THIS is exactly why we have so many exploits available in systems today. We have too many 'coders' who have no idea of how the underlying system functions. In the company where I am currently employed, there are individuals who are writing code for new services that don't know what a TCP 3-way handshake is. IT is the only profession on the planet which does not have a governing body of any sort. There are no exams, no licensure requirements, no educational requirements. Nothing. Anyone who can convince a hiring manager, who themselves is unlikely to be versed in technology, that they "know what they are doing" can be hired into a position of impact. And we wonder why software written today is so bloated and filled with exploits. What did you expect?
And you all missed the point. You focused on the story that occurred back in the late nineties when people used to plug their Win95 machines directly into the broadband modem.
THE POINT WAS that inoculation is a valid response to security threats. If the malware perpetrators can take control of a PC behind a corporate firewall, there is nothing stopping that from being less about exploitation and more about service. Furthermore until we in the profession of IT give up our dependence on reactive techniques to deal with security threats, and move in the direction of actively recapturing the BOTs being used against us, we will continue to have an unending list of major security breaches.
How long do you think it will go before the government steps in and begins the process of setting up regulation?
This is the first published report I've seen regarding a technique I've been promoting for a decade. Inoculation. If you find an infected machine, take control and fix it. Slashdot commenters universally reply to this technique with sarcasm, warnings of legal action or downright vitriol but the technique stands as the only way to move forward. The best defense after all is an offense and all current and future planned security activities are reactive in nature. As long as you wait for all the other machines to be patched and comply with security best practices, you will never stop waiting and your services will be under attack. There was a small script I wrote a number of years back when I first got broadband access at my home. My firewall was being inundated by attacks from the metro loop so I wrote something that scanned the source IP for well-known exploits. If one was found, it used said exploit to take enough control to put a system level dialogue box up that said "Your machine has been infected by a virus - please fix this immediately", and then listed the virus it used to gain access. This ran for about a month until my provider called me and asked me to desist.
A decade ago I had a discussion with my then boss about how to respond to inbound attacks. It was clear then that the current methods of defense were wrong by any measure you care to use. They haven't gotten any better in a decade. They've only increased in cost and complexity. The basic failure can be demonstrated by the metaphor of feudal Europe, since I know all of you are aware of your western civ history. Our current defense methods are akin to various forms of dumping molten lead onto the Visigoths below are 'fortified' walls. The problem is that the Visigoths are already in our land, destroying things along their way to the castle. Of course the metaphor breaks down because these Visigoths replicate in place; get stronger, faster and more sinister in their siege weapons with nothing more than the passage of time and no matter how many we disable there are always more than there were a minute ago.
So what to do? Given that the attack is always through an intermediate entity, I propose using a biological analog to address it. Treat it is a diseased state and execute a vaccination. Since the intermediate system has already been compromised, as is demonstrated by the fact that it is currently an intermediate for an attack, it would be best to rest control of it from its current commander. We can certainly discuss what that means or how to accomplish it, but that is the best solution. Remove the Visigoths from battle rather than attempting to thwart their attack on us. The other side of this equation, and the thing its success depends on is automation. The takeover system must be able to respond to the attack within a few packets and rest control a short time later. Otherwise you have accomplished nothing. Waiting until the entire village is infected with Ebola before you send in the inoculant will only result in more deaths. Waiting for a human being to respond is similarly inappropriate in this situation.
This is not an attack. It is a method of removing resources from an attacker. If the takeover were done correctly, say leaving the affected machine in a state where it was no longer vulnerable to the exploit the attacker used originally to take control, you have in fact helped the Internet over all. You have inoculated another machine and the pool of available resources to attackers has diminished. If you can do it fast enough you can rest an entire farm from its nefarious controlling entity and put them back at square one. This method levels the playing field as every attack is therefore a chance to lose all your resources. It requires no coordination to execute, no notice since the machine is already infected, and there is no data breach involved.
My personal laptop is setup to wipe itself if you fail to give the correct credentials enough times. "No" you may not have my password, or better yet, "Password99" Try using that one a few times;-) Of course there are things like Google Docs, so there isn't anything on the machine itself. I can stop at a store on the way home from the airport, pick up a cheap replacement and be back in business in the time it takes to logon to a hotspot. And I don't have anything to hide. This whole process was setup when I lost a machine a while back. The machine is now immaterial. So go ahead and take my 'portal'. You'll get nothing, and I'll be in touch with my lawyer before you can even attempt a second login.
The implied objective noun (I intended) was of the NSA, not the records themselves.
IMHO I think the collection of data such as that which the NSA has gathered is in no way legal in any way. See 1st and 4th amendments. Given that, the possible utility of the data is by no means sufficient cause to allow it to continue to exist. We either are a society that follows the rule of law, or we are not. If our highest governmental agencies can't comply with our constitutionally guaranteed rights, how are we the people supposed to have any faith in our government. If they can ignore any law at any point for their convenience, how our we then protected from abuse?
