Who said they're going to keep it at 12 volts? A VRM can also be the transformer, but it doesn't have to be. They could ramp down the voltage on the board just like they always did and just have a VRM on the chip that is maintaining a steady voltage. If you read the article they are barging about how little fluctuation they are getting. So it seems like what they are doing here is adding basically an extra regulator on chip so they can have extremely stable voltage. I'm guessing as small as things are getting now, just the trip across the motherboard can have noticeable fluctuations on supply voltages due to EM interference and temp fluctuations, so having a regulator on the chip lets them get more precise. Maybe that precision will let them do some magic on the chip to increase performance or something?
Or they are finding those Chinese made MB motherboards have such poor regulators, that they have to do some final regulation on the die to keep things stable?
This is probably also driven by a desire to start putting higher horsepower CPUs into smaller things like tablets.
There is no copying of data. The data is/always/ encrypted on the device, it's the encryption key that is password protected.
It's actually very simple. When the device is initially set up, a symmetric key is generated and all the user data is encrypted using that key. When you set a lock screen password, the encryption key is then encrypted using the password and stored in flash. Unlocking the device with the valid password decrypts the key into RAM so that the user data can be decrypted. Locking the device removes the decrypted key from memory, thus leaving all of the data in flash in a secure state.
If the device is configured to self-erase after too many failed password attempts, the device simply deletes the encryption key from flash and the device is effectively wiped.
Ding, ding, ding, ding! We finally have a poster who understands how this works! This is how almost all disk-encryption works. This is also how MS disk and file encryption works. This method also allows you to have multiple keys to the same file or disk partition, as the real key encryption simply gets encrypted using each individual key and stored with the file. I'm willing to bet IOS saves another copy of the encryption key that's encrypted with their pubic key, and they have the ability to unencrypted it using their private key.
Also note that the algorithm used to unlock the encryption key, may not be the same algorithm as used to encrypt the data. There have been examples of software and usb drives claiming AES encryption, but it turned out that only applied to the stored key and the actually encryption was very easy to break (in some instances it was literally XORing with the stored key).
Once you can access the encrypted contents, it's all a matter of brute forcing. It's made a bit harder because trying each key takes substantial amount of time, but with ten thousand keys as you said it is no problem. You can use more digits, or a password with keys and laters. About 8 truly random digits and characters should make it unbreakable.
Once you have read the encrypted memory directly, the brute forcing takes place outside of the device so you're not speed limited by pressing keys or waiting for the timeouts.
A slightly paranoid person might buy into the theory that Big Pharma doesn't WANT to cure patients. Instead, they want to hook people on life-long "cures" that prove to be very lucrative.
Actual cures would be much more lucrative. If pharmas had a choice, they'd develop a cure rather than a treatment for any serious chronic disease. Unfortunately, for most non-infectious diseases a "cure" would mean making a fundamental and permanent change in how your body operates. Which pretty much means gene therapy, something which we really don't have a handle on yet.
It would be naive to not understand that like most large businesses, the pharmas are driven financial motives which drives their research and product development cycles. Just look at how they magically have a new drug ready to replace the old one right about the time their patent expires and all the generic manufacturers are set to suck up any profit. It doesn't matter if the old drug was effective and had lower side risks, the company will pour money into advertising to convince people they need the latest and greatest drug. As we've seen that sometimes leads to inadequate testing prior to widespread adoption.
Not the greatest is an understatement. I have one almost like that from harbor freight (the geared head one.) The round column sucks. Mine sits in the corner until i need to drill something. You are probably better off with one of the small mills they sell and converting it to cnc.
Just curious, can you clarify what you mean by the round column sucks?
So I'm guessing you never bothered to read the article. (I know, what was I thinking).
In particular the part where EPA may not actually be doing those additional tests amd simply relying on the manufacturer to estimate those numbers in good faith (aka, fudging it). Similar estimation was also how the EPA revised the numbers for older pre-2008 vehicles that were never subjected to these test.
Speaking of power in the gas tank, it seems that all these tests are conducted with straight gas, but all you can find at the pump these days is 10% ethanol, which immediately cuts your mph by 3 to 4 mph.
Very few new car advertising even mentions the difference.
To minimize variability due to inconsistent fuel, they use a specially blended fuel mixture and not anything you'd find at the local gas station.
