Until content owners figure out that nobody will link to their content, thus their content will never be viewed. That will considerably devalue the content, which should not be what they want. They just want to make sure they get paid, and that requires maximizing exposure.
Sender-pays may well be the ultimate spam defense (but see comment about botnet operators...) That bit about delivery=receipt has to be reworked; it's not comparable to snail-mail return receipts, which have to be signed by the recipient. Might make more sense for business-to-business, since the other real value is in non-repudiation.
A matter of expectations management, perhaps. In this case, maybe they actually funded some driver-writing (good planning) when they should have just replaced incompatible hardware (poor implementation choices). The overall air of the citation seems to hinge on customer expectations. It seems more likely that the drivers issue is a red herring, and that the real costs derive from the need to cross-train monoculture victims in the workforce.
I'm finding it hard to believe that Wikileaks hasn't posted anything that's NATO-classified. Even if Sweden isn't a NATO member, wouldn't that expose Assange to prosecution in the UK, which is a member, and also happens to be his present location?
... but it's not just Google. Try finding archives of the news articles concerning the (1997?) WHSO / Secret Service pager intercepts on *any* search engine.
Apple continues to behave in ways that make their products more trouble than they're worth. What are they hiding by doing this? Certainly nothing from their competitors. While it's claimed above that this will enhance repair profits, my personal suspicion is that it's ultimately meant to conceal embarrassments in products' internals.
So far, I don't know of anyone that's figured out how to implement Mandatory Access Controls without using cryptography. I don't think you can enforce privileged two-person integrity without MAC, and based on multi-part keys held out of band. Since most environments are designed to attribute actions to a specific individual, nobody implements a TPI technique that would result in two individuals being 'jointly and severally liable' for an action on the system. The closest thing I've ever heard of is environments like OpenVMS that allowed you to set up a second password for an account.
This concept can be turned inside-out to provide "Per-Service, Per-Page" discounts to what would otherwise be hefty fees. So the carrier can jack up the base rate and discount specific sites.
Just because Bernard Madoff wasn't violent doesn't mean he wasn't a felon, does it? Or, for that matter, that he didn't destroy people's lives and livelihoods.
Actually, he appears to be using the phrase "completely invalid" poorly. The certificate proves (to a point) that it was issued to the site using it by the signing authority. THE NAMES DON'T HAVE TO MATCH! Either you trust the signing authority and the fact that the certificate holder has its private key, or you don't. Otherwise, it's just like SMTP: the underlying protocol could easily be under-lying, because that protocol does not enforce security -- that's what the certificates are for. That said, if you have a site, you owe it to your customers to get a certificate name that matches. All of them. Then again, given the 1:1 certificate per IP-port requirement, that expectation may be unreasonable on IPv4.
In computer-war terms, other countries (including, but not limited to, China) are already a military threat to the US. By attempting to infiltrate US DoD, contractor, and allied government and contractor systems, adversaries create conditions that divert defensive resources away from other military efforts. This alone is a form of cyber attack, even without considering the consequences of what might happen if/when such intrusions succeed.
Article states: "I can disable the national power grids of half the countries in the world using nothing more than an iPhone. There is no such thing as 'cyberweapons'" These statements must be viewed as incongruent on some level. The fact that an iPhone might be used to commit an act of war may not may the iPhone a cyberweapon; however, disabling a national power grid is an act of war, no matter how you did it. You need to view this sort of thing in light of Robert K. Knake and Richard A. Clarke's book _CYBER WAR_ ISBN 978-0-06-196223-3. Russia's proposed treaty is about keeping the US asymmetrically vulnerable to computer-based attacks.
... should mean zero tolerance for people deliberately choosing to promulgate ignorance. Let's go ahead and issue student vouchers, so I can keep my kids out of schools like those.
Why do some people try to equate cars with fly-by-wire airplanes? They are not the same thing, and computers in any vehicle should be safety-critical only by necessity, not by choice. Any safety-critical software should be hard-coded and not subject to tinkering without replacing the entire module.
Anyone who allowed their company to build a car, in which the computer was safety-critical, with no mechanical fail-safes, needs to spend the rest of their lives in Gitmo being water-boarded. And no, there's no *good* reason that such equipment is expensive , other than proprietary protections for the vendor. The equipment used at the factory does not do anything special to ensure the product operates safely; only the engineering simulations do that.
That said, the foregoing does not mean it's a good idea for the casual mechanic to diddle with his car's computer, in part because it was probably optimized in interdependent ways that he has no chance of figuring out, because they only made sense serendipitously when being coded.
...with most people's perception and experience with TSA (a bunch of small-brained bullies with undersize genitals and oversize metal batons?) If I thought my cow-orkers were looking at mine, I'd want to be as flaccid as possible -- the alternative would be to get turned on by it.
1) Limited display surfaces. Computers tend to treat all displays as if they need realtime updates. An HDTV large-screen desk display that updates slowly can handle vast display requirements without taxing computer hardware, which is cheap anyway.
2) Paper. Incoming paper still has to be dealt with. Scanning does not imply OCR, does not imply search.
Right, so what are we going to buy in the absence of what you're calling "their cheap junk", since we don't make it anymore? South American "cheap junk", or Canadian "cheap junk"? Oh wait, there's always Africa...
Yep, that leaves the actual taking down of the grid to *domestic* terrorists. They're the ones who won't care that China stops receiving income when our grid goes down.
