I'm impressed by that developer's skill, but not in a good way. That's exactly the kind of brain fart error strncpy is designed to prevent. I presume, then, that this developer never bothered to make sure that the destination string was large enough for the job, and I hope that his next performance review reflected his carelessness.
strncpy is defective by design. The carelessness comes from allowing code with it to ever be checked in.
When I want to find bugs strncpy is one of the first things I look at exploiting. Very few understand null terminator is omitted on overflow.
Are we spoofing GPS here, or are we spoofing AIS? Just so we're clear... GPS is obviously GPS, but the summary seems to conflate GPS and AIS. AIS is a terrestrial based VHF system which takes GPS data from individual ships adds identifiers and transmits it to anyone who cares to listen, which usually means other ships and shore-side receivers. It sounds to me like it is AIS that is being spoofed -- which would be trivial compared to GPS.
It's talking about GPS spoofing where bad AIS data flows from bad GPS data.
Quoting TFA:
"Instead of displaying Atria's actual position, the ship's systems located it 25 to 30 miles away â" at Gelendzhik airport"
The US military already encrypts GPS for themselves - it can still be jammed, but it can't be spoofed.
All GPS receivers do is measure aspects of delay. These measurements become the basis for determining location.
It is not necessary for an adversary to understand a signal to alter time of receipt and therefore modify calculated position.
Maybe it's time encryption was applied to civilian GPS as well. It's not like consumer electronics don't have the capability to handle the decryption, and it's not like you'd have to use the same keys as military GPS.
I would opt for better internal clocks within receivers and schemes such as RAIM to allow meddling to be flagged with high level of confidence.
Most of these fools are engaged in terrorism. They are unwilling to tolerate people they disagree with so they challenge states monopoly on violence to achieve their political objectives. Of course this or any government is going to go after them.
Would those of you who modded this down care to explain yourselves? Are you condoning violence as a means to an end? Do you disagree with my definition of terrorism? Do you think there is insufficient evidence to support violence? YouTube video exist of these same people in their own words plotting to use violence to shut down metro system and "throat punching" others.
Most of these fools are engaged in terrorism. They are unwilling to tolerate people they disagree with so they challenge states monopoly on violence to achieve their political objectives. Of course this or any government is going to go after them.
Pretty much every aspect of your life is subject to the collective will of the society in which you live. You cry, 'Freedom of speech!', and they're saying, 'Stop the spread of dangerous hate!'. Since they have a lot more experience with domestic terror groups than Americans do, I understand why they're going that way.
EU's approach is embarrassing. They should spend more time addressing their problems instead of ordering people to "shut up" under threat of violence.
Right now, you're probably right. But when groups of malcontents are allowed to fester unchecked, they eventually cross the line from being bitter to being violent... and that's when the EU approach suddenly looks better.
Censorship is the go to tool of cowards who lack guts to stand behind their convictions unwilling to attempt hard work necessary to build general consensus for their positions.
I haven't seen it yet, but where did you get this from? Unless it's really overt in the first episode, the trailer certainly never made anything of any of those issues. I don't think there was any hint that any character was gay or trans at all, in fact. Lots of shows have gay characters anyway now, it's not remarkable.
This crap has been all over the media for MONTHS... a bit hard to miss.
Assuming what I've been hearing is true my expectation is for a series to be filled with pandering to all manner of specific tribal identities.
Just isn't something I have interest in no more than I care to see Nokia commercials in red convertibles or Martian potato farmers saved by the Chinese in exchange for access to Chinese markets.
What I want are interesting stories about the final frontier not political bullshit/CG craziness/single theme war with Crappy looking Klingons. Moot point anyway I refuse to accept the terms of CBS's privacy policy. Even if it the media was wrong and this turned out to be greatest star trek of all time it wouldn't make much difference to me.
Doubling down on crappy looking Klingons Trailers filled with NOTHING but weapons fire and CG overload gay/trans/ethnic political bullshit turned up to 11 I have to pay to see the rest of a TV series If I pay to see the rest of a TV series I should expect to be rewarded with spyware installed on whatever I'm watching from.
CBS all access privacy policy says:
"Websites or other services you visited before and after visiting a CBS Interactive Services"
"Information about your interactions with audio and video content, such as the type of content listened to (including music applications such as iTunes, Spotify and Last.fm) and content viewed, and information about your interactions with email messages, such as the links clicked on and whether the messages were opened or forwarded;"
"Upon request, your bandwidth speed and information about the software programs installed on your computer including registry key information; and"
So basically if you watch Star trek you should assume spyware will be installed on whatever your watching it from to spy on EVERYTHING you do even if it has NOTHING to do with CBS all access.
This will be the first star trek I don't even bother watching even out of curiosity.
I use a standalone camera. Higher surface area lens + higher quality sensor = better pictures. I find interface of real cameras to be a far better experience vs. touching slates of barely daylight visible glass.
