Posts by doublelayer 9378 publicly visible posts • joined 22 Feb 2018
You earn what you chose to accept for your work. If you think your employer is getting a lot from what you've done, by all means request or demand more from them and consider leaving if they won't agree with that, but just because they turn a profit doesn't mean you automatically earned more. Similarly, if they're not making money, you didn't earn less; the wages you get are yours no matter how badly they've done.
People stuck with XP when it went EOL. They stuck with 7 when it did so as well. They stuck with both when there were attacks being used against them. They'll stick with 10 too. Businesses don't update when Microsoft says it's the next best thing and everyone needs it right away.
I also expect that nobody will bother removing Windows 10 machines until 2025 rolls along. Some places will make plans for the Windows 11 peculiarities as they start to get more devices running it (just as they obtain new ones really). By 2025, many of the older machines will have been replaced due to age or damage, so they'll have some of each. Only then will anyone start considering applying the 11 update to all those machines running 10 that support it.
Now I'm wondering what you think I was saying. It could easily have been right or you could think I was agreeing with the original comment.
For the avoidance of doubt, I was saying the idea that Microsoft software is the cause of and a FOSS environment the unstoppable cure for user-caused vulnerabilities is obviously false. Microsoft has a lot to answer for, both in security and in general, but that complaint is not correct.
I know. That's why I only ever use Linux. They don't have the concept of binaries or scripts so nobody could send me a malicious one. Although I've been thinking about changing to BSD because I hear they completely prevent the most clueless person from entering sensitive data on a malicious website because they've implemented RFC 3514 strictly.
I'm not entirely sold on this, but there's something else that will be required if you are and will be very useful if you aren't. You need a way to have people report problems to someone knowledgeable who won't attack the finder of the problem. I have two examples to demonstrate why this is necessary.
The first is from an internal hacker who discovered a vulnerability. You've probably heard the story. When Richard Feynman was working at Los Alamos, he discovered that the locks on safes containing nuclear designs weren't very good. He could open them with a paper clip. When they got higher security locks, he found that they too could be attacked too easily for comfort, and he reported it. As the story goes, the administrators decided that the new policy was not to let Feynman near safes he wasn't supposed to get into. In other words, they completely failed to recognize the severity of the vulnerability he was pointing out and were attacking the one person they could be sure wasn't going to misuse the vulnerability.
The second example is from an external hacker (me, by accident, on a system from the same company but not related to my work). I found a vulnerability in a system that allowed public access to somewhat important internal data. I knew enough to know that what I'd just seen was not supposed to be visible and that there was more where that came from. I sent an email describing the problem to the managing team. If I'd been really external, I couldn't have done that very easily either, because contacting a specific team when you're not internal is difficult (and I'd have been afraid of retaliation, so I'm not sure if I'd have done it anyway). Nobody responded. Sending more emails didn't help. The only way I got anyone to look into the problem was by knowing a friend who could introduce me to someone who worked with the team, who in turn could introduce me to someone on the team itself. Reporting a problem took a lot of effort, and had the bug been much smaller, I wouldn't have bothered reporting it.
If you ask people to find vulnerabilities or even if you don't, there needs to be a way to get reports and handle them without making the person reporting it the bad guy. If the ideas in the article sound like a good idea, don't start with them until this first step is completed, or the process will backfire when someone's found a problem and can't find anyone to fix it.
This has been discussed elsewhere in the comments, but in short, it doesn't work as well. The fan example works because it can be directly controlled from the compromised machine in a deterministic manner. The light bulb is less reliable, so the speed and error rate are even worse than the fan. However, even if you're ignoring that, the only way to control the light bulb is to send out a radio signal, so if you're already doing that, you can just use that signal directly. The fan approach works well in a very secure environment because it doesn't require the attacker to connect extra hardware to the sensitive machine or emit a signal that could be detected.
Or alternatively, you only do point 2 and point your transmitter in a narrow beam at your receiver. You have to have a receiver nearby anyway to watch the flicker. That way, nobody can notice the flicker and investigate the problem. Also, I'm presuming that, if you don't flicker too often, the bulb doesn't factory reset, but if it doesn't flush out whatever malformed buffer is created, it could be that you just get a finite number of bits before your system stops working until someone fixes the bulb. A single transmitter won't have that problem and avoids relying on an unreliable bug and an error-prone signal receiver.
