My opinion would have been a heck of a lot more useful for Microsoft to roll out a versioning file system. That would have provided more value to customers and end up being way more useful in every way vs piling on new access control regimes and expecting people to use it for real this time.
Would be interesting to hear what if anything prevents an attacker from modifying search path environment variables or user registry or CLI parameters to convince software to load custom add-on haxor.dll's and then launch a trusted program. Unlike DLL injection this does not require any elevated privileges. Does the system keep track of all of an applications possible dependencies? If a software program dynamically loads a new DLL in response to user action such as enabling a new feature within the software does Windows flash an alert and ask the user if it's ok? If so what percentage of users are likely to be qualified to even begin to provide a coherent response?
What's a few million general purpose CPUs with no access to advanced instructions or GPUs compared to a rack of custom ASICs? How is this anything but a passing fad with rapidly diminishing returns?
I think TFA's assertions are a bit stupid on their face. They are essentially saying "it's not something you have" because it can be reduced to an underlying secret key required to be guarded.
This begs the question what physical factor can possibly exist which at its core does not effectively guard a secret from unwanted disclosure? Guarding secrets is the way ALL "what you have" schemes without exception operate. You can take issue with an implementation or judge relative quality yet to say it's not "something you have" is not a real argument. It doesn't convey any useful information.
In my view the only meaningful way to address large scale credential breaches is decoupling authentication from applications. There should be separate physically secured systems with no other function except to perform authentication and provide evidence of outcomes to application servers. Application servers can store and jungle all the credentials they want... They just can't ever be placed in a position to EVER reason about their meaning or validity.
On the front end people need to stop using PKI to protect clear text passwords and clear text one time codes. When you use a secure authentication protocol the risks associated with information disclosure as a result of authentication are significantly reduced. A secure authentication protocol would for example prevent a customer of realbank.money from being owned as a result of handing their 2FA data to fakebank.money. PKI on the other hand offers no such protection because fakebank.money is just as capable of obtaining a valid certificate as realbank.money and adds completely unnecessary dependencies to the attack tree of the system.
I've been hearing about Kobe on English language broadcasts for a while. One constant throughout is a complete lack of contextual information.
We all know they "Falsified data" on strength and durability of aluminum and copper... what does this mean in real terms?. Did they just check the "A-OK" box and fill in fake data without bothering to run the tests? Did they run the tests and then knowingly alter results? What is the difference between what they reported and actual conditions of materials sold? What is the risk? I would be most interested in any references that address these basic questions.
So far every downstream manufacturer who has looked into this has not been able to find anything wrong or at least they are not admitting it publically.
We ARE the product, and short of bloody revolution there's SFA we can do about it. Time to open that Facebook account I guess - the war has been lost, so I may as well get as much value as I can out of our corporate overlords in return for them raping my privacy.
If it were really so hopeless why would cell companies bother trying to scrub the evidence from the Internet? They were obviously AFRAID of something.
Do you not get a monthly bill from your cellular provider? You could just not pay it and instead take your business elsewhere. Consumers have all of the power in the world to affect change... assuming they are sufficiently motivated to get off their assess and stop crying about something they have the power to change.
Besides creating overlay networks on top of IP is trivially easy. You could for example run TOR on your mobile or find/create a VPN service you have some reason to trust.
It has never been easier for people all over the world to communicate privately. There has never been a time where so much source code and tools necessary to run, modify and create every aspect of modern computers and sophisticated cryptography have been freely available to anyone wishing to pursuit them. Bandwidth and computers have never been cheaper or more available. How much easier does it have to get?
Doesn't work that way... you claim that they are guilty, it's on you to prove it.
I've made no claims. I'm not going around proclaiming either guilt or innocence. I've simply made a judgment based on what I know of publically available information I believe this more likely than not to be a deliberate act.
You are free to evaluate the same data and come to different conclusions. I am willing to re-evaluate my position if specific technical data is made available.
As for why a working digitizer stops working after an upgrade? Simple... The easiest explanation is a change in the code that drives that piece of hardware. This change might have been done to improve precision, improve power consumption or any other innocent reason.
No doubt both nefarious and innocent possibilities exist. I don't have the requisite information to determine either the specific reason for failure or whether it was done deliberately or not.
I can't blame Apple for this, the blame is on the maker of the 3rd party hardware, he obviously didn't do his homework but tried to sell his product as '100% compatbile' while it isn't.
Do you have specific evidence establishing this was based on technical incompatibility vs. some kind of deliberate signature check intended to disable non-genuine replacement parts? If so please share.
I don't doubt that people on the left also fall for this sort of thing now and again too, by the way. I'm not partisan on this, I'm just against this kind of state level subversion of western societies.
When I hear someone crying about Russian influence I'm lead to wonder what the same people think of AIPAC and associated organized sophisticated Israeli propaganda campaigns in this country. Do they find them equally outrageous?
Is the outrage sourced from the concept of subversion/interference or is it based mostly on the content of the message? e.g. I don't like what your doing so I'll use foreign aspect to justify and amplify my displeasure...
Of course the flip side is I am indifferent to or support what your doing so I'm willing to completely ignore foreign aspects of your influence campaign.
I'm not offering an opinion on the underlying "Russia" issue yet I strongly suspect a lot of what ticks people off about Russia is in fact the underlying message not foreign subversion.
