In short it's not a democracy because the choices are already decided for us by those with the money.
I disagree. The people decide, they're just stupidly swayed by expensive campaigns. Ergo, the people still have their choice, even if they choose poorly.
if you think we are still living in a democracy then you need to wake up.
Can you please explain to me why America isn't still a democracy?
Last I checked, the currently serving political representatives were the ones that the people elected.
The people chose foolishly, if you ask me, but that doesn't mean we're not democratic; it just means the democracy is being managed poorly by the people.
A click-through in the context of an EULA, to a reasonable person, means somebody clicked it. Is it absolutely iron clad? Of course not, but neither is the bunch of squiggly lines that I scratch out on the signature line of that contract to buy a car, or the home loan documents, or any other perfectly normal contract.
One can certainly make a case to another reasonable person that it is reasonable to believe that if the "I accept" button got clicked, then a human probably clicked it.
One could NOT make any such argument about headers that are universally not reviewed by a human at the time of the HTTP transaction.
Thank goodness we still have JPL and its hardy unmanned probes.
Where's the love for the JHU APL? (Note that MESSENGER is just a few days from its Mercury orbital insertion)
As to Discovery, it's particularly bittersweet to watch her retirement. I saw her launch firsthand as a kid in '85 (STS-51D), which had a big impact on me. A good part of the reason I'm (still*) at NASA today. Discovery was the orbiter for both return to flight missions. She launched HST.
I also had the privilege to watch her last launch. I admit, it almost brings a tear to my eye.
* Working at NASA was more of a right-place-right-time opportunity for me. Not leaving NASA in disgust years ago is largely due to the love of the program I have, largely instilled by that early shuttle launch.
Heck I'd be happy as a clam if I get to watch the launch close to the giant countdown clock (where exactly is it, anyone know?
Press site. I don't know the details of how you get a press pass. You could contact the NASA public affairs office, but you almost certainly won't get to go there without being press.
The KSC visitor's center holds (held?) a lottery for public viewing passes at the NASA causeway.
Another option is to find someone who works at a NASA center and ask them to request an employee pass for the NASA causeway. Those usually come out a couple of weeks before the launch. Even then, though, they're pretty hard to get now even for employees (fortunately, they're easier to come by where I am now, and I have a death pact with several co-workers that we'll take each other if one of us doesn't get one.)
Clearly, you're just a troll with a silly statement like that.
No sir, my intention was to be disengaging by acknowledging that I was aware that I was talking to a person who probably would generally understand the principles about which I was speaking. I *do* recognize usernames on slashdot, and try my best to acknowledge people who have been around for a long time and generally contribute positively toward the discussion.
your responses are really just pedantic, pointless puffery. Broadly speaking, DoS flaws are low severity.
Then please, by all means, refute it with something other than assertions. Show me how a network-based, low access complexity, non-authenticated vulnerability with only complete availability impact will not score a CVSS v2 base score of 7.8. Or explain why that methodology is flawed (I probably will agree with you).
Because THAT is what some IT risk analyst is going to throw at someone if they parrot what you're saying, and their CVSS charts and graphs look a lot prettier than general unsupported rhetoric.
So don't expect to get a gold star for pointing out the obvious.
It may be obvious to YOU, but not everyone understands these things as a matter of course. I personally think it does a service to help people think more structured about these sorts of things. It took me years to learn, and I wish that people would have guided me.
But you have to admit that we've managed to spend the day off and on arguing over something as admittedly trivial as the title on a news article. Only Slashdot.:)
"High" and "Low" are relative. A high severity DNS flaw would be...
With due respect to your tenure at Slashdot, I believe you're oversimplifying it, or at least not applying common risk management methodology.
Generally, when assessing the impact of a vulnerability, you're going to assess its impact to each of the three components of the security triad.
