If the industry protecting our electronic assets is larger than the industry creating said assets, doesn't that raise a red flag that maybe we're doing something wrong in implementation?
I don't know who modded you as a troll, but perhaps it's because you're spouting off inaccurate information as if it pertains to this particular device?
And you're contradicting yourself. First you say:
GPS signals can be traced relatively easily
Then you say:
a lot of websites that are willing to attest that such a system is plausible... I'm not saying that it is
Even though you just said that it is?
Then you say:
I'm just saying what I've heard and briefly seen
So you've briefly seen this tracking system, even though you're not claiming that it exists?
Those are the kind of inconsistent statements that get you modded as a troll.
This tracking system also gives predators a bigger toy to play with as GPS signals can be traced relatively easily and if you don't know how you can Google it like anything else and get your answer.
What are you talking about? GPS signals are not traceable - they are one-way communications from the satellites to the ground. Well, they are traceable, but they'll just lead you to a satellite 12,000 miles above us... I don't think that's what you meant.
The article doesn't say what technology is used to report back to the home office, but it's a pretty safe bet that it's cell based. Do you also worry that cell phones are a tool for predators?
Or do you have some proof that whatever web site or tool that the school uses to track the students is available to the world?
PCI is not just about protecting computers and networks, but is about policies that companies are required to have in place to protect cardholder data (i.e. don't write a card number on scrap paper and toss it in the trash). Network vulnerability testing is a part of the compliance process, but developing policies and procedures for keeping the data safe is a large part of it.
Does HIPAA cover having network firewalls and anti-virus software? If it does, then the law has no teeth since 30% of doctors were found to be missing one or the other (or both). 100% of PCI compliant merchants will have both firewalls and anti-virus on any computer that touches cardholder data.
Why is it that private industry appears to be taking more steps to protect credit card numbers than the healthcare industry is taking to protect health information?
I'm not saying that the PCI-DSS is the best model to follow, and it's certainly not perfect, but that's the one I'm most familiar with.
You had better choose your random number generator wisely, or your data may not be as secure as you think.
You don't have to use a "random number generator". You can capture truly random values, since you only have to do it once.
I think when you say "once", you mean, perhaps "1 trillion times" if you're filling up a 1 TB hard drive.
For example, you can hook up a USB geiger counter, place it near a decaying radioactive sample, and collect values measuring the nanosecond timings between photons triggering the counter.
How will you certify this home-built apparatus to ensure that the numbers it generators are truly random and there are no biases in your nanosecond timer due to EMF interference or temperature fluctuations that could be exploited to attack the randomness of the data? Building a perfect, unbiased, random number generator (even if based on hardware) is not trivial.
Why not just use a proven encryption method to encrypt everything, then even if someone acquires all of your drives,
There is no such thing as proven encryption. Any encryption algorithm is subject to possibly being broken. And having vulnerabilities. It is possible someone has already broken AES and can decrypt any ciphertext, but they have just not revealed that fact to the public yet.
Sorry, I should have said "industry standard", not proven. Most organizations that need to encrypt data, want to have something that will survive a security audit, and a home-brew encryption method likely will not.
Entropy methods of masking data involving truly random values cannot be "cracked" by brute forced by finding a hole in a cipher, because there is no cipher.
Right, but the hard part is getting the truely random data - and refreshing it periodically so you can do "encryption key changes" which you will likely also have to do to survive a security audit.
the data is still secure. (assuming proper key management, of course).
The data is more secure than if it had been plaintext. The data is less secure than if the drive had been destroyed
With a 'key drive' or 'one time pad' that is not disposed with the drive, the data is just as secure as if the drive had been destroyed, assuming a valid implementation of the OTP method.
I agree with this -- as long as you have a source of truly random data, your OTP method is unbreakable. The hard part is in getting the random data.
Why doesn't some organization come up with a set of standards and best practices to ensure that HIPAA protected data is actually protected as it should be? I'm thinking something like the PCI security council started by the credit card companies that mandates a set of rules and best practices that have to be followed for all merchants that handle credit cards.
Following the PCI standard doesn't guarantee data security, but it is a big step in the right direction. Doctors need the same kind of prodding to get them to implement real security controls and not just say "Oh, well i checked the WEP encryption box on my Wifi router, so all of my data is encrypted and safe - I know it's safe because I backed up my patient records to my iPhone".
