I suppose my post was against the prevailing slashdot meme. The slashdot meme of the elite hackers with the power over life and death that are just sooo important. I would just say that those people who voted me down as "troll" just don't have the slightest clue about security.
When you care about security, you start by looking at the possible targets (a persons life), then you look at the possible attacks and identify those that are most likely. You don't look at a possible attack and go OMG and lose your brain over it, as happened here. Attacking a persons life is done with guns, knifes, baseball bats, poison, karate moves, and very very very far at the end of a very very long list are hacker attacks against pacemakers.
So there is this guy whom I hate. And he has a pacemaker. So what am I going to do: Find out how to build a device that stops his pacemaker and kill him, or just take a knife or a gun to do the job? Gun ownership is a much much bigger vulnerability. There are millions and millions in the USA who have the capability to kill anyone with a pacemaker. And anyone without a pacemaker as well.
So the only fear is that some shithead who has shit where other people have brains might think it is funny to kill people. Someone who thinks it is a game. Anyone who thinks that has ceased to be a human being, and should be shot like any dangerous animal. And since publishing vulnerabilities serves no purpose other than giving tools to such dangerous animals, publication should be punishable as well.
Every hour that some developer spends on fixing vulnerabilities that give opportunities to shitheads, that developer isn't working to help patients. Therefore, publishing vulnerabilities is detrimental to society.
What I don't get is that since about 2003, there have apparently been more "fatal crashes" than "all crashes," and that before 1991 all crashes were fatal crashes. What am I missing?
The actual numbers in 2009 are about 11 deaths per billion miles driven, and about 3,000 crashes per million miles driven. Heaven knows what that bullshit chart in that bullshit study is showing.
I'd change the title of the summary. It shouldn't be "Talking On the Phone While Driving Not So Dangerous After All", it should be "Knowledge About Statistics in the USA Even Worse Than Feared".
That would be a good way to check the theory in real life. Apple combines 128 GB SSD + 1 or 3 TB hard drive, but you can build it yourself with any size SSD drive. Over at MacRumors obviously everyone is up in arms that 128 GB is much too small, while Seagate says 8 GB is enough.
Building a Fusion drive with 32 GB SSD (I suppose that's the smallest you can buy) and checking it in real life would be a good way to test this.
Or you could use a charger from a reputable company instead of a counterfeit one for $10 on monoprice. Also any decent USB charger works. Getting one that sells for $2 and says "Made by Aple in Califonia" might not be the best idea.
There is always the problem that you may not know that your charger doesn't come from a reputable company. There have been reports of iPhone packages being opened and cables, chargers, headphones replaced with fakes, to sell the original ones at a profit.
In your situation, it's not the phone or the cable, it's the charger. There is obviously 220 Volt going into the charger. In a well-designed charger, that 220 Volt should not be able to go anywhere, including the cable.
And no device protects you from unexpected 220 Volt. Imagine someone attacking you with a cattleprod. Do you expect your iPhone to protect you from that?
It may be that poor-quality third-party chargers could damage the device. But then I have to ask, why are iDevices so fragile in the first place? It seems most other smartphones have a standard USB port and can work with any old 5V power supply.
5 Volt chargers that deliver 5 Volt are not a problem. The charger that caused all this didn't deliver 5 Volt, it delivered 220 Volt straight to the user. The iPhone survived, the user didn't.
(One way this could fail is the following: factoring I think is in a no-mans land between P and NP, not known to be in P nor known to be NP-complete. If NP collapses into P then so must factoring, but it could be that factoring is some weird-ass O(n^23) algorithm or something while every NP-complete problem can't be done in less than, say, O(n^6000).)
Consider this: Performing 2^256 operations is physically impossible (based on the quantum mechanical minimum energy to do anything, and the total amount of energy in the universe). 100 digit numbers are about 330 bits in size. If factoring n bit numbers required n^30 operations, then factoring just one 330 bit number would be physically impossible.
"Apple has patented a piece of technology which would allow government and police to block transmission of information, including video and photographs, from any public gathering"
This, followed by your signature "ignorance is choice".
The patent is for a user-selectable feature that allows cameras to be turned off if you enter a certain area. Which is a great feature if you work at a company handling confidential stuff where photography isn't allowed, and this feature, if implemented, could allow you to bring an iPhone with you and use it (because it's ability to take photos can be turned off), while other smartphones with camera would get confiscated.