"Outside of our borders, the NSA's more aggressive. It's not constrained by laws"
Uhm, I guess the laws of foreign countries, and international law don't apply to our spy organizations. I'm also sure the constraint of our laws (1st Amendment, 4th Amendment) can be ignored at will as well. After all we are just trying to find all the terrorists, right ?!? (You know like the First Unitarian Church of Los Angeles - https://www.eff.org/press/releases/five-more-organizations-join-eff-lawsuit-against-nsa-surveillance)
As Ben Franklin put it, "They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." - http://en.wikiquote.org/wiki/Benjamin_Franklin
We need to simply shut down the NSA altogether, burn their records in effigy, and recall every elected official who ever voted in favor of their activities, or their funding.
It's a NEMA 5-15 or possibly NEMA 5-20 receptacle. So limit is 10A (average) draw before the breaker would trip (or 16A for a 20). There is no 40A receptacle.
Those who are employed as public servants, be they police or fire or even plain old government workers, should expect to be held to a higher standard. You are working for the public, not some company or even some NPO. You work for everyone. With that comes an additional level of responsibility, and thus additional scrutiny. I find it disturbing when a police cruiser is being driven recklessly, particularly when the lights aren't flashing. I similarly find it amusing that police don't want to be monitored - given recent stories about officers caught spending their patrol time sleeping. (Do a Google search. Its rampant enough that you'll find plenty of hits) If the GPS says the cruiser hasn't moved for the past 60 minutes, we probably know what's going on. As to the remarks herein about attitudes of officers towards the citizenry, I concur. Every interaction I've had with uniformed officers has been identical. I'm the idiot for asking directions. I'm the one at fault for whatever is their current interest. I'm the criminal. I'm the one that needs to be 'dealt with'. Whatever happened to "Serve and Protect"? Finally, we have far too many police. If the only thing your officers have to do is to sit along side the roads and point a radar gun, then you have too many police. Police unions will never back down from forcing city and county governments to hire ever more patrolmen. It is counter to their interests. However the number of patrolmen on staff should be dictated by the crime rate and the response requirements of the community - not its population.
This box was built with off the shelf components and runs on an open source plaform. Your passwords are not effective. I don't care how much thought and obfusction you think you've injected into them, how long they are or how often you change them. It no longer matters. What we need to do now is change the game. We need to remove the human element. We need to automate. And by that I mean much more than scripting changes. We need to automate compliance. Devices have stipulated software and configuration based on the service they provide, and a system exists which enforces that stance. Just because you know the administrator or root password, doesn't mean you can load software onto the server. Just because you know the enable password doesn't mean you can change the router configuration. You may be able to cause a change to occur, but the system will roll it back or unload that software if it violates the policies that govern that device. If your PC sundennly starts blasting out traffic to all sorts of Internet addresses, your switch port gets turned off, or your wireless session gets dropped.
The idea is that humans, engineers and administrators tell the supervisory system how the services, and devices should behave; what components and configuration details they should exhibit and on what schedule changes can be performed. But a human NEVER makes a change. If they do, it's undone, removed, uninstalled or otherwise mitigated to return the device to its prescribed state. A very simple clustering/voting kind of setup could keep the supervisory system itself in its prescribed state.
This has the added benefit that the new slave labor situation present in nearly every IT department comes to an end. No longer are junior engineers relegated to performing endless mindnumbingly simplistic operations that are of litle actual value to the organization, add nothing to the engineers resume and are mostly done poorly. Humans are allowed to do what they do best. Think. Plan. Design. And computer systems take on the job that THEY do best. Execute.
The final line of the paragraph scares me to death - I haven't met a programmer whom I'd turn loose on a DNA construction. It would be like handing a loaded, fully-automatic weapon, with the safety ground off, to a three-year-old; or asking them to complete a fully distributed ERP system written in assembler. Just because we CAN do something doesn't mean we SHOULD. Perhaps if we constructed a complete corpus of biological effects, and dependencies of all currently known sequences (yeah right, like we're going to sequence every living organism on the planet) we could at least reasonably predict what the effect of NEW sequences might be. Until then the human race is the three-year-old. The gun is loaded. (waiting for the bang...)
