Farm produce is physical, and you can protect your field physically from stealing in ways that do not affect the legal end-user of your product.
Not really. If the thieves have enough fire power you won't be able to stop them. The only reason we don't have anarchy, where everyone just take everything that they want, is because we have government, police, and the law. Why should the government protect the farmer but not the artists?
If the thieves have enough firepower, the government won't be able to stop them either. That's actually the root cause of the whole discussion: powerful corporations or groups of corporations (RIAA, Monsanto, the banks, the defense industry, the energy industry, take your pick) forcing their will on the government. Giving those thieves MORE power is probably not the answer to the woes of the little guy.
If you're creating something that can quite frankly be duplicated and up to every person in the world be given a copy, at the cost of duplication less than pennies, then what you're doing isn't worth much. Even if it's creative. Even if it's otherwise unique.
I have to disagree on the details with you there. The limitless duplication makes it difficult if not impossible to rely on scarcity once the original has been created, but it may well be so that no-one else could produce the original if you didn't. In that sense the good is still scarce - if the potential creator decides not to make it, then the good will never be available, even if there is in fact serious demand for the product.
Therefore there are potential business models for such goods where you get a (group of) consumers to advance the cost of creating the good.
If I was a farmer struggling with people stealing from my fields, what would you suggest I do? Hold on tight or bail? Or just stop worrying so much about the potential loss? Surely not?
Farm produce is physical, and you can protect your field physically from stealing in ways that do not affect the legal end-user of your product.
Not this. Stop worrying so much about the potential loss of potential profit. It's being treated as some kind of national security issue.
Ignoring the problem is not going to feed my family.
Doggedly continuing to do something that doesn't make any money isn't going to feed your family either, nomatter how much you would like to make a living doing what you love. I sympathise, it sucks, but like steam-engine maintenance some types of work just don't have the remunerative power they might have once had.
The answer is to swap governments - the Dutch elect the Greek government and the Greeks elect the Dutch government, for example. The electorate is sufficiently detached to evaluate the choices more dispassionately, but have sufficient incentive to be diligent as they know if they really cock it up they'll be shafted in turn.
Close, actually. IMHO all parties ("both parties" for you USians) should agree together to stand down to form a time-limited technocratic austerity government. This would be a sacrificial government - the political parties can be certain these guys don't get re-elected because the measures necessary will be deeply unpopular.
And if we're REALLY lucky, the people will actually prove the original political parties wrong in the next election and re-elect some of the more successful technocrats.
I'm no security expert, but humor me and point out the flaws in my logic below.
Disabling access after X tries might be enough where the token to uniquely identify access is relatively well-defined, like say your ATM card, and disabling access for that user doesn't de-facto terminate the system (i.e. other ATM users can still use the machine with their credentials after it eats your card).
For admin-access to such systems over the internet it's dangerous to disable the admin account after X tries, because then you lose remote administration functionality of a potentially critical system. "Ah, but you can reset with physical access" you will say - yes, true, but this is a critical system they put *on the internet* in the first place, for better or worse, probably because physical access to that system is pretty difficult for the poor sod designated the "administrator" (disused lavatory, beware of leopard, etc.). Who knows how long the system will be offline for administration until the first opportunity for physical access.
The disabling of (admin) access after X tries also effectively creates a DOS attack against that system. I don't know the login procedure of this particular type of system, but assuming it's username/password, you could DOS the system by spamming all kinds of *usernames* with X repetitions of the wrong password to disable them. Preventing the DOS attack would require hard-to-brute-force usernames - the username becomes the secret, not the password.
It's probably also possible to spoof session identifiers for a hacker to evade repetition detection.
I think the SCADA system can only lose in this kind of scenario, unless they have a password that is very hard to crack within its valid timespan. Or until they finally figure out that putting critical systems online with weak passwords or account disabling is probably not such a good idea.
Are outputs matching estimates for time? Are programs being deployed/shipped on schedule? Are bug report rates with in acceptable ranges? etc...
There is one metric that matters: Is it making money? If you want to get fancy, add Could it be making more money? Everything else is window dressing. (Assuming of course that you're not working in a "cost center" development department, and taking into account regulatory affairs)
Personally I am always happy with the guy who can get things done with one line of code instead of a hundred, but what I really care about is that objective is met and we don't have a host of bugs that require 10 times the cost of the development just to maintain. Its not hard stuff but it does require common sense and a hard nosed attitude both of which can be scarce commodities these days.
