The best way to secure "IoT" is for the industry to keep right on marching toward a not so distant future where "IoT" and "SMART" are widely viewed as toxic and undesirable.
At some point the consumer is going to ask themselves... do I REALLY want to pay $200 for fake FBI notices, ransom notes and advertising burned into my toast or can I get by with the $20 wall-e-mart special?
Do I really want to put up with a toaster that stops making toast whenever Internet is down, whenever original vendor goes out of business, wants me to buy a new one or no longer feels like "supporting" their creation? Can I get by with the $20 wall-e-mart special?
Do I want my appliances watching me stumbling about my kitchen and uploading my performances to James Clapper and criminal gangs or can I get by with the $20 wall-e-mart special?
Do I take members of US intelligence agencies seriously when they warn/gloat:
"Items of interest will be located, identified, monitored and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers and energy harvesters all connected to next-generation Internet using abundant, low-cost and high-power computing."
Or
"In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials."
Perhaps I can get by with the $20 wall-e-mart special?
Something I regularly encounter are unproductive jack-offs who don't know shit and don't do shit. These people are as harmless as they are worthless.
Three steps to dealing with jack-offs.
1. Ignore them 2. Avoid any interaction that may out anyone as being jack-offs or otherwise being seen in a bad light. 3. Actively cover for jack-offs using broad language making it seem everyone is pulling their weight without explicitly saying so.
I work to get shit done even if it is work someone else ought to be doing. I don't give a shit. Refuse to waste my time babysitting or trying to change people. The only thing necessary is to make sure you have/use source control so you can prove your worth in relative terms should it ever become necessary.
One thing I will absolutely not tolerate are people actively impeding me from doing my job. If it ever happened I would immediately get in their face and demand they step off. Failing that depending on how much I care either leave or gather evidence, present to management respectfully demanding change. It's never happened and I doubt it really could. I'm way too focused on getting shit done and people who would seek to play these games are more likely than not to be intellectually lazy and therefore easily managed.
Given that the Democrats are trying to start WWIII by doing everything from poking Russia with a pointy stick to rolling out tanks on their border, this is a damned good thing.
Every time I hear "trying to start WWIII" it becomes hard not to tune out. This is such a tired old talking point devoid of any coherent information or useful context to the extent of being virtually non-falsifiable in nature.
If a training exercise in Norway = WWWIII god can only guess what conducting the same in SK territory means with respect to DPRK, US warships "invading" Chinese territory in South China Sea, Russia annexing land in foreign countries, Russia invading Georgia, Russian invading a country they signed defense treaties with (e.g. Budapest Memorandum), planting flags in Artic and conducting joint training exercises in Cuba.
Anyone could make reverse argument being a pussy and standing down or otherwise perusing appeasement and capitulation can also lead to war by empowering those with expansionist aims to become blind to consequences.
None of these statements are worth anything in and of themselves. They are two sides of the same worthless coin.
If you don't agree with a particular course of action much better simply to support your position by providing falsifiable evidence explaining specifically why a course of action is reckless or dangerous.
So far US government has utterly failed to provide any compelling evidence to support it's assertions. Yet another worthless mostly off-topic 13 page document crying about success of foreign propaganda rather than supporting any of it's positions with evidence.
Everyone knows what "RT" is. It's no secret to anyone who isn't living under a rock why they exist and what they do any more than it's no secret why VOA/CNN exist.
All I've seen on CNN the past few weeks is... Wikileaks is an agent of Russia, Wikileaks stole information, Assange is wanted for rape, Assange rapes little girls and persistently pathetic stories of low morale and despair among TLAs because Trump won't listen to them.... WAHHHHHHH.
Do I trust US intel to provide truthful and accurate "assessments" to the public? After curveball's mobile production facilities, aluminum tubes and Uranium (dramatic pause) from Africa do you really need to ask?
The only way they could know that is if they're spying on everyone who uses Windows.
Am I wrong? Is there some other, totally consensual and benign way that they could know this?
They could have conducted a survey and made statistical inferences but why bother when they can just take what they want?
As for "all-pervasive surveillance", Google does collect huge amounts of data, but after two years of trying pretty hard to test Google's defenses against internal employee hacking, I have to give Google an A+. I can't help but to poke at every weakness I see - it's a personality flaw. I personally have not seen 1 byte of user data that I did not need to do my job, and I am easily in the top 1% of nosy Googlers. My son told me once, "You love to be evil for good". That's how I feel about testing defenses. There is always room for improvement, and I think we're trying hard to improve, but no other company on earth comes close to protecting user data like Google does today.
NSA offers roughly the same message only they claim collecting data doesn't actually count as "collecting" until it has been used. They are basically asserting it isn't what you have it is what you do with what you take that counts.
This doesn't work for money stolen in bank heists or scams, exfiltration of confidential data such as trade and government secrets. It doesn't seem rational to believe any judge anywhere would accept the line of argument you didn't use what you took as a defense...
NSA brass even makes public statements about all of their safeguards and red tape... at least when they are not undermining themselves by publically gloating about their power and exploits.
Anyway, I'm guessing you don't really know what goes on at Google, but this is Slashdot. Stating strong opinions about that which we know nothing about is what we do here...
Personally speaking for myself I just don't care. Just like NSA collecting data domestically such assertions of being careful and self-limiting completely misses the point it's simply none of Google's business in the first place.
Massive corporations (especially ones with a defacto monopoly) and governments always try to sell the idea they are somehow different or special insulated from historical examples of human nature. They want us to believe they won't overreach or leverage themselves in pursuit of their objective functions. I am not interested in debating this point or characterizing anyone as good or evil.
I am only interested in promotion of structures which hold EVERYONES feet to the fire. This means a few massive companies like Google don't get to go ape shit and read everyone's email and track everyone's every move across virtually every website on the planet whether Google is their search engine or not.
