Taking the data offline and securing it physically is just a prudent way to secure it. To me, that still falls under #2, trusting them to keep it secure while #3, making it remain available. RSA did, I assume, a reasonable job at keeping the data available, but failed to keep it secure.
But I would have to say you're exactly right on what security should be expected. There is some data that not only can, but really should be secured by taking it completely offline. Hopefully things like this will make people think a moment more not only about who they're trusting, but what they're trusting them to do.
From my understanding, the RSA breach basically broke into the database that ties serial numbers to the internal "secret" that's used to generate OTP's. So go back to before the breach, and assume you're an RSA customer. To be their customer, you have to trust them. You can trust them to:
1) securely wipe their copy of the database once they've delivered your tokens to you
2) keep their database secure against attackers
3) provide you with a copy of the database after you lose yours.
Note that options 1 and 3 are mutually exclusive. Now, it would be nice to be able to choose your level of risk tolerance yourself and decide on #1 vs #2 + #3, but there are a reasonable number of customers who actively dislike being forced to make choices. And there would be a whole lot of customers who would be really mad if, after losing their database, were told by RSA "Sorry, all of your tokens are now useless keyrings. No choice but to replace them all"
To me it's like the evolution of passwords. In the beginning, if you forgot your password, your admin could tell you what it was. Then passwords got hashed, and your admin couldn't tell you what it was, but could reset it for you, and security was enhanced. Then passwords were used as encryption keys, and now your admin couldn't tell you what it was or reset it. If you forgot it, your data was gone. Once again, a security enhancement, but now a greater danger of data loss through forgetfulness.
Here's my suggestion to make the post office more useful. Let everyone register a postal address that is dissociated from a physical address. Then when I move, instead of filing a change of address form and hoping that everyone who wants to send mail to me ever again sends it in the next year, I can just tell the post office "Yeah, that postal address should now be delivered to this *new* physical address"
The biggest problem is the fundamental issue that individual residents make the flawed assumption that they are the post office's customers, when in fact they are the post office's product. They are a product being sold, and if you want to know who's buying you, just look at the ton of spam in your mailbox. Any demands for better service aren't heard as dissatisfied customers, but as disgruntled products.
I have no idea about stucco, but I know that doing plaster on block, it's at least reasonably normal to have a mesh attached to the block to help hold the scratch coat in place.
I know when I was living in South Florida, most of the new construction houses were wood frame with fake stucco. Many older houses were actual CBC, but considering the weather, there may be a survivor bias at work there.
But I do think it would be interesting to get some idea of the relative amount of EM interference from mylar-coated cladding, steel mesh for stucco, rebar used in CBC, and steel vs. wood studs. Sounds like a job for Mythbusters! (Well, probably not. Given the low likelihood that anything would explode, I doubt they'd do it.)
It's always seemed strange to me that, between my personal e-mail, my online banking, and my level 85 priest, only one has dual-factor auth. Guess which one? Adding e-mail to this makes a whole lot of sense as, with access to my e-mail, you could probably convince Blizzard and possibly convince my bank to reset my authentication details.
Now, it would be nice if they were to make this as full-featured as Blizzard's (they have a key fob, a mobile phone app, and also pretty cool, a feature where if you connect from a sufficiently unusual IP address, they call your phone to verify you) but it's a step in the right direction.
Of course, I can envision this trend going too far, where I have a huge keychain filled with nothing but DFA tokens for everything... but having the choice of either app or token would be nice.
Well, I had to look at this because I thought the "WP7" in the title would be WordPerfect 7. I don't know if WP even exists anymore, or what version is latest, but I remember my dad writing an accounting and payroll package in WP5.2 macros, so writing tetris didn't seem like much of a stretch.
I know I've met several people, lawyers mostly, who will not part with WP5 until they pry it from their cold dead fingers... be interesting to see the size of that userbase relative to Windows Phone...