The reason we don't trust e-Voting is because we don't trust IT. For that WE are at fault. We (those of us in the IT industry, and I'll assume the majority of/. readers are in that camp) have failed to govern ourselves like other professions have. Yes we are a new profession. Yes we've had explosive growth over the past 20 years. Yes we've done a lot of good over those years, both for productivity in general and in what kinds of things can be accomplished at all. We have however failed to become a respected profession. We have spent too much time trying to explain technology to non-technical people, and too little time making it work for them. We have failed because we've allowed the market to drive entrance into our profession rather than limiting entrance to qualified professionals. We have failed because there are non-technical people in our ranks. Other professions such as Law, Medicine or even Accountants have an organization that not only lobbies for the benefit of the organization as a whole, but also limits entrance to new members. If it sounds like I'm trying to be elitist I am not - I'm trying to get to the same point that doctors and lawyers (and CPA's) have in their professions. You cannot practice law simply because you've passed an online multi-choice quiz, or five of them. You cannot practice medicine because you spent six months or two years at a 'medical' school. You have to be educated. You have to go through a process of review. You have to prove your worth. Why do we think IT is any different? I've said this before on other posts - We need a guild. We need an organization that can vouch for our capabilities without being tied to a vendor. Do xray technologist in a hospital get a Certification from the xray machines vendor? Would you expect a tax layer in the state of Ohio to know something about taxes at the federal level, or in another state? If a CPA only knew how to perform work in Quick Books, would anyone hire them? I see this article as a call to all technologists - know that your 'honeymoon' is nearing an end. We can choose to ignore that fact and eventually have our skills relegated to commodity status, or we can take action NOW and begin the effort to self regulate. We will be regulated, as this piece demonstrates. We only get to choose self regulation for a little longer, than we'll lose that option. Which do you want to work under? Dennis Dumont
For those of you who either didn't take Physics, or slept through it, Watts and BTU's/hr are both measurements of POWER. Add up all the (input) wattages, and use something like http://www.onlineconversion.com/power.htm/ to convert. This site also has a conversion to 'tons of refrigeration' on that same page. Also note - Don't EVER user the rated wattage of a power supply because that's what it SUPPLIES, not uses. Instead use the current draw multiplied by the voltage (US - 110 for single phase, 208 for dual phase in must commercial blgs, 220 only in homes or where you know thats the case). This is the 'VA' [Volt-Amps] unit. Use this number for 'watts' in the conversion to refrigeration needs. Just FYI - a watt is defined as 'the power developed in a circuit by a current of one ampere flowing through a potential difference of one volt." see http://www.siliconvalleypower.com/info/?doc=glossary/, i.e. 1W = 1VA. The dirty little secret about power calculations is that there is another factor thrown in, typically about 0.65, called the 'power factor' that UPS and power supply manufacturers use to lower the overall wattage. That's why you always use VA (rather than the reported wattage) because in a pinch you can always measure both voltage and amperage(under load). Basically do this - take all the amperage draws for all the devices in your rack/room/data center, multiply them by the applied voltage for that device (110 or 208) and add all the products together. Then convert that number to tons of refrigeration. This is your minimum required cooling for a lights out room. If you have people in the room, count 1100 BTU's/hr for each person and add that to the requirements (after conversion to whatever unit you're working with). Some HVAC contractors want specifications in BTU's/hr and other want it in tons. Don't forget lighting either if its not a 'lights out' operation. A 40W florescent bulb means its going to dissipate 40W (as in heat). You can use these numbers directly as they are a measure of the actual heat thrown, not of the power used to light the bulb. Make sense?
Whenever I read, "protection 'against all types of threats, both known and unknown'" - all I can do is laugh. I realize that MBA's write articles like this, not technologists but come on, am I the only one that sees the logical fallacy in that statement?
Not everything can be addressed through technology. This is such a case. Note that the original error was with a human being that chose to be duped by a phishing expedition. In most of the cases the fatal flaw in any data security design is the people who run it. My point is simply this. Training hours spent with each employee about how to recognize and respond correctly to online threats would have been a more effective and likely cheaper alternative to whatever their last security initiative was. Conversely testing or "job skill validation" that prevents people likely to do stupid things from getting enough clearance to have an email address on the corporate server - would also be effective. The problem with modern operating systems is that they allow people to think they know how to run a computer. Vista says, "Shall I allow trojan.exe to run?" User says to self, "Self, I have no clue what that is, so I better let it run." Anyone else see a problem with leaving immediate security questions to be answered by the person who happens to be at the keyboard? IMHO Technology is not and should not be thought of as, the solution to all problems. Dennis Dumont
High speed communications does not solve the issue of the speed of light limit. Latency measured in seconds can be achieved simply by bouncing a signal off an orbiting satellite. Even sub-second latency that you'd get by crossing a few states, or an ocean, would be enough to be the difference between stopping the scalpel before it nicked the heart muscle - or not. Without fully confining the motion within the scope of the area of treatment - i.e. the robot has to know what its doing and must know when to stop, or move, or adjust - any attempt would be a disaster. I know we do things now with remote operation in hazardous environments, like inside a nuclear reactor core, but lets not forget that metal cans and uranium pellets have significantly more structural stability and tensile strength than does anything organic. I think this is one of those quantized realms where the technology is completely ineffective until its perfect. I haven't seen perfect yet, and I'm not going under the knife of anyone (or thing) that doesn't breath. Just MHO. Dennis Dumont
You clearly missed the point. This is not about YOUR car; its about a public transit system where you use a community car to get where your going, then plug it into a recharge/rental kiosk at your destination. They're trying to solve the issue of bus and train lines getting close to your destination, but not that close.