This behind the scenes industrial scale spying relies mostly on ignorance and lack of choice. All of this data ultimately isn't being used for everyone's benefit it is being used to give corporations an upper hand over consumers -- an unfair advantage, an unfair playing field. They don't want *their* feet burnt.
Hopefully soon with increasing public awareness, certain hidden technological changes and possibly legislation there will be adjustments to better balance things out. The status quo is unsustainable and Google is at the forefront of being the problem.
10000 employees know most of their affiliate adwords hits are generated from worthless click farms. 9999 of these same people don't care.
Any rational number divided by count of current Google employees over 40 result in an undefined answer.
28 employees tried to eat parts of android version statues on at least two separate occasions.
89 ran away from the giant honeycomb bee thinking it might sting them.
31415 employees have used wget at least once. Of these 21415 have set an alias in their shells to include --no-check-certificate. 300 type it every time, 200 tried and failed to find a shorter flag, 50 tried unsuccessfully to locate a stash of root certs. Only 3 were aware of the fact using wget constitutes a crime.
While 100 think Google's corporate motto should be "Playing to the edge" the majority of Google employees regret their role in cyber stalking the worlds peeps.
You think people should be able to sue this family because their daughter died in a fatal car crash caused by a man using an *Apple technology* for which *Apple holds* an unimplemented patent that could have prevented said accident?
NO obviously I think no such thing. Also Apple doesn't hold this patent the suing party does.
Talk about victim blaming. (Yes, I am referring to myself "blaming" you--the victim of a school system that failed to teach reading comprehension--with my razor sharp wit.)
1. You have failed to understand what I wrote in the specified context.
2. You have built upon your earlier failure to attack a straw man.
3. You have failed to RTFA as evidenced by incorrectly asserting Apple holds a patent the suing party actually holds.
I was pointing out in an "alternate reality" in which you are able to sue someone for not implementing something it seems perfectly reasonable in the context of that "alternate reality" to also go after parties who in some way make it more difficult to implement that same thing. By patenting the technology suing party has clearly made implementation more difficult.
To make it clear for those compelled to let their assumptions substitute for comprehension I don't believe I currently live in the specified "alternate reality" nor would I ever want to nor do I advocate for any such nonsense.
What they collect (e.g. everything including Your F***ing passwords...)
Wireless network SSID/password (encrypted); * Device information, including any Personal Information you include when assigning device name(s) and, if provided, the name of the person to whom the device is assigned, and device user agent data/app user agent data, including device type, manufacturer, and model; operating system; and IP address; * Data regarding device usage, including data regarding the time of last device use, internet usage time for each connected device, and gateway logs detailing network connection activities; * Website addresses for parental control settings, including blocked websites, visited websites, and time and content filter information; * Personal Information you may enter into your profile, including username and your picture; * Personal Information you provide for customer support and connectivity assistance, such as userID, name, role, policies, and device information; * Attempts to download executable files/mobile apps; * Shipping address and related information.
What they do with it...
* Norton Core uses Google Analyticsâ(TM) Measurement Protocol with IP anonymization parameters to transmit critical error information (including IP address) and information on your feature usage services (âoeNorton Core Telemetryâ) to Google Analytics, which is not owned or operated by Symantec.
* Understanding product usage and alerts to inform you of better ways to benefit from a productâ(TM)s features
* Statistical analysis of product deployment
* Providing us with business and marketing information
How they use it...
* We are a global organization and may transfer Your Data to other countries, including countries that may have less protective data protection laws than the country in which you are located.
* may be disclosed in connection with any proposed or actual sale or other transfer of some or all assets of Symantec in the event of a reorganization, merger, acquisition, or sale of our assets;
* may be disclosed and shared if we are required to do so by law or in response to a request from law enforcement authorities;...Here they are clearly saying anyone in law enforcement can simply request data and receive it even if not required by law...
* To promote research, awareness, detection, or prevention of security risks, Symantec may disclose Your Data to relevant public and private entities such as cybersecurity or identity theft research organizations and security software vendors.
Apparently also customers responsibility to make sure their down line users and guests are informed their data is also being collected. Note that "your disclosure" actually means going to the management portal and configuring a new device.
It is your responsibility to ensure that any disclosure by you to Symantec of Personal Information of your users or third parties is in compliance with applicable privacy and data security laws, including informing users and third parties that you are providing their Personal Information to Symantec, informing them of how it will be transferred, used, or processed, and gathering appropriate consents and other legal measures required for such transfer, use, or processing.
How many days till we see an advisory for Norton core enabling attackers a method of leveraging Norton core to compromise systems it is supposed to be protecting?
Also apparently if you don't renew your subscription your Norton paper egg turns into a Norton paper weight as they disable all access controls on spite not just the scanning/heuristic subscriptions but basic ACL shit too.
I don't know if you can blame the language, the devs should have added their own checks if the language didn't have a guarantee.
Noting math/rand is part of the standard go library and more rigorous compile time checking would have prevented this seems like a no-brainer to blame the language.
Putting aside obvious fact such patents should never have been issued in the first place if this family cared about public safety why would they seek patent protection?
Patent encumbering technology does not promote adoption it always considerably retards it even if you make public promises not to enforce. Surely they knew or should have known this going into it. They could have released their "systems and methods" into the public domain. Now they expect sympathy for actively working against public safety?
In an alternate reality where they are able to get away with this other people should be able to sue this family for their own injuries and deaths related to smartphone distraction for their part in assuring this technology would NOT be adopted.
Self driving cars using just cameras and radar is still an open research problem. Even when using more advanced (and expensive) sensors like LIDAR, there are still a huge number of problems that are not solved. Either Tesla has a vastly better self-driving algorithm than every other University in the world, every other car manufacturer in the world, Google, AND Uber, or they are putting a half-baked product on the road.
