And yet running Lynx under Linux, I was able to get as far as the "complete checkout" page - despite Moz getting the "IE needed" warning. What a crock....
That *is* a great law. I'm curious, though - you used the term self-defense. Is self-defense required for Castle Doctrine cases in Iowa? Or is it assumed based on proof that the dead person did not have legitimate access to the premises?
(I keep wanting to say 'victim' instead of 'dead person', except that of course the homeowner is the real victim here.)
The right to defend one's home _ought_ to be 'inalienable', preferably at the constitutional level.;)
I hear you about what is right vs. what is legal, and we agree about how much difference the then-current legality would make.
I was fortunate to live in Florida, where the right to defend one's home (and one's self) is very strong. My current state of residence (GA) is not quite as generous, but does clearly give me the right to use deadly force, both within my home and to defend life (not property). Hopefully I'll never be called upon to live in less enlightened states -- or we'll get a federal carry permit, and perhaps subsequent collection of such laws at the federal level.
So program the weapon to allow access for multiple users, and pre-program partner's weapons. This would have to be done for squad car riot weapons in any event.
As far as 10-year olds go, you may have trained yours in proper weapons management. The average ten year old is *FAR* more likely to take the gun to school and wind up shooting a classmate in the playground afterwards than he/she is to defend his/her parent after they're wounded.
I'd also *love* to see some statistics on how often police officers find it necessary to fire a fellow officer's weapon, under any circumstances. I already know that they typically can NOT hit anything with their own weapons. Spray-and-pray, indeed....
Re:A rant on smart guns.
on
Science Faction
·
· Score: 2, Insightful
Two words: _Civil Liability_.
It doesn't matter _squat_ if it's an obvious enough case of "Castle Doctrine" and the cops haul the body away and leave you your gun, even (unlikely;). You can still lose everything you own in civil court, sued by the relatives of the dead intruder. Let's face it - being right can mean little or nothing, depending on the mix of judge, jury and lawyers involved.
Also, not all states support castle doctrine, or only support it in a limited fashion - it pays to know the laws of your own state.
I'm not in law enforcement, but I do carry, and I agree with most of your comments about 'smart' guns. However, I do believe your rant is somewhat constrained, in that it only addresses current technologies.
I *definitely* do not want to rely on optical recognition for any weapon (especially since I often use a mexican carry rig, which introduces its own issues with dirt, et alia).
OTOH, there _are_ significant advantages to the concept. Imagine a weapon which, say, uses your brain waves to induce a positive safety system, powered by a micro-engine good for years. Or even a thermal fingerprint reader, where one could wipe the surface mud off, and the reader could still distinguish ridges using heat differentiation. This weapon always fires when *you* pull the trigger (well, at least as often as today - *not* 100%), yet is either inert in the hands of an opponent, or, better still, sends a taser charge through the grips if the trigger is pulled by someone else.
I'd want such a weapon to fail in the 'will fire when trigger pulled' direction if something went wrong with the recognition system, and I'd want such a system to be _at least_ as reliable as e.g. my Glocks. (There are also many registration / transfer issues with the potential to further abuse my civil rights, but I'll skip those;)
The biggest problem with the concept of smart guns is that the recognition technology - today - is not reliable enough. The advantages of smart guns (safety, insurance, ease-of-access since you don't have to lock them up away from your kids) makes this a market which will only get bigger. And as for the potential for gun control which could be incorporated here, well, as my bumper sticker says, "I wasn't using my civil rights anyway".... <sigh>
I do like the idea of fiber optic cameras alongside the gun barrel - particularly one that runs full motion vid when the trigger slack is taken up, the way some laser sights work. Or, in a 'smart' gun, whenever the gun senses it is being pointed.;)
The current FAA regulations state that, in an emergency, a pilot may take *ANY* action required to deal with the emergency. And yes, this includes violating restricted airspaces. So, in order to support this, there would have to be a local override for emergencies -- the first plane which went down because the pilot couldn't do what was required as a result of the software would be enough to kill the program.
