Speaking of cross platform, I wrote a program in perl that works on OSX, Solaris, OpenSolaris, AIX, Linux (Ubuntu, RedHat, etc).
The main problem I'm facing is the Linux distros don't generally include libraries that allow my program to easily make https connections (http works).
Compiling the https stuff for each and every distro (and significant version) and bundling them sucks.
I'm not aware of many ways around it. I need the stuff to be able to run on as many OSes and OS versions as possible, and the download package should not be huge.
So how do you deal with all this cross platform stuff? Do you compile for each and every target platform?
The mobile devices (pagers, portable gaming devices, phones, laptops, tablets, prosthetic brains) are the ones that will be squeezed into one device. And that's where the extinctions will be.
Most people don't want to carry so many extra portable devices.
So if you had a prosthetic brain that did everything a phone did (and more: virtual telepathy, virtual telekinesis), you would be tempted to not carry a phone - especially if the antenna wasn't passing near any important organs;).
Whereas you may still keep a home server around to control your home and make all that virtual telekinesis stuff possible.
Some people would still want high performance too: rendering low-latency real time stereoscopic 3D graphics on wall-sized screens would likely still take more CPU/GPU power than available in a portable computing device.
Uh you're ignoring this fact: if those fanboys ignore the facts and continue buying AMD it certainly helps AMD more than if those fanboys started buying Intel instead.
I don't plan to buy an AMD CPU for my future machine (unless AMD really pulls something amazing out of the bag - yeah right), but someone has to. If it's AMD fanboys doing the buying, what's your big problem with that?
My concern is if AMD goes poof, Intel might not be so focused on making CPUs faster.
The problem with communism (Marx/Engels version) is that violent revolution is part of the Communist Manifesto's implementation plan for Communism: http://www.gutenberg.org/cache/epub/61/pg61.html
The Communists disdain to conceal their views and aims. They openly declare that their ends can be attained only by the forcible overthrow of all existing social conditions.
In most violent revolutions the person willing and capable of exerting the most violence ends up at the top. Most such people do not give up their power once at the top.
That's why communist (and other violent) revolutions tend to end up as dictatorships.
Only a few cases (e.g. the American Revolution) are the exceptions. I'm no expert but I think the American Revolution was quite different when compared to most "communist revolutions". Seems to me that much of each state's structure was maintained rather than overthrown.
I would actually prefer to be shot in the leg than be permanently blinded by a 1 watt laser. I can still do my job without a leg, it's lot harder if I'm blind. Same goes for much recreation.
There is also a high chance the leg injury would heal. It won't be complete but I would likely be able to still walk. Retinas don't heal as well.
It's not hard to blind people with such a laser. You don't need to be very accurate: at 50 metres the beam diameter is 7.7cm. 100 metres = 15.2 cm. It is easy to conceal, makes no noise, there is little warning - your targets may not notice the misses till they get blinded.
A gun has a more limited supply of bullets. The Norway guy got 69 people because he dressed in a police uniform and tricked people into surrounding him before he started shooting them.
You can not negate the danger of a firearm by closing your eyes or wearing protective glasses.
You can be blinded before you close your eyes.
If you're in the habit of walking around with your eyes closed, getting blinded isn't going to affect your lifestyle so much. The rest of us prefer being able to see stuff.
Which protective glasses are you going to wear all the time? There are blue 1 watt lasers out there and now there are green ones. There are 300mW red green and purple ones already. Going around viewing stuff via video cameras is not practical for the rest of us.
Yes. That's my point. In practice it can be worse than a machine gun which runs out of bullets.
Go ask around and most people would rather get shot than get permanently blinded.
The Norway attack guy managed to kill 69 people but he tricked many of them to gather around him.
In contrast it's much easier to blind hundreds of people with a high powered laser. I'm not going to say how given the numbers of idiots and scum about.
For most people, the CA thingy doesn't save them. Since: 1) When they get MITM'ed they still won't notice because some hacker pwned yet another "Diginotar", or the Gov made a CA sign stuff for them (or because they are ignorant and clickthrough;) ). 2) Half of them get phished/trojaned anyway;).