I am also REALLY happy to have "that guy" that has absolutely shit productivity, but somehow manages to pick up on every time a "solution" is proposed by the rest of the team to a problem that doesn't exist or doesn't matter, and stops THEM from being really efficient at doing the wrong thing. I'm also really happy to have "that girl" that doesn't seem to really be doing anything, but take her out of the team and everyone else starts floundering because she's actually constantly helping them be a lot more productive.
"Meeting the objective" is actually potentially just as bad as any other metric, because it depends on how you define the objective, and meeting it. What the customer asked? What the customer wanted? Or what the customer actually needed?
Minecraft is proof nobody cares that an ugly Java applet game can use 100% of the resources on a moderately high-end computer. We've come so far in performance and software just keeps getting less efficient.
I don't know man - it sounds like a really efficient and fun way to earn 50 million dollars.
Are atomic weapons still needed ? i think they aren'T.
Perhaps we should ask Pakistan, China, and North Korea. And Iran. And India. Who else? Rogue Soviet sympathisers?
You could argue that maybe those nations wouldn't be so trigger-happy to get a nuke if they weren't constantly being threatened by the other guys who already have nukes. But yeah, genie, bottle, cat, bag, all that stuff. It would be nice if we could get a global agreement to settle all conflicts by a good Unreal Tournament Deathmatch, but it's not going to happen.
Few hiccups? Obviously you only use Flash on Windows. For those of us who use OS X, Linux, or mobile devices, hiccups are normal. It's gotten better but it hasn't been exactly smooth.
My experience of using Flash has been on various flavours of Windows starting with Win2K, on OS X and on Linux (on an Atom netbook even). I've had fewer niggles with flash across those platforms than annoying differences in browser rendering. I know the plural of anecdote is not data, and I have no idea how much work has gone into the flash I've used to make sure they do work across platforms, but it *did* work *for me*.
Yeah, not including support for a proprietary, third-party plug-in rife with performance issues and security vulnerabilities is definitely the same thing as pumping a new market with a free product funded by revenues from the monopoly product.
Actually, no, it's not. Not at all.
IMHO there's not that big a cognitive gap between using a position of power to bundle something to damage a competitor, or using that position of power to specifically disallow the competitor. The effect is the same.
Also, for all its faults Flash is/was widely supported with relatively few hiccups, and for my particular purposes the hardware acceleration for 3D graphics in Flash 11 was a very big deal for cross-platform & mobile 3D.
Now the only conclusion I can make is that the web will not be the platform for me in the medium-term future, and I think that's a shame.
You do realize that Google (among _many_ others) are heavily behind HTML5 as well, right? Though Apple championed it, they are far (FAR) from the only company involved in HTML5 development and deployment.
Of course I realize that - what I mean is that I fear for a large chunk of the market how it works on iOS will be the benchmark. In that scenario, if Apple decides to be quirky that quirk will end up being the de-facto standard for HTML5. If Apple decides that some part of the evolution of HTML5 doesn't fit into their business model, that part will fail to gain traction. I'm thinking specifically of some form of hardware accelerated 3D (and 2D) for browsers, which seems to now be a lost cause with Microsoft and Apple dropping WebGL, and Adobe taking their mobile Flash 11 ball and going home.
In the moment Apple chose not to include Flash support in the iPhone, Flash on mobile devices was doomed. The period between then and now was just the death throes.
In a way the situation reminds me of the days when Microsoft killed Netscape by bundling IE. I have visions of years of subpar HTML5 support driven by Apple iOS "quirks", and holding off on HW acceleration on the web just as it seemed to start gaining traction with Flash 11 and WebGL.
Maybe Google can still make a dent with NaCL.
I don't see why you think that's funny - we're talking capital-S security with DARPA here. Relying on encryption to keep your broadcasted-to-anyone-in-the-neighborhood data safe is clearly strictly less secure than not broadcasting your data in the first place.
And don't think that I'm limiting myself to WiFi when I mean "broadcasting" - just audio could be enough to compromise security: https://freedom-to-tinker.com/blog/felten/acoustic-snooping-typed-information.
Slashdot Mirror
Farm produce is physical, and you can protect your field physically from stealing in ways that do not affect the legal end-user of your product.
Not really. If the thieves have enough fire power you won't be able to stop them. The only reason we don't have anarchy, where everyone just take everything that they want, is because we have government, police, and the law. Why should the government protect the farmer but not the artists?
If the thieves have enough firepower, the government won't be able to stop them either. That's actually the root cause of the whole discussion: powerful corporations or groups of corporations (RIAA, Monsanto, the banks, the defense industry, the energy industry, take your pick) forcing their will on the government. Giving those thieves MORE power is probably not the answer to the woes of the little guy.