My company went further than that. They started out having about 10 holidays, 10 vacation days, a few sick days and a few "personal days", which were kind of like sick days when you weren't sick. Then at some point, someone realized that this was inefficient and annoying, and so it got changed to where we now have something like 25 or so days of "paid time off". The only difference between Holidays and other PTO is that on official holidays you have to request not to take PTO, instead of requesting to take it. I just wish every company I'd worked for had done that. It's one of the many reasons I'm sticking with this company for as long as they'll have me.
Every one that I've used has been a real pain if you want to focus on something other than what the camera wants you to focus on. I've got lots of nice clear pictures of rocks when I wanted a picture of the person standing behind them.
I know on mine it has a two-stage trigger, the first stage focuses on what's under the central crosshairs, the second stage takes the picture, so it's a matter of aiming at your focus point, half-clicking, moving to the shot you want to take, and fully clicking. Probably not optimal, but mostly functional. Then again, I'm not a professional. I'm not even really an amateur (from the Latin amo, to love... I just like photography, if I really loved it I'd have a better camera)
Well, in the case of the zoom lens reflex (or whatever you want to call it), it technically *is* an SLR... It has a single lens and a reflex mechanism.
You know, I'm used to the letter of the law being somewhat confusing, that's why lawyers get the big bucks... but in this case, even the spirit of the law is baffling to me. What is it that they're trying to accomplish? They don't like cameras that you have to hold up to your face? They only want ones that are easier to take surreptitious photos with? Really? Although I'm not so sure about that either, as the one SLR that I've owned, the viewfinder was a large "screen" on the top, which I thought at the time was kind of neat as I could take pictures with it hanging around my neck while it looked like I was just futzing around with the dials.
So really the only thing that's left that distinguishes a DSLR is that it has a mechanical component, that it absolutely *has* to "click" when you take a picture. So they're putting in a law that restricts the general populace to using cameras that can be used surreptitiously while reserving the big scary cameras to the paparazzi (or whatever the Kuwati equivalent is) I can't really make heads or tails of this.
That makes sense. So basically if you've got a narrow depth of field, the pixelation in the viewfinder display makes it harder to determine if you're really focused or not. Of course, most digitals that I've seen have a reasonably functional autofocus (though I haven't played around with how good they are given really tight depth of field.) Though I imagine it would be really incredibly difficult to make a DSL camera take a shot that was deliberately just slightly out of focus.
Or what about interchangeable lens cameras with an LED-based "viewfinder" that do not actually use a reflex mirror? I think they're called by some "bridge cameras", and I'm not entirely sure I understand what the advantage of the reflex mechanism is for a digital camera. (for a film camera, yeah, I completely understand. But those reasons mostly don't translate to digial *at all*.)
In reality, I suspect that the term DSLR is being abused similarly to "assault weapons" is in the US. The law really means any camera that looks too scary to be permitted to civilians, and the real definition will be defined ex post facto.
I see this as a fantastic opportunity to have insurance companies' actuaries work for me for free. Now I know that if I apply for insurance and get immediately accepted, then I shouldn't buy it, as the company has determined (probably correctly) that I don't need it. If they really put me through the ringer, that means they're not sure they can make a profit on me, so there's at least some chance I'm not just throwing my money out the window at them.
I do think it's interesting how, the more accurate the predictive powers of actuarial science becomes, the more insurance approximates not having insurance at all.
I'm not sure whether this is security theater aimed at simultaneously placating and abusing the population, or a poorly conceived plan to entrap potential pedophiles by luring them into the TSA screener recruiting offices...
But really, is there anyone not working for the TSA that thinks any of this is a good idea?
If you think this is bad, just wait until you hear what happened next with an inadvertent combination of autocomplete and "I'm feeling lucky". There were no survivors.
So that means that 31% have received a pay raise in the last six months? I don't know about anyone else, but quite a few places that I've been do performance/salary reviews annually, so assuming (yes, it's a false assumption, but illustrative) that everyone gets an annual review, and half of everyone deserves a raise, then it looks like 12% more employees are getting raises than deserve them. If everyone in the 40th percentile of performance is getting a raise, that sounds sort of like good news... Especially with relatively low inflation (which I think we have now, purely looking at interest rates as an indicator... but don't take my word for it, I don't keep close track of these things.)
