One other thing they could do would be a unique barcode or other machine-readable sequence on each pod, and then have the machine phone home to make sure that the code is valid and hasn't been used before. Any word on whether 2.0 requires an Internet connection?
The great thing about that idea is that slashdot'ers could systematically disable all of the real pods:-)
True. One of the comments in TFA mentioned that this could be used for bank/credit card phishing. I thought that was an important insight to note. I think you'd get even more people blindly calling their bank based on a number on Google Local, and one could listen in and get all sorts of card numbers, social security numbers, secret passcodes, etc.
The cheapest Tesla can be had after credits for about 60 grand. It's just that most people don't want the small 40kWh (software limited 60kWh) battery.
It *could* be had for that amount. The 40kWh model was only really "available" for a few days. A few hundred people were grandfathered in.
3) absolutely no use of of malloc or free. it could lead to stack overflows.
Hate to be nit-picky here, but that's not true. It's a great idea to not use malloc() in a real-time application, for reasons of performance. But it can't overflow the stack.
Unless you call it recursively:-)
2) absolutely no local variables. it could lead to stack overflows.
I think it would be pretty hard to overflow the stack by use of local variables. I mean it's easy to cause, but you'd pretty much always see it if you've even tested the program once. The best reason I can think of for not using local variables is that globals are easier to debug.
1) absolutely no recursion. it could lead to stack overflows.
This should be rule number one for this type of application.
the Dutch championships are a good enough place to tell whether it's positive or negative
And I'm sure if there was a problem there people would have been complaining that they were used when they were "untested". To some US competitors those *were* the Olympics.
Also, if you believe that people play harder in competition (creating a better test), then you probably believe that people play harder in the Olympics, so the Dutch championships still wouldn't have been a good enough test.
I am more inclined to believe that there were issues even during testing in practice, as some have said.
The bill doesn't specify the technology (according to TFA). I would assume this would be implemented using the "push" mechanism (which is actually "pull", in reality). At the same time it checks for alerts, the device would check for the kill "signal". This mechanism would be controlled by the carrier or OS provider, and shouldn't be vulnerable in this way.
Well, not to state the obvious, but you could actually not do the crime!
I guess there's no point in even having a trial?
Contrary to popular opinion, its not too hard to go about your life without attracting any police attention.
Happens every day. The odds of it happening to a particular individual may be pretty low, but when you beat those odds, you'll probably argue for the rules of justice to be followed.
If I can't sing along with my friends on a phone call the connection is too laggy and the delay is going to adversely affect my conversation. I fear that this news will lead to the end of my sing-alongs, which means awkward, interruption-filled conversations (as mentioned by others).
The criminal doesn't care, as long as their goal is met (get a valid card - it doesn't have to be yours). If we're talking about "invalid" data, then we need some mechanism to validate the generated data before it's returned.
If you are worried about a random credit card generating algorithm generating real credit card numbers via this method, you should be just as worried about attackers using the same random number generator on their own!
The BIG problem with living in NYC is the amount of money you need. If you have $100 million in the bank or a job that pays $250k a year, your life style here is sweet (and completely unmatched anywhere else in the world).
Hmm...I think I'll opt for the $100 million in the bank.
I believe you'd only need a microcell or two for something like this, assuming it's a smallish area. Looks like the people are pretty densely situated.
The NY Times reports that the "Ukrainian government used telephone technology to pinpoint the locations of cell phones in use near clashes between riot police officers and protesters early on Tuesday."
The NY Times does not say that at all. It does say what the summary says. According to the NYT, The carriers claim that they did not give location data to the government, and that a "pirate cell tower" was used.
So when someone has "changed their mind", strap people down on an operating table by force and anesthetize them? I guess we have precedent with the existing death penalty here.
I agree that this is extremely questionable. The link above puts it well. Plus, these days, it would be really hard and take a lot of work for someone to put their refrigerator DMZed directly on the Internet, as opposed to being NATed. Nearly impossible to do from the home. And if it was NATed and a single port was forwarded for the web server, there is no way Proofpoint could determine that this is where the 10 e-mail messages came from. It could have come from anywhere else on the LAN.
My mother speaks just as loudly when she is on her celluar phone as when she is on her land-line phone. (She has a land-line phone because she lives in a bowl in BFE and does not have cell reception at her house.)
A good gut check for your theory would be to ask yourself if kids who have never used a land-line phone speak loudly into their cellular phones. If the answer is often yes, then your theory is wrong.
