There was one report where a moron saw his network card's repeated DNS requests and went all tin-foil-hat that they were nefarious. Sorry but that's how networking works.
There was one report where Microsoft said they will install a Remote Access Trojan on your computer by default and use it to download whatever data they felt like from you without your KNOWLEDGE or CONSENT.
But ignore all that... those documents were written by morons and are obviously are not credible.
It's not an evil scheme to steal your personal info.
Nag screens, forced updates, telemetry/spyware shit. Microsoft has literally become the Internet malware our friends call and ask us to uninstall from their computers.
Probably the same as the telemetry - it bypasses even the HOSTS file.
DNS based filtering currently works great. While I wouldn't put it past them to override DNS settings, use IP literals or eventually brick your system if "telemetry" transmission is interfered with... so far it is by far the easiest method especially if you have multiple windows systems on your network. It only requires minimal effort in creating a few fake zone files.
However this is all ultimately a lost cause. I don't trust MS anymore and no amount of technical workarounds will change that. The best way to bypass telemetry really is to stop using Windows.
If Snapchat started having a feature called "Number of red lights run!" -- would you defend them from liability?
I hope you just didn't RTFA or missed "A warning when users first open the speed filter feature urges them not to use it while driving."
If Snapchat enables very easily some behavior that could be considered negligent or law-breaking, some party could sue them for contributing to a reasonably-anticipated outcome of that contribution.
Why stop there? Shouldn't the phone manufacturer be held liable for contributing to distracted driving? After all they know full well their products contribute to at least 100k incidents of distracted driving incidents per year with between many hundreds to thousands of fatalities. What about component vendors who make ICs being integrated into phones? They know full well where the product is being used and they have access to the same data on consequences of smart phone use. What's the difference? How is that not "contributory negligence"?
The lawyers are chomping at the bit to hawk an insane illogical legal environment upon this country simply to enrich themselves.
It's an unpopular notion but various U.S. Government agencies are required to place a dollar value on a human life in order to make reasonable economic and policy decisions. The exact value of a human life varies by agency but the range is currently about $4M to $9M. With only 11 lives lost from to this airbag fault and a reported 70 million airbags affected by this recall, each likely costly hundreds each to replace, is this recall justified?
I don't think this premise may be accurate because not enough is known about failure mechanism. In any calculation you would also have to consider chance of outliers becoming more common as components age.
The correlation with salt spray in costal areas and high humidity is troubling.
I have a vehicle affected by this and was trying to gauge the appropriate level of alarm. The best info I can find indicates that there have been 88 "rupture" events out of 1.2 million deployment as of last year.
There do seem to be some concerns about high humidity areas and strong temperature variation locations being more likely to have issues and originally the recalls were focused on the southern US and other warm areas, though now the plan is to replace them all.
Based on what I remember from a few hours of hearings Takata nor anyone else simply has that kind of stock on hand to replace what needed to be replaced. Staggered notifications were triage wanting to avoid situation where people would receive a recall notice and dealership being unable to source replacement inflators.
The consumer reports article is quite good however my understanding from at least circa 2015 Takata really didn't have any definitive handle on root cause of the failures. While there is a chance this could be a lie for liability avoidance I find it very unsettling it might be possible tens of millions could be going thru recalls and the problem still not be fixed. Also a little worried about the devil we don't know in the massive production ramp up associated with this.
I'm not sure what your point is. Would you prefer that LibreSSL not acknowledge that OpenSSL found the bugs first? Are you implying that LibreSSL should have found the bugs first? Are you implying that there is no valid reason to prefer LibreSSL to OpenSSL given that LibreSSL clearly isn't perfect?
The point is they are all bad. Bragging about LibreSSL not being vulnerable to shit (In majority of instances affected feature stripped from software) is like two idiots fighting over who is smarter.
What would have impressed me is if LibreSSL took the time up front to re-architect software to be inherently more secure. Instead what they did was function level changes, delete features THEY didn't want along with trash much of the cross platform compatibility.
OpenSSL needs more than just a paint job. LibreSSL as yet another spinoff/competitor is something I believe benefits everyone. I do not however believe LibreSSL in its current form goes far enough to really be effective as a "secure" alternative to OpenSSL in my view.
Looking at the history it's clear that LibreSSL has had fewer issues than OpenSSL, especially of severity "High".
