Which is why I always laugh my ass off at all these people who use PGP to sign things and put a hash on the same website you download it from ... look you can verify this file you downloaded from the website hasn't changed because theres no way anyone would be smart enough to update the hash as well!

That's why you SIGN the hash. Then only the public key needs to be published by a different route.

And it doesn't HURT to publish it on the web site as well: Then someone tampering by substituting a different public key sets off alarm bells when that differs from the public key obtained from another site or by another path. Blocking that makes man-in-the-middle more complex: The attacker has to have essentially total control of the path to the victim and be able to recognize and substitute the public key whenever it shows up. One slip-up and somebody may raise the alarm.

Meanwhile: Even if publishing hashes on the same site may not provide additional security against MITM, it DOES let you check the download wasnt corrupted in transit (in ways other than malicious substitution). With modern protocols that's less of a problem these days than it used to be, but a check would be comforting.

I think that the apps are supposed to be signed(at least to get useful elevated priviliges, like access to the network or to the player local storage); but if a signed, legitimate, app makes a network request to a server that is no longer friendly, then it becomes a question of input validation, even if the application signing scheme is 100% in order and nobody screwed any part of that up.

Call me a pessimist; but I'd bet nontrivial money that a lot of the 'interactive' cruft that is pumped out to bulk up 'special edition' releases is barely up to the challenge of presenting a helpful error message if it gets a 404 from the remote host, much less not falling over and wagging its tail against moderately clever malice. In that case, it'd be a fully signed and approved app doing the work, but taking action based on (ill-founded) trust in content it downloaded.

I'd not be terribly interested in the capabilities of the players themselves(routers make better zombies and are way more internet facing and unlikely to be turned off, and generally atrocious on security); but I would be very, very, nervous about anything that serves as a nice, subtle, persistent implant on a LAN.

Even enterprises have a nasty habit of pretending that they can get away with a little sloppiness 'inside the firewall', and consumer gear often can't be persuaded not be absurdly trusting of anything that happens to share a subnet with, in the interests of ease-of-use, 'autodiscovery', and similar. If you can get an implant on one device, especially one that nobody is going to suspect(and may have few options, short of replacing, if they do), you can reinfect other devices as they pop up more or less at your leisure.

Unfortunately, it's not just blu ray: 'BD-J' is their specific variant; but it is based on the so-called 'Globally Executable MHP', a truly horrifying acronym-standard-soup constructed to enable vaguely interoperable java-based UI atrocities for various flavors of set top box associated with DVB-T, DVB-S, and DVB-C(Basically, all digital broadcast and cable activity that isn't ATSC, ISDB, DTMB, or some fully proprietary oddball).

BD-J is North America's main point of contact with this delightful substance; but it enjoys near-total ubiquity in the parts of the world that also use DVB.

For the record, I have nothing against CSE wanting to grow and wanting to become a stand-alone School. They are a great department and do a lot of interesting work. But I intensely dislike when the "haves" misrepresent facts or plead poverty in an attempt to acquire ever-more-scarce public funding.

It doesn't rank terribly high on the list of choices, given that it would be a pain in the ass to get your malware pressed into a reasonable number of disks(without suitable insider access to the later stages of disk manufacture process, in which case you might have some real room for fun); but there is one little detail that might get rather ugly:

With 'BD Live', disks can be authored to include access to network resources, as well as locally stored assets, in their Java-driven interactive content stuff. Now, there is no way for an attacker to change the URLs a disk requests; but nor is there a way for anyone else to do so. Whatever was stamped into the disk at production will remain until the disk leaves use.

Given that companies come and go, and company interest in specific products tends to wane even faster, I would be very, very, very, surprised if the various companies releasing 'BD Live' disks have managed to always retain control of the domain names that their disks will attempt to access. It wouldn't be a terribly high value exploit; but since a disk will attempt to access exactly the same URLs until it dies, you might be able to score a steady trickle of reliable re-infections by snapping up any lapsed domains associated with BD Live disks and adding a little 'bonus content'.

I suspect that there are a number of ways in, given the usual attention given to firmware quality; but blu-ray isn't helped by having a security model marked by absolute paranoia about the precious 'content' escaping, combined with some amount of incompetence and a lot of pure apathy about any other security concern.

With both the BD+ vm and the BD-J stuff, there is a lot of attention paid to 'ooh, the an unauthorized player attempting to do unauthorized things with the content on the disk?!'; but the contents of the disk are largely treated as trusted and the playback device is treated almost entirely as a potential adversary, not as a potential target, either from the disk side or the network side.

... blue and brown. Just now, I opened the Washington Post link on my 24" screen in a sunlit room, and it was clearly white and gold.

Though the sensations are vastly different, brown is really dark yellow. The underlying color of that part of this dress seems to be very near the perceptual boundary (probably just on the yellow side of it). This picture seems to have the dress in a non-obvious shadow, so when it is viewed by someone whose visual system doesn't adequately pick up the shadowing and compensate, it crosses the boundary and appears light brown rather than dark yellow.

