I've made no such claim. What I do know is that the remote registry service is set as manual, and remote desktop isn't enabled by default on systems that have it (however, Remote Assistance is, but I won't get into the differences. Google it)
What's to say that even *IF* for some magical reason the governmental barriers to entry for ISP rollouts were removed, what's to say that anyone could even get peering with the rest of the internet? Let alone the IP addresses out of the IPv4 space to even get onto the world wide wibby.
I could see something like the scenario below:
"Hm, I'm going to start my own ISP and run my own fiber and get all linked up to the interwebs. I project over the next 10 years I'll make me $100M big ones, and I'll be able to pay $10M to a tier 2 ISP to link my network up to the tubes."
Meanwhile....at Comcast...
"Hey, Tier 2 ISP, We'll give you $10M per year to make sure that guy isn't able to get peered."
They'll never respond to your post because they don't have an answer. One doesn't exist in their idealized world--only greed, only money.
Another interesting tidbit that they don't quite know: Major cable operators are required by law to do fly-over measurements of signal leakage near airports to make sure that they're not interfering with air traffic controller communications.
Yes, the cable wiring leaks signals into the air. Imagine that. And they have to measure it and file with the FCC to ensure air traffic safety.
Of course, we could get rid of this GOD AWFUL GUBMENT REGULATION and let your planes crash because the pilots got a momentary listen in on Jersey Shore instead of hearing the air traffic controller telling them which runway to land on.
But hey, GET THAT DAMN GUBMENT OUT OF MY BUSINESS!
The amusing thing is that the free market libertarians argue very much like religious people (usually they're one in the same), in that the choices religious people present to you are:
#1) Bask in God's glory and accept Jesus Christ into your heart and be saved. #2) BURN IN THE FIERY PITS OF HELL AND BE TORTURED FOR ALL ETERNITY
Doesn't sound like much of a choice to me, but for them, it is.
Back to the market for a second, the obvious excuse is "Well, if you feel that you cannot do without the service, that means having the service is worth whatever they're willing to charge and whatever you're willing to pay before you'll do without."
But me, I prefer to live in a more modern society, with an elected government body that represent the people. And I want laws that I know are good for *everyone*, not just for a *select few*.
As an iPhone 3G and 4 owner, as someone who follows the security field pretty heavily, I fail to see what this really accomplishes.
#1. Any concerns regarding law enforcement having access to this data is unfounded. They already have access to locating you, they have all sorts of access to your data. They already work with the mobile phone companies to get your position when they want. This extra file has no bearing on that whatsoever.
#2. The file only carries cell tower GPS locations (and I guess wifi access point gps locations?). It doesn't carry signal strength information so from this data alone you cannot use this file to pinpoint your location at any point in time.
#3. The most that anyone can do is infer that your phone (maybe not you) has been at a few miles from whatever points it has logged. Not really that accurate, do you understand how much space that is? How many square miles the data could cover? The same data again can be obtained from your mobile phone carrier by law enforcement officials.
#4. There are so many things wrong with data privacy and data security right now that this isn't that big of an issue. The issues going on with the Playstation network for that matter.
#5. This data is no more or less accurate than attempting to use IP address information to locate your physical person on the internet. For all intents and purposes the data inside this file is anonymous.
#6. My statements regarding "nobody else has access to the phone" is also that nobody else SHOULD have access to your computer. Out of all the shit on your computer that you should be concerned with someone knowing and you're worried about iPhone location data. If they get access to your iPhone backup files, you've got other issues going on.
So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?
Sure it's the person in charge of the IT or the person in charge of funding the IT?
Most problems IT has known about for quite some time, since IT built the systems. They know precisely where the failures could happen and have probably thought of ways to work around them, but it all comes down to funding.
If the person who signs the paycheck says "we aren't doing that" then that's it--done.
In the real world most businesses really don't care about security, particularly SMBs. They are such easy targets it's ridiculous. They pay their tech dude to come in and do a little bit of work, fix things if they're broken, etc.
"I have a virus on my system popping up stuff all the time and blocking my internet" is a case of calling a technician in. "I want you to audit my network for security" is a question they wouldn't even know how to ask and whether or not they should ask, and they really wouldn't know whether or not the auditor did a good job.
Did I mention the technician might just be some local dude who has only ever set up basic linksys devices and worked at geeksquad?
The cost of doing business in an insecure manner is cheaper than the cost of doing business otherwise. And this article obviously shows it. Instead of going after the businesses for doing things in this manner, they're going after the guys driving around pointing it out.
They should charge each of these businesses for stolen credit card information until they get it through their heads they have to follow compliance rules.
I've lived in the US all of my life and have only ever traveled out of the country for a total of about 4 weeks, to Quebec.