Look at how often BLM are labelled terrorists right here.
Well see there is actually.. uh... tape of BLM protesters saying and doing the nicest things. "What do we want?"... many lovely answers to that question can be found with 10 seconds of your time on YouTube and be seen and heard with your own eyes. It can't ALL be explained away by foreign intervention and associated propaganda. At least some of it is earned.
There's huge distance between a firmaware driven device with serial communication protocols of incredible complexity and a coffee filter. I don't think it's reasonable to expect apple to support every possible emulation of it's API. I can't think of any cas ein the history of modern community where a clean room emulation had 100% bit compatibility with the original. WHy would you expect a non compatible screen to maintain it's compatibility as the OS changed.
WHy would one expect a previously working digitizer to stop working and become "incompatible" due to a software update?
Either Apple explains in detail what innocent change they made causing the incompatibility OR I'll just assume what is obvious to me given their prior track record.
I can't really say what apple is or isn't doing but I'm quite sure you can't either.
Exactly. You can never tell for sure even when it's obvious to you.. Even when a deliberate decision becomes toxic and they back away from it with laughable doublespeak there is always plausible deniability.
In the real world we all have to live and make decisions in a world with incomplete information out of necessity. Our perceptions and prior track record will naturally inform whether we ASSUME it was an innocent mistake or ASSUME it was a deliberate act.
Personally I require Apple to provide technical evidence exonerating themselves before I am willing to accept the innocent explanation in this case.
This is all rather rich after the preaching from Oculus people about quality and deepest fears of proliferation of cheap knockoffs that suck and get everyone sick poisoning the well of public opinion.
After all that here Oculus is directly releasing VR gear lacking positional tracking where any head movement translates into the wearer instantly feeling like shit.
I happen to really get a kick out of VR. I'll spend hours on coaster simulators, playing descent, flying spaceships and doing crazy stunts that would sure as heck make me loose my lunch in real life. The one thing I simply will never do is put a VR display on my head lacking positional tracking. It makes me sick just thinking about it.
For Facebook, shadowy "big data", Twitter, Google, Microsoft, *Gram, Pokemon and all of the subpoena-enabled Orwellian spy shit being intentionally baked into every toaster oven on the planet.
Troves of new leads and capabilities previously wouldn't have possibly in their wildest dreams been able to pursuit is not enough. It will never be enough for LEA who sees their mission in a vacuum as the only consideration of import.
Each act of aggression towards tech companies offering mass communication services only drives the proliferation of decentralized alternatives run by Mr nobody and pushes key management closer to the edge. It's not possible to prevent someone who desires to do so from speaking in code or otherwise outlaw basic math. All you end up doing is making everything temporarily less secure before the tech companies role in securing communications is completely extricated from the equation.
This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws
The reason this is not a concern is because everyone else does it. Absolutely priceless reasoning.
If I had a penny for every instance of this nonsense uttered in my lifetime I would be a trillionaire.
The limit of human vision useful for discriminating useful detail is 10 degrees of arc at a resolution of 60 pixels per degree or 600 x 600 per eye.
Minor correction. 60 "pixels" per degree, not per 10 degrees.
It's often helpful to quote complete sentences rather than cutting them off mid-flight. For example if one were to improperly quote me by cutting off sentence after the word "pixels" it would be understandable for the reader to assume I meant 60 pixels per 10 degrees.
(e.g. "The limit of human vision useful for discriminating useful detail is 10 degrees of arc at a resolution of 60 pixels")
However this isn't what I said. I was misquoted and then the misquote itself was attacked.
That's not the limit. 60 is considered "normal", but the average is 80 and there are people over 100. Even then, we don't see pixels, the same way we don't see in "frames per second". Humans can see as small as 0.0024 arc seconds. which works out to 1,500,000 "pixels" per degree, as long as there is enough contrast.
Human eyes can even detect single photons under the right conditions so there must be no limit right? 60 is a nice round generally accepted figure for reasoning about these things. You can say 60 is too low or too high but it is generally accepted to be in that ballpark. It isn't 100 or 200 or 1,000,000 in the context of TV viewing no matter what arcane tidbit one is able to cherry pick out of the ether.
The point remains very few are ever going to get anything perceptible out of these displays.
The point remains resolution is being used to further scam those with existing HD displays who are already being scammed by not even getting advertised HD quality they are currently paying for.
The area of an 8k screen where one person can perceive the added detail, but in the real world, you probably aren't the ONLY person watching the TV, nor is everyone necessarily watching the exact same part of the screen. The only solution is to maintain the highest meaningful resolution & achievable framerate needed to satisfy the most demanding aspects of foveal & peripheral vision across the entire scene, so it will look equally convincing REGARDLESS of which part somebody is looking at.
The primary message I was trying to convey with 600x600 is that human vision is mostly an illusion. I wanted the reader to understand this point. All of the figures regarding viewing distance provided are independent of the number of viewers.
It actually is possible for future displays to have the capability to present different information to different viewers including different people watching completely different content concurrently on the same display. The technology is partially already being developed for glasses-free 3D displays and future VR displays.