The EPA has a specialized company manufacture small batches of consistent fuel, which is 93 octane (cars running 50-state certifications get a slightly different, 91-octane “California” blend). http://www.caranddriver.com/features/the-truth-about-epa-city-highway-mpg-estimates-measuring-fuel-economy-page-2
In any case, you're best bet for figuring fuel economy is websites that collect real word inputs from users.
I've seen a whole lot of video enhancement 'algorithms', boxes, programs, etc. Not one of the press-button-get-video variants have actually improved video quality, and almost universally they just make things worse; more often than not, they just shove up contrast and saturation and add an unsharp mask, but some are genuinely innovative in their uglyness (e.g. the dreaded WarpSharp, Q-Tec's BD butchery, etc). The vast majority of 'easy to use' variants, with a few sliders to move about or checkboxes to flip, are equally ineffective.
Do you have any examples of your 'algorithm' that show it to be something other than run-of-the-mill?
Video has some interest possibilities for enhancement unlike a single static image though. If the camera or the image is moving, you can extrapolate higher resolution details than what's in the based video stream resolution. If the camera is slowly panned sideways in one direction so that the next frame is aligned 1/2-pixel off from the previous frame, with some mathematical trickery using the successive frames you've effectively increased your horizontal resolution. You can do similar tricks if the object is moving. As an extreme example, imagine a 1-pixel resolution camera scanning - the reverse of how a CRT works if you will. I've see demo's where something that moved across the screen is removed and replaced with the static imagery from previous frames - essentially removing a subject from the video with no apparent missing data.
I think you missed the point that cnc or 3d printing requires minimal or no skill or ability to think out a design. A manual mill requires at least a little skill.
Especially considering that it's not particularly difficult to manufacture a gun out of metal using more conventional technologies. It's not some kind of space-age, 21st-century device; guns have been produced for something like 700 years. Instead of a 3d printer, why not get a CNC mill?
The answer, I suspect, is that we're dealing with a gun-nut libertarian desperate to get press for their TECHNO-LIBERATION concept.
Because most people can't afford a CNC mill and you can now buy a 3-D printer at Staples?
This is more likely to work better as a "squirrel" vs. "bird" detector, or with good/better datasets, perhaps even as a "cardinal" vs. "bluejay" vs. "mockingbird" vs. "car alarm" detector, especially if the birds are in your front or back yard.
That is a much more practical and marketable idea. Now go build it!
So now the highly directional microphone has to be pointed toward the undetected drone in order to detect it? That makes perfect sense.
If you're sophisticated and have multiple microphones in a well planned array, then you can aim your microphone in software and sweep the sky looking for the signature. Look up acoustic beam-forming. If the array is large enough you can estimate distance as well as angle. The bonus is that you get actual tracking instead of just detection.
The problem would be processing power though. Simple implementations could range from 4 microphones that you sum/subtract to look at quandrants, up the way to something approaching what the US Navy does with its towed arrays. I doubt the PI could handle the processing of the signals in both the time domain to get tracking, and the frequency domain to do target qualification.
Of course you also have the question of what do you do when you detect one? Aim a camera at it? Fire off your green laser? (no not suggesting you commit a felony).
Most users use the same fucking password for everything!
To be fair, its almost unreasonable to ask an average non-techy user to do anything else. Passwords are simply a flawed system.
I use keypass to autogenerate different passwords and save them in its database. That works great, for someone who takes security a little more at heart. I end up having to use its very convenient search feature to find my passwords, because at this point I have something like 50-80 of them.
Now, anyone who isn't a sophisticated enough user won't do that. You want them to learn 50+ totally distinct passwords? Or you want them to learn a little tricky or mnemonic when picking passwords so they have a way to reverse them from whatever website they're used on while being different?
Yeah, most users will seriously prefer dealing with identity theft than with that at the end of the day. Flawed system is flawed.
Sadly you're right. Users should at least be smart enough to make the distinction between fluff social media sites and important stuff like their banking password. But again, way too many people use the last 4 digits of their phone number, their birthdate, or their soc number as their pin.