The bigger question is why is any of this relevant? Are you asserting "coming sensor wave" is about smartphone cameras?
It's been nearly impossible to buy a phone even a dumb feature phone in the last decade without a camera... with 100% saturation cameras are OLD news. This begs the question what is a "coming sensor wave"?
There, the issue is multiplexing, I think. You can multiplex text messages easily, but not phone calls, at least not at the moment. Once one can control A/V streams by voice control, texting will die out.
All major smartphone platforms have supported voice dictation for years.
That's just a silly observation, and not even worth comment, except to note that you probably made it using a computing device which has been doubling in capacity and features every year for more than a decade.
It's a well understood side effect of unconstrained capitalism that came to me in a dream as I was sleeping thru Geo 130. Basically the objective function of corporations is generally always profit.
Sometimes "profit" and "progress" are aligned. Those working on discreet things where more x or better y yields profit tend to align more with progress. If your working to bring a new process node online, develop higher density interfaces and storage or improve power efficiency you have limited avenues for turning a profit other than delivering better hardware the market wants. You make money by kicking ass and taking names.
Those working software are under no such constraint. The opportunities to make money by means of being a little dipshit is infinite especially in the age of the Internet. Instead of improving your operating system you can opt to turn solitaire and minesweeper into pay apps. You can spend all kinds of time inventing new ways to erect walled gardens to extract value from the work of others, spy on and control customers to create new profit streams by rent seeking, data collection and serving ads. Not only are these activities counter-productive they carry unappreciated opportunity cost associated with working for profit vs working for progress...you haven't just made your software less useable you also haven't worked to make it more valuable to actually create new value for your users. In the past decade things have progressively degraded in the software space to the point where business models of legitimate companies are now indistinguishable from malware vendors.
Are Mexico, Canada and South Korea dumping solar panels for less than cost of production? Are they using slave labor? Do employees work in hazardous conditions?
There's a fuckton of hardware out there that offers windows fileshare functionality. And requires SMB 1, which is horribly insecure and deprecated and should be disabled. And most of that hardware is running some kind of Linux.
SMB 2 and 3 for all intents and purposes also lead to atrocious security outcomes. Safer to only run these things over IPsec if your concerned about security.
I've been thinking about the coming sensor wave for some time, and what I've concluded is this: give people something genuinely more convenient, and they will trade it for slightly more risk, every time. It won't even be close.
So is the "coming sensor wave" genuinely more convenient?
Why? Because people intuitively want to use ALL their senses to control their environment. It's something they've been doing their entire lives, and your typical computer interface really stinks by comparison.
Seems quite a lot of people would rather send text messages than talk on a phone.
Only a small minority seem to have much interest at all in video phones.
It's increasingly popular for people to buy things from flat 2d websites rather than shop in real life and numerous experiments at 3Dish interfaces for virtual shopping malls..etc. have failed without any fanfare due to lack of interest.
Heck, even something mundane like driving a car provides a hugely richer control experience than using any smartphone app you can name.
This must explain why they are always reaching for their phones while driving. Driving is such a rich experience after all...
Computer-human interfaces suck. You can't fight progress in this area.
Fighting progress is basically the full time job of technology companies these days. Every time I turn around some asshat has invented a new means of screwing with me.
Profiting from market failure is a well known feature of capitalism.. there simply isn't much in the way of market incentive for progress. It simply isn't the objective function of the tech industry or any industry for that matter.
I am sorry that the W3C had to approve DRM. However most of the arguments against it are rather lame. Most people just want to watch their movie. They donâ(TM)t want to copy it or use it unfairly.
But the thing with digital media is if it is too easy to copy and share. That is what will happen.
The problem seems to me to be obvious. It's simply a reflection of lack of legitimacy in state's laws governing use of IP. Corporations over many decades have used their leverage to enact and maintain laws a sufficient number of people have no problem willingly disregarding with impunity.
Technological solutions to political problems especially one involving pointless measures easily circumvented have a proven track record of failure.
That is what will happen. Old anolgies with VCR do not apply because that is an Analog copy so every copy is degraded. While every copy of digital data is the same.
Nobody doing the copying or watching of VHS tapes cared. The concept of degradation with each copy was invented by lawyers for lawyers.
Even weak DRM is enough to stop most people and going to court it is easy to prove malicious intent.
Are you sure about that? It does not seem to be enough even to stop my technologically illiterate relatives from inadvertently buying all-in-one boxes with integrated bit torrent clients allowing anything to be watched. In their own defense they were completely clueless as to the legality/legitimacy of the product purchased locally at a fair and didn't believe me or appreciate my snickering when pointing out the obvious.
