Exactly. The only reason this sort of thing didn't used to happen more often is because people never had access to a platform where they could share their racist feelings so widely and easily with others. But now we have Facebook and other social media platforms so it's trivial to post something that can easily be read by Harvard admissions.
That is a legitimate attack, of course it can be more easily protected against then it can be exploited. Gzip compression (and tweaking the settings behind the compression per stream) of streams or padding with junk data in either direction can be used to adjust sizes of resources.
Also a slight technical correction, a client can make multiple requests per stream. But that does not affect your concern.
You do realize Google recently updated its Play Store developer EULA to ban apps that download and run binaries from non-Google Play Store locations, right? That will seal this hole. Sounds like Google is cracking down to me.
Chrome will run in the background if a) the visible checkbox on the Settings page to run in the background is ticked b) you installed extensions that have background functionality and c) you didn't specifically close Chrome with the Exit command, but instead closed the visible windows which still allows the aforementioned background functionality to happen.
This can happen with any browser if you configure it right. Once Chrome downloads the file it is in no way part of the process... depending on how exactly the SCF file works it might be considered a Windows bug and Microsoft's responsibility to fix (I didn't look at it too closely). Google will fix this on their end by blacklisting SCF files as dangerous to download, which they already do for many suspicious file types that you typically wouldn't be downloading. This will result in a warning prompt if you try to download such a file which requires a few extra clicks to override.
Generally you are pwned in that way if you're connecting your PC directly to the internet with no hardware firewall or router which I suspect is pretty rare. Other than setting your router to DMZ mode (which might as well be called "PLEASE HACK ME" mode) as long as you have a router you generally don't get hacked that way. Typically the user has to initiate some action that gets them hacked, though it can be as innocent as opening an e-mail or loading a website they trust. I would say as long as you don't really start to use the internet until your patches are up to date the risk is pretty low.
That said you should keep up with patches in the first place. Windows does it for you and there's usually never a good reason to stop it.
That has the same problems as letting people set their own passwords... the passcode will likely not change between flights anyway and is probably going to be easy to guess like 1111 or 1234. And unlike with passwords a 4-digit PIN is difficult to enforce good password practice with because the key space is so small.
You would probably have to directly plug your PC into your ISP's connection as opposed to using a router of which any decent model should block unsolicited incoming traffic by default.
I would say that's fine (if you can find an example of such a position... my salaried position requires me to work 40 hours a week, or more if the company decides I need to, without any compensation for hours 40-45 and 1x time for over 45. When I was working hourly through a contractor I had a better deal in terms of overtime compensation, 1.5x for anything over 40). However that person shouldn't be working on their personal projects using company resources, so if they are done with their job they should be at home, and then no one should care what they are doing.
I'm not sure if you're trying to meme or something, but the hosts file overrides how specific domain names get mapped to IP addresses. So as long as an app is trying to connect to a domain name (as opposed to directly to an IP address) you can easily reroute it elsewhere or outright break it.
Should also add that it's a bit more fair than I made it sound, since the high-lag player can still be hit "around corners" too since the main factor in seeing such lag compensation side effects is the delta ping between two players, rather than direct ping to the server. In general the lag compensation system I described is said to favor attackers because of such side effects, and because the lag compensation itself tends to be applied to attacks.
Any decent game will have lag compensation, so the server allows the player's reaction to (approximately) what they saw on their screen at the time they saw it to apply.
For example, let's say two players shoot a killing shot at each other at exactly the same time. With a typical game the 200 ping player's action would be delayed enough for a low-ping player to kill before the server receives the "shoot" action from the high ping player. The high ping player fires at the other guy who takes no damage and the game eventually receives the "you died" message (in reality, the high ping player never fired since he died first). With lag compensation, the server can see the player with high ping fired when he was still alive, according to his lag, and can do damage to the low-ping player, resulting in both players killing eac other. In some cases such systems can favor high-ping players, as low-ping players will see side effects such as bullets seeming to bend around corners to hit them (as the high-ping player hit them before they rounded the corner, from their point of view), while low-ping players will see less benefits from lag compensation themselves. But overall things are more fair than without lag compensation I think,and really weird lag compensation side effects are thankfully rare.