Most users use the same fucking password for everything! Living Social should be telling their users that despite the salted hashes, they should start changing all their website passwords that even look remotely similar. Of course they are also ignoring the fact that compromised systems can do more than just expose a database. Are they sure they intruder didn't figure out how to capture the passwords as people were authenticating? Are their private SSL certs still private? Why the hell are they even keeping the credit card info anyway?
The University of MD did the same "equality" thing when I was attending. The State felt black admissions were too low, so they forced the University to try to remedy this by lowering the SAT and GPA cutoffs and establishing grants based on skin color rather than college potential. Unfortunately by actively trying to attract people who otherwise did not meet the same criteria (regardless of the group) they set up the situation that a few years later that group also had the highest dropout/failure rate. So next they pressured the professors to ensure they were teaching equally which translated into more lenient grading.
In the systems I've seen, they are using stuff like MoxaPorts for serial to ethernet. It's done as either serial to serial tunneling over ethernet, or one side is a computer with the lantronix serial redirector client installed. The devices require a password to configure, but typically access to the serial port is simply telneting to port 10001 and there is zero security unless the serial port on the device has access controls. Engineers like the simplicity of setting it up and usually don't consider that everyone else on the network can too.
You can still inflict unjustified injury without lying. Presenting true facts with a malicious interpretation or inference can be defamation. For example if the drug store gave you the wrong change back, your technically correct if you take out a full page ad announcing the store cheats its customers but you are in fact defaming the store.
Or as in this article, if Mrs Kemp simply stated the fact instead of ranting about how dishonest the company tried to cheat her then she might not have opened herself up to claim of libel.
Truth is not always a defence against libel in the UK. Publishing the truth with intent to damage or for malicious purpose can also be libel.
Which actually makes some sense because defamation (via libel or slander) it the act of damaging someones reputation not necessarily by lying. For example if I ran around and told everyone that the someone was having an affair, it still damages their reputation whether it's true or not.
The reason that liquids can't be brought through is the ease of making and detonating liquid binary explosives and the difficulty of detecting them. As long as the bottled water that's being sold is from a trusted source, there's no need to check it. Vetting every single bottle of liquids would be prohibitively expensive, so they just make you toss out your bottle of water and buy a new one.
Well at least that's the party line spouted by TSA. All the explosive experts and chemists disagreed pointing out that mixing such chemicals and getting them to explode rather than burn is not trivial. There are very powerful two part liquid- powder explosives such as Astrolite that could be effective, but again not easy to detonate as it requires the use of a blasting cap. A few bottle of acetone-based nail polish remover and a lighter might be more effective.
While nothing technical is stopping an intelligence agency from passing on criminal tips to LEOs, there are legal road blocks to doing so. At least in the U.S. there are supposed to be restrictions on federal agencies spying on private citizens.
Unfortunately much of that has gone out the window, courtesy of the patriot act.
More importantly though, our federal Constitution, state laws, and over 900 years of English common-law heritage guarantee one's right to face your accuser. Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".
What really happens is that the spying leads to a request for a secret search warrant, and then the usable evidence collection starts.
Technology available to intelligence agencies like NSA is not always made available to law enforcement.
Exactly, if the NSA does have the ability to crack encryption thought to be uncrackable by the rest of the world, there's no way they'd let that ability be used for any public law enforcement cases -- they'd keep it closely guarded and would only use it for top-secret intelligence gathering.
Which also explains some curious incidents in the past where NSA suggests certain standards and everyone goes "huh, that makes no sense" only to discover many years later that the tweak enhanced the security of the protocol. For example their alteration to DES.
Slashdot Mirror
Who said they're going to keep it at 12 volts? A VRM can also be the transformer, but it doesn't have to be. They could ramp down the voltage on the board just like they always did and just have a VRM on the chip that is maintaining a steady voltage. If you read the article they are barging about how little fluctuation they are getting. So it seems like what they are doing here is adding basically an extra regulator on chip so they can have extremely stable voltage. I'm guessing as small as things are getting now, just the trip across the motherboard can have noticeable fluctuations on supply voltages due to EM interference and temp fluctuations, so having a regulator on the chip lets them get more precise. Maybe that precision will let them do some magic on the chip to increase performance or something?
Or they are finding those Chinese made MB motherboards have such poor regulators, that they have to do some final regulation on the die to keep things stable?