We admin/security types do generally consider impact to availability as being less of an issue, but my point is that it is situation dependent. The fact is, though, that this particular vulnerability (I believe, I haven't RTFA) is in fact a high impact to availability. It's probably low to confidentiality and integrity, but the *overall* impact taken as a high water mark of impact to each of the CIA, is high. If your own specific environment does not consider availability to be of importance, than your own risk assessment will take that into account and reduce the overall risk as appropriate.
I guess the reason I felt compelled to reply to the original post is because I think that in sysadmin world, there is less methodology and more gut reaction. That makes sense, but I'm trying to help raise awareness that there *are* methodologies which, for better or worse, at least help make sure everyone is using the same terminology.
This sounds like a denial-of-service flaw. Such flaws are considered "low severity" in all but the rarest cases. A high-severity flaw would be one which either gives a hacker control of a service or access to sensitive information.
It depends entirely upon the requirements for availability. I agree that generally the A in the CIA triad is the least important, but not by any means always.
Imagine if this could be easily leveraged to shut down all DNS resolvers for, say, all of Comcast. Wouldn't you agree that it's probably a greater impact than, say, a single unimportant desktop somewhere in marketing being compromised by the Flash Of The Day vulnerability?
Thus is the black magic of IT risk management.:)
That said, my first thought when reading this headline was the same as yours.
The flight I have scheduled in 2 weeks is 2 hours, 20 minutes flight time. By the time you've dealt with loading/unloading, it's 3 hours. Add on about 2 hours for security theater and other air travel related sundries, it's going to roughly be 5 hours or so, as you said.
Now, given 5 hours of the cattle call that is a flight (including about 3 hours of being cooped up on a plane) vs. 8 hours of being on a spacious train, I'll spend the extra 3 hours. It's nice to be able to get up, walk up to the cafe car, hang out at a table there talking to other passengers while eating my hot dog, etc. *shrug*
Amtrak runs on commercial rails. They've always been a second class citizen.
Not on the Northeast Corridor. It's almost entirely Amtrak owned. I've been into riding Acela from Boston to DC for the heck of it. I've gone from DC to NYC on the Northeast Regional. It's a pleasant experience, much better than flying, and I've not been significantly late.
I've also Amtraked down to Orlando from DC, and, while I enjoyed it somewhat, after 17 hours on the train, I was ready to be done. If we could get that down to 8 or so with Amtrak-managed high speed rail, it'd be golden.
If site can email you your password, it is not just bad. It is sign of fscked up security.
Not necessarily. It really depends on what exactly it's protecting. Security isn't full of absolutes.
For example, GNU Mailman will e-mail you your password in plaintext monthly. It goes out of its way to tell you when you first create the password to tell you to not use a valuable password. But all it's protecting is your mailing list preferences, so it's no big deal.
(Yes, in this case, clearly personal and financial information were leaked, and it should have been designed far more securely)
You are missing my point. Which is fair, I suppose, since it wasn't particularly well made. (Nor will this be, TBH.)
My point is that there are perfectly valid reasons for someone to own large trucks. Heck, a Ranger isn't exactly tiny either, why is it acceptable for you to own one of those, but people with larger trucks or SUVs have them purely as a status symbol?
I'll grant you in certain communities (like Texas, apparently) that is the case among a significant population of large vehicle owners. Absolutely. Few people roll their eyes more than I do at the idiots driving their chromed-out Hummers. (And few laughed more at them than I when the gas prices skyrocketed back in 2005). And you're absolutely right that they aren't necessarily safer, and in some ways much less safe.
But your post is yet another of the "tax things I don't like, because if *I* don't need them, clearly other people don't." I'll make the same statement I make in my day job, when people suggest stupid IT security policies: Just because it doesn't affect not YOUR use case, doesn't mean it won't affect someone else's.
Further, the purpose of taxes should not be changing people's behavior, but instead to secure revenue to operate the government.
(And no, a Ranger doesn't cut it in every situation. I've driven my dad's quite often, and when towing his relatively little Ford 1210 tractor, I don't exactly feel safe. The bed of a Ranger is small, in the firewood case you're doubling the number of trips you'd take with it.)
