I'm sure this company is more focused on the enterprise angle, but I wonder if the buildout of support for remote attestation could eventually resolve the Linux gaming vs. anti-cheat stalemate. At least for those willing to use a "blessed" kernel provided by Valve or whoever.
I might be behind on the latest counter-counter-counter-measures, but I know some of the leading AC solutions are already using IOMMU to wedge a firewall between passive DMA sniffers and the game processes memory.
> resolve the Linux gaming vs. anti-cheat stalemate
It will.
Then just a bit later no movies for you unless you are running a blessed distro. Then Chrome will start reporting to websites that you are this weird guy with a dangerous unlocked distro, so no banking for you. Maybe no government services as well because obviously you are a hacker. Why would you run an unlocked linux if you were not?
The technology lives on, as Amazon "Just Walk Out". But rather than general grocery stores, it is used for concessions at stadiums and places like that.
I guess it turned out that the need more human intervention than they hoped, so the cost is too high for regular stores. However at places where a premium can be charged for high throughput or a low friction experience then the cost of the human intervention can be recouped.
Just a heads up that only the Amazon Go stores did the "just walk out" shopping thing. Amazon Fresh stores were pretty much just regular grocery stores. They had shopping carts with the self-checkout built in, but that was the extent of the technology.
There was a concept Amazon Fresh store with “Just Walk Out” technology on Capitol Hill in Seattle. They closed it down a couple of years back but the brand was absolutely Amazon Fresh.
> It shall be unlawful for an employment agency to fail or refuse to refer for employment, or otherwise to discriminate against, any individual because of such individual's age, or to classify or refer for employment any individual on the basis of such individual's age.
I don't see any wiggle room for outsourced decision making to remove the responsibility for the outcome.
The left results are contemporary, the right are decades old. That includes editions of the same book --- surely the newer edition is going to be preferred by most readers.
I guess. That's not immediately clear to me. However, browsing around on Google Books suggests to me that it is the corpus which changed, not the algorithms.
> surely the newer edition is going to be preferred by most readers.
Why? Where different editions exist, the reader will want to know which one they're getting, but they're unlikely to systematically prefer newer editions.
But also, Google Books isn't aimed at "readers". You're not supposed to read books through it. It's aimed at searchers. Searchers are even less likely to prefer newer editions.
> they're unlikely to systematically prefer newer editions
That seems wrong to me. Generally when a new edition of something is put out it's (at least nominally) because they've made improvements.
("At least nominally" because it may happen that a publisher puts out different editions regularly simply because by doing so they can get people to keep buying them -- e.g., if some university course uses edition E of book B then students may feel that they have to get that specific edition, and the university may feel that they have to ask for the latest edition rather than an earlier one so that students can reliably get hold of it, so if the publisher puts out a new edition every year that's just different for the sake of being different then that may net them a lot of sales. But I don't think it's true for most books with multiple editions that later ones aren't systematically better than earlier ones.)
> But I don't think it's true for most books with multiple editions that later ones aren't systematically better than earlier ones.
Most books with multiple editions are books that have been translated multiple times. It is definitely true that later translations aren't systematically better than earlier ones.
The law doesn't work like that. First of all, the actual regulation that gets made probably has a definition of VPN and won't rely on a company self-describing as VPN. Secondly law enforcement and courts aren't idiots*
* well, many of them are. But not in the particular way that would be needed for a simple rename to work.
True if you are being technically rigorous. However the "VPN" services being targeted are already what would be more accurately described as a "secure proxy". So whatever regulation gets drafted will certainly be done so to cover "secure proxies", even if it uses the term "VPN".
What quid pro quo? Is there an allegation that the FBI gave Microsoft something in exchange?
As far as I can see this particular case is a straightforward search warrant. A court absolutely has the power to compel Microsoft to hand over the keys.
The bigger question is why Microsoft has the recovery feature at all. But honestly I believe Microsoft cares so little about privacy and security that they would do it just to end the "help customers who lose their key" support tickets, with no shady government deal required. I'd want to see something more than speculation to convince me otherwise.
That doesn't sound right to me. This obfuscation isn't about a side-channel on a crypto implementation, this is about literally when your keystrokes happen. In the right circumstances, keystroke timing can reduce the search space for bruteforcing a password [1] but it's overstating to describe that as broken encryption.
I'm baffled about this "security feature". Besides from this only being relevant to timing keystrokes during the SSH session, not while typing the SSH password, I really don't understand how can someone eavesdrop on this? They'd have to have access to the client or server shell (root?) in order to be able to get the keystrokes typing speed. I've also never heard of keystroke typing speed hacking/guessing keystrokes. The odds are very low IMO to get that right.
I'd be much more scared of someone literally watching me type on my computer, where you can see/record the keys being pressed.
Anyone who can spy on the network between the client and server can see the timing. This includes basically anyone on the same LAN as you, anyone who sets up a WiFi access point with a SSID you auto-connect to, anyone at your ISP or VPN provider, the NSA and god knows who else.
And the timing is still sensitive. [1] does suggest that it can be used to significantly narrow the possible passwords you have, which could lead to a compromise. Not only that, but timing can be sensitive in other ways --- it can lead to de-anonymization by correlating with other events, it can lead to profiling of what kind of activity you are doing over ssh.
So this does solve a potentially sensitive issue, it's just nuanced and not a complete security break.
I might be out of the loop, but are agents actually out there buying stuff from "unwilling" vendors at any significant scale? I thought that was still mostly limited to opt-in partnerships with retailers. Still, eBay might be anticipating the issues you mentioned and trying to get ahead of them.
Not commonly known (I work in this space), but yes.
Agents are being used to automate things like non-cash account balance arbitrage, stacking and abusing marketing promotions, triangulated purchasing schemes, and purchase-refund arbitrage schemes at an increasingly large scale.
They may have an inkling that the big LLM companies will want to pay for future/past data... I imagine either Google or OpenAI has something predictive and shopping-related in the books.
Right -- this seems more of a protective measure than something they will proactively enforce.
If you have a well-behaved agent that uses a browser to buy on eBay, I doubt that will cause issues. But if it leads to issues, they can point to that clause instead of having to help repair the issues caused by someone else's software.
reply