To me it sounds like they are just playing word games. They say version 2 hardware is "capable" of fully autonomous driving but doesn't seem they actually have the software to actually able to pull it off. Sensor suite and GPU based processing for version 2 does seem quite advanced/impressive.
If they do manage to get full self driving under ALL conditions working at least slightly better than people I'll be the first to congratulate them. Until then F Tesla for public betas and half baked marketing gimmicks enabling drivers to tune out and lose situational awareness.
I'll happily become an organ donor as soon as there is process in place to deny hospitals any and all financial incentive arising from harvesting organs. Until then call me a conspiracy theorist until your blue in the face betting against human nature or thinking doctors are goddamn saints having your best interests at heart.
Look at all the people addicted to prescription drugs in recent history. What changed? Who the heck do you think keeps prescribing all of this shit? Receptionists? Why are all the pharma sales reps always young chicks that just happen to be as hot as hell? How is this even an industry let alone a multi-billion dollar one to begin with? How does this serve the best interests of the patient? Numerous studies indicating widespread instances hospitals pressuring doctors to be profitable by forcing them to cut corners to cover for unsafe staffing levels to ordering tests or procedures they believe to be unnecessary or redundant to profit based discharge and admitting criteria. You would be hard pressed to find a hospital anywhere in the US where those involved in providing care would not admit to being forced to act in ways that go against their training to accommodate pressures of their job. Ask anyone you know who works in the field. A doctor a nurse...anyone and see what the they tell you or just lookup the stats showing 100k hospital deaths/year due to preventable errors. Hospitals are not run as bastions of humanity helping others they are businesses looking for profit the same as any other commercial enterprise.
I deal with enough assholes in my own family who openly root for death of relatives so they can cash in on inheritance. People are inherently scum. The only way to keep them in line is not to incentivize them to do scummy things. Organ donation is too big a carrot... one that can easily be addressed by structures to prevent people from devolving into scum.
I don't know of anyone who refuses to donate because they care what happens to their organs or some religious/philosophical bullshit... everyone I've spoken to refuse because they are human and they know enough about human behavior to fear being looked at as a profit center rather than a patient... You can strongly disagree and say I'm and everyone who thinks like me is full of shit...but you'll never change my mind nor will you be able to explain why structurally such a conflict of interest even needs to exist in the first place. If it is really about helping people this should be a no-brainer and everyone should be on board with structurally doing what is necessary to make it a reality. The little that does exist such as NOTA has effectively been bypassed/ignored with impunity.
"Many consumers" does not equal "Apple customers". That, right there, is the fundamental problem. Apple customers want thinness at all costs. And so many companies, like Samsung, are sooo jealous and envious of Apple's cultist customer base that they somehow think that they can replicate this level of success by copying Apple's impractical and user-hostile design decisions.
I see too many people sporting iPhones in bulky protective cases every day to believe even Apple customers actually want thinner phones.
Correct me if I am wrong, but isn't every public server handling TLS connections basically non-secure as a middle man, between a website and someone's web browser?
Surely not to be confused with end-to-end encryption?
There are at least two answers.
Answer 1 - It is E2E and secure against active man in the middle attack:
Browser maintains a list of entities it trusts. Secure websites advertise a certificate blessed by one of those entities. Since an active middleman does not possess secure websites private key it does not have the means to trick browsers into thinking attacking site / proxy was blessed by a trusted entity.
Answer 2 - Answer 1 is in real terms just an illusion:
It is also necessary to consider practically how trust is managed in the real world. Today "blessing" by trusted entities is a completely lights out automated process often relying exclusively on unsecured communications in the areas of naming, addressing and web server probe (e.g. leap of faith) to achieve.
Lets say you have access to see/change traffic to or from a victim server. You can use this access to go to any legitimate SSL provider and rewrite probe requests from this SSL provider to trick it into thinking you have demonstrated ownership of a system you are requesting a certificate for.
You may now leverage your shiny new blessed certificate using your own private key to intercept servers TLS connections with victim browsers having no idea their communications are being compromised.
There are valid reasons for surveillance and wire tapping on individuals; there are few-to-no valid reasons for mass surveillance. HTTPS everywhere stops the latter.
HTTPS doesn't prevent leakage of timing and size of content. Server name is sent in the clear and TLS identifier used for session resumption is not obscured allowing activities within a site to be linked to specific browser instances.
With some analysis they can still deduce exactly what many people are doing despite encryption.
There are more than enough people being caught doing these crimes to be taken out of society make up for the shortfall that safer cars' bettering society will cause.
Bettering society? All I see in your remarks is advocating for people with power to leverage it against others to benefit themselves. This isn't how you better society it is how you rot it out.
We have already seen what happens when you breed corruption in the legal system. Government now steals more shit from people without even bothering to charge or convict than sum total of everything reported stolen.
During my lifetime the rate at which cases have gone to trial has dropped by an order of magnitude. Plea bargaining has over time created positive feedback loops in the legal system leading to laws and sentencing which assume pleas would take place allowing for insane and unjust "threats" to effectively compel cooperation. See also https://en.wikipedia.org/wiki/...
We have seen widespread fraud stemming from deployment of red light cameras as money making schemes actually CAUSING more traffic accidents by tweaking signals to maximize profits.
We have seen prison for profit industrial complex actively lobby to enrich itself at the expense of all of society.
All profiting off killing people will do is provide incentive to kill more people as is happening right now in China.
13 pages... more like 3 pages followed by nonsense and boiler plate security "advice".
The pages offer only assertions unsupported by any provided evidence and describe techniques that are widely used by everyone. They don't even bother to explain linkages between APT xx and the Russian government.
I don't trust TLA's. They have a long history of being weasels and publically selling lies to support themselves and their masters political agendas. My view the government should either provide actual evidence to support its assertions or STFU.
If there's one variable that affects the Earth's climate, it's the output of the Sun.
Just received official word NASA stereo satellites are part of a false flag climate hoax launched into orbit around a sound stage transmitting illuminati approved disinfo to the world.