Personally, I'm hoping electrics work out well. I'm going to try to keep the Eclipse going until '12 or '13, and see what they're looking like at that point. At least by then there should be a decent number of fuel efficient used cars on the lots as folks abandon them for electrics. I hope.
A couple of months ago, I was wandering down the National Mall after work and saw a motorcade entering the White House, complete with the bajillion police vehicles escorting them and stopping traffic along the way.
I mused on facebook that I thought that politicians should be required to sit in traffic like the rest of us. And I'm serious about that.
Yes, because your lifestyle doesn't require one, so clearly no one else's does either.
Ever tried to tow a boat with your Honda Fit? A camper? Haul firewood? Lumber for a home project? Ride offroad on a hunting trip?
You know, suddenly on Wednesday night when I was towing idiot car drivers up snowy hills they weren't bitching about how much diesel my F-250 was consuming to do it, or how "unweildy" it was.
My father worked for a gas and electric utility. At least in his gas systems, they had "metameters" (yes, that's what they're called), and from what I can gather, are used for, among other purposes, ensuring that downstream metering adds up.
I am no HV distribution expert, but I don't doubt that similar systems exist for electrical systems, if for no other reason than to detect meter cheaters.
Slashdot Mirror
That's why I use Amazon and its MP3 download service.
In short it's not a democracy because the choices are already decided for us by those with the money.
I disagree. The people decide, they're just stupidly swayed by expensive campaigns. Ergo, the people still have their choice, even if they choose poorly.
if you think we are still living in a democracy then you need to wake up.
Can you please explain to me why America isn't still a democracy?
Last I checked, the currently serving political representatives were the ones that the people elected.
The people chose foolishly, if you ask me, but that doesn't mean we're not democratic; it just means the democracy is being managed poorly by the people.
You're being a bit disingenuous.
A click-through in the context of an EULA, to a reasonable person, means somebody clicked it. Is it absolutely iron clad? Of course not, but neither is the bunch of squiggly lines that I scratch out on the signature line of that contract to buy a car, or the home loan documents, or any other perfectly normal contract.
One can certainly make a case to another reasonable person that it is reasonable to believe that if the "I accept" button got clicked, then a human probably clicked it.
One could NOT make any such argument about headers that are universally not reviewed by a human at the time of the HTTP transaction.
Thank goodness we still have JPL and its hardy unmanned probes.
Where's the love for the JHU APL? (Note that MESSENGER is just a few days from its Mercury orbital insertion)
As to Discovery, it's particularly bittersweet to watch her retirement. I saw her launch firsthand as a kid in '85 (STS-51D), which had a big impact on me. A good part of the reason I'm (still*) at NASA today. Discovery was the orbiter for both return to flight missions. She launched HST.
I also had the privilege to watch her last launch. I admit, it almost brings a tear to my eye.
* Working at NASA was more of a right-place-right-time opportunity for me. Not leaving NASA in disgust years ago is largely due to the love of the program I have, largely instilled by that early shuttle launch.
c) How does car react?
Based on what I see on the roads every day, I wouldn't trust 2/3 of HUMAN drivers to react correctly.
Oh, poop. I used the wrong link: https://www.facebook.com/album.php?aid=2004666&id=183100363&l=552fa933a1
Err, that's Don't stay in Orlando; stay in Cocoa or Cocoa Beach or even Melbourne.
though I'd definitely research alternate ways to get back to Orlando - we left KSC at 6:30, didn't get back to the hotel until 11:30.
Don't stay in Orlando; Cocoa or Cocoa Beach, or even Melborne. South is fairly easy post-launch, west is torturous.
Alternatively, I just learned last night that you can go South on I-95 and zip back up route 192. It's a longer distance, but lighter traffic.
Heck I'd be happy as a clam if I get to watch the launch close to the giant countdown clock (where exactly is it, anyone know?
Press site. I don't know the details of how you get a press pass. You could contact the NASA public affairs office, but you almost certainly won't get to go there without being press.