Also, this may be practical on some fly-by-wire systems, but I'm willing to bet that any implementation would be (relatively) easy to hack at the hardware level (pull the chip, turn off the power, whatever). Heck, even if you turn off _everything_ and go to whatever manual controls exist, you can still glide for some distance if you start 6 miles up!
Actually that warning hasn't been printed on cards for some time. I had to get a replacement card to work in Florida (what a pain) in, hmmm, '94 I believe, and it simply says that "Improper use of this [...] number by anyone is punishable by fine, imprisonment or both".
My guess would be this refers to the e.g. the privacy act of '74, and that the text changed much earlier than I am aware.
1) While I'd love to provide a link to disprove that, I actually can't find one. I do know that it was the *intent* of the SSA that SSNs not be used as a means of identification. However, reading the original 1935 act, I can't actually find any reference to SSNs at all, and there is little historical information on ssn.gov.
2) The issue of breaking laws is at least somewhat moot (I'm tempted to say "arguably moot", except that I know better;). Civil juries don't seem to give a wit's end about laws. (Of course, neither do criminal juries, any more.)
3) Disclaimer: I do not work for any of these organizations, and derive no profit whatsoever from their operations or non-operations.
As for why someone might want to try this experiment, I believe that question was answered in the original post.
I personally would never post your SSN in a public forum - despite it being trivially easy to obtain. Although many of the laws regarding SSNs are routinely ignored (e.g. the law which says that SSNs may *not* be used as a form of identification or account numbering), that does not mean those laws do not exist (privacy issues aside).
When they track down the person who steals Bill's identity and that person says they found all the info they needed on/., you might find yourself wishing you had at least posted as A.C.;)
To those who think it is difficult to obtain information about other people, try and experiment. Find one of those places that's always spamming you about the subject, and pay them to do a records search on someone (yourself, perhaps).
I can almost guarantee that unless you are in the industry, or have previously used such a service that you will be *astonished* by the information you will discover.
Knowing the SSN when you start is very helpful, of course, but it's equally easy to start with a known address or any other information that left a distinctive enough mark in the records.
I think one of the issues with RSI is just how often one engages in a given activity. There was a point in my life where I was coding professionally during the day, and personally until all hours of the night. Both projects were heads-down coding, all of the 'think' work having been done.
Towards the end of that effort (2-3 weeks), I began having serious problems with my wrists. I also established that repeated mouse use exacerbated the problem.
I've since switched to trackballs and stopped typing 18+ hours a day, and have never had a recurrance of the problem. Of course, having spent my entire life skinny as a rail, I'm hardly a lard ass, either.
I do completely agree about stretching, though. I read long ago that people should act like cats, and stretch after any period of inactivity. It's amazing how much of a boost one can get this way -- the benefits of stretching aren't just to help prevent injuries!
The ISP which owns the block will transfer it to the new ISP because the new ISP says it has the paperwork. Neither ISP really cares - it's just a circuit and a routing table change to them - they actually coordinate on the BGP changes. And legitimate transfers of IP blocks does happen all the time. The actual owner doesn't care (at first) because they are not affected by the change.
*Way* too many corporations use routable IP blocks for internal networks, yet NAT those addresses going out the primary router. In order to prevent spoofing attacks, these address blocks are usually segregated at the primary router(s)/firewall(s).
The "outside" of this setup doesn't care about routing for this subnet - all internal routing for those IPs is handled by an inside box / separate set of rules. It also doesn't broadcast BGP info for the inside network.
At best, the incoming BGP would be perceived as a DoS attack - except that there is no DoS, and hence little reason to check. I'm willing to bet that few, if any, security administrators in such situations do more than block - and possibly log - these packets.