The issue I see is how has this solved the problem they're trying to address? If you have to deposit the vehicle at a kiosk to get your deposit back, then unless there's a kiosk on every corner you'll have the same issue of walking every time you take a one-way trip. If you used it like a commuter service, then you'd have to set up large parking lots tied to stations of the vehicles. They didn't mention this in the article so I don't tink they were trying to fix commuting.
I suppose if you HAD a kiosk on EVERY corner in say New York, NY, then it would be okay. But isn't that an awfully large adoption ratio to assume? I suppose you could augment existing train service with kiosks at every stop, but again they didn't mention that in the article.
I think its interesting, and certainly worth pursuing as a technology, but I think someone with a little marketing savvy needs to take a look at how this fundamental change in how we think about vehicles can be adapted into our various psyches.
Since we cannot in the real world take things, "as it approaches infinity" that's where the discrepancy falls in. Keep in mind that all things physical have limits, and are at some point quantized. Air pressure waves, since they involve MASS have the same quantizing limitations of any other physical medium. Yes it is true that the resolution of air pressure waves is significantly greater than the quantized frequency responses and volume detection of the human ear. That doesn't mean its truly 'analogue' in the sense of the calculus integration. Nothing physical can "approach infinity".
Although a digital representation cannot completely represent an analogue waveform, it is true that it can: - produce an approximation that differs from the original by less than can be detected by the human ear, which does have its limits - produce an approximation that is BETTER than a recording made in a physical medium.
The issue with recording on a physical medium - irrespective of type or method, is that the stylus (whatever it may be) has mass. As such it is subject to Newton's first law and will resist changes to its momentum. This will have the audio effect of diminishing the frequency response in proportion to the frequency. This attenuation of the high end of the audio spectrum is what gives vinyl its 'richer' sound - NOT that it is more faithfully approximating the original sound wave.
Remember EVERYTHING is an approximation - including the pressure wave in the air that was the original transcription from the instrument.
There are so many implications herein and many of you have already picked up on them: - Microsoft should not endow bad HTML with processing - AV software should use the same bad techniques that browsers use to evaluate code - A large mass of web content was developed by amateurs who published broken code
Doesn't it seem we are chasing after the wind here? Bad code leads to worse code leads to unmanageable chaos. Why are we still looking at this from a denial standpoint. Winblows major flaw is its security stance, "Everything is permitted except that which is expressly denied". No other system every developed on the planet is such a whore. The correct stance is, "Everything is DENIED except that which is expressly allowed - and I don't trust 'you'".
Personally I think browsers should NOT be forgiving. Why should something so broke as to violate the language syntax work in any way? Why leave room in our 'allow' statements for someone with a brain to get by our defenses? Why should we continue to support amateur developers, amateurish code and web development shops populated with high school dropouts who've taken a class at the community college?
Why is this industry the only one wherein someone without merit can enter unfettered into the marketplace, and publish. Why don't we have more respect for our own industry then that?
If the only factor you have in purchasing hardware for your business is the initial capital outlay ($50), then you are missing about 80% of the total cost of ownership (TCO) for your IT expenses. Perhaps you are a VERY small business and your three laptops sharing a Linksys wireless gateway to the cable modem are all you need. Good for you! If your business ever grows, keep in mind things like administrative loading (the cost of the time for administrators to keep the servers and desktops running) and cost of failure (the productive time lost while all the PC's are being wiped and reloaded after a virus infestation). Hardware is cheap. People to run it cost money.
>Yep, Token Ring was indeed more efficient. Good luck reviving it.
Token Ring (spitting) was only more efficient as compared to the original ethernet specification, with all of its collisions. Once we went to a switched architecture and reduced all conversations to two participants that advantage evaporated.
Remember this, being deterministically bad is still bad. Have you ever been on a ring with > 200 nodes? Don't.
Ethernet won because it was cheap. It beat token ring to switching. It beat everything else to get to 100Mbps. Now with 1Gbps and 10Gbps firmly entrenched in the market I look forward to deploying 100Gbps links.
Ethernet is (and was) better.
Dennis Dumont P.S. I've already scavenged all of my lobe cables for their copper.
Slashdot Mirror
THIS is exactly why we have so many exploits available in systems today. We have too many 'coders' who have no idea of how the underlying system functions. In the company where I am currently employed, there are individuals who are writing code for new services that don't know what a TCP 3-way handshake is.
IT is the only profession on the planet which does not have a governing body of any sort. There are no exams, no licensure requirements, no educational requirements. Nothing. Anyone who can convince a hiring manager, who themselves is unlikely to be versed in technology, that they "know what they are doing" can be hired into a position of impact. And we wonder why software written today is so bloated and filled with exploits.
