Right, if you need to borrow to buy a $50k car, you should instead just be spending $15k on a perfectly serviceable car
Well, you COULD reduce cost to $15k to buy just a serviceable car, But many people will have less personal satisfaction with what the serviceable car has to offer. If you will derive more than $6000K worth of additional enjoyment in the vehicle per year, or more than $16 worth in additional enjoyment per day, then it is a good deal, even if you have to borrow money for the purchase.
In fact, borrowing money for the purchase is a separate issue. Even if it cost $15K; you may very well still want to borrow money for the purchase.
I don't count "autonomous cars as a subscription" as a meaningful improvement either;
Why not?
it means individuals are no longer owners of capital and are therefore giving up something important.
Presumably the subscription has to be beneficial for people to buy it....
E.G. The subscription costs less than owning a car. This means that instead of tying up your "capital" by purchasing a depreciating asset, that you get to keep that excess capital (cash) in your pocket, from which you can draw to make investments in other assets which are likely to either appreciate or maintain value and pay out benefits in dividends or interest......
It's bullshit. You should decide what is important to you and budget your annual income.
Travel expenses should be one of the slices.
You can buy a $50k car and still keep your annual Travel expenses a smaller % of your annual income by loaning out the purchase money. Then per year you include the Loan servicing costs Plus Amount of Principle that you will pay during that year.
You just need to make sure your car will last at least as long as the loan term. And those amounts stay below your desired percentage, even after adding Gas, Insurance, and Service/Repair costs.
To be fair, it would be pretty damn impossible for a long trailer to pull out on a major road without having someone slow down for it.
"Impossible" to drive safely is not a valid defense for breaking traffic laws leading to an accident.
If you are not able to operate your vehicle safely and within the rules of the road in a certain area, Then you are not allowed to be driving your vehicle in that area and need to pull over to the shoulder.
Not so fast here... What appears to have happened, is this driver found a corner-case that a collision detection system actually may not have been designed to detect.
Yes, and they should add that capability.
While remembering the fact that this Tractor trailer made an unsafe and illegal turn cutting through a highway, thus being responsible for the accident. Given the white background against white sky, the driver probably would not have seen it until too late; even if they were paying attention.
So this is still a pretty darn good track record for the Tesla.
They should probably add an eye-tracking feature to this.
And if your eyes are away from the road for more than 5 seconds, then initiate a forced hand-control-back-to-driver event.
Useful if you need to takeover for navigational purposes; however, because the car does not have a clue of how to get from Point A to Point B for locations off the map, or when GPS is down due to radio interference.
Except, the case he makes probably better be that they are non-copyrightable.....
Because in past videos he has mentioned obtaining the schematics from illegal Romanian FTP servers.
If the copy of the work you possessed before 'using' it was illegal in the first place, and used the work for commercial gain, then fair use defense will be hard.
If he gets challenged on the use of dodgy schematics in his own repair jobs, and that's not defensible, then
he could face Disgorgement of every $$$ he ever earned from repairs after he obtained those.....
I don't see why this is "front page news" at this point.
The video is all innuento. No facts. Nothing concrete. Nothing corroborated.
There is no news story!
It appears the guy is using Apple-copyrighted schematics.
IF that's their beef, then I hope Rossman takes them to task for it.
Board schematics are a factual description of a physical object.
Factual information cannot be copyrighted; 1st amendment issue. You can patent the board, but that doesn't allow you to prevent dissemination of facts..
If you have none of that shit then you are compromised. Even if you do not have ransom ware alerting you to the fact.
No.... most people have none of that "shit", And it does not mean they are compromised.
You are confusing "Insecure" and "At risk" with "Known Incident", which is ridiculous and absurd.
Weak security and lack of detective controls is not the same as already being compromised, full stop.
Also, even if you have these things; it's not necessarily going to be logged.
There are ways of evading even network Intrusion Protection devices.
There are ways of masking traffic, so it won't be logged correctly, or the malicious flows will
appear innocuous and blend into all the noise, So that even a thorough fine-comb analysis will not be
able to sort the "bad".
It will probably wind up being tunneled or reflected through another system, Or even sent out a backchannel, for example: the LTE Data service of a smartphone that some employee left careless plugged into their workstation or on the WiFi which can be reached from a compromised host.
If someone is offended by the facts, then it's high time they moved to China or Russia, where free speech is not a foundational principle of the civilization.
Study shows, when men enjoy the privilege women receive, they do even better. Study shows, when women are forced to compete while suffering from the same prejudice
The study doesn't SHOW that. The study is not inconsistent with that.