Call me cynical but all this CA stuff just seems to be about money and not about security.
Because the browser bunch could have made their browsers warn users if the CA changes or the server cert changes way too early. But after so many years from the first complaint/bug report (sorry I'm not going to dig the report out) only Google has this year done something about it - certificate pinning (and so far only for their own stuff).
So we have to resort to 3rd party stuff like Certificate Patrol to protect ourselves from the crappy state of things.
Things could actually be better, but it's all about money - the EV bullshit is bullshit (go find the CA with the least rigorous EV validation, and voila). Certs expiring after 1 year cause more problems than they solve.
Alice works at Yoyodyne, Inc. She has to make a business trip to Iran/China/your favourite not very trustable country. Bob the Yoyodyne sysadmin generates a CA cert, gives it to Alice with a fingerprint.
But Alice still does not get warned when a pwned "Diginotar" or "RandomCA" signs yoyodyne.com for the spooks in Iran/China.
Isn't the whole point of all the "security" is so that Alice gets a warning against MITM attacks when she goes to such "hostile" places? Otherwise what's the point? So that Bob and Alice feel good about it?
It's not a hypothetical attack as the diginotar and comodo cases have shown.
If you delete all other CAs you're in effect making Alice have the "self-signed" cert experience. You're ending up with something that's very like a pure "self-signed" environment (the yoyodyne CA might as well be self-signed). In which case you should now realize that with the current browsers the real-world CA system is not more secure than self-signed;).
Yes you can use a plugin like I do, but I was talking about the default browser scenario.
Because everyone is going "OH NOES SELF-SIGNED IS INSECURE!" when the truth is there's no real difference in practice.
Except the CA method just makes more people feel good (albeit usually for $$$).
Yeah it's like an easily concealed fully-automatic machine gun that can fire continuously for one to two hours till the battery runs out, with an "effective range" of up to 149 metres (see NOHD).
AND any idiot/scum with 1000 bucks can buy it and use it, no need for a license or training.
It doesn't actually do direct lethal damage but anyone who thinks this is fine is either stupid or ignorant (or is already blind and has no nonblind entities he/she cares about).
There are already idiots/scum with high powered lasers. In one case, some spectators were shining high powered lasers at the opposing team's players in football match. I'm not sure how high powered they were, but those players certainly noticed and complained. They eventually lost the match, but I don't blame them, I would refuse to play in such conditions. I would actually recommend that the match be called off or boycotted. Not worth permanent eye damage.
In fact in such a situation, a CA outside of the control of your enemies might be your best bet of remaining secure
WRONG! Because most browsers don't warn you if _ANY_ CA (recognized by your browser) in the control of your enemies signs the site's certs. It just takes ONE out of the dozens, does not matter which CA! Recent versions of Google Chrome warn you but only for google's stuff (certificate pinning: http://www.imperialviolet.org/2011/05/04/pinning.html ).
Whereas if you can get the fingerprint of the self-signed cert from some other channel (e.g. get a friend outside the country to tell you), you will know if it is different from expected.
If it is always different from expected, you know you just can't use the site or ISP (which will be the same problem for the CA cert case).
Whereas if the fingerprint is correct you can use the site while it is OK, because most browsers by default will warn you the very moment the self signed cert changes. This is not true for the pwned CA signed cert situation (assuming default browser behaviour).
In contrast, even if you took the trouble to verify the CA signed cert fingerprint via a friend, it does not help - the cert could change later but the browser will NOT warn you!
Anyway if your skull shape is ugly, shaving it all off isn't that great an option either. I've seen people who unfortunately do "need" hair, while others look pretty good without hair.
But how do you know whether the first, second, third, fourth, Xth CA signed cert you got is a good one?
What if the CA signed cert you got was actually created by the hacker? By default most browsers won't warn you, as long as the cert is signed by ANY of the dozens of CAs accepted by your browser[1] (I personally use Certificate Patrol so I am more likely to be warned in such situations - cert changed CA and changed way before expiry).