And, unfortunately, corporations with lots of IP addresses have little motivation to give them up. My last employer owned two/24s - total usage less than 100 boxes. The DMZ boxes had routable IP addresses in one/24 which were NAT'ed to routable IPs in the other/24 by the primary gateway! Of course, this same company was still using remnants of another/24 they haven't owned in many years (for internal production boxes) -- THAT makes for some interesting routing.;)
The fake phone call is good in other situations, too. Erratic drivers, for example, are good targets. In person I mostly find that's a little too passive aggressive for me; there's usually little passive about my aggression.;)
I can see why you posted as AC.:-) You, like so many others, appear to have missed the fact that disclosure *is* part of the proposed process. Ok, so you can't generate IDS sigs until it's too late to do any good. If you're relying on the likes of BugTraq for that purpose, you're far better off letting someone with the appropriate resources do it for you.
As a personal aside, 'not being an admin' is unrealistic, even though I am not currently employed in that role, other than for my personal, locally-hosted domain(s). That's sort of like 'not being a geek', or 'not being gay'.
Security is indeed not fakable, and as for your last question, the last placed I sniffed traffic had dual T3s. Just dumping the logs for a days worth of traffic to a remote box for viewing took a *long* time. As for knowing what to look for, this site regularly captured *all* traffic - period. I only had occasion to poke for a few needles in these particular haystacks, so I never e.g. wrote a Perl script to eliminate obvious, legitimate traffic - but filters are a trivial exercise. And with the data stored on disk, you can analyze it just as many ways as you like.
P.S. Yes, I often hold contradictory views. However, my original objection was based not so much on the concept of limiting information, but moreso the specific objections raised by the original poster.
And this is +3, Insightful? Plus +3, Funny I could believe.
*YOU* may want the store(s) to provide you with more of the things you like. Personally, I'd rather make the decision about what things I like or to which I choose to be exposed.
As for Walmart irritating customers, a) they don't care - they've already driven all the competition out of business, and b) most of their customers won't ever even know what an RFID is, let alone the implications.
It's not that I have an attitude problem , but I sometimes *deliberately* shop in these stores, simply so I can ignore the person standing by the door.
To the person who said 'give these people a break, they're just doing their jobs', I say that's nice, but how does it affect me? If they ask to see my receipt / bags, I "just say no", and keep walking. If they say anything else, I usually just laugh (and keep walking). If they get belligerent, I don't mind taking a minute or two to explain to them about the potential civil penalties for unlawful restraint, or exactly what *their* rights are as regards their jobs. (I.e. they can make a citizen's arrest like anyone else, and durn little otherwise.) Only once have I needed to (verbally) advise one (rather large, angry) gentleman that I was armed, and he would not enjoy the end result of a physical confrontation. When he backed down and threatened to call the cops, I pulled out my cell phone and offered to lend it to him. (I'm amused by the strangest things.;)
I hope that more people learn about their rights in these stores as a result of this (mostly off topic;)/. thread. Perhaps if everyone ignored these people, the stores would find better alternatives to their security issues, and stop hassling us all. And for the record, I have never stolen anything from these stores, through whatever mechanism.
I have to disagree with much of your post. As you yourself said, anyone can do security. And there is nothing in this proposal per se that would prevent any of your stated goals. Reading reports of others' exploits is hardly the way to build a career. If it comes to that, better you should seek out the exploits themselves, and do your own analysis, just like these people. (And the proposal *does* require the vendor to maintain a publically accessible repository of vulnerabilities.)
I'm also of mixed minds on the administration issue. What good does it do for an admin to know that there is a potential exploit in a must-be-open service, for which there is no current fix? Counter intrusion and intrusion detection systems should already be in place. There is some seeming value in being more alert, although I would argue that this is actually counter-productive. Only 'caring' about exploits which have been made public leaves one more vulnerable for those that have not.
That said, the admin in me personally *does* want to know as much as possible, fix or no. (Particularly since my programming side could attempt a hack in a worse-case scenario.) And I do enjoy casual reading about exploits and their techniques, just as I periodically peruse the NTSB airplane accident database (the latter also not being the way to build an airline career;). However, the only thing that is stopping me from using that knowledge to exploit the exploits, as it were, is me. And my firewall regularly provides me with IP addresses of apparently wormed boxes on which I could practice....