This is probably also driven by a desire to start putting higher horsepower CPUs into smaller things like tablets.
There is no copying of data. The data is /always/ encrypted on the device, it's the encryption key that is password protected.
It's actually very simple. When the device is initially set up, a symmetric key is generated and all the user data is encrypted using that key. When you set a lock screen password, the encryption key is then encrypted using the password and stored in flash. Unlocking the device with the valid password decrypts the key into RAM so that the user data can be decrypted. Locking the device removes the decrypted key from memory, thus leaving all of the data in flash in a secure state.
If the device is configured to self-erase after too many failed password attempts, the device simply deletes the encryption key from flash and the device is effectively wiped.
Ding, ding, ding, ding! We finally have a poster who understands how this works! This is how almost all disk-encryption works. This is also how MS disk and file encryption works. This method also allows you to have multiple keys to the same file or disk partition, as the real key encryption simply gets encrypted using each individual key and stored with the file. I'm willing to bet IOS saves another copy of the encryption key that's encrypted with their pubic key, and they have the ability to unencrypted it using their private key.
Also note that the algorithm used to unlock the encryption key, may not be the same algorithm as used to encrypt the data. There have been examples of software and usb drives claiming AES encryption, but it turned out that only applied to the stored key and the actually encryption was very easy to break (in some instances it was literally XORing with the stored key).
Once you can access the encrypted contents, it's all a matter of brute forcing. It's made a bit harder because trying each key takes substantial amount of time, but with ten thousand keys as you said it is no problem. You can use more digits, or a password with keys and laters. About 8 truly random digits and characters should make it unbreakable.
Once you have read the encrypted memory directly, the brute forcing takes place outside of the device so you're not speed limited by pressing keys or waiting for the timeouts.
From the article "More updates to follow, but you will be able to order beers from your phone to the District 9 campsite in 2013."
Wait? The District 9 camp in Africa? Heck just have one of the alien prawns deliver it for you! http://www.imdb.com/title/tt1136608/
A slightly paranoid person might buy into the theory that Big Pharma doesn't WANT to cure patients. Instead, they want to hook people on life-long "cures" that prove to be very lucrative.
Actual cures would be much more lucrative. If pharmas had a choice, they'd develop a cure rather than a treatment for any serious chronic disease. Unfortunately, for most non-infectious diseases a "cure" would mean making a fundamental and permanent change in how your body operates. Which pretty much means gene therapy, something which we really don't have a handle on yet.
It would be naive to not understand that like most large businesses, the pharmas are driven financial motives which drives their research and product development cycles. Just look at how they magically have a new drug ready to replace the old one right about the time their patent expires and all the generic manufacturers are set to suck up any profit. It doesn't matter if the old drug was effective and had lower side risks, the company will pour money into advertising to convince people they need the latest and greatest drug. As we've seen that sometimes leads to inadequate testing prior to widespread adoption.
Not the greatest is an understatement. I have one almost like that from harbor freight (the geared head one.) The round column sucks. Mine sits in the corner until i need to drill something. You are probably better off with one of the small mills they sell and converting it to cnc.
Just curious, can you clarify what you mean by the round column sucks?
Entire article is false, EPA changed the testing in 2008. Since 2008 they test mpg up to 80mph and accelerate at 8.5 miles per second, roughly 0-60 in 7 second
So I'm guessing you never bothered to read the article. (I know, what was I thinking).
In particular the part where EPA may not actually be doing those additional tests amd simply relying on the manufacturer to estimate those numbers in good faith (aka, fudging it). Similar estimation was also how the EPA revised the numbers for older pre-2008 vehicles that were never subjected to these test.
Speaking of power in the gas tank, it seems that all these tests are conducted with straight gas, but all you can find at the pump these days is 10% ethanol, which immediately cuts your mph by 3 to 4 mph.
Very few new car advertising even mentions the difference.
Yup, this can be verified by looking at the EPA FAQ at http://www.fueleconomy.gov/feg/info.shtml
To minimize variability due to inconsistent fuel, they use a specially blended fuel mixture and not anything you'd find at the local gas station.
The EPA has a specialized company manufacture small batches of consistent fuel, which is 93 octane (cars running 50-state certifications get a slightly different, 91-octane “California” blend). http://www.caranddriver.com/features/the-truth-about-epa-city-highway-mpg-estimates-measuring-fuel-economy-page-2
In any case, you're best bet for figuring fuel economy is websites that collect real word inputs from users.