The KSC visitor's center holds (held?) a lottery for public viewing passes at the NASA causeway.
Another option is to find someone who works at a NASA center and ask them to request an employee pass for the NASA causeway. Those usually come out a couple of weeks before the launch. Even then, though, they're pretty hard to get now even for employees (fortunately, they're easier to come by where I am now, and I have a death pact with several co-workers that we'll take each other if one of us doesn't get one.)
FWIW, causeway pictures I took on Thursday: https://www.facebook.com/album.php?aid=2004666&id=183100363&fbid=506378627842
Clearly, you're just a troll with a silly statement like that.
No sir, my intention was to be disengaging by acknowledging that I was aware that I was talking to a person who probably would generally understand the principles about which I was speaking. I *do* recognize usernames on slashdot, and try my best to acknowledge people who have been around for a long time and generally contribute positively toward the discussion.
your responses are really just pedantic, pointless puffery. Broadly speaking, DoS flaws are low severity.
Then please, by all means, refute it with something other than assertions. Show me how a network-based, low access complexity, non-authenticated vulnerability with only complete availability impact will not score a CVSS v2 base score of 7.8. Or explain why that methodology is flawed (I probably will agree with you).
Because THAT is what some IT risk analyst is going to throw at someone if they parrot what you're saying, and their CVSS charts and graphs look a lot prettier than general unsupported rhetoric.
So don't expect to get a gold star for pointing out the obvious.
It may be obvious to YOU, but not everyone understands these things as a matter of course. I personally think it does a service to help people think more structured about these sorts of things. It took me years to learn, and I wish that people would have guided me.
But you have to admit that we've managed to spend the day off and on arguing over something as admittedly trivial as the title on a news article. Only Slashdot. :)
"High" and "Low" are relative. A high severity DNS flaw would be...
With due respect to your tenure at Slashdot, I believe you're oversimplifying it, or at least not applying common risk management methodology.
Generally, when assessing the impact of a vulnerability, you're going to assess its impact to each of the three components of the security triad.
We admin/security types do generally consider impact to availability as being less of an issue, but my point is that it is situation dependent. The fact is, though, that this particular vulnerability (I believe, I haven't RTFA) is in fact a high impact to availability. It's probably low to confidentiality and integrity, but the *overall* impact taken as a high water mark of impact to each of the CIA, is high. If your own specific environment does not consider availability to be of importance, than your own risk assessment will take that into account and reduce the overall risk as appropriate.
I guess the reason I felt compelled to reply to the original post is because I think that in sysadmin world, there is less methodology and more gut reaction. That makes sense, but I'm trying to help raise awareness that there *are* methodologies which, for better or worse, at least help make sure everyone is using the same terminology.
Hopefully this clarifies my point.
"Imagine if". I was using a hypothetical to demonstrate a completely different point.
This sounds like a denial-of-service flaw. Such flaws are considered "low severity" in all but the rarest cases. A high-severity flaw would be one which either gives a hacker control of a service or access to sensitive information.
It depends entirely upon the requirements for availability. I agree that generally the A in the CIA triad is the least important, but not by any means always.
Imagine if this could be easily leveraged to shut down all DNS resolvers for, say, all of Comcast. Wouldn't you agree that it's probably a greater impact than, say, a single unimportant desktop somewhere in marketing being compromised by the Flash Of The Day vulnerability?
Thus is the black magic of IT risk management. :)
That said, my first thought when reading this headline was the same as yours.
The flight I have scheduled in 2 weeks is 2 hours, 20 minutes flight time. By the time you've dealt with loading/unloading, it's 3 hours. Add on about 2 hours for security theater and other air travel related sundries, it's going to roughly be 5 hours or so, as you said.
Now, given 5 hours of the cattle call that is a flight (including about 3 hours of being cooped up on a plane) vs. 8 hours of being on a spacious train, I'll spend the extra 3 hours. It's nice to be able to get up, walk up to the cafe car, hang out at a table there talking to other passengers while eating my hot dog, etc. *shrug*
Amtrak runs on commercial rails. They've always been a second class citizen.