What did you expect?
And you all missed the point. You focused on the story that occurred back in the late nineties when people used to plug their Win95 machines directly into the broadband modem.
THE POINT WAS that inoculation is a valid response to security threats. If the malware perpetrators can take control of a PC behind a corporate firewall, there is nothing stopping that from being less about exploitation and more about service. Furthermore until we in the profession of IT give up our dependence on reactive techniques to deal with security threats, and move in the direction of actively recapturing the BOTs being used against us, we will continue to have an unending list of major security breaches.
How long do you think it will go before the government steps in and begins the process of setting up regulation?
This is the first published report I've seen regarding a technique I've been promoting for a decade. Inoculation. If you find an infected machine, take control and fix it. Slashdot commenters universally reply to this technique with sarcasm, warnings of legal action or downright vitriol but the technique stands as the only way to move forward. The best defense after all is an offense and all current and future planned security activities are reactive in nature. As long as you wait for all the other machines to be patched and comply with security best practices, you will never stop waiting and your services will be under attack.
There was a small script I wrote a number of years back when I first got broadband access at my home. My firewall was being inundated by attacks from the metro loop so I wrote something that scanned the source IP for well-known exploits. If one was found, it used said exploit to take enough control to put a system level dialogue box up that said "Your machine has been infected by a virus - please fix this immediately", and then listed the virus it used to gain access. This ran for about a month until my provider called me and asked me to desist.
A decade ago I had a discussion with my then boss about how to respond to inbound attacks. It was clear then that the current methods of defense were wrong by any measure you care to use. They haven't gotten any better in a decade. They've only increased in cost and complexity. The basic failure can be demonstrated by the metaphor of feudal Europe, since I know all of you are aware of your western civ history. Our current defense methods are akin to various forms of dumping molten lead onto the Visigoths below are 'fortified' walls. The problem is that the Visigoths are already in our land, destroying things along their way to the castle. Of course the metaphor breaks down because these Visigoths replicate in place; get stronger, faster and more sinister in their siege weapons with nothing more than the passage of time and no matter how many we disable there are always more than there were a minute ago.
So what to do? Given that the attack is always through an intermediate entity, I propose using a biological analog to address it. Treat it is a diseased state and execute a vaccination. Since the intermediate system has already been compromised, as is demonstrated by the fact that it is currently an intermediate for an attack, it would be best to rest control of it from its current commander. We can certainly discuss what that means or how to accomplish it, but that is the best solution. Remove the Visigoths from battle rather than attempting to thwart their attack on us. The other side of this equation, and the thing its success depends on is automation. The takeover system must be able to respond to the attack within a few packets and rest control a short time later. Otherwise you have accomplished nothing. Waiting until the entire village is infected with Ebola before you send in the inoculant will only result in more deaths. Waiting for a human being to respond is similarly inappropriate in this situation.
This is not an attack. It is a method of removing resources from an attacker. If the takeover were done correctly, say leaving the affected machine in a state where it was no longer vulnerable to the exploit the attacker used originally to take control, you have in fact helped the Internet over all. You have inoculated another machine and the pool of available resources to attackers has diminished. If you can do it fast enough you can rest an entire farm from its nefarious controlling entity and put them back at square one. This method levels the playing field as every attack is therefore a chance to lose all your resources. It requires no coordination to execute, no notice since the machine is already infected, and there is no data breach involved.
The real question is can it be done?
Give me a minute.....
Example my friend, not actual. I'm not an idiot.
My personal laptop is setup to wipe itself if you fail to give the correct credentials enough times. "No" you may not have my password, or better yet, "Password99" Try using that one a few times ;-)
Of course there are things like Google Docs, so there isn't anything on the machine itself. I can stop at a store on the way home from the airport, pick up a cheap replacement and be back in business in the time it takes to logon to a hotspot.
And I don't have anything to hide. This whole process was setup when I lost a machine a while back. The machine is now immaterial.
So go ahead and take my 'portal'. You'll get nothing, and I'll be in touch with my lawyer before you can even attempt a second login.
The implied objective noun (I intended) was of the NSA, not the records themselves.
IMHO I think the collection of data such as that which the NSA has gathered is in no way legal in any way. See 1st and 4th amendments. Given that, the possible utility of the data is by no means sufficient cause to allow it to continue to exist. We either are a society that follows the rule of law, or we are not. If our highest governmental agencies can't comply with our constitutionally guaranteed rights, how are we the people supposed to have any faith in our government. If they can ignore any law at any point for their convenience, how our we then protected from abuse?
No I want all records actually destroyed, but I think a few of us would like to dance around the blaze.
