It's not only about perceived safety from driver abuse, safe driving etc. Regulations are there -- at least in some european countries, like Germany for example -- to ensure a standard of operating safetey, both from technical and commercial point of view.
For example, regulated taxis have stricter requirements with regards to technical maintenance. This is something you generally want! Just think about that for a moment: every time you take a ride, you're otherwise getting into some stranger's car, which could have been checked as long as 23 months ago for technical flaws, and may have been driven for 200.000 km or more during that time (he's a professional driver, being on the streets for a living). May have working safety belts or not, may have working airbags or not, bad tires... Hell, it may not even have properly working brakes for all you know! Not good.
Authorities actually go a long way to ensure that taxis adhere to more reliable technical standards.
Then there is the insurance issue: regardless of how safe, sooner or later an accident will happen. May not be with you in the car, but somebody else... but it's still happening. In that case, you want to be certain the driver is properly insured, and his insurance policy will cover any damage that may occur to you (life-long wheelchair for example?).
This is something that a taxi licence in civilized countries will ensure. Not happening outside the regulations, though.
Want to drive people around? Fine. Check your car as often as required by regulations, buy the proper insurances, respect any other passenger safety measures *and* *document* *that* *process*, then you're good to go. Oh... that costs money? Can't compete with taxis then?...well, guess why!...
Nah, too early. Most people, out of lack of personal experience, aren't yet terrified enough of a totalitatian govt. thus don't quite know why and how to love a proper functioning democracy.
Wait another decade or so, it will be easier then. More bloody, and will require more work, but there'l be more hands to help.
Cheers
Easy: buy a tesla, go to school
on
Let Them Eat Teslas
·
· Score: 1, Insightful
1. Buy a tesla 2. Sell the tesla for 90% of its market value 3. ??? 4. Profit from a government-financed education at 2.95% (minus 10k or so "lost in transaction")
Many of us spend our livelihoods trying to enhance human knowledge and experience and abilities through improved software. Hell, half of us would sign up today for an internet implant chip. What's wrong with improving the wetware directly?
The rules are different, but the problems are the same as in sports with steroids. They start to arise when us others, who for various reasons don't want sign up for "improving the wetware directly", don't have any possibility of leaving normal lives anymore. You want super-powers. That's fine. But first move our society away from competitive living to just living. Take away the "winner takes it all" mentality, so you can have your drugs while I won't have mine.
Why? Because "winning" defined as who's better at "enhance human knowledge and expirience and abilities", "being smarter", "be productive", recognize a novel cure for disease" is just as random as "being a better entertainer at sports" -- life, as we live it, is still a game with a relatively level playing field imposed by society. The ruleset may be a lot more complex than sports, but still it has it's own rules and enforcements. Otherwise, in the absence of rules and enforcement, what would stop me from killing your drug-pumped, better-graded child, in order for my clean, very smart, but slightly less-performant kid to have a chance for University later on, too?
Now, we can argue whether society is such a good concept to have or not, but this is a different debate. At any rate, as long as we have one, we need to make sure that every member of society has a decent chance, not only those who would readily put their long-term health at risk for being more productive. (How much "productive" do you actually need, really, that cannot be archived otherwise? And for what, exactly?)
Regardless of whether it is immoral or not, making it officially legal, society will eventually reach the point where you, if old or sick, will have to justify not the wish to die, but the wish to stay alive until the "natural" end of your days! People will look at you and say "Why aren't you doing all a big favor and kill yourself?"
Write the fingerprint of your certificates in a text file. Sign that file with your GPG key(s) (i.e. keys of 1-2 well known wikileaks members, starting off with Julian would be fine:-). Then publish the signed file.
*sigh* It's even worse than that. IAAP and I was very excited to see this... at first. The article by the way is very well written (serious science - not a crank). The problem is that the data (figure 2 in the arxiv paper - everyone should check this out btw) on which the author hangs all his hopes is seriously noisy (compared to the size of the "kink" that he superposes on the graph). In other words, if you imagine erasing the drawn-in kink, such artifacts occur several places in the data and are generally not above the noise level.