But in order to get their computer to transmit the data, you need to have installed software (this part could be done remotely) and configured it to be able to transmit to the light bulb. The transmitter means you'll probably have to attach a USB transmitter to their laptop, but obviously that means physical access and you could do more. Even if you managed to put a transmitter somewhere where the laptop could transmit to it without requiring physical access to the laptop, you could have that send a Bluetooth signal across the street, or a different protocol (LoRa, maybe) if you want pure broadcast with no interaction from your end. You'd have throughput measured in kilobytes per second instead of bits per minute. Even if you want only a few bits of data, you could get it in a few milliseconds' burst transmission which means you're less likely to get caught or to break your system before you've retrieved what you want.
That's not really the bug they've got. The normal messages are authenticated, hence why someone can only cause the bulbs to malfunction. If they didn't bother with authentication, someone could take more direct control. Their real bug is in their parsing of incoming messages. Most unauthenticated messages would be dropped, but a malformed one seemingly crashes something which has affects. They need to fix their receiver system's parser, not their authentication system.
That doesn't work well for two reasons. First, this doesn't let you flicker the light however you want. It's not an instant on/off switch. It lets you mess with the device and cause it to malfunction, but not in a deterministic way that produces clean results. If you wanted to do this, your decoding algorithm would have to filter out a lot of noise and you'd have to limit how often you sent your flicker commands, meaning you'd have a really slow baud rate for any transmission you had and you'd need that transmission to contain a lot of error correction. If the lights are on a motion sensor or people turn them off at the wall when they leave, you'd also need to accommodate for it.
Second, the way you flicker the light is to send a radio signal from the device controlling it from a close distance. If you're using that to send data, then you're sending out a signal from the machine that contains the sensitive data. To receive the signal, the receiver needs to be able to detect the light. If you can bring a radio transmitter and a receiver with a camera into the location where the sensitive data is, you can do a much better job by simply sending the data with the transmitter and replacing the camera on the receiver with a radio antenna. You wouldn't need to rely on unspecified behavior from a light bulb or to have security notice you've got a camera on you (if you can take in a camera, you might also try taking pictures of the sensitive data). If you can get the equipment where you need it in order to exploit this, you could already have gotten better equipment in there with fewer requirements.
The code's open. People will be compiling it all over the place in a matter of days. Would compiling and testing on a compromised server really do anything? I think not, but even if it would, just using a cloud machine doesn't mean there's anything wrong with it. The classic reason to distrust the cloud is the provider having access to the private data, but as this is open source code, there isn't private data to be had.
I haven't researched this, but the specific codenames imply that the chips that didn't support ECC were the Zen 1 and 2 range APUs. If that's true, then it's less that AMD also carved out a set but rather that they've only added it recently. It appears that all Zen 3 or higher APUs should support it and for some reason, Zen 1-2 chips without integrated graphics do as well. Maybe they had a problem getting ECC support along with the integrated GPU when those were newer.
Before buying things based on my hypothesis, check more thoroughly than I did because I might be proving my ignorance.
They do now (you still choose a language to start with, but you can download new languages and switch over to them). I think they didn't before because localization could end up using a lot more disk space, especially with international alphabets requiring a new set of fonts, dictionaries, etc. I have an old version of Office with some optional language packs on the disks. It indicates that one additional language uses about 50 MB, which is tiny for us now but a bit bigger when there was still a chance floppies were used to install it. When disk sizes were so restricted, I could see people who were very annoyed that they had extra language files they weren't using, which is much less a problem now.
Because backing up data that a nontechnical user probably didn't is totally unnecessary. Sure, if you gave me a drive with separate partitions, I might do the reinstall on it, but I'm first copying the /home data off just in case the installer messes with the partitions. In fact, while I was writing that sentence, I realized that I'd still use a clean drive just in case the person concerned concluded I broke something, so they had a copy of the broken OS files too. So in no case would I fix this problem by installing directly onto the original drive unless I had no replacements available, no matter what partitions were on it.
That does seem to be the general expectation. Not that I fight it too hard, but I don't expect other people to do whatever they're good at for free. Somehow technical help (which since I'm a programmer my acquaintances think covers everything from hardware failures to data recovery to web design) is the exception to this. I'm usually happy to do it for close friends and family, but there is a fine line between my willing to be generous because I like them and people expecting that I'll do anything they want at any time.
It isn't better than the old way. I don't like it either. Unfortunately, you've taken a bunch of true things about parts of cryptocurrency and jumbled them all together, suggesting they apply in a way they don't.