You'll need more studies with larger sample sizes and other possible variables eliminated, before that sort of conclusion could be adequately supported, if true.
It is much more difficult to wipe evidence of a hack like that in a secure system.
Malware often circumvents logging mechanisms. The "cleanup" is the copy of itself to prevent analysis, not logging data. Doing a low-level read on a file and sending the compressed version of the data somewhere else over a DNS tunnel does not produce any log entries on a file server.
The fact that ransomware was able to operate pretty much PROVES that yes it's possible the system makes arbitrary connections out to the internet. One of the first thing ransomware does is generate some key information which goes to their command and control center before files start getting encrypted.
Your arrogance belies your true ignorance in security principles..... It doesn't matter what external security systems you think are in place.
After you have found a breach so deep into your network, then obviously those systems all failed, otherwise you would not have had an intrusion incident on your hands.
then you would have to assume that such a system is in fact compromised every sing day.
When you have a network, no.... You don't initiate a breach response or treat it as an incident, as long as the appropriate security controls are in place for risk management, and you have no "signs of compromise".
You include detective controls to monitor systems, and if one of them sets off an alarm --- you look for a confirmation of compromise.
If you find confirmation of any kind, then that system "HAS A BREACH".
Once a system has a breach, then you have to assume every potential action of that system might have been abused by malware.
Unless you have definitive proof that it did not, then the assumption is anything that could have been leaked has been leaked.
When you are designing and deploying applications, Yes, you do have to make that assumption to be designing appropriately.
Every component of the network other than the one you're building might be compromised, and you have to try to make the best of it.
That's secure design.
If what you suggest is to be believed and done effectively (It's not), then your little cab company has tighter security than most banks.
Also, the terminals in a cab driver aren't general purpose computers or file servers, they're function-restricted point of sale terminals, right.
When you talk about "processes" having different access to the network; this is only possible with a Software-Based firewall, which can be sidestepped on the host itself.
The security procedures are good steps; HOWEVER, they are not nearly 100% effective, And also very often not nearly as effective against a targetted attacker as you imply they could be.
Hint: If they got the malware into a system in the first place, then "getting out" is not likely to be that big a problem.
Ah, yes..... the user had to have access to download that malware, which probably came in the form of a downloader, which had to gain access "to make whatever connections they want", in order to receive and deploy the ransomware and other payloads.
Finally, for the purposes of connecting back out, there are many possibilities.
If you're doing an investigation on a system that was malware-compromised; Then you do not have the liberty of safely assuming that they use only techniques you would know about. You do not even have the liberty of assuming they didn't leverage a firewall bug or limitation to get their traffic out without any logging.
There is no reason to assume. All malware can be decompiled and analyzed to see what it does.
No assuming it probably did is the correct action; to do otherwise is to take a biased position irrationally dismissing the real likelihood of many different things having occurred besides what you found.
Most of the reasons to think "everything that happened has been found" for a real-world system post breach; is along these lines, either:
(2) You were responsible for that system, or liability or reputation is at stake, so it's re-assuring to think the damage was limited.
(3) You were responsible for the post-breach analysis: you want the customer to feel good and not doubt your analysis.
(3) The system was in a pristine lab environment; you can review packet data-level capture logs in detail for the host And decrypt and account for every single bit the system put on the wire from the time of inception, or from the time of first breach at least.
Code you don't have a copy of cannot be decompiled and analyzed.
The malware could have been loaded by same or similar initial vector directly into RAM.
By the time the ransomware is discovered, that particular payload has already completed, and
the RAM sectors it used to occupy were re-used, or somebody rebooted the server since then,
because it was sluggish, etc, etc.
You're already too optimistic. If it's an IMAX theatre, then the projection equipment is probably going to be fitted with a proprietary interface which can only play IMAX-brand specially formatted cartridges; no DVDs or Blu-Rays for you.....
But, just where do those billions come from? Or in this case, your leasing costs?
Major telecoms are getting out of the Landline business and into the Cellular business.
The reason is not that cell phones are better technology.
The reason is that it is ridiculously profitable for them.... Land-based telephone lines have regulated pricing; Wireless and Fiber do not.
If the price controls did not exist for landlines; There would be no 3G or 4G networks.
We would still be paying $0.50 a minute for long distance, $0.10 a minute for local calls, and your home phone would be $60 a month instead of $15.
Broadband internet would start at $50 more a month and cost $0.20 a minute while connected.
All ransomware compromises ARE malware compromises, Therefore, any files accessed on that computer during infection,
Or data accessible to the operating system and programs running on a compromised computer need to be considered breached data.....