Instead of using a SSD use an array of SSDs; with array pairs randomly chosen from a massive pile.
When writing a block, XOR it by a random number of equal size.
Write the random bits to one SSD, write the XOR'ed result to the other SSD.
Then the data cannot be derived from either SSD alone, and neither alone gives you any better chance of getting the data than if you just had a bunch of random bits.
I call this RAID -1 (RAID negative 1), or the opposite of redundant mirroring. That is... without both disks, you have nothing.
You had better choose your random number generator wisely, or your data may not be as secure as you think.
Why not just use a proven encryption method to encrypt everything, then even if someone acquires all of your drives, the data is still secure. (assuming proper key management, of course).
What makes you think they can't prove you did it just because you didn't do it?
It is impossible to prove true a falsehood.
You may think that it's impossible to prove true a falsehood but that depends on your definition of "prove". My definition is "being convicted in a court" - and there's plenty of evidence to show that courts sometimes wrongly convict people.
the company just needs their forensics "expert" to convince the cops and a judge that you did it and they'll come take all of your computing equipment from your house.
1) If they can't even change a fucking password, what makes you think they have a forensics expert good enough to find his ass with both hands and a flashlight, much less convince the cops of anything?
Because even companies that know nothing about computers know the value of good legal counsel. They'll go to their lawyer and say "hey someone broke into our computers just after we fired that sysadmin with the bad attitude, we think he did it". And their lawyer will say "unplug everything from the wall and call my favorite forensics expert". There, now they have a forensics expert who has experience with collecting evidence for presentation in court.
2) If they did take my computers, they'd find nothing, since I DIDN'T DO IT. Then, I file a huge lawsuit.
Even if they find nothing on your home computer, that proves nothing, they are just collecting evidence to file a legal case against you -- civil for sure, and possibly criminal. You may file a huge lawsuit against them, but if they can show that they had enough evidence to point to you as a suspect, then you'll be lucky to win enough money to cover your legal fees (which will be substantial)
Wouldn't you want to be able to give your defense attorney the letter you sent to your former boss that gives step by step instructions for making sure all of your points of entry into their network have been closed. If the company is as incompentent as you suspect, you should do everything you can to protect yourself in case they get breached.
And what happens if their security is breached through another method? They can easily accuse me, saying "He gave us detailed instructions for securing systems A, B, and C, but nothing for D. He obviously skipped that system intentionally so he could break into it later." Makes no sense, but....
Oh, and that ignores what would happen if you (honestly) forgot one of your passwords. "Hmm. Why didn't he mention changing his password for the Outlook server? Hmm... better look into this..."
Well, I don't know what to do in that case - I'm a system and network admin and I know all of the servers and devices that I administer, which ones have local passwords, which are authenticated through AD (including which devices fall back to local authentication if AD is not available.
If you don't have such a list, then how do you keep your network secure? How do you change all passwords when an employee leaves? How do you know your password to that Outlook server wasn't compromised 9 months ago and someone has been using your account there since you never remember to change your password.
Sure I do. I didn't do it, so they can't prove I did. And I get to rub it in their faces- "You fired me, a competent employee, and hired some losers who can't even change a password. What idiots!!".
What makes you think they can't prove you did it just because you didn't do it? Do you really think no innocent man has ever been convicted of a crime they did not commit? Even if you can ultimately prove it in court, it could cause you quite a bit of inconvenience in the meantime -- the company just needs their forensics "expert" to convince the cops and a judge that you did it and they'll come take all of your computing equipment from your house.
Wouldn't you want to be able to give your defense attorney the letter you sent to your former boss that gives step by step instructions for making sure all of your points of entry into their network have been closed. If the company is as incompentent as you suspect, you should do everything you can to protect yourself in case they get breached.
Even when my company was bought by idiots (who ran it into the ground within months), on my last day I sat down with the new Network Admin and my former boss and we went through the letter to make sure all of the network/admin passwords were changed and the firewall "backdoor" into the DMZ from my home IP address was removed.
To be fair, the parent poster did imply that it was scripting ability that was the problem, so obviously text files that you're going to use as scripts are going to have the same problem. If you're going to point out text files that can be hazardous when used as intended, you could argue that an MS Office XML file is plain text as well.