I hope Trump shuts all this worthless science shit down. We need real data not bullshit from dishonest scientists.
If there's a second variable that affects the Earth's climate, it's the kinematics of the Earth about the Sun. Neither should be considered constant.
Thanks for letting everyone know because before you spoke up nobody was monitoring or accounting for these things.
The real hoax was that climate is constant.
Nobody doubts in a billion years or so an irreversible moist earth runaway greenhouse effect will take hold leading to tropical surface temperatures measured in thousands of degrees.. obviously not a very good hoax.
predictable
Human contribution to energy balance is trivial to calculate and isn't a serious topic of debate. What is much more difficult is understanding any positive or negative feedback systems that could work to offset it one way or another. In other words "fuck it" just assume whatever makes you happy or trust god will sort it out.
controllable.
You could set off all the worlds nukes and cool the earth by tens of degrees for decades.
If your not completely blocking Facebook domains they will also stalk you as you move from website to website thanks to globally pervasive social media bugs installed on websites throughout the Internet.
1. There have not been "hoards" of Muslim hoodlums entering Germany. Most of the refugees are actually fleeing Islamic terrorists.
About half are from Syria most of those people fleeing democide inflicted by a secular government.
The guy had his asylum application processed in good time. The problem was they could not deport him because his country would not take him back.
Nobody cares about lame excuses.
The falling is that the security services knew about him but didn't stop him.
See above. Germany is at the very least to blame for not being prepared, putting out an invite that got thousands killed plus above "won't take him back" nonsense. You can structure migration in a way where these problems are mitigated or you can just take a bunch of half-assed measures and act surprised when it blows up in your face.
This does not warrant your extreme, xenophobic reaction.
Back in the real world when all you see when you turn on the news in these countries are more examples of "your people" being attacked or murdered at the hands of "those people" good luck getting anyone to care about words like "xenophobic" or any objective reality. Your declarations of what is warranted and what is not are losing out handily in the court of public opinion.
Home 24x7 broadband Internet connections with bandwidth 100x of the LANs I grew up hacking together. Computers thousands of times more capable in every way.
Even Grandma's now ancient desktop has an operating system with memory protection, preemptive scheduling, multi-processing and a capable IP stack.
Pocket sized computers now sport capabilities I wouldn't believe myself had someone from the future came back and handed me.
There have been amazing advances in nifty 3-D graphics, web browsers, search, multi-player games like mindcraft and all manner of MMO, global video sharing services, Wikipedia, stack*...
Until relatively recently tech companies I cared about who built hardware and software were focused on getting shit done... providing value for their customers and pushing technology. Today it seems all of the innovation has shifted to production of hardware and software for purposes of facilitating ads and malware. The market seems to have turned to complete shit driven by a death spiral toward everything must be "FREE". I routinely find myself disgusted with what I see talking place around me as "legitimate" companies emulate the playbooks of malware outfits of the past.
The core point of interest to me with regards to computing has always been the structure and utility of the Internet for people to actually effectively communicate.
Internet E-mail is still as insanely dangerous as the first time I entered my SMTP settings and asked how it knew "who" I was only to find out it didn't actually care. It didn't take a rocket scientist to see the incredible damage to countless millions that would arise from this.
The killer feature of the Internet.. the fact it's a network of *peers* remains largely untapped and ignored. There is no market based incentive to care.
Finding information today online is not appreciably different than it was two decades ago with the same players (search engines and ad networks) funding both good (useful content) and evil (spam farms) to similar degrees... They don't really care...never have..
Rate at which the Internet is being converted into something resembling CompuServe/ Prodigy is depressing. Rate of participation of normal people wanting to get involved and host something vs signing up for a Facebook account and "cloud" worshiping is equally depressing.
Market pressures are reinforcing broken shit and actively impeding efforts to address problems because Band-Aids have become billion dollar industries onto themselves. Status Quo way more profitable than actual solutions.
Sheer contempt tech companies now have for people I find breathtaking. Google reads everyones email's. Consumer router/device vendors intentionally produce dangerously broken products and step away Scott free from the carnage left in their wake. Facebook collects histories of every site everyone visits regardless of whether you even use their service. Operating system vendors distribute software containing active remote access trojans by default, denies users the ability to prevent information about what they do and how they use their own computer to be transmitted to others without their consent. Crowd sources beta testing and deny users the ability to opt out. Force reboots whether you want them to occur or would be adversely affected or not. They just assume without even giving it a second thought their perceived needs in any trump respecting their customers.. the user...oh right... users are not customers anymore.
Really hard to think computing is "COOL" when the industry is chalk full of scum.
If the echo actually recorded everything in its hearing range and sent it up to the mother ship you would see the packet traffic, there would be a significant drag on your bandwidth and if you are charged by the megabyte your billing would jump through the roof the moment it was turned on (assuming something like 1 meg/minute of audio would give 1440 megs per day in usage).
Voice codec traditionally used by cell phones and VoIP average on the order of 1k/sec. This is 60k/minute, 3.6 mb/hr, 86 mb/day or 2.5 gb/month. It wouldn't be noticed by most broadband subscribers. This not counting deployment of silence detection or significantly more complex codecs enabling you to do many times better than 86mb/day. Combined with batch operation that sent a week or more at a time users could be left completely clueless without reverse engineering/persistent packet capture.
This isn't to say it is actually being done only the premise it couldn't be done without tipping off the average user who would "notice" is sadly not true.
Today murder investigation, tomorrow evidence of banging "Alexa" uncovered during divorce investigation and day after that determination of "no expectation of privacy" within your own home because "technology".
Slashdot Mirror
The best way to secure "IoT" is for the industry to keep right on marching toward a not so distant future where "IoT" and "SMART" are widely viewed as toxic and undesirable.
At some point the consumer is going to ask themselves... do I REALLY want to pay $200 for fake FBI notices, ransom notes and advertising burned into my toast or can I get by with the $20 wall-e-mart special?