Seems a worse situation than the self-signed cert - where you can choose not to do any security sensitive stuff till you confirm that the self-signed cert doesn't change over time and over different ISP connections (and your email to the bank gets an appropriate response). If the hacker has MITM'ed the bank's internet connection and nobody (including the bank and their customers) has noticed even after a few days or a week, then it might not make a big difference - the hacker probably has pwned the bank in other ways.
Even with a CA signed cert I still had to email my bank to confirm it, because the cert changed from a single host cert to a multiple host cert for multiple countries, signed by a different CA (remember: most browsers by default would not warn you in such a situation). Are you so confident that it would still be OK to login and do transactions in that situation?
So what's the big difference in security? If you talk about "normal users" there's no difference. Normal users can get pwned just because the hacker gives the bank the user's mother's maiden name as the "security answer" or other corporate idiocy. Or they'll get pwned because they got phished. Or they'll get pwned because they won't know that the valid CA signed cert is actually invalid.
If you talk about people who actually care and know about security, there is no real difference either - because they will still have to do extra checks.
[1] Firefox recognizes many dozens of CAs. Windows/IE recognizes any CA that has their cert signed by Microsoft or other appropriate installed CA, so even if the CA cert isn't listed at first, it will automatically get added (try deleting a CA root cert and watch it get readded when you visit their site using IE via https). Google Chrome on Windows by default recognizes any CA that IE recognizes (good luck;) ).
Given the crappy CAs (and banks[1] out there), it really makes no difference.
The difference is with self-signed certs your vulnerability is the first time you connect to the bank's home page. And if you're paranoid you could try to connect to the bank's home page via different ISPs on different days. If they're the same over a few days and there's no "hacker pwns bank" news, things should be OK.
Whereas with the current state of CA crappiness, your vulnerability is ANYTIME.
The main reason why certs change is because there is artificial scarcity - the certs expire very regularly. So you get all these changes that make it hard for you to know whether something has gone wrong or not.
Yes you can have stuff like Certificate Patrol telling you that the cert's CA has changed. But even then, how would you know if that's OK or not? I've had sites keep alternating certs with different CAs. And I've still had to email a bank to ask whether their cert was good or not (because the cert changed from a one site cert to a cert for multiple sites for multiple countries signed by a different CA - so how would you know whether it's OK or not? Just because other people have the same problem (Convergence's approach)?.
Yes employees change companies, but do companies change/revoke their CA signed server certs the very moment "someone" changes jobs? So what's the big difference?
If the certs rarely changed, and the banks stuck to their CA and got CAs to revoke their certs when "stuff happens", and browsers warned users if the cert changed for no good reason even if signed by a valid CA, then sure the CA method would be better than self-signed certs.
But meanwhile self-signed certs could actually be safer in many scenarios.
[1] Attackers could just hack the bank via social engineering or other means.
I don't know if it works for your bank, but I've let my bank know that I'm travelling to "Country X", so that they don't disable my credit card if I try to use it there. Nowadays I don't bother though...
The tank can move soon after firing. And because of the armour you need usually need a direct hit or a lot of firepower to take out with "near misses".
It is very expensive so you wouldn't want to waste it on just one or two tanks. But I doubt tanks normally roam far away from their supply chains - they can't "live off the land". So there will likely be situations where you have many tanks and vehicles together whether moving or stationary.
The camouflage cloak might help protect tanks against this sort of stuff.
But to me the future would likely be making an elite class of infantry "cyborg tanks". They won't be as tough as tanks but they won't be big noisy sitting ducks, and they can take out tanks more easily than vice versa. If you can power an armoured suit with petrol/diesel or even cooking oil/carbohydrates then a soldier with such a suit could carry a lot more firepower, armour and other stuff, while having a high degree of mobility and stealth.