True, banks have also been known to only let you do your banking in person. Of course, that was long ago - just like the times when they only allowed IE was long ago. It seems like other operating systems would simply need to also have a health certificate method. Seems reasonable. Other operating systems have an SSL method. They have cryptographic methods. Why should they not have health certificates?
The key will be having someone "trusted" sign the cert. Microsoft will be "trusted", Apple will be "trusted", not sure if Google/Android will be trusted, but perhaps if Motorola succeeds in preventing rooting on their Android phones, then they will be trusted.
It seems like something that OS X and Linux folks should be able to have deployed about the time that Microsoft goes into Beta with theirs, right?
It's unlikely that any open source vendor will be trusted by the banks to sign a cert since the very nature of open source makes it hard to validate that an installation meets the security standards set by the vendor. I'm not saying that an open source operating system can't be more secure than Windows/OSX, but that it's harder to certify -- Microsoft and Apple have no problem taking control away from the user, but Linux was built on enabling the user to do anything he wants. Even if some Linux distribution did have a certified secure configuration, some crafty hacker who wants to configure his system in a way that violates that standard will just find a way to either spoof the security checker into thinking his configuration is valid, or he'll find a way to generate a fake certificate. And once one hacker learns to do it, there will be do-it-yourself kits available for everyone.
It would never work to deny access... which is what you're trying to scare us into thinking.
Why wouldn't it? If a Bank thinks that only people that can provide the certificate have computers that are trustworthy, why would they accept logins from a computer that doesn't present the certificate?
Some banks have already been known to only allow those using MSIE to access their site, so why is it so unthinkable that they would restrict access to those that can provide this certificate of trust? Especially if it reduces their liability for bank fraud.
The solution is plain text. While it is possible to insert malware in word, excel, html and maybe even opendocument files via scripting, it is not possible to insert viruses into plain text and CSV files. It just can't be done. Do not accept files that are not plain text and the problem of "unsanitary data" goes away.
Of course it's possible to have plain text viruses - plain text editors are subject to buffer overflows and other errors that all programs are subject to. That's like saying that it's impossible to have viruses embedded in images, which has been proven to be false. An editor doesn't have to allow macros in its file format to be subject to virus attacks (though it does make it easier)
If they have a magic scanning technology that tells them if a machine is "safe", then why doesn't Microsoft just deploy that technology to everyone? When I managed a helpdesk, I saw many fully patched machines with updated antivirus machines still manage to become infected by Malware. I didn't know we were already past the age of Zero-day exploits
I've seen no evidence that Amazon can identify and remove books from my device that I've installed independently of the Amazon store -- I have dozens of e-books installed that Amazon has no idea about. And even if they did delete them from my device, since they have no DRM, I can read them on any device - Kindle, phone, computer, I could even print it out if I wanted to.
It seems that the digital age makes it easier rather than harder for unpopular books to become published and distributed. In the old days, you'd have to procure a printing press and then you'd have a big warehouse of books to distribute. Now you can publish to a few eBook formats (or even plain text) and put it up on a few bittorrent sites and you've got worldwide distribution that's nearly impossible for the government to shut down.
As long as they ban books, magazines and other reading materials that's a good policy - I hate going to my local coffee shop for a quick drink and snack only to find that half of the tables are taken over by 3 person study groups who pushed 4 tiny tables together to make room for their books and papers, or rows of people on their laptops (some working, some just idling browsing the 'net, and that guy in the corner browsing porn).
But to ban a Kindle or Nook just because it's electronic seems like a stretch -- browsing is not a joy on either of those platforms, so it's not like someone is going to be spending hours answering his work email. Though he may spend hours reading an eBook, just like he would do with a paper book if he didn't have a Kindle.
The article doesn't say what the nature of the dispute is -- is Texas asking for use-tax owed by all Texas purchasers that were shipped from that warehouse? Tax for all Texas purchasers shipped from any warehouse? Tax for all purchases from that warehouse?
If they are asking for taxes owed by all Texas purchasers, I think Texas has a point -- Amazon has a presence in their state, so probably should be collecting sales tax. Though I'm sure Amazon feels differently. I thought Amazon only put distribution centers in states without a sales tax exactly for this reason.
Did Texans really purchase over $2 billion of goods from Amazon?