If you're creating something that can quite frankly be duplicated and up to every person in the world be given a copy, at the cost of duplication less than pennies, then what you're doing isn't worth much. Even if it's creative. Even if it's otherwise unique.
I have to disagree on the details with you there. The limitless duplication makes it difficult if not impossible to rely on scarcity once the original has been created, but it may well be so that no-one else could produce the original if you didn't. In that sense the good is still scarce - if the potential creator decides not to make it, then the good will never be available, even if there is in fact serious demand for the product.
Therefore there are potential business models for such goods where you get a (group of) consumers to advance the cost of creating the good.
If I was a farmer struggling with people stealing from my fields, what would you suggest I do? Hold on tight or bail? Or just stop worrying so much about the potential loss? Surely not?
Farm produce is physical, and you can protect your field physically from stealing in ways that do not affect the legal end-user of your product.
Not this. Stop worrying so much about the potential loss of potential profit. It's being treated as some kind of national security issue.
Ignoring the problem is not going to feed my family.
Doggedly continuing to do something that doesn't make any money isn't going to feed your family either, nomatter how much you would like to make a living doing what you love. I sympathise, it sucks, but like steam-engine maintenance some types of work just don't have the remunerative power they might have once had.
The answer is to swap governments - the Dutch elect the Greek government and the Greeks elect the Dutch government, for example. The electorate is sufficiently detached to evaluate the choices more dispassionately, but have sufficient incentive to be diligent as they know if they really cock it up they'll be shafted in turn.
Close, actually. IMHO all parties ("both parties" for you USians) should agree together to stand down to form a time-limited technocratic austerity government. This would be a sacrificial government - the political parties can be certain these guys don't get re-elected because the measures necessary will be deeply unpopular.
And if we're REALLY lucky, the people will actually prove the original political parties wrong in the next election and re-elect some of the more successful technocrats.
I'm no security expert, but humor me and point out the flaws in my logic below.
Disabling access after X tries might be enough where the token to uniquely identify access is relatively well-defined, like say your ATM card, and disabling access for that user doesn't de-facto terminate the system (i.e. other ATM users can still use the machine with their credentials after it eats your card).
For admin-access to such systems over the internet it's dangerous to disable the admin account after X tries, because then you lose remote administration functionality of a potentially critical system. "Ah, but you can reset with physical access" you will say - yes, true, but this is a critical system they put *on the internet* in the first place, for better or worse, probably because physical access to that system is pretty difficult for the poor sod designated the "administrator" (disused lavatory, beware of leopard, etc.). Who knows how long the system will be offline for administration until the first opportunity for physical access.
The disabling of (admin) access after X tries also effectively creates a DOS attack against that system. I don't know the login procedure of this particular type of system, but assuming it's username/password, you could DOS the system by spamming all kinds of *usernames* with X repetitions of the wrong password to disable them. Preventing the DOS attack would require hard-to-brute-force usernames - the username becomes the secret, not the password.
It's probably also possible to spoof session identifiers for a hacker to evade repetition detection.
I think the SCADA system can only lose in this kind of scenario, unless they have a password that is very hard to crack within its valid timespan. Or until they finally figure out that putting critical systems online with weak passwords or account disabling is probably not such a good idea.
Are outputs matching estimates for time? Are programs being deployed/shipped on schedule? Are bug report rates with in acceptable ranges? etc...
There is one metric that matters: Is it making money? If you want to get fancy, add Could it be making more money? Everything else is window dressing. (Assuming of course that you're not working in a "cost center" development department, and taking into account regulatory affairs)
Personally I am always happy with the guy who can get things done with one line of code instead of a hundred, but what I really care about is that objective is met and we don't have a host of bugs that require 10 times the cost of the development just to maintain. Its not hard stuff but it does require common sense and a hard nosed attitude both of which can be scarce commodities these days.
I am also REALLY happy to have "that guy" that has absolutely shit productivity, but somehow manages to pick up on every time a "solution" is proposed by the rest of the team to a problem that doesn't exist or doesn't matter, and stops THEM from being really efficient at doing the wrong thing.
I'm also really happy to have "that girl" that doesn't seem to really be doing anything, but take her out of the team and everyone else starts floundering because she's actually constantly helping them be a lot more productive.
"Meeting the objective" is actually potentially just as bad as any other metric, because it depends on how you define the objective, and meeting it. What the customer asked? What the customer wanted? Or what the customer actually needed?
