doesn't that mean my entire face would be 1 pixel large?
I think Slashdot editors believe that all of the readers must be profoundly obese chinbeards...as in, multiple chins, and a beard for each of them.
The one nice thing about Android (assuming a rooted device) is the ability to turn on and use Linux's iptables to prevent apps from phoning home. After that, Xposed and XPrivacy are good (although the interface is nowhere as nice as Protect My Privacy from Cydia on iOS) to enforce restrictions on apps that ask for more than they should.
It would be nice if XPrivacy would fake data like PMP does, so if an app asks for GPS info, it will get GPS info, but not anything useful, or if an app asks for contacts on the phone, it gets random sets of garbage.
This is all fine and good, until one app that you want to phone home uses AWS or Cloudfront, and so does another app that you don't want phoning home. Firewalls have never been a good approach to application security...evidenced by the fact that "application security" became a concept long after firewalls were commonplace.
It's kinda terrifying that the people making fast, heavy lumps of metal with computerised control systems don't already routinely isolate those control systems from any other computerised technologies in the vehicle, particularly any that can interact remotely. They shouldn't need to be publicly admonished about the dangers of these situations. Don't these organisations employ actual engineers any more?
But given that it does seem to be necessary to make a public display of this -- which presumably removes any plausible deniability if the auto makers do get sued after an accident later, so I can believe it will at least get their attention -- I'm glad it seems to be a responsible group with the right motivations who are starting the ball rolling. If it were just a bunch of lawyers or insurers, the general public could write the campaign off as the signatories just looking out for their own interests.
Problem #1; you can't isolate those systems, in the context of the reason for why they exist.
So, let's look at OnStar, or Hyundai's Bluelink. These are systems that connect to larger infrastructure over public or semi-public communications channels (i.e., cellular) for a variety of purposes. Such purposes include being able to start your car remotely, notify authorities of an accident even if you are incapacitated and unable to call for help (especially in that case, actually) and recover your car in case of theft. All three of those functions inherently require access to engine functions (in a read-write sort of way), GPS, and/or OBD-II data. And you can make a strong argument that many of these things are beneficial from a safety perspective as well. But you can't have them if you isolate the control systems from any other computerized technologies...you absolutely cannot.
On the flip side, you *could* isolate the systems that manage our financial accounts...banking, stocks, pensions...from any other computerized systems. But then you'd lose online banking, bill pay, ability to trade in stocks and other financial instruments without going into an office, etc. But that industry has figured out how to connect things together without the world coming to an end, despite the tremendous opportunity and motivation it provides for criminals. The car industry can figure this out too. I dare say it's easier to figure out how to develop a reference architecture based on the CAN II that is secure than it is to secure all the various interconnections of the financial industry. And it also bears mentioning that once upon a time, the financial industry got egg on their face too for security problems. This is the normal evolutionary process.
The only way around it is to avoid storing sensitive data on the phone.
This must also be an important issue for those that uses phones as security tokens, i.e. banks and other important institutions that sends an SMS with credentials to provide verification - it's a very insecure solution since the phone may have an app that forwards the credentials to a third party that can use this to access the system.
Avoid storing sensitive data...like the phone numbers of other people? Like the text messages you send? Just using this phone...to make phone calls, mind you...results in data being uploaded. I don't see how "not having that data" on your phone is really an option. It's a goddamned phone; you're going to have to use it, some day.
I also seem to remember that Apple got into problems because they were uploading user data without permission.
Nope. They got into trouble because somebody found location data in logs on the phone, and assumed it was being uploaded without actually testing that theory.
Right...and even then, this was location-based information that Apple said the phone wasn't collecting. It could just as easily have been a misunderstanding about underlying software behavior at a low level (or even that the programmer who built it that way didn't even work at Apple any longer) as anything else.
"due to Netflix arbitrarily blocking the Linux build"
i.e., generating a valid page based on detection of a Linux-based USER-AGENT from the browser, to save the user from trying to troubleshoot what has been, until recently, a problem that the user could not fix. Hardly sinister.
It's also trivial to change the pics slightly (change one pixel from black to white, for instance), and completely change the hash so it doesn't match. Thus matching hashes is... less than useful... against an even moderately smart CP'er.