It's like the headphones-vs-10.2-surround debate... YOU only have 2 ears, but you aren't bolted to a single "sweet spot" in a room with flawless acoustics. Using lots of speakers in different locations enables more people in different spots to enjoy the kind of ambient surround sound that would otherwise be impossible without headphones.
It's the cheap and easy solution but hardly impossible with sensors and lots of m(a|e)th.
Microsoft is in an unfortunate position because the thing that they don't like about their platform is the thing everyone else does. A load of the old Win32 APIs are horrible designs for security and make it very difficult to impose sensible sandboxing policies post-hoc. If you want to make a secure Windows system, then the best thing to do is throw a load of that away and move to a more modern set of APIs that are designed with security in mind from the start. There's only one problem with this: most people who run Windows do so because they like their Win32 apps and want to keep using them.
In my view the only remotely tractable enforcement point for a general purpose operating system is hypervisor. Anything beyond this is a lost cause way too complex to have any hope of constraining access without expecting a steady nonstop drip of vuln after vuln.
The complexity of Win32 is completely ignorable and when considered in overall context UWP isn't much better from surface area perspective. What we need are better hypervisors, better hardware (MMU) support and more effective management schemes where the concept of access controls are de-emphasized in favor of seamless isolation.
This entirely misses the point of 8k. It's not just a resolution bump, it addresses multiple use-cases:
There is no "use-case" of sufficient utility to provide value to the vast majority of consumers in the market.
- Very large screens / projectors
Very large as in IMAX large.
Most movie theatres are still running 2k and nobody cares. Heck most movies are not even filmed in 4k.
- 120Hz native for ultra smooth, realistic motion
Most movies are currently filmed at 24 fps. IMAX runs at 48 fps.
Why stop at 120Hz? Why not 240Hz for even better smoother more ultraer, realistic motion? Or even 480Hz?
- Much higher dynamic range and more accurate colour rendering - Comfortably exceeding the capabilities of your eyes in all situations
4k already does. It's overkill for most users.
8k is supposed to be the ultimate, the final form of 2D television. NHK, the people behind it, skipped over 4k because it's just a stepping stone to perfection. If anything is to blame here, it's 4k being a half measure and 8k not arriving quickly enough.
When you put things into perspective you quickly come to realize resolution of TV is irrelevant.
The limit of human vision useful for discriminating useful detail is 10 degrees of arc at a resolution of 60 pixels per degree or 600 x 600 per eye. Anything much more than that is unnecessary assuming 100% efficiency of projecting photons into the fovea.
A 80" 4k screen at 5 feet distance already exceeds the limit of human vision at 64 PPD as well as most peoples budgets for TVs or place to put them to say nothing of natural unwillingness to sit so close.
Actual current real world problem with TV that people will actually benefit from addressing is not resolution or frames per second or color depth. It's the willingness of content distributors to provide sufficient bandwidth to drive current displays.. displays that have been available commercially for the last decade.. at quality they are capable of producing.
The largest national cable companies have in recent years *DOWNGRADED* HD broadcasts from 1080 to 720 (excluding local retransmission) and turned up the compression knob leaving very noticeable blocking and motion artifacts in order to maximize profit. Satellite TV broadcasts are a joke and even OTA is starting to degrade as broadcasters are able to cram more content into available bandwidth via sub channels. Internet streaming has the advantage of modern and more rapidly upgradable codecs yet still insufficient bandwidth to practically deliver at quality limit of current generation of televisions. It isn't cost effective and more importantly most people either don't care enough to affect market behavior or can't tell the difference.
I'm not going to hold my breath waiting for content or a delivery mechanism to meet the capabilities of displays having been commercially available for more than 10 years let alone 4k and 8k.
8k is the equivalent resolution of 36 720p displays the max currently broadcast by major US cable companies. If people are willing to accept 720p with heavy compression on what planet is a broadcaster going to make the calculus... hey we should use the bandwidth we would normally transmit to 36 users over point-point or 36 channels over broadcast medium just to deliver a single 8k channel to the handful of people who would appreciate it. How does THAT generate profit?
My own opinion is VR/AR/display/lightfield/GPU technology is likely to advance far faster in the next decades with far better results vs the likelihood of bandwidth requirements for transmission being rendered trivial.
Nonsense. That is NOT what TFA says, and that is not how it currently works in Chrome. The website can request a popup, just like they can now display an order form. But that does not "query your browser for available payment info". I requires user input before any payment is made, and requires the user to enter the CVV#.
There are multiple API calls at play which provide different information.
Obviously user input is required before sending card data.
What is explicitly NOT mandated by the current work is requests for available pay methods. This is explicitly allowed to be answered without prompting the user first.
In the future, the vendor will never even see the CC#.
The future... WTF... It's 2017... why is there NEW work on shit that is obviously not fit for purpose out of the gate?
How about YES. It is implausible that this will be any worse than the existing system.
Having standardized interfaces malware can leverage to trivially extract card details from user systems has the potential to lead to worse outcomes. We already see malware looking for bitcoin wallets which on a realitive basis very few people have. A future in which everyone is storing card details in their browsers does not seem productive.
Neither is encouraging use of dead-end inherently dangerous pull based technology (credit cards) when push based systems (e.g. PayPal) are MUCH safer only leads to worse outcomes for all.
Statements like: "The PaymentRequest API does not directly support encryption of data fields. Individual payment methods may choose to include support for encrypted data but it is not mandatory that all payment methods support this."