I've seen a whole lot of video enhancement 'algorithms', boxes, programs, etc. Not one of the press-button-get-video variants have actually improved video quality, and almost universally they just make things worse; more often than not, they just shove up contrast and saturation and add an unsharp mask, but some are genuinely innovative in their uglyness (e.g. the dreaded WarpSharp, Q-Tec's BD butchery, etc). The vast majority of 'easy to use' variants, with a few sliders to move about or checkboxes to flip, are equally ineffective.
Do you have any examples of your 'algorithm' that show it to be something other than run-of-the-mill?
Video has some interest possibilities for enhancement unlike a single static image though. If the camera or the image is moving, you can extrapolate higher resolution details than what's in the based video stream resolution. If the camera is slowly panned sideways in one direction so that the next frame is aligned 1/2-pixel off from the previous frame, with some mathematical trickery using the successive frames you've effectively increased your horizontal resolution. You can do similar tricks if the object is moving. As an extreme example, imagine a 1-pixel resolution camera scanning - the reverse of how a CRT works if you will. I've see demo's where something that moved across the screen is removed and replaced with the static imagery from previous frames - essentially removing a subject from the video with no apparent missing data.
I think you missed the point that cnc or 3d printing requires minimal or no skill or ability to think out a design. A manual mill requires at least a little skill.
Especially considering that it's not particularly difficult to manufacture a gun out of metal using more conventional technologies. It's not some kind of space-age, 21st-century device; guns have been produced for something like 700 years. Instead of a 3d printer, why not get a CNC mill?
The answer, I suspect, is that we're dealing with a gun-nut libertarian desperate to get press for their TECHNO-LIBERATION concept.
Because most people can't afford a CNC mill and you can now buy a 3-D printer at Staples?
This is more likely to work better as a "squirrel" vs. "bird" detector, or with good/better datasets, perhaps even as a "cardinal" vs. "bluejay" vs. "mockingbird" vs. "car alarm" detector, especially if the birds are in your front or back yard.
That is a much more practical and marketable idea. Now go build it!
So now the highly directional microphone has to be pointed toward the undetected drone in order to detect it? That makes perfect sense.
If you're sophisticated and have multiple microphones in a well planned array, then you can aim your microphone in software and sweep the sky looking for the signature. Look up acoustic beam-forming. If the array is large enough you can estimate distance as well as angle. The bonus is that you get actual tracking instead of just detection.
The problem would be processing power though. Simple implementations could range from 4 microphones that you sum/subtract to look at quandrants, up the way to something approaching what the US Navy does with its towed arrays. I doubt the PI could handle the processing of the signals in both the time domain to get tracking, and the frequency domain to do target qualification.
Of course you also have the question of what do you do when you detect one? Aim a camera at it? Fire off your green laser? (no not suggesting you commit a felony).
To be fair, its almost unreasonable to ask an average non-techy user to do anything else. Passwords are simply a flawed system.
I use keypass to autogenerate different passwords and save them in its database. That works great, for someone who takes security a little more at heart. I end up having to use its very convenient search feature to find my passwords, because at this point I have something like 50-80 of them.
Now, anyone who isn't a sophisticated enough user won't do that. You want them to learn 50+ totally distinct passwords? Or you want them to learn a little tricky or mnemonic when picking passwords so they have a way to reverse them from whatever website they're used on while being different?
Yeah, most users will seriously prefer dealing with identity theft than with that at the end of the day. Flawed system is flawed.
Sadly you're right. Users should at least be smart enough to make the distinction between fluff social media sites and important stuff like their banking password. But again, way too many people use the last 4 digits of their phone number, their birthdate, or their soc number as their pin.
Most users use the same fucking password for everything! Living Social should be telling their users that despite the salted hashes, they should start changing all their website passwords that even look remotely similar. Of course they are also ignoring the fact that compromised systems can do more than just expose a database. Are they sure they intruder didn't figure out how to capture the passwords as people were authenticating? Are their private SSL certs still private? Why the hell are they even keeping the credit card info anyway?