For example, some cryptocurrencies are decentralized and some are not. People choose whether they want a decentralized one without the protections (the more common and well-known kind) or one where the central authority could wreck things for them, but you write as if every cryptocurrency has both, which they don't. Similarly, some cryptocurrencies have prohibitive transaction fees, and some don't, but you've applied the famously high fees from ones like Bitcoin to every one of them. Cryptocurrencies can use a "code is law" approach or a "voting shares" approach, but in most cases, they don't use both because that breaks a lot of things. By taking a few correct ideas about cryptocurrencies in general and mixing them into a frankencurrency that has the worst of everything, your argument for why cryptocurrency is bad has numerous flaws.
Cryptocurrencies in general are risky and in many cases bad at accomplishing the goals they were intended to solve. I find it odd that, with the real problems almost all have had, there are so many people who argue against them using incorrect understandings of how they work. You don't need to look very hard to find something not to like.
Fiat money is not a new term. It's a useful distinction from mineral currency (buying something with gold or another valuable thing directly), specie currency (paper attached to minerals, usually gold, held in reserve), and other currencies (anything where someone accepts it as a value exchange for buying something or paying a debt). Since cryptocurrency isn't much good at anything else, its only value, if it has any at all, is as an alternative currency. There are people who will exchange it for things we consider valuable, indicating that it does have some monetary value. The term applies well to distinguish the different kinds of currency, even if you don't like one of the members of the group.
"The Middle Ages has tales about the village idiot who was unemployable but still looked after."
I wouldn't count on the middle ages having done everything in the stories. The village idiot could have managed to do basic manual labor, which is what a lot of other people were doing anyway. A lot of people at that time had no protections other than being able to ask family or friends for assistance, and I'm prepared to guess that a lot of people suffered badly from that. This is especially in contrast to developed countries today, where depending on why you're "unemployable", there are explicit programs designed to make sure that you don't just rely on family to get by. I don't have direct experience of these programs, and I won't pretend they're perfect, but compared to historical examples, they're much stronger.
What you said doesn't really contradict what they said. Whatever the reasons for choosing to resign, whether that was not liking the job because it was boring or because they felt mistreated, they chose to retire early and had the ability to do so for the moment. The pandemic had a lot of benefits for people who wanted to leave their job, from assistance to those who were unemployed to an easy market to switch into another job. Those advantages won't last forever, and as retirees have already seen, not having a job can be more expensive than they planned.
I'm not sure the reasons people chose to resign are that relevant. People have the right to leave a job even if there's no mistreatment and they just don't like it. While there were so many companies looking for people, I know several who took advantage to find a different job, and I encourage it. That may not last much longer, though, and the amount of money the employer pays may become more important as prices rise.
The choice of words wouldn't really help with your goals. The actions you recommend are illegal under international law, so if you want them to happen, you need a country that's willing to ignore that (obviously, there are several who do that already). Countries who have done those things to terrorists don't do it because they're described as terrorists. They do it because they really dislike those people. Therefore, renaming the crime "terrorism" isn't going to convince those countries to change tactics, as they could do that right now no matter what the crime is called.
We already know what happens to ransomware creators when they do get caught. Earlier this week, this paper ran a story about the sentencing of one of them to twenty years in prison (it could have been forty but presumably they cooperated with investigators). That's not what you want to happen to them, perhaps, but it is quite severe. The problem is that a lot of people involved in ransomware aren't getting to that point. Either they have good opsec and the investigators failed to identify them, they hide their activities and investigators lack evidence to convict them, or they're in a location where their host won't extradite or charge them. Renaming them terrorists won't fix any of those problems, because if it could, it would have been done for a lot of different kinds of crime.
No, I'm afraid it would not. If they knowingly process transactions for criminals now, they're already chargeable for money laundering if not accessories to the crime itself. If those criminals are terrorists, that's still what they get charged with. Crimes along the lines of "funding terrorism" apply to people who give money to those criminals, not people who take money and process it. Many of those exchanges would argue in either case that they don't know where the money came from, which wouldn't always work but might in some cases be true.
I think a lot of large U.S. hospitals work that way. The places providing the care may be nonprofits, but that's not the same as free or charged to governments. It just means that the money collected from patients goes to a fund to continue upkeep of the facility, not to shareholders.
It depends. What do you want that to accomplish? If we use "terrorist" as just a type of criminal that could be better or worse than a different kind, then no because the definition tends to include committing violence for a political end and neither of those happened here. If it's now to be used for criminals that cause large amounts of damage and we want to put extra energy into capturing them and terminating their activities, sure, but that's probably a different word.
