This is especially true given that the insane climb in zero-day prices in recent years has largely been driven by governments starting to buy them up as weapons. You cannot outbid entities that are able to both tax and print money, it's simply impossible. All that would do is result in the NSA spending more on zero days to ensure they still win, and bankrupt a lot of useful software companies.
I used to be in that business, I'll tell you
Some of the Fortune 1000 crowd have their data flagged. If you have access to a service that provides such information, and you search for say "Bill Gates", there will be a shitstorm.
We were told by some 3rd party data sources that we were contractually obliged to maintain a list of "high profile" people, so those searches would always return empty. I pushed them for who "high profile" was. Bill Gates was obvious, because that was the reason the conversation came up. Theoretically, the list should include the Fortune 1000 crowd, and anyone who shows up in the news. They couldn't provide parameters, so that obligation wasn't possible to fulfill.
And on that specific search, they weren't searching for the obvious Bill Gates of Microsoft. It was someone with the same name in another state on an authorized background check.
The amount of data that I was exposed to was absolutely insane. Pretty much, I could tell you stuff about yourself that you may not even remember, plus your neighbors, relatives, romantic partners, and people you associate with. It was down to your hobbies, shopping habits, and even photos and messages from social media.
fuel for the launch vehicle.
That's the #1 reason. If we had infinite thrust with no fuel consumption, we could put up
This puppy can withstand two failures and keep on truckin
Looking at the design, and the images, the front left wheel is actually pretty rough. In the linked story, look at the bottom half of the 9th picture. The metal has split almost half way across. It may end up digging into the softer sand, and could catch on rocks.
They'd have a better chance driving it backwards, letting that wheel drag along. That won't work very well though, since all the gear is on the front.
Who are you talking to?
You know, talking to yourself may be a symptom of an underlying disorder. Have you talked with your psychiatrist lately?
SRB's should have never been there. This was design-by congress. It's the reason the shuttle failed, ultimately; it never delivered what it promised (cheap, reusable payloads to orbit; dual-use, cross-range capability). And it was so unsafe, they had to stop flying it, and were never able to afford to follow-through on developing successors (like X-33).
Since the data is unique to a time & place and irreplaceable, it would completely destroy the reproducibility aspect of the scientific process.
This gets tricky in some fields, however. I work in a field where generating the data is a notoriously difficult and haphazard process, subject to many non-experimental variables, such that the use of a different pipette or stock solution can make the difference - or even just the speed of the researcher's manual labor. Temperature and humidity play a role too, and these are not as precisely calibrated as one might like. So if an experiment is performed at 8pm on a Saturday night by a grad student in Colorado, there is no guarantee that a postdoc in Singapore will be able to do the same thing based on reading the paper. (Actually, from past experience, there's no guarantee that the original experimenter will be able to reproduce it either!) But the data may be just as good, and they're difficult to fake, and they're deposited in a public database. Since everyone in the field is accustomed to the complexities of the process and we have decent archival policies, this problem is accepted as a fact of life.
I am quite certain that some of my (published) results from grad school would be difficult at best to reproduce exactly. I stand by my data - and am happy to share them - but it is always troubling to wonder if someone else in a different environment would have reached different conclusions.
On several occasions I have tried to get data from researchers. Most of them guard their data jealously
I should note that this almost certainly violates the terms of publication for most journals, and possibly the terms of their research grants as well. I actually had one professor complain to me that it was "his" data and I had no right to it - conveniently ignoring the fact that he (like me) was being funded by taxpayers (albeit in different countries). My views on this subject aren't particularly radical - I do think scientists should be allowed to keep data private until they publish (or give up) - but any academic researcher with this kind of attitude needs to find a new job.
For some projects the NIH has gone even further and said that data need to be publicly archived immediately, regardless of publication plans. This is problematic for most fields, but at least the funding agencies are being militant about this.
We let a bunch of 1 percenters, who themselves barely know how or care to read, sponsor draconian copyright laws to stop eeryone from copying all that stuff, just on the off chance that they might copy a bunch of songs or movies that are outmoded within two years. And the commercial scienrific pulishers are some of the worst.
Commercial scientific publishers do indeed tend to be bottom-feeders, but if I'm understanding the article correct, they're not the root cause here - the issue is not that articles are being lost, it's that the underlying data used to generate them are lost. The journals can't help with that, because they're in the publication business, not the data archival business. We're talking about some grad student's lab notebook that contains the raw numbers used to generate a box plot, which then gets thrown out by mistake the next time the lab moves, or when the professor retires, etc.