I started converting myself to "the rest of the world" a while ago but metric still eludes me. This is largely because of the frames of reference. Celsius was easy to convert to since the only time you ever look at temperature is when you want to know what temperature it is. Same with using a 24 hour clock (which I also use on all of my devices when I can).
However, converting myself to metric is far more difficult. I use "miles" every day without really thinking because my car is "60 miles per hour" on the highway, and I know "it'lll take about a minute to go a mile".
Trying to convert my driving to metric would involve extra conversions I can't really do on the road while driving.
THAT SAID, if the signs were in metric and my speedometer had larger metric numbers it'd be easier to do. It's just the initial "conversion" that's hard when you're reading street signs.
I do convert time regularly to people, temperatures not so much. I usually just say "it's about X degrees" (converted to F) outside, but I don't do the actual raw conversion from Celsius anymore mentally.
What helped with that was using frames of reference rather than a formula:
5C ~ 40F 10C ~ 50F 21C ~ 70F 27C ~ 80F 40C ~ 100F
I just guesstimate everything in between for people:P
It's a lot easier to remember the addresses than you would think. In fact, I find it easier than IPv4. You only have to remember one prefix for everything and subnet off from there.
In many cases, you'll have say, a/64 unless you request more space, so you'll have AAAA:BBBB:CCCC:DDDD::1 for your router (more than likely), and then from there you'll have your clients.
People always use names otherwise, and between mDNS, LLMNR, and DNS you should be able to find the name of the system you're looking for.
You could configure manual addresses for systems on::2,:;3,::4, and so on (though not entirely recommended). A more "secure" method to addressing servers would be to generate a suffix and set it static on the interface.
I love how everyone in here talks about "Web of Trust", but this is making HUGE assumptions on the end user's part:
A) They know what they're looking at. B) They know what they're looking for.
This is a big problem that nobody's recommendation here has seemed to have overcome. You all just assume that they can talk to the bank and know exactly what they're looking for. Like any of you validate your RDP certificates (Windows) or ssh public keys (*nix) when you connect for the first time, seriously? If you do that, you have way too much time on your hands.
The only solution to this that seems sensible is either two-factor authentication via a challenge system, something added to DNSSEC to extend on the authenticity, or as some mentioned in here to have the browser check with multiple CAs. But good luck making someone pay for 2+ signatures to their certificate.
Would you rather them ignore smaller businesses just because they're small?
Your argument makes no sense. Corporations are not *selling* your personal information (as defined by the MA law), so it's not covered. In this case, certain information was compromised (financial details) and that's what they go after.
The RFC for IPv6 provides for temporarily assigned addresses. The original spec required a MAC to be used to generate the 64-bit host address, but that has since been sort of ditched. The best they could trace to is your network ID (either a/48,/56, or/64, or whatever they otherwise decide to do with host networks--right now Comcast provides/64's to their IPv6 testing customers).
That/64 should ideally never change, and will be assigned per customer. So while the specific device can not be found, the network address should make it easier for them to track you. There's nothing known about whether or not they'll rotate network IDs per customer, but I would imagine not.
The only reason it worked out previously was because customers were assigned individual host addresses via V4, which were typically picked up via DHCP just like any computer.
Why should it die a quiet death? Why should it die at all? Dictionaries are extremely useful objects, in a way, a written history of words used in language so that we can teach others or so we may use them again. The very point of a dictionary will never go away, and it's needed.
Do you think it should die a death because of all of the "crazy stuff" they're adding? Back in Shakespeare's time, "luggage" wasn't even a word--yet we use it so frequently today that we assume it has always been proper English.
Let me put it this way. Since the beginning of its creation English has always been a sort of bastardized language which is why we borrowed so many words from other languages and called them our own. "Resume" "fiancee", etc.
I fail to see how the addition of "OMG" "WTF" "LOL" "LULZ" "GTFO" and the like to the Oxford Dictionary should make it lose any credibility and should make it "die a quiet death".
So the real question here is what is the specific distinction between an end user, private company, and an ISP?
It's a very specific line that has to be drawn, but I would imagine it has something to do with whether or not your private business revenue is generated through carrying other peoples' information over their pipes.
I still have yet to experience this "slow to warm up" situation you're talking about and I've been using CFLs since 2003. I'd love to know exactly what you're talking about here.
Slashdot Mirror
I've made no such claim. What I do know is that the remote registry service is set as manual, and remote desktop isn't enabled by default on systems that have it (however, Remote Assistance is, but I won't get into the differences. Google it)
Remote desktop and remote registry aren't on by default in Windows 7.
This makes the rest of your points invalid.
Even more interesting:
What's to say that even *IF* for some magical reason the governmental barriers to entry for ISP rollouts were removed, what's to say that anyone could even get peering with the rest of the internet? Let alone the IP addresses out of the IPv4 space to even get onto the world wide wibby.