Its called Toyota went for fly by wire. There was non of this when the throttle body was an actual link to the accelerator. If you do not do proper control system design you do not get an F-16, you get a fly away Toyota. Cars can get away with such because the link between the throttle body and the accelerator has always been physical until a few years back.
Hasn't electronic fuel injection been around since the 70's? It's been almost 20 years since I've had a mechanically controlled accelerator:
Electronic Throttle Control Another factor that contributes to the world-class performance of the Accord's new V6 engine is an all-new electronic throttle control (ETC) system. This system controls the throttle during transmission shifts for improved smoothness. It also allows for throttle control to be incorporated in the traction control system and integrates the cruise control function into the ETC. This computer controlled drive-by-wire (DBW) package is a feature that will be incorporated into other future Honda powerplants. Key system components include an accelerator position sensor, electronically controlled throttle body, DBW driver unit, and the main electronic control unit (ECU).
You can use adult words around here, this isn't Battlestar Galactica. Some choices available to you in lieu of "frak": Crap (if you're feeling PG), shit or fuck (if you're feeling a little more R-rated), or you can even substitute f*ck (think of the children!).
It's better because you set "myname+family@gmail.com" to always bypass spam filters (and maybe apply a colorful tag to make it more noticeable.
Then you can treat "myname@gmail.com" as spam since you never give that address to anyone you care about.
So the machine can strip mynam+hormel@gmail.com down to myname@gmail.com, but you don't care since your family sends email to myname+family@gmail.com and your friends sent email to myname+friends@gmail.com.
Gmail has something that's arguably better -- you can use a plus sign to append any string you like to your address, so you can have "myname@gmail.com' as your main account and give "myname+family@gmail.com" to your family. And when you sign up for a Hormel mailling list, you can use "myname+hormel@gmail.com" so you know when you're getting spammed by Hormel.
If the industry protecting our electronic assets is larger than the industry creating said assets, doesn't that raise a red flag that maybe we're doing something wrong in implementation?
I don't know who modded you as a troll, but perhaps it's because you're spouting off inaccurate information as if it pertains to this particular device?
And you're contradicting yourself. First you say:
GPS signals can be traced relatively easily
Then you say:
a lot of websites that are willing to attest that such a system is plausible ... I'm not saying that it is
Even though you just said that it is?
Then you say:
I'm just saying what I've heard and briefly seen
So you've briefly seen this tracking system, even though you're not claiming that it exists?
Those are the kind of inconsistent statements that get you modded as a troll.
This tracking system also gives predators a bigger toy to play with as GPS signals can be traced relatively easily and if you don't know how you can Google it like anything else and get your answer.
What are you talking about? GPS signals are not traceable - they are one-way communications from the satellites to the ground. Well, they are traceable, but they'll just lead you to a satellite 12,000 miles above us... I don't think that's what you meant.
The article doesn't say what technology is used to report back to the home office, but it's a pretty safe bet that it's cell based. Do you also worry that cell phones are a tool for predators?
Or do you have some proof that whatever web site or tool that the school uses to track the students is available to the world?
This sounds like an awful lot of work just to get around buying self-encrypting hard drives:
http://www.hardwarezone.com/tech-news/view/144196
PCI is not just about protecting computers and networks, but is about policies that companies are required to have in place to protect cardholder data (i.e. don't write a card number on scrap paper and toss it in the trash). Network vulnerability testing is a part of the compliance process, but developing policies and procedures for keeping the data safe is a large part of it.
Does HIPAA cover having network firewalls and anti-virus software? If it does, then the law has no teeth since 30% of doctors were found to be missing one or the other (or both). 100% of PCI compliant merchants will have both firewalls and anti-virus on any computer that touches cardholder data.
Why is it that private industry appears to be taking more steps to protect credit card numbers than the healthcare industry is taking to protect health information?
I'm not saying that the PCI-DSS is the best model to follow, and it's certainly not perfect, but that's the one I'm most familiar with.
You had better choose your random number generator wisely, or your data may not be as secure as you think.
You don't have to use a "random number generator". You can capture truly random values, since you only have to do it once.
I think when you say "once", you mean, perhaps "1 trillion times" if you're filling up a 1 TB hard drive.
For example, you can hook up a USB geiger counter, place it near a decaying radioactive sample, and collect values measuring the nanosecond timings between photons triggering the counter.