I loaded it into a VirtualBox Ubuntu 16.04 VM and ran into two problems. 1. is it doesn't properly start its background service after install. Once you start it the app will start up and display the list of Android apps. However launching one of these segfaults the whole thing.
Wait, it uses an online API? So if my computer is infected and I take it offline to disinfect and I use their product, what happens? Doesn't sound promising.
There's another reason why it's not really workable... it requires a unique solution for each movie. Building a more general solution that can be applied to all movies would be a better use of resources.
OK, Burger King had their fun. Google said play time is over and put an end to it.
Maybe before one could easily see it as light hearted fun, but I think now it is officially crossed over the line into harassment of Google Home users. I am not sure how fast Google will escalate their responses, but if Burger King keeps continuing on this path I can't help but wonder if Google will start legal action to get the commercial taken down. I am sure there is a legal option in here somewhere.
I imagine Google's next step would be to block the specific voice clip again, and probably make a public statement warning of their next steps if this continues. They may block queries about the Whooper, alerting users of Burger King's abuse of Google Home systems in conjunction with whoever is airing the ad, and (I would love this if they do) providing links to resources to legal services that compete with TV (Netflix, etc).
If nothing short of legal action is ultimately working, they may sue whoever is running the ad to get them to take it down. Google is their trademark and it's being used in the commercial, and it is being used to harass Google users, there has to be some legal ground there Google can use. And if there's any violation of copyright involved, the DMCA would provide an easy way to get the commercial taken down (assuming the DMCA can be used for more than taking down fair use YouTube videos).
Sounds like you can't, but that is something that can already be done so we will likely see Google integrating it more into future devices. I am surprised they haven't done so already since it would allow them to track queries per user for more precise data mining.
Google can already do strict voice recognition, so I expect in the near future newer devices will have this enabled all the time by default to prevent things like this... also, so they can tie queries to specific people for data mining purposes, of course.
Slashdot Mirror
No idea why, but the 64-bit Hololens runs 32-bit Windows. (Though the ability to run 16-bit applications is probably more important.)
Exactly. The only reason this sort of thing didn't used to happen more often is because people never had access to a platform where they could share their racist feelings so widely and easily with others. But now we have Facebook and other social media platforms so it's trivial to post something that can easily be read by Harvard admissions.
What if you combine the idea of flying cars with self-driving cars? I think that could work as long as the driver has no direct manual control.
That is a legitimate attack, of course it can be more easily protected against then it can be exploited. Gzip compression (and tweaking the settings behind the compression per stream) of streams or padding with junk data in either direction can be used to adjust sizes of resources.
Also a slight technical correction, a client can make multiple requests per stream. But that does not affect your concern.
You do realize Google recently updated its Play Store developer EULA to ban apps that download and run binaries from non-Google Play Store locations, right? That will seal this hole. Sounds like Google is cracking down to me.
Chrome will run in the background if a) the visible checkbox on the Settings page to run in the background is ticked b) you installed extensions that have background functionality and c) you didn't specifically close Chrome with the Exit command, but instead closed the visible windows which still allows the aforementioned background functionality to happen.
Makes sense to me.
This can happen with any browser if you configure it right. Once Chrome downloads the file it is in no way part of the process... depending on how exactly the SCF file works it might be considered a Windows bug and Microsoft's responsibility to fix (I didn't look at it too closely). Google will fix this on their end by blacklisting SCF files as dangerous to download, which they already do for many suspicious file types that you typically wouldn't be downloading. This will result in a warning prompt if you try to download such a file which requires a few extra clicks to override.
Generally you are pwned in that way if you're connecting your PC directly to the internet with no hardware firewall or router which I suspect is pretty rare. Other than setting your router to DMZ mode (which might as well be called "PLEASE HACK ME" mode) as long as you have a router you generally don't get hacked that way. Typically the user has to initiate some action that gets them hacked, though it can be as innocent as opening an e-mail or loading a website they trust. I would say as long as you don't really start to use the internet until your patches are up to date the risk is pretty low.
That said you should keep up with patches in the first place. Windows does it for you and there's usually never a good reason to stop it.
That has the same problems as letting people set their own passwords... the passcode will likely not change between flights anyway and is probably going to be easy to guess like 1111 or 1234. And unlike with passwords a 4-digit PIN is difficult to enforce good password practice with because the key space is so small.
