Upon reflection, one difference between Voice of America and the use of social media is obvious. A radio station like Voice of America is operated by a known entity, and the entity's bias can be judged along with the content of the messages. Social media postings may originate from unknown entities, making the entity's bias opaque and difficult to judge along with the message content.
I doubt, however, that there is a blanket refusal by the USA (or other state actors) to use social media targeted at foreign populations for propaganda purposes just because of the difficulty of determining the originating entity and that entity's bias.
Apparently *NO ONE* could be expected to maintain security of their systems in the face of the Russian agent onslaught. (eyeroll)
This might be true if the hack was a really clever attack (like Stuxnet). Whether or not "it was the Russians" is a meaningful defense can't be judged without knowing whether the attack was met with the relative resistance of putting a finger through wet tissue paper or something more difficult, like stealing the gold from Fort Knox. It is unlikely that Yahoo (or anyone else) is going to be totally forthcoming about what they were and weren't doing for infosec just before they got hacked. Honest and deep root cause analysis is hard enough when the only expected audience is internal.
I would be *amazed* if the USA is not trying to further the US agenda (whatever that is) using social networks targeted at/in other countries. Is there much difference between Voice of America and such a practice?
Technically, if it wasn't in orbit, then it wasn't a satellite: "In context of spaceflight, a satellite is an artificial object which has been intentionally placed into orbit. Such objects are sometimes called artificial satellites to distinguish them from natural satellites such as Earth's Moon." https://en.wikipedia.org/wiki/Satellite/
The headline seems inflammatory to me; a more accurate headline would have said something like the US scrapped/dismantled a replacement satellite. The words used strongly implied that the US destroyed an actual satellite (i.e., an object in orbit).
The NRA is basically owned by their main lobbyist and his family. They do nothing but come up with new things that they can sell for their own profit to members. They treat the group like their own personal piggy bank and bend over whenever gun control people yell. They are a false opposition that only supports small and safe pro gun laws and in exchange the Democrat party acts like they still matter and are the gun boogieman.
I've followed gun control/private ownership of firearms politics in the US for quite a while, and this characterization of the NRA doesn't ring true to me. Can you provide any examples of the behavior you attribute to the NRA here? I know it's not directly related to the main topic, but it is being used to establish a pattern that is relevant to the discussion.
What is called "identity theft" in the United States typically happens when one person obtains good or services in the name of another person, and that other person is then pursued by the creditor to pay the bill. In some cases traffic law violations or criminal charges are pursued against the other person due to the fraudulent use of their "identity" by the one person.
The first factor in the rampant "identity theft" problem is that there is no national "identity card" in the United States. The main document used to establish identity is a driver's license. Driver's licenses are issued by the 50 US states to their residents; any given US person (who drives a motor vehicle) should have one and only one driver's license issued by the state they "reside" in. There are some weaknesses in the proofing done by the state's when driver's licenses are issued (and in some cases these weaknesses are encouraged because eliminating them would prevent people who have not entered the country legally from getting licenses). These weaknesses can allow someone to get a license in the name ("identity") of another person. Perhaps more importantly, it is not mandatory that anyone get a driver's license, so most identity-proofing scenarios have alternative means of proofing.
The second factor is that the alternative means of proving identity (other than a driver's license) often depend on the knowledge of various bits of personal trivia, many/most of which are stored by creditors and credit bureaus (so that they can uniquely identify credit users). These authenticators are all fairly weak individually, but are treated as being strong when presented in combination. Historically, a certain piece of personal trivia is treated as strong all by itself (for no good reason ) - this being the "social security number". The SSN is a theoretically unique personal identifier assigned to each US person and originally used primarily to track their account status for two social welfare programs - "social security" (payments to retired individuals based on payroll taxes from their lifetime earnings) and "medicare" (health care and health insurance provided due to payroll taxes on their lifetime earnings). The SSN also became the primary tax id number for income tax purposes (because it was an existing government unique id number and was already known for payroll purposes I supposed). No where in law was the SSN ever presented as a "secret" the knowledge of which could be used to prove an identity, but credit-granting organizations made the assumption that if one knew the SSN that was associated with a given name, one must be that individual.
The third factor is that obtaining goods and services without immediate payment encourages consumption. Since encouraging consumption is seen as a "good" the system is tilted towards making it easy to obtain goods/services on credit. As long as one can present some kind of identity credential that ties into a credit bureau record showing an acceptable probability of repayment, one gets goods and services without immediate payment.