How will you certify this home-built apparatus to ensure that the numbers it generators are truly random and there are no biases in your nanosecond timer due to EMF interference or temperature fluctuations that could be exploited to attack the randomness of the data? Building a perfect, unbiased, random number generator (even if based on hardware) is not trivial.
Why not just use a proven encryption method to encrypt everything, then even if someone acquires all of your drives,
There is no such thing as proven encryption. Any encryption algorithm is subject to possibly being broken. And having vulnerabilities. It is possible someone has already broken AES and can decrypt any ciphertext, but they have just not revealed that fact to the public yet.
Sorry, I should have said "industry standard", not proven. Most organizations that need to encrypt data, want to have something that will survive a security audit, and a home-brew encryption method likely will not.
Entropy methods of masking data involving truly random values cannot be "cracked" by brute forced by finding a hole in a cipher, because there is no cipher.
Right, but the hard part is getting the truely random data - and refreshing it periodically so you can do "encryption key changes" which you will likely also have to do to survive a security audit.
the data is still secure. (assuming proper key management, of course).
The data is more secure than if it had been plaintext.
The data is less secure than if the drive had been destroyed
With a 'key drive' or 'one time pad' that is not disposed with the drive,
the data is just as secure as if the drive had been destroyed, assuming a valid implementation of the OTP method.
I agree with this -- as long as you have a source of truly random data, your OTP method is unbreakable. The hard part is in getting the random data.
Why doesn't some organization come up with a set of standards and best practices to ensure that HIPAA protected data is actually protected as it should be? I'm thinking something like the PCI security council started by the credit card companies that mandates a set of rules and best practices that have to be followed for all merchants that handle credit cards.
Following the PCI standard doesn't guarantee data security, but it is a big step in the right direction. Doctors need the same kind of prodding to get them to implement real security controls and not just say "Oh, well i checked the WEP encryption box on my Wifi router, so all of my data is encrypted and safe - I know it's safe because I backed up my patient records to my iPhone".
Instead of using a SSD use an array of SSDs; with array pairs randomly chosen from a massive pile.
When writing a block, XOR it by a random number of equal size.
Write the random bits to one SSD, write the XOR'ed result to the other SSD.
Then the data cannot be derived from either SSD alone, and neither alone gives you any better chance of getting the data than if you just had a bunch of random bits.
I call this RAID -1 (RAID negative 1), or the opposite of redundant mirroring.
That is... without both disks, you have nothing.
You had better choose your random number generator wisely, or your data may not be as secure as you think.
Why not just use a proven encryption method to encrypt everything, then even if someone acquires all of your drives, the data is still secure. (assuming proper key management, of course).
What makes you think they can't prove you did it just because you didn't do it?
It is impossible to prove true a falsehood.
You may think that it's impossible to prove true a falsehood but that depends on your definition of "prove". My definition is "being convicted in a court" - and there's plenty of evidence to show that courts sometimes wrongly convict people.
the company just needs their forensics "expert" to convince the cops and a judge that you did it and they'll come take all of your computing equipment from your house.
1) If they can't even change a fucking password, what makes you think they have a forensics expert good enough to find his ass with both hands and a flashlight, much less convince the cops of anything?
Because even companies that know nothing about computers know the value of good legal counsel. They'll go to their lawyer and say "hey someone broke into our computers just after we fired that sysadmin with the bad attitude, we think he did it". And their lawyer will say "unplug everything from the wall and call my favorite forensics expert". There, now they have a forensics expert who has experience with collecting evidence for presentation in court.
2) If they did take my computers, they'd find nothing, since I DIDN'T DO IT. Then, I file a huge lawsuit.
Even if they find nothing on your home computer, that proves nothing, they are just collecting evidence to file a legal case against you -- civil for sure, and possibly criminal. You may file a huge lawsuit against them, but if they can show that they had enough evidence to point to you as a suspect, then you'll be lucky to win enough money to cover your legal fees (which will be substantial)
Wouldn't you want to be able to give your defense attorney the letter you sent to your former boss that gives step by step instructions for making sure all of your points of entry into their network have been closed. If the company is as incompentent as you suspect, you should do everything you can to protect yourself in case they get breached.
And what happens if their security is breached through another method? They can easily accuse me, saying "He gave us detailed instructions for securing systems A, B, and C, but nothing for D. He obviously skipped that system intentionally so he could break into it later." Makes no sense, but....