They're not making civil infractions into criminal offenses in this case. Like MP3 downloads vs uploads, this is about the people who provide the material, not people who consume it. There's a legal inconsistency right now in that if you -- as the server, not the consumer -- make available copyrighted material that the end user retains possession of, its a felony but if you give them a viewer and they can just watch it, its not.
The consumer and producer can very well be the same person. I can have music on my home computer, which I stream to my own devices (and nobody else's devices) over the internet. So if there's any music that was copied from a "borrowed" CD, listening to it away from home suddenly is a felony.
Surely this is streaming of copyrighted works on the internet? So they are saying this is a misdemeanour today and should become a felony? I suppose there is something similar for Android?
They had the recourse to make an infinite number of other designs that were not exact rip-offs of the iPad.
Samsung could for example design a phone with rounded corners that is sufficiently different to not infringe on Apple's iPhone design patents, and they could even get a design patent for their phone if they decided to do so. A "rounded rectangle" patent.
Guess what, that's exactly what Samsung did with the Galaxy S3. Rounded corners, not infringing, and Samsung has their own "rounded corner" patents. Should Apple decide to make a phone that looks like a Galaxy S4, then Samsung can quite rightfully sue them. In that case, we will see who on Slashdot switches between chanting "evil copycat" and "stupid rounded rectangles" and vice versa, and who stays with their previous argument.
If you have an Apple developer account, have a look at the WWDC session video about dates. Handling dates is difficult. The simple difficulty is about the fact that you have absolute time and calendars - if we talk to each other on the phone, the absolute time is the same for both of us, but our watches may show totally different times if one is in the USA and the other in Australia; that's what the "calendar" is there fore. But not only the hour might be different, but also the day, depending what calendar you use. And that's just the easy things.
When you have a grayscale image you want to print on a single-color device, you use dithering to create the illusion of gray shades. A 1-to-1 mapping of pixels to printer dots gives you 2 colors - black and white. Photos look horrible. Double the printer resolution so you have a 2x2 dot array for each pixel and you have 16 possible shades. Double it again for a 4x4 dot array per pixel and you have 256 possible shades. So if you want a 300 pixel-per-inch gray scale image to look good, you need a printer resolution of 1200dpi.
Not quite. In a 2x2 array, the number of black pixels can be 0, 1, 2, 3 or 4, that is 5 different values. In a 4x4 array, you have 17 different values. However, if each dot is actually larger than a 1x1 pixel square you could overlap them, and depending on the pattern you could have different areas covered.
The article quotes researchers delivering numbers between about 240 dpi and 477 dpi. When 300 dpi laser printers were popular, I remember being able to spot the dots. However, I had to try. Since then 600+ dpi laser printers have taken over the market, and I can't easily spot the dots with the newer high-resolution laser printers.
Remember with laser printers the individual dots were either black or white, and nothing else. On a usual screen today, a single dot can be either 256 or 253 shades of grey, depending on the technology (on Pentile displays you need two pixels; on pure six bit displays without temporal dithering you only have 64 shades of grey).
I'm trying to understand what's wrong in making a device to run unrestrained when making the benchmarks. The very idea is to test what the device is capable of.
The idea is not to test how fast a device can run benchmarks, but to use benchmarks to be able to draw conclusions about how fast other apps would run. And this kind of manipulation means the conclusion will be wrong.
Example: I want to know how fast my far can go - but I want to know how fast it can go while still lasting a reasonable time. The manufacturer has a switch that creates 50 more horse powers but makes the engine break down after 20,000 miles. The top speed with the special switch turned on is of no relevance to me, and publishing it without a big caveat is misleading the customer.
Yep. Apple would never make adverts poking fun at the competition...
Apple makes fun of competitors. Samsung makes fun of their competitor's customers. Big difference.
Microsoft on the other hand also did an advert making fun of fanboys and fandroids (in other words, not the typical user) which was quite funny for everybody who cares for these things (and probably went over everyone else's head).
Why shouldn't someone else be able to pick up strangers for the cost of gas?
Cherrypicking. I expect taxis to be available everywhere. Going to / from airports is usually one of the most profitable tours for a taxi driver, but they have to do the less profitable tours as well. If someone decides to do only the profitable tours, everyone will hurt as a result.
And I assume it is actually "cost of gas plus some healthy profit".
In other news, Apple was granted a patent for rounded/tapered turds, leaving manufacturers of competing products in the uncomfortable position of having to license Apple's tapered turd design, or risk thier customer's assholes slamming shut.