Are you saying you're un-lazy enough to walk a few feet outside and read your meter? And write down the reading? Every five minutes? For a month?
Yes, it's very easy to track your average monthly power usage, it's right there on your bill. It's also easy to check your instantaneous usage by looking at the meter. What the OP wanted to know wasn't just a point measurement, but a running graph to see how it varied from hour to hour throughout the day.
I didn't mean to imply that it might actually be legal to walk home drunk from a bar, just that it's the right thing to do. (and whenever "the right thing to do" and "the legal thing to do" are at odds, society is pretty screwy)
I haven't paid much attention to MADD, but if they are in favor of laws against walking under the influence, then it's long past time for them to change their name.
Makes me just want to go up to one of them and say "You should be ASHAMED of yourself! Do you know how many children are killed every year by LAWS! See if they respond with something along the lines of "but my laws don't kill any children" before or after noting the hypocrisy thus illustrated.
I like what I call the "AT&T solution" to drunk driving: More bars in more places.
I mean really, there's no excuse for driving drunk, but if the bar is within walking distance of your house, then there's both no excuse and no reason.
For reasons unbeknown to me, MADD doesn't seem to agree.
Cheaper and sensible don't often have much to do with the health care industry. My dad was recently prescribed a powered wheelchair. Though the cost was almost completely covered by by insurance, we were both completely incensed by how much it was. We figured out that we could buy a new Mercedes, take out the (very nice) driver's seat (and throw the rest of the car away), buy two new Segways, strap the seat to the Segways, and end up with something certainly more comfortable, that probably could be made nearly as functional... and it would have cost less. Of course, insurance would never have paid for a Mercedes and two Segways, but no one in the health care system seems to care much about "cheaper". (Not, of course, that I'm saying that dismantling the Mercedes and strapping the seat to the Segways is a good solution, I'm just saying that the fact that it would be possible makes it seem to me that a good solution should have cost a tenth of what it did.)
Slashdot Mirror
Taking the data offline and securing it physically is just a prudent way to secure it. To me, that still falls under #2, trusting them to keep it secure while #3, making it remain available. RSA did, I assume, a reasonable job at keeping the data available, but failed to keep it secure.
But I would have to say you're exactly right on what security should be expected. There is some data that not only can, but really should be secured by taking it completely offline. Hopefully things like this will make people think a moment more not only about who they're trusting, but what they're trusting them to do.
From my understanding, the RSA breach basically broke into the database that ties serial numbers to the internal "secret" that's used to generate OTP's. So go back to before the breach, and assume you're an RSA customer. To be their customer, you have to trust them. You can trust them to:
Note that options 1 and 3 are mutually exclusive. Now, it would be nice to be able to choose your level of risk tolerance yourself and decide on #1 vs #2 + #3, but there are a reasonable number of customers who actively dislike being forced to make choices. And there would be a whole lot of customers who would be really mad if, after losing their database, were told by RSA "Sorry, all of your tokens are now useless keyrings. No choice but to replace them all"
To me it's like the evolution of passwords. In the beginning, if you forgot your password, your admin could tell you what it was. Then passwords got hashed, and your admin couldn't tell you what it was, but could reset it for you, and security was enhanced. Then passwords were used as encryption keys, and now your admin couldn't tell you what it was or reset it. If you forgot it, your data was gone. Once again, a security enhancement, but now a greater danger of data loss through forgetfulness.
Here's my suggestion to make the post office more useful. Let everyone register a postal address that is dissociated from a physical address. Then when I move, instead of filing a change of address form and hoping that everyone who wants to send mail to me ever again sends it in the next year, I can just tell the post office "Yeah, that postal address should now be delivered to this *new* physical address"
The biggest problem is the fundamental issue that individual residents make the flawed assumption that they are the post office's customers, when in fact they are the post office's product. They are a product being sold, and if you want to know who's buying you, just look at the ton of spam in your mailbox. Any demands for better service aren't heard as dissatisfied customers, but as disgruntled products.
I have no idea about stucco, but I know that doing plaster on block, it's at least reasonably normal to have a mesh attached to the block to help hold the scratch coat in place.