One of the largest criticisms I have of OpenSSL is they don't put enough effort into minimizing global complexity under typical usage. For example there is no reason for DTLS SRTP DOS and non-DTLS based heartbeats to have been reachable under normal use without at least explicit enablement. TLS based heartbeat as a feature does not even make logical sense. Instead of a global freakout there should have been a footnote warning few DTLS peers to upgrade because heartbeat was critically broke. There does not seem to be the needed cultural and systematic pressure to view code as a liability and take steps to hedge against it.
The answer however is NOT to push the delete button and call it a day. I need TLS-SRP support. I need heartbeat to work as designed with DTLS. I need native compatibility with a number of platforms.
My grandfather did not believe in satellites. Several hundred years ago people did not care about heliocentric model.
Not falsifiable. Just because someone may or may not believe in something has no bearing on merit.
Modern people are so limited, as such they have made a practical simplification to treat speed of light as a constant.
Is there evidence to suggest "c" is not constant?
Quantum delayed choice experiment is a first salvo, a first spin to this oversimplification.
The speed of light is a measure of how fast anything can propagate thru space with the usual laundry list of clarifications and stipulations.
Quantum information does not prorogate thru space.
Somewhere there is a 130+ IQ point scientist and sometime this scientist will come up with another thought experiment, which will later be supported by actual experiment which will provide a different spin, and potentially a breakthrough in quantum mechanic understanding. We just don't know how old that scientist is or even if he or she already born.
There is a legion of geeky nerds who are racking their brains around quantum mechanic phenomena and more experiments more discoveries will expand our knowledge horizon.
There is a legion of geeky nerds who are racking their brains around arranging permanent magnets in a way that creates a free energy generator to power their go carts.
In both cases the math is quite clear on what is and is not possible. It simply does not matter how clever you are.
It is true at any time new evidence can modify understanding about anything. The problem is in the attempt to leverage lack of knowledge as license to support a specific outcome for which no evidence exists. You are of course free to assume anything you want. Don't expect to win any support by simply asserting "we don't know everything".
What I think is interesting if it were possible to create a warp drive and people ended up scattered about the galaxy Internet of the very distant future could resemble one giant sneaker net of ships ferrying information.
Also posting links to Forbes is a lost cause. We can't read them.
Half of what I watched on Tivo was RSS feeds that would automatically download Internet broadcasts and put them in my play list.
One day after years of use Tivo decided to drop the feature. New shows stopped downloading and menu options just disappeared. There was not even a way remaining to manually enter a video RSS URL.
It isn't like this requires Tivo to host or distribute content. They just decided hey you know what... FUCK YOU... and to pour salt on the wound stub where old menu used to be basically said go buy a new TiVo buddy.
Tivo ruined the industry with their patent trolling and now it doesn't even matter because cable itself is dying.
This is the TV station's fault for not deploying their computers correctly. This issue has been known for months and months now and a fix has been around for quite a while.
Where IT screwed up was not configuration of group policy it was selecting a vendor that is both untrustworthy and openly hostile to its customers.
Just like ULA hating on SpaceX's rocket landing plans or Blackberry hating on the original iPhone, whenever a newcomer comes to market with a disruptive technology, the entrenched players do all they can to trash the newcomer in the media to cast doubt on the viability of the disruptive ideas, rather than pivoting to actually address the market shift that the disruption heralds.
Your comment is not falsifiable. What Tesla is doing could be proven to lead to unnecessary mayhem and your comment would still be no more or less valid.
Personally I agree with Volvo's philosophy of not being half assed with self driving features. Either have the computer fully in charge of everything or don't do self driving at all. This makes a lot of sense to me based on my read of human nature even though Tesla to its credit does take steps to minimize this.
Offloading driving in certain situations only encourages people to divest themselves from the act of driving which can very much be a problem if you expect them to retain enough situational awareness to take over in exceptional cases.
We must also not lose sight of the fact at least some of this shit is still very much beta. Several months back a number of people were complaining on Tesla forums about self driving firmware updates literally trying to get them killed.
They should have employed those 103 engineers to figure out how to build an impenetrable concrete bubble around Dyson's corporate headquarters in order to save humanity from such egregious feats of idiocy.
Apple used to be about being transformative. Now it is just about being transgendered. I miss insanely great.
What do people mean in concrete specific terms when they say Apple is (insanely) great? Having never purchased an Apple anything what specific insane greatness have I missed out on?
As for CD players and figuring shit out... We were already ripping our CD collections and downloading from Napster before ipod. We already had PDAs that could play MP3's and several portable mp3 players were already on the market like Rio before there was ever an ipod.