I think the best approach is to have a new term for the type of criminals this contains, as overloading the word terrorism hasn't produced useful results in the past and can lead to unexpected events.
You certainly don't need 5G for a 10 Mb/s connection. 4G could have and did do it. They're probably using 5G because there's more unused capacity in it and a fixed receiver is likely running on mains power so the increased power usage isn't an issue. Of course, with that speed cap, people would probably only buy this if there's poor cable service but good mobile service in a location. That speed is probably acceptable for a single user, but scaling to a larger household probably doesn't go well.
If the cable connection is bad enough (which their multiplier suggests isn't the case for them) and that speed is consistent, that could be shared between multiple devices on the home network. Many devices using that connection simultaneously could hit that speed limit, and are much more likely to hit the limit of 4G service.
The main problem I've seen with using mobile networks as home internet is that there is usually some limitation to the data that can be used (sure, they say unlimited, but there's often a throttle threshold somewhere and it's often low enough that someone who streams a lot of video is likely to hit it frequently). If your speed gets cut after you've used a hundred gigabytes, then the excellent 5G performance won't be very helpful anymore.
"I wonder if 3 shifts/24 hours of manual labour for a year costs more or less than the $20,000 Musk reckons his humanoid robots will cost?"
More. I found a few estimated average for Amazon's warehouse workers in the US ranging from $15.50 to $17.00. There appear to be some jobs and locations significantly exceeding these, but they didn't provide enough information to filter out higher-level supervisor jobs in the warehouses so I can't confidently use those. I know they've talked about increasing that and may have done so, but let's assume these are still accurate. In fact, let's assume these are overestimating and use a nice round $15.00 per hour.
If they have absolutely no overtime, then wages alone for a single worker-year (full-time 8 hour shifts 5 days a week) would be $31,320. Extending that to a single worker for every hour in a 24/7 setup would be $131,400. Amazon also has health insurance benefits, payroll taxes, unemployment insurance, and other expenses, so these numbers are significantly below what they have to spend.
The only problem is that a humanoid robot may not be able to do what a human can. I don't work in robotics, but I know enough people who have to watch them do a lot of work to get a robot to do something that comes very naturally to a human. If the robots are to be deployed in an environment with unplanned obstacles and for tasks without an easy deterministic answer, the robots may be incapable of reaching the efficiency of a human.
The amendment concerned does not say "no US citizen can be denied due process of law". It says that no person can be denied due process of law. The distinction is relevant because corporations are considered legal persons but not citizens. The debate over exactly what the personhood definition should mean has come to include a lot of things, but it's pretty clear that one of the most basic ones is that the laws apply to corporations as they would apply to individuals. Being in a corporation shouldn't mean that you can do whatever you want or that the government can do whatever it wants to you.
Whether you implement that with a legal personhood hack, by extending the language, or (as was often done before the legal personhood system) making a link between the people owning or running a corporation and that corporation and using their rights as the corporation's rights, you'll get to the same place. Other aspects of legal personhood are not necessarily included. The last approach breaks a lot, which is why it was replaced.
In their defense, it's more the same period, again. Uber may not be a great company now, but they were a really bad one in the mid 2010s. The fallout from that period, including this action from 2016, doesn't necessarily reflect on them today. They could theoretically have improved massively and this legal decision would still be required. I have no idea if they have improved or not.
Prepositional phrases in English may proceed verbs. It may not be the most typical order, but it is for most uses accepted by grammarians. Sometimes, to comply with their other rule of not putting the preposition last, this pattern ends up being more common in formal writing than informal speaking, where most rules of grammar are discarded in favor of the "it sounds right and I'm not going to complain about it" principle.
Given your mention of Cobol, I don't know if you're being serious about blocking Python, but it's an argument I've heard before from people who definitely intend to do it. It doesn't work.
Of course, blocking Python would prevent some infection. And execution of any code outside the Windows directory. And inside that directory. And in the bootloader. I can provide you perfect security in this vein using the fail-safe security tool known as a blowtorch.
If you disable every function of a computer, it becomes a lot worse for doing useful things. Maybe nobody uses Python themselves, but there are still applications written in it which disabling every copy of Python will break. That's not a realistic way to block malware because it's a lot easier for the malware writers to port their script to something else or hide their interpreter than for the average user to get around a block that prevents them from working. They clearly didn't think they needed to hide their tooling this time, and they were right, but if it turned out they needed to, that's a day's effort for one programmer and your efforts to block Python are circumvented.