Not necessarily. When analysing experimental data, keep in mind that it's not only the ~5 points of the kink that carry relevant information, it's *all* the points! Thus, the proper way to look at the graph would be to focus first the lower half (up to the kink), and then on the upper half, and see what's changed. If, for example, linear fits to the separate data regions give separate straight lines, this could mean that there is something in the data.
That having been said: although IAAS (I am a scientist), I'm not a transport measurements guy and I'm not familiar with the state-of-the-art methods in this particular experimental technique... The guys improving their experimental technique would certainly not hurt at all, but for now, I'd leave it to the peer reviewers to estimate the relevance of *this* particular graph;-)
I understand your point, but that's no excuse for blowing up civilians.
"With great power comes great responsibility" is a pretty chewed-out phrase, but that's what it boils down to in this kind of "but-they-could-have-been-enemies"-arguments.
Somebody wants to handle guns? Fine. Then find a way to handle them without harming civilians, or GTFO.
You cannot treat military by the same standarts you treat a random person. Whoever has the power to do great damage (e.g. because he's flying an Apache with a 30mm gun on board) cannot afford to proceed with the same carelessnes like you & me would, without that power!
I think there's too many "unbiased" people out there. People shouldn't be unbiased. They should be biased towards justice, fairness, and doing TheRightThing(tm). Killing unarmerd civilians is not TheRightThing(tm), so I'm actually damned glad that WikiLeaks isn't biased, but rather -- for a change -- biased towards the right thing.
In other words: being good is biased, just aswell as being evil is biased. Being unbiased it's not the same as being good, it's being indifferent. And that can be evil, too, given the right circumstances.
Sorry, but you fail to explain one point: where to draw the line between legitimate "police helping" and "show me the warrant"-attitude?
Being asked for help by the police as in in "sir, you're the man next door, have you seen anything suspicious yesterday at the time of shooting", or being a company holding private (as opposed to *public*) information on civil persons and happily handing it out to law enforcement beas a huge difference.
To put it more clearly: would you like your telecommunications company "help out" the police by politely providing any information they might want on *you*? Like persons you talked to, invoices, message transcripstions? No? Thought so. As a matter of facts, there are laws against that (or used to be, at least).
Police, if supposed to be able to access information about you from 3rd-party, has specific devices to do so (i.e. subpoenas etc). For exactly this reason you, as a company holding sensitive information about a person, should not "help" the police unless they have the device to legally force you to!
This is in no way different in the case of a supposedly drug dealer... you don't know the man, you haven't heard his lawyers and his side of the story, and you are by no means a judge. You are a random company, and he is a random customer, and unless law enforcement has specific reasons to gather informations about him (and "specific reasons" are documented by warrants, subpoenas etc), you have no business divulging them private information.
Besides, you're ignoring the point. The real issue here is highlighted by this passage:
But now the IAAF claim that they want to conduct further tests to see if 'she may have a rare medical condition that gives her an unfair advantage.'
Yes, it is. If it's a female (i.e. has the corresponding genitals from birth), then... she is a female. Period.
What's an "unfair advantage"? How about being a 300 pound, 7foot tall hariy-back in heavy-weight boxing? Is that "unfair"? Tough luck. How about being so incredibly fast, that you make the 100m in 9 seconds flat? How about... well, just being a "natural" in whatever sports you're doing? How about having this thing called "talent"? Is that an "unfair advantage", too, if the wrong people win?
The whole point of world championships and olympics is for the best of the best to measure with each other, not for the best of the average. Somebody has an advantage from birth? Well, as long as that's whote Mother Nature gave him (as opposed to 'was engineerd by man, in any way') that advantage... congratulations to him/her/it and good luck with it. And to all the others: get over it. It's not about who trains the hardest, it's about who's the best.
Sounds almost too good to be true. And so far, whenever somthing sounded too good to be true, it was. So, right now I'm just burning to see how Nokia's going to cripple this one...
They think something along the lines of "The internet must not become a law-free space! We must not allow for villains to be able to do their deeds unhindered in this 'internet'!", and, tragically, they actually believe it.