The so called information paradox is more likely to be a result of people fooling themselves than any strange happenings requiring exotic explanations involving other universes. An open box is always the low hanging explanation that conveniently explains away everything you don't understand.
I know this sounds like a stupid question but how does Facebook know someone is using tor? Is there a TOR bit set in some IP header somewhere that alerts them to it?
Just so I understand Microsoft has a full blown remote access trojan baked into their goddamn operating system enabled by default to exfiltrate whatever MS feels like from you without your permission or knowledge.
I have no doubt at all hundreds of people can actually witness a real UFO from another world and nobody would care or believe it. It would drown under the noise of Venus, aircraft sightings, weather, flares, hoaxes and accounts of those not exactly operating on all thrusters.
Most of the UFO stories Area 51 included are nonsense but there were always a few interesting jems..
Had assumed since ancient 5121 some 10 years ago this was possible. Even firewalled the modem from LAN as TFA suggests to prevent any kind of scripted data collection or reboot shenanigans.
There is no login on the surfboard interface, no accounts, no credentials. There are big juicy buttons to reboot and set factory defaults. Comcast's own portal had the browser follow reboot link thru web interface and anyone who wanted could do the same. I could be wrong and it could have been backend SNMP.. Never actually tried it but always assumed it worked that way.
If Arris pushes a fix I hope they also send X-Frame-Options or someone will just create a clickjack version of the same problem.
Reminds me of an ancient rumor for disconnecting modems by sending modem escape sequence in ICMP ping request and waiting for your victim to disconnect themselves by echoing it back.
Slashdot Mirror
And no Windows 10 isn't spying on you. It's been demonstrated numerous times that if you turn off analytics it's not sending home any data.
You can't turn it off. There is no off button.
https://technet.microsoft.com/...
There was one report where a moron saw his network card's repeated DNS requests and went all tin-foil-hat that they were nefarious. Sorry but that's how networking works.
There was one report where Microsoft said they will install a Remote Access Trojan on your computer by default and use it to download whatever data they felt like from you without your KNOWLEDGE or CONSENT.
https://technet.microsoft.com/...
But ignore all that... those documents were written by morons and are obviously are not credible.
It's not an evil scheme to steal your personal info.
Nag screens, forced updates, telemetry/spyware shit. Microsoft has literally become the Internet malware our friends call and ask us to uninstall from their computers.
Probably the same as the telemetry - it bypasses even the HOSTS file.
DNS based filtering currently works great. While I wouldn't put it past them to override DNS settings, use IP literals or eventually brick your system if "telemetry" transmission is interfered with... so far it is by far the easiest method especially if you have multiple windows systems on your network. It only requires minimal effort in creating a few fake zone files.
However this is all ultimately a lost cause. I don't trust MS anymore and no amount of technical workarounds will change that. The best way to bypass telemetry really is to stop using Windows.
If Snapchat started having a feature called "Number of red lights run!" -- would you defend them from liability?
I hope you just didn't RTFA or missed "A warning when users first open the speed filter feature urges them not to use it while driving."
If Snapchat enables very easily some behavior that could be considered negligent or law-breaking, some party could sue them for contributing to a reasonably-anticipated outcome of that contribution.
Why stop there? Shouldn't the phone manufacturer be held liable for contributing to distracted driving? After all they know full well their products contribute to at least 100k incidents of distracted driving incidents per year with between many hundreds to thousands of fatalities. What about component vendors who make ICs being integrated into phones? They know full well where the product is being used and they have access to the same data on consequences of smart phone use. What's the difference? How is that not "contributory negligence"?
The lawyers are chomping at the bit to hawk an insane illogical legal environment upon this country simply to enrich themselves.
It's an unpopular notion but various U.S. Government agencies are required to place a dollar value on a human life in order to make reasonable economic and policy decisions. The exact value of a human life varies by agency but the range is currently about $4M to $9M. With only 11 lives lost from to this airbag fault and a reported 70 million airbags affected by this recall, each likely costly hundreds each to replace, is this recall justified?
I don't think this premise may be accurate because not enough is known about failure mechanism. In any calculation you would also have to consider chance of outliers becoming more common as components age.
The correlation with salt spray in costal areas and high humidity is troubling.
I have a vehicle affected by this and was trying to gauge the appropriate level of alarm. The best info I can find indicates that there have been 88 "rupture" events out of 1.2 million deployment as of last year.
There do seem to be some concerns about high humidity areas and strong temperature variation locations being more likely to have issues and originally the recalls were focused on the southern US and other warm areas, though now the plan is to replace them all.