If you don't like antidotal evidence here's some hearsay. This year MPAA's top lawyer was quoted saying:
"An estimated 981 million movies and TV shows were downloaded in the U.S. last year using P2P"
All of the DVDs and Blu Rays for movies and TV shows not pulled OTA are encrypted by means of weak DRM and yet it doesn't seem to be stopping anyone who wants it from getting it.
Does it goes against Open Source Standards? Yes it does. However the world doesnâ(TM)t rotate around open source standards. If you want to get rid of it you will need to blacklist all the sites that use it. And properly boycott the DRM material. This doesnâ(TM)t mean pirating the content. But going without it in terms of protest. Pirating the content will only show there is a demand for their product and double down on the DRM to fight piracy more.
The more services like Netflix fill in the gap making content more affordable and reducing barriers to entry the more piracy incentives and supporting infrastructure evaporate. DRM is irrelevant. One need only look at the Internet bandwidth utilization stats to see the trendline of Netflix vs P2P over time.
There are examples of the market rejecting DRM such as music/MP3 scene that never involved hunger strike protest. It involved people recognizing a need/market and filling the gap.
Calling it 'stupid' is a bit of an overreaction to what is basically a UI change to map a more-commonly-held button on what is perceived to the more- commonly-intended outcome. Maybe that attribution of intended outcome is
If my phone behaved like that I sure as heck would be pissed and call it stupid.
A disconnect button is apparently too hard for Apple to implement or understand. On Android you long press the toggle buttons to manage existing WiFi/BT connections in more detail.
wrong (as anyone that has tried to help less technical people, trying to figure out what someone is actually trying to do is a hell of a thing) but it seems at least reasonable to me that "get me off this shitty coffeeshop WiFi but do associate with my home WiFi when I get there" is a more common intent than "don't get on any network whatsoever until I remember to hit the button again".
Really hard to justify UX designs requiring mind reading to work or changing behavior of UX elements everyone understands especially where said cases of mind reading behavior can't be modified by users.
"More common intent" is hogwash... most people turn off the radios because they want to save non-removable battery life. They want them powered down.
Apple is doing this because they WANT the radios to stay on not because it's what users want.
Seriously are people really using.dev URLs to point to local resources where there could be a name collision with a real TLD? So you have a bunch of links to [].dev that people have stored. And then they switch networks where.dev resolves correctly and they start erroneously sending data to third parties. And we don't all see why that is an awful problem?
Myself and others saw why it was a bad idea many years ago. Unfortunately all ICANN saw was dollar signs when they opened the floodgates at expense of the network.
That's pretty narrow-sighted. http protects users from malicious intent by man-in-the-middle attacks such as injection by their ISP. HTTPS should be everywhere and the faster we get there the better
Encryption requires PERMISSION and thus serves as yet another point of leverage for those wishing to assert censorship over content and entities they don't like.
HTTPS as a destination is laughable... there are hundreds of entities.. some straight up state run by hostile governments with ability to generate keys seen as legitimate globally by the worlds population of web browsers. Better than nothing but hardly what I would deem to be anything approaching trustworthy or secure.
Ends don't justify means. A desire to reduce MITM opportunities does not justify forcing people to use https if they don't want to.
So what? I don't mean I don't care about the issue, I mean that this decission was never in the hands of W3C in the first place. It is, has been and will always be in the hands of the browser developers. Google, Microsoft and Netflix are behind this (among others) so if W3C would not have approved, it would have happened anyway.
Behind nonsense about voluntary open standards and assertions that standards documents are nothing more suggestions reality is every player in the market uses existence of these "standards" documents... vendors, management and customers alike as excuses to argue and lobby for x, y and z to be supported - sometimes above and beyond what would otherwise be rationally justifiable.
For example MS using standards as an excuse to destroy what's left of POSIX compatibility in their C compilers even though there is otherwise little in the way of defensible basis for it.
Do you have friends? Family? People you just happen to know?
No of course not. It's impossible for me to have any of those because I don't have a Facebook account.
Listening to the hopelessly addicted trying to justify their addiction is heartbreaking. The hook for social media is a deep feeling of being isolated and left out if you ever dare leave. This singular fact is what keeps many who see the problem, want to stop and do something more productive and interesting with their time keep coming back for another hit time and time again.
The problem is that it's becoming increasingly impossible to avoid being on social media, even if you never use it yourself.
Tell me about it... phones keep getting more and more difficult to use. There is no physical keypad anymore and they keep hiding the contact list in sneakier and sneaker places. With my old feature phone and blackberry used to be able to call or text someone just by typing the first few letters of their name. Now I have to find contact app and use a crummy on screen keyboard to find people I want to talk to.
Other people posting pictures of you, combined with facial recognition, means it's possible for social media networks to know quite a bit about you without you ever using them yourself.
Since I could be robbed or killed anywhere I go might as well walk around the shittiest neighborhood at night counting my bankroll aloud by myself.
