I wonder if any of these plans are still being updated, even if it's only by some guy in a basement office someplace.

Obviously China is still of interest, but most of them are extremely unlikely, although you wonder if there are times where it gets thought about. France after the attempt on De Gaulle or the possibility of a left-wing revolution in 1968, maybe even about Marine LePen. Mexico might warrant some kind of what-ifs around a failed state status. Germany and Japan are occupied by US forces now, but maybe there's some political theorizing about a populist/nativist Japanese party gaining power. Germany seems like the worst candidate, with the only situations I can imagine revolving around a collapse of the Euro and some kind of German administration of European economies, which seems unlikely.

Yes you can see shooting stars nearly every night but this flyby is maybe worth missing a little sleep if you have the gear and diligence to be able to see it.

Call me a cynic, but if you can't see it with the naked eye, is it really that interesting?

I'm sure it's maybe a big deal for people with telescopes and greater than average interest in astronomy, but for people not in that category it seems like it would just be one more flash of light through a telescope.

Like everyone else reporting on this story, it completely misses the point -- there's no *point* in Google writing a patch, none of the hardware companies involved would ever bother to deploy it. They have *no* control over that bit of code in your phone unless you're running a Nexus device.

Milking aging infrastructure for maximum profit, desperately defending old business models.

Now get off my lawn before I take my buggy whip to you.

Except that you've given every one of these people a free pass if you hack their computers because the court can no longer prove the data was there to begin with and not just planted.

Maybe if the rights weren't such a cluster fuck, we would have offline Netflix where the movie could be stored locally for offline viewing.

Unfortunately the rights holders and the wireless internet providers seem to be in some kind of Mexican standoff over who is the greediest asshole.

If LTE data was 10x cheaper (ie, my 10G plan was 100G), it would solve most of the stream only issues. There would still be some corner cases like long aircraft trips or weird rural areas.

If I had bought my car new and was looking at features to add or avoid, I would have put the collision avoidance system on my "meh" list and would not have paid extra for it.

As it turns out, I really like it. I have the control setup for maximum distance, which means more false alerts. But although most alerts seem "false" they're only false because I'm really paying attention and have anticipated the traffic in front of me. About 25% of the time I think it's actually valuable and there was some risk of either a really quick stop or maybe even a fender bender.

The feature that goes along with it (they share the same radar system), distance sensing cruise control, I REALLY like. I wish it would beep or something when you get behind a vehicle driving 3+ MPH slower than your set point. On the Interstate its kind of easy to get in traffic going slower than I want to by small amounts and not noticing it because the car just matches pace with the vehicle in front.

I would think that traffic heuristics -- volume of packets, frequency of packets, persistence of TCP sessions, volume of data transferred, types of TCP connectivity would provide some hints of a VPN session versus other kinds of encrypted traffic -- would possibly provide a way to compare it to known types of encrypted traffic and see VPNs. It's not like the Chinese don't have terabytes or even petabytes of real-world wild sample traffic to compare against.

I wonder if there would be some way to beat it by combining steganography and encryption to make a VPN's traffic look like some kind of unencrypted web browsing session. Embed encrypted data into retrieved pages as GIFs and plaintext mixed in with nonsense plain text and pace the traffic patterns to more closely resemble the pace of actual page views, forcing new TCP sessions for each view.

About the only weakness would be consistently contacting the same server.

It might be less useful for the kinds of normal VPN uses (low data volume, long latency as traffic was fetched) but I would think you could beat the expectations of what VPN traffic is supposed to look like.

Your bigger problem isn't going to be lighting which could be rewired without tearing up the whole house but that any receptacles up there are probably on shared circuits with the rooms below, so when someone trips a breaker below the fucking AV setup goes dark too.

Your easiest solution is to just add a subpanel up there and power the room off the subpanel.

And that's the problem I think I mentioned earlier. If MVNOs rank carriers economically where more than one is available, you're sure to be connected to the shittiest one with the slower and less reliable network.

Fear one may just be outright industrial espionage.

I'm guessing that security in Apple products goes above and beyond whatever (likely modified) FOSS libraries they use, but would also include stuff like their whole-disk encryption system, the touch ID sensor and its encodings, etc. So there's a fair amount of proprietary tech in these devices.

Fear two might be obtaining what amount to currently unknown zero-day exploits that could conceivably open all iDevices to security risks exploitable by Chinese intelligence.

AFAIK, recent models and OS levels have a generally accepted level of security that makes them difficult to break or exploit and I think this has come to be seen as a competitive advantage. Even if the security is beatable by the NSA in a lab situation, the marketing value is to businesses worried about lost devices or devices used in vertical markets with security compliance regulations.

Which is why I wondered how much Apple can control the terms of a security audit. Do the the Chinese just get handed a memory stick with ios-82-iphone6-source.tgz they can take back to their office or do they sit in a plain white room with locked down desktops that do a one-way remote console to a machine with source code? Or worse, a plain white room with a bunch of binders of printed source code?

Do MVNOs automatically get roaming on compatible carriers other than those they get wholesale agreements with? I have no idea how roaming works on the back end, but I would think that it would be something that AT&T could block if it wanted to (at least technically).

Even if it "just worked" from a handset usage perspective, there's still the question of the billing side of a roaming agreement. I think inside the US nobody thinks about roaming anymore because all the carriers have roaming agreements. To be competitive with carriers with a larger footprint, smaller carriers eat the roaming imbalance fees without upcharging their uses for roaming.

But would smaller carriers cover this imbalance for MVNOs or pass them on at cost or with some kind of added surcharge?

I still don't see how the economics of this works for Google or Apple. Both would have to be at least competitive on monthly subscriber rates compared to a direct consumer to carrier agreement, which at best would be break-even or a tiny loss. I can see Google eating a larger loss by monetizing the data analytics.

This was my first thought -- it's a search not for security of the devices, but a search for exploits of these devices and/or some form of industrial espionage.

But I wonder -- can Apple set the terms of the audit? Ie, you get to examine whatever it is you examine in our office using our provided systems which aren't connected to the Internet. You may not bring any electronic devices into the audit facility. You may not reproduce any code you review in our facility by any means, including notes, pseudocode, block diagrams, etc.

I suppose there's still some risk -- ie, deliberate subterfuge involving copying in some way or the use of a memory savant or some error so obvious they know how to attack it without any information exfiltrated.

I don't know, but I also assume that a truly thorough security audit of a large, novel (ie, you didn't write it) code base is hard and may be dependent on 2nd order effects, like the actual generated object code. Which may make it extremely time-consuming -- didn't the funded audit of TrueCrypt take an extremely long time just to do the initial audit?