While I agree with your statement about removal of the video, the part on antisemitism in France is BS.

The recent uptick of antisemitism in France has nothing whatsoever to do with the ban on sale of nazi memorabilia (which is, btw, banned in Germany and many other countries as well), but with the war in Gaza. The people who attacked the Jewish stores and places of worship in the recent riots are mostly young Arabs (and there are plenty of them here in France due to the French involvement in Northern Africa, Lebanon, etc in the past) and various militant pro-Palestine groups.

I suggest that you practice your own advice - if you are not exposed to it (or too ignorant to actually know when to check the facts), shut the hell up.

Mod parent up, please, this is spot on. You do this sort of "research" when you need to justify that the expensive toys you bought are actually used for something.

When I have seen the list of sensors they are sticking on the user, this has nothing to do with anything even remotely practical (have you seen a typical EEG sensor cap or eye tracker?). All the researchers are doing is running the test subject through a battery of experiments and classifying few measured values, based on some correlations - in an artificial setting.

This completely ignores the complexity of the problem - such as the biggest problem being constant interruptions from managers and colleagues, distractions in a noisy cubicle, bad specs, poor/inadequate tools, and many other issues. What they are proposing is basically a Clippy on steroids with a ton of expensive sensors. Such papers are published a dime a dozen (google "assistive agents" for example), not sure why exactly this one got picked out as somehow interesting.

Mod parent up, please, this is spot on. You do this sort of "research" when you need to justify that the expensive toys you bought are actually used for something.

When I have seen the list of sensors they are sticking on the user, this has nothing to do with anything even remotely practical (have you seen a typical EEG sensor cap or eye tracker?). All the researchers are doing is running the test subject through a battery of experiments and classifying few measured values, based on some correlations - in an artificial setting.

This completely ignores the complexity of the problem - such as the biggest problem being constant interruptions from managers and colleagues, distractions in a noisy cubicle, bad specs, poor/inadequate tools, etc. What they are proposing is basically a Clippy on steroids with a ton of expensive sensors. Such papers are published a dime a dozen (google "assistive agents" for example), not sure why exactly this one got picked out as somehow interesting.

Except that the article *was not* about chips being reprogrammed at the factory ...

Yes? And how does that sort of tool help you install rogue backdoor? You can at best hide some files on the drive. Which you can pretty much do anyway, without any hardware hacking. It is not like you can convert the flash drive into a keylogger that will transmit captured data to NSA with it.

Nope. While these chips are common both are way too expensive for mass-produced hardware. Practically every microcontroller has a version with USB interface today and most of mass produced gear doesn't use these - an FTDI bridge is around $1/pop at quantity, that's crazy for an $20-40 end-user price item.

Anyhow, FTDI chips cannot be reprogrammed - you can modify their settings, but the are only an UART/I2C/SPI-to-USB bridge, they don't do anything by themselves. And that something uses e.g. an Atmel AVR chip (actually really rare, they are very expensive for the capabilities they have) doesn't mean that the programming pins are *actually hooked up* to something that is USB-accessible. Some may have the DFU bootloader, but typically they would have the firmware locked. You are way more likely to find various ARM micros and cheap Chinese clones of MCS'51 series these days, but again, that the chip is programmable doesn't mean it could be reprogrammed by the host system!

I would love to see malware that will reprogram a mask-programmed blob in a common throwaway hardware. Or a microcontroller in a webcam that doesn't even have the programming pins (typically some sort of ISP or JTAG) connected to anything USB accessible (or not even connected at all, at best to some test pads).

A typical USB stick or a webcam don't have hardware to permit firmware upgrades, even though the silicon inside could be theoretically upgradable. Not to mention that the exploit would have to be written specifically for the target hardware - different processors, memory layout, USB interface, etc - all that would make it really hard to produce a generic malware. If you want to see what is involved in something like that, look at the article on hacking HDD controllers:
http://spritesmods.com/?art=hd... And that is a harddrive, which are produced by only few manufacturers, have relatively standardized interfaces and controllers. Now imagine having to do that sort of reverse engineering on every type of harddrive in common use if you wanted to write a reasonably effective malware (e.g. a data stealing worm). It is much easier to exploit some Windows bug or use a phishing scam than this.

So yes, this is potentially a threat, but panicking over your USB sticks or webcams going rogue on you is vastly overblown. This could be an issue for a very targeted attack where the benefits of compromising e.g. a keyboard of a high value target will outweigh the effort required, but not really anything else. And that assumes that the keyboard is actually able to be updated! It would be probably simpler to just send an operative in and install e.g. a keylogger ...

Oh and they mention the "BadBios" story ... Nobody was ever able to confirm that apart from the original very confused researcher.

The entire article is harping on 3rd-party ad network libraries stealing personal data and phoning tracking info home. As these are libraries and developers are re-using open source libraries, then it follows that "Open source is no free lunch" and is stealing your data. What a majestic leap in logic!

They conflate open source libraries with various ad-network code stealing personal data, basically trying to portrait open source code as being responsible for it. Never mind that the ad-network code is almost never open source.