Do I really want to put up with a toaster that stops making toast whenever Internet is down, whenever original vendor goes out of business, wants me to buy a new one or no longer feels like "supporting" their creation? Can I get by with the $20 wall-e-mart special?
Do I want my appliances watching me stumbling about my kitchen and uploading my performances to James Clapper and criminal gangs or can I get by with the $20 wall-e-mart special?
Do I take members of US intelligence agencies seriously when they warn/gloat:
"Items of interest will be located, identified, monitored and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers and energy harvesters all connected to next-generation Internet using abundant, low-cost and high-power computing."
Or
"In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for
recruitment, or to gain access to networks or user credentials."
Perhaps I can get by with the $20 wall-e-mart special?
Something I regularly encounter are unproductive jack-offs who don't know shit and don't do shit. These people are as harmless as they are worthless.
Three steps to dealing with jack-offs.
1. Ignore them
2. Avoid any interaction that may out anyone as being jack-offs or otherwise being seen in a bad light.
3. Actively cover for jack-offs using broad language making it seem everyone is pulling their weight without explicitly saying so.
I work to get shit done even if it is work someone else ought to be doing. I don't give a shit. Refuse to waste my time babysitting or trying to change people. The only thing necessary is to make sure you have/use source control so you can prove your worth in relative terms should it ever become necessary.
One thing I will absolutely not tolerate are people actively impeding me from doing my job. If it ever happened I would immediately get in their face and demand they step off. Failing that depending on how much I care either leave or gather evidence, present to management respectfully demanding change. It's never happened and I doubt it really could. I'm way too focused on getting shit done and people who would seek to play these games are more likely than not to be intellectually lazy and therefore easily managed.
Given that the Democrats are trying to start WWIII by doing everything from poking Russia with a pointy stick to rolling out tanks on their border, this is a damned good thing.
Every time I hear "trying to start WWIII" it becomes hard not to tune out. This is such a tired old talking point devoid of any coherent information or useful context to the extent of being virtually non-falsifiable in nature.
If a training exercise in Norway = WWWIII god can only guess what conducting the same in SK territory means with respect to DPRK, US warships "invading" Chinese territory in South China Sea, Russia annexing land in foreign countries, Russia invading Georgia, Russian invading a country they signed defense treaties with (e.g. Budapest Memorandum), planting flags in Artic and conducting joint training exercises in Cuba.
Anyone could make reverse argument being a pussy and standing down or otherwise perusing appeasement and capitulation can also lead to war by empowering those with expansionist aims to become blind to consequences.
None of these statements are worth anything in and of themselves. They are two sides of the same worthless coin.
If you don't agree with a particular course of action much better simply to support your position by providing falsifiable evidence explaining specifically why a course of action is reckless or dangerous.
So far US government has utterly failed to provide any compelling evidence to support it's assertions. Yet another worthless mostly off-topic 13 page document crying about success of foreign propaganda rather than supporting any of it's positions with evidence.
Everyone knows what "RT" is. It's no secret to anyone who isn't living under a rock why they exist and what they do any more than it's no secret why VOA/CNN exist.
All I've seen on CNN the past few weeks is... Wikileaks is an agent of Russia, Wikileaks stole information, Assange is wanted for rape, Assange rapes little girls and persistently pathetic stories of low morale and despair among TLAs because Trump won't listen to them.... WAHHHHHHH.
Do I trust US intel to provide truthful and accurate "assessments" to the public? After curveball's mobile production facilities, aluminum tubes and Uranium (dramatic pause) from Africa do you really need to ask?
No one every denied that there's proof. Most people just agree that it's entirely benign and used for statistic gathering.
Please don't use "spying" in this context, you're diluting the meaning of the word to suit your personal agenda.
I completely agree. The word "stalking" is much more apt than "spying".
The only way they could know that is if they're spying on everyone who uses Windows.
Am I wrong? Is there some other, totally consensual and benign way that they could know this?
They could have conducted a survey and made statistical inferences but why bother when they can just take what they want?
As for "all-pervasive surveillance", Google does collect huge amounts of data, but after two years of trying pretty hard to test Google's defenses against internal employee hacking, I have to give Google an A+. I can't help but to poke at every weakness I see - it's a personality flaw. I personally have not seen 1 byte of user data that I did not need to do my job, and I am easily in the top 1% of nosy Googlers. My son told me once, "You love to be evil for good". That's how I feel about testing defenses. There is always room for improvement, and I think we're trying hard to improve, but no other company on earth comes close to protecting user data like Google does today.
NSA offers roughly the same message only they claim collecting data doesn't actually count as "collecting" until it has been used. They are basically asserting it isn't what you have it is what you do with what you take that counts.
This doesn't work for money stolen in bank heists or scams, exfiltration of confidential data such as trade and government secrets. It doesn't seem rational to believe any judge anywhere would accept the line of argument you didn't use what you took as a defense...
NSA brass even makes public statements about all of their safeguards and red tape... at least when they are not undermining themselves by publically gloating about their power and exploits.
Anyway, I'm guessing you don't really know what goes on at Google, but this is Slashdot. Stating strong opinions about that which we know nothing about is what we do here...
Personally speaking for myself I just don't care. Just like NSA collecting data domestically such assertions of being careful and self-limiting completely misses the point it's simply none of Google's business in the first place.
Massive corporations (especially ones with a defacto monopoly) and governments always try to sell the idea they are somehow different or special insulated from historical examples of human nature. They want us to believe they won't overreach or leverage themselves in pursuit of their objective functions. I am not interested in debating this point or characterizing anyone as good or evil.
I am only interested in promotion of structures which hold EVERYONES feet to the fire. This means a few massive companies like Google don't get to go ape shit and read everyone's email and track everyone's every move across virtually every website on the planet whether Google is their search engine or not.