Indicates developers of the API are not serious and are just going to punt on security.
They don't seem to care very much about privacy allowing payment type data to be probed without explicit permission at the whim of the browser vendor.
The overall approach is pedestrian. Shoving complex ecommerce workflows and interfaces into browser APIs is a ridiculous nonstarter. Why not work on something useful like native browser support for distributed authorization or common information request profiles? The approach reeks.
Because it is an example of the care and thinking that went into the Unicode support of earlier OSes. You know, the comment that half the shit breaks, it was a bolted on after thought, and doesn't really work for more than one language set at a time?
Kind of the point is: Unicode support in windows XP basically doesn't exist.
Your not making any sense. This problem has NEVER been addressed even in CURRENT versions of windows.
Should Firefox discontinue all support for ALL windows because irrelevant behavior of file system?
If your going to cite an example why not cite a relevant one?
Dude it's about 17 years old which is a long long ancient time on a technology scale. It's time to move on.
Age arguments in and of themselves are political opinions rather than technical justifications. I don't make decisions based on politics I make them based on specific articulable merit.
More importantly I'm not the one you need to convince. I don't run XP... never even ran XP in my life.. tens of millions have made different value judgments assuming they have even bothered to give the issue any thought at all.
Do you get free car service too for 17 year old cars?
My car is older than 17 years and I expect the mechanic to still work on it and make repairs. I don't expect the mechanic to tell me tough shit it's too old go buy a new car. If I went to a dealer today and bought a new car I could afford it wouldn't meaningfully provide me with any more value than my current vehicle. So far it has just been regular maintenance required of any present day vehicle.
Perhaps in the future when EV's get better and the battery situation is solved or class 5 autonomous driving becomes a reality my value proposition will change.
What is reasonable? Most users are just waiting for their caps in their power supplies or motherboard to blow and they will be replaced.
I don't know enough to answer the question of what is reasonable with respect to Firefox. Browsers are very complex and yet also abstracted out of necessity to support a wide range of platform targets. I don't pretend to know what the parameters and costs involved are.
One thing I'm fairly certain of is maintaining support for XP is less labor intensive than supporting Linux platform yet more people run XP+Vista then use Firefox for Linux.
I also know technically the userland difference between Vista and Windows 7 is tiny vs difference between XP and Vista. In the absence of specific articulable evidence I would naturally be highly suspect of hand waving that assumes tangible costs involved with maintaining platform differences between 7 and Vista.
Some are old people afraid of change who go out of their way to use ancient software on new hardware. That is on them.
I fundamentally disagree with this calculus. In a functioning competitive market software vendors would be spending their time meeting their customers needs where they are instead of judging, blaming the customer or making political calculations.
Mozilla should display a friendly message claiming their PC will no longer be supported and it's time to upgrade
Displaying messages or warnings is different from not working / demands.
Asian language support in XP was a disaster of glued together fixes which often left a system completely messed up if you had to support multiple languages at once. God forbid you actually change the primary language at some point rendering software non-functional and directories inaccessible. Unable to browse c:\????????? anyone? But I typed the right number of ?s in! Oh but they aren't ?s, they are just one of the symptoms of Unicode support being fundamentally broken.
Why are filesystem issues relevant? In what version of windows was the problem you describe this fixed? Hint: it was never fixed.
It's not all about what works/doesn't work, it's also about effort to support the platforms considering their dwindling usage numbers. They will probably be able to remove chunks of code dedicated to XP and Vista, and not have to worry about testing them, for such a small number of users.
The problem with this argument is difference between Vista and W7 from a windows API perspective is irrelevant in terms of userland code. When you throw Vista into the mix reason can no longer be code maintenance.
It's also worth remembering that these platforms are no longer suppored by Microsoft, so why should Mozilla do the same?
The question at hand is why are they taking away support for an operating system. It isn't why shouldn't they.
Why shouldn't they is obvious. More people are still using these operating systems then use Linux on desktop. People are not going to say...oh fuck I can't update my Firefox anymore... time to upgrade. They are going to keep using what "works" at unnecessarily increasing peril.
If a vulnerablity is now found in those platforms which can hijack Firefox, Mozilla will want to stear clear of all blame.
This does not justify preventing browser from running. You can simply state platforms you want to support and disavow others.
False Positives during automated audit tools is my own personal hell. PCI Compliance demands these audits be ran every quarter. And every quarter, our Windows 2012r2 server which is only used for a couple of people to work remotely fails the audit. Which test does it fail? The audit claims it is vulnerable to a Windows NT4 terminal services exploit. The exploits have long been patched by Microsoft, plus the effected cyphers have also long been disabled. Yet every single goddamn quarter, we fail the audit, and it is usually a month long battle with one-way messaging to the audit company to let them know their still a bunch of morons. And guess what? The quarter just started this week!
I look at people who post things like this and I'm thinking to myself is there only one company on the planet selling automated audit services?
Which is worse? A company raking in $$$ for being extraordinarily lazy and getting away with failing to address even known obvious shortcomings... or paying "a bunch of morons"?
Slashdot Mirror
And we are the targets.