Slashdot Mirror
Until content owners figure out that nobody will link to their content, thus their content will never be viewed. That will considerably devalue the content, which should not be what they want. They just want to make sure they get paid, and that requires maximizing exposure.
Sender-pays may well be the ultimate spam defense (but see comment about botnet operators...) That bit about delivery=receipt has to be reworked; it's not comparable to snail-mail return receipts, which have to be signed by the recipient. Might make more sense for business-to-business, since the other real value is in non-repudiation.
A matter of expectations management, perhaps. In this case, maybe they actually funded some driver-writing (good planning) when they should have just replaced incompatible hardware (poor implementation choices). The overall air of the citation seems to hinge on customer expectations. It seems more likely that the drivers issue is a red herring, and that the real costs derive from the need to cross-train monoculture victims in the workforce.
I'm finding it hard to believe that Wikileaks hasn't posted anything that's NATO-classified. Even if Sweden isn't a NATO member, wouldn't that expose Assange to prosecution in the UK, which is a member, and also happens to be his present location?
... but it's not just Google. Try finding archives of the news articles concerning the (1997?) WHSO / Secret Service pager intercepts on *any* search engine.
Apple continues to behave in ways that make their products more trouble than they're worth. What are they hiding by doing this? Certainly nothing from their competitors. While it's claimed above that this will enhance repair profits, my personal suspicion is that it's ultimately meant to conceal embarrassments in products' internals.
So far, I don't know of anyone that's figured out how to implement Mandatory Access Controls without using cryptography. I don't think you can enforce privileged two-person integrity without MAC, and based on multi-part keys held out of band. Since most environments are designed to attribute actions to a specific individual, nobody implements a TPI technique that would result in two individuals being 'jointly and severally liable' for an action on the system. The closest thing I've ever heard of is environments like OpenVMS that allowed you to set up a second password for an account.
Or they can hide value content behind the Flash, so that if you don't use Flash you'll never get there. That implies value content...
Corporations are not free to do that, you have to pay them for the privilege.
This concept can be turned inside-out to provide "Per-Service, Per-Page" discounts to what would otherwise be hefty fees. So the carrier can jack up the base rate and discount specific sites.
I wonder how they disabled the wi-fi? Or maybe they didn't...
Just because Bernard Madoff wasn't violent doesn't mean he wasn't a felon, does it? Or, for that matter, that he didn't destroy people's lives and livelihoods.
... Charles Manson decrying the prioritization of murder-kidnap over, say espionage.
Actually, he appears to be using the phrase "completely invalid" poorly. The certificate proves (to a point) that it was issued to the site using it by the signing authority. THE NAMES DON'T HAVE TO MATCH! Either you trust the signing authority and the fact that the certificate holder has its private key, or you don't. Otherwise, it's just like SMTP: the underlying protocol could easily be under-lying, because that protocol does not enforce security -- that's what the certificates are for. That said, if you have a site, you owe it to your customers to get a certificate name that matches. All of them. Then again, given the 1:1 certificate per IP-port requirement, that expectation may be unreasonable on IPv4.
In computer-war terms, other countries (including, but not limited to, China) are already a military threat to the US. By attempting to infiltrate US DoD, contractor, and allied government and contractor systems, adversaries create conditions that divert defensive resources away from other military efforts. This alone is a form of cyber attack, even without considering the consequences of what might happen if/when such intrusions succeed.
Article states: "I can disable the national power grids of half the countries in the world using nothing more than an iPhone. There is no such thing as 'cyberweapons'" These statements must be viewed as incongruent on some level. The fact that an iPhone might be used to commit an act of war may not may the iPhone a cyberweapon; however, disabling a national power grid is an act of war, no matter how you did it. You need to view this sort of thing in light of Robert K. Knake and Richard A. Clarke's book _CYBER WAR_ ISBN 978-0-06-196223-3. Russia's proposed treaty is about keeping the US asymmetrically vulnerable to computer-based attacks.
...thousands of employers begin blocking port 443 to Google ...
... should mean zero tolerance for people deliberately choosing to promulgate ignorance. Let's go ahead and issue student vouchers, so I can keep my kids out of schools like those.
Why do some people try to equate cars with fly-by-wire airplanes? They are not the same thing, and computers in any vehicle should be safety-critical only by necessity, not by choice. Any safety-critical software should be hard-coded and not subject to tinkering without replacing the entire module.
That said, the foregoing does not mean it's a good idea for the casual mechanic to diddle with his car's computer, in part because it was probably optimized in interdependent ways that he has no chance of figuring out, because they only made sense serendipitously when being coded.
...with most people's perception and experience with TSA (a bunch of small-brained bullies with undersize genitals and oversize metal batons?) If I thought my cow-orkers were looking at mine, I'd want to be as flaccid as possible -- the alternative would be to get turned on by it.
1) Limited display surfaces. Computers tend to treat all displays as if they need realtime updates. An HDTV large-screen desk display that updates slowly can handle vast display requirements without taxing computer hardware, which is cheap anyway. 2) Paper. Incoming paper still has to be dealt with. Scanning does not imply OCR, does not imply search.
Right, so what are we going to buy in the absence of what you're calling "their cheap junk", since we don't make it anymore? South American "cheap junk", or Canadian "cheap junk"? Oh wait, there's always Africa...
Yep, that leaves the actual taking down of the grid to *domestic* terrorists. They're the ones who won't care that China stops receiving income when our grid goes down.
then why isn't it better?