This behind the scenes industrial scale spying relies mostly on ignorance and lack of choice. All of this data ultimately isn't being used for everyone's benefit it is being used to give corporations an upper hand over consumers -- an unfair advantage, an unfair playing field. They don't want *their* feet burnt.
Hopefully soon with increasing public awareness, certain hidden technological changes and possibly legislation there will be adjustments to better balance things out. The status quo is unsustainable and Google is at the forefront of being the problem.
10000 employees know most of their affiliate adwords hits are generated from worthless click farms. 9999 of these same people don't care.
Any rational number divided by count of current Google employees over 40 result in an undefined answer.
28 employees tried to eat parts of android version statues on at least two separate occasions.
89 ran away from the giant honeycomb bee thinking it might sting them.
31415 employees have used wget at least once. Of these 21415 have set an alias in their shells to include --no-check-certificate. 300 type it every time, 200 tried and failed to find a shorter flag, 50 tried unsuccessfully to locate a stash of root certs. Only 3 were aware of the fact using wget constitutes a crime.
While 100 think Google's corporate motto should be "Playing to the edge" the majority of Google employees regret their role in cyber stalking the worlds peeps.
Uhhh....
You think people should be able to sue this family because their daughter died in a fatal car crash caused by a man using an *Apple technology* for which *Apple holds* an unimplemented patent that could have prevented said accident?
NO obviously I think no such thing. Also Apple doesn't hold this patent the suing party does.
Talk about victim blaming. (Yes, I am referring to myself "blaming" you--the victim of a school system that failed to teach reading comprehension--with my razor sharp wit.)
1. You have failed to understand what I wrote in the specified context.
2. You have built upon your earlier failure to attack a straw man.
3. You have failed to RTFA as evidenced by incorrectly asserting Apple holds a patent the suing party actually holds.
I was pointing out in an "alternate reality" in which you are able to sue someone for not implementing something it seems perfectly reasonable in the context of that "alternate reality" to also go after parties who in some way make it more difficult to implement that same thing. By patenting the technology suing party has clearly made implementation more difficult.
To make it clear for those compelled to let their assumptions substitute for comprehension I don't believe I currently live in the specified "alternate reality" nor would I ever want to nor do I advocate for any such nonsense.
What they collect (e.g. everything including Your F***ing passwords...)
Wireless network SSID/password (encrypted);
* Device information, including any Personal Information you include when assigning device name(s) and, if provided,
the name of the person to whom the device is assigned, and device user agent data/app user agent data, including
device type, manufacturer, and model; operating system; and IP address;
* Data regarding device usage, including data regarding the time of last device use, internet usage time for each
connected device, and gateway logs detailing network connection activities;
* Website addresses for parental control settings, including blocked websites, visited websites, and time and content
filter information;
* Personal Information you may enter into your profile, including username and your picture;
* Personal Information you provide for customer support and connectivity assistance, such as userID, name, role,
policies, and device information;
* Attempts to download executable files/mobile apps;
* Shipping address and related information.
What they do with it...
* Norton Core uses Google Analyticsâ(TM) Measurement Protocol with IP anonymization parameters to transmit critical error
information (including IP address) and information on your feature usage services (âoeNorton Core Telemetryâ) to Google
Analytics, which is not owned or operated by Symantec.
* Understanding product usage and alerts to inform you of better ways to benefit from a productâ(TM)s features
* Statistical analysis of product deployment
* Providing us with business and marketing information
How they use it...
* We are a global organization and may transfer Your Data to other countries, including countries that may have less protective data protection laws than the country in which you are located.
* may be disclosed in connection with any proposed or actual sale or other transfer of some or all assets of Symantec in the event of a reorganization, merger, acquisition, or sale of our assets;
* may be disclosed and shared if we are ...Here they are clearly saying anyone in law enforcement can simply request data and receive it even if not required by law...
required to do so by law or in response to a request from law enforcement authorities;
* To promote research, awareness, detection, or prevention of security risks, Symantec may disclose Your Data to relevant public
and private entities such as cybersecurity or identity theft research organizations and security software vendors.
Apparently also customers responsibility to make sure their down line users and guests are informed their data is also being collected. Note that "your disclosure" actually means going to the management portal and configuring a new device.
It is your responsibility to ensure that any disclosure by you to Symantec of Personal Information of your users or third parties is
in compliance with applicable privacy and data security laws, including informing users and third parties that you are providing
their Personal Information to Symantec, informing them of how it will be transferred, used, or processed, and gathering
appropriate consents and other legal measures required for such transfer, use, or processing.
How many days till we see an advisory for Norton core enabling attackers a method of leveraging Norton core to compromise systems it is supposed to be protecting?
http://fortune.com/2016/06/29/...
Also apparently if you don't renew your subscription your Norton paper egg turns into a Norton paper weight as they disable all access controls on spite not just the scanning/heuristic subscriptions but basic ACL shit too.
I don't know if you can blame the language, the devs should have added their own checks if the language didn't have a guarantee.
Noting math/rand is part of the standard go library and more rigorous compile time checking would have prevented this seems like a no-brainer to blame the language.
Putting aside obvious fact such patents should never have been issued in the first place if this family cared about public safety why would they seek patent protection?
Patent encumbering technology does not promote adoption it always considerably retards it even if you make public promises not to enforce. Surely they knew or should have known this going into it. They could have released their "systems and methods" into the public domain. Now they expect sympathy for actively working against public safety?
In an alternate reality where they are able to get away with this other people should be able to sue this family for their own injuries and deaths related to smartphone distraction for their part in assuring this technology would NOT be adopted.
Self driving cars using just cameras and radar is still an open research problem. Even when using more advanced (and expensive) sensors like LIDAR, there are still a huge number of problems that are not solved. Either Tesla has a vastly better self-driving algorithm than every other University in the world, every other car manufacturer in the world, Google, AND Uber, or they are putting a half-baked product on the road.