I know when I was living in South Florida, most of the new construction houses were wood frame with fake stucco. Many older houses were actual CBC, but considering the weather, there may be a survivor bias at work there.
But I do think it would be interesting to get some idea of the relative amount of EM interference from mylar-coated cladding, steel mesh for stucco, rebar used in CBC, and steel vs. wood studs. Sounds like a job for Mythbusters! (Well, probably not. Given the low likelihood that anything would explode, I doubt they'd do it.)
So what they're saying is that, when it comes to divorce, facebook has now made it up to the point where it's 20% as bad for marriage as lawyers?
It's always seemed strange to me that, between my personal e-mail, my online banking, and my level 85 priest, only one has dual-factor auth. Guess which one? Adding e-mail to this makes a whole lot of sense as, with access to my e-mail, you could probably convince Blizzard and possibly convince my bank to reset my authentication details.
Now, it would be nice if they were to make this as full-featured as Blizzard's (they have a key fob, a mobile phone app, and also pretty cool, a feature where if you connect from a sufficiently unusual IP address, they call your phone to verify you) but it's a step in the right direction.
Of course, I can envision this trend going too far, where I have a huge keychain filled with nothing but DFA tokens for everything... but having the choice of either app or token would be nice.
Well, I had to look at this because I thought the "WP7" in the title would be WordPerfect 7. I don't know if WP even exists anymore, or what version is latest, but I remember my dad writing an accounting and payroll package in WP5.2 macros, so writing tetris didn't seem like much of a stretch.
I know I've met several people, lawyers mostly, who will not part with WP5 until they pry it from their cold dead fingers... be interesting to see the size of that userbase relative to Windows Phone...
I wonder if that "well known image" is copyrighted?
So if I put it on *my* site, I'd be infringing their copyright.
And then they might take over my site.
And replace it with the same thing.
Hmmmmmmm.
My company went further than that. They started out having about 10 holidays, 10 vacation days, a few sick days and a few "personal days", which were kind of like sick days when you weren't sick. Then at some point, someone realized that this was inefficient and annoying, and so it got changed to where we now have something like 25 or so days of "paid time off". The only difference between Holidays and other PTO is that on official holidays you have to request not to take PTO, instead of requesting to take it. I just wish every company I'd worked for had done that. It's one of the many reasons I'm sticking with this company for as long as they'll have me.
I know on mine it has a two-stage trigger, the first stage focuses on what's under the central crosshairs, the second stage takes the picture, so it's a matter of aiming at your focus point, half-clicking, moving to the shot you want to take, and fully clicking. Probably not optimal, but mostly functional. Then again, I'm not a professional. I'm not even really an amateur (from the Latin amo, to love... I just like photography, if I really loved it I'd have a better camera)
Well, in the case of the zoom lens reflex (or whatever you want to call it), it technically *is* an SLR... It has a single lens and a reflex mechanism.
You know, I'm used to the letter of the law being somewhat confusing, that's why lawyers get the big bucks... but in this case, even the spirit of the law is baffling to me. What is it that they're trying to accomplish? They don't like cameras that you have to hold up to your face? They only want ones that are easier to take surreptitious photos with? Really? Although I'm not so sure about that either, as the one SLR that I've owned, the viewfinder was a large "screen" on the top, which I thought at the time was kind of neat as I could take pictures with it hanging around my neck while it looked like I was just futzing around with the dials.
So really the only thing that's left that distinguishes a DSLR is that it has a mechanical component, that it absolutely *has* to "click" when you take a picture. So they're putting in a law that restricts the general populace to using cameras that can be used surreptitiously while reserving the big scary cameras to the paparazzi (or whatever the Kuwati equivalent is) I can't really make heads or tails of this.
That makes sense. So basically if you've got a narrow depth of field, the pixelation in the viewfinder display makes it harder to determine if you're really focused or not. Of course, most digitals that I've seen have a reasonably functional autofocus (though I haven't played around with how good they are given really tight depth of field.) Though I imagine it would be really incredibly difficult to make a DSL camera take a shot that was deliberately just slightly out of focus.