Not on the Northeast Corridor. It's almost entirely Amtrak owned. I've been into riding Acela from Boston to DC for the heck of it. I've gone from DC to NYC on the Northeast Regional. It's a pleasant experience, much better than flying, and I've not been significantly late.
I've also Amtraked down to Orlando from DC, and, while I enjoyed it somewhat, after 17 hours on the train, I was ready to be done. If we could get that down to 8 or so with Amtrak-managed high speed rail, it'd be golden.
For example imagine if YouTube had a profit split model where the uploaders got part of the ad revenue.
They do.
If site can email you your password, it is not just bad. It is sign of fscked up security.
Not necessarily. It really depends on what exactly it's protecting. Security isn't full of absolutes.
For example, GNU Mailman will e-mail you your password in plaintext monthly. It goes out of its way to tell you when you first create the password to tell you to not use a valuable password. But all it's protecting is your mailing list preferences, so it's no big deal.
(Yes, in this case, clearly personal and financial information were leaked, and it should have been designed far more securely)
This analogy will be completely lost on the audience here.
(Hint to the American football ignorant: Michael Vick)
You are missing my point. Which is fair, I suppose, since it wasn't particularly well made. (Nor will this be, TBH.)
My point is that there are perfectly valid reasons for someone to own large trucks. Heck, a Ranger isn't exactly tiny either, why is it acceptable for you to own one of those, but people with larger trucks or SUVs have them purely as a status symbol?
I'll grant you in certain communities (like Texas, apparently) that is the case among a significant population of large vehicle owners. Absolutely. Few people roll their eyes more than I do at the idiots driving their chromed-out Hummers. (And few laughed more at them than I when the gas prices skyrocketed back in 2005). And you're absolutely right that they aren't necessarily safer, and in some ways much less safe.
But your post is yet another of the "tax things I don't like, because if *I* don't need them, clearly other people don't." I'll make the same statement I make in my day job, when people suggest stupid IT security policies: Just because it doesn't affect not YOUR use case, doesn't mean it won't affect someone else's.
Further, the purpose of taxes should not be changing people's behavior, but instead to secure revenue to operate the government.
(And no, a Ranger doesn't cut it in every situation. I've driven my dad's quite often, and when towing his relatively little Ford 1210 tractor, I don't exactly feel safe. The bed of a Ranger is small, in the firewood case you're doubling the number of trips you'd take with it.)
Personally, I'm hoping electrics work out well. I'm going to try to keep the Eclipse going until '12 or '13, and see what they're looking like at that point. At least by then there should be a decent number of fuel efficient used cars on the lots as folks abandon them for electrics. I hope.
A couple of months ago, I was wandering down the National Mall after work and saw a motorcade entering the White House, complete with the bajillion police vehicles escorting them and stopping traffic along the way.
I mused on facebook that I thought that politicians should be required to sit in traffic like the rest of us. And I'm serious about that.
tax the crap out of unweildy SUVs and trucks
Yes, because your lifestyle doesn't require one, so clearly no one else's does either.
Ever tried to tow a boat with your Honda Fit? A camper? Haul firewood? Lumber for a home project? Ride offroad on a hunting trip?
You know, suddenly on Wednesday night when I was towing idiot car drivers up snowy hills they weren't bitching about how much diesel my F-250 was consuming to do it, or how "unweildy" it was.
My amazon.com password is a dictionary word I set in, like, 1997?
Maybe it's time to change it.
My father worked for a gas and electric utility. At least in his gas systems, they had "metameters" (yes, that's what they're called), and from what I can gather, are used for, among other purposes, ensuring that downstream metering adds up.
I am no HV distribution expert, but I don't doubt that similar systems exist for electrical systems, if for no other reason than to detect meter cheaters.
It's not a typewriter, dude, you CAN use the backspace key.