Hey guys, I've found a flaw in your DRM
Turns out it's still actually possible to see and/or hear the content.
Therefor it cant actually prevent people copying it.
629 publicly visible posts • joined 15 Jun 2010
"There was no basic trade going on"
I'm not sure what logic you are using to think this is wrong.
How much stuff do you think we would import from Mars were we to establish a colony on it?
Even one that was hugely successful and producing a surplus?
The only thing that would justify space shipping would be super high value, low weight items like "spice".
Elon Musk could afford to have stuff shipped back from Mars.
Normal people couldn't.
The fact the whole economic basis of space travel in dune is super rich people prolonging their lives seems reasonable to me.
Current trends on earth mean space travel is now in the hands of wealthy individuals, not just governments.
Sci-fi settings with "space truckers" moving around holds full of space wheat are typically the unrealistic ones.
Maybe something similar to this case?
https://arstechnica.co.uk/tech-policy/2016/07/hpe-wins-high-court-fraud-fight-international-computer-purchasing-ltd/
Basically grey marketing HP kit against their wishes.
Might perhaps upset the narrative to show HPE as some kind of grasping, evil corporate monster though.
"The fact that the gap between remote controlled car and intelligent murderous robo-killer is simewhat ggantic would never occur to them."
Well, in fact, the gap between a remote controlled car and a Google Car is mostly just size, and you know the most common winning Robot type in Robot Wars and similar competitions?
Its the boxes with wheels that just ram the opponents until they break or push them into the hazards.
This is why they have added rules to make the robots have weapons etc. in order to not make the show about two blank metal boxes ramming each other.
Co-incidentally, an autonomous car is basically a large metal box robot capable of high speed ramming.
Except not remote controlled (well, until the hackers get at them).
"We would, in future, be well advised to avoid promoting Home Secs to PM; the experience seems to warp their judgement."
As the appointment process consisted of several rounds of political backstabbing and back room deals, and not even the tiny proportion of the country that are official members of the conservative party got to pick between prospective candidates, I'm not sure where the "We" come into it.
Battery swaps are not going to solve the key issues.
They would only act to even out the recharge delay, as the replaced battery is going to have to be charged for the requisite period before someone else can use it...
You have the problems of having enough storage capacity at your "recharge stations" to hold all these charged/charging batteries, and the power transmission/conversion equipment required to charge all the batteries simultaneously.
Say a petrol station has 12 pumps, takes 5 mins for a driver to fill up, and say a battery takes 80 mins to charge.
16 batteries per "pump" on charge to keep up with demand, assuming petrol stations are sized appropriately, at peak hours.
=192 batteries.
Telsa S has 85 kWh battery.
That's 85*192KWh to be supplied in 80 mins
~12MW draw if my math is correct.
That's 24000 homes worth of electricity being funneled in there.
Obviously if you has more batteries you could stretch out the demand over a longer period, but to get it so you could charge overnight and then use those to meet high daytime demand you would be looking at several multiples of 192 batteries.
Assuming peak usage of all "pumps" as it were.
Obviously its was to dismiss already known issues as "of course we already know about that and therefor..."
I call bullshit on the magical system fairies that know all unknowables, encompass all conceptual spaces, can fully prove a complex system with state combinations well beyond the number of atoms in the universe, and never make mistakes. Oh, and do everything from scratch so they don't rely on possibly flawed work from outside.
Unless you never release of course, then all things are possible.
"Rowhammer doesn't work over RS-232..."
Sure, rowhammer (my mistake) doesn't work over RS-232 (as it requires fast memory access) ,and RS-232 is a simpler interface than a full 7 layer network stack, and therefore less likely to have exploitable vulnerabilities.
However, rowhammer is merely an example of a class of exploits that lie outside "state space analysis" (such as checking all inputs and outputs...) of a system. Even formally proven systems could be vulnerable to such attacks.
Like having unbreakable encryption, that is none the less broken because your CPU activity while decrypting gives clues to the keys and can be picked up by a hack into your sound card...
In most cases of course, it's often more cost effective to use an alternative method than trying to find some exploit.
for example, developing deep water submersible drones with electronic probes on them.