They had ads, just not for the same thing. Ads that are only for the government don't make them better, they just make the list of people you hate for putting them up shorter. Another reason it seemed like there were fewer of them is that a lot of the places to put ads weren't available yet. There also weren't many ads on the early 1970s internet, and the Soviet communications system didn't get much more advanced than that until modern Russian internet. Admittedly, I haven't watched a lot of Soviet television, but if they operated like many of their allied countries, there are lots of interruptions from the government-approved news for even less factual stuff.
I think that the Soviets would have eagerly accepted the chance to put some propaganda message in the sky at various points in their history, assuming they had enough funding or could get some other benefit from the required research. A lot of their space activities had propaganda goals as well, so it wouldn't be out of character.
So, if I'm understanding your claim, you sent out a DNS packet (which doesn't identify your machine) inside China, then moved the computer outside of China, and it was blocked? There doesn't appear to be any mechanism for them to identify that computer if they wanted to block it, as the DNS packet only contains the IP address of the requester, which would have changed if you left China. Unless I'm misunderstanding your testing, I think you may have misinterpreted the results.
"Progress, yes, but a death knell for all the still serviceable older inkjet and laser printers once this becomes the only way to print."
It should be exactly the opposite of that. As long as the format to be printed is known, then you can just write a shim that translates that format into either a bitmap or bitstream read by those printers. That's no harder to do than the current driver, in that if they update the driver, it will do it for you, and if they don't, you have the same emulation options you would have had with the out-of--date driver. Most things can benefit from not having hardware-specific drivers if feasible, because a standards-compliant device can be made to work with almost anything.
If you can achieve similar results for similar effort using Gimp, that's great. If the worker doesn't think they can manage that, it makes sense that they don't want to try doing so for reasons they think are invalid. You can always fire them, but you'll probably have more problems finding people who have experience or the desire to use the tool you want if it's so niche.
Take programming. My employer could ask me to write in a number of languages and I'll accept. If I don't know the language, I can always learn it. If they tell me that our project's to be written in Apple II integer basic, though, I'm not likely to put up with that craziness just because someone issued an edict. After attempting to convince them otherwise, I'll decide whether it's worth leaving not to have to do that. They're likely to find that most developers don't want to use a tool that, while technically capable of the job, is painful and unproductive for the task at hand.
The URL contained in an NFT isn't hard to copy. The thing that makes it unique is the private key attached to it which is the only thing that can transfer the "ownership" of that token to another person with their own private key. While that private key remains private, the contained element can be attached to a single identifiable owner who has the exclusive right and ability to sell their token. The included token happens to be worthless, but it is a uniquely theirs worthless thing. Now if only that could be extended to do something useful (spoiler, it can't, but there are people who will pretend otherwise if you let them).
So, if I understand your hypothesis correctly, he made the price decrease so he could buy it cheaply, then he could execute a sale at the original higher price, so he gives more of his money to himself. And because he decreased the price so much, he now gets to pay even more of that money in capital gains tax. And he bought stock through proxies to avoid it being obvious to other investors, which by the way is a crime, so he'd have to find another way to get the money he gave to himself via illegal proxies back into his bank account without tipping off either the market regulators or the tax authorities.
I think maybe he had a different set of reasons.
Good questions. I'm going to take them out of order, though.
"What exactly is the judge's role, and who are we to second guess their decision?"
The judge's role is to look at the evidence and the law and assign an appropriate sentence, keeping in mind that the law may state sentencing requirements or recommendations that limit their power. We are not only worthy of second-guessing that decision, but it is meritorious for us to do so in our role as citizens. We don't get to countermand the decision, but if we think that the sentences are consistently unethical in either direction, it's a thing that we, through our democratic processes, can change by altering the aforementioned sentencing requirements in law.
"What is justice, and what, ultimately, is the point of it? How does it relate to courts and the penal system?"
That's the larger question, and I don't have a pithy answer to it. Part of it is ensuring that new crimes are not committed, by this defendant or by others. Inadequate penalties can produce bad results, but massive deterrents aren't perfect either. Some degree of equality in justice is important as well.
They've got magnetic USB-C cables. You put a small metal part into the port, connect the cable with magnets, and the two can come apart more easily. It also puts less strain on the port. You don't need USB-M for that, and it allows you to choose whether you want magnetic or more firmly connected for each device. If you don't happen to have your magnetic cable, you can still remove the connector and use a standard cable, so you have the best of both worlds. The only downside thus far is that I'm unaware of a single standard for those magnetic connectors, though some of them do orient the pins the same way. If they want, the USB consortium could design that standard, and that would help.