As data mining technique improve, this is only going to get worse. Simply existing is going to be enough for companies to build profiles on you, regardless of whether you yourself use their services. It's not enough to not use the services yourself, you need to make sure no one you know ever posts anything about you as well.
If they keep pissing people off with wholesale stalking they are going to end up with big data paper weights. Relatively easy to poison datasets and extraordinarily difficult for algorithms to meaningfully reason about false information.
Another question I'd ask is: how is this even an invasion of my privacy? If someone takes a picture of me in public then I have no expectation of privacy. If they take a picture of me in private, potentially one that I'd prefer not be shared, then I'd say the fault lies with the individual who shared it and not the medium used to share
These no expectation of privacy arguments are mostly nonsense. Just because something happens in public does not grant everyone carte blanch to do whatever the f**** they please with that information.
Try following someone around in public all day and see what happens.
Try taking a picture of some random bikini chick on the beach, post it creeper magazine and see what happens.
Just because you see or overhear something in public does not grant you some magical right to do with it as you please without repercussions.
Where I live often seems as if standardizing the size and shape of check boxes is what's most important.
If not having a security.txt was considered as negligence by the courts
More likely companies would be afraid to add security.txt for fear its presence represents implicit permission/cover to hack/probe.
Researchers already face legal risks simply for reporting what they innocently stumble upon. Personally I would only report site vulnerabilities anonymously and probably not even that.
You'd find many companies needing to add them in order for certifications or to not face crazy damages in the case of a breach.
My own opinion this is much more likely to end up being yet another joke nobody quite gets like sending an email to abuse@domain and expecting a response.
Or inventing yet another cache header proclaiming dammit I mean it this time... for real...serious...
Step 1. Add a file security.txt to your web server containing your contact information.
Draft itself has an obvious security hole.
Section 4: " As stated in Section 2.4, keys specified using the "Encryption:" directive SHOULD be loaded over HTTPS."
There is no suggestion anywhere in the draft security.txt be served over a secure transport rendering section 4 suggestion for reference to public key be secure moot.
Sounds to me like old-school resonate microwave cavity spy bugs gone awry.
My guess is modern variants use extremely focused transmitters to avoid detection and idiots who installed them were not thinking placing transmitter in path where people would be dwelling for prolonged periods of time resulting in RF enriched brain cells of surveillance targets.
So everyone can hear how upset you are about a marginal loss of ability to stalk users as they move from website to website.
Phone the press... demand they cover this very important issue before it's too late. Better still.. launch a public awareness campaign... after all stalkers have rights and are people too.
It is possible see the difference between 1080p and 2160p.
No it isn't.
I recently upgraded - including my satellite service. The difference for sports is amazing, it is most notable with what is actually in the background than the foreground. I instantly clocked that I could see individual heads of people far far away from the race track that would normally be a big blur of heads. I switched away from UHD to HD to check that I was not going mad. I wasn't. The UHD detail does enhance the viewing experience. It's actually astounding. This is just one example without really thinking about it.
Test methodology likely flawed. Any test must be about resolution exclusively with no other factors.
Simply selecting an HD vs UHD version of a channel is NOT a valid test because it is extremely likely to entail selection of different codecs and bitrates.
What the marketeers don't want you to discover is 2160p content also looks just as amazing on 1080p displays... the reason for that is NOT display resolution. Especially over satellite well known for it's piss poor display quality. OTA is "4k UHD" compared to most satellite broadcasts. People are being scammed en masse.
I'm about 3m away from a 49" screen. I can see it. It's obvious. I have tired eyes from a lifetime in front of monitors too.
At that distance and screen size people with perfect vision are lucky to notice the difference between 720p and 1080p. You would have to be one meter or less from a 49" display to physically see a difference between 1080p and 2160p.
The limit of human vision is roughly 60 pixels per degree (PPD) of arc.
I'm sorry, but are you two blind? There is a clear difference from 480p to HD, and then again from 720 to 1080p. Even 1080p to 4K is noticeable. I'm going to go out on a limb here and say you two are as old as fuck and don't have a clue.
I have perfect vision and can tell the difference between 480p and 720p.. but it's not huge.. 720p vs 1080p or 720p vs 2160p... not a chance in hell from normal viewing distance.
I can see compression artifacts quite clearly over 720p on cable but commercials always look amazing at the same resolution... go figure.
Besides differences in human vision between individuals and effective PPD (Pixels per degree) based on TV size and viewing distance another noticeable quality factor is quality of the TV's upscaler. I can notice a significant difference between playing 480p content at 4k from a cheap AML s905 vs sending at 480p native and letting TV handle it. Some TV's (e.g. Sony) have amazing upscalers and some don't.
Slashdot Mirror
...with strncpy overflowing the allocated space.