The big issue comes when COTS equipment and software is used (like TCP/IP networking kit, Intel Processors, Linux, Net-SNMP) etc. As these are extensively used, constantly attacked and are "generic" (in the sense they need to be flexible enough to cover a multitude of situations) it's almost inevitable that exploits are discovered against them. And should one or more of those exploits "line up" in just the wrong way, suddenly your "secure" system is exploitable by anyone who can run a script or two. And you only find out about it if the exploits are public, if they are one of the "hoarded" exploits then you may never find out. This of course ignores the fact that COTS and open source systems are also vulnerable to bad actors deliberately introducing flaws specifically to allow attacks to be carried out , if the attackers are dedicated or funded (or connected) enough. Even bespoke code can use generic compilers or libraries, or run on generic CPU's, BIOS/UEFI stacks etc.
"you can't even overflow the buffer unless the cpu isn't doing what it's supposed to".
Even if (and I highly doubt this being the case on any modern system) you had a full state machine layout of your entire system and thus could make some assertions that no unexpected states existed, this would still overlook issues outside the logical system state that stray into physics territory (such as the ramhammer technique).
As a result, I would take askance at any assertions of 100% security, for any kind of interface where information is passed between two systems. The more complex the interface, the more likely some exploit is going to exist.
"Hell, at [redacted] we implemented an exchange between secure and nonsecure parts of the ground network where the nonsecure part would ask for new data using an SNMP packet, and the secure part would eject the data as needed. It's not rocket science!"
And that's all fine until it turns out an unhandled buffer overflow in SNMP allows your "non-secure" request to hack the software on the "secure" system, right?
Which is exactly the kind of issue that should be avoided by using actual physical separation , not just some firewalls or restricted port services.
"Once this team started deploying software weekly and studying how the user interacted with the software, they learned what was actually needed and changed the requirements appropriately. The team removed the need to "align" with others in their organisation. Sure, there were external systems to cope with, but removing the need to coordinate and take ongoing input from parts of the organisation that weren't close to the actual users speed up the schedule tremendously, delivering months ahead of time."
So, as the users know nothing about security and in the main it just gets in their way, that bit doesn't get implemented I guess? Along with any other "hard but not user visible" requirements.
Had a friend tell me about an application someone in his organization implemented to replace an older piece of infrastructure. It didn't work , and when asked why the development team said they had developed their side of the interface and taken it live, but the other side their team wasnt responsible for hadnt been implemented , so the data just went into a black hole... I guess they liked delivering fast as well...
"Offshore developers are rarely the issue as long as they are treated as a pure subcontractor (in-house or not) however it is necessary to apply as rigorous quality management processes as your your customer will (or should). This overhead usually means that offshore is not a cost reduction but for resource only and may indeed cost more due to quality assurance overheads. "
Translation:
Pay peanuts, get monkeys. Then employ extra people to look through their random output until you eventually find an approximation of Hamlet. Then it turns out the customer wanted Macbeth.
Two part solution,
A spin that provides somewhat less than 1g, say 1/3 g
+ lead-lined helmets and shoulder pads!
Just try not to look down too much..or topple over... or move too fast and forget it takes longer to stop with a few 10's of kgs of lead about your person.
Still, might be something in it!
Alternatively, several sizes too small (in the vertical direction) rubber onesies might serve to put some gravity like pressure on the spine.
It''s simple,
They provide code that allows you to write code to manage code.
You still have to write that code yourself, but if everyone used puppet you might be able to steal most of your code from "puppetmonks" (without really understanding it), then brick your entire data-centre during some edge case deployment.
Even Google have managed to do that, so it wont be hard for other people.
PHB: So, I need a plan for the next email and server upgrade.
Guy1 : Lets buy office "in the cloud" instead of hosting our own email and file servers.
Guy2: Great idea, and we can save money on local support, servers, all that stuff
PHB: I'll raise the PO, good job guys.
... Sometime later...
Security guy: I just heard that we purchased office 365 for the whole organization.
PHB: Yeah, isn't it great!
Security guy: You realize that this means we'll be storing all our email and documents on Microsoft servers? And that we have at least 3 ongoing cases where we are investigating them for billions in taxes right now? Do you think it's a good idea to potentially let them read all our email , investigation outcomes and case preparation?
PHB: Err...
Security guy: Yeah that's what I thought. Migration cancelled. How much was that again?
PHB: $12 million...
"As a taxpayer, it made me angry … whenever someone stabs you in the back, from a professional standpoint it is a hard thing to endure."
But he still manages to work for the American government... I guess they call it "Front-stabbing" so he's fine with it?