Granted, OSS is certainly not bug-free, but the spyware has little to do with it.

What a load of ...

This is "news" only to people who don't have a clue how research works - and usually the ones setting the publication criteria - like "you have to publish 2 journal papers per year" for an assistant professor (fresh post-doc or a PhD student), along with all the teaching load, of course. I was teaching 10 different courses (!) one semester and was still expected to actually do research half of my time and to publish those 2 journal papers.
Never mind that shepherding a journal paper through the review process and publication takes a year or two on average alone, plus you have to actually have something to publish to begin with. Even conference papers can take 6 months to publish and you must attend them as well (but nobody wants to pay for that!).

The prolific "publishers" are mostly professors that are heads of labs. They are not actually doing any of the work themselves. It is the young PhD students and post-docs who are slaving away in the lab, writing the papers and then put the name of the prof on the paper as a coauthor. It is a very common practice, basically giving a nod to the prof for paying their salary and letting them graduate. If you have a large lab with 20 PhDs who write 1-2 papers a year, that's alone 40 papers for the prof's CV annually. Then you get invited to contribute to various book chapters (again PhD students write that), you get invited lectures and what not - all that counts as publications.

The young researchers have absolutely no chance to break through in such competition where the number of publications is a criteria. You can have two very good papers but when you apply for an academic job, you have no chance against a guy with 40+ (no matter that most of them are the same thing publishes under different names or it isn't really their work). Unfortunately, that often leads to BS publications - like doing few minor changes and publishing the same work several times in different venues, publishing obvious, non-interesting "results" in minor, often in-house workshops or conferences, in the worse cases even scientific fraud and various misconduct - all for the sake of getting that number of publications up. It is only your job and chance for tenure that is at stake.

I have left university pretty much because of this - with no/not enough publications no chance to get a permanent position, but no chance to get those papers published if all you are doing is teaching teaching and more teaching (even though I love teaching). And when not teaching you are doing paperwork and trying to justify your own existence to various clueless bureaucrats every few months so that they don't cut your funding again. That's not exactly a situation where you can do research.

I do wonder how this is going to stop someone from smuggling an explosive on board. It is vastly easier to conceal some nasty payload inside of a bulky laptop than inside of a battery. And it could still even work as a laptop - a brick of a plastic explosive the size of a disk drive or a secondary battery would be enough to cause a huge problem on board, without preventing the laptop from booting up and working.

And that is still assuming someone would actually want to bother with this - the guy with explosive underpants certainly didn't need a working battery ...

Mind boggling stupidity.

Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.

Some references:
https://www.techdirt.com/artic...
http://arstechnica.com/tech-po...

etc.

These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.

ARM doesn't build chips, thus no drivers neither. That falls on the silicon vendors - TI, Broadcom, Samsung, etc. They are a pure-IP licensing company.

BTW, their Mali GPUs have open source drivers.

How does this surprise anyone? After Ubisoft CEO calling PC users "pirates" (http://www.rockpapershotgun.com/2012/09/05/ubisoft-drm-piracy-interview/), always-on DRM required on PC, Ubisoft changing focus to consoles because of piracy (http://www.tomshardware.com/news/ubisoft-guillemot-E3-games-piracy,6152.html) and more and more of similar vibe coming out of the Montreal's company over the recent years. They don't give a crap about PC and ideally they wouldn't publish for it all if they could, as it is only an extra expense and liability for their piracy obsessed CEO.

They are obviously crippling their PC titles to both push people away from the platform towards the consoles and to not undermine the sales of their console versions at the same time, because PC can outperform the consoles without too much hassle. If the PC version looked significantly better, the console players would cry foul, having paid the same money but getting inferior product. If everything looks like the same crap, players will not think about it twice.

Any PC gamer still buying Ubisoft's stuff is a masochist.

Actually, it is being sold in reverse - you buy the DS1074Z for e.g. $500 and you get the basic scope as specced + some 50 hours of demo of extra features that would normally drive the cost to those $1500 if you buy all of them. You try whether you like them and if you do, you pay for the options (or use a keygen - Rigols were hacked long time ago).

However, if you are buying one of these from a shady dealer somewhere at a hamfest being sold out of a car boot and without doing your homework, you get what you pay for. I want the thing to have at least calibration and warranty, so I buy it from a proper dealer - that's where I have got mine from a month ago (for ~500 EUR, VAT included: http://ovio-scope.com/index.ph... ).

Actually the new DS1074Z is $500 bucks now (got one recently), the -S version with the built-in sig gen is $800. The old DS1052E is still being sold for about $400 new, but the DS1074Z is a much better deal - 4 channels, much faster waveform update, larger sample memory, intensity graded display, etc. It is more comparable to the 2000 series than the old DS1000 one.

I think it is pretty comparable with the low end Agilents also (which are actually rebadged Rigols sold for higher price - Rigol is OEM for Agilent).

The Agilent 2000 series is a higher class instrument, then you are in the $2000+ price category.