I really don't know if Apple has a patent for rounded/tapered turds, but hopefully you will enlighten us which companies are actually building rounded/tapered turds and infringing on this patent that you claim Apple has, and we'll all have a laugh at these turd makers.
Quite the opposite, if you file and are granted a patent for something that is later ruled invalid, there should be substantial penalties for the filer, because the purpose of a patent application is a government granted monopoly, leveraging the legal power and force of government to suppress other business. If you tell the government that you've done something novel that isn't, and prevent competition through that mechanism, there are substantial social costs (none of the benefits of invention, but all of the costs of a monopoly).
In other words, no small inventor would ever again dare filing a patent, due to the risk of bankruptcy if the patent is later found invalid. Only the largest companies will be able to find patents.
I remember reading that that the GNU GPL is a license, not a contract, and that most proprietary software is accompanied by both. My vague understanding is that lawyers aren't familiar enough working with the GNU GPL's 'bare license' situation.
That's very unlikely. Legally, it is quite trivial: GPL allows you to do certain things. So you check: Is your use allowed either by copyright law, or by the GPL. If yes, then you're fine. If not, don't use it.
The GPL says roughly "you may do X if you do Y". Because it's no contract, it means if you do X without doing Y then you have copyright infringement. Without the GPL license, doing X would be copyright infringement, whether you do Y or not. If it was a contract, the copyright holder could force you to do Y if you do X, or could sue you for copyright infringement. Since it is no contract, they can't force you to do Y; they can only sue for copyright infringement.
Yes, they should follow the license for all code they use.
No, this would not have been an issue if they had used code under BSD.
The problem is that Fantec received code from a third party. If the third party told them correctly what license applied, and Fantec acted accordingly, they would have been fine. If the license had been BSD but the third party lied and Fantec acted accordingly, they would have been fine most likely. If the license was GPL (as it was in this case) or proprietary, the supplier lied, and Fantec acted on the false information (which they did), obviously there was trouble.
But the problem isn't GPL; the problem is not being told which license applied and acting wrongly because of that false information.
Slashdot Mirror
I suppose my post was against the prevailing slashdot meme. The slashdot meme of the elite hackers with the power over life and death that are just sooo important. I would just say that those people who voted me down as "troll" just don't have the slightest clue about security.
When you care about security, you start by looking at the possible targets (a persons life), then you look at the possible attacks and identify those that are most likely. You don't look at a possible attack and go OMG and lose your brain over it, as happened here. Attacking a persons life is done with guns, knifes, baseball bats, poison, karate moves, and very very very far at the end of a very very long list are hacker attacks against pacemakers.
So there is this guy whom I hate. And he has a pacemaker. So what am I going to do: Find out how to build a device that stops his pacemaker and kill him, or just take a knife or a gun to do the job? Gun ownership is a much much bigger vulnerability. There are millions and millions in the USA who have the capability to kill anyone with a pacemaker. And anyone without a pacemaker as well.
So the only fear is that some shithead who has shit where other people have brains might think it is funny to kill people. Someone who thinks it is a game. Anyone who thinks that has ceased to be a human being, and should be shot like any dangerous animal. And since publishing vulnerabilities serves no purpose other than giving tools to such dangerous animals, publication should be punishable as well.
Every hour that some developer spends on fixing vulnerabilities that give opportunities to shitheads, that developer isn't working to help patients. Therefore, publishing vulnerabilities is detrimental to society.
What I don't get is that since about 2003, there have apparently been more "fatal crashes" than "all crashes," and that before 1991 all crashes were fatal crashes. What am I missing?
The actual numbers in 2009 are about 11 deaths per billion miles driven, and about 3,000 crashes per million miles driven. Heaven knows what that bullshit chart in that bullshit study is showing.
I'd change the title of the summary. It shouldn't be "Talking On the Phone While Driving Not So Dangerous After All", it should be "Knowledge About Statistics in the USA Even Worse Than Feared".
That would be a good way to check the theory in real life. Apple combines 128 GB SSD + 1 or 3 TB hard drive, but you can build it yourself with any size SSD drive. Over at MacRumors obviously everyone is up in arms that 128 GB is much too small, while Seagate says 8 GB is enough.
Building a Fusion drive with 32 GB SSD (I suppose that's the smallest you can buy) and checking it in real life would be a good way to test this.
Or you could use a charger from a reputable company instead of a counterfeit one for $10 on monoprice. Also any decent USB charger works. Getting one that sells for $2 and says "Made by Aple in Califonia" might not be the best idea.