Well the first books I read on programming when I was a 7+ year old kid were the very good Apple II manuals: Apple II Reference Manual The Applesoft Tutorial Applesoft II Basic Programming Manual (See: http://www.classiccmp.org/cini/systems.htm ) I have no regrets reading and even studying them. Learnt a lot: BASIC programming, 6502 machine code (and programming), hardware, I/O. Unfortunately the reference manual didn't provide the cycle timings of the 6502 instructions so I had to figure them out via trial and error. The cycle timing is important for stuff like sound and disk I/O (Apple II disk I/O and control is done mainly in software). By the time I was 8 years old I was modifying games to add features, and later modifying prontodos to try to make disks harder to copy, and disk muncher to copy copy-protected disks more easily;).
The other programming book I had no regrets reading was "Learning Perl" (the Llama book).
That's as stupid as saying every bug in a car should be treated equally.
For some car flaws you issue a recall and fix it ASAP (e.g. brakes might fail to work). For others you might go "meh" (e.g. indicator lights have visibly different timings depending on whether you signal left or right).
Slashdot Mirror
Speaking of cross platform, I wrote a program in perl that works on OSX, Solaris, OpenSolaris, AIX, Linux (Ubuntu, RedHat, etc).
The main problem I'm facing is the Linux distros don't generally include libraries that allow my program to easily make https connections (http works).
Compiling the https stuff for each and every distro (and significant version) and bundling them sucks.
I'm not aware of many ways around it. I need the stuff to be able to run on as many OSes and OS versions as possible, and the download package should not be huge.
So how do you deal with all this cross platform stuff? Do you compile for each and every target platform?
The stationary computers aren't going to vanish.
;).
The mobile devices (pagers, portable gaming devices, phones, laptops, tablets, prosthetic brains) are the ones that will be squeezed into one device. And that's where the extinctions will be.
Most people don't want to carry so many extra portable devices.
So if you had a prosthetic brain that did everything a phone did (and more: virtual telepathy, virtual telekinesis), you would be tempted to not carry a phone - especially if the antenna wasn't passing near any important organs
Whereas you may still keep a home server around to control your home and make all that virtual telekinesis stuff possible.
Some people would still want high performance too: rendering low-latency real time stereoscopic 3D graphics on wall-sized screens would likely still take more CPU/GPU power than available in a portable computing device.
Uh you're ignoring this fact: if those fanboys ignore the facts and continue buying AMD it certainly helps AMD more than if those fanboys started buying Intel instead.
I don't plan to buy an AMD CPU for my future machine (unless AMD really pulls something amazing out of the bag - yeah right), but someone has to. If it's AMD fanboys doing the buying, what's your big problem with that?
My concern is if AMD goes poof, Intel might not be so focused on making CPUs faster.
Intel are already doing stuff like this: http://hardware.slashdot.org/story/11/08/14/1515221/Intel-To-Offer-CPU-Upgrades-Via-Software
Basically Intel can now mess about while waiting for AMD to catch up.
http://slashdot.org/comments.pl?sid=2416784&cid=37329250
Shut up dude.
We need AMD alive (I hope I don't have to explain why). But I'm not going to buy inferior CPUs. So someone _else_ has to buy them.
So you should stop going around trying to convince the fanboys that AMD is inferior.
The problem with communism (Marx/Engels version) is that violent revolution is part of the Communist Manifesto's implementation plan for Communism: http://www.gutenberg.org/cache/epub/61/pg61.html
The Communists disdain to conceal their views and aims.
They openly declare that their ends can be attained only by
the forcible overthrow of all existing social conditions.
In most violent revolutions the person willing and capable of exerting the most violence ends up at the top. Most such people do not give up their power once at the top.
That's why communist (and other violent) revolutions tend to end up as dictatorships.
Only a few cases (e.g. the American Revolution) are the exceptions. I'm no expert but I think the American Revolution was quite different when compared to most "communist revolutions". Seems to me that much of each state's structure was maintained rather than overthrown.
If you delete all the other CAs when Alice goes to gmail, ebay, amazon etc she will get the self signed experience.
;)
If you don't delete the other CAs, it just takes the pwning of one of them to MITM Alice.
So are you really proposing that users delete all CAs except for one CA? Which CA or CAs should they keep? None = self signed.