My opinion would have been a heck of a lot more useful for Microsoft to roll out a versioning file system. That would have provided more value to customers and end up being way more useful in every way vs piling on new access control regimes and expecting people to use it for real this time.
Would be interesting to hear what if anything prevents an attacker from modifying search path environment variables or user registry or CLI parameters to convince software to load custom add-on haxor.dll's and then launch a trusted program. Unlike DLL injection this does not require any elevated privileges. Does the system keep track of all of an applications possible dependencies? If a software program dynamically loads a new DLL in response to user action such as enabling a new feature within the software does Windows flash an alert and ask the user if it's ok? If so what percentage of users are likely to be qualified to even begin to provide a coherent response?
What's a few million general purpose CPUs with no access to advanced instructions or GPUs compared to a rack of custom ASICs? How is this anything but a passing fad with rapidly diminishing returns?
I think TFA's assertions are a bit stupid on their face. They are essentially saying "it's not something you have" because it can be reduced to an underlying secret key required to be guarded.
This begs the question what physical factor can possibly exist which at its core does not effectively guard a secret from unwanted disclosure? Guarding secrets is the way ALL "what you have" schemes without exception operate. You can take issue with an implementation or judge relative quality yet to say it's not "something you have" is not a real argument. It doesn't convey any useful information.
In my view the only meaningful way to address large scale credential breaches is decoupling authentication from applications. There should be separate physically secured systems with no other function except to perform authentication and provide evidence of outcomes to application servers. Application servers can store and jungle all the credentials they want... They just can't ever be placed in a position to EVER reason about their meaning or validity.
On the front end people need to stop using PKI to protect clear text passwords and clear text one time codes. When you use a secure authentication protocol the risks associated with information disclosure as a result of authentication are significantly reduced. A secure authentication protocol would for example prevent a customer of realbank.money from being owned as a result of handing their 2FA data to fakebank.money. PKI on the other hand offers no such protection because fakebank.money is just as capable of obtaining a valid certificate as realbank.money and adds completely unnecessary dependencies to the attack tree of the system.
I've been hearing about Kobe on English language broadcasts for a while. One constant throughout is a complete lack of contextual information.
We all know they "Falsified data" on strength and durability of aluminum and copper... what does this mean in real terms?. Did they just check the "A-OK" box and fill in fake data without bothering to run the tests? Did they run the tests and then knowingly alter results? What is the difference between what they reported and actual conditions of materials sold? What is the risk? I would be most interested in any references that address these basic questions.
So far every downstream manufacturer who has looked into this has not been able to find anything wrong or at least they are not admitting it publically.
We ARE the product, and short of bloody revolution there's SFA we can do about it. Time to open that Facebook account I guess - the war has been lost, so I may as well get as much value as I can out of our corporate overlords in return for them raping my privacy.
If it were really so hopeless why would cell companies bother trying to scrub the evidence from the Internet? They were obviously AFRAID of something.
Do you not get a monthly bill from your cellular provider? You could just not pay it and instead take your business elsewhere. Consumers have all of the power in the world to affect change... assuming they are sufficiently motivated to get off their assess and stop crying about something they have the power to change.
Besides creating overlay networks on top of IP is trivially easy. You could for example run TOR on your mobile or find/create a VPN service you have some reason to trust.
It has never been easier for people all over the world to communicate privately. There has never been a time where so much source code and tools necessary to run, modify and create every aspect of modern computers and sophisticated cryptography have been freely available to anyone wishing to pursuit them. Bandwidth and computers have never been cheaper or more available. How much easier does it have to get?
If you patch a client that client is safe.
If you patch an AP all clients using that AP are safe.
Wrong. There is no possible AP only patch that renders clients safe.
Doesn't work that way... you claim that they are guilty, it's on you to prove it.
I've made no claims. I'm not going around proclaiming either guilt or innocence. I've simply made a judgment based on what I know of publically available information I believe this more likely than not to be a deliberate act.
You are free to evaluate the same data and come to different conclusions. I am willing to re-evaluate my position if specific technical data is made available.
As for why a working digitizer stops working after an upgrade? Simple... The easiest explanation is a change in the code that drives that piece of hardware. This change might have been done to improve precision, improve power consumption or any other innocent reason.
No doubt both nefarious and innocent possibilities exist. I don't have the requisite information to determine either the specific reason for failure or whether it was done deliberately or not.
I can't blame Apple for this, the blame is on the maker of the 3rd party hardware, he obviously didn't do his homework but tried to sell his product as '100% compatbile' while it isn't.
Do you have specific evidence establishing this was based on technical incompatibility vs. some kind of deliberate signature check intended to disable non-genuine replacement parts? If so please share.
I don't doubt that people on the left also fall for this sort of thing now and again too, by the way. I'm not partisan on this, I'm just against this kind of state level subversion of western societies.
When I hear someone crying about Russian influence I'm lead to wonder what the same people think of AIPAC and associated organized sophisticated Israeli propaganda campaigns in this country. Do they find them equally outrageous?
Is the outrage sourced from the concept of subversion/interference or is it based mostly on the content of the message? e.g. I don't like what your doing so I'll use foreign aspect to justify and amplify my displeasure...
Of course the flip side is I am indifferent to or support what your doing so I'm willing to completely ignore foreign aspects of your influence campaign.
