This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing.
As someone else mentioned in another post, physical access can be a bit of a misnomer. Technically all that is required is for a computer to be connected via the JTAG interface in order to exploit this. This might be a diagnostic computer for example. If that diagnostic computer were to be infected with a targeted payload, there is your physical access.
Very few commercially available DVR systems have a skip function, usually only a fast forward function which is very irritating to use.. I'm sure this is down to pressure from operators rather than any technical reasons.
I have had Dish for 5 years or so and my DVR system has a 30sec skip forward. Needless to say, that was the first button to have its label worn off.
Funny how people will defend Google for taking publicly available information from unsecured wifi
Because Google is not the government. Despite what some people think about corporations and the government these days, Google does not have the ability to deprive you of your life or your freedom. The Government on the other hand can and does these days. Big difference.
Or enable encryption on your torrent. Most torrent clients have an option for encryption, most of the time it's set to 'prefer encryption' but you can set it to 'require encryption'
What would that accomplish? The MAFIAA is not capturing your packets and analyzing them to see what you are transferring. They are one of the clients that you are seeding to. Once they download the song and capture your IP address, the start the paperwork. There are solutions to this, but encryption of your data stream is not one of them.
Exactly. It's obvious that e.g. distances between stations can't be too short or too long. And obviously the structure is determined by the structure of the city, the distribution of its population and their destinations. And subway planners might also have taken a look at solutions in other cities. I think I'm going to do a study on mathematical properties of articles in the Journal of the Royal Society Interface. I will of course assume that such articles are self-organizing, and arrive at the surprising conclusion that they're all made up of words; I might even find that some words are much more frequent than others, despite there being so many opportunities in so many different pieces of text. I expect this conclusion to reach Slashdot in due time...
Slow down there cowboy! First you need to secure a grant...
Seems to me that it would be a simple matter to use 3D printing to build a model for traditional metal casting methods. But as mentioned, none of that gives you the strength of forged metal. So is there a way to combine 3D printing with casting and some sort of "generic" forging process?
3D printing is compatible with both casting and forging. 3D printing is a good way to make the initial master model for a casting mold. It can also be used to create the model from which the forging dies will be created.
As far as 3D printing replacing forging, that's a different story. The forging process itself affects the material being forged, essentially aligning the "grains" of the metal along the contours of the piece. This is what gives forged parts increased strength. At this point I don't believe we can replicate that with any known 3D printing technique.
According to Fuller, Higgins said the fraudsters were coming to the stores to buy low-denomination Safeway branded prepaid cards, and then encoding debit card accounts issued by USB onto the magnetic stripe on the backs of the prepaid cards. The thieves then used those cards to purchase additional prepaid cards with much higher values, which were then used to buy electronics and other high-priced goods from other retailers.
Dish can just pay the content producers directly and tell them to suck dick. The only one that loses here are advertisers who have to suck dick instead of forcing theirs down their subscriber's throats.
Except that content providers are under no obligation to provide that content to Dish. What happens when the content providers tell Dish to go suck it instead and cut them off completely? Those millions of viewers become thousands of viewers and Dish's revenue stream goes straight down the toilet.
You mean Macrovision? That's been around since the days of the VCR. It's always been a minor annoyance for home users, but anyone who can solder to veroboard would have no problem making a device to remove the macrovision protection. So it never really deterred pirates at all. The only people it could have worked on were those who rented tapes and made a personal copy for their collection, but weren't concerned enough to go and buy a macrovision remover. Widely available, even though quite illegal post-DMCA.
Are you sure it is illegal under the DMCA? Is there a loophole here since Macrovision was an analog technique rather than a digital technique?
Do you not see how you are outsourcing your core competency and denying your students the ability to get real world hands on experience fixing this stuff?
They are getting real world hands on experience. If you don't think they will see this happen time and time again in their IT career, think again. Maybe it will even be enlightening to some of them.
Everyone working on Linux ultimately does it to scratch their own itch, but Linux keeps getting better because of their contributions nonetheless.
I seen this as a shortcoming of FOSS. yes, developers work on whatever scratches their own itch, but that may not be what really needs worked on. Bugs can languish for months or years while developers scratch their new bright and shiny. Without market forces (or a project manager) to give development direction, what gets developed is frequently whatever strikes the developer's fancy. It's their time and they can do what they want with it. I'm just saying that more than once I have seen it be a detriment to the overall project.
Now, if they knew anything about anonymous remailers (which shouldn't be that hard, doesn't the FBI have any technical staff??) they should have known it was a useless action that just cost everyone time and money with no results...
The thing is, we have no idea what is actually on that server. It is an anonymous remailer, and in an ideal world, it has no record of what passed through it. In reality, who knows? Maybe a sysadmin was diagnosing a network problem with wireshark at the time and forgot to delete the log. Maybe they actually do log connection details. Maybe the remailer distribution has a backdoor that lets the FBI turn on logging via port knocking. The point is that despite what we all "know" about anonymous remailers, there might be something useful.