Thanks for the info!
Or what about interchangeable lens cameras with an LED-based "viewfinder" that do not actually use a reflex mirror? I think they're called by some "bridge cameras", and I'm not entirely sure I understand what the advantage of the reflex mechanism is for a digital camera. (for a film camera, yeah, I completely understand. But those reasons mostly don't translate to digial *at all*.)
In reality, I suspect that the term DSLR is being abused similarly to "assault weapons" is in the US. The law really means any camera that looks too scary to be permitted to civilians, and the real definition will be defined ex post facto.
I see this as a fantastic opportunity to have insurance companies' actuaries work for me for free. Now I know that if I apply for insurance and get immediately accepted, then I shouldn't buy it, as the company has determined (probably correctly) that I don't need it. If they really put me through the ringer, that means they're not sure they can make a profit on me, so there's at least some chance I'm not just throwing my money out the window at them.
I do think it's interesting how, the more accurate the predictive powers of actuarial science becomes, the more insurance approximates not having insurance at all.
I'm not sure whether this is security theater aimed at simultaneously placating and abusing the population, or a poorly conceived plan to entrap potential pedophiles by luring them into the TSA screener recruiting offices...
But really, is there anyone not working for the TSA that thinks any of this is a good idea?
Awesome pun.
If you think this is bad, just wait until you hear what happened next with an inadvertent combination of autocomplete and "I'm feeling lucky". There were no survivors.
In related news, it was discovered that AI researchers thought sentient robots were friendly.
So that means that 31% have received a pay raise in the last six months? I don't know about anyone else, but quite a few places that I've been do performance/salary reviews annually, so assuming (yes, it's a false assumption, but illustrative) that everyone gets an annual review, and half of everyone deserves a raise, then it looks like 12% more employees are getting raises than deserve them. If everyone in the 40th percentile of performance is getting a raise, that sounds sort of like good news... Especially with relatively low inflation (which I think we have now, purely looking at interest rates as an indicator... but don't take my word for it, I don't keep close track of these things.)
Are you saying you're un-lazy enough to walk a few feet outside and read your meter? And write down the reading? Every five minutes? For a month?
Yes, it's very easy to track your average monthly power usage, it's right there on your bill. It's also easy to check your instantaneous usage by looking at the meter. What the OP wanted to know wasn't just a point measurement, but a running graph to see how it varied from hour to hour throughout the day.
Which brings up the really important question here... what jurisdiction would a malpractice suit be brought in?
So I'm guessing in this case, the cure for a hangover would be the hair of the squirrel that bit you?
I didn't mean to imply that it might actually be legal to walk home drunk from a bar, just that it's the right thing to do. (and whenever "the right thing to do" and "the legal thing to do" are at odds, society is pretty screwy)
I haven't paid much attention to MADD, but if they are in favor of laws against walking under the influence, then it's long past time for them to change their name.
Makes me just want to go up to one of them and say "You should be ASHAMED of yourself! Do you know how many children are killed every year by LAWS! See if they respond with something along the lines of "but my laws don't kill any children" before or after noting the hypocrisy thus illustrated.
I like what I call the "AT&T solution" to drunk driving: More bars in more places.
I mean really, there's no excuse for driving drunk, but if the bar is within walking distance of your house, then there's both no excuse and no reason.
For reasons unbeknown to me, MADD doesn't seem to agree.
Cheaper and sensible don't often have much to do with the health care industry. My dad was recently prescribed a powered wheelchair. Though the cost was almost completely covered by by insurance, we were both completely incensed by how much it was. We figured out that we could buy a new Mercedes, take out the (very nice) driver's seat (and throw the rest of the car away), buy two new Segways, strap the seat to the Segways, and end up with something certainly more comfortable, that probably could be made nearly as functional... and it would have cost less. Of course, insurance would never have paid for a Mercedes and two Segways, but no one in the health care system seems to care much about "cheaper". (Not, of course, that I'm saying that dismantling the Mercedes and strapping the seat to the Segways is a good solution, I'm just saying that the fact that it would be possible makes it seem to me that a good solution should have cost a tenth of what it did.)