I'm impressed by that developer's skill, but not in a good way. That's exactly the kind of brain fart error strncpy is designed to prevent. I presume, then, that this developer never bothered to make sure that the destination string was large enough for the job, and I hope that his next performance review reflected his carelessness.
strncpy is defective by design. The carelessness comes from allowing code with it to ever be checked in.
When I want to find bugs strncpy is one of the first things I look at exploiting. Very few understand null terminator is omitted on overflow.
Are we spoofing GPS here, or are we spoofing AIS? Just so we're clear... GPS is obviously GPS, but the summary seems to conflate GPS and AIS. AIS is a terrestrial based VHF system which takes GPS data from individual ships adds identifiers and transmits it to anyone who cares to listen, which usually means other ships and shore-side receivers. It sounds to me like it is AIS that is being spoofed -- which would be trivial compared to GPS.
It's talking about GPS spoofing where bad AIS data flows from bad GPS data.
Quoting TFA:
"Instead of displaying Atria's actual position, the ship's systems located it 25 to 30 miles away â" at Gelendzhik airport"
The US military already encrypts GPS for themselves - it can still be jammed, but it can't be spoofed.
All GPS receivers do is measure aspects of delay. These measurements become the basis for determining location.
It is not necessary for an adversary to understand a signal to alter time of receipt and therefore modify calculated position.
Maybe it's time encryption was applied to civilian GPS as well. It's not like consumer electronics don't have the capability to handle the decryption, and it's not like you'd have to use the same keys as military GPS.
I would opt for better internal clocks within receivers and schemes such as RAIM to allow meddling to be flagged with high level of confidence.
Most of these fools are engaged in terrorism. They are unwilling to tolerate people they disagree with so they challenge states monopoly on violence to achieve their political objectives. Of course this or any government is going to go after them.
Would those of you who modded this down care to explain yourselves? Are you condoning violence as a means to an end? Do you disagree with my definition of terrorism? Do you think there is insufficient evidence to support violence? YouTube video exist of these same people in their own words plotting to use violence to shut down metro system and "throat punching" others.
Most of these fools are engaged in terrorism. They are unwilling to tolerate people they disagree with so they challenge states monopoly on violence to achieve their political objectives. Of course this or any government is going to go after them.
Pretty much every aspect of your life is subject to the collective will of the society in which you live. You cry, 'Freedom of speech!', and they're saying, 'Stop the spread of dangerous hate!'. Since they have a lot more experience with domestic terror groups than Americans do, I understand why they're going that way.
EU's approach is embarrassing. They should spend more time addressing their problems instead of ordering people to "shut up" under threat of violence.
Right now, you're probably right. But when groups of malcontents are allowed to fester unchecked, they eventually cross the line from being bitter to being violent... and that's when the EU approach suddenly looks better.
Censorship is the go to tool of cowards who lack guts to stand behind their convictions unwilling to attempt hard work necessary to build general consensus for their positions.
I haven't seen it yet, but where did you get this from? Unless it's really overt in the first episode, the trailer certainly never made anything of any of those issues. I don't think there was any hint that any character was gay or trans at all, in fact. Lots of shows have gay characters anyway now, it's not remarkable.
This crap has been all over the media for MONTHS... a bit hard to miss.
Assuming what I've been hearing is true my expectation is for a series to be filled with pandering to all manner of specific tribal identities.
Just isn't something I have interest in no more than I care to see Nokia commercials in red convertibles or Martian potato farmers saved by the Chinese in exchange for access to Chinese markets.
What I want are interesting stories about the final frontier not political bullshit/CG craziness/single theme war with Crappy looking Klingons. Moot point anyway I refuse to accept the terms of CBS's privacy policy. Even if it the media was wrong and this turned out to be greatest star trek of all time it wouldn't make much difference to me.
Doubling down on crappy looking Klingons
Trailers filled with NOTHING but weapons fire and CG overload
gay/trans/ethnic political bullshit turned up to 11
I have to pay to see the rest of a TV series
If I pay to see the rest of a TV series I should expect to be rewarded with spyware installed on whatever I'm watching from.
CBS all access privacy policy says:
"Websites or other services you visited before and after visiting a CBS Interactive Services"
"Information about your interactions with audio and video content, such as the type of content listened to (including music applications such as iTunes, Spotify and Last.fm) and content viewed, and information about your interactions with email messages, such as the links clicked on and whether the messages were opened or forwarded;"
"Upon request, your bandwidth speed and information about the software programs installed on your computer including registry key information; and"
So basically if you watch Star trek you should assume spyware will be installed on whatever your watching it from to spy on EVERYTHING you do even if it has NOTHING to do with CBS all access.
This will be the first star trek I don't even bother watching even out of curiosity.
Do you use your smartphone to take photos?
I use a standalone camera. Higher surface area lens + higher quality sensor = better pictures. I find interface of real cameras to be a far better experience vs. touching slates of barely daylight visible glass.