"Outside of our borders, the NSA's more aggressive. It's not constrained by laws"
Uhm, I guess the laws of foreign countries, and international law don't apply to our spy organizations. I'm also sure the constraint of our laws (1st Amendment, 4th Amendment) can be ignored at will as well. After all we are just trying to find all the terrorists, right ?!? (You know like the First Unitarian Church of Los Angeles - https://www.eff.org/press/releases/five-more-organizations-join-eff-lawsuit-against-nsa-surveillance)
As Ben Franklin put it, "They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." - http://en.wikiquote.org/wiki/Benjamin_Franklin
We need to simply shut down the NSA altogether, burn their records in effigy, and recall every elected official who ever voted in favor of their activities, or their funding.
4) I'm not engaged in any activity that even the most bored NSA spy would find interesting. Although, perhaps that tin (Al) foil hat design.....
It's a NEMA 5-15 or possibly NEMA 5-20 receptacle. So limit is 10A (average) draw before the breaker would trip (or 16A for a 20). There is no 40A receptacle.
Those who are employed as public servants, be they police or fire or even plain old government workers, should expect to be held to a higher standard. You are working for the public, not some company or even some NPO. You work for everyone. With that comes an additional level of responsibility, and thus additional scrutiny.
I find it disturbing when a police cruiser is being driven recklessly, particularly when the lights aren't flashing. I similarly find it amusing that police don't want to be monitored - given recent stories about officers caught spending their patrol time sleeping. (Do a Google search. Its rampant enough that you'll find plenty of hits) If the GPS says the cruiser hasn't moved for the past 60 minutes, we probably know what's going on.
As to the remarks herein about attitudes of officers towards the citizenry, I concur. Every interaction I've had with uniformed officers has been identical. I'm the idiot for asking directions. I'm the one at fault for whatever is their current interest. I'm the criminal. I'm the one that needs to be 'dealt with'. Whatever happened to "Serve and Protect"?
Finally, we have far too many police. If the only thing your officers have to do is to sit along side the roads and point a radar gun, then you have too many police. Police unions will never back down from forcing city and county governments to hire ever more patrolmen. It is counter to their interests. However the number of patrolmen on staff should be dictated by the crime rate and the response requirements of the community - not its population.
This box was built with off the shelf components and runs on an open source plaform. Your passwords are not effective. I don't care how much thought and obfusction you think you've injected into them, how long they are or how often you change them. It no longer matters. What we need to do now is change the game. We need to remove the human element. We need to automate. And by that I mean much more than scripting changes. We need to automate compliance. Devices have stipulated software and configuration based on the service they provide, and a system exists which enforces that stance. Just because you know the administrator or root password, doesn't mean you can load software onto the server. Just because you know the enable password doesn't mean you can change the router configuration. You may be able to cause a change to occur, but the system will roll it back or unload that software if it violates the policies that govern that device. If your PC sundennly starts blasting out traffic to all sorts of Internet addresses, your switch port gets turned off, or your wireless session gets dropped.
The idea is that humans, engineers and administrators tell the supervisory system how the services, and devices should behave; what components and configuration details they should exhibit and on what schedule changes can be performed. But a human NEVER makes a change. If they do, it's undone, removed, uninstalled or otherwise mitigated to return the device to its prescribed state. A very simple clustering/voting kind of setup could keep the supervisory system itself in its prescribed state.
This has the added benefit that the new slave labor situation present in nearly every IT department comes to an end. No longer are junior engineers relegated to performing endless mindnumbingly simplistic operations that are of litle actual value to the organization, add nothing to the engineers resume and are mostly done poorly. Humans are allowed to do what they do best. Think. Plan. Design. And computer systems take on the job that THEY do best. Execute.
The final line of the paragraph scares me to death - I haven't met a programmer whom I'd turn loose on a DNA construction. It would be like handing a loaded, fully-automatic weapon, with the safety ground off, to a three-year-old; or asking them to complete a fully distributed ERP system written in assembler.
Just because we CAN do something doesn't mean we SHOULD. Perhaps if we constructed a complete corpus of biological effects, and dependencies of all currently known sequences (yeah right, like we're going to sequence every living organism on the planet) we could at least reasonably predict what the effect of NEW sequences might be. Until then the human race is the three-year-old. The gun is loaded. (waiting for the bang...)
Dennis Dumont
The reason we don't trust e-Voting is because we don't trust IT. For that WE are at fault. We (those of us in the IT industry, and I'll assume the majority of /. readers are in that camp) have failed to govern ourselves like other professions have. Yes we are a new profession. Yes we've had explosive growth over the past 20 years. Yes we've done a lot of good over those years, both for productivity in general and in what kinds of things can be accomplished at all. We have however failed to become a respected profession. We have spent too much time trying to explain technology to non-technical people, and too little time making it work for them. We have failed because we've allowed the market to drive entrance into our profession rather than limiting entrance to qualified professionals. We have failed because there are non-technical people in our ranks.