Oh, and that ignores what would happen if you (honestly) forgot one of your passwords. "Hmm. Why didn't he mention changing his password for the Outlook server? Hmm... better look into this..."
Well, I don't know what to do in that case - I'm a system and network admin and I know all of the servers and devices that I administer, which ones have local passwords, which are authenticated through AD (including which devices fall back to local authentication if AD is not available.
If you don't have such a list, then how do you keep your network secure? How do you change all passwords when an employee leaves? How do you know your password to that Outlook server wasn't compromised 9 months ago and someone has been using your account there since you never remember to change your password.
Sure I do. I didn't do it, so they can't prove I did. And I get to rub it in their faces- "You fired me, a competent employee, and hired some losers who can't even change a password. What idiots!!".
What makes you think they can't prove you did it just because you didn't do it? Do you really think no innocent man has ever been convicted of a crime they did not commit? Even if you can ultimately prove it in court, it could cause you quite a bit of inconvenience in the meantime -- the company just needs their forensics "expert" to convince the cops and a judge that you did it and they'll come take all of your computing equipment from your house.
Wouldn't you want to be able to give your defense attorney the letter you sent to your former boss that gives step by step instructions for making sure all of your points of entry into their network have been closed. If the company is as incompentent as you suspect, you should do everything you can to protect yourself in case they get breached.
Even when my company was bought by idiots (who ran it into the ground within months), on my last day I sat down with the new Network Admin and my former boss and we went through the letter to make sure all of the network/admin passwords were changed and the firewall "backdoor" into the DMZ from my home IP address was removed.
To be fair, the parent poster did imply that it was scripting ability that was the problem, so obviously text files that you're going to use as scripts are going to have the same problem. If you're going to point out text files that can be hazardous when used as intended, you could argue that an MS Office XML file is plain text as well.
True, banks have also been known to only let you do your banking in person. Of course, that was long ago - just like the times when they only allowed IE was long ago. It seems like other operating systems would simply need to also have a health certificate method. Seems reasonable. Other operating systems have an SSL method. They have cryptographic methods. Why should they not have health certificates?
The key will be having someone "trusted" sign the cert. Microsoft will be "trusted", Apple will be "trusted", not sure if Google/Android will be trusted, but perhaps if Motorola succeeds in preventing rooting on their Android phones, then they will be trusted.
It seems like something that OS X and Linux folks should be able to have deployed about the time that Microsoft goes into Beta with theirs, right?
It's unlikely that any open source vendor will be trusted by the banks to sign a cert since the very nature of open source makes it hard to validate that an installation meets the security standards set by the vendor. I'm not saying that an open source operating system can't be more secure than Windows/OSX, but that it's harder to certify -- Microsoft and Apple have no problem taking control away from the user, but Linux was built on enabling the user to do anything he wants. Even if some Linux distribution did have a certified secure configuration, some crafty hacker who wants to configure his system in a way that violates that standard will just find a way to either spoof the security checker into thinking his configuration is valid, or he'll find a way to generate a fake certificate. And once one hacker learns to do it, there will be do-it-yourself kits available for everyone.
It would never work to deny access... which is what you're trying to scare us into thinking.
Why wouldn't it? If a Bank thinks that only people that can provide the certificate have computers that are trustworthy, why would they accept logins from a computer that doesn't present the certificate?
Some banks have already been known to only allow those using MSIE to access their site, so why is it so unthinkable that they would restrict access to those that can provide this certificate of trust? Especially if it reduces their liability for bank fraud.
The solution is plain text. While it is possible to insert malware in word, excel, html and maybe even opendocument files via scripting, it is not possible to insert viruses into plain text and CSV files. It just can't be done. Do not accept files that are not plain text and the problem of "unsanitary data" goes away.
Of course it's possible to have plain text viruses - plain text editors are subject to buffer overflows and other errors that all programs are subject to. That's like saying that it's impossible to have viruses embedded in images, which has been proven to be false. An editor doesn't have to allow macros in its file format to be subject to virus attacks (though it does make it easier)
If they have a magic scanning technology that tells them if a machine is "safe", then why doesn't Microsoft just deploy that technology to everyone? When I managed a helpdesk, I saw many fully patched machines with updated antivirus machines still manage to become infected by Malware. I didn't know we were already past the age of Zero-day exploits
I've seen no evidence that Amazon can identify and remove books from my device that I've installed independently of the Amazon store -- I have dozens of e-books installed that Amazon has no idea about. And even if they did delete them from my device, since they have no DRM, I can read them on any device - Kindle, phone, computer, I could even print it out if I wanted to.