You see, up until recently, "free speech" was only "free as in law permits". If police was to read your snail mail, they did it -- all it took was tearing the envelope apart. If they wanted to listen to your phone conversation, they did it -- all it took was tapto your line. All they had to do is justify it in front of the law one way or the other...
Now, thanks to advanced digital encryption, if you choose to have a private conversation, it is *truly* private. Simply "ripping the envelope" and justifying it afterwards won't do it anymore... What we have now is truly FreeSpeechByTechnology, not FreeSpeechByLaw.
Now. From your point of view, the change is small: You previously thought you could communicate freely (because law guaranteed you to), now you still think you can communicate freely (because technology guarantees you to).
But from the legislative/executive point of view, the scenario changed dramatically: previously, they could, if they chose to, listen to your conversations. Because laws can be broken, bent, or re-designed, in case that it seems fit. However, now, whatever happens, law enforcement cannot listen to your conversations, because proper encryption cannot be broken.
That's what governments are thinking... But that's not the interesting question.
The interesting question is: You understand why even the most liberal western governemnts react as they do at the perspective of not being able to snoop on your communications. Now, what do you learn from this fact about the way the used to be able to snoop on you prior to you being able to properly defend against that? What does it tell you, that, in whatever extent they used to snoop your communications, it makes them this scary to loose that ability, that they feel the need to pass the legislation they do?
From what I've been told (I am a physics major, but I don't work in quantum cryptography as my main activity), there's a bunch of other weaknesses inherent to quantum encryption methods.
For example, qubits are mostly transfered through some optical medium. At the receiving end, at some point, they are detected in one way or the other. "Detecting" means they alter the state of the detector in a measurable way. And there are some ideas (maybe even implementations?) of attacks that try to measure the alteration of the detector immediately after the detection, for example by probing with a laser pulse that follows the qubit pulse.
Now due to some limitations of the physics of light pulses, this is something that, if implemented, is very difficult to defend against, since the light always goes both ways. It is also a kind of attack that could not be implemented against "classic" information transmission channels...
...I really find it interesting that every new technology seems to have its inherent weaknisses at one spot or the other -- kinda feels comfortable to know that "There is no silver bullet" still holds...:-)
"Phonos" are basically "crystal oscillations". Enter the concept of "reciprocal space": it's basically the Fourier transform of the real 3D space, and is very commonly used in solid state physics.
Now as you probably know, a clean frequency (i.e. a sinus wave) in the time domain results to a single peak in the Fourier-Transform (i.e. in the frequency domain). And similar for phonons: a clean crystal oscillation (i.e. a single-frequency sound wave propagating through a medium) in 3D space results in the equivalent of a single, localized "particle" in reciprocal space: a phonon.
And any auditing that (2009) gets signed off without containing change management should never have been signed off in the first place, so again the auditor is clearly at fault.
(I'm asking out of curiosity, not to troll you:-)
Maybe I'm mistaken, but isn't *any* auditing a check of the state? Even a check of a process (for example an audit checking the change strategy) in fact checks the *state* of the rules to be followed when applying a change. Doesn't it?
Now: what's the job of an auditor? Is he (a) to certify that a certain system/proces/whatever meets a given standard, or (b) is he to certify that a system/proces/whatever *is* something? (Think: is "unbreakable"...).
I always thought of an "auditor" as of someone who does (a) -- for security reasons, for quality management, etc...
Now, if a given system meets a given standard and is *certified* as meeting that standard, then the auditor is out of trouble -- isn't he? If the standard is good, then "compliance" is probably pretty well defined and should be (relatively) unamiguously clear whether a system is or is not compliant. In this case, the auditor never laid his head on the line for the *quality* of a given system, or it's fitness for a particular purpose. The auditor "only" signs for compliance with a particular standard, and, if he does his job well, everything else is the standard's or the user's fault.
However, if an "auditor" has to do (b), then... he's basically fsck'ed. Same as (a) for a poorly defined standard....or where's my thinking error?
Should the auditor be liable for mis-certification? Or for the (correctly) certified system not withstanding attacks?