Please come up with some other folk-wisdom explanation for the phenomenon.
The real question is whether or not these same kids speak more loudly into their mobile phones than when then are gabbing with their friends, for which there is no ban request. And in my experience, it's just as loud.
Also, I *did* say that it was "part of the problem", not the whole problem, and I suggested education in addition to technology.
Philosophically speaking, it doesn't make sense to ban people talking on the phone and not ban people talking to the person next to them. I've never heard anyone asking the FCC (or slightly more reasonably the FAA) to regulate the volume people can speak on the plane.
Practically speaking, people tend to speak more loudly when they are speaking on the phone. Normally, this is not necessary. Part of the problem is that unlike landlines (remember them?), you don't get the feedback in the earpiece of your own voice when you're speaking on a mobile phone. Psychologically, this creates a desire to "speak up". This could be helped immensely big changing the way the hardware works.
You could also require the use of some sort of external headset that provides feedback and eliminates background noise better than the existing phones.
Most importantly, educating people that they don't need to speak that loudly into mobile phones could go a long way. And not only on airplanes.
I believe MSMQ is used in banking a lot, and I wouldn't be surprised if it is used in ATMs, due to its robustness. AFAIK, there is no *NIX port for it.
First, there's no question that this is an example of a horrible design, and a security flaw that should be fixed.
But the article is way over-the-top. It talks about "credit card numbers", pretty much implying that they are in clear text (TFA, not the actual report). Credit card numbers are not stored in clear text, nor would the clear text credentials give you access to the credit card numbers.
Also, this is really an article about bypassing the lock code, and nothing else. Physical access to a computer (phone) can eventually get you more sensitive stuff than a cup of coffee.
Slashdot Mirror
One other thing they could do would be a unique barcode or other machine-readable sequence on each pod, and then have the machine phone home to make sure that the code is valid and hasn't been used before. Any word on whether 2.0 requires an Internet connection?
The great thing about that idea is that slashdot'ers could systematically disable all of the real pods :-)
True. One of the comments in TFA mentioned that this could be used for bank/credit card phishing. I thought that was an important insight to note. I think you'd get even more people blindly calling their bank based on a number on Google Local, and one could listen in and get all sorts of card numbers, social security numbers, secret passcodes, etc.
The cheapest Tesla can be had after credits for about 60 grand. It's just that most people don't want the small 40kWh (software limited 60kWh) battery.
It *could* be had for that amount. The 40kWh model was only really "available" for a few days. A few hundred people were grandfathered in.
3) absolutely no use of of malloc or free. it could lead to stack overflows.
Hate to be nit-picky here, but that's not true. It's a great idea to not use malloc() in a real-time application, for reasons of performance. But it can't overflow the stack.
Unless you call it recursively :-)
2) absolutely no local variables. it could lead to stack overflows.
I think it would be pretty hard to overflow the stack by use of local variables. I mean it's easy to cause, but you'd pretty much always see it if you've even tested the program once. The best reason I can think of for not using local variables is that globals are easier to debug.
1) absolutely no recursion. it could lead to stack overflows.
This should be rule number one for this type of application.
the Dutch championships are a good enough place to tell whether it's positive or negative
And I'm sure if there was a problem there people would have been complaining that they were used when they were "untested". To some US competitors those *were* the Olympics.
Also, if you believe that people play harder in competition (creating a better test), then you probably believe that people play harder in the Olympics, so the Dutch championships still wouldn't have been a good enough test.
I am more inclined to believe that there were issues even during testing in practice, as some have said.
The U.S. team wore the suits in the past month for simulated race conditions, but the Games marked the first time in competition.
So there's a perfect example of an American racing in untested gear.
So where should they have tested them? In competition? I hope not without testing them in competition before that!
The bill doesn't specify the technology (according to TFA). I would assume this would be implemented using the "push" mechanism (which is actually "pull", in reality). At the same time it checks for alerts, the device would check for the kill "signal". This mechanism would be controlled by the carrier or OS provider, and shouldn't be vulnerable in this way.
Should mention that I'm against it, though!
Well, not to state the obvious, but you could actually not do the crime!
I guess there's no point in even having a trial?
Contrary to popular opinion, its not too hard to go about your life without attracting any police attention.
Happens every day. The odds of it happening to a particular individual may be pretty low, but when you beat those odds, you'll probably argue for the rules of justice to be followed.