The University of MD did the same "equality" thing when I was attending. The State felt black admissions were too low, so they forced the University to try to remedy this by lowering the SAT and GPA cutoffs and establishing grants based on skin color rather than college potential. Unfortunately by actively trying to attract people who otherwise did not meet the same criteria (regardless of the group) they set up the situation that a few years later that group also had the highest dropout/failure rate. So next they pressured the professors to ensure they were teaching equally which translated into more lenient grading.
But can it fix my broken coworker? Morale is horrible, wages are stagnant and our future is bleak. Please invent a robot to fix that.
They already have. Google Japanese fembots.
How would you use broadcast or multicast to distribute an OS? Call me ignorant, but how would you do that in practice?
Pretty easy to setup using Windows Deployment Services
http://www.windows-noob.com/forums/index.php?/topic/452-how-can-i-multicast-an-image-in-windows-deployment-services-windows-server-2008/
Or if Linux is your preference
http://www.udpcast.linux.lu/
Or Clonezilla has a multicast restore function
http://clonezilla.org/clonezilla-SE/use_clonezilla_live_in_drbl.php
In the systems I've seen, they are using stuff like MoxaPorts for serial to ethernet. It's done as either serial to serial tunneling over ethernet, or one side is a computer with the lantronix serial redirector client installed. The devices require a password to configure, but typically access to the serial port is simply telneting to port 10001 and there is zero security unless the serial port on the device has access controls. Engineers like the simplicity of setting it up and usually don't consider that everyone else on the network can too.
I don't understand the point you are making
Then I'll type slower for you. :}
You can still inflict unjustified injury without lying. Presenting true facts with a malicious interpretation or inference can be defamation. For example if the drug store gave you the wrong change back, your technically correct if you take out a full page ad announcing the store cheats its customers but you are in fact defaming the store.
Or as in this article, if Mrs Kemp simply stated the fact instead of ranting about how dishonest the company tried to cheat her then she might not have opened herself up to claim of libel.
Truth is not always a defence against libel in the UK. Publishing the truth with intent to damage or for malicious purpose can also be libel.
Which actually makes some sense because defamation (via libel or slander) it the act of damaging someones reputation not necessarily by lying. For example if I ran around and told everyone that the someone was having an affair, it still damages their reputation whether it's true or not.
http://dictionary.reference.com/browse/libel
libel - defamation by written or printed words, pictures, or in any form other than by spoken words or gestures.
http://dictionary.reference.com/browse/defamation
defamation - the act of defaming; false or unjustified injury of the good reputation of another, as by slander or libel; calumny:
Wow, I'm shocked that this hasn't been posted already:
http://xkcd.com/651/
The reason that liquids can't be brought through is the ease of making and detonating liquid binary explosives and the difficulty of detecting them. As long as the bottled water that's being sold is from a trusted source, there's no need to check it. Vetting every single bottle of liquids would be prohibitively expensive, so they just make you toss out your bottle of water and buy a new one.
Well at least that's the party line spouted by TSA. All the explosive experts and chemists disagreed pointing out that mixing such chemicals and getting them to explode rather than burn is not trivial. There are very powerful two part liquid- powder explosives such as Astrolite that could be effective, but again not easy to detonate as it requires the use of a blasting cap. A few bottle of acetone-based nail polish remover and a lighter might be more effective.
While nothing technical is stopping an intelligence agency from passing on criminal tips to LEOs, there are legal road blocks to doing so. At least in the U.S. there are supposed to be restrictions on federal agencies spying on private citizens.
Unfortunately much of that has gone out the window, courtesy of the patriot act.
More importantly though, our federal Constitution, state laws, and over 900 years of English common-law heritage guarantee one's right to face your accuser. Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".
What really happens is that the spying leads to a request for a secret search warrant, and then the usable evidence collection starts.
Technology available to intelligence agencies like NSA is not always made available to law enforcement.
Exactly, if the NSA does have the ability to crack encryption thought to be uncrackable by the rest of the world, there's no way they'd let that ability be used for any public law enforcement cases -- they'd keep it closely guarded and would only use it for top-secret intelligence gathering.
Which also explains some curious incidents in the past where NSA suggests certain standards and everyone goes "huh, that makes no sense" only to discover many years later that the tweak enhanced the security of the protocol. For example their alteration to DES.