The CAs and browser makers priorities sure have made things rather crap right?
I would actually prefer to be shot in the leg than be permanently blinded by a 1 watt laser. I can still do my job without a leg, it's lot harder if I'm blind. Same goes for much recreation.
There is also a high chance the leg injury would heal. It won't be complete but I would likely be able to still walk. Retinas don't heal as well.
It's not hard to blind people with such a laser. You don't need to be very accurate: at 50 metres the beam diameter is 7.7cm. 100 metres = 15.2 cm. It is easy to conceal, makes no noise, there is little warning - your targets may not notice the misses till they get blinded.
A gun has a more limited supply of bullets. The Norway guy got 69 people because he dressed in a police uniform and tricked people into surrounding him before he started shooting them.
You can not negate the danger of a firearm by closing your eyes or wearing protective glasses.
You can be blinded before you close your eyes.
If you're in the habit of walking around with your eyes closed, getting blinded isn't going to affect your lifestyle so much. The rest of us prefer being able to see stuff.
Which protective glasses are you going to wear all the time? There are blue 1 watt lasers out there and now there are green ones. There are 300mW red green and purple ones already. Going around viewing stuff via video cameras is not practical for the rest of us.
The FAA says the number of incidents where people point lasers at aircraft has nearly doubled from 2009 to 2010: http://fastlane.dot.gov/2011/06/civil-penalties-for-laser-strikes.html
There are already idiots/scum with high powered lasers - this is one more weapon for them.
Yes. That's my point. In practice it can be worse than a machine gun which runs out of bullets.
Go ask around and most people would rather get shot than get permanently blinded.
The Norway attack guy managed to kill 69 people but he tricked many of them to gather around him.
In contrast it's much easier to blind hundreds of people with a high powered laser. I'm not going to say how given the numbers of idiots and scum about.
For most people, the CA thingy doesn't save them. Since: ;) ). ;).
1) When they get MITM'ed they still won't notice because some hacker pwned yet another "Diginotar", or the Gov made a CA sign stuff for them (or because they are ignorant and clickthrough
2) Half of them get phished/trojaned anyway
Call me cynical but all this CA stuff just seems to be about money and not about security.
Because the browser bunch could have made their browsers warn users if the CA changes or the server cert changes way too early. But after so many years from the first complaint/bug report (sorry I'm not going to dig the report out) only Google has this year done something about it - certificate pinning (and so far only for their own stuff).
So we have to resort to 3rd party stuff like Certificate Patrol to protect ourselves from the crappy state of things.
Things could actually be better, but it's all about money - the EV bullshit is bullshit (go find the CA with the least rigorous EV validation, and voila). Certs expiring after 1 year cause more problems than they solve.
Alice works at Yoyodyne, Inc. She has to make a business trip to Iran/China/your favourite not very trustable country.
Bob the Yoyodyne sysadmin generates a CA cert, gives it to Alice with a fingerprint.
But Alice still does not get warned when a pwned "Diginotar" or "RandomCA" signs yoyodyne.com for the spooks in Iran/China.
Isn't the whole point of all the "security" is so that Alice gets a warning against MITM attacks when she goes to such "hostile" places? Otherwise what's the point? So that Bob and Alice feel good about it?
It's not a hypothetical attack as the diginotar and comodo cases have shown.
If you delete all other CAs you're in effect making Alice have the "self-signed" cert experience. You're ending up with something that's very like a pure "self-signed" environment (the yoyodyne CA might as well be self-signed). In which case you should now realize that with the current browsers the real-world CA system is not more secure than self-signed ;).
Yes you can use a plugin like I do, but I was talking about the default browser scenario.
Because everyone is going "OH NOES SELF-SIGNED IS INSECURE!" when the truth is there's no real difference in practice.
Except the CA method just makes more people feel good (albeit usually for $$$).
Yeah it's like an easily concealed fully-automatic machine gun that can fire continuously for one to two hours till the battery runs out, with an "effective range" of up to 149 metres (see NOHD).