The bigger question is why is any of this relevant? Are you asserting "coming sensor wave" is about smartphone cameras?
It's been nearly impossible to buy a phone even a dumb feature phone in the last decade without a camera... with 100% saturation cameras are OLD news. This begs the question what is a "coming sensor wave"?
There, the issue is multiplexing, I think. You can multiplex text messages easily, but not phone calls, at least not at the moment. Once one can control A/V streams by voice control, texting will die out.
All major smartphone platforms have supported voice dictation for years.
That's just a silly observation, and not even worth comment, except to note that you probably made it using a computing device which has been doubling in capacity and features every year for more than a decade.
It's a well understood side effect of unconstrained capitalism that came to me in a dream as I was sleeping thru Geo 130. Basically the objective function of corporations is generally always profit.
Sometimes "profit" and "progress" are aligned. Those working on discreet things where more x or better y yields profit tend to align more with progress. If your working to bring a new process node online, develop higher density interfaces and storage or improve power efficiency you have limited avenues for turning a profit other than delivering better hardware the market wants. You make money by kicking ass and taking names.
Those working software are under no such constraint. The opportunities to make money by means of being a little dipshit is infinite especially in the age of the Internet. Instead of improving your operating system you can opt to turn solitaire and minesweeper into pay apps. You can spend all kinds of time inventing new ways to erect walled gardens to extract value from the work of others, spy on and control customers to create new profit streams by rent seeking, data collection and serving ads. Not only are these activities counter-productive they carry unappreciated opportunity cost associated with working for profit vs working for progress...you haven't just made your software less useable you also haven't worked to make it more valuable to actually create new value for your users. In the past decade things have progressively degraded in the software space to the point where business models of legitimate companies are now indistinguishable from malware vendors.
Are Mexico, Canada and South Korea dumping solar panels for less than cost of production? Are they using slave labor? Do employees work in hazardous conditions?
If not please go fuck yourselves.
There's a fuckton of hardware out there that offers windows fileshare functionality. And requires SMB 1, which is horribly insecure and deprecated and should be disabled. And most of that hardware is running some kind of Linux.
SMB 2 and 3 for all intents and purposes also lead to atrocious security outcomes. Safer to only run these things over IPsec if your concerned about security.
I've been thinking about the coming sensor wave for some time, and what I've concluded is this: give people something genuinely more convenient, and they will trade it for slightly more risk, every time. It won't even be close.
So is the "coming sensor wave" genuinely more convenient?
Why? Because people intuitively want to use ALL their senses to control their environment. It's something they've been doing their entire lives, and your typical computer interface really stinks by comparison.
Seems quite a lot of people would rather send text messages than talk on a phone.
Only a small minority seem to have much interest at all in video phones.
It's increasingly popular for people to buy things from flat 2d websites rather than shop in real life and numerous experiments at 3Dish interfaces for virtual shopping malls..etc. have failed without any fanfare due to lack of interest.
Heck, even something mundane like driving a car provides a hugely richer control experience than using any smartphone app you can name.
This must explain why they are always reaching for their phones while driving. Driving is such a rich experience after all...
Computer-human interfaces suck. You can't fight progress in this area.
Fighting progress is basically the full time job of technology companies these days. Every time I turn around some asshat has invented a new means of screwing with me.
Profiting from market failure is a well known feature of capitalism.. there simply isn't much in the way of market incentive for progress. It simply isn't the objective function of the tech industry or any industry for that matter.
I am sorry that the W3C had to approve DRM. However most of the arguments against it are rather lame. Most people just want to watch their movie. They donâ(TM)t want to copy it or use it unfairly.
But the thing with digital media is if it is too easy to copy and share. That is what will happen.
The problem seems to me to be obvious. It's simply a reflection of lack of legitimacy in state's laws governing use of IP. Corporations over many decades have used their leverage to enact and maintain laws a sufficient number of people have no problem willingly disregarding with impunity.
Technological solutions to political problems especially one involving pointless measures easily circumvented have a proven track record of failure.
That is what will happen. Old anolgies with VCR do not apply because that is an Analog copy so every copy is degraded. While every copy of digital data is the same.
Nobody doing the copying or watching of VHS tapes cared. The concept of degradation with each copy was invented by lawyers for lawyers.
Even weak DRM is enough to stop most people and going to court it is easy to prove malicious intent.
Are you sure about that? It does not seem to be enough even to stop my technologically illiterate relatives from inadvertently buying all-in-one boxes with integrated bit torrent clients allowing anything to be watched. In their own defense they were completely clueless as to the legality/legitimacy of the product purchased locally at a fair and didn't believe me or appreciate my snickering when pointing out the obvious.