Other professions such as Law, Medicine or even Accountants have an organization that not only lobbies for the benefit of the organization as a whole, but also limits entrance to new members. If it sounds like I'm trying to be elitist I am not - I'm trying to get to the same point that doctors and lawyers (and CPA's) have in their professions. You cannot practice law simply because you've passed an online multi-choice quiz, or five of them. You cannot practice medicine because you spent six months or two years at a 'medical' school. You have to be educated. You have to go through a process of review. You have to prove your worth. Why do we think IT is any different?
I've said this before on other posts - We need a guild. We need an organization that can vouch for our capabilities without being tied to a vendor. Do xray technologist in a hospital get a Certification from the xray machines vendor? Would you expect a tax layer in the state of Ohio to know something about taxes at the federal level, or in another state? If a CPA only knew how to perform work in Quick Books, would anyone hire them?
I see this article as a call to all technologists - know that your 'honeymoon' is nearing an end. We can choose to ignore that fact and eventually have our skills relegated to commodity status, or we can take action NOW and begin the effort to self regulate. We will be regulated, as this piece demonstrates. We only get to choose self regulation for a little longer, than we'll lose that option.
Which do you want to work under?
Dennis Dumont
For those of you who either didn't take Physics, or slept through it, Watts and BTU's/hr are both measurements of POWER. Add up all the (input) wattages, and use something like http://www.onlineconversion.com/power.htm/ to convert. This site also has a conversion to 'tons of refrigeration' on that same page.
Also note - Don't EVER user the rated wattage of a power supply because that's what it SUPPLIES, not uses. Instead use the current draw multiplied by the voltage (US - 110 for single phase, 208 for dual phase in must commercial blgs, 220 only in homes or where you know thats the case). This is the 'VA' [Volt-Amps] unit. Use this number for 'watts' in the conversion to refrigeration needs.
Just FYI - a watt is defined as 'the power developed in a circuit by a current of one ampere flowing through a potential difference of one volt." see http://www.siliconvalleypower.com/info/?doc=glossary/, i.e. 1W = 1VA. The dirty little secret about power calculations is that there is another factor thrown in, typically about 0.65, called the 'power factor' that UPS and power supply manufacturers use to lower the overall wattage. That's why you always use VA (rather than the reported wattage) because in a pinch you can always measure both voltage and amperage(under load).
Basically do this - take all the amperage draws for all the devices in your rack/room/data center, multiply them by the applied voltage for that device (110 or 208) and add all the products together. Then convert that number to tons of refrigeration. This is your minimum required cooling for a lights out room. If you have people in the room, count 1100 BTU's/hr for each person and add that to the requirements (after conversion to whatever unit you're working with). Some HVAC contractors want specifications in BTU's/hr and other want it in tons. Don't forget lighting either if its not a 'lights out' operation. A 40W florescent bulb means its going to dissipate 40W (as in heat). You can use these numbers directly as they are a measure of the actual heat thrown, not of the power used to light the bulb.
Make sense?
Dennis Dumont
Whenever I read, "protection 'against all types of threats, both known and unknown'" - all I can do is laugh. I realize that MBA's write articles like this, not technologists but come on, am I the only one that sees the logical fallacy in that statement?
Dennis Dumont
Not everything can be addressed through technology. This is such a case. Note that the original error was with a human being that chose to be duped by a phishing expedition. In most of the cases the fatal flaw in any data security design is the people who run it.
My point is simply this. Training hours spent with each employee about how to recognize and respond correctly to online threats would have been a more effective and likely cheaper alternative to whatever their last security initiative was. Conversely testing or "job skill validation" that prevents people likely to do stupid things from getting enough clearance to have an email address on the corporate server - would also be effective.
The problem with modern operating systems is that they allow people to think they know how to run a computer. Vista says, "Shall I allow trojan.exe to run?" User says to self, "Self, I have no clue what that is, so I better let it run."
Anyone else see a problem with leaving immediate security questions to be answered by the person who happens to be at the keyboard?
IMHO Technology is not and should not be thought of as, the solution to all problems.
Dennis Dumont
High speed communications does not solve the issue of the speed of light limit. Latency measured in seconds can be achieved simply by bouncing a signal off an orbiting satellite. Even sub-second latency that you'd get by crossing a few states, or an ocean, would be enough to be the difference between stopping the scalpel before it nicked the heart muscle - or not. Without fully confining the motion within the scope of the area of treatment - i.e. the robot has to know what its doing and must know when to stop, or move, or adjust - any attempt would be a disaster.
I know we do things now with remote operation in hazardous environments, like inside a nuclear reactor core, but lets not forget that metal cans and uranium pellets have significantly more structural stability and tensile strength than does anything organic.
I think this is one of those quantized realms where the technology is completely ineffective until its perfect. I haven't seen perfect yet, and I'm not going under the knife of anyone (or thing) that doesn't breath.
Just MHO.