AND any idiot/scum with 1000 bucks can buy it and use it, no need for a license or training.
It doesn't actually do direct lethal damage but anyone who thinks this is fine is either stupid or ignorant (or is already blind and has no nonblind entities he/she cares about).
There are already idiots/scum with high powered lasers. In one case, some spectators were shining high powered lasers at the opposing team's players in football match. I'm not sure how high powered they were, but those players certainly noticed and complained. They eventually lost the match, but I don't blame them, I would refuse to play in such conditions. I would actually recommend that the match be called off or boycotted. Not worth permanent eye damage.
In fact in such a situation, a CA outside of the control of your enemies might be your best bet of remaining secure
WRONG! Because most browsers don't warn you if _ANY_ CA (recognized by your browser) in the control of your enemies signs the site's certs. It just takes ONE out of the dozens, does not matter which CA! Recent versions of Google Chrome warn you but only for google's stuff (certificate pinning: http://www.imperialviolet.org/2011/05/04/pinning.html ).
Whereas if you can get the fingerprint of the self-signed cert from some other channel (e.g. get a friend outside the country to tell you), you will know if it is different from expected.
If it is always different from expected, you know you just can't use the site or ISP (which will be the same problem for the CA cert case).
Whereas if the fingerprint is correct you can use the site while it is OK, because most browsers by default will warn you the very moment the self signed cert changes. This is not true for the pwned CA signed cert situation (assuming default browser behaviour).
In contrast, even if you took the trouble to verify the CA signed cert fingerprint via a friend, it does not help - the cert could change later but the browser will NOT warn you!
So tell me again which situation is safer?
Yes it is. Unless you go for some of the samurai hairstyles: http://en.wikipedia.org/wiki/Chonmage
Which look like male pattern baldness :).
Anyway if your skull shape is ugly, shaving it all off isn't that great an option either. I've seen people who unfortunately do "need" hair, while others look pretty good without hair.
But how do you know whether the first, second, third, fourth, Xth CA signed cert you got is a good one?
;) ).
What if the CA signed cert you got was actually created by the hacker? By default most browsers won't warn you, as long as the cert is signed by ANY of the dozens of CAs accepted by your browser[1] (I personally use Certificate Patrol so I am more likely to be warned in such situations - cert changed CA and changed way before expiry).
Seems a worse situation than the self-signed cert - where you can choose not to do any security sensitive stuff till you confirm that the self-signed cert doesn't change over time and over different ISP connections (and your email to the bank gets an appropriate response). If the hacker has MITM'ed the bank's internet connection and nobody (including the bank and their customers) has noticed even after a few days or a week, then it might not make a big difference - the hacker probably has pwned the bank in other ways.
Even with a CA signed cert I still had to email my bank to confirm it, because the cert changed from a single host cert to a multiple host cert for multiple countries, signed by a different CA (remember: most browsers by default would not warn you in such a situation). Are you so confident that it would still be OK to login and do transactions in that situation?
So what's the big difference in security? If you talk about "normal users" there's no difference. Normal users can get pwned just because the hacker gives the bank the user's mother's maiden name as the "security answer" or other corporate idiocy. Or they'll get pwned because they got phished. Or they'll get pwned because they won't know that the valid CA signed cert is actually invalid.
If you talk about people who actually care and know about security, there is no real difference either - because they will still have to do extra checks.
[1] Firefox recognizes many dozens of CAs. Windows/IE recognizes any CA that has their cert signed by Microsoft or other appropriate installed CA, so even if the CA cert isn't listed at first, it will automatically get added (try deleting a CA root cert and watch it get readded when you visit their site using IE via https). Google Chrome on Windows by default recognizes any CA that IE recognizes (good luck
Given the crappy CAs (and banks[1] out there), it really makes no difference.
The difference is with self-signed certs your vulnerability is the first time you connect to the bank's home page. And if you're paranoid you could try to connect to the bank's home page via different ISPs on different days. If they're the same over a few days and there's no "hacker pwns bank" news, things should be OK.
