And what are we supposed to do with these incompetents if we can't promote them out to management?
Where do you think executives come from.
You'd be surprised how much damage an incompetent executive can do. It may not be immediate, but it poisons an organization systemically. A bad boss can be fired. Firing a bad exec may not remove the toxins fast enough for the organization to recover.
What, you're saying swamp coolers don't qualify as A/C? They may not use the traditional compression/expansion cycle, but they certainly do cool an area. And a mucosal surface like the nasal cavity would provide plenty of evaporation to further expel heat from the body. (Although I suspect that the dinosaurs in TFA used swamp cooling primarily in its most literal sense of "hey, let's stand in the swamp because it's cooler".)
The study postulates that dinosaurs' nasal cavities acted as heat exchangers. Without a heat exchanger, your traditional A/C wouldn't work, either. I wouldn't quibble with this categorization.
My biggest gripe is the article misused the term "model" when it clearly meant genus or species.
I believe that in almost all sectors, users are the primary entree into the protected network, either via phishing or other social engineering. You could probably replace the word Government in the phrase "government cyber breeches" with healthcare, financial services, social networking, retail, non-profit, etc.
Social engineering will always work as long as humans have access to the data and systems. There are steps sys admins can take that can limit or mitigate the damage, but the bottom line is that if people need to access the data, then other people will be able to exploit them.
Heavy handed security often isn't the panacea it's advertised as, because ordinary users will find ways to deal with it. Do you make them change passwords daily? They'll resort to keeping a file of daily passwords. Do you make them fill out a big form to request access to a system? They'll request access to a dozen, in hopes that they will stumble across the correct one, and so won't have to repeat the ordeal; out of the dozen departments they request access from, some may approve the inappropriate request. Or some department head will proclaim "grant everything to my department, because I don't want to waste our time with all these expensive little requests." All of these can be exploited even in the best of situations.
If you think this is an attempt at marketing, you should recognize they're doing a terrible job at it. Read page 3 of the PDF above, the section titled "Executive Summary". That is not even close to an executive summary, and wouldn't explain jack to any of the executives I work with.
An executive summary for this paper should read like this:
"We have documented a sophisticated espionage ring that is targeting the laptop computers of upper level executives who travel to Southeast Asia. The attackers are using WiFi attacks, compromising hotel networks, compromising hotel business center computers, and tricking the executives into installing malware. Hotel staff are often complicit in either providing access to the attackers, notifying the attackers when the rooms are unoccupied, or by providing a distraction to the executive. They are stealing intellectual property, contacts, notes, schedules, and passwords. They are implanting keyloggers. They are tracking the executive's movements around the globe. They are installing custom malware to gain further access once the compromised computer is brought inside the corporate firewall. They are using sophisticated cryptography to hide their malware and their exfiltration activities. And they are carefully maintaining the compromised computers to ensure continued access for sustained, multi-year attacks."
Knowing my luck, when I'd use my Internet-connected Clapper to turn off the last light when going to bed it'd start playing anti-gonorrhea ads due to the poorly programmed ad-personalization algorithm.
Perhaps it's better programmed than you think. Your wife called...
You can certainly get some home automation systems that are cloud-optional. I have a Vera, which is an (overpriced) DD-WRT box, and it doesn't need internet access. You can get to it from outside the house via VPN, or you can use their SSL site to access it if you want. It runs the lights, sensors, and stuff like that. There are some proprietary devices with local interfaces of varying quality.
Some closed source devices want to phone home, just not to your home. Honeywell, Samsung, Craftsman, they don't have a locally accessible interface. You might want to avoid them.
I built mine initially to control greenhouse lighting, and liked it so much I put it in the rest of my house.
The eletronic machines would not have it if they used actual physical buttons. They would not have this issue if the program was on a ROM chip. Not a problem if the voting machines had a internal encrypted flash memory. No glitch if used the two first on this list And that could be solved by software as well.
But for some reason diebold think that they should do all this stupid flashy show instead of actually designing something actually reliable and safe.
Which ROM chip is it? Which crypto key did it use? Did it encrypt properly? How do I see what's in the flash?
Selective Availability wasn't a separate signal; it was the encryption of the least significant bits of the satellite's position found in the C/A data. Only a military grade receiver had the keys to decrypt the signals, allowing the receiver to understand the precise location of the satellite, allowing for a more accurate computation.