"Is it possible for the USB-C socket to incorporate some sort of silicone cover, or dummy plug, without breaking USB-C standards?"
Yes, very easily. Neither of these would have any problem with the standard. Nor is there a problem with the magnetic connectors that remain in the port and connect to another cable, though I'd like to see a standard for those connectors as well because they provide a MagSafe-like connector, which I value in laptops.
Laptops aren't on the list yet, they specified a threshold of 100 W above which devices can use a different connector, and changes to the USB-C specification now allow it to carry 240 W, which is usually enough even for those laptops. For three independent reasons, this is not a problem for such machines.
On at least a few occasions, when someone contacts an embassy offering things and the judgement is that they're not worth bothering with, the embassy turns them over to law enforcement on their own. I don't know how often that happens, but more than zero. Doing that builds a relationship with the host country at least a little. It's possible that happened this time.
If you're doing espionage right, you don't tell your spymasters who you are. After all, if this guy had extracted files in a way that didn't involve printing them on NSA printers and didn't deposit the money directly into his bank account, the FBI wouldn't have known who he was. That's ruined if you give anyone enough information to verify the amount of debt you claim to have.
It feels weird to give advice for how to spy properly, but I'm going to do it anyway. If you're going to do it, you want to be as anonymous as you can be. If you end up talking to law enforcement instead of who you think you are, you don't want to be identified. If the country you're spying for decides that it wants to negotiate with the one you're in, you don't want your identity to be on their list of bargaining chips. If you end up regretting your decision to spy, you don't want the country you were spying for to have blackmail material on you (for example that you were spying). If they can verify the information you give them about how much debt you have, you've failed at this important step.
Really? Because one person turning down a brightness knob when everyone else was gone is too implausible? Maybe I'd be inclined to believe you if the recovery included a long story of how flummoxed the victim was, but it seems they figured it out pretty fast.
I don't think they went looking for someone, as what would they do if they could identify them? Anyone could have done that with five seconds, and could have done it as a prank or out of irritation. Nothing to be done but fix it and move on.
There should be some kind of rule prohibiting a professor from writing their own textbook for a class. If the professor's bad and the book is too, things are not good. I had a textbook written by a professor at my university. He was very proud of it, but I didn't find anyone who thought it was good. The only reason I learned anything was that a different professor was teaching the class that term. The responsible professor had already done his damnedest on a different course, so I know he couldn't write course materials that any student could understand or learn from.
This became awkward (just for me, but I certainly felt awkward) when I met him as a possible research advisor. He was nice, seemed happy for me to join his team, and was researching something I found interesting, but I ended up going to a different team just because I'd spent so much of a previous term hating his textbook.
"Question: How is a user's honour affected when the same firmware is loaded into the co-processor from a ROM baked into the hardware rather than from temporary or removable storage?"
I'm not sure where "honour" comes into it in the first place, but one risk with having blobs loaded at startup instead of loaded from ROM is the distribution rights. If the hardware manufacturer includes a license either restricting or putting conditions on who can distribute the blob, then an OS that includes it could be responsible for following those terms. That could include things like not allowing it to be used in certain industries, which is against the guidelines for free software and which the distro maintainers don't have any logical way to prevent anyway. When the blob is in ROM, then the distro provider doesn't have to follow any license as they're not distributing any code covered by the proprietary license.
It's not a great idea to use anything you leave behind as authentication for critical things. That includes your fingerprints and your DNA. If I can get a copy of those by being near you for an hour or so and monitoring what you've touched, it's not good for proving your identity for a one-time thing. It works a bit better for something where you provide new samples each time. For example, using a fingerprint to unlock a door or device makes more sense than using one to sign a contract, but there's a risk for both so if it's really important, don't even use it for the door.
There's a reason the suggestion started with "If you want smart", though maybe I should have put some quotation marks around smart. I would also suggest a simple screen that does nothing on its own, but if a manufacturer thinks there's value in having functions that don't depend on any external device, they could still do it better.
To be fair (possibly too fair) to them, there is value in doing it the other way around. I know some people who have iPads and value that they can use them as extra monitors for Macs when they're not being used as tablets. As I understand the feature, it only works with Apple systems (and I'm guessing occasionally breaks there too), so having a tablet that doubles as a monitor without the manufacturer-specific limitations could be useful to someone who already likes tablets. This restricted environment device, however, lacks the advantages of the tablet part and doesn't do anything to justify its increased price.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