To me it sounds like they are just playing word games. They say version 2 hardware is "capable" of fully autonomous driving but doesn't seem they actually have the software to actually able to pull it off. Sensor suite and GPU based processing for version 2 does seem quite advanced/impressive.
If they do manage to get full self driving under ALL conditions working at least slightly better than people I'll be the first to congratulate them. Until then F Tesla for public betas and half baked marketing gimmicks enabling drivers to tune out and lose situational awareness.
I'll happily become an organ donor as soon as there is process in place to deny hospitals any and all financial incentive arising from harvesting organs. Until then call me a conspiracy theorist until your blue in the face betting against human nature or thinking doctors are goddamn saints having your best interests at heart.
Look at all the people addicted to prescription drugs in recent history. What changed? Who the heck do you think keeps prescribing all of this shit? Receptionists? Why are all the pharma sales reps always young chicks that just happen to be as hot as hell? How is this even an industry let alone a multi-billion dollar one to begin with? How does this serve the best interests of the patient? Numerous studies indicating widespread instances hospitals pressuring doctors to be profitable by forcing them to cut corners to cover for unsafe staffing levels to ordering tests or procedures they believe to be unnecessary or redundant to profit based discharge and admitting criteria. You would be hard pressed to find a hospital anywhere in the US where those involved in providing care would not admit to being forced to act in ways that go against their training to accommodate pressures of their job. Ask anyone you know who works in the field. A doctor a nurse...anyone and see what the they tell you or just lookup the stats showing 100k hospital deaths/year due to preventable errors. Hospitals are not run as bastions of humanity helping others they are businesses looking for profit the same as any other commercial enterprise.
I deal with enough assholes in my own family who openly root for death of relatives so they can cash in on inheritance. People are inherently scum. The only way to keep them in line is not to incentivize them to do scummy things. Organ donation is too big a carrot... one that can easily be addressed by structures to prevent people from devolving into scum.
I don't know of anyone who refuses to donate because they care what happens to their organs or some religious/philosophical bullshit... everyone I've spoken to refuse because they are human and they know enough about human behavior to fear being looked at as a profit center rather than a patient... You can strongly disagree and say I'm and everyone who thinks like me is full of shit...but you'll never change my mind nor will you be able to explain why structurally such a conflict of interest even needs to exist in the first place. If it is really about helping people this should be a no-brainer and everyone should be on board with structurally doing what is necessary to make it a reality. The little that does exist such as NOTA has effectively been bypassed/ignored with impunity.
"Many consumers" does not equal "Apple customers". That, right there, is the fundamental problem. Apple customers want thinness at all costs. And so many companies, like Samsung, are sooo jealous and envious of Apple's cultist customer base that they somehow think that they can replicate this level of success by copying Apple's impractical and user-hostile design decisions.
I see too many people sporting iPhones in bulky protective cases every day to believe even Apple customers actually want thinner phones.
Correct me if I am wrong, but isn't every public server handling TLS connections basically non-secure as a middle man, between a website and someone's web browser?
Surely not to be confused with end-to-end encryption?
There are at least two answers.
Answer 1 - It is E2E and secure against active man in the middle attack:
Browser maintains a list of entities it trusts. Secure websites advertise a certificate blessed by one of those entities. Since an active middleman does not possess secure websites private key it does not have the means to trick browsers into thinking attacking site / proxy was blessed by a trusted entity.
Answer 2 - Answer 1 is in real terms just an illusion:
It is also necessary to consider practically how trust is managed in the real world. Today "blessing" by trusted entities is a completely lights out automated process often relying exclusively on unsecured communications in the areas of naming, addressing and web server probe (e.g. leap of faith) to achieve.
Lets say you have access to see/change traffic to or from a victim server. You can use this access to go to any legitimate SSL provider and rewrite probe requests from this SSL provider to trick it into thinking you have demonstrated ownership of a system you are requesting a certificate for.
You may now leverage your shiny new blessed certificate using your own private key to intercept servers TLS connections with victim browsers having no idea their communications are being compromised.
Specifically it stops them from 'tapping glass' in places like Room 641a:
* https://en.wikipedia.org/wiki/...
There are valid reasons for surveillance and wire tapping on individuals; there are few-to-no valid reasons for mass surveillance. HTTPS everywhere stops the latter.
HTTPS doesn't prevent leakage of timing and size of content. Server name is sent in the clear and TLS identifier used for session resumption is not obscured allowing activities within a site to be linked to specific browser instances.
With some analysis they can still deduce exactly what many people are doing despite encryption.
There are more than enough people being caught doing these crimes to be taken out of society make up for the shortfall that safer cars' bettering society will cause.
Bettering society? All I see in your remarks is advocating for people with power to leverage it against others to benefit themselves. This isn't how you better society it is how you rot it out.
We have already seen what happens when you breed corruption in the legal system. Government now steals more shit from people without even bothering to charge or convict than sum total of everything reported stolen.
During my lifetime the rate at which cases have gone to trial has dropped by an order of magnitude. Plea bargaining has over time created positive feedback loops in the legal system leading to laws and sentencing which assume pleas would take place allowing for insane and unjust "threats" to effectively compel cooperation. See also https://en.wikipedia.org/wiki/...
We have seen widespread fraud stemming from deployment of red light cameras as money making schemes actually CAUSING more traffic accidents by tweaking signals to maximize profits.
We have seen prison for profit industrial complex actively lobby to enrich itself at the expense of all of society.
All profiting off killing people will do is provide incentive to kill more people as is happening right now in China.
13 pages... more like 3 pages followed by nonsense and boiler plate security "advice".
The pages offer only assertions unsupported by any provided evidence and describe techniques that are widely used by everyone. They don't even bother to explain linkages between APT xx and the Russian government.
I don't trust TLA's. They have a long history of being weasels and publically selling lies to support themselves and their masters political agendas. My view the government should either provide actual evidence to support its assertions or STFU.