I think people should *very* hard try to distinguish between the two scenarios:
1) An auditor certifies a system as XY-compliant as of [insert date here]. However, it can be demonstrated that the system was *not* XY-compliant at that date.
2) An auditor certifies a system as XY-compliant as of [insert date here]. However, at a later date, the system breaks for some reason. It can be proven that the system was XY-compliant, but for some reason (stupid user interaction?) is not anymore. Or, even better: it can be proven that the system *still* is XY-compliant, but the XY-standard is unfit to defend [insert attack here].
I think in case (1) the auditor should be held liable, since he obviously certified something that didn't meet the promised standards. However, in case of (2), not the auditor is to blame. If the system breaks despite of the certification, then it's not the auditor's fault -- it's how things work, and making a scapegoat out of the auditor is not going to do anybody any good. Even worse, if the system fails to meet standard XY because a stupid user (or admin, for that matter) interaction *after* the certification, then there's no way an auditor could have prevented that -- it's either the user/admin's fault for interfering with a certified system, or the standard's fault for not defining what a user/admin is allowed to do with the system without interfering with its certified qualities.
Call him and ask him if he can send you a box or two.
Purpose of the game: finding vendors that _actually_ have them on stock and will ship them to you. It took me 60 seconds to find 3 vedors, still upon call, all of them had to inform me that they're sorry, but the items were already sold.
It's not that they're impossible to get. But finding a vendor that will actually have some ready to ship the moment you call them is a matter of luck. And most of the vendors can't tell you when they're going to get more of them -- at some point they will, but it's hard to predict stocks of a discontinued product. If you happen to need those films, you may be lucky and have some within 7 days. Or, you may be less fortunate and have some in 6 months.
Slashdot Mirror
It's not only about perceived safety from driver abuse, safe driving etc. Regulations are there -- at least in some european countries, like Germany for example -- to ensure a standard of operating safetey, both from technical and commercial point of view.
For example, regulated taxis have stricter requirements with regards to technical maintenance. This is something you generally want! Just think about that for a moment: every time you take a ride, you're otherwise getting into some stranger's car, which could have been checked as long as 23 months ago for technical flaws, and may have been driven for 200.000 km or more during that time (he's a professional driver, being on the streets for a living). May have working safety belts or not, may have working airbags or not, bad tires... Hell, it may not even have properly working brakes for all you know! Not good.
Authorities actually go a long way to ensure that taxis adhere to more reliable technical standards.
Then there is the insurance issue: regardless of how safe, sooner or later an accident will happen. May not be with you in the car, but somebody else... but it's still happening. In that case, you want to be certain the driver is properly insured, and his insurance policy will cover any damage that may occur to you (life-long wheelchair for example?).
This is something that a taxi licence in civilized countries will ensure. Not happening outside the regulations, though.
Want to drive people around? Fine. Check your car as often as required by regulations, buy the proper insurances, respect any other passenger safety measures *and* *document* *that* *process*, then you're good to go. Oh... that costs money? Can't compete with taxis then? ...well, guess why!...
Nah, too early. Most people, out of lack of personal experience, aren't yet terrified enough of a totalitatian govt. thus don't quite know why and how to love a proper functioning democracy.
Wait another decade or so, it will be easier then. More bloody, and will require more work, but there'l be more hands to help.
Cheers
1. Buy a tesla
2. Sell the tesla for 90% of its market value
3. ???
4. Profit from a government-financed education at 2.95% (minus 10k or so "lost in transaction")
Many of us spend our livelihoods trying to enhance human knowledge and experience and abilities through improved software. Hell, half of us would sign up today for an internet implant chip. What's wrong with improving the wetware directly?
The rules are different, but the problems are the same as in sports with steroids. They start to arise when us others, who for various reasons don't want sign up for "improving the wetware directly", don't have any possibility of leaving normal lives anymore. You want super-powers. That's fine. But first move our society away from competitive living to just living. Take away the "winner takes it all" mentality, so you can have your drugs while I won't have mine.