It is hard for victims to fight back because it is very easy for creditors to put information into the credit bureau files, and very hard for the subjects of those files to challenge/correct the information that is there when the creditor has the data showing that good and services were provided but not paid for (the idea that the creditor has to prove the identity relationship between the person to whom they provided goods/services and the person who is challenging the credit bureau records doesn't seem to exist).
A credit bureau exposing all of the identity-proofing information used for a large number of people is roughly equivalent to a system administrator exposing the unchangeable passwords for all of the system's users. In a sane world, this would be the nail on the coffin of the idea that knowing these personal bits of trivia "proves" you are the person to whom these bits apply. Hopefully there will be a few court cases where the creditors a
Interesting point. Perhaps part of the problem that is being blamed on USB-C as a standard is rooted in how USB-C is being used... forcing people to use an external dongle for Ethernet is kind of like removing someone's intestines and forcing them to use a colostomy bag, all while assuring them its a better solution...
If we take "IT" to mean a general IT department, not just any use of computers in a company (i.e., we leave out embedded processors in products, software development where the software is the company's product, etc.) then a few hard truths might be:
There is rarely if ever an easy "one size fits all" answer for corporate IT strategy. If you don't have a senior IT staff that first understands their company's business, second understands the IT strategy in support of the company's business, and third understands how a particular new technology (such as a cloud service) may play a role and can talk about the pros and cons, then you may be doomed to have a chaotic "strategy" where personal power drives decisions and the company's IT solutions depend upon the powerful regardless of whether they are knowledgeable. You may also be doomed to weak and ineffectual management by committees and decisions by default because no one dares to take a stand in favor of what they think is right (and few would understand a cogent argument even if laid out in comic book form).
Everyone in your company can do "IT" (they don't need you to do it for them). Ever since DEC started selling Peripheral Data Processors, then the first "departmental minicomputers" (Data General Nova, DEC PDP 11/70s, VAXen, etc. etc.) emerged on the scene, corporate IT departments have been locked in a tug-of-war over who does "IT". If the corporate IT department wants to be in charge of IT, they have to demonstrate their leadership and competence at delivering IT solutions that the business likes and can use effectively (at least effectively enough that they don't decide to go off and do it on their own).
Change in IT is constant. Just when you think you are done and can rest a bit, something new comes along and you have to figure out what its value is now, what its value will be in a year or two, and how to control the adoption/integration of this new thing into your every changing set of IT solutions.
Although change in IT is a constant, at a high level many things remain the same. The business needs tools that help them do their job (whatever that is). It takes time to achieve new capabilities, but if it takes too long to get the new thing working, the need has changed by the time that you do. Business needs to trust IT, and IT has to respect and support the business. Users are *not* a "test load" on the system, they are the reason why you got to spend a bunch of money on the system in the first place; if you piss them off, you will eventually be in a bad place. Not every bright and shiny new thing will find a place in your environment, but you will have to be able to communicate well with the advocates of each and every one of those bright and shiny new things.
There are probably more "hard truths," but that is a start.
I worked in corporate IT for a fairly large (40k employees) company back in the first half of the 1990s. The CIO would have new ideas regularly about what "we" should be doing (i.e., corporate IT strategy). After a while, we figured out that there was a strong correlation between whatever was recently in "CIO Magazine" and what the CIO's latest ideas for corporate IT strategy were. Unfortunately, it was difficult to have a conversation with the CIO about context and why not everything in CIO Magazine would work in our environment. Fortunately, a new issue of CIO Magazine would generate a whole new set of ideas, and the previous set would generally be forgotten. The one really big idea that came out in that timeframe (using HTTP/HTML to create a corporate information service) wasn't found in CIO Magazine. My impression of CIO Magazine was that it was like "Teen Beat" for CIOs.
The score (from http://www.politifact.com/trut...) as of 2015...counts deaths of Americans in America:
24: number of Americans killed by terrorism in the last decade
208,024: number of Americans killed by guns in the last decade
Given the seemingly substantial increase in the risk that computer users cannot trust software that they have acquired regardless of source, what needs to change about the architecture and/or operation of computer systems (hardware and/or software) to reduce this risk? The risk has always been present, but the threat appears to have increased significantly (by which I mean that there is a greater probability that someone is trying to attack through this attack vector), which increases the risk accordingly.