Based on what I remember from a few hours of hearings Takata nor anyone else simply has that kind of stock on hand to replace what needed to be replaced. Staggered notifications were triage wanting to avoid situation where people would receive a recall notice and dealership being unable to source replacement inflators.
The consumer reports article is quite good however my understanding from at least circa 2015 Takata really didn't have any definitive handle on root cause of the failures. While there is a chance this could be a lie for liability avoidance I find it very unsettling it might be possible tens of millions could be going thru recalls and the problem still not be fixed. Also a little worried about the devil we don't know in the massive production ramp up associated with this.
I'm not sure what your point is. Would you prefer that LibreSSL not acknowledge that OpenSSL found the bugs first? Are you implying that LibreSSL should have found the bugs first? Are you implying that there is no valid reason to prefer LibreSSL to OpenSSL given that LibreSSL clearly isn't perfect?
The point is they are all bad. Bragging about LibreSSL not being vulnerable to shit (In majority of instances affected feature stripped from software) is like two idiots fighting over who is smarter.
What would have impressed me is if LibreSSL took the time up front to re-architect software to be inherently more secure. Instead what they did was function level changes, delete features THEY didn't want along with trash much of the cross platform compatibility.
OpenSSL needs more than just a paint job. LibreSSL as yet another spinoff/competitor is something I believe benefits everyone. I do not however believe LibreSSL in its current form goes far enough to really be effective as a "secure" alternative to OpenSSL in my view.
Looking at the history it's clear that LibreSSL has had fewer issues than OpenSSL, especially of severity "High".
One of the largest criticisms I have of OpenSSL is they don't put enough effort into minimizing global complexity under typical usage. For example there is no reason for DTLS SRTP DOS and non-DTLS based heartbeats to have been reachable under normal use without at least explicit enablement. TLS based heartbeat as a feature does not even make logical sense. Instead of a global freakout there should have been a footnote warning few DTLS peers to upgrade because heartbeat was critically broke. There does not seem to be the needed cultural and systematic pressure to view code as a liability and take steps to hedge against it.
The answer however is NOT to push the delete button and call it a day. I need TLS-SRP support. I need heartbeat to work as designed with DTLS. I need native compatibility with a number of platforms.
Why is OpenSSL still being used? LibreSSL is a better alternative that was forked from OpenSSL a couple of years ago. Why is OpenSSL still around?
Why are the majority of bug fixes flowing from OpenSSL to LibreSSL and not the other way around?
"We have released LibreSSL 2.3.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is based on the stable OpenBSD 5.9 branch.
* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.
From OpenSSL."
My grandfather did not believe in satellites. Several hundred years ago people did not care about heliocentric model.
Not falsifiable. Just because someone may or may not believe in something has no bearing on merit.
Modern people are so limited, as such they have made a practical simplification to treat speed of light as a constant.
Is there evidence to suggest "c" is not constant?
Quantum delayed choice experiment is a first salvo, a first spin to this oversimplification.
The speed of light is a measure of how fast anything can propagate thru space with the usual laundry list of clarifications and stipulations.
Quantum information does not prorogate thru space.
Somewhere there is a 130+ IQ point scientist and sometime this scientist will come up with another thought experiment, which will later be supported by actual experiment which will provide a different spin, and potentially a breakthrough in quantum mechanic understanding. We just don't know how old that scientist is or even if he or she already born.
There is a legion of geeky nerds who are racking their brains around quantum mechanic phenomena and more experiments more discoveries will expand our knowledge horizon.
There is a legion of geeky nerds who are racking their brains around arranging permanent magnets in a way that creates a free energy generator to power their go carts.
In both cases the math is quite clear on what is and is not possible. It simply does not matter how clever you are.
It is true at any time new evidence can modify understanding about anything. The problem is in the attempt to leverage lack of knowledge as license to support a specific outcome for which no evidence exists. You are of course free to assume anything you want. Don't expect to win any support by simply asserting "we don't know everything".
What I think is interesting if it were possible to create a warp drive and people ended up scattered about the galaxy Internet of the very distant future could resemble one giant sneaker net of ships ferrying information.
Also posting links to Forbes is a lost cause. We can't read them.
Half of what I watched on Tivo was RSS feeds that would automatically download Internet broadcasts and put them in my play list.
One day after years of use Tivo decided to drop the feature. New shows stopped downloading and menu options just disappeared. There was not even a way remaining to manually enter a video RSS URL.