I'm not offering an opinion on the underlying "Russia" issue yet I strongly suspect a lot of what ticks people off about Russia is in fact the underlying message not foreign subversion.
Look at how often BLM are labelled terrorists right here.
Well see there is actually.. uh... tape of BLM protesters saying and doing the nicest things. "What do we want?" ... many lovely answers to that question can be found with 10 seconds of your time on YouTube and be seen and heard with your own eyes. It can't ALL be explained away by foreign intervention and associated propaganda. At least some of it is earned.
Ruskies can learn a thing or two from US media on how best to "inflame racial tensions" for profit.
There's huge distance between a firmaware driven device with serial communication protocols of incredible complexity and a coffee filter. I don't think it's reasonable to expect apple to support every possible emulation of it's API. I can't think of any cas ein the history of modern community where a clean room emulation had 100% bit compatibility with the original. WHy would you expect a non compatible screen to maintain it's compatibility as the OS changed.
WHy would one expect a previously working digitizer to stop working and become "incompatible" due to a software update?
Either Apple explains in detail what innocent change they made causing the incompatibility OR I'll just assume what is obvious to me given their prior track record.
I can't really say what apple is or isn't doing but I'm quite sure you can't either.
Exactly. You can never tell for sure even when it's obvious to you.. Even when a deliberate decision becomes toxic and they back away from it with laughable doublespeak there is always plausible deniability.
In the real world we all have to live and make decisions in a world with incomplete information out of necessity. Our perceptions and prior track record will naturally inform whether we ASSUME it was an innocent mistake or ASSUME it was a deliberate act.
Personally I require Apple to provide technical evidence exonerating themselves before I am willing to accept the innocent explanation in this case.
This is all rather rich after the preaching from Oculus people about quality and deepest fears of proliferation of cheap knockoffs that suck and get everyone sick poisoning the well of public opinion.
After all that here Oculus is directly releasing VR gear lacking positional tracking where any head movement translates into the wearer instantly feeling like shit.
I happen to really get a kick out of VR. I'll spend hours on coaster simulators, playing descent, flying spaceships and doing crazy stunts that would sure as heck make me loose my lunch in real life. The one thing I simply will never do is put a VR display on my head lacking positional tracking. It makes me sick just thinking about it.
For Facebook, shadowy "big data", Twitter, Google, Microsoft, *Gram, Pokemon and all of the subpoena-enabled Orwellian spy shit being intentionally baked into every toaster oven on the planet.
Troves of new leads and capabilities previously wouldn't have possibly in their wildest dreams been able to pursuit is not enough. It will never be enough for LEA who sees their mission in a vacuum as the only consideration of import.
Each act of aggression towards tech companies offering mass communication services only drives the proliferation of decentralized alternatives run by Mr nobody and pushes key management closer to the edge. It's not possible to prevent someone who desires to do so from speaking in code or otherwise outlaw basic math. All you end up doing is making everything temporarily less secure before the tech companies role in securing communications is completely extricated from the equation.
This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws
The reason this is not a concern is because everyone else does it. Absolutely priceless reasoning.
If I had a penny for every instance of this nonsense uttered in my lifetime I would be a trillionaire.
The limit of human vision useful for discriminating useful detail is 10 degrees of arc at a resolution of 60 pixels per degree or 600 x 600 per eye.
Minor correction. 60 "pixels" per degree, not per 10 degrees.
It's often helpful to quote complete sentences rather than cutting them off mid-flight. For example if one were to improperly quote me by cutting off sentence after the word "pixels" it would be understandable for the reader to assume I meant 60 pixels per 10 degrees.
(e.g. "The limit of human vision useful for discriminating useful detail is 10 degrees of arc at a resolution of 60 pixels")
However this isn't what I said. I was misquoted and then the misquote itself was attacked.
That's not the limit. 60 is considered "normal", but the average is 80 and there are people over 100. Even then, we don't see pixels, the same way we don't see in "frames per second". Humans can see as small as 0.0024 arc seconds. which works out to 1,500,000 "pixels" per degree, as long as there is enough contrast.
Human eyes can even detect single photons under the right conditions so there must be no limit right? 60 is a nice round generally accepted figure for reasoning about these things. You can say 60 is too low or too high but it is generally accepted to be in that ballpark. It isn't 100 or 200 or 1,000,000 in the context of TV viewing no matter what arcane tidbit one is able to cherry pick out of the ether.
The point remains very few are ever going to get anything perceptible out of these displays.
The point remains resolution is being used to further scam those with existing HD displays who are already being scammed by not even getting advertised HD quality they are currently paying for.
The area of an 8k screen where one person can perceive the added detail, but in the real world, you probably aren't the ONLY person watching the TV, nor is
everyone necessarily watching the exact same part of the screen. The only solution is to maintain the highest meaningful resolution & achievable framerate needed to satisfy the most demanding aspects of foveal & peripheral vision across the entire scene, so it will look equally convincing REGARDLESS of which part somebody is looking at.
The primary message I was trying to convey with 600x600 is that human vision is mostly an illusion. I wanted the reader to understand this point. All of the figures regarding viewing distance provided are independent of the number of viewers.
It actually is possible for future displays to have the capability to present different information to different viewers including different people watching completely different content concurrently on the same display. The technology is partially already being developed for glasses-free 3D displays and future VR displays.