For example, part of the fuel for the threat is the "always on" Internet communications that make the software that we use much more exploitable. In the "old days" (pre-Internet) there wasn't much value to be gained by a vendor (or a spy agency) embedding malicious code in an application; there was no practical way to get information back out or send control signals in. Now there is a significant value to be gained by getting malicious code into "trusted" software because of the persistent two-way communications made available by always-on Internet. Perhaps we need a sea change in the behavior we are willing to accept from software on our systems - no external communications of any kind unless the communications are plainly visible (to the user) and completely under the control of the user.
What other risk mitigation approaches might there be?
Speaking of the cloud and trustworthiness, how do you know that what you get back from your cloud storage is exactly what you put into your cloud storage (nothing more, nothing less)? We need good file checksum tools that use local/off-line storage of checksums for comparison purposes.
How do you know that any piece of software on your computer is doing just what it says, and nothing more, especially when it makes "phone home" connections? We need automatic containment of all software execution with the ability to vet/approve all external data access.
Since even operating system vendors are suspect (e.g. Microsoft's Windows 10 forced upgrades/privacy stealing communications) we need hardware that creates/enforces the owner's trust model, not the operating system's...
We need a very different future computing environment than what we have now.
Long commutes suck (in my opinion). The best way to avoid them is to live close to where you work, which probably involves a trade-off of jobs and income. Once you have a family, moving to be close to work becomes more problematic. Living in/near urban environments brings more job opportunities, at the cost of longer commutes; living away from the coastal areas in the US often can provide a better work/life balance, but perhaps at lower income levels. All of this means that choosing where to live and work involves a lot of trade-offs.
My main take-away from the article is that the author thinks that the amount of sleep an individual gets should be given more weight/consideration when evaluating the trade-offs, both by employers and by employees.
Slashdot Mirror
Woosh...
Upon reflection, one difference between Voice of America and the use of social media is obvious. A radio station like Voice of America is operated by a known entity, and the entity's bias can be judged along with the content of the messages. Social media postings may originate from unknown entities, making the entity's bias opaque and difficult to judge along with the message content.
I doubt, however, that there is a blanket refusal by the USA (or other state actors) to use social media targeted at foreign populations for propaganda purposes just because of the difficulty of determining the originating entity and that entity's bias.
Apparently *NO ONE* could be expected to maintain security of their systems in the face of the Russian agent onslaught. (eyeroll)
This might be true if the hack was a really clever attack (like Stuxnet). Whether or not "it was the Russians" is a meaningful defense can't be judged without knowing whether the attack was met with the relative resistance of putting a finger through wet tissue paper or something more difficult, like stealing the gold from Fort Knox. It is unlikely that Yahoo (or anyone else) is going to be totally forthcoming about what they were and weren't doing for infosec just before they got hacked. Honest and deep root cause analysis is hard enough when the only expected audience is internal.
I would be *amazed* if the USA is not trying to further the US agenda (whatever that is) using social networks targeted at/in other countries. Is there much difference between Voice of America and such a practice?
Technically, if it wasn't in orbit, then it wasn't a satellite: "In context of spaceflight, a satellite is an artificial object which has been intentionally placed into orbit. Such objects are sometimes called artificial satellites to distinguish them from natural satellites such as Earth's Moon." https://en.wikipedia.org/wiki/Satellite/
The headline seems inflammatory to me; a more accurate headline would have said something like the US scrapped/dismantled a replacement satellite. The words used strongly implied that the US destroyed an actual satellite (i.e., an object in orbit).
The NRA is basically owned by their main lobbyist and his family. They do nothing but come up with new things that they can sell for their own profit to members. They treat the group like their own personal piggy bank and bend over whenever gun control people yell. They are a false opposition that only supports small and safe pro gun laws and in exchange the Democrat party acts like they still matter and are the gun boogieman.
I've followed gun control/private ownership of firearms politics in the US for quite a while, and this characterization of the NRA doesn't ring true to me. Can you provide any examples of the behavior you attribute to the NRA here? I know it's not directly related to the main topic, but it is being used to establish a pattern that is relevant to the discussion.
This whole thread is marvelously ridiculous.