If you don't like antidotal evidence here's some hearsay. This year MPAA's top lawyer was quoted saying:
"An estimated 981 million movies and TV shows were downloaded in the U.S. last year using P2P"
All of the DVDs and Blu Rays for movies and TV shows not pulled OTA are encrypted by means of weak DRM and yet it doesn't seem to be stopping anyone who wants it from getting it.
Does it goes against Open Source Standards? Yes it does. However the world doesnâ(TM)t rotate around open source standards. If you want to get rid of it you will need to blacklist all the sites that use it. And properly boycott the DRM material. This doesnâ(TM)t mean pirating the content. But going without it in terms of protest. Pirating the content will only show there is a demand for their product and double down on the DRM to fight piracy more.
The more services like Netflix fill in the gap making content more affordable and reducing barriers to entry the more piracy incentives and supporting infrastructure evaporate. DRM is irrelevant. One need only look at the Internet bandwidth utilization stats to see the trendline of Netflix vs P2P over time.
There are examples of the market rejecting DRM such as music/MP3 scene that never involved hunger strike protest. It involved people recognizing a need/market and filling the gap.
Calling it 'stupid' is a bit of an overreaction to what is basically a UI change to map a more-commonly-held button on what is perceived to the more-
commonly-intended outcome. Maybe that attribution of intended outcome is
If my phone behaved like that I sure as heck would be pissed and call it stupid.
A disconnect button is apparently too hard for Apple to implement or understand. On Android you long press the toggle buttons to manage existing WiFi/BT connections in more detail.
wrong (as anyone that has tried to help less technical people, trying to figure out what someone is actually trying to do is a hell of a thing) but it seems at least reasonable to me that "get me off this shitty coffeeshop WiFi but do associate with my home WiFi when I get there" is a more common intent than "don't get on any network whatsoever until I remember to hit the button again".
Really hard to justify UX designs requiring mind reading to work or changing behavior of UX elements everyone understands especially where said cases of mind reading behavior can't be modified by users.
"More common intent" is hogwash... most people turn off the radios because they want to save non-removable battery life. They want them powered down.
Apple is doing this because they WANT the radios to stay on not because it's what users want.
Seriously are people really using .dev URLs to point to local resources where there could be a name collision with a real TLD? So you have a bunch of links to [].dev that people have stored. And then they switch networks where .dev resolves correctly and they start erroneously sending data to third parties. And we don't all see why that is an awful problem?
Myself and others saw why it was a bad idea many years ago. Unfortunately all ICANN saw was dollar signs when they opened the floodgates at expense of the network.
That's pretty narrow-sighted. http protects users from malicious intent by man-in-the-middle attacks such as injection by their ISP. HTTPS should be everywhere and the faster we get there the better
Encryption requires PERMISSION and thus serves as yet another point of leverage for those wishing to assert censorship over content and entities they don't like.
HTTPS as a destination is laughable... there are hundreds of entities .. some straight up state run by hostile governments with ability to generate keys seen as legitimate globally by the worlds population of web browsers. Better than nothing but hardly what I would deem to be anything approaching trustworthy or secure.
Ends don't justify means. A desire to reduce MITM opportunities does not justify forcing people to use https if they don't want to.
So what?
I don't mean I don't care about the issue, I mean that this decission was never in the hands of W3C in the first place.
It is, has been and will always be in the hands of the browser developers.
Google, Microsoft and Netflix are behind this (among others) so if W3C would not have approved, it would have happened anyway.
Behind nonsense about voluntary open standards and assertions that standards documents are nothing more suggestions reality is every player in the market uses existence of these "standards" documents... vendors, management and customers alike as excuses to argue and lobby for x, y and z to be supported - sometimes above and beyond what would otherwise be rationally justifiable.
For example MS using standards as an excuse to destroy what's left of POSIX compatibility in their C compilers even though there is otherwise little in the way of defensible basis for it.
Do you have friends? Family? People you just happen to know?
No of course not. It's impossible for me to have any of those because I don't have a Facebook account.
Listening to the hopelessly addicted trying to justify their addiction is heartbreaking. The hook for social media is a deep feeling of being isolated and left out if you ever dare leave. This singular fact is what keeps many who see the problem, want to stop and do something more productive and interesting with their time keep coming back for another hit time and time again.
The problem is that it's becoming increasingly impossible to avoid being on social media, even if you never use it yourself.
Tell me about it... phones keep getting more and more difficult to use. There is no physical keypad anymore and they keep hiding the contact list in sneakier and sneaker places. With my old feature phone and blackberry used to be able to call or text someone just by typing the first few letters of their name. Now I have to find contact app and use a crummy on screen keyboard to find people I want to talk to.
Other people posting pictures of you, combined with facial recognition, means it's possible for social media networks to know quite a bit about you without you ever using them yourself.
Since I could be robbed or killed anywhere I go might as well walk around the shittiest neighborhood at night counting my bankroll aloud by myself.