Anyway, I drilled a hole, and pushed through two 10mm pipes, connected one to a submersible aquarium pump, and connected the other ends to a watercooled server. Works really damn well actually, the tank is huge, something like 50L, and I use water faster than it heats up even when fully pegged, so the server is usually at or below ambient temps.
I hope I am reading this wrong. Are you saying that you are pumping your potable/drinking water through an aquarium pump and a server watercooling block before sending it back into the tank? Really?
If it's not MapleStory's code, it's not fucking DRM circumvention. In fact, if it's not MS code at all, Nexon has zero fucking claim.
But it was MapleStory's code that users were running.
UMaples' client, the "UMaple Launcher," allegedly bypassed the access controls in MapleStory's client software.
If they had written their own client it would have been fine. Unfortunately MapleStory's client had protection methods included and UMaple provided software that circumvented those protection methods so that users could use the official client with UMaple's servers. The infringing software was provided by UMaple and so they were liable for their actions.
Well, given that the walled garden has controls that stop someone getting at the tools, and have separate controls that prevent purchases in the first place (parental controls on iOS devices, password to AppleID needed to make purchases in the first place) then I'm not sure what the problem is?
That Apple didn't tell this guy he should have maybe enabled parental controls for in app/any purchases? That maybe he shouldn't have linked his credit card to the Apple ID his kid uses?
How is this different to some guy suing Mastercard because his kid ran up a giant bill during a spending spree if you have authorised him to make purchases on your account with no limit?
As has been pointed out numerous times in other replies, this occurred before Apple added any of that functionality to iOS. At the time this happened, there was a 15 minute grace period after entering your password where it was not required again. There wasn't a way to turn that off. The best you could do was log out of the app store after the app downloaded and installed. That assumed you were aware of the issue in the first place. While you and I are aware of the issue, we are not your typical iPod owner either.
Slashdot Mirror
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing.
As someone else mentioned in another post, physical access can be a bit of a misnomer. Technically all that is required is for a computer to be connected via the JTAG interface in order to exploit this. This might be a diagnostic computer for example. If that diagnostic computer were to be infected with a targeted payload, there is your physical access.
We do? I thought America had pretty much given up on manufacturing anything...
We seem to be churning out lawyers and MBAs at an amazing rate.
Heaven forbid artists and authors get rewarded for their creativity.
You do realize that everything on project Gutenberg is out of the governmentally imposed monopoly known as copyright, right?
Configuration Price $1,999 * 2.2GHz Quad-core Intel Core i7 * 4GB 1333MHz DDR3 SDRAM â" 2x2GB * 128GB Solid State Drive * SuperDrive 8x (DVD±R DL/DVD±RW/CD-RW) * MacBook Pro 15-inch Glossy Widescreen Display * Backlit Keyboard (English) & User's Guide * Accessory Kit
Try to leave range in the budget so that you can add AppleCare. The extended warranty and support is very nice to have.
Very few commercially available DVR systems have a skip function, usually only a fast forward function which is very irritating to use.. I'm sure this is down to pressure from operators rather than any technical reasons.
I have had Dish for 5 years or so and my DVR system has a 30sec skip forward. Needless to say, that was the first button to have its label worn off.
Like a beautiful woman, you have to chase it... No, I didn't really say that.
I believe the technical term is stalking.
I haven't heard all that much about profiling from them.
Just because you haven't heard about it does not mean that it isn't happening.
Funny how people will defend Google for taking publicly available information from unsecured wifi
Because Google is not the government. Despite what some people think about corporations and the government these days, Google does not have the ability to deprive you of your life or your freedom. The Government on the other hand can and does these days. Big difference.
Or enable encryption on your torrent. Most torrent clients have an option for encryption, most of the time it's set to 'prefer encryption' but you can set it to 'require encryption'
What would that accomplish? The MAFIAA is not capturing your packets and analyzing them to see what you are transferring. They are one of the clients that you are seeding to. Once they download the song and capture your IP address, the start the paperwork. There are solutions to this, but encryption of your data stream is not one of them.
Exactly. It's obvious that e.g. distances between stations can't be too short or too long. And obviously the structure is determined by the structure of the city, the distribution of its population and their destinations. And subway planners might also have taken a look at solutions in other cities. I think I'm going to do a study on mathematical properties of articles in the Journal of the Royal Society Interface. I will of course assume that such articles are self-organizing, and arrive at the surprising conclusion that they're all made up of words; I might even find that some words are much more frequent than others, despite there being so many opportunities in so many different pieces of text. I expect this conclusion to reach Slashdot in due time...
Slow down there cowboy! First you need to secure a grant...
Seems to me that it would be a simple matter to use 3D printing to build a model for traditional metal casting methods. But as mentioned, none of that gives you the strength of forged metal. So is there a way to combine 3D printing with casting and some sort of "generic" forging process?
3D printing is compatible with both casting and forging. 3D printing is a good way to make the initial master model for a casting mold. It can also be used to create the model from which the forging dies will be created.
As far as 3D printing replacing forging, that's a different story. The forging process itself affects the material being forged, essentially aligning the "grains" of the metal along the contours of the piece. This is what gives forged parts increased strength. At this point I don't believe we can replicate that with any known 3D printing technique.