The "4th signal" the GP may have been referring to is WAAS, the Wide Area Augmentation System. It's a set of precisely surveyed ground stations that continually measure the amount of timing error they're receiving (generally due to atmospheric interference), which is sent back up to the satellites and included in a set of correction data. It was added to serve the FAA in providing accurate altitude and approach data for aircraft that work at all airports. But it's not a separate signal, it's part of the data sent by each satellite. It's effective, and it's cheap - the receiver doesn't need a separate radio to receive DGPS data.
Unlike WAAS, DGPS data does not go back to the satellite. It is transmitted directly by the ground stations to the user receivers. Its a completely different signal, carried on a terrestrial frequency.
Assuming you're an American, your passport's cover is built with a mesh that is already RF dampening. It can't be read unless it's open. Even a fairly narrow crack can permit reading, so carry it someplace that will keep it closed.
The good thing about RFID readers is that the readers are very reliable. They don't have fragile electrical contacts that can get corroded, mechanically damaged, or electronically damaged by static electricity. They don't require a scanner that can get dirty and fail to read. They don't require a mag stripe head that can pick up embedded abrasives causing it to scratch following stripes. They don't have any moving parts that might break. The reason you might care about that lower maintenance costs us taxpayers less, and means fewer "out-of-order" lines at the border.
Do you see the difference between the physical world and the information world?
No, I don't see the difference. Please explain.
OK, since this is slashdot, the terms of service require someone to explain it to you using a car analogy.
The physical world is like a car. Let's say you're thirsty. You get in the car, you turn the key, you engage the transmission, you depress the throttle and use the wheel to steer yourself around. You navigate the roads, avoiding obstacles and making appropriate turns. When you arrive at the bar, you hit the brakes, disengage the transmission, turn off the key, exit the car, go in the bar, buy a beer, and drink it. The information world is exactly the same thing, except there is no car and no beer, and four hours after you realize you haven't gotten anywhere, you're still thirsty.
I also thought it sounded like a good thing. When safety components have to structurally withstand higher impact loads, that really means they cover a wider range of occupants. It doesn't mean they won't continue to test with infants and children.
Besides, they run many thousands of simulated crashes before they expend real dollars on actual crash tests. The dummy is nowadays just the "proof" test.
To be fair, there is room for distinctions inside the cloud metaphor. Regular cloud services will now be called the "cumulus" cloud, and the Internet2 service is the "cirrostratus" cloud, because it has faster winds.
So you're saying that cloud metaphors blow? I concur.
The problem is that slope required for adequate drainage can be a very gradual change in the elevation of the ground, but the drone is not in contact with the ground. GPS located photos are great for locating lat/lon of visible items, but getting the precise elevation would probably require surveyed reference points and the full 3D treatment.
TFA states that the old algorithm breaks down once the number of source images exceeds a few hundred, at which point it can take thousands of hours to process. The new algorithm can accommodate over a thousand images and process them all in about four hours.
this sort of thing shouldn't happen to a sufficiently well funded space agency where such catastrophic failure can't be tolerated.
"Can't be tolerated"? Spaceflight has always run on the ragged edge of engineering. Just sending an Antares booster to LEO means every unit of payload mass costs 40x its weight in fuel and booster weight, all of which is going to be consumed or destroyed during the four-minute-service-life of the machine. Do they choose expensive copper wire which weighs more than cheap aluminum wire? Do they reinforce the structure with steel, aluminum, or titanium? Where do they find extra weight to shave off? Do they leave in the quintuply redundant safety systems if it's not a manned flight? How do they balance all the physical requirements against their budgets?
They build it out of materials that meet the requirements with the tiniest possible safety margins over the service minimums, and test as best as they can that none are substandard. All it takes is one weak part out of the thousands in the ship. So you build a couple of your disposable ships, test fly a few, and watch for failing parts. But you can't afford to test a thousand rockets, so at some point you have to fly them for paying customers.
Failures have to be tolerated, or we'd never get anywhere interesting.
2600 has always painted hackers as martyrs. It's kind of their thing. Draper got busted, Mitnick got busted, they get harassed by Feds, therefore "we poor persecuted hackers just want freedom for all." You even see it in the 199x movie Hackers.
The magazine is still interesting as long as you overlook the crazy self-pitying editorials.
Look at how counterfeiting laws work for money. If you pay with a $100 bill in a smokey bar at night and get a $20 counterfeit bill in change, and don't realize it until the next day, you're out the $20. If you try to spend it, you're actually committing a felony - it doesn't matter if you printed the phony bill yourself, or if you just accepted it as change and are passing it forward. It also doesn't matter if you realize it's counterfeit or not, although the Secret Service agents may agree to give you a pass the first time you try to spend phony money if you claim you didn't realize it was counterfeit, and cooperate completely.