Are you using Covert Mobile Intercept Technology to illegally spy on the public with no oversight?
To which the answer is almost certainly "yes", which is why they wont talk about it.
It will all be ignored until it turns out some copper was using it to listen in on his ex-wife's calls/texts, then goes out and murders her/her new boyfriend or whatever and they can't cover it up.
"Every vendor in the spaces used Credit Card strings and they are really simple and unique format, and thus easily defined"
Sure,
That's any number between 13 and 19 digits long then, with maybe some other characters in there dividing them into groups.
Hey, my phone number is 14 digits long in international format...
As the saying goes "now you have two problems"
The correct analogy in this case is:
you manage a school network.
Unbeknownst to the principle and staff, you (however unwisely) have a copy of all their passwords that you use to access their systems at will, which you use to "check for viruses/fix issues" etc. Obviously you could use that power to steal cash/read private emails/sell exam paper access, but you don't because you are nice, even though there is no oversight (so maybe you do). The passwords don't expire, so you don't have to worry about getting the new ones unless someone changes theirs for some reason.
One day you find that a hard copy of your list of all the staffs passwords has been stolen by someone (probably a student).
Rather than admit what you have been doing, and getting all the staff to change their passwords, you instead just do extra monitoring to see if you can spot when someone logs in with those accounts who isn't the teacher involved.
After a few weeks you think, "Ok, probably fine, I cant see any dodgy logins".
Three years later someone posts the password list to the schools internal mailing list using the Principles account.
It's a bit different from rounding up criminal conspiracies or thwarting student pranks.
How do you think an auditor should react should they find a situation like the one described?
How trustworthy are your schools exam results for the last 3 years...
So, what was their plan if they spotted these tools in use?
If they suspect a "state actor" then what would they be able to do about it anyway?
There is no way they can somehow magically delete them once someone else has copies.
Next port of call should have been CERT. At this point they can't even claim that "only they know the hacks they use", so that argument is demonstrably bullshit.
And these are supposed to be the group that also help stop cyber attacks on US infrastructure...
What a crock.
Ironically the standard fix for this issue is to install an update...
You can manually download the individual update from MS however.
Tip: temporarily stop the windows update service before installing it or you have to compete with the locked up background update scanner.
http://superuser.com/questions/951960/windows-7-sp1-windows-update-stuck-checking-for-updates
I guess "publicly owned" sounds better than "state owned" when it comes to broadcasters....
Elsewhere on the site it does say "State owned"
http://www.channel4.com/info/corporate/about/channel-4s-remit
And Wikipedia says "Although largely commercially self-funded, it is ultimately publicly owned; originally a subsidiary of the Independent Broadcasting Authority (IBA), the station is now owned and operated by Channel Four Television Corporation, a public corporation of the Department for Culture, Media & Sport"
Channel 4 is a government owned commercial channel with a public service remit
"We are a publicly-owned, commercially-funded public service broadcaster. We do not receive any public funding and have a remit to be innovative, experimental and distinctive. "
I'm not sure how buying an existing show by outbidding the publicly funded broadcaster is forwarding any of those values.
"The UK’s controversial smart meter programme will only succeed in saving consumers cash if people are made aware of the benefits, says Rob Smith, head of policy and public affairs at Smart Energy GB."
So, if we were made aware the benefits would be non-existent, we could save consumers the price of these new meters by stopping the roll out now? Sounds fair.
This nob-end is in the same league as Nicola Shaw (head of the National Grid), who is convinced that Smart Meters (and presumably fairy dust) , not a sensible policy of replacing aging power stations, will prevent brown outs.
Then she suggests moving dishwashers, tumble dryers and washing machines to run at night, in the "cheap tariffs"
Presumably not aware that these devices are not supposed to be run unattended due to fire risks (as we all discovered during the dryer recall last year).
I guess we can keep warm at night using the energy of nearby burning houses.
Given the earth was demolished to make way for a hyperspace bypass, they also had hyperspace. Apparently travelling in hyperspace is unpleasantly like being drunk.
The infinite improbability drive was invented to allow interstellar travel without all that tedious mucking about in hyperspace.
"Better to layoff a few thousand and revitalize your business than to keep going in a failing direction"
Amazingly IBM seemed to have cracked the secret of managing to do both (minus the "revlitalize", I wonder how many remaining employees at IBM are feeling "revitalized" right now).