Comment Re:The issue is (Score 1) 564
Next time you need surgery, will you ask for the doctor who aced his degree or the one who got it for participation?
Next time you need surgery, will you ask for the doctor who aced his degree or the one who got it for participation?
Why does it cost >2X to develop Android or Apple app over a Blackberry one? I could see specs or even code resuse but in that case only 1, not 2 platforms should have the high cost. Does blackberry do something that makes development easier or is there a surplus of blackberry developers out there driving down the price? Or are the blackberry developers just so much more efficient with their time?
Software is a business. If offshore development produces "good enough" results and costs less, that is what a good business is obligated to do. No different than any other industry (hence you buy cheap T-shirts made in China and are not willing to spend 10x the money on one made locally).
Similar argument to off-sourcing is using open free software. Businesses often use free software because it's "good enough" killing jobs for people who would like to make a better product they can charge money for (but also need a paycheck for it).
If you say open source free software benefits the software industry, why would cheap software (developed off-shore) not do the same?
There are 2 kinds of interviewers the ones who what to find out what you know and the ones who want to see if you know what they know. The latter tend to be very narrow minded looking for the interviewee to come up with the only answer they know, often phrased exactly how they heard or read it.
Does anyone know whether the information logged and/or sold is based only on your traffic log, deep packet inspection or is Verizon forcing a spying application on every phone. For example, if I'm browsing on a blackberry via a blackberry proxy, will Verizon log the sites or only the fact that I'm VPN'ed back to he BES server?
Google is the "Do no Evil" company, they are immune. Have you ever installed google maps on your cell phone? Did you read the EULA that states they reserve the right to turn on the microphone at any time and record what they termed "ambient noise"? That's besides the fact that google maps will not start unless you give it permissions to access absolutely EVERYTHING on your phone - try it on a blackberry and set the application permission to deny even one permission - no go, you must surrender everything on the phone to google. I'm guessing on other phones where there is no such fine grained permission scheme noone notices.
You a missing some basic geometry - if you have a 1920x1080 screen with HD aspect ratio, you can watch 1080p in native resolution taking up the entire screen. If you have the same size and aspect ration screen but 1920x1200 you cannot do pixel-for-pixel playback because the pixels are different shape, this means you have to either scale the image either way unless you don't care about stretched pictutre. In the case you chose to use only 1080 lines, you'll end up with bars all around the screen which reduces your screen size. Either way, scaling costs power (whether performed by the graphics chipset or by software which case it also costs you processing power) and that shortens the battery life of the laptop.
Stretched picture, shorter battery life and/or smaller viewable video size are things that some people care about.
They didn't come for anyone. Apple App Store is (as the name implies) Apple's property. Their store, their service, not funded by any money anyone was forced to pay (such as taxes). They also don't put anyone in jail, fine or inflict any other punishment on anyone. If you don't like Apple, don't buy their products - there are alternatives. Next are you going to go after McDonalds for not service some ethnic food as censorship?
TimHunter, since you don't consider this private information that anyone can do anything with, can you please post your name, address, city of birth and last 4 digits of your SSN? Maybe some folks reading this can demonstrate to you what can be achieved with such information.
Do you seriously consider this an explanation?
So why was Google asking for the SSN in the first place if they had no plans to record it? Maybe just to give some landfill diggers a chance to collect this information?
Also, how is providing city of birth any better proof than clicking "yes - I am a citizen"? Do you think coming up with a name of a US city is so much harder? Google itself will provide you a myriad of choices (go ahead, google it).
The other exploits still exist due to SMTP.
1. Unless 100% of servers go to TLS, you'll have to allow for unencrypted sessions and since the decision to encrypt is unsecured, you will always be able to do a man-in-the middle attack forcing unencrypted sessions.
2. Even if 100% of servers do go TLS, SMTP is still missing the information of who is allowed to send what mail. my_evil_server.com with a valid certificate can connect to you, validate with proper certificate, then sends you mail from JPMorgan
The only way to secure the 2 above exploits is to hard code on your server to only accept JPMorgan emails over TLS, *AND* only from a specific set of server - that doesn't scale if JPMorgan adds a new mail server, nor does it scale as a generic solution for all emails from all over the internet.
Cheers!
Using TLS for your SMTP is like putting a 6ft steel door on a straw hut. There are so many ways to go around it. For example:
1. Most servers that use TLS SMTP don't check trust chains - self signed certificates work with them so you can do main-in-the middle TLS
2. Most server that support TLS still allow non-TLS connections to accommodate servers that don't. This means man-in-the-middle attacks are trivial (just filer out the string that tells advertises TLS support causing the connection to proceed without encryption)
3. Even if you set your server to enforce TLS from JPmorgan (and properly check the trust chain for the other server) I can still obtain a valid cert for myevilmailserver.com and then connect to your server, authenticate and send you the email. If you go further and check SPF/SenderID (if JP Morgan has it properly setup) I can still spoof those since JP Morgan most likely does use secure DNS. Etc, etc...
SMTP TLS doesn't really give you anything other than prevent casual packet sniffer from seeing your email. Once you allow man-in-the-middle attacks all bets are off. If you are willing to restrict your server to only work with a known other server and not with any other server, create your own trust chains for certs, configure the other server to work securely with your server (and yes, you'll need access to both servers), etc, etc - it's easier to just setup a proper VPN between you and the server you want to secure communication from.
You may run into a small problem in that department - UN is one of the most impotent organizations in the world.
Lucky for the world too, considering it's main purpose seems to be to legitimize the wrongdoers. If you don't believe me, look up for example the countries with biggest human rights violations by the government and see if they have a seat at the UN. It's like having an anti-organized-crime task force with the biggest crime bosses on the board of directors.
None of matters, how? Because you say so? And you state it with such authority too. Such naive "authoritative" views is why we have such bad security ideas go ahead. Direct URL prevents users from catching a virus from their free porn site, but is still totally vulnerable to so many attacks. E.g:
1. I can spoof your DNS and have your browser connect my server instead of the bank's
2. I can ARP spoof your gateway and pick from a choice of man-in-the-middle attacks (if you are using 1 year old version of Firefox, I can go download ready-made programs to perform those attacks, I don't even need to understand them - there is even one which lets me execute arbitrary code on your machine).
3. I can use attacks like sslstrip, most users won't notice
4. etc, etc.
Do some research on SSL/TLS attacks, HTTP attacks, etc.
6 Curses = 1 Hexahex