It's like the headphones-vs-10.2-surround debate... YOU only have 2 ears, but you aren't bolted to a single "sweet spot" in a room with flawless acoustics. Using lots of speakers in different locations enables more people in different spots to enjoy the kind of ambient surround sound that would otherwise be impossible without headphones.
It's the cheap and easy solution but hardly impossible with sensors and lots of m(a|e)th.
Microsoft is in an unfortunate position because the thing that they don't like about their platform is the thing everyone else does. A load of the old Win32 APIs are horrible designs for security and make it very difficult to impose sensible sandboxing policies post-hoc. If you want to make a secure Windows system, then the best thing to do is throw a load of that away and move to a more modern set of APIs that are designed with security in mind from the start. There's only one problem with this: most people who run Windows do so because they like their Win32 apps and want to keep using them.
In my view the only remotely tractable enforcement point for a general purpose operating system is hypervisor. Anything beyond this is a lost cause way too complex to have any hope of constraining access without expecting a steady nonstop drip of vuln after vuln.
The complexity of Win32 is completely ignorable and when considered in overall context UWP isn't much better from surface area perspective. What we need are better hypervisors, better hardware (MMU) support and more effective management schemes where the concept of access controls are de-emphasized in favor of seamless isolation.
This entirely misses the point of 8k. It's not just a resolution bump, it addresses multiple use-cases:
There is no "use-case" of sufficient utility to provide value to the vast majority of consumers in the market.
- Very large screens / projectors
Very large as in IMAX large.
Most movie theatres are still running 2k and nobody cares. Heck most movies are not even filmed in 4k.
- 120Hz native for ultra smooth, realistic motion
Most movies are currently filmed at 24 fps. IMAX runs at 48 fps.
Why stop at 120Hz? Why not 240Hz for even better smoother more ultraer, realistic motion? Or even 480Hz?
- Much higher dynamic range and more accurate colour rendering
- Comfortably exceeding the capabilities of your eyes in all situations
4k already does. It's overkill for most users.
8k is supposed to be the ultimate, the final form of 2D television. NHK, the people behind it, skipped over 4k because it's just a stepping stone to perfection. If anything is to blame here, it's 4k being a half measure and 8k not arriving quickly enough.
When you put things into perspective you quickly come to realize resolution of TV is irrelevant.
The limit of human vision useful for discriminating useful detail is 10 degrees of arc at a resolution of 60 pixels per degree or 600 x 600 per eye. Anything much more than that is unnecessary assuming 100% efficiency of projecting photons into the fovea.
A 80" 4k screen at 5 feet distance already exceeds the limit of human vision at 64 PPD as well as most peoples budgets for TVs or place to put them to say nothing of natural unwillingness to sit so close.
Actual current real world problem with TV that people will actually benefit from addressing is not resolution or frames per second or color depth. It's the willingness of content distributors to provide sufficient bandwidth to drive current displays.. displays that have been available commercially for the last decade.. at quality they are capable of producing.
The largest national cable companies have in recent years *DOWNGRADED* HD broadcasts from 1080 to 720 (excluding local retransmission) and turned up the compression knob leaving very noticeable blocking and motion artifacts in order to maximize profit. Satellite TV broadcasts are a joke and even OTA is starting to degrade as broadcasters are able to cram more content into available bandwidth via sub channels. Internet streaming has the advantage of modern and more rapidly upgradable codecs yet still insufficient bandwidth to practically deliver at quality limit of current generation of televisions. It isn't cost effective and more importantly most people either don't care enough to affect market behavior or can't tell the difference.
I'm not going to hold my breath waiting for content or a delivery mechanism to meet the capabilities of displays having been commercially available for more than 10 years let alone 4k and 8k.
8k is the equivalent resolution of 36 720p displays the max currently broadcast by major US cable companies. If people are willing to accept 720p with heavy compression on what planet is a broadcaster going to make the calculus ... hey we should use the bandwidth we would normally transmit to 36 users over point-point or 36 channels over broadcast medium just to deliver a single 8k channel to the handful of people who would appreciate it. How does THAT generate profit?
My own opinion is VR/AR/display/lightfield/GPU technology is likely to advance far faster in the next decades with far better results vs the likelihood of bandwidth requirements for transmission being rendered trivial.
Nonsense. That is NOT what TFA says, and that is not how it currently works in Chrome. The website can request a popup, just like they can now display an order form. But that does not "query your browser for available payment info". I requires user input before any payment is made, and requires the user to enter the CVV#.
There are multiple API calls at play which provide different information.
Obviously user input is required before sending card data.
What is explicitly NOT mandated by the current work is requests for available pay methods. This is explicitly allowed to be answered without prompting the user first.
In the future, the vendor will never even see the CC#.
The future... WTF ... It's 2017... why is there NEW work on shit that is obviously not fit for purpose out of the gate?
How about YES. It is implausible that this will be any worse than the existing system.
Having standardized interfaces malware can leverage to trivially extract card details from user systems has the potential to lead to worse outcomes. We already see malware looking for bitcoin wallets which on a realitive basis very few people have. A future in which everyone is storing card details in their browsers does not seem productive.
Neither is encouraging use of dead-end inherently dangerous pull based technology (credit cards) when push based systems (e.g. PayPal) are MUCH safer only leads to worse outcomes for all.