Why? Because "winning" defined as who's better at "enhance human knowledge and expirience and abilities", "being smarter", "be productive", recognize a novel cure for disease" is just as random as "being a better entertainer at sports" -- life, as we live it, is still a game with a relatively level playing field imposed by society. The ruleset may be a lot more complex than sports, but still it has it's own rules and enforcements. Otherwise, in the absence of rules and enforcement, what would stop me from killing your drug-pumped, better-graded child, in order for my clean, very smart, but slightly less-performant kid to have a chance for University later on, too?
Now, we can argue whether society is such a good concept to have or not, but this is a different debate. At any rate, as long as we have one, we need to make sure that every member of society has a decent chance, not only those who would readily put their long-term health at risk for being more productive. (How much "productive" do you actually need, really, that cannot be archived otherwise? And for what, exactly?)
Germany.
Google for "Störerhaftung", for example.
Regardless of whether it is immoral or not, making it officially legal, society will eventually reach the point where you, if old or sick, will have to justify not the wish to die, but the wish to stay alive until the "natural" end of your days! People will look at you and say "Why aren't you doing all a big favor and kill yourself?"
Write the fingerprint of your certificates in a text file. Sign that file with your GPG key(s) (i.e. keys of 1-2 well known wikileaks members, starting off with Julian would be fine :-). Then publish the signed file.
*sigh* It's even worse than that. IAAP and I was very excited to see this ... at first. The article by the way is very well written (serious science - not a crank). The problem is that the data (figure 2 in the arxiv paper - everyone should check this out btw) on which the author hangs all his hopes is seriously noisy (compared to the size of the "kink" that he superposes on the graph). In other words, if you imagine erasing the drawn-in kink, such artifacts occur several places in the data and are generally not above the noise level.
Not necessarily. When analysing experimental data, keep in mind that it's not only the ~5 points of the kink that carry relevant information, it's *all* the points! Thus, the proper way to look at the graph would be to focus first the lower half (up to the kink), and then on the upper half, and see what's changed. If, for example, linear fits to the separate data regions give separate straight lines, this could mean that there is something in the data.
That having been said: although IAAS (I am a scientist), I'm not a transport measurements guy and I'm not familiar with the state-of-the-art methods in this particular experimental technique... The guys improving their experimental technique would certainly not hurt at all, but for now, I'd leave it to the peer reviewers to estimate the relevance of *this* particular graph ;-)
I understand your point, but that's no excuse for blowing up civilians.
"With great power comes great responsibility" is a pretty chewed-out phrase, but that's what it boils down to in this kind of "but-they-could-have-been-enemies"-arguments.
Somebody wants to handle guns? Fine. Then find a way to handle them without harming civilians, or GTFO.
You cannot treat military by the same standarts you treat a random person. Whoever has the power to do great damage (e.g. because he's flying an Apache with a 30mm gun on board) cannot afford to proceed with the same carelessnes like you & me would, without that power!
Sorry, but no.
I think there's too many "unbiased" people out there. People shouldn't be unbiased. They should be biased towards justice, fairness, and doing TheRightThing(tm). Killing unarmerd civilians is not TheRightThing(tm), so I'm actually damned glad that WikiLeaks isn't biased, but rather -- for a change -- biased towards the right thing.
In other words: being good is biased, just aswell as being evil is biased. Being unbiased it's not the same as being good, it's being indifferent. And that can be evil, too, given the right circumstances.
Good luck with getting your own essay recognized by the wikipedia admins as a "credible source" for a wikipedia article you're writing...
Oops. Sorry. This reply was intended to go for this thread: http://news.slashdot.org/comments.pl?sid=1585088&cid=31507024 ... :-/
Good luck with getting your own essay recognized by the wikipedia admins as a "credible source" for a wikipedia article you're writing...
Sorry, but you fail to explain one point: where to draw the line between legitimate "police helping" and "show me the warrant"-attitude?
Being asked for help by the police as in in "sir, you're the man next door, have you seen anything suspicious yesterday at the time of shooting", or being a company holding private (as opposed to *public*) information on civil persons and happily handing it out to law enforcement beas a huge difference.