The dual-edged sword of knowledge is particularly sharp where it comes to security exploits, of any kind. However, I still prefer to live in the kind of world where I can order lock picks and related materials. Learning to pick locks (my own;) taught me a lot about physical security (or lack thereof), just as learning about computer exploits has educated me in network security. (Site security is another issue - given anyone physical access to most machines, and all bets are off.)
I honestly don't think that even a complete implementation of this proposal would significantly change anything, though. The exploits are there for anyone with a sniffer, and I'm sure there are plenty of 'grey hats' around who would be willing to step into any public information gap left by players in such a new world.
I'm not poor (although I'm working on it;), and have had a cable hookup for some 20 years now. Last year I found myself in my attic, installing the dreaded broadcast antenna, as the only way to receive HDTV signals.
There won't be sufficient economic incentive/pressure for the cable/sat providers to dedicate bandwidth for HDTV signals for some time to come, meaning the number of people using the broadcast signals is actually likely to rise, at least in the short term.
You make good points, right up to the point where our brain-dead legislature *requires* the use of proprietary M$ protocols. (This has already been discussed on/.; I'm just too lazy to chase the link.)
Think it can't happen? Two years ago, I would have sworn that it would never be legal for the government to spy on you without so much as a court order, nor that private organizations (e.g. the RIAA) would have the legal right to DDoS my machines - even if that means that I pay more for the bandwidth they use. Is it such a stretch to envision M$ getting a foothold in with some DMV, USPS, passport office, FMHA, etc., and slowly tightening the screws to include other agencies?
Some people may think that the story about the state legislature that proposed changing the value if Pi to 3.0 'to make the math easier' is anecdotal. Sadly, it is not (but again, I'm too lazy to chase the link for you;).
However, you've missed the point. "8CNB5 Q8Z4R" is *not* simply NAC GP's _postal code_ -- it is the entirety of their address.
An envelope addressed to them need only contain those ten characters -- _nothing else_ -- for delivery.
I also suspect that, were a system such as this to go into wide usage, people would soon pick up on the major identifiers in the block.
Even as anti-M$ as I am personally, I'd still love to be able to store customer information - and ship products - in a short, universal format. And the product backing _does_ make its acceptance more possible...
First, just a note about stray RF and airplanes in general. It's actually pretty easy to demonstratably affect the instruments in the cockpit by waving your average transceiver around close enough to said instruments.
Part of this is the fact 90% (or more) of any average aircraft consists of 20-30 year old technology. The certification procedure for anything in the aviation world is torturous, at best. It is NOT possible to get a new aircraft certified in a time frame measured by a device more granular than a calendar. (Multiple calendars.)
If you think ISO-9000 certification is a painful ripoff, you haven't seen anything until you've watched the FAA at work. Almost all of the obstacles which have been overcome in the field of aviation either originated with the military, or came about before the government (and the lawyers) slowly strangled the industry to death.
And perhaps the issue is not as simple as it seems. With fly-by-wire systems and wiring harnesses that would choke an elephant, how does one go about 'hardening' the system? Every last cubic millimeter of space is already crammed full of *something*....
But say they announced a new design today which met all the criteria. It would still take 3-5 years before you could buy one, and longer than that before the airlines would be able to afford to ditch their current fleets and start over.
Not to say that we shouldn't start thinking that far down the road, but that doesn't solve the problem in the meantime.
I didn't see any mention to quasar (www.linuxcanada.com), here or on madpenguin.
Quasar is a) free, b) runs on both Linux and Windows and is c) multi-user. Some of its add-on modules are available for a *VERY* nominal cost, but the base product is fairly comprehensive, and even looks depressingly like its Winblows-inspired ilk.