Another perceptual oddity is that a very slight bluish tinge to white makes it appear "whiter than white", especially in sunlight or other strong lighting. (I suspect this works by mimicing the differential response of the various color sensors in the eye when exposed to very bright light, though blue may also "cancel out" a bit of the yellowing of aging cloth.) Laundry products up through the 1950s or so included "bluing", a mild blue dye for producing the effect. (It fell out of use when it was replaced by a fluorescent dye that reradated energy from ultraviolet as blue, making the cloth literally "brighter than white" {where "white" is defined as diffuse reflection of 100% of the incoming light}, and which, if mixed with detergent products, would stick to the cloth while the surficant was rinsed away.) I suspect some of the "blueish is brighter" effect is going on here.

When I view the picture straight-on on my LCD display, the light cloth on the upper part of the dress appears about white and the image appears somewhat washed out. Meanwhile the lower half has a bluish tinge. So I suspect the cloth is actually nearly-white with a bit of blue. (Viewed off-axis it's very blue, but the other colors are over-saturated and/or otherwise visibly off-color. So off-axis viewing makes it look more blue and this probably adds to the controversy.)

Another color-perception issue is "teal", a color between blue and green. There are paint formulations of this color that give the sensation of "distinctly blue with a greenish tinge" to some people and "distinctly green with a bluish tinge" to others, even under the same lighting and viewed from the same angle. (I'm in the "slightly-bluish-green" camp.)

The first place I encountered this was on the guitar of the filksinger Clif Flint. (On which he played _Unreality Warp_: "... I'm being followed by maroon shadows ..." B-) ) Apparently his fans occasionally had arguments about whether his guitar was blue or green, so he sometimes headed this off (or started it off on a more friendly levl) by commenting on the effect.

Perhaps they should be asking for a ".google" gTLD, for that purpose, instead of trying to monopolize a generic identifier.

I was about to suggest the same, but with ".goog", to make it shorter. (Can't think of a less-than-three-letter symbol that points to them as strongly.)

(It's also their stock ticker symbol, so maybe it's not such a good idea - it could cause a land rush and litigation from all the other publicly traded companies.)

And if you don't believe me, here is this quarter's CSE time schedule. Classes are held all over campus because they didn't put any classrooms into the Paul Allen Center.

So that photo at the top of the GeekWire story - the one with the packed CS class? I'm fairly sure that's in Kane Hall! The new building will do nothing to ameliorate that.

UW's current CS building is the Paul Allen Center - guess where they got the money for it?

Incidentally, the Paul Allen Center has NO CLASSROOMS. This proposed new building likely won't have them either. When they speak of "accommodate a doubling of our enrollment", what they really mean is it will give them enough office and lab space so they can double the size of their faculty - the classes will still have to be held elsewhere on campus, and the supporting funding will also have to come from somewhere else.

If you have a large enough market, the simplicity and repeatability of dedicated controllers with buttons chosen precisely for your game's design and so on is attractive.

If you don't, you run into the problem that low volume production of such gear isn't going to make the price point any more attractive, and it's fairly bulky and expensive for something you can only play a few games with.

Anyone know what the feasibility might be of, instead, of taking advantage of what is already available? For mics, the attempt to make voice control a fad left a fair number of consoles already equipped with one, cellphones and tablets all have them and support wired or wireless headsets, and USB mics of unexceptional quality cover everyone else for not much money. On the guitar side, probably-awful 'beginner' units are $60-80(probably less if you get one used after buyer's remorse claims the original victim), and essentially any electric guitar will support putting out a low-level signal into a 1/4inch jack. If a device already has a line in, a simple mechanical adapter will do, if not, cables that are a USB audio-in on one end, 1/4inch jack on the other are quite cheap. Once you had that, your game could presumably crunch the guitar's output and (depending on how much 'game' and how much 'learning tool' you want) do anything from treating a few large contact areas as 'buttons' to actually grading you on the degree to which your results match the correct output.

I doubt that, if the user needs to purchase everything, particularly new, you could beat the package cost of a mass-produced controller pack; but if you don't think that you have the volume for a suitable production run of instrument-controllers, it seems like an approach that has very low marginal cost and can work with more or less any instrument floating around in the wild, might be less risky and more approachable.

But replicants aren't robots - they are made from the same exact biochemical structures as humans. In effect, there is not much to distinguish them from humans, from a biochemical POV, and hence, if their timespan isn't artificially limited, they can live longer than 4 years and then age, as they are made of cells in which the same processes take place as in humans.

I think Deckard from Blade Runner (unlike the one from PK Dick's story) is a replicant, but I see no reason why replicants couldn't age. The technology necessary for making replicants is, essentially, biochemistry. Highly advanced biochemistry. Now if they are able to make replicants that don't age, wouldn't they use the same or ancillary biotechnologies to help "normal" humans not age? Clearly, "normal humans" do age, so the problem of aging has not been solved in the Blade Runner universe.

A gassy Harrison Ford would probably elevate that sequel, rather than damage it. It would cross genres into comedy, but eh, that's not the worst that could happen.