If there's one variable that affects the Earth's climate, it's the output of the Sun.
Just received official word NASA stereo satellites are part of a false flag climate hoax launched into orbit around a sound stage transmitting illuminati approved disinfo to the world.
I hope Trump shuts all this worthless science shit down. We need real data not bullshit from dishonest scientists.
If there's a second variable that affects the Earth's climate, it's the kinematics of the Earth about the Sun. Neither should be considered constant.
Thanks for letting everyone know because before you spoke up nobody was monitoring or accounting for these things.
The real hoax was that climate is constant.
Nobody doubts in a billion years or so an irreversible moist earth runaway greenhouse effect will take hold leading to tropical surface temperatures measured in thousands of degrees.. obviously not a very good hoax.
predictable
Human contribution to energy balance is trivial to calculate and isn't a serious topic of debate. What is much more difficult is understanding any positive or negative feedback systems that could work to offset it one way or another. In other words "fuck it" just assume whatever makes you happy or trust god will sort it out.
controllable.
You could set off all the worlds nukes and cool the earth by tens of degrees for decades.
If your not completely blocking Facebook domains they will also stalk you as you move from website to website thanks to globally pervasive social media bugs installed on websites throughout the Internet.
1. There have not been "hoards" of Muslim hoodlums entering Germany. Most of the refugees are actually fleeing Islamic terrorists.
About half are from Syria most of those people fleeing democide inflicted by a secular government.
The guy had his asylum application processed in good time. The problem was they could not deport him because his country would not take him back.
Nobody cares about lame excuses.
The falling is that the security services knew about him but didn't stop him.
See above. Germany is at the very least to blame for not being prepared, putting out an invite that got thousands killed plus above "won't take him back" nonsense. You can structure migration in a way where these problems are mitigated or you can just take a bunch of half-assed measures and act surprised when it blows up in your face.
This does not warrant your extreme, xenophobic reaction.
Back in the real world when all you see when you turn on the news in these countries are more examples of "your people" being attacked or murdered at the hands of "those people" good luck getting anyone to care about words like "xenophobic" or any objective reality. Your declarations of what is warranted and what is not are losing out handily in the court of public opinion.
We have amazing systems and networks today.
Home 24x7 broadband Internet connections with bandwidth 100x of the LANs I grew up hacking together. Computers thousands of times more capable in every way.
Even Grandma's now ancient desktop has an operating system with memory protection, preemptive scheduling, multi-processing and a capable IP stack.
Pocket sized computers now sport capabilities I wouldn't believe myself had someone from the future came back and handed me.
There have been amazing advances in nifty 3-D graphics, web browsers, search, multi-player games like mindcraft and all manner of MMO, global video sharing services, Wikipedia, stack*...
Until relatively recently tech companies I cared about who built hardware and software were focused on getting shit done... providing value for their customers and pushing technology. Today it seems all of the innovation has shifted to production of hardware and software for purposes of facilitating ads and malware. The market seems to have turned to complete shit driven by a death spiral toward everything must be "FREE". I routinely find myself disgusted with what I see talking place around me as "legitimate" companies emulate the playbooks of malware outfits of the past.
The core point of interest to me with regards to computing has always been the structure and utility of the Internet for people to actually effectively communicate.
Internet E-mail is still as insanely dangerous as the first time I entered my SMTP settings and asked how it knew "who" I was only to find out it didn't actually care. It didn't take a rocket scientist to see the incredible damage to countless millions that would arise from this.
The killer feature of the Internet .. the fact it's a network of *peers* remains largely untapped and ignored. There is no market based incentive to care.
Finding information today online is not appreciably different than it was two decades ago with the same players (search engines and ad networks) funding both good (useful content) and evil (spam farms) to similar degrees... They don't really care...never have..
Rate at which the Internet is being converted into something resembling CompuServe/ Prodigy is depressing. Rate of participation of normal people wanting to get involved and host something vs signing up for a Facebook account and "cloud" worshiping is equally depressing.
Market pressures are reinforcing broken shit and actively impeding efforts to address problems because Band-Aids have become billion dollar industries onto themselves. Status Quo way more profitable than actual solutions.
Sheer contempt tech companies now have for people I find breathtaking. Google reads everyones email's. Consumer router/device vendors intentionally produce dangerously broken products and step away Scott free from the carnage left in their wake. Facebook collects histories of every site everyone visits regardless of whether you even use their service. Operating system vendors distribute software containing active remote access trojans by default, denies users the ability to prevent information about what they do and how they use their own computer to be transmitted to others without their consent. Crowd sources beta testing and deny users the ability to opt out. Force reboots whether you want them to occur or would be adversely affected or not. They just assume without even giving it a second thought their perceived needs in any trump respecting their customers.. the user...oh right... users are not customers anymore.
Really hard to think computing is "COOL" when the industry is chalk full of scum.
If the echo actually recorded everything in its hearing range and sent it up to the mother ship you would see the packet traffic, there would be a significant drag on your bandwidth and if you are charged by the megabyte your billing would jump through the roof the moment it was turned on (assuming something like 1 meg/minute of audio would give 1440 megs per day in usage).
Voice codec traditionally used by cell phones and VoIP average on the order of 1k/sec. This is 60k/minute, 3.6 mb/hr, 86 mb/day or 2.5 gb/month. It wouldn't be noticed by most broadband subscribers. This not counting deployment of silence detection or significantly more complex codecs enabling you to do many times better than 86mb/day. Combined with batch operation that sent a week or more at a time users could be left completely clueless without reverse engineering/persistent packet capture.
This isn't to say it is actually being done only the premise it couldn't be done without tipping off the average user who would "notice" is sadly not true.
Today murder investigation, tomorrow evidence of banging "Alexa" uncovered during divorce investigation and day after that determination of "no expectation of privacy" within your own home because "technology".