Slashdot Mirror
And yet running Lynx under Linux, I was able to get as far as the "complete checkout" page - despite Moz getting the "IE needed" warning. What a crock....
That *is* a great law. I'm curious, though - you used the term self-defense. Is self-defense required for Castle Doctrine cases in Iowa? Or is it assumed based on proof that the dead person did not have legitimate access to the premises?
(I keep wanting to say 'victim' instead of 'dead person', except that of course the homeowner is the real victim here.)
The right to defend one's home _ought_ to be 'inalienable', preferably at the constitutional level. ;)
I hear you about what is right vs. what is legal, and we agree about how much difference the then-current legality would make.
I was fortunate to live in Florida, where the right to defend one's home (and one's self) is very strong. My current state of residence (GA) is not quite as generous, but does clearly give me the right to use deadly force, both within my home and to defend life (not property). Hopefully I'll never be called upon to live in less enlightened states -- or we'll get a federal carry permit, and perhaps subsequent collection of such laws at the federal level.
So program the weapon to allow access for multiple users, and pre-program partner's weapons. This would have to be done for squad car riot weapons in any event.
As far as 10-year olds go, you may have trained yours in proper weapons management. The average ten year old is *FAR* more likely to take the gun to school and wind up shooting a classmate in the playground afterwards than he/she is to defend his/her parent after they're wounded.
I'd also *love* to see some statistics on how often police officers find it necessary to fire a fellow officer's weapon, under any circumstances. I already know that they typically can NOT hit anything with their own weapons. Spray-and-pray, indeed....
Two words: _Civil Liability_.
;). You can still lose everything you own in civil court, sued by the relatives of the dead intruder. Let's face it - being right can mean little or nothing, depending on the mix of judge, jury and lawyers involved.
It doesn't matter _squat_ if it's an obvious enough case of "Castle Doctrine" and the cops haul the body away and leave you your gun, even (unlikely
Also, not all states support castle doctrine, or only support it in a limited fashion - it pays to know the laws of your own state.
I'm not in law enforcement, but I do carry, and I agree with most of your comments about 'smart' guns.
;)
;)
However, I do believe your rant is somewhat constrained, in that it only addresses current technologies.
I *definitely* do not want to rely on optical recognition for any weapon (especially since I often use a mexican carry rig, which introduces its own issues with dirt, et alia).
OTOH, there _are_ significant advantages to the concept. Imagine a weapon which, say, uses your brain waves to induce a positive safety system, powered by a micro-engine good for years. Or even a thermal fingerprint reader, where one could wipe the surface mud off, and the reader could still distinguish ridges using heat differentiation. This weapon always fires when *you* pull the trigger (well, at least as often as today - *not* 100%), yet is either inert in the hands of an opponent, or, better still, sends a taser charge through the grips if the trigger is pulled by someone else.
I'd want such a weapon to fail in the 'will fire when trigger pulled' direction if something went wrong with the recognition system, and I'd want such a system to be _at least_ as reliable as e.g. my Glocks. (There are also many registration / transfer issues with the potential to further abuse my civil rights, but I'll skip those
The biggest problem with the concept of smart guns is that the recognition technology - today - is not reliable enough. The advantages of smart guns (safety, insurance, ease-of-access since you don't have to lock them up away from your kids) makes this a market which will only get bigger. And as for the potential for gun control which could be incorporated here, well, as my bumper sticker says, "I wasn't using my civil rights anyway".... <sigh>
I do like the idea of fiber optic cameras alongside the gun barrel - particularly one that runs full motion vid when the trigger slack is taken up, the way some laser sights work. Or, in a 'smart' gun, whenever the gun senses it is being pointed.
The current FAA regulations state that, in an emergency, a pilot may take *ANY* action required to deal with the emergency. And yes, this includes violating restricted airspaces. So, in order to support this, there would have to be a local override for emergencies -- the first plane which went down because the pilot couldn't do what was required as a result of the software would be enough to kill the program.