Many fields (genomics, structural biology) have mandatory data-deposition policies that ensure that the raw data is available to everyone, without charge (except for patents on commercial uses, but that's a separate rant). The problem here tends to be that we're usually archiving derived data, which is still a lot better than nothing at all, but limits the types of analyses that can be done.
Er, my Nexus 5 doesn't have any advertising or "scumware" on it out of the box, as far as I can tell. What are you talking about?
The card readers that I've worked with do their encoding at the reader. They should only be showing the user (the clerk) something like the last 4 digits, if anything.
From what others said, based on the vague information released, it sounds like the card readers had firmware updates that allowed this to happen.. I still see two tremendously troubling things.
1) If it was someone in-house who did that, how the hell were they allowed to do that.
2) Even if the firmware captured all the card, why was it allowed to send out to a 3rd party destination. If it's all on private circuits, they simply wouldn't have a way to talk out. Obviously, they did, or else it wouldn't have been a breech.
Remember to keep that 50' 18 gauge extension cord running, that you're using to charge your new Tesla, under it. It helps keep the garage smelling nice.
If you're thinking of the RNG thing, actually some banks did still have the logs which is why they were able to identify the problem in the first place. But yes not all banks are so careful.
Don't get me wrong. It's good that people research EMV, and the task isn't easy. I respect the Cambridge team for that reason. But when they talk to the media or about their work in general, they act as if friendly fraud doesn't exist and EMV is just one giant scam by banks. That's ridiculous. "Friendly fraud" (that's the technical term for it) where the consumer defrauds the bank/merchant is not only a thing, but a highly prevalent and measurable thing. EMV protects sellers by shifting payment security to the buyer, who is typically the one who can most affect it, by keeping their PIN safe. It's not OK that banks don't seem to be pen-testing their own systems aggressively enough, although of course as the system is closed we don't know about the mistakes their own development teams did catch. But it's not useless, and nor is the liability shift. After all, in commerce it takes two to tango.
You mean the system that is processing many, many orders of magnitude more transactions that bitcoin? So many that bitcoin as it currently exists couldn't even begin to handle them without major overhaul?
The amount of mining done is irrelevant to transaction loads, it essentially controls the risk ratios for any given specific transaction that might be reversed. You get the same level of security for the same amount of mining regardless of whether that mining protects 100,000 transactions or 10 million.
Bitcoin can fairly easily scale to loads experienced by existing payment networks. PayPal only handles about 40-50 transactions per second, it's not very much. Visa does more like 10,000 per second, which a solid multi-core server could easily chew through with good optimisation of the software: processing a Bitcoin transaction is a lot cheaper than rendering your average PHP-driven, complicated database backed webpage. You can read a back of the envelope analysis of how Bitcoin scales here.
It's hilarious how its proponents have zero sense of perspective about their favourite little toy.
I think it's rather sad (not hilarious) how its detractors have zero understanding about how the system actually works, but decide to trash it anyway.
AFAIK with Chip-and-PIN, you would need a lot more time with the card, some expensive hardware, and some reverse-engineering skills instead of just click-the-copy-button skills.
Actually it's better than that. Nobody knows how hard it is to clone an EMV card because I'm pretty sure it's never been done (by the non-banking industry). All the attacks on EMV that have been mounted are things like obscure protocol attacks that could be detected by the bank, attacks on very old first generation cards that didn't have CPUs inside them, attacks on weak random number generators inside ATM's and the other sorts of attacks you'd expect to see on an enormous and widely deployed cryptographic system. There have been a few amusingly convoluted social engineering schemes as well.
Some say EMV is the largest crypto system in history, larger even than SSL, and that would not surprise me. But what nobody has reported so far is cloned cards (at least not cloned DDA cards which is what most of the industry is using now for some time already).
The idea that EMV is broken or security theater is an idea pushed by exactly one group, AFAIK, the research group at Cambridge. They've done great work researching flaws in the system and ensuring public sector bug research keeps up with the criminal worlds research, but they also love making dramatic press releases and getting their names on TV, so every time they discover a new (invariably patchable) weakness, they declare it's game over and the entire system is worthless. Not so.
It could go down either for porn or "hate speech", which Cameron is wasting no time adding to the filters. The lulz will be heavy then.