But is the question moot? http://www.rollingstone.com/tv/lists/20-best-saturday-night-live-political-sketches-w481607/the-question-is-moot-102084-w481905/
You forgot to mention mute points.
Even the Sioux argued about Daylight Saving Time?
And they took their time quite seriously https://en.wikipedia.org/wiki/John_Harrison/
He may be quite cunning.
Looks like the American's didn't start it... http://www.webexhibits.org/daylightsaving/e.html/
That's American Telephone and Telegraph. I guess I'm autistically pedantic today.
At least we won't have to relive the "when does the millennium actually begin" drama.
Where I come from, we park on the driveway, and we drive on the parkway.
The first factor in the rampant "identity theft" problem is that there is no national "identity card" in the United States. The main document used to establish identity is a driver's license. Driver's licenses are issued by the 50 US states to their residents; any given US person (who drives a motor vehicle) should have one and only one driver's license issued by the state they "reside" in. There are some weaknesses in the proofing done by the state's when driver's licenses are issued (and in some cases these weaknesses are encouraged because eliminating them would prevent people who have not entered the country legally from getting licenses). These weaknesses can allow someone to get a license in the name ("identity") of another person. Perhaps more importantly, it is not mandatory that anyone get a driver's license, so most identity-proofing scenarios have alternative means of proofing.
The second factor is that the alternative means of proving identity (other than a driver's license) often depend on the knowledge of various bits of personal trivia, many/most of which are stored by creditors and credit bureaus (so that they can uniquely identify credit users). These authenticators are all fairly weak individually, but are treated as being strong when presented in combination. Historically, a certain piece of personal trivia is treated as strong all by itself (for no good reason ) - this being the "social security number". The SSN is a theoretically unique personal identifier assigned to each US person and originally used primarily to track their account status for two social welfare programs - "social security" (payments to retired individuals based on payroll taxes from their lifetime earnings) and "medicare" (health care and health insurance provided due to payroll taxes on their lifetime earnings). The SSN also became the primary tax id number for income tax purposes (because it was an existing government unique id number and was already known for payroll purposes I supposed). No where in law was the SSN ever presented as a "secret" the knowledge of which could be used to prove an identity, but credit-granting organizations made the assumption that if one knew the SSN that was associated with a given name, one must be that individual.
The third factor is that obtaining goods and services without immediate payment encourages consumption. Since encouraging consumption is seen as a "good" the system is tilted towards making it easy to obtain goods/services on credit. As long as one can present some kind of identity credential that ties into a credit bureau record showing an acceptable probability of repayment, one gets goods and services without immediate payment.
It is hard for victims to fight back because it is very easy for creditors to put information into the credit bureau files, and very hard for the subjects of those files to challenge/correct the information that is there when the creditor has the data showing that good and services were provided but not paid for (the idea that the creditor has to prove the identity relationship between the person to whom they provided goods/services and the person who is challenging the credit bureau records doesn't seem to exist).
A credit bureau exposing all of the identity-proofing information used for a large number of people is roughly equivalent to a system administrator exposing the unchangeable passwords for all of the system's users. In a sane world, this would be the nail on the coffin of the idea that knowing these personal bits of trivia "proves" you are the person to whom these bits apply. Hopefully there will be a few court cases where the creditors a
And it will take *courage* to remove that keyboard; but it will all be for the best.
Interesting point. Perhaps part of the problem that is being blamed on USB-C as a standard is rooted in how USB-C is being used... forcing people to use an external dongle for Ethernet is kind of like removing someone's intestines and forcing them to use a colostomy bag, all while assuring them its a better solution...
If we take "IT" to mean a general IT department, not just any use of computers in a company (i.e., we leave out embedded processors in products, software development where the software is the company's product, etc.) then a few hard truths might be:
There is rarely if ever an easy "one size fits all" answer for corporate IT strategy. If you don't have a senior IT staff that first understands their company's business, second understands the IT strategy in support of the company's business, and third understands how a particular new technology (such as a cloud service) may play a role and can talk about the pros and cons, then you may be doomed to have a chaotic "strategy" where personal power drives decisions and the company's IT solutions depend upon the powerful regardless of whether they are knowledgeable. You may also be doomed to weak and ineffectual management by committees and decisions by default because no one dares to take a stand in favor of what they think is right (and few would understand a cogent argument even if laid out in comic book form).