As data mining technique improve, this is only going to get worse. Simply existing is going to be enough for companies to build profiles on you, regardless of whether you yourself use their services. It's not enough to not use the services yourself, you need to make sure no one you know ever posts anything about you as well.
If they keep pissing people off with wholesale stalking they are going to end up with big data paper weights. Relatively easy to poison datasets and extraordinarily difficult for algorithms to meaningfully reason about false information.
Another question I'd ask is: how is this even an invasion of my privacy? If someone takes a picture of me in public then I have no expectation of privacy. If they take a picture of me in private, potentially one that I'd prefer not be shared, then I'd say the fault lies with the individual who shared it and not the medium used to share
These no expectation of privacy arguments are mostly nonsense. Just because something happens in public does not grant everyone carte blanch to do whatever the f**** they please with that information.
Try following someone around in public all day and see what happens.
Try taking a picture of some random bikini chick on the beach, post it creeper magazine and see what happens.
Just because you see or overhear something in public does not grant you some magical right to do with it as you please without repercussions.
On the contrary, standards are super important.
Where I live often seems as if standardizing the size and shape of check boxes is what's most important.
If not having a security.txt was considered as negligence by the courts
More likely companies would be afraid to add security.txt for fear its presence represents implicit permission/cover to hack/probe.
Researchers already face legal risks simply for reporting what they innocently stumble upon. Personally I would only report site vulnerabilities anonymously and probably not even that.
You'd find many companies needing to add them in order for certifications or to not face crazy damages in the case of a breach.
My own opinion this is much more likely to end up being yet another joke nobody quite gets like sending an email to abuse@domain and expecting a response.
Or inventing yet another cache header proclaiming dammit I mean it this time... for real...serious...
Step 1. Add a file security.txt to your web server containing your contact information.
Draft itself has an obvious security hole.
Section 4:
" As stated in Section 2.4, keys specified using the "Encryption:" directive SHOULD be loaded over HTTPS."
There is no suggestion anywhere in the draft security.txt be served over a secure transport rendering section 4 suggestion for reference to public key be secure moot.
Sounds to me like old-school resonate microwave cavity spy bugs gone awry.
My guess is modern variants use extremely focused transmitters to avoid detection and idiots who installed them were not thinking placing transmitter in path where people would be dwelling for prolonged periods of time resulting in RF enriched brain cells of surveillance targets.
So everyone can hear how upset you are about a marginal loss of ability to stalk users as they move from website to website.
Phone the press... demand they cover this very important issue before it's too late. Better still.. launch a public awareness campaign... after all stalkers have rights and are people too.
It is possible see the difference between 1080p and 2160p.
No it isn't.
I recently upgraded - including my satellite service. The difference for sports is amazing, it is most notable with what is actually in the background than the foreground. I instantly clocked that I could see individual heads of people far far away from the race track that would normally be a big blur of heads. I switched away from UHD to HD to check that I was not going mad. I wasn't. The UHD detail does enhance the viewing experience. It's actually astounding. This is just one example without really thinking about it.
Test methodology likely flawed. Any test must be about resolution exclusively with no other factors.
Simply selecting an HD vs UHD version of a channel is NOT a valid test because it is extremely likely to entail selection of different codecs and bitrates.
What the marketeers don't want you to discover is 2160p content also looks just as amazing on 1080p displays... the reason for that is NOT display resolution. Especially over satellite well known for it's piss poor display quality. OTA is "4k UHD" compared to most satellite broadcasts. People are being scammed en masse.
I'm about 3m away from a 49" screen. I can see it. It's obvious. I have tired eyes from a lifetime in front of monitors too.
At that distance and screen size people with perfect vision are lucky to notice the difference between 720p and 1080p. You would have to be one meter or less from a 49" display to physically see a difference between 1080p and 2160p.
The limit of human vision is roughly 60 pixels per degree (PPD) of arc.
49" display 3 meters away effective resolution:
720p = 58 PPD
1080p = 88 PPD
2160p = 175 PPD
I'm sorry, but are you two blind? There is a clear difference from 480p to HD, and then again from 720 to 1080p. Even 1080p to 4K is noticeable. I'm going to go out on a limb here and say you two are as old as fuck and don't have a clue.
I have perfect vision and can tell the difference between 480p and 720p.. but it's not huge.. 720p vs 1080p or 720p vs 2160p... not a chance in hell from normal viewing distance.
I can see compression artifacts quite clearly over 720p on cable but commercials always look amazing at the same resolution... go figure.
Besides differences in human vision between individuals and effective PPD (Pixels per degree) based on TV size and viewing distance another noticeable quality factor is quality of the TV's upscaler. I can notice a significant difference between playing 480p content at 4k from a cheap AML s905 vs sending at 480p native and letting TV handle it. Some TV's (e.g. Sony) have amazing upscalers and some don't.