If I can't sing along with my friends on a phone call the connection is too laggy and the delay is going to adversely affect my conversation. I fear that this news will lead to the end of my sing-alongs, which means awkward, interruption-filled conversations (as mentioned by others).
The criminal doesn't care, as long as their goal is met (get a valid card - it doesn't have to be yours). If we're talking about "invalid" data, then we need some mechanism to validate the generated data before it's returned.
If you are worried about a random credit card generating algorithm generating real credit card numbers via this method, you should be just as worried about attackers using the same random number generator on their own!
The BIG problem with living in NYC is the amount of money you need. If you have $100 million in the bank or a job that pays $250k a year, your life style here is sweet (and completely unmatched anywhere else in the world).
Hmm...I think I'll opt for the $100 million in the bank.
I believe you'd only need a microcell or two for something like this, assuming it's a smallish area. Looks like the people are pretty densely situated.
TFA say:
The NY Times reports that the "Ukrainian government used telephone technology to pinpoint the locations of cell phones in use near clashes between riot police officers and protesters early on Tuesday."
The NY Times does not say that at all. It does say what the summary says. According to the NYT, The carriers claim that they did not give location data to the government, and that a "pirate cell tower" was used.
Oh, that's funny. I was thinking about live donors of kidneys. Nevermind. I agree.
By law ?
So when someone has "changed their mind", strap people down on an operating table by force and anesthetize them? I guess we have precedent with the existing death penalty here.
=snip=
The solution is to create a donor list: if you are on the list you will receive organs before none donors in the event you need one
=snip=
And how do you enforce this "pledge"? I think the percentage of welchers might be a bit higher than the local PBS station gets.
I agree that this is extremely questionable. The link above puts it well. Plus, these days, it would be really hard and take a lot of work for someone to put their refrigerator DMZed directly on the Internet, as opposed to being NATed. Nearly impossible to do from the home. And if it was NATed and a single port was forwarded for the web server, there is no way Proofpoint could determine that this is where the 10 e-mail messages came from. It could have come from anywhere else on the LAN.
My mother speaks just as loudly when she is on her celluar phone as when she is on her land-line phone. (She has a land-line phone because she lives in a bowl in BFE and does not have cell reception at her house.)
A good gut check for your theory would be to ask yourself if kids who have never used a land-line phone speak loudly into their cellular phones. If the answer is often yes, then your theory is wrong.
Please come up with some other folk-wisdom explanation for the phenomenon.
The real question is whether or not these same kids speak more loudly into their mobile phones than when then are gabbing with their friends, for which there is no ban request. And in my experience, it's just as loud.
Also, I *did* say that it was "part of the problem", not the whole problem, and I suggested education in addition to technology.
That just means you're nosey! :-)
But I'll extend my comparison to someone talking to themselves. There's no rule against that either.
Philosophically speaking, it doesn't make sense to ban people talking on the phone and not ban people talking to the person next to them. I've never heard anyone asking the FCC (or slightly more reasonably the FAA) to regulate the volume people can speak on the plane.
Practically speaking, people tend to speak more loudly when they are speaking on the phone. Normally, this is not necessary. Part of the problem is that unlike landlines (remember them?), you don't get the feedback in the earpiece of your own voice when you're speaking on a mobile phone. Psychologically, this creates a desire to "speak up". This could be helped immensely big changing the way the hardware works.
You could also require the use of some sort of external headset that provides feedback and eliminates background noise better than the existing phones.
Most importantly, educating people that they don't need to speak that loudly into mobile phones could go a long way. And not only on airplanes.
I believe MSMQ is used in banking a lot, and I wouldn't be surprised if it is used in ATMs, due to its robustness. AFAIK, there is no *NIX port for it.
AFIAK, the website doesn't allow you to retrieve your credit card; just change it.
First, there's no question that this is an example of a horrible design, and a security flaw that should be fixed.
But the article is way over-the-top. It talks about "credit card numbers", pretty much implying that they are in clear text (TFA, not the actual report). Credit card numbers are not stored in clear text, nor would the clear text credentials give you access to the credit card numbers.
Also, this is really an article about bypassing the lock code, and nothing else. Physical access to a computer (phone) can eventually get you more sensitive stuff than a cup of coffee.
There is a case for negligence
Not if there are no damages. I don't see anything about anyone losing money yet.
I would mod *you* up if I could, but I guess we're in the same boat now (having mod points but having posted) :-)