Re: "redirecting google to bing"
Redirecting google to bing (or duckduckgo) may have worked a long long time ago, but it won't work now, for a variety of reasons. HSTS, invalid SSL certificates, unrecognised Host headers for example.
219 posts • joined 19 Aug 2010
> USPTO signaled that it was going to shake up its rules and make it much more likely that it will approve more software patents
No no no no no no no. We're in this godawful mess because of the lax verification of software patents. This is only going to benefit lawyers and patent trolls, to the detriment of almost everybody else on the planet.
Wasn't the network supposed to somewhat future-proof? And it's fallen over before it's even out of the gates? It's not even present-proof.
Besides the fact that gaming uses a fraction of the bandwidth that video streaming uses. Some games require less bandwidth than even audio streaming. Hilariously, this is even published on the NBN Co's very own website
Softbank have had over a year to fix things since IOActive revealed a bunch of problems back in Jan 2017.
Speaking of which:
> The researchers [...] decided that while there have been various one-off stunt-hacks of the robot, they weren't aware of any systematic assessment of Pepper's security
So they weren't aware of IOActive's work, and they don't seem to have made any attempt at responsible disclosure?
> The Auditor General however noted that the government of Queensland had pulled the plug much sooner
The project which was originally projected to cost A$6m was canned after the costs had ballooned to A$1.2b (yes, billion), and thousands of health workers had been paid incorrectly, the after-effects of which are still being felt years later.
It was a monumental disaster in every regard, and if that timeline is what classifies as "much sooner", god have mercy on Canadian souls.
Realistically, the only thing randomising the privacy bubble's width will prevent is security researchers writing blog posts.
Bike thieves tend to be more into bolt cutters and opportunity than statistical analysis, APIs and geometry.
If you value you your privacy, just set the entire ride to private, or just don't publish your GPS recordings at all.
Are they saying that because 'only' a third of people would consider sharing their car, congestion may increase? A third of people willing to share seems to be a lot higher than current rates of sharing.
And sure, people don't want to share their cars, but what if no one has cars because the self-driving fleets operated by the ubers of the future are so ubiquitous, convenient and cost effective?
Just going by the press release, it sounds like they are drawing some pretty wild conclusions that they have no right to be drawing.
I was strongly considering taking the plunge last year. I'm very glad I didn't.
> It's not like if you don't accept it, we'd be shutting down your device
They say that, but I can guarantee you that in a year or so, their app will start saying something like "outdated firmware detected, please update your Sonos."
From a technical point of view it makes a lot of sense; a common framework will allow all sorts of beneficial features, like instantly sharing the emergence of a new pothole with all other road users, (including the robot built to go fill them). My car can tell your car that my front left tyre just burst and I'm about to veer into your path, all within a few nanoseconds of the type bursting. It could also be used to more safely organise car drafting each other for better fuel efficiency.
I wonder if Ericsson will be pushing Erlang.
No, not possible.
How does your decryption algorithm know how many attempts I've made? I'm restoring from a backup every time I get it wrong.
Besides, your decryption algorithm is public knowledge (because no one in their right mind is going to use it unless it's been peer reviewed and is well understood), so I'm currently writing a program to do the decryption and just skip the bit about deleting (or 'scrambling') the message when I get the password wrong.
I can't even find it on their website so its clearly not a core design element, just a quick bit of throwaway design. Besides, the value of the reg is in it's content, not its design.
And who is stealing design from whom? The 'red masthead' style of tabloid existed long before El Reg ever did. It's even been stated by Reg staffers that the design intentionally apes the British tabloid.
Just take it as a compliment.
It's important to do research like this, but I feel they may be overstating the seriousness of this attack.
An autonomous car is going to rely on more than the reading from a single LIDAR; It's going to be combining readings from multiple ultrasound sensors, multiple optical cameras, radar, wheel position and speed sensors, etc, etc, etc.
This attack seems less of a threat to human safety than just shining a laser pen into the eyes of a more traditional meat-based driver.
You set an impossibly high bar. Automated cars will never be 100% error free.
There are 35,000 road deaths in America every year. If automated cars could even halve that number would it not be wise to mandate the use of automated cars? How many human lives is driving autonomy worth?
I'm hoping this article is a satirical look at the recent surge of papers being published on rather ridiculous out-of-band attack vectors.
"researchers have shown they can exfiltrate data by blinking an HDD led."
"researchers have shown they can exfiltrate data by vibrating a cd rom in a certain way"
"researchers have found they can exfiltrate data via ultrasound, assuming speakers are attached"
All of which assume they've compromised the computer in the first place, and are close enough to pick up vibrations and sounds from it. Thus making it all a bit redundant.
> I don't see anyone ... end their use of their products because of a new vulnerability,
Ok, so Microsoft isn't a great example, but just off the top of my head, give Mt. Gox or Ashley Madison a call, see how much they would have been willing to pay to get their hands on the bugs that wiped them out.
Every other week I read a responsible disclosure of some bug that could have wiped out or seriously damaged a business, and then in the footnotes it'll say they got a bounty of $2,000, or $10,000, or they broke some rule and the company decided to not pay out anything.
> yet again a US vulture that is quite happy to make a profit ... because capitalism trumps decency every time
Until bug bounties are competitive, these pig-dog-capitalist bug-brokerages that you despise will thrive. My point is that bug bounties programmes need to offer more. A lot more. This will also have the fantastic side-effect of compelling software producers to give much more of a shit about security. Maybe once bug bounty programmes start paying (what I would consider to be) reasonable rates, security would no longer be an afterthought, but a primary concern.
Biting the hand that feeds IT © 1998–2020