It isn't like this requires Tivo to host or distribute content. They just decided hey you know what ... FUCK YOU ... and to pour salt on the wound stub where old menu used to be basically said go buy a new TiVo buddy.
Tivo ruined the industry with their patent trolling and now it doesn't even matter because cable itself is dying.
They had some class, they had skill and most importantly they made me laugh.
Anonymous of today relies on zero effort DDOS attacks and their messaging is dominated by anger and revenge.
This is the TV station's fault for not deploying their computers correctly. This issue has been known for months and months now and a fix has been around for quite a while.
Where IT screwed up was not configuration of group policy it was selecting a vendor that is both untrustworthy and openly hostile to its customers.
Just like ULA hating on SpaceX's rocket landing plans or Blackberry hating on the original iPhone, whenever a newcomer comes to market with a disruptive technology, the entrenched players do all they can to trash the newcomer in the media to cast doubt on the viability of the disruptive ideas, rather than pivoting to actually address the market shift that the disruption heralds.
Your comment is not falsifiable. What Tesla is doing could be proven to lead to unnecessary mayhem and your comment would still be no more or less valid.
Personally I agree with Volvo's philosophy of not being half assed with self driving features. Either have the computer fully in charge of everything or don't do self driving at all. This makes a lot of sense to me based on my read of human nature even though Tesla to its credit does take steps to minimize this.
Offloading driving in certain situations only encourages people to divest themselves from the act of driving which can very much be a problem if you expect them to retain enough situational awareness to take over in exceptional cases.
We must also not lose sight of the fact at least some of this shit is still very much beta. Several months back a number of people were complaining on Tesla forums about self driving firmware updates literally trying to get them killed.
And where are Rio and Napster now?
The same place everyone's ipods are today would be my guess.
They should have employed those 103 engineers to figure out how to build an impenetrable concrete bubble around Dyson's corporate headquarters in order to save humanity from such egregious feats of idiocy.
Apple used to be about being transformative. Now it is just about being transgendered. I miss insanely great.
What do people mean in concrete specific terms when they say Apple is (insanely) great? Having never purchased an Apple anything what specific insane greatness have I missed out on?
As for CD players and figuring shit out... We were already ripping our CD collections and downloading from Napster before ipod. We already had PDAs that could play MP3's and several portable mp3 players were already on the market like Rio before there was ever an ipod.
The so called information paradox is more likely to be a result of people fooling themselves than any strange happenings requiring exotic explanations involving other universes. An open box is always the low hanging explanation that conveniently explains away everything you don't understand.
I know this sounds like a stupid question but how does Facebook know someone is using tor? Is there a TOR bit set in some IP header somewhere that alerts them to it?
Just so I understand Microsoft has a full blown remote access trojan baked into their goddamn operating system enabled by default to exfiltrate whatever MS feels like from you without your permission or knowledge.
https://technet.microsoft.com/...
They force updates and collect data from you without any ability to opt out but hey at least you can now doodle all over your screens.
Thank god we are starting to see a real uptick in people bailing on MS. They deserve nothing less than bankruptcy.
250 to 100 pills per day... props to all those stepping up to help separate rich fools from their money.
If aliens don't need encryption to coordinate the extermination of all humans neither do terrorists.
. It doesn't sit well with me that an alien race can cross millions of light years and then crash
They were probably mass locked by earths gravity, engaged FSD too early and overheated.
http://www.core-sound.com/jeck...
(Disc microphone)
I have no doubt at all hundreds of people can actually witness a real UFO from another world and nobody would care or believe it. It would drown under the noise of Venus, aircraft sightings, weather, flares, hoaxes and accounts of those not exactly operating on all thrusters.
Most of the UFO stories Area 51 included are nonsense but there were always a few interesting jems..
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
Had assumed since ancient 5121 some 10 years ago this was possible. Even firewalled the modem from LAN as TFA suggests to prevent any kind of scripted data collection or reboot shenanigans.
There is no login on the surfboard interface, no accounts, no credentials. There are big juicy buttons to reboot and set factory defaults. Comcast's own portal had the browser follow reboot link thru web interface and anyone who wanted could do the same. I could be wrong and it could have been backend SNMP.. Never actually tried it but always assumed it worked that way.
If Arris pushes a fix I hope they also send X-Frame-Options or someone will just create a clickjack version of the same problem.
Reminds me of an ancient rumor for disconnecting modems by sending modem escape sequence in ICMP ping request and waiting for your victim to disconnect themselves by echoing it back.