The same with any malware compromise where exfiltration could possibly have occured.
The standard of "We have no evidence proving that data was breached" needs to be specifically disallowed as a reason to
not send a breach notification.
Pro Tip: Go to finance.yahoo.com... Type in Apple's stock symbol AAPL in the Enter Symbol box.
Click the Key Statistics menu option
Find the line that says "Enterprise Value:" B is for billion
To decide how much the lawsuit should be for, take that number and add a few zeros before the decimal.
Companies want to be assured that they are going to be able to recoup those all costs (and it often takes 5+ years to roll out).
I suggest a lease which lasts for 10 years, and then after the initial period is permanently renewable on a yearly basis with a fee of:
10% of the original lease cost PLUS 15% of the gross revenue of the portion of any commercial operation utilizing the license.
Also, if another company thinks the license is more valuable and they believe they can provide something of higher utility to the public utilizing
that piece of spectrum, then every 10 years an opportunity opens to "Challenge" the lesse to request the spectrum be assigned to them.
If their intended use is Commercial, then they either require the current lesse to prove they are actively using the allocation for useful commercial purposes of benefit to the public in every County in the united states and auction starts automatically, Or the challenger makes a "Buyout" offer the FCC no less than 1.5x what the current lesse pays per year and at least 2x the current lesse's original payment, and an auction opens to decide who gets to acquire a new 10yr lease.
If the challenger's intended use is Non-Profit, such as a Public service, or as a Public WiFi offered for a personal or community interest,
then they are awarded without cost if there is demonstrable value to the public of a certain level, And the commercial operator might be denied renewal, because use for the public benefit is always to have priority for public property over profiteering, Or restrictions might be added to the commercial entity's lease making the commercial operation a Secondary user, or restricted from operating near certain regions or areas, or at certain times.
Slashdot Mirror
Right, if you need to borrow to buy a $50k car, you should instead just be spending $15k on a perfectly serviceable car
Well, you COULD reduce cost to $15k to buy just a serviceable car, But many people will have less personal satisfaction with what the serviceable car has to offer. If you will derive more than $6000K worth of additional enjoyment in the vehicle per year, or more than $16 worth in additional enjoyment per day, then it is a good deal, even if you have to borrow money for the purchase.
In fact, borrowing money for the purchase is a separate issue. Even if it cost $15K; you may very well still want to borrow money for the purchase.
I don't count "autonomous cars as a subscription" as a meaningful improvement either;
Why not?
it means individuals are no longer owners of capital and are therefore giving up something important.
Presumably the subscription has to be beneficial for people to buy it.... E.G. The subscription costs less than owning a car. This means that instead of tying up your "capital" by purchasing a depreciating asset, that you get to keep that excess capital (cash) in your pocket, from which you can draw to make investments in other assets which are likely to either appreciate or maintain value and pay out benefits in dividends or interest......
It's bullshit. You should decide what is important to you and budget your annual income.
Travel expenses should be one of the slices.
You can buy a $50k car and still keep your annual Travel expenses a smaller % of your annual income by loaning out the purchase money. Then per year you include the Loan servicing costs Plus Amount of Principle that you will pay during that year.
You just need to make sure your car will last at least as long as the loan term. And those amounts stay below your desired percentage, even after adding Gas, Insurance, and Service/Repair costs.
To be fair, it would be pretty damn impossible for a long trailer to pull out on a major road without having someone slow down for it.
"Impossible" to drive safely is not a valid defense for breaking traffic laws leading to an accident.
If you are not able to operate your vehicle safely and within the rules of the road in a certain area, Then you are not allowed to be driving your vehicle in that area and need to pull over to the shoulder.
Not so fast here... What appears to have happened, is this driver found a corner-case that a collision detection system actually may not have been designed to detect.
Yes, and they should add that capability.
While remembering the fact that this Tractor trailer made an unsafe and illegal turn cutting through a highway, thus being responsible for the accident. Given the white background against white sky, the driver probably would not have seen it until too late; even if they were paying attention.
So this is still a pretty darn good track record for the Tesla.
Any idiot on a motorcycle could win the Olympic cycling events
Nobody's claiming that Motorcycles cannot outrun Cyclists.
Somebody was implying that computers cannot outsmart humans, which is not true.
Artificial Intelligence programs CAN outsmart humans in certain domains....
There's not so far (Yet) a general artificial intelligent that can outperform humans in All domains.
They should probably add an eye-tracking feature to this. And if your eyes are away from the road for more than 5 seconds, then initiate a forced hand-control-back-to-driver event.