Also, this may be practical on some fly-by-wire systems, but I'm willing to bet that any implementation would be (relatively) easy to hack at the hardware level (pull the chip, turn off the power, whatever). Heck, even if you turn off _everything_ and go to whatever manual controls exist, you can still glide for some distance if you start 6 miles up!
Actually that warning hasn't been printed on cards for some time. I had to get a replacement card to work in Florida (what a pain) in, hmmm, '94 I believe, and it simply says that "Improper use of this [...] number by anyone is punishable by fine, imprisonment or both".
My guess would be this refers to the e.g. the privacy act of '74, and that the text changed much earlier than I am aware.
1) While I'd love to provide a link to disprove that, I actually can't find one. I do know that it was the *intent* of the SSA that SSNs not be used as a means of identification. However, reading the original 1935 act, I can't actually find any reference to SSNs at all, and there is little historical information on ssn.gov.
;). Civil juries don't seem to give a wit's end about laws. (Of course, neither do criminal juries, any more.)
2) The issue of breaking laws is at least somewhat moot (I'm tempted to say "arguably moot", except that I know better
3) Disclaimer: I do not work for any of these organizations, and derive no profit whatsoever from their operations or non-operations.
As for why someone might want to try this experiment, I believe that question was answered in the original post.
I personally would never post your SSN in a public forum - despite it being trivially easy to obtain. Although many of the laws regarding SSNs are routinely ignored (e.g. the law which says that SSNs may *not* be used as a form of identification or account numbering), that does not mean those laws do not exist (privacy issues aside).
/., you might find yourself wishing you had at least posted as A.C. ;)
When they track down the person who steals Bill's identity and that person says they found all the info they needed on
To those who think it is difficult to obtain information about other people, try and experiment. Find one of those places that's always spamming you about the subject, and pay them to do a records search on someone (yourself, perhaps).
I can almost guarantee that unless you are in the industry, or have previously used such a service that you will be *astonished* by the information you will discover.
Knowing the SSN when you start is very helpful, of course, but it's equally easy to start with a known address or any other information that left a distinctive enough mark in the records.
I think one of the issues with RSI is just how often one engages in a given activity. There was a point in my life where I was coding professionally during the day, and personally until all hours of the night. Both projects were heads-down coding, all of the 'think' work having been done.
Towards the end of that effort (2-3 weeks), I began having serious problems with my wrists. I also established that repeated mouse use exacerbated the problem.
I've since switched to trackballs and stopped typing 18+ hours a day, and have never had a recurrance of the problem. Of course, having spent my entire life skinny as a rail, I'm hardly a lard ass, either.
I do completely agree about stretching, though. I read long ago that people should act like cats, and stretch after any period of inactivity. It's amazing how much of a boost one can get this way -- the benefits of stretching aren't just to help prevent injuries!
I hate replying to my own replies. :-)
The ISP which owns the block will transfer it to the new ISP because the new ISP says it has the paperwork. Neither ISP really cares - it's just a circuit and a routing table change to them - they actually coordinate on the BGP changes. And legitimate transfers of IP blocks does happen all the time. The actual owner doesn't care (at first) because they are not affected by the change.
*Way* too many corporations use routable IP blocks for internal networks, yet NAT those addresses going out the primary router. In order to prevent spoofing attacks, these address blocks are usually segregated at the primary router(s)/firewall(s).
/24s - total usage less than 100 boxes. The DMZ boxes had routable IP addresses in one /24 which were NAT'ed to routable IPs in the other /24 by the primary gateway! Of course, this same company was still using remnants of another /24 they haven't owned in many years (for internal production boxes) -- THAT makes for some interesting routing. ;)
The "outside" of this setup doesn't care about routing for this subnet - all internal routing for those IPs is handled by an inside box / separate set of rules. It also doesn't broadcast BGP info for the inside network.
At best, the incoming BGP would be perceived as a DoS attack - except that there is no DoS, and hence little reason to check. I'm willing to bet that few, if any, security administrators in such situations do more than block - and possibly log - these packets.