Statements like: "The PaymentRequest API does not directly support encryption of data fields. Individual payment methods may choose to include support for encrypted data but it is not mandatory that all payment methods support this."
Indicates developers of the API are not serious and are just going to punt on security.
They don't seem to care very much about privacy allowing payment type data to be probed without explicit permission at the whim of the browser vendor.
The overall approach is pedestrian. Shoving complex ecommerce workflows and interfaces into browser APIs is a ridiculous nonstarter. Why not work on something useful like native browser support for distributed authorization or common information request profiles? The approach reeks.
Because it is an example of the care and thinking that went into the Unicode support of earlier OSes. You know, the comment that half the shit breaks, it was a bolted on after thought, and doesn't really work for more than one language set at a time?
Kind of the point is: Unicode support in windows XP basically doesn't exist.
Your not making any sense. This problem has NEVER been addressed even in CURRENT versions of windows.
Should Firefox discontinue all support for ALL windows because irrelevant behavior of file system?
If your going to cite an example why not cite a relevant one?
Dude it's about 17 years old which is a long long ancient time on a technology scale. It's time to move on.
Age arguments in and of themselves are political opinions rather than technical justifications. I don't make decisions based on politics I make them based on specific articulable merit.
More importantly I'm not the one you need to convince. I don't run XP... never even ran XP in my life.. tens of millions have made different value judgments assuming they have even bothered to give the issue any thought at all.
Do you get free car service too for 17 year old cars?
My car is older than 17 years and I expect the mechanic to still work on it and make repairs. I don't expect the mechanic to tell me tough shit it's too old go buy a new car. If I went to a dealer today and bought a new car I could afford it wouldn't meaningfully provide me with any more value than my current vehicle. So far it has just been regular maintenance required of any present day vehicle.
Perhaps in the future when EV's get better and the battery situation is solved or class 5 autonomous driving becomes a reality my value proposition will change.
What is reasonable? Most users are just waiting for their caps in their power supplies or motherboard to blow and they will be replaced.
I don't know enough to answer the question of what is reasonable with respect to Firefox. Browsers are very complex and yet also abstracted out of necessity to support a wide range of platform targets. I don't pretend to know what the parameters and costs involved are.
One thing I'm fairly certain of is maintaining support for XP is less labor intensive than supporting Linux platform yet more people run XP+Vista then use Firefox for Linux.
I also know technically the userland difference between Vista and Windows 7 is tiny vs difference between XP and Vista. In the absence of specific articulable evidence I would naturally be highly suspect of hand waving that assumes tangible costs involved with maintaining platform differences between 7 and Vista.
Some are old people afraid of change who go out of their way to use ancient software on new hardware. That is on them.
I fundamentally disagree with this calculus. In a functioning competitive market software vendors would be spending their time meeting their customers needs where they are instead of judging, blaming the customer or making political calculations.
Mozilla should display a friendly message claiming their PC will no longer be supported and it's time to upgrade
Displaying messages or warnings is different from not working / demands.
Asian language support in XP was a disaster of glued together fixes which often left a system completely messed up if you had to support multiple languages at once. God forbid you actually change the primary language at some point rendering software non-functional and directories inaccessible. Unable to browse c:\????????? anyone? But I typed the right number of ?s in! Oh but they aren't ?s, they are just one of the symptoms of Unicode support being fundamentally broken.
Why are filesystem issues relevant? In what version of windows was the problem you describe this fixed? Hint: it was never fixed.
It's not all about what works/doesn't work, it's also about effort to support the platforms considering their dwindling usage numbers. They will probably be able to remove chunks of code dedicated to XP and Vista, and not have to worry about testing them, for such a small number of users.
The problem with this argument is difference between Vista and W7 from a windows API perspective is irrelevant in terms of userland code. When you throw Vista into the mix reason can no longer be code maintenance.
It's also worth remembering that these platforms are no longer suppored by Microsoft, so why should Mozilla do the same?
The question at hand is why are they taking away support for an operating system. It isn't why shouldn't they.
Why shouldn't they is obvious. More people are still using these operating systems then use Linux on desktop. People are not going to say...oh fuck I can't update my Firefox anymore... time to upgrade. They are going to keep using what "works" at unnecessarily increasing peril.
If a vulnerablity is now found in those platforms which can hijack Firefox, Mozilla will want to stear clear of all blame.
This does not justify preventing browser from running. You can simply state platforms you want to support and disavow others.
False Positives during automated audit tools is my own personal hell. PCI Compliance demands these audits be ran every quarter. And every quarter, our Windows 2012r2 server which is only used for a couple of people to work remotely fails the audit. Which test does it fail? The audit claims it is vulnerable to a Windows NT4 terminal services exploit. The exploits have long been patched by Microsoft, plus the effected cyphers have also long been disabled. Yet every single goddamn quarter, we fail the audit, and it is usually a month long battle with one-way messaging to the audit company to let them know their still a bunch of morons. And guess what? The quarter just started this week!
I look at people who post things like this and I'm thinking to myself is there only one company on the planet selling automated audit services?
Which is worse? A company raking in $$$ for being extraordinarily lazy and getting away with failing to address even known obvious shortcomings... or paying "a bunch of morons"?