Useful if you need to takeover for navigational purposes; however, because the car does not have a clue of how to get from Point A to Point B for locations off the map, or when GPS is down due to radio interference.
Better if they use those resources to make the car fully autonomous instead.....
The custom inward-facing tech would be expensive to develop and get in the way of getting to level 4.
At least not at this time, see Louis' video update: there's no lawsuit, Apple & co *like* my channel???
Except, the case he makes probably better be that they are non-copyrightable..... Because in past videos he has mentioned obtaining the schematics from illegal Romanian FTP servers.
If the copy of the work you possessed before 'using' it was illegal in the first place, and used the work for commercial gain, then fair use defense will be hard.
If he gets challenged on the use of dodgy schematics in his own repair jobs, and that's not defensible, then he could face Disgorgement of every $$$ he ever earned from repairs after he obtained those .....
I don't see why this is "front page news" at this point. The video is all innuento. No facts. Nothing concrete. Nothing corroborated. There is no news story!
It appears the guy is using Apple-copyrighted schematics.
IF that's their beef, then I hope Rossman takes them to task for it.
Board schematics are a factual description of a physical object. Factual information cannot be copyrighted; 1st amendment issue. You can patent the board, but that doesn't allow you to prevent dissemination of facts..
If you have none of that shit then you are compromised. Even if you do not have ransom ware alerting you to the fact.
No.... most people have none of that "shit", And it does not mean they are compromised.
You are confusing "Insecure" and "At risk" with "Known Incident", which is ridiculous and absurd.
Weak security and lack of detective controls is not the same as already being compromised, full stop.
Also, even if you have these things; it's not necessarily going to be logged.
There are ways of evading even network Intrusion Protection devices.
There are ways of masking traffic, so it won't be logged correctly, or the malicious flows will appear innocuous and blend into all the noise, So that even a thorough fine-comb analysis will not be able to sort the "bad".
It will probably wind up being tunneled or reflected through another system, Or even sent out a backchannel, for example: the LTE Data service of a smartphone that some employee left careless plugged into their workstation or on the WiFi which can be reached from a compromised host.
If someone is offended by the facts, then it's high time they moved to China or Russia, where free speech is not a foundational principle of the civilization.
Study shows, when men enjoy the privilege women receive, they do even better. Study shows, when women are forced to compete while suffering from the same prejudice
The study doesn't SHOW that. The study is not inconsistent with that. You'll need more studies with larger sample sizes and other possible variables eliminated, before that sort of conclusion could be adequately supported, if true.
It is much more difficult to wipe evidence of a hack like that in a secure system.
Malware often circumvents logging mechanisms. The "cleanup" is the copy of itself to prevent analysis, not logging data. Doing a low-level read on a file and sending the compressed version of the data somewhere else over a DNS tunnel does not produce any log entries on a file server.
The fact that ransomware was able to operate pretty much PROVES that yes it's possible the system makes arbitrary connections out to the internet. One of the first thing ransomware does is generate some key information which goes to their command and control center before files start getting encrypted.
Your arrogance belies your true ignorance in security principles.....
It doesn't matter what external security systems you think are in place.
After you have found a breach so deep into your network, then obviously those systems all failed, otherwise you would not have had an intrusion incident on your hands.
then you would have to assume that such a system is in fact compromised every sing day.
When you have a network, no.... You don't initiate a breach response or treat it as an incident, as long as the appropriate security controls are in place for risk management, and you have no "signs of compromise". You include detective controls to monitor systems, and if one of them sets off an alarm --- you look for a confirmation of compromise. If you find confirmation of any kind, then that system "HAS A BREACH". Once a system has a breach, then you have to assume every potential action of that system might have been abused by malware.
Unless you have definitive proof that it did not, then the assumption is anything that could have been leaked has been leaked.
When you are designing and deploying applications, Yes, you do have to make that assumption to be designing appropriately. Every component of the network other than the one you're building might be compromised, and you have to try to make the best of it. That's secure design.
If what you suggest is to be believed and done effectively (It's not), then your little cab company has tighter security than most banks.
Also, the terminals in a cab driver aren't general purpose computers or file servers, they're function-restricted point of sale terminals, right.
When you talk about "processes" having different access to the network; this is only possible with a Software-Based firewall, which can be sidestepped on the host itself.
The security procedures are good steps; HOWEVER, they are not nearly 100% effective, And also very often not nearly as effective against a targetted attacker as you imply they could be.