And, unfortunately, corporations with lots of IP addresses have little motivation to give them up. My last employer owned two
But it's still a far cry from "enough virtual real estate to serve the City of Angeles". ;)
The fake phone call is good in other situations, too. Erratic drivers, for example, are good targets. In person I mostly find that's a little too passive aggressive for me; there's usually little passive about my aggression. ;)
I can see why you posted as AC. :-) You, like so many others, appear to have missed the fact that disclosure *is* part of the proposed process. Ok, so you can't generate IDS sigs until it's too late to do any good. If you're relying on the likes of BugTraq for that purpose, you're far better off letting someone with the appropriate resources do it for you.
As a personal aside, 'not being an admin' is unrealistic, even though I am not currently employed in that role, other than for my personal, locally-hosted domain(s). That's sort of like 'not being a geek', or 'not being gay'.
Security is indeed not fakable, and as for your last question, the last placed I sniffed traffic had dual T3s. Just dumping the logs for a days worth of traffic to a remote box for viewing took a *long* time. As for knowing what to look for, this site regularly captured *all* traffic - period. I only had occasion to poke for a few needles in these particular haystacks, so I never e.g. wrote a Perl script to eliminate obvious, legitimate traffic - but filters are a trivial exercise. And with the data stored on disk, you can analyze it just as many ways as you like.
P.S. Yes, I often hold contradictory views. However, my original objection was based not so much on the concept of limiting information, but moreso the specific objections raised by the original poster.
And this is +3, Insightful? Plus +3, Funny I could believe.
*YOU* may want the store(s) to provide you with more of the things you like. Personally, I'd rather make the decision about what things I like or to which I choose to be exposed.
As for Walmart irritating customers, a) they don't care - they've already driven all the competition out of business, and b) most of their customers won't ever even know what an RFID is, let alone the implications.
It's not that I have an attitude problem , but I sometimes *deliberately* shop in these stores, simply so I can ignore the person standing by the door.
;)
;) /. thread. Perhaps if everyone ignored these people, the stores would find better alternatives to their security issues, and stop hassling us all. And for the record, I have never stolen anything from these stores, through whatever mechanism.
To the person who said 'give these people a break, they're just doing their jobs', I say that's nice, but how does it affect me? If they ask to see my receipt / bags, I "just say no", and keep walking. If they say anything else, I usually just laugh (and keep walking). If they get belligerent, I don't mind taking a minute or two to explain to them about the potential civil penalties for unlawful restraint, or exactly what *their* rights are as regards their jobs. (I.e. they can make a citizen's arrest like anyone else, and durn little otherwise.) Only once have I needed to (verbally) advise one (rather large, angry) gentleman that I was armed, and he would not enjoy the end result of a physical confrontation. When he backed down and threatened to call the cops, I pulled out my cell phone and offered to lend it to him. (I'm amused by the strangest things.
I hope that more people learn about their rights in these stores as a result of this (mostly off topic
I have to disagree with much of your post. As you yourself said, anyone can do security. And there is nothing in this proposal per se that would prevent any of your stated goals. Reading reports of others' exploits is hardly the way to build a career. If it comes to that, better you should seek out the exploits themselves, and do your own analysis, just like these people. (And the proposal *does* require the vendor to maintain a publically accessible repository of vulnerabilities.)
;). However, the only thing that is stopping me from using that knowledge to exploit the exploits, as it were, is me. And my firewall regularly provides me with IP addresses of apparently wormed boxes on which I could practice....
;) taught me a lot about physical security (or lack thereof), just as learning about computer exploits has educated me in network security. (Site security is another issue - given anyone physical access to most machines, and all bets are off.)
I'm also of mixed minds on the administration issue. What good does it do for an admin to know that there is a potential exploit in a must-be-open service, for which there is no current fix? Counter intrusion and intrusion detection systems should already be in place. There is some seeming value in being more alert, although I would argue that this is actually counter-productive. Only 'caring' about exploits which have been made public leaves one more vulnerable for those that have not.