Dennis Dumont
You clearly missed the point. This is not about YOUR car; its about a public transit system where you use a community car to get where your going, then plug it into a recharge/rental kiosk at your destination. They're trying to solve the issue of bus and train lines getting close to your destination, but not that close.
The issue I see is how has this solved the problem they're trying to address? If you have to deposit the vehicle at a kiosk to get your deposit back, then unless there's a kiosk on every corner you'll have the same issue of walking every time you take a one-way trip. If you used it like a commuter service, then you'd have to set up large parking lots tied to stations of the vehicles. They didn't mention this in the article so I don't tink they were trying to fix commuting.
I suppose if you HAD a kiosk on EVERY corner in say New York, NY, then it would be okay. But isn't that an awfully large adoption ratio to assume? I suppose you could augment existing train service with kiosks at every stop, but again they didn't mention that in the article.
I think its interesting, and certainly worth pursuing as a technology, but I think someone with a little marketing savvy needs to take a look at how this fundamental change in how we think about vehicles can be adapted into our various psyches.
Uhm no. The vibrating sting or vocal cords, or drum head, or reed is the ORIGINAL source. Only a flute uses air directly.
As to Nyquist, if anyone thinks its EXACT, they either are ignorant, or haven't taken (or perhaps understood) calculus.
The method of approximation in Nyquist's theorem is identical to that of Calculus (integration).
See http://en.wikipedia.org/wiki/Nyquist%E2%80%93Shannon_sampling_theorem/
Since we cannot in the real world take things, "as it approaches infinity" that's where the discrepancy falls in. Keep in mind that all things physical have limits, and are at some point quantized. Air pressure waves, since they involve MASS have the same quantizing limitations of any other physical medium. Yes it is true that the resolution of air pressure waves is significantly greater than the quantized frequency responses and volume detection of the human ear. That doesn't mean its truly 'analogue' in the sense of the calculus integration. Nothing physical can "approach infinity".
Although a digital representation cannot completely represent an analogue waveform, it is true that it can:
- produce an approximation that differs from the original by less than can be detected by the human ear, which does have its limits
- produce an approximation that is BETTER than a recording made in a physical medium.
The issue with recording on a physical medium - irrespective of type or method, is that the stylus (whatever it may be) has mass. As such it is subject to Newton's first law and will resist changes to its momentum. This will have the audio effect of diminishing the frequency response in proportion to the frequency. This attenuation of the high end of the audio spectrum is what gives vinyl its 'richer' sound - NOT that it is more faithfully approximating the original sound wave.
Remember EVERYTHING is an approximation - including the pressure wave in the air that was the original transcription from the instrument.
There are so many implications herein and many of you have already picked up on them:
- Microsoft should not endow bad HTML with processing
- AV software should use the same bad techniques that browsers use to evaluate code
- A large mass of web content was developed by amateurs who published broken code
Doesn't it seem we are chasing after the wind here? Bad code leads to worse code leads to unmanageable chaos. Why are we still looking at this from a denial standpoint. Winblows major flaw is its security stance, "Everything is permitted except that which is expressly denied". No other system every developed on the planet is such a whore. The correct stance is, "Everything is DENIED except that which is expressly allowed - and I don't trust 'you'".
Personally I think browsers should NOT be forgiving. Why should something so broke as to violate the language syntax work in any way? Why leave room in our 'allow' statements for someone with a brain to get by our defenses? Why should we continue to support amateur developers, amateurish code and web development shops populated with high school dropouts who've taken a class at the community college?
Why is this industry the only one wherein someone without merit can enter unfettered into the marketplace, and publish. Why don't we have more respect for our own industry then that?
We need a guild.
Dennis Dumont
If the only factor you have in purchasing hardware for your business is the initial capital outlay ($50), then you are missing about 80% of the total cost of ownership (TCO) for your IT expenses. Perhaps you are a VERY small business and your three laptops sharing a Linksys wireless gateway to the cable modem are all you need. Good for you! If your business ever grows, keep in mind things like administrative loading (the cost of the time for administrators to keep the servers and desktops running) and cost of failure (the productive time lost while all the PC's are being wiped and reloaded after a virus infestation). Hardware is cheap. People to run it cost money.
>Yep, Token Ring was indeed more efficient. Good luck reviving it.
Token Ring (spitting) was only more efficient as compared to the original ethernet specification, with all of its collisions. Once we went to a switched architecture and reduced all conversations to two participants that advantage evaporated.
Remember this, being deterministically bad is still bad. Have you ever been on a ring with > 200 nodes? Don't.
Ethernet won because it was cheap. It beat token ring to switching. It beat everything else to get to 100Mbps. Now with 1Gbps and 10Gbps firmly entrenched in the market I look forward to deploying 100Gbps links.
Ethernet is (and was) better.
Dennis Dumont
P.S. I've already scavenged all of my lobe cables for their copper.