Hint: If they got the malware into a system in the first place, then "getting out" is not likely to be that big a problem.
Ah, yes..... the user had to have access to download that malware, which probably came in the form of a downloader, which had to gain access "to make whatever connections they want", in order to receive and deploy the ransomware and other payloads.
Finally, for the purposes of connecting back out, there are many possibilities. If you're doing an investigation on a system that was malware-compromised; Then you do not have the liberty of safely assuming that they use only techniques you would know about. You do not even have the liberty of assuming they didn't leverage a firewall bug or limitation to get their traffic out without any logging.
There is no reason to assume. All malware can be decompiled and analyzed to see what it does.
No assuming it probably did is the correct action; to do otherwise is to take a biased position irrationally dismissing the real likelihood of many different things having occurred besides what you found.
Most of the reasons to think "everything that happened has been found" for a real-world system post breach; is along these lines, either:
(2) You were responsible for that system, or liability or reputation is at stake, so it's re-assuring to think the damage was limited.
(3) You were responsible for the post-breach analysis: you want the customer to feel good and not doubt your analysis.
(3) The system was in a pristine lab environment; you can review packet data-level capture logs in detail for the host And decrypt and account for every single bit the system put on the wire from the time of inception, or from the time of first breach at least.
Code you don't have a copy of cannot be decompiled and analyzed.
The malware could have been loaded by same or similar initial vector directly into RAM. By the time the ransomware is discovered, that particular payload has already completed, and the RAM sectors it used to occupy were re-used, or somebody rebooted the server since then, because it was sluggish, etc, etc.
You're already too optimistic. If it's an IMAX theatre, then the projection equipment is probably going to be fitted with a proprietary interface which can only play IMAX-brand specially formatted cartridges; no DVDs or Blu-Rays for you.....
But, just where do those billions come from? Or in this case, your leasing costs?
Major telecoms are getting out of the Landline business and into the Cellular business. The reason is not that cell phones are better technology.
The reason is that it is ridiculously profitable for them.... Land-based telephone lines have regulated pricing; Wireless and Fiber do not.
If the price controls did not exist for landlines; There would be no 3G or 4G networks. We would still be paying $0.50 a minute for long distance, $0.10 a minute for local calls, and your home phone would be $60 a month instead of $15.
Broadband internet would start at $50 more a month and cost $0.20 a minute while connected.
I thought a "breach" was "someone gained unauthorised access to data, typically a persons private data"?
After a breach, they will use some bullshit excuse like: "We have not found evidence that any customers' data has been downloaded by the intruder."
And if they did find evidence, the breach notification goes out only to the customers they found specific evidence of the attacker downloading.
All ransomware compromises ARE malware compromises, Therefore, any files accessed on that computer during infection, Or data accessible to the operating system and programs running on a compromised computer need to be considered breached data.....
The same with any malware compromise where exfiltration could possibly have occured.
The standard of "We have no evidence proving that data was breached" needs to be specifically disallowed as a reason to not send a breach notification.
Pro Tip: Go to finance.yahoo.com... Type in Apple's stock symbol AAPL in the Enter Symbol box.
Click the Key Statistics menu option
Find the line that says "Enterprise Value:"
B is for billion
To decide how much the lawsuit should be for, take that number and add a few zeros before the decimal.
Companies want to be assured that they are going to be able to recoup those all costs (and it often takes 5+ years to roll out).
I suggest a lease which lasts for 10 years, and then after the initial period is permanently renewable on a yearly basis with a fee of: 10% of the original lease cost PLUS 15% of the gross revenue of the portion of any commercial operation utilizing the license.
Also, if another company thinks the license is more valuable and they believe they can provide something of higher utility to the public utilizing that piece of spectrum, then every 10 years an opportunity opens to "Challenge" the lesse to request the spectrum be assigned to them.
If their intended use is Commercial, then they either require the current lesse to prove they are actively using the allocation for useful commercial purposes of benefit to the public in every County in the united states and auction starts automatically, Or the challenger makes a "Buyout" offer the FCC no less than 1.5x what the current lesse pays per year and at least 2x the current lesse's original payment, and an auction opens to decide who gets to acquire a new 10yr lease.
If the challenger's intended use is Non-Profit, such as a Public service, or as a Public WiFi offered for a personal or community interest, then they are awarded without cost if there is demonstrable value to the public of a certain level, And the commercial operator might be denied renewal, because use for the public benefit is always to have priority for public property over profiteering, Or restrictions might be added to the commercial entity's lease making the commercial operation a Secondary user, or restricted from operating near certain regions or areas, or at certain times.