However, currency counterfeiting laws are very specific to money. Let's look at product counterfeiting, which works similarly but probably without the felony charges.
If FTDI discovered a container of devices with counterfeit chips was en route, they could tell Customs, who would order the contents of the container to be destroyed once they arrived on the dock. This would be a problem for the shipping company, who accepted the devices for shipment and never delivered them, so they would have to pay out an insurance claim. The insurer then has to deal with the liability by going back to the shipper and saying "hey, your devices were destroyed by Customs, I had to pay out for failing to deliver the goods." I expect the shipping companies deal with this all the time, though, and have a contract clause that absolves them of insurance liability in this case. In this case, the supplier is out the money. Their recourse would be to go back to the manufacturer and ask for their money back. Maybe the manufacturer will honor the request, maybe they won't.
If FTDI discovered a shipment of devices with counterfeit chips already went to MicroCenter, they would call the Secret Service, who would contact MicroCenter and MicroCenter would have to pull them off the shelves and destroy them, leaving MicroCenter without the money. Their only recourse would be to contact their supplier and say "hey, you sold us counterfeit goods, we want our money back." Maybe they'd get their money back, maybe they wouldn't. It's a risk.
So FTDI has now found a way to destroy a consumer device. As above, the consumer is similarly out of luck. Their recourse is to go back to MicroCenter and say "hey, this adapter, it's broke." Maybe they'll get their money back, maybe they won't. It's a risk. MicroCenter might eat the losses, or they might go back to their supplier, who might go back to the manufacturer.
In every case when the counterfeits are discovered they are destroyed, leaving somebody without the device and without the money.
I think FTDI may have a pretty solid legal ground for behaving like this, even though it's always a crappy experience to the person who got stuck with the phony. The main difference is that FTDI is doing this without asking the Secret Service to investigate the counterfeits first.
Slashdot Mirror
Came here to say exactly this. Focus on your adventure. Coding will be here when you get back.
And what are we supposed to do with these incompetents if we can't promote them out to management?
Where do you think executives come from.
You'd be surprised how much damage an incompetent executive can do. It may not be immediate, but it poisons an organization systemically. A bad boss can be fired. Firing a bad exec may not remove the toxins fast enough for the organization to recover.
How is this a bike and not a motorcycle?
It's neither. It is a rocket that happens to have two wheels hanging beneath it, and Wile E. Coyote hanging onto a crossbar above it.
What, you're saying swamp coolers don't qualify as A/C? They may not use the traditional compression/expansion cycle, but they certainly do cool an area. And a mucosal surface like the nasal cavity would provide plenty of evaporation to further expel heat from the body. (Although I suspect that the dinosaurs in TFA used swamp cooling primarily in its most literal sense of "hey, let's stand in the swamp because it's cooler".)
The study postulates that dinosaurs' nasal cavities acted as heat exchangers. Without a heat exchanger, your traditional A/C wouldn't work, either. I wouldn't quibble with this categorization.
My biggest gripe is the article misused the term "model" when it clearly meant genus or species.
I believe that in almost all sectors, users are the primary entree into the protected network, either via phishing or other social engineering. You could probably replace the word Government in the phrase "government cyber breeches" with healthcare, financial services, social networking, retail, non-profit, etc.
Social engineering will always work as long as humans have access to the data and systems. There are steps sys admins can take that can limit or mitigate the damage, but the bottom line is that if people need to access the data, then other people will be able to exploit them.
Heavy handed security often isn't the panacea it's advertised as, because ordinary users will find ways to deal with it. Do you make them change passwords daily? They'll resort to keeping a file of daily passwords. Do you make them fill out a big form to request access to a system? They'll request access to a dozen, in hopes that they will stumble across the correct one, and so won't have to repeat the ordeal; out of the dozen departments they request access from, some may approve the inappropriate request. Or some department head will proclaim "grant everything to my department, because I don't want to waste our time with all these expensive little requests." All of these can be exploited even in the best of situations.
If you think this is an attempt at marketing, you should recognize they're doing a terrible job at it. Read page 3 of the PDF above, the section titled "Executive Summary". That is not even close to an executive summary, and wouldn't explain jack to any of the executives I work with.