There is always the problem that you may not know that your charger doesn't come from a reputable company. There have been reports of iPhone packages being opened and cables, chargers, headphones replaced with fakes, to sell the original ones at a profit.
In your situation, it's not the phone or the cable, it's the charger. There is obviously 220 Volt going into the charger. In a well-designed charger, that 220 Volt should not be able to go anywhere, including the cable.
And no device protects you from unexpected 220 Volt. Imagine someone attacking you with a cattleprod. Do you expect your iPhone to protect you from that?
It may be that poor-quality third-party chargers could damage the device. But then I have to ask, why are iDevices so fragile in the first place? It seems most other smartphones have a standard USB port and can work with any old 5V power supply.
5 Volt chargers that deliver 5 Volt are not a problem. The charger that caused all this didn't deliver 5 Volt, it delivered 220 Volt straight to the user. The iPhone survived, the user didn't.
Or I could take that $10 and buy a thousand cheap knockoffs at wholesale prices straight from China and throw them out as they die.
The reason that Apple offers this exchange is not the risk that the charger could die.
(One way this could fail is the following: factoring I think is in a no-mans land between P and NP, not known to be in P nor known to be NP-complete. If NP collapses into P then so must factoring, but it could be that factoring is some weird-ass O(n^23) algorithm or something while every NP-complete problem can't be done in less than, say, O(n^6000).)
Consider this: Performing 2^256 operations is physically impossible (based on the quantum mechanical minimum energy to do anything, and the total amount of energy in the universe). 100 digit numbers are about 330 bits in size. If factoring n bit numbers required n^30 operations, then factoring just one 330 bit number would be physically impossible.
"Apple has patented a piece of technology which would allow government and police to block transmission of information, including video and photographs, from any public gathering"
This, followed by your signature "ignorance is choice".
The patent is for a user-selectable feature that allows cameras to be turned off if you enter a certain area. Which is a great feature if you work at a company handling confidential stuff where photography isn't allowed, and this feature, if implemented, could allow you to bring an iPhone with you and use it (because it's ability to take photos can be turned off), while other smartphones with camera would get confiscated.
They're not making civil infractions into criminal offenses in this case. Like MP3 downloads vs uploads, this is about the people who provide the material, not people who consume it. There's a legal inconsistency right now in that if you -- as the server, not the consumer -- make available copyrighted material that the end user retains possession of, its a felony but if you give them a viewer and they can just watch it, its not.
The consumer and producer can very well be the same person. I can have music on my home computer, which I stream to my own devices (and nobody else's devices) over the internet. So if there's any music that was copied from a "borrowed" CD, listening to it away from home suddenly is a felony.
Surely this is streaming of copyrighted works on the internet? So they are saying this is a misdemeanour today and should become a felony? I suppose there is something similar for Android?
They had the recourse to make an infinite number of other designs that were not exact rip-offs of the iPad.
Samsung could for example design a phone with rounded corners that is sufficiently different to not infringe on Apple's iPhone design patents, and they could even get a design patent for their phone if they decided to do so. A "rounded rectangle" patent.
Guess what, that's exactly what Samsung did with the Galaxy S3. Rounded corners, not infringing, and Samsung has their own "rounded corner" patents. Should Apple decide to make a phone that looks like a Galaxy S4, then Samsung can quite rightfully sue them. In that case, we will see who on Slashdot switches between chanting "evil copycat" and "stupid rounded rectangles" and vice versa, and who stays with their previous argument.
Money buys a lot.
Yes, but then the administration cancelled the bought decision.
If you have an Apple developer account, have a look at the WWDC session video about dates. Handling dates is difficult. The simple difficulty is about the fact that you have absolute time and calendars - if we talk to each other on the phone, the absolute time is the same for both of us, but our watches may show totally different times if one is in the USA and the other in Australia; that's what the "calendar" is there fore. But not only the hour might be different, but also the day, depending what calendar you use. And that's just the easy things.
When you have a grayscale image you want to print on a single-color device, you use dithering to create the illusion of gray shades. A 1-to-1 mapping of pixels to printer dots gives you 2 colors - black and white. Photos look horrible. Double the printer resolution so you have a 2x2 dot array for each pixel and you have 16 possible shades. Double it again for a 4x4 dot array per pixel and you have 256 possible shades. So if you want a 300 pixel-per-inch gray scale image to look good, you need a printer resolution of 1200dpi.