To put it more clearly: would you like your telecommunications company "help out" the police by politely providing any information they might want on *you*? Like persons you talked to, invoices, message transcripstions? No? Thought so. As a matter of facts, there are laws against that (or used to be, at least).
Police, if supposed to be able to access information about you from 3rd-party, has specific devices to do so (i.e. subpoenas etc). For exactly this reason you, as a company holding sensitive information about a person, should not "help" the police unless they have the device to legally force you to!
This is in no way different in the case of a supposedly drug dealer... you don't know the man, you haven't heard his lawyers and his side of the story, and you are by no means a judge. You are a random company, and he is a random customer, and unless law enforcement has specific reasons to gather informations about him (and "specific reasons" are documented by warrants, subpoenas etc), you have no business divulging them private information.
Zensursula, HADOPI, Piratpartiet...
What is this, 1985?
Not yet. But don't you worry, we're getting there...
It's Not That Simple.
Besides, you're ignoring the point. The real issue here is highlighted by this passage:
Yes, it is. If it's a female (i.e. has the corresponding genitals from birth), then... she is a female. Period.
What's an "unfair advantage"? How about being a 300 pound, 7foot tall hariy-back in heavy-weight boxing? Is that "unfair"? Tough luck. How about being so incredibly fast, that you make the 100m in 9 seconds flat? How about... well, just being a "natural" in whatever sports you're doing? How about having this thing called "talent"? Is that an "unfair advantage", too, if the wrong people win?
The whole point of world championships and olympics is for the best of the best to measure with each other, not for the best of the average. Somebody has an advantage from birth? Well, as long as that's whote Mother Nature gave him (as opposed to 'was engineerd by man, in any way') that advantage... congratulations to him/her/it and good luck with it. And to all the others: get over it. It's not about who trains the hardest, it's about who's the best.
A nokia phone with a more-or-less-debian on it?
Sounds almost too good to be true. And so far, whenever somthing sounded too good to be true, it was. So, right now I'm just burning to see how Nokia's going to cripple this one...
(Posting this to undo accidental moderation, sorry.)
This is so utterly, completely and doubtlessly wrong, even Middle Ages couldn't have done it worse...
They think something along the lines of "The internet must not become a law-free space! We must not allow for villains to be able to do their deeds unhindered in this 'internet'!", and, tragically, they actually believe it.
You see, up until recently, "free speech" was only "free as in law permits". If police was to read your snail mail, they did it -- all it took was tearing the envelope apart. If they wanted to listen to your phone conversation, they did it -- all it took was tapto your line. All they had to do is justify it in front of the law one way or the other...
Now, thanks to advanced digital encryption, if you choose to have a private conversation, it is *truly* private. Simply "ripping the envelope" and justifying it afterwards won't do it anymore... What we have now is truly FreeSpeechByTechnology, not FreeSpeechByLaw.
Now. From your point of view, the change is small: You previously thought you could communicate freely (because law guaranteed you to), now you still think you can communicate freely (because technology guarantees you to).
But from the legislative/executive point of view, the scenario changed dramatically: previously, they could, if they chose to, listen to your conversations. Because laws can be broken, bent, or re-designed, in case that it seems fit. However, now, whatever happens, law enforcement cannot listen to your conversations, because proper encryption cannot be broken.
That's what governments are thinking... But that's not the interesting question.
The interesting question is: You understand why even the most liberal western governemnts react as they do at the perspective of not being able to snoop on your communications. Now, what do you learn from this fact about the way the used to be able to snoop on you prior to you being able to properly defend against that? What does it tell you, that, in whatever extent they used to snoop your communications, it makes them this scary to loose that ability, that they feel the need to pass the legislation they do?
From what I've been told (I am a physics major, but I don't work in quantum cryptography as my main activity), there's a bunch of other weaknesses inherent to quantum encryption methods.
For example, qubits are mostly transfered through some optical medium. At the receiving end, at some point, they are detected in one way or the other. "Detecting" means they alter the state of the detector in a measurable way. And there are some ideas (maybe even implementations?) of attacks that try to measure the alteration of the detector immediately after the detection, for example by probing with a laser pulse that follows the qubit pulse.
