever writing an application
- 20 year olds fresh out of (or still in) college who yell "squirrel!" at everything new and shiny
The truth is, that 75% - 90% of the business applications that make the world go 'round, and make nearly every startup today go 'round, are based on Java or some complimentary technology like Node.js with Java bindings. The reason for this is simple: The Apache foundation. There are SO MANY amazing enterprise-class Java libraries available via the Apache project that there is little to no reason to ever write your own. The mantra where I work, and it should be where EVERYONE works, is before you write any plumbing code at all, check Apache first. People who roll their own plumbing code INVARIABLY end up with subtle errors they did not think of or subtle problems that will manifest themselves in 2 or 3 year when they try to scale.. and all these problems were likely already figure out long ago.
When building a woodsheed, do you cut down the trees, mill the lumber, and forge the nails? Of course not, you take advantage of modern economies of scale so you can focus on the REAL building project, not the building blocks. The same is true for any halfway competent software developer.. The days of people writing their own libraries for DB MVC, for configuration management, for network access, for parsing libraries, for thread pools.. these days are gone, and thank god. The less you have to worry about the low-level plumbing, the more you can focus on the real business problem. And furthermore, the more people that make use of a low level plumbing libary, the better and more secure and stable it becomes, for everyone.
People shouldn't be driving. Period. Fixed that for you.
9% of 2.2 billion users means that there are over 220 million users posting content.
That is an interesting definition of "almost nobody".