Everyone in your company can do "IT" (they don't need you to do it for them). Ever since DEC started selling Peripheral Data Processors, then the first "departmental minicomputers" (Data General Nova, DEC PDP 11/70s, VAXen, etc. etc.) emerged on the scene, corporate IT departments have been locked in a tug-of-war over who does "IT". If the corporate IT department wants to be in charge of IT, they have to demonstrate their leadership and competence at delivering IT solutions that the business likes and can use effectively (at least effectively enough that they don't decide to go off and do it on their own).
Change in IT is constant. Just when you think you are done and can rest a bit, something new comes along and you have to figure out what its value is now, what its value will be in a year or two, and how to control the adoption/integration of this new thing into your every changing set of IT solutions.
Although change in IT is a constant, at a high level many things remain the same. The business needs tools that help them do their job (whatever that is). It takes time to achieve new capabilities, but if it takes too long to get the new thing working, the need has changed by the time that you do. Business needs to trust IT, and IT has to respect and support the business. Users are *not* a "test load" on the system, they are the reason why you got to spend a bunch of money on the system in the first place; if you piss them off, you will eventually be in a bad place. Not every bright and shiny new thing will find a place in your environment, but you will have to be able to communicate well with the advocates of each and every one of those bright and shiny new things.
There are probably more "hard truths," but that is a start.
I worked in corporate IT for a fairly large (40k employees) company back in the first half of the 1990s. The CIO would have new ideas regularly about what "we" should be doing (i.e., corporate IT strategy). After a while, we figured out that there was a strong correlation between whatever was recently in "CIO Magazine" and what the CIO's latest ideas for corporate IT strategy were. Unfortunately, it was difficult to have a conversation with the CIO about context and why not everything in CIO Magazine would work in our environment. Fortunately, a new issue of CIO Magazine would generate a whole new set of ideas, and the previous set would generally be forgotten. The one really big idea that came out in that timeframe (using HTTP/HTML to create a corporate information service) wasn't found in CIO Magazine. My impression of CIO Magazine was that it was like "Teen Beat" for CIOs.
Number of Americans killed by automobiles in the last decade (as of 2016): 350,408. Source: https://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year
Given the seemingly substantial increase in the risk that computer users cannot trust software that they have acquired regardless of source, what needs to change about the architecture and/or operation of computer systems (hardware and/or software) to reduce this risk? The risk has always been present, but the threat appears to have increased significantly (by which I mean that there is a greater probability that someone is trying to attack through this attack vector), which increases the risk accordingly.
For example, part of the fuel for the threat is the "always on" Internet communications that make the software that we use much more exploitable. In the "old days" (pre-Internet) there wasn't much value to be gained by a vendor (or a spy agency) embedding malicious code in an application; there was no practical way to get information back out or send control signals in. Now there is a significant value to be gained by getting malicious code into "trusted" software because of the persistent two-way communications made available by always-on Internet. Perhaps we need a sea change in the behavior we are willing to accept from software on our systems - no external communications of any kind unless the communications are plainly visible (to the user) and completely under the control of the user.
What other risk mitigation approaches might there be?
Speaking of the cloud and trustworthiness, how do you know that what you get back from your cloud storage is exactly what you put into your cloud storage (nothing more, nothing less)? We need good file checksum tools that use local/off-line storage of checksums for comparison purposes.
How do you know that any piece of software on your computer is doing just what it says, and nothing more, especially when it makes "phone home" connections? We need automatic containment of all software execution with the ability to vet/approve all external data access.
Since even operating system vendors are suspect (e.g. Microsoft's Windows 10 forced upgrades/privacy stealing communications) we need hardware that creates/enforces the owner's trust model, not the operating system's...
We need a very different future computing environment than what we have now.
Long commutes suck (in my opinion). The best way to avoid them is to live close to where you work, which probably involves a trade-off of jobs and income. Once you have a family, moving to be close to work becomes more problematic. Living in/near urban environments brings more job opportunities, at the cost of longer commutes; living away from the coastal areas in the US often can provide a better work/life balance, but perhaps at lower income levels. All of this means that choosing where to live and work involves a lot of trade-offs.
My main take-away from the article is that the author thinks that the amount of sleep an individual gets should be given more weight/consideration when evaluating the trade-offs, both by employers and by employees.