According to Fuller, Higgins said the fraudsters were coming to the stores to buy low-denomination Safeway branded prepaid cards, and then encoding debit card accounts issued by USB onto the magnetic stripe on the backs of the prepaid cards. The thieves then used those cards to purchase additional prepaid cards with much higher values, which were then used to buy electronics and other high-priced goods from other retailers.
Yes, apparently you missed something.
Dish can just pay the content producers directly and tell them to suck dick. The only one that loses here are advertisers who have to suck dick instead of forcing theirs down their subscriber's throats.
Except that content providers are under no obligation to provide that content to Dish. What happens when the content providers tell Dish to go suck it instead and cut them off completely? Those millions of viewers become thousands of viewers and Dish's revenue stream goes straight down the toilet.
You mean Macrovision? That's been around since the days of the VCR. It's always been a minor annoyance for home users, but anyone who can solder to veroboard would have no problem making a device to remove the macrovision protection. So it never really deterred pirates at all. The only people it could have worked on were those who rented tapes and made a personal copy for their collection, but weren't concerned enough to go and buy a macrovision remover. Widely available, even though quite illegal post-DMCA.
Are you sure it is illegal under the DMCA? Is there a loophole here since Macrovision was an analog technique rather than a digital technique?
Do you not see how you are outsourcing your core competency and denying your students the ability to get real world hands on experience fixing this stuff?
They are getting real world hands on experience. If you don't think they will see this happen time and time again in their IT career, think again. Maybe it will even be enlightening to some of them.
Everyone working on Linux ultimately does it to scratch their own itch, but Linux keeps getting better because of their contributions nonetheless.
I seen this as a shortcoming of FOSS. yes, developers work on whatever scratches their own itch, but that may not be what really needs worked on. Bugs can languish for months or years while developers scratch their new bright and shiny. Without market forces (or a project manager) to give development direction, what gets developed is frequently whatever strikes the developer's fancy. It's their time and they can do what they want with it. I'm just saying that more than once I have seen it be a detriment to the overall project.
Now, if they knew anything about anonymous remailers (which shouldn't be that hard, doesn't the FBI have any technical staff??) they should have known it was a useless action that just cost everyone time and money with no results...
The thing is, we have no idea what is actually on that server. It is an anonymous remailer, and in an ideal world, it has no record of what passed through it. In reality, who knows? Maybe a sysadmin was diagnosing a network problem with wireshark at the time and forgot to delete the log. Maybe they actually do log connection details. Maybe the remailer distribution has a backdoor that lets the FBI turn on logging via port knocking. The point is that despite what we all "know" about anonymous remailers, there might be something useful.
I'd have sympathy for Sony if they didn't, for example, put DRM on their media and play format shenanigans.
And the rootkits. Never forget the rootkits!
Would it be better to track down and eliminate existing terrorism plots and cells, or to manufacture your own and take those down instead?
They haven't been able to find any, so they had to make their own otherwise people might start to ask questions.
Anyway, I drilled a hole, and pushed through two 10mm pipes, connected one to a submersible aquarium pump, and connected the other ends to a watercooled server. Works really damn well actually, the tank is huge, something like 50L, and I use water faster than it heats up even when fully pegged, so the server is usually at or below ambient temps.
I hope I am reading this wrong. Are you saying that you are pumping your potable/drinking water through an aquarium pump and a server watercooling block before sending it back into the tank? Really?
OTOH, you could create something without a brain, ...
They already have this. They're called Political Science majors.
for say a sheared admin...
Is that what you get when you shave off his beard?
If it's not MapleStory's code, it's not fucking DRM circumvention. In fact, if it's not MS code at all, Nexon has zero fucking claim.
But it was MapleStory's code that users were running.
UMaples' client, the "UMaple Launcher," allegedly bypassed the access controls in MapleStory's client software.
If they had written their own client it would have been fine. Unfortunately MapleStory's client had protection methods included and UMaple provided software that circumvented those protection methods so that users could use the official client with UMaple's servers. The infringing software was provided by UMaple and so they were liable for their actions.
Well, given that the walled garden has controls that stop someone getting at the tools, and have separate controls that prevent purchases in the first place (parental controls on iOS devices, password to AppleID needed to make purchases in the first place) then I'm not sure what the problem is?
That Apple didn't tell this guy he should have maybe enabled parental controls for in app/any purchases? That maybe he shouldn't have linked his credit card to the Apple ID his kid uses?
How is this different to some guy suing Mastercard because his kid ran up a giant bill during a spending spree if you have authorised him to make purchases on your account with no limit?
As has been pointed out numerous times in other replies, this occurred before Apple added any of that functionality to iOS. At the time this happened, there was a 15 minute grace period after entering your password where it was not required again. There wasn't a way to turn that off. The best you could do was log out of the app store after the app downloaded and installed. That assumed you were aware of the issue in the first place. While you and I are aware of the issue, we are not your typical iPod owner either.
Samuel Johnson, the Merriams and Noah Webster can be heard spinning at very high revolutions.
Maybe we could hook their corpses to a generator. The way Slashdot is going, we could probably power a small city!