I could see something like the scenario below:
"Hm, I'm going to start my own ISP and run my own fiber and get all linked up to the interwebs. I project over the next 10 years I'll make me $100M big ones, and I'll be able to pay $10M to a tier 2 ISP to link my network up to the tubes."
Meanwhile....at Comcast...
"Hey, Tier 2 ISP, We'll give you $10M per year to make sure that guy isn't able to get peered."
They'll never respond to your post because they don't have an answer. One doesn't exist in their idealized world--only greed, only money.
Another interesting tidbit that they don't quite know: Major cable operators are required by law to do fly-over measurements of signal leakage near airports to make sure that they're not interfering with air traffic controller communications.
Yes, the cable wiring leaks signals into the air. Imagine that. And they have to measure it and file with the FCC to ensure air traffic safety.
Of course, we could get rid of this GOD AWFUL GUBMENT REGULATION and let your planes crash because the pilots got a momentary listen in on Jersey Shore instead of hearing the air traffic controller telling them which runway to land on.
But hey, GET THAT DAMN GUBMENT OUT OF MY BUSINESS!
FUCK YEAH! FREE MARKET WINS OUT AGAIN!
YOU TOTALLY HAVE A CHOICE!
But you forgot:
#3) No internet at all
The amusing thing is that the free market libertarians argue very much like religious people (usually they're one in the same), in that the choices religious people present to you are:
#1) Bask in God's glory and accept Jesus Christ into your heart and be saved.
#2) BURN IN THE FIERY PITS OF HELL AND BE TORTURED FOR ALL ETERNITY
Doesn't sound like much of a choice to me, but for them, it is.
Back to the market for a second, the obvious excuse is "Well, if you feel that you cannot do without the service, that means having the service is worth whatever they're willing to charge and whatever you're willing to pay before you'll do without."
But me, I prefer to live in a more modern society, with an elected government body that represent the people. And I want laws that I know are good for *everyone*, not just for a *select few*.
Okay,
Let me explain myself here.
As an iPhone 3G and 4 owner, as someone who follows the security field pretty heavily, I fail to see what this really accomplishes.
#1. Any concerns regarding law enforcement having access to this data is unfounded. They already have access to locating you, they have all sorts of access to your data. They already work with the mobile phone companies to get your position when they want. This extra file has no bearing on that whatsoever.
#2. The file only carries cell tower GPS locations (and I guess wifi access point gps locations?). It doesn't carry signal strength information so from this data alone you cannot use this file to pinpoint your location at any point in time.
#3. The most that anyone can do is infer that your phone (maybe not you) has been at a few miles from whatever points it has logged. Not really that accurate, do you understand how much space that is? How many square miles the data could cover? The same data again can be obtained from your mobile phone carrier by law enforcement officials.
#4. There are so many things wrong with data privacy and data security right now that this isn't that big of an issue. The issues going on with the Playstation network for that matter.
#5. This data is no more or less accurate than attempting to use IP address information to locate your physical person on the internet. For all intents and purposes the data inside this file is anonymous.
#6. My statements regarding "nobody else has access to the phone" is also that nobody else SHOULD have access to your computer. Out of all the shit on your computer that you should be concerned with someone knowing and you're worried about iPhone location data. If they get access to your iPhone backup files, you've got other issues going on.
So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?
Sigh...
We've already made that choice.
Sure it's the person in charge of the IT or the person in charge of funding the IT?
Most problems IT has known about for quite some time, since IT built the systems. They know precisely where the failures could happen and have probably thought of ways to work around them, but it all comes down to funding.
If the person who signs the paycheck says "we aren't doing that" then that's it--done.
THey upgraded the firmware on the PS3s and removed the "Other OS" option, crippling the PSN :P
In the real world most businesses really don't care about security, particularly SMBs. They are such easy targets it's ridiculous. They pay their tech dude to come in and do a little bit of work, fix things if they're broken, etc.
"I have a virus on my system popping up stuff all the time and blocking my internet" is a case of calling a technician in.
"I want you to audit my network for security" is a question they wouldn't even know how to ask and whether or not they should ask, and they really wouldn't know whether or not the auditor did a good job.
Did I mention the technician might just be some local dude who has only ever set up basic linksys devices and worked at geeksquad?
The cost of doing business in an insecure manner is cheaper than the cost of doing business otherwise. And this article obviously shows it. Instead of going after the businesses for doing things in this manner, they're going after the guys driving around pointing it out.
They should charge each of these businesses for stolen credit card information until they get it through their heads they have to follow compliance rules.
I've lived in the US all of my life and have only ever traveled out of the country for a total of about 4 weeks, to Quebec.