Not quite. In a 2x2 array, the number of black pixels can be 0, 1, 2, 3 or 4, that is 5 different values. In a 4x4 array, you have 17 different values. However, if each dot is actually larger than a 1x1 pixel square you could overlap them, and depending on the pattern you could have different areas covered.
The article quotes researchers delivering numbers between about 240 dpi and 477 dpi. When 300 dpi laser printers were popular, I remember being able to spot the dots. However, I had to try. Since then 600+ dpi laser printers have taken over the market, and I can't easily spot the dots with the newer high-resolution laser printers.
Remember with laser printers the individual dots were either black or white, and nothing else. On a usual screen today, a single dot can be either 256 or 253 shades of grey, depending on the technology (on Pentile displays you need two pixels; on pure six bit displays without temporal dithering you only have 64 shades of grey).
So those Apple Commercials where the Apple spokesman is a "hip guy" while the "PC" guy is some nerd are not making fun of the customers?
One said "I'm a Mac" and the other said "I'm a PC". Not "I'm a Mac customer" and "I'm a PC customer".
I'm trying to understand what's wrong in making a device to run unrestrained when making the benchmarks. The very idea is to test what the device is capable of.
The idea is not to test how fast a device can run benchmarks, but to use benchmarks to be able to draw conclusions about how fast other apps would run. And this kind of manipulation means the conclusion will be wrong.
Example: I want to know how fast my far can go - but I want to know how fast it can go while still lasting a reasonable time. The manufacturer has a switch that creates 50 more horse powers but makes the engine break down after 20,000 miles. The top speed with the special switch turned on is of no relevance to me, and publishing it without a big caveat is misleading the customer.
Yep. Apple would never make adverts poking fun at the competition...
Apple makes fun of competitors. Samsung makes fun of their competitor's customers. Big difference.
Microsoft on the other hand also did an advert making fun of fanboys and fandroids (in other words, not the typical user) which was quite funny for everybody who cares for these things (and probably went over everyone else's head).
Why shouldn't someone else be able to pick up strangers for the cost of gas?
Cherrypicking. I expect taxis to be available everywhere. Going to / from airports is usually one of the most profitable tours for a taxi driver, but they have to do the less profitable tours as well. If someone decides to do only the profitable tours, everyone will hurt as a result.
And I assume it is actually "cost of gas plus some healthy profit".
In other news, Apple was granted a patent for rounded/tapered turds, leaving manufacturers of competing products in the uncomfortable position of having to license Apple's tapered turd design, or risk thier customer's assholes slamming shut.
I really don't know if Apple has a patent for rounded/tapered turds, but hopefully you will enlighten us which companies are actually building rounded/tapered turds and infringing on this patent that you claim Apple has, and we'll all have a laugh at these turd makers.
Quite the opposite, if you file and are granted a patent for something that is later ruled invalid, there should be substantial penalties for the filer, because the purpose of a patent application is a government granted monopoly, leveraging the legal power and force of government to suppress other business. If you tell the government that you've done something novel that isn't, and prevent competition through that mechanism, there are substantial social costs (none of the benefits of invention, but all of the costs of a monopoly).
In other words, no small inventor would ever again dare filing a patent, due to the risk of bankruptcy if the patent is later found invalid. Only the largest companies will be able to find patents.
I remember reading that that the GNU GPL is a license, not a contract, and that most proprietary software is accompanied by both. My vague understanding is that lawyers aren't familiar enough working with the GNU GPL's 'bare license' situation.
That's very unlikely. Legally, it is quite trivial: GPL allows you to do certain things. So you check: Is your use allowed either by copyright law, or by the GPL. If yes, then you're fine. If not, don't use it.
The GPL says roughly "you may do X if you do Y". Because it's no contract, it means if you do X without doing Y then you have copyright infringement. Without the GPL license, doing X would be copyright infringement, whether you do Y or not. If it was a contract, the copyright holder could force you to do Y if you do X, or could sue you for copyright infringement. Since it is no contract, they can't force you to do Y; they can only sue for copyright infringement.
Yes, they should follow the license for all code they use.
No, this would not have been an issue if they had used code under BSD.
The problem is that Fantec received code from a third party. If the third party told them correctly what license applied, and Fantec acted accordingly, they would have been fine. If the license had been BSD but the third party lied and Fantec acted accordingly, they would have been fine most likely. If the license was GPL (as it was in this case) or proprietary, the supplier lied, and Fantec acted on the false information (which they did), obviously there was trouble.
But the problem isn't GPL; the problem is not being told which license applied and acting wrongly because of that false information.