Second, writing code for future use is always harder than writing code specific to the problem. .
It's nearly always wrong, too. YAGNI. You Ain't Gonna Need It.
You are in a maze of twisty little claims, all alike. It's pitch black. You are likely to be eaten by a patent or copyright lawyer.
Dude, that's awesome! You should patent that...
It's not as awesome as it sounds. Random people come up to mod me troll by poking me in the chest.
No, he said "on a tshirt"
My t-shirt displays my recent slashdot comments.
esreveR s'kcamraC?
Minecraft is proof nobody cares that an ugly Java applet game can use 100% of the resources on a moderately high-end computer. We've come so far in performance and software just keeps getting less efficient.
I don't know man - it sounds like a really efficient and fun way to earn 50 million dollars.
Or for the tropical fish department of PetsMart.
What were we talking about?
I usually pronounce that "ghoti".
Are atomic weapons still needed ? i think they aren'T.
Perhaps we should ask Pakistan, China, and North Korea. And Iran. And India. Who else? Rogue Soviet sympathisers?
You could argue that maybe those nations wouldn't be so trigger-happy to get a nuke if they weren't constantly being threatened by the other guys who already have nukes. But yeah, genie, bottle, cat, bag, all that stuff. It would be nice if we could get a global agreement to settle all conflicts by a good Unreal Tournament Deathmatch, but it's not going to happen.
Few hiccups? Obviously you only use Flash on Windows. For those of us who use OS X, Linux, or mobile devices, hiccups are normal. It's gotten better but it hasn't been exactly smooth.
My experience of using Flash has been on various flavours of Windows starting with Win2K, on OS X and on Linux (on an Atom netbook even). I've had fewer niggles with flash across those platforms than annoying differences in browser rendering. I know the plural of anecdote is not data, and I have no idea how much work has gone into the flash I've used to make sure they do work across platforms, but it *did* work *for me*.
Yeah, not including support for a proprietary, third-party plug-in rife with performance issues and security vulnerabilities is definitely the same thing as pumping a new market with a free product funded by revenues from the monopoly product.
Actually, no, it's not. Not at all.
IMHO there's not that big a cognitive gap between using a position of power to bundle something to damage a competitor, or using that position of power to specifically disallow the competitor. The effect is the same.
Also, for all its faults Flash is/was widely supported with relatively few hiccups, and for my particular purposes the hardware acceleration for 3D graphics in Flash 11 was a very big deal for cross-platform & mobile 3D.
Now the only conclusion I can make is that the web will not be the platform for me in the medium-term future, and I think that's a shame.
You do realize that Google (among _many_ others) are heavily behind HTML5 as well, right? Though Apple championed it, they are far (FAR) from the only company involved in HTML5 development and deployment.
Of course I realize that - what I mean is that I fear for a large chunk of the market how it works on iOS will be the benchmark. In that scenario, if Apple decides to be quirky that quirk will end up being the de-facto standard for HTML5. If Apple decides that some part of the evolution of HTML5 doesn't fit into their business model, that part will fail to gain traction. I'm thinking specifically of some form of hardware accelerated 3D (and 2D) for browsers, which seems to now be a lost cause with Microsoft and Apple dropping WebGL, and Adobe taking their mobile Flash 11 ball and going home.
In the moment Apple chose not to include Flash support in the iPhone, Flash on mobile devices was doomed. The period between then and now was just the death throes.
In a way the situation reminds me of the days when Microsoft killed Netscape by bundling IE. I have visions of years of subpar HTML5 support driven by Apple iOS "quirks", and holding off on HW acceleration on the web just as it seemed to start gaining traction with Flash 11 and WebGL.
Maybe Google can still make a dent with NaCL.
By forcing the 'net underground they ultimately encourage truly free speech.
Damn. Here I was hoping they'd be encouraging sonar-vision.
Har har.
I don't see why you think that's funny - we're talking capital-S security with DARPA here. Relying on encryption to keep your broadcasted-to-anyone-in-the-neighborhood data safe is clearly strictly less secure than not broadcasting your data in the first place.
And don't think that I'm limiting myself to WiFi when I mean "broadcasting" - just audio could be enough to compromise security: https://freedom-to-tinker.com/blog/felten/acoustic-snooping-typed-information.
(try to prevent wifi dual-homing, I dare you).
Physically remove WiFi capability from your system?
All the C programmers are busy over at bufferoverflow.com
And the C++ programmers are still linking - but it will be so much faster when it's done!
That last guy has the greatest name ever.
Don't know about best, but Goodenough.