:P
I started converting myself to "the rest of the world" a while ago but metric still eludes me. This is largely because of the frames of reference. Celsius was easy to convert to since the only time you ever look at temperature is when you want to know what temperature it is. Same with using a 24 hour clock (which I also use on all of my devices when I can).
However, converting myself to metric is far more difficult. I use "miles" every day without really thinking because my car is "60 miles per hour" on the highway, and I know "it'lll take about a minute to go a mile".
Trying to convert my driving to metric would involve extra conversions I can't really do on the road while driving.
THAT SAID, if the signs were in metric and my speedometer had larger metric numbers it'd be easier to do. It's just the initial "conversion" that's hard when you're reading street signs.
I do convert time regularly to people, temperatures not so much. I usually just say "it's about X degrees" (converted to F) outside, but I don't do the actual raw conversion from Celsius anymore mentally.
What helped with that was using frames of reference rather than a formula:
5C ~ 40F
10C ~ 50F
21C ~ 70F
27C ~ 80F
40C ~ 100F
I just guesstimate everything in between for people
Like other countries don't have states?
It's a lot easier to remember the addresses than you would think. In fact, I find it easier than IPv4. You only have to remember one prefix for everything and subnet off from there.
/64 unless you request more space, so you'll have AAAA:BBBB:CCCC:DDDD::1 for your router (more than likely), and then from there you'll have your clients.
::2, :;3, ::4, and so on (though not entirely recommended). A more "secure" method to addressing servers would be to generate a suffix and set it static on the interface.
In many cases, you'll have say, a
People always use names otherwise, and between mDNS, LLMNR, and DNS you should be able to find the name of the system you're looking for.
You could configure manual addresses for systems on
That's fine, but the security benefits provided for win7 are great. The technical benefits, also great.
OS customization seems to me like painting racing stripes on your car--you may think it's cool, everyone else doesn't care and thinks you're an idiot.
Oh no! You have to use Windows 7! The horror!
There should be no caps--period. Don't sell a 100Mbps internet connection of your service can't handle it. Done.
I love how everyone in here talks about "Web of Trust", but this is making HUGE assumptions on the end user's part:
A) They know what they're looking at.
B) They know what they're looking for.
This is a big problem that nobody's recommendation here has seemed to have overcome. You all just assume that they can talk to the bank and know exactly what they're looking for. Like any of you validate your RDP certificates (Windows) or ssh public keys (*nix) when you connect for the first time, seriously? If you do that, you have way too much time on your hands.
The only solution to this that seems sensible is either two-factor authentication via a challenge system, something added to DNSSEC to extend on the authenticity, or as some mentioned in here to have the browser check with multiple CAs. But good luck making someone pay for 2+ signatures to their certificate.
Would you rather them ignore smaller businesses just because they're small?
Your argument makes no sense. Corporations are not *selling* your personal information (as defined by the MA law), so it's not covered. In this case, certain information was compromised (financial details) and that's what they go after.
It's the first step in the right direction.
The RFC for IPv6 provides for temporarily assigned addresses. The original spec required a MAC to be used to generate the 64-bit host address, but that has since been sort of ditched. The best they could trace to is your network ID (either a /48, /56, or /64, or whatever they otherwise decide to do with host networks--right now Comcast provides /64's to their IPv6 testing customers).
/64 should ideally never change, and will be assigned per customer. So while the specific device can not be found, the network address should make it easier for them to track you. There's nothing known about whether or not they'll rotate network IDs per customer, but I would imagine not.
That
The only reason it worked out previously was because customers were assigned individual host addresses via V4, which were typically picked up via DHCP just like any computer.
Why should it die a quiet death? Why should it die at all? Dictionaries are extremely useful objects, in a way, a written history of words used in language so that we can teach others or so we may use them again. The very point of a dictionary will never go away, and it's needed.
Do you think it should die a death because of all of the "crazy stuff" they're adding? Back in Shakespeare's time, "luggage" wasn't even a word--yet we use it so frequently today that we assume it has always been proper English.
Let me put it this way. Since the beginning of its creation English has always been a sort of bastardized language which is why we borrowed so many words from other languages and called them our own. "Resume" "fiancee", etc.
I fail to see how the addition of "OMG" "WTF" "LOL" "LULZ" "GTFO" and the like to the Oxford Dictionary should make it lose any credibility and should make it "die a quiet death".
So the real question here is what is the specific distinction between an end user, private company, and an ISP?
It's a very specific line that has to be drawn, but I would imagine it has something to do with whether or not your private business revenue is generated through carrying other peoples' information over their pipes.
I still have yet to experience this "slow to warm up" situation you're talking about and I've been using CFLs since 2003. I'd love to know exactly what you're talking about here.
I've had CFLs in closets for a while now. Am I doing something wrong? I think you're confused. We use CFLs in every area of the house now.
I came here just for this, and you delivered. Bravo.