Very true...but the point of any technology is never to be a 100%, totally foolproof approach; that is never possible, with anything. And if only one image in a collection is a match, then you have caught the person who owns it; you don't need to match more than that. Human investigation, at that point, will catch the rest. Going one step further, you don't even need to catch every single person...catch one in a group that have some form of relationship to one another, even just online, and you can round the rest up through a combination of digital forensics and plain-old gumshoe investigation. This tactic also doesn't come at the expense of other means of catching people who trade in child porn...it's a net increase in the availability of means to catch such people.
NCMEC has the collection of actual illegal pictures. They have government permission to have them.
Everyone else (Microsoft, Google, Facebook, etc) just has the list of hash values. Totally legal for them to have.
This system has been public knowledge for at least 3 years. Just google NCMEC and follow the links!
And (since someone always complains) yes, the people running this know what a hash collision is. They are experts with hash functions and image processing.
Let me give a bit of detail to this. NCMEC has a collection of actual illegal pictures, as do the FBI. This, in turn, can be turned into hash/size tuples...which makes it very, very easy to automate searching for content without 1, needing direct human observation of anything but the content that matches a signature, 2, requiring much work on behalf of Google/Microsoft/Apple/, or 3, actually giving pictures of child pornography to the provider. Essentially, it's trivial to repurpose technologies intended for DMCA patrolling/enforcement to this task, and I'd argue that it's a much better use of those technologies than what we've been seeing currently.
...Apple locks users of Windows 8.1 and earlier out of FaceTime.
Wah.
"Idiot", "moron". You sound like a bunch of poor kids struggling in a lousy job economy, hurling insults at a successful man able to afford an Infiniti.
Except it's obviously a ploy by the car makers themselves.
Daring acts (like this scripted advertisement you're all being fooled by) will drive consumer demand for autonomous cars.
I think the word you were going for was "plebeians," there in the title...but maybe I didn't here you correctly.
"Who wants some chimichangas, huh? Best thing I ever did was install this deep fryer in the 'bago."
"Ron, why do you have this bag of bowling balls and this terrarium filled with scorpions?"
"Oh, it's a long, crazy story!"
"Hey, Ron. Cruise control just regulates speed, it doesn't steer."
"Come again?"
And yes...this is EXACTLY what came to mind when I read this
So as I understand it, what's desired is a solution that will just plain work out of the box as soon as you plug it in, and will require no work/help from the users at the other end to keep it working. Teleconference (video and audio) calls need to be auto-answered at the remote end, provided it's the right party calling them; effectively, the remote endpoint needs to have neither control over the system nor responsibility to keep it running. I presume to some degree this is to be able to check up on them and make sure everything is okay, as much as it is for more social uses of telepresence?
So, do this:
1. Send them one of the new "smart TVs" that comes with a webcam built in.
2. Get a job at the NSA.
3. Profit!
Thank you for obeying!
You don't understand Singapore. I know it sounds quite bizarre to a Westerner, but the citizens of Singapore *want* this. This is what they actually value; the common perspective differs, in that they feel that the needs of the society of the whole are greater than those of the individual. This level of control isn't something that they're obeying...it's something that they're desiring, facilitating, embracing. And while I'm with you in my preference of a more Western form of social balance, it's also hard to argue that Singapore is actually a bad place to live or be.
"What could possible go wrong...?"
That's true of pretty much every solution to any problem though...isn't it?
The real question is this...what could possibly go right, by doing nothing?
$23k is nothing but pennies to an oracle shop.
Posting anon as I'm a unix sysadmin in an oracle shop.
Yes, but after becoming an Oracle shop, you don't have any pennies left to spend. And $23K per processor isn't really pennies to anyone. If you're spending the big bucks already, you have tons of processors. If you aren't, then it's massive.
But the real problem here is that it's done by default, regardless of if it's needed at all. So a client ends up spending that money, very likely on something they don't need and don't see any benefit from. Let's assume they have only two machines running Oracle, in high availability mode each running dual processors. At $23K per processor, that's just shy of $100,000 (and if tax is included, it will be over that). What can a company do with $100,000? Quite a lot. Especially if they're small enough that all they need is one database instance. On the other hand...if you take that $100,000 out of their budget, that would result in them having to cut costs elsewhere...perhaps by firing the guy who didn't catch that line item on the bill of materials from Oracle in the first place?
Old programmers never die, they just hit account block limit.