Now due to some limitations of the physics of light pulses, this is something that, if implemented, is very difficult to defend against, since the light always goes both ways. It is also a kind of attack that could not be implemented against "classic" information transmission channels...
...I really find it interesting that every new technology seems to have its inherent weaknisses at one spot or the other -- kinda feels comfortable to know that "There is no silver bullet" still holds... :-)
"Phonos" are basically "crystal oscillations". Enter the concept of "reciprocal space": it's basically the Fourier transform of the real 3D space, and is very commonly used in solid state physics.
Now as you probably know, a clean frequency (i.e. a sinus wave) in the time domain results to a single peak in the Fourier-Transform (i.e. in the frequency domain). And similar for phonons: a clean crystal oscillation (i.e. a single-frequency sound wave propagating through a medium) in 3D space results in the equivalent of a single, localized "particle" in reciprocal space: a phonon.
And any auditing that (2009) gets signed off without containing change management should never have been signed off in the first place, so again the auditor is clearly at fault.
(I'm asking out of curiosity, not to troll you :-)
Maybe I'm mistaken, but isn't *any* auditing a check of the state? Even a check of a process (for example an audit checking the change strategy) in fact checks the *state* of the rules to be followed when applying a change. Doesn't it?
Now: what's the job of an auditor? Is he (a) to certify that a certain system/proces/whatever meets a given standard, or (b) is he to certify that a system/proces/whatever *is* something? (Think: is "unbreakable"...).
I always thought of an "auditor" as of someone who does (a) -- for security reasons, for quality management, etc...
Now, if a given system meets a given standard and is *certified* as meeting that standard, then the auditor is out of trouble -- isn't he? If the standard is good, then "compliance" is probably pretty well defined and should be (relatively) unamiguously clear whether a system is or is not compliant. In this case, the auditor never laid his head on the line for the *quality* of a given system, or it's fitness for a particular purpose. The auditor "only" signs for compliance with a particular standard, and, if he does his job well, everything else is the standard's or the user's fault.
However, if an "auditor" has to do (b), then... he's basically fsck'ed. Same as (a) for a poorly defined standard. ...or where's my thinking error?
Should the auditor be liable for mis-certification? Or for the (correctly) certified system not withstanding attacks?
I think people should *very* hard try to distinguish between the two scenarios:
1) An auditor certifies a system as XY-compliant as of [insert date here]. However, it can be demonstrated that the system was *not* XY-compliant at that date.
2) An auditor certifies a system as XY-compliant as of [insert date here]. However, at a later date, the system breaks for some reason. It can be proven that the system was XY-compliant, but for some reason (stupid user interaction?) is not anymore. Or, even better: it can be proven that the system *still* is XY-compliant, but the XY-standard is unfit to defend [insert attack here].
I think in case (1) the auditor should be held liable, since he obviously certified something that didn't meet the promised standards. However, in case of (2), not the auditor is to blame. If the system breaks despite of the certification, then it's not the auditor's fault -- it's how things work, and making a scapegoat out of the auditor is not going to do anybody any good. Even worse, if the system fails to meet standard XY because a stupid user (or admin, for that matter) interaction *after* the certification, then there's no way an auditor could have prevented that -- it's either the user/admin's fault for interfering with a certified system, or the standard's fault for not defining what a user/admin is allowed to do with the system without interfering with its certified qualities.
Call him and ask him if he can send you a box or two.
Purpose of the game: finding vendors that _actually_ have them on stock and will ship them to you. It took me 60 seconds to find 3 vedors, still upon call, all of them had to inform me that they're sorry, but the items were already sold.
It's not that they're impossible to get. But finding a vendor that will actually have some ready to ship the moment you call them is a matter of luck. And most of the vendors can't tell you when they're going to get more of them -- at some point they will, but it's hard to predict stocks of a discontinued product. If you happen to need those films, you may be lucky and have some within 7 days. Or, you may be less fortunate and have some in 6 months.