It may be free for personal use, but in a commercial or educational environment it may require a license,
You would probably have to directly plug your PC into your ISP's connection as opposed to using a router of which any decent model should block unsolicited incoming traffic by default.
Then it's simply a matter of having Tor prefer exit nodes in countries outside of your own in order to counter this threat.
I would say that's fine (if you can find an example of such a position... my salaried position requires me to work 40 hours a week, or more if the company decides I need to, without any compensation for hours 40-45 and 1x time for over 45. When I was working hourly through a contractor I had a better deal in terms of overtime compensation, 1.5x for anything over 40). However that person shouldn't be working on their personal projects using company resources, so if they are done with their job they should be at home, and then no one should care what they are doing.
I'm not sure if you're trying to meme or something, but the hosts file overrides how specific domain names get mapped to IP addresses. So as long as an app is trying to connect to a domain name (as opposed to directly to an IP address) you can easily reroute it elsewhere or outright break it.
Windows binaries can contain embedded images. For example, the start button is an embedded image you can dump from explorer.exe.
Should also add that it's a bit more fair than I made it sound, since the high-lag player can still be hit "around corners" too since the main factor in seeing such lag compensation side effects is the delta ping between two players, rather than direct ping to the server. In general the lag compensation system I described is said to favor attackers because of such side effects, and because the lag compensation itself tends to be applied to attacks.
Any decent game will have lag compensation, so the server allows the player's reaction to (approximately) what they saw on their screen at the time they saw it to apply.
For example, let's say two players shoot a killing shot at each other at exactly the same time. With a typical game the 200 ping player's action would be delayed enough for a low-ping player to kill before the server receives the "shoot" action from the high ping player. The high ping player fires at the other guy who takes no damage and the game eventually receives the "you died" message (in reality, the high ping player never fired since he died first). With lag compensation, the server can see the player with high ping fired when he was still alive, according to his lag, and can do damage to the low-ping player, resulting in both players killing eac other. In some cases such systems can favor high-ping players, as low-ping players will see side effects such as bullets seeming to bend around corners to hit them (as the high-ping player hit them before they rounded the corner, from their point of view), while low-ping players will see less benefits from lag compensation themselves. But overall things are more fair than without lag compensation I think ,and really weird lag compensation side effects are thankfully rare.
at the moment.
I loaded it into a VirtualBox Ubuntu 16.04 VM and ran into two problems. 1. is it doesn't properly start its background service after install. Once you start it the app will start up and display the list of Android apps. However launching one of these segfaults the whole thing.
Actually the Windows command is "mountvol".
It probably translates all the Linux calls into Windows calls straight into Windows' NTFS driver. So, probably not useful for what you're thinking.
Wait, it uses an online API? So if my computer is infected and I take it offline to disinfect and I use their product, what happens? Doesn't sound promising.
There's another reason why it's not really workable... it requires a unique solution for each movie. Building a more general solution that can be applied to all movies would be a better use of resources.
OK, Burger King had their fun. Google said play time is over and put an end to it.
Maybe before one could easily see it as light hearted fun, but I think now it is officially crossed over the line into harassment of Google Home users. I am not sure how fast Google will escalate their responses, but if Burger King keeps continuing on this path I can't help but wonder if Google will start legal action to get the commercial taken down. I am sure there is a legal option in here somewhere.
I imagine Google's next step would be to block the specific voice clip again, and probably make a public statement warning of their next steps if this continues. They may block queries about the Whooper, alerting users of Burger King's abuse of Google Home systems in conjunction with whoever is airing the ad, and (I would love this if they do) providing links to resources to legal services that compete with TV (Netflix, etc).
If nothing short of legal action is ultimately working, they may sue whoever is running the ad to get them to take it down. Google is their trademark and it's being used in the commercial, and it is being used to harass Google users, there has to be some legal ground there Google can use. And if there's any violation of copyright involved, the DMCA would provide an easy way to get the commercial taken down (assuming the DMCA can be used for more than taking down fair use YouTube videos).
Sounds like you can't, but that is something that can already be done so we will likely see Google integrating it more into future devices. I am surprised they haven't done so already since it would allow them to track queries per user for more precise data mining.
Google can already do strict voice recognition, so I expect in the near future newer devices will have this enabled all the time by default to prevent things like this... also, so they can tie queries to specific people for data mining purposes, of course.