An executive summary for this paper should read like this:
"We have documented a sophisticated espionage ring that is targeting the laptop computers of upper level executives who travel to Southeast Asia. The attackers are using WiFi attacks, compromising hotel networks, compromising hotel business center computers, and tricking the executives into installing malware. Hotel staff are often complicit in either providing access to the attackers, notifying the attackers when the rooms are unoccupied, or by providing a distraction to the executive. They are stealing intellectual property, contacts, notes, schedules, and passwords. They are implanting keyloggers. They are tracking the executive's movements around the globe. They are installing custom malware to gain further access once the compromised computer is brought inside the corporate firewall. They are using sophisticated cryptography to hide their malware and their exfiltration activities. And they are carefully maintaining the compromised computers to ensure continued access for sustained, multi-year attacks."
That's an executive summary.
Knowing my luck, when I'd use my Internet-connected Clapper to turn off the last light when going to bed it'd start playing anti-gonorrhea ads due to the poorly programmed ad-personalization algorithm.
Perhaps it's better programmed than you think. Your wife called...
You can certainly get some home automation systems that are cloud-optional. I have a Vera, which is an (overpriced) DD-WRT box, and it doesn't need internet access. You can get to it from outside the house via VPN, or you can use their SSL site to access it if you want. It runs the lights, sensors, and stuff like that. There are some proprietary devices with local interfaces of varying quality.
Some closed source devices want to phone home, just not to your home. Honeywell, Samsung, Craftsman, they don't have a locally accessible interface. You might want to avoid them.
I built mine initially to control greenhouse lighting, and liked it so much I put it in the rest of my house.
When you were in school, Leibnitz hadn't yet invented his Calculus, so there wasn't as much STEM to learn.
I know, I'll get off your lawn.
The eletronic machines would not have it if they used actual physical buttons.
They would not have this issue if the program was on a ROM chip.
Not a problem if the voting machines had a internal encrypted flash memory.
No glitch if used the two first on this list
And that could be solved by software as well.
But for some reason diebold think that they should do all this stupid flashy show instead of actually designing something actually reliable and safe.
Which ROM chip is it? Which crypto key did it use? Did it encrypt properly? How do I see what's in the flash?
Paper suffers from none of those problems.
Selective Availability wasn't a separate signal; it was the encryption of the least significant bits of the satellite's position found in the C/A data. Only a military grade receiver had the keys to decrypt the signals, allowing the receiver to understand the precise location of the satellite, allowing for a more accurate computation.
The "4th signal" the GP may have been referring to is WAAS, the Wide Area Augmentation System. It's a set of precisely surveyed ground stations that continually measure the amount of timing error they're receiving (generally due to atmospheric interference), which is sent back up to the satellites and included in a set of correction data. It was added to serve the FAA in providing accurate altitude and approach data for aircraft that work at all airports. But it's not a separate signal, it's part of the data sent by each satellite. It's effective, and it's cheap - the receiver doesn't need a separate radio to receive DGPS data.
Unlike WAAS, DGPS data does not go back to the satellite. It is transmitted directly by the ground stations to the user receivers. Its a completely different signal, carried on a terrestrial frequency.
Assuming you're an American, your passport's cover is built with a mesh that is already RF dampening. It can't be read unless it's open. Even a fairly narrow crack can permit reading, so carry it someplace that will keep it closed.
The good thing about RFID readers is that the readers are very reliable. They don't have fragile electrical contacts that can get corroded, mechanically damaged, or electronically damaged by static electricity. They don't require a scanner that can get dirty and fail to read. They don't require a mag stripe head that can pick up embedded abrasives causing it to scratch following stripes. They don't have any moving parts that might break. The reason you might care about that lower maintenance costs us taxpayers less, and means fewer "out-of-order" lines at the border.
A man with one watch always knows what time it is.
A man with two watches is never sure.
So I'm not the only one picturing an actual washing machine crashing into the moon. Good!
Do you see the difference between the physical world and the information world?
No, I don't see the difference. Please explain.
OK, since this is slashdot, the terms of service require someone to explain it to you using a car analogy.
The physical world is like a car. Let's say you're thirsty. You get in the car, you turn the key, you engage the transmission, you depress the throttle and use the wheel to steer yourself around. You navigate the roads, avoiding obstacles and making appropriate turns. When you arrive at the bar, you hit the brakes, disengage the transmission, turn off the key, exit the car, go in the bar, buy a beer, and drink it. The information world is exactly the same thing, except there is no car and no beer, and four hours after you realize you haven't gotten anywhere, you're still thirsty.
Dammit, now I'm thirsty too.
I also thought it sounded like a good thing. When safety components have to structurally withstand higher impact loads, that really means they cover a wider range of occupants. It doesn't mean they won't continue to test with infants and children.
Besides, they run many thousands of simulated crashes before they expend real dollars on actual crash tests. The dummy is nowadays just the "proof" test.