That said, the admin in me personally *does* want to know as much as possible, fix or no. (Particularly since my programming side could attempt a hack in a worse-case scenario.) And I do enjoy casual reading about exploits and their techniques, just as I periodically peruse the NTSB airplane accident database (the latter also not being the way to build an airline career
The dual-edged sword of knowledge is particularly sharp where it comes to security exploits, of any kind. However, I still prefer to live in the kind of world where I can order lock picks and related materials. Learning to pick locks (my own
I honestly don't think that even a complete implementation of this proposal would significantly change anything, though. The exploits are there for anyone with a sniffer, and I'm sure there are plenty of 'grey hats' around who would be willing to step into any public information gap left by players in such a new world.
I'm not poor (although I'm working on it ;), and have had a cable hookup for some 20 years now. Last year I found myself in my attic, installing the dreaded broadcast antenna, as the only way to receive HDTV signals.
There won't be sufficient economic incentive/pressure for the cable/sat providers to dedicate bandwidth for HDTV signals for some time to come, meaning the number of people using the broadcast signals is actually likely to rise, at least in the short term.
You make good points, right up to the point where our brain-dead legislature *requires* the use of proprietary M$ protocols. (This has already been discussed on /.; I'm just too lazy to chase the link.)
;).
Think it can't happen? Two years ago, I would have sworn that it would never be legal for the government to spy on you without so much as a court order, nor that private organizations (e.g. the RIAA) would have the legal right to DDoS my machines - even if that means that I pay more for the bandwidth they use. Is it such a stretch to envision M$ getting a foothold in with some DMV, USPS, passport office, FMHA, etc., and slowly tightening the screws to include other agencies?
Some people may think that the story about the state legislature that proposed changing the value if Pi to 3.0 'to make the math easier' is anecdotal. Sadly, it is not (but again, I'm too lazy to chase the link for you
However, you've missed the point. "8CNB5 Q8Z4R" is *not* simply NAC GP's _postal code_ -- it is the entirety of their address.
An envelope addressed to them need only contain those ten characters -- _nothing else_ -- for delivery.
I also suspect that, were a system such as this to go into wide usage, people would soon pick up on the major identifiers in the block.
Even as anti-M$ as I am personally, I'd still love to be able to store customer information - and ship products - in a short, universal format. And the product backing _does_ make its acceptance more possible...
First, just a note about stray RF and airplanes in general. It's actually pretty easy to demonstratably affect the instruments in the cockpit by waving your average transceiver around close enough to said instruments.
Part of this is the fact 90% (or more) of any average aircraft consists of 20-30 year old technology. The certification procedure for anything in the aviation world is torturous, at best. It is NOT possible to get a new aircraft certified in a time frame measured by a device more granular than a calendar. (Multiple calendars.)
If you think ISO-9000 certification is a painful ripoff, you haven't seen anything until you've watched the FAA at work. Almost all of the obstacles which have been overcome in the field of aviation either originated with the military, or came about before the government (and the lawyers) slowly strangled the industry to death.
And perhaps the issue is not as simple as it seems. With fly-by-wire systems and wiring harnesses that would choke an elephant, how does one go about 'hardening' the system? Every last cubic millimeter of space is already crammed full of *something*....
But say they announced a new design today which met all the criteria. It would still take 3-5 years before you could buy one, and longer than that before the airlines would be able to afford to ditch their current fleets and start over.
Not to say that we shouldn't start thinking that far down the road, but that doesn't solve the problem in the meantime.
You know what they say -- everybody's got an opinion, and they all......
I didn't see any mention to quasar (www.linuxcanada.com), here or on madpenguin.
Quasar is a) free, b) runs on both Linux and Windows and is c) multi-user. Some of its add-on modules are available for a *VERY* nominal cost, but the base product is fairly comprehensive, and even looks depressingly like its Winblows-inspired ilk.