Whereas with the current state of CA crappiness, your vulnerability is ANYTIME.
The main reason why certs change is because there is artificial scarcity - the certs expire very regularly. So you get all these changes that make it hard for you to know whether something has gone wrong or not.
Yes you can have stuff like Certificate Patrol telling you that the cert's CA has changed. But even then, how would you know if that's OK or not? I've had sites keep alternating certs with different CAs. And I've still had to email a bank to ask whether their cert was good or not (because the cert changed from a one site cert to a cert for multiple sites for multiple countries signed by a different CA - so how would you know whether it's OK or not? Just because other people have the same problem (Convergence's approach)?.
Yes employees change companies, but do companies change/revoke their CA signed server certs the very moment "someone" changes jobs? So what's the big difference?
If the certs rarely changed, and the banks stuck to their CA and got CAs to revoke their certs when "stuff happens", and browsers warned users if the cert changed for no good reason even if signed by a valid CA, then sure the CA method would be better than self-signed certs.
But meanwhile self-signed certs could actually be safer in many scenarios.
[1] Attackers could just hack the bank via social engineering or other means.
I don't know if it works for your bank, but I've let my bank know that I'm travelling to "Country X", so that they don't disable my credit card if I try to use it there. Nowadays I don't bother though...
The tank can move soon after firing. And because of the armour you need usually need a direct hit or a lot of firepower to take out with "near misses".
Something like this could take out many tanks: http://www.youtube.com/watch?v=GQlkNEG-5WM#t=3m24s
http://en.wikipedia.org/wiki/CBU-97_Sensor_Fuzed_Weapon
It is very expensive so you wouldn't want to waste it on just one or two tanks. But I doubt tanks normally roam far away from their supply chains - they can't "live off the land". So there will likely be situations where you have many tanks and vehicles together whether moving or stationary.
The camouflage cloak might help protect tanks against this sort of stuff.
But to me the future would likely be making an elite class of infantry "cyborg tanks". They won't be as tough as tanks but they won't be big noisy sitting ducks, and they can take out tanks more easily than vice versa. If you can power an armoured suit with petrol/diesel or even cooking oil/carbohydrates then a soldier with such a suit could carry a lot more firepower, armour and other stuff, while having a high degree of mobility and stealth.
Walmart has more employees:
http://money.cnn.com/magazines/fortune/fortune500/2010/performers/companies/biggest/employees.html
http://www.businessinsider.com/walmart-employees-pay
But the USPS is probably second place or so.
NSA has been trying for decades to get vendors to get serious about security, without much success
Car analogy. Most vendors can barely get their cars to run, so preventing the cars from getting broken into and/or stolen is not the top priority.
It only becomes a priority in places where legislation requires the vendors to worry about it.
Well the first books I read on programming when I was a 7+ year old kid were the very good Apple II manuals: ;).
Apple II Reference Manual
The Applesoft Tutorial
Applesoft II Basic Programming Manual
(See: http://www.classiccmp.org/cini/systems.htm )
I have no regrets reading and even studying them. Learnt a lot: BASIC programming, 6502 machine code (and programming), hardware, I/O. Unfortunately the reference manual didn't provide the cycle timings of the 6502 instructions so I had to figure them out via trial and error. The cycle timing is important for stuff like sound and disk I/O (Apple II disk I/O and control is done mainly in software). By the time I was 8 years old I was modifying games to add features, and later modifying prontodos to try to make disks harder to copy, and disk muncher to copy copy-protected disks more easily
The other programming book I had no regrets reading was "Learning Perl" (the Llama book).
With the amount of money rolling through Enterprise, I doubt they'll sink.
Don't underestimate the sinking power of CEOs ;).
That's as stupid as saying every bug in a car should be treated equally.
For some car flaws you issue a recall and fix it ASAP (e.g. brakes might fail to work). For others you might go "meh" (e.g. indicator lights have visibly different timings depending on whether you signal left or right).
But they might splatter blood on more people's clothes that way.
Heh, looking at the way things go the "HP" stuff might keep running for longer than HP does ;)