"He took a duck in the face at 250 knots."
To be fair, there is room for distinctions inside the cloud metaphor. Regular cloud services will now be called the "cumulus" cloud, and the Internet2 service is the "cirrostratus" cloud, because it has faster winds.
So you're saying that cloud metaphors blow? I concur.
The problem is that slope required for adequate drainage can be a very gradual change in the elevation of the ground, but the drone is not in contact with the ground. GPS located photos are great for locating lat/lon of visible items, but getting the precise elevation would probably require surveyed reference points and the full 3D treatment.
TFA states that the old algorithm breaks down once the number of source images exceeds a few hundred, at which point it can take thousands of hours to process. The new algorithm can accommodate over a thousand images and process them all in about four hours.
Jocular saga, fraternal sibling.
this sort of thing shouldn't happen to a sufficiently well funded space agency where such catastrophic failure can't be tolerated.
"Can't be tolerated"? Spaceflight has always run on the ragged edge of engineering. Just sending an Antares booster to LEO means every unit of payload mass costs 40x its weight in fuel and booster weight, all of which is going to be consumed or destroyed during the four-minute-service-life of the machine. Do they choose expensive copper wire which weighs more than cheap aluminum wire? Do they reinforce the structure with steel, aluminum, or titanium? Where do they find extra weight to shave off? Do they leave in the quintuply redundant safety systems if it's not a manned flight? How do they balance all the physical requirements against their budgets?
They build it out of materials that meet the requirements with the tiniest possible safety margins over the service minimums, and test as best as they can that none are substandard. All it takes is one weak part out of the thousands in the ship. So you build a couple of your disposable ships, test fly a few, and watch for failing parts. But you can't afford to test a thousand rockets, so at some point you have to fly them for paying customers.
Failures have to be tolerated, or we'd never get anywhere interesting.
2600 has always painted hackers as martyrs. It's kind of their thing. Draper got busted, Mitnick got busted, they get harassed by Feds, therefore "we poor persecuted hackers just want freedom for all." You even see it in the 199x movie Hackers.
The magazine is still interesting as long as you overlook the crazy self-pitying editorials.
NEMA rates enclosures for their ability to withstand harsh environments. Search for NEMA enclosures and pick the one that fits your machine.
Look at how counterfeiting laws work for money. If you pay with a $100 bill in a smokey bar at night and get a $20 counterfeit bill in change, and don't realize it until the next day, you're out the $20. If you try to spend it, you're actually committing a felony - it doesn't matter if you printed the phony bill yourself, or if you just accepted it as change and are passing it forward. It also doesn't matter if you realize it's counterfeit or not, although the Secret Service agents may agree to give you a pass the first time you try to spend phony money if you claim you didn't realize it was counterfeit, and cooperate completely.
However, currency counterfeiting laws are very specific to money. Let's look at product counterfeiting, which works similarly but probably without the felony charges.
If FTDI discovered a container of devices with counterfeit chips was en route, they could tell Customs, who would order the contents of the container to be destroyed once they arrived on the dock. This would be a problem for the shipping company, who accepted the devices for shipment and never delivered them, so they would have to pay out an insurance claim. The insurer then has to deal with the liability by going back to the shipper and saying "hey, your devices were destroyed by Customs, I had to pay out for failing to deliver the goods." I expect the shipping companies deal with this all the time, though, and have a contract clause that absolves them of insurance liability in this case. In this case, the supplier is out the money. Their recourse would be to go back to the manufacturer and ask for their money back. Maybe the manufacturer will honor the request, maybe they won't.
If FTDI discovered a shipment of devices with counterfeit chips already went to MicroCenter, they would call the Secret Service, who would contact MicroCenter and MicroCenter would have to pull them off the shelves and destroy them, leaving MicroCenter without the money. Their only recourse would be to contact their supplier and say "hey, you sold us counterfeit goods, we want our money back." Maybe they'd get their money back, maybe they wouldn't. It's a risk.
So FTDI has now found a way to destroy a consumer device. As above, the consumer is similarly out of luck. Their recourse is to go back to MicroCenter and say "hey, this adapter, it's broke." Maybe they'll get their money back, maybe they won't. It's a risk. MicroCenter might eat the losses, or they might go back to their supplier, who might go back to the manufacturer.
In every case when the counterfeits are discovered they are destroyed, leaving somebody without the device and without the money.
I think FTDI may have a pretty solid legal ground for behaving like this, even though it's always a crappy experience to the person who got stuck with the phony. The main difference is that FTDI is doing this without asking the Secret Service to investigate the counterfeits first.