It seems that the digital age makes it easier rather than harder for unpopular books to become published and distributed. In the old days, you'd have to procure a printing press and then you'd have a big warehouse of books to distribute. Now you can publish to a few eBook formats (or even plain text) and put it up on a few bittorrent sites and you've got worldwide distribution that's nearly impossible for the government to shut down.
As long as they ban books, magazines and other reading materials that's a good policy - I hate going to my local coffee shop for a quick drink and snack only to find that half of the tables are taken over by 3 person study groups who pushed 4 tiny tables together to make room for their books and papers, or rows of people on their laptops (some working, some just idling browsing the 'net, and that guy in the corner browsing porn).
But to ban a Kindle or Nook just because it's electronic seems like a stretch -- browsing is not a joy on either of those platforms, so it's not like someone is going to be spending hours answering his work email. Though he may spend hours reading an eBook, just like he would do with a paper book if he didn't have a Kindle.
The article doesn't say what the nature of the dispute is -- is Texas asking for use-tax owed by all Texas purchasers that were shipped from that warehouse? Tax for all Texas purchasers shipped from any warehouse? Tax for all purchases from that warehouse?
If they are asking for taxes owed by all Texas purchasers, I think Texas has a point -- Amazon has a presence in their state, so probably should be collecting sales tax. Though I'm sure Amazon feels differently. I thought Amazon only put distribution centers in states without a sales tax exactly for this reason.
Did Texans really purchase over $2 billion of goods from Amazon?
It's been almost 20 years since
Whoops, that should be 10 years. I was off by a factor of 10. (*)
(*) I know a difference of 10 is not actually a factor of 10 but hey, it's slashdot, what are the chances someone will notice?
Its called Toyota went for fly by wire. There was non of this when the throttle body was an actual link to the accelerator. If you do not do proper control system design you do not get an F-16, you get a fly away Toyota. Cars can get away with such because the link between the throttle body and the accelerator has always been physical until a few years back.
Hasn't electronic fuel injection been around since the 70's? It's been almost 20 years since I've had a mechanically controlled accelerator:
http://www.honda.com/newsandviews/article.aspx?id=2003112035704
2003 Honda Accord -- Drivetrain
Electronic Throttle Control
Another factor that contributes to the world-class performance of the Accord's new V6 engine is an all-new electronic throttle control (ETC) system. This system controls the throttle during transmission shifts for improved smoothness. It also allows for throttle control to be incorporated in the traction control system and integrates the cruise control function into the ETC. This computer controlled drive-by-wire (DBW) package is a feature that will be incorporated into other future Honda powerplants. Key system components include an accelerator position sensor, electronically controlled throttle body, DBW driver unit, and the main electronic control unit (ECU).
Of course not. Legally shared songs are an even bigger threat to the RIAA than pirated ones.
Exactly! It's just like when someone distributes free porn, the pay-for-porn distributors suffer!
http://yro.slashdot.org/story/11/02/03/2216235/Free-Internet-Porn-Is-Legal-Says-California-Appeals-Court
You can use adult words around here, this isn't Battlestar Galactica. Some choices available to you in lieu of "frak": Crap (if you're feeling PG), shit or fuck (if you're feeling a little more R-rated), or you can even substitute f*ck (think of the children!).
That's just a load of Feldercarb!
I thought Oregon's gas pump rules had less to do about safety and all to do about job creation?
It's better because you set "myname+family@gmail.com" to always bypass spam filters (and maybe apply a colorful tag to make it more noticeable.
Then you can treat "myname@gmail.com" as spam since you never give that address to anyone you care about.
So the machine can strip mynam+hormel@gmail.com down to myname@gmail.com, but you don't care since your family sends email to myname+family@gmail.com and your friends sent email to myname+friends@gmail.com.
Gmail has something that's arguably better -- you can use a plus sign to append any string you like to your address, so you can have "myname@gmail.com' as your main account and give "myname+family@gmail.com" to your family. And when you sign up for a Hormel mailling list, you can use "myname+hormel@gmail.com" so you know when you're getting spammed by Hormel.