It was the fear of being extradited to the US, either legally or by rendition, that had him worried.
Remember this was happening around the time when the US was grabbing people off the streets of Europe and sending them to black sites in 3rd countries for torture.
Have you considered the Compute Module or Zero? Even smaller, and lower power if you avoid the need for 5V and supply 3.3V directly (or LiPo 3.8-4.2V). For the CM you need your own base board, for the Zero you might be able to live with the pin header alone.
Flaws in drivers used to be attractive to malicious actors because drivers ran in the kernel and had immense power. Modern operating systems limit drivers so that the damage they can do is greatly reduced. Also helps with stability because your sound card driver crashing won't bring the whole machine down any more.
That's the key to security. Assume stuff will have bugs, isolate it, sandbox it, put layers of security in and limit the damage. A bug in the network stack should at worst crash the network stack, which while annoying is far less critical than being able to read parts of kernel or process memory.
The best minds have worked on some of this software, e.g. OpenSSL. That didn't prevent things like Heartbleed.
In engineering we acknowledge that the humans designing and building the thing are flawed, so we test extensively and look for ways to cause failures. We also develop tools that help us find potential failures at the design stage.
Software engineering should be no exception, but we don't have any equivalent of the crash safety testing we do far cars. Instead we have lots of random people, some of the with good intent and some of them malicious, doing their own testing and looking for flaws.
Imagine if our security services helped us fix all the flaws they find instead of exploiting them. Imagine if their budget was spend securing us instead of spying on us.
It would be useful if he did use a computer though, just so that he could put in to practice the things his department recommends. No better way to see how practical they are and understand the issues that prevent computer security.
The same thing happens all the time in the UK. Important jobs are given out as rewards or to groom allies of the Prime Minister. The people in charge of stuff like education, the army, Wales and of course cybersecurity are normally completely unqualified and clueless. It's the job of the civil servants to explain everything to them and handle the detail.
Yes, but Wikipedia is the biggest donation funded site and has a huge charity operation behind it. That model probably won't work for a lot of sites.
If there was a way for people to easily contribute small amounts it might work. At the moment making a 10 cent donation is impossible online, the transaction fees kill it. Maybe there could be some kind of central tip handling org that member sites could register visits with to get a cut of a larger monthly donation, but it may be difficult to secure against fraud.
The point of the funding is to pay for the development and manufacturing of the product. If they don't get the money till after the product ships, then that completely defeats the purpose.
Guaranteed sales and proof of demand may generate other investment. Few successful projects are purely crowd funded.
Any half decent browser won't benefit from AV software anyway. They are all heavily sandboxed and protected now. If the malware can get past that then the AV software probably isn't going to help anyway.
What a terrible web site. They only have photos of the items, no text descriptions of alt tags so you can't even identify some of them. And the good/bad icons are tiny and grey on white.
Some lawyers will get very rich trying to determine if a product actually shipped and the insurance should pay out. What if the product that ships doesn't meet the promised spec? That's happened a lot.
What happens if your credit rating was damaged? You might be paying more for a mortgage, or not have got one at all.
In the UK you could get restitution, i.e. they would pay off part of your mortgage or whatever other losses you suffered, as well as the amount they over-charged. Does it not work that way in the US?
Open source is an interesting one. I'm pretty hard line when it comes to the GPL... But if someone submitted a patch to enable targeting Hellfire missiles from a drone I might be tempted to tell them to fork it instead of accepting.
The scent of a perfume has long been ruled as something not protected.
So you are saying they should sell their cheese in an expensive looking bottle out of a boutique store or airport duty free area. The TV ads should feature a model dipped in milk and lounging around some villa, with a breathless voice-over announcing "Heksenkaas" as a bloke with designer stubble sniffs a cheese platter.
Honestly I think they would sell a lot of cheese if they did that. Great idea, pr0t0.
For a product it can include any or all of the following: quality, reliability, cost, profit margin, yield, time to manufacture, TCO, long term availability, certifications, MTBF, effectiveness of DRM, lack of DRM, compatibility, incompatibility, aesthetics, durability, weight, size, energy consumption, elegance, simplicity, complexity, development time...
It's not that merit isn't valued any more, it's that more factors are being considered when determining merit, and we are realizing that what we thought was a meritocracy actually failed to consider important factors while giving too much weight to others.
Disposable plastic bags used to be the preferred option. More durable, cheaper, lighter, convenient. Then we realized that plastic was becoming a problem, and that actually re-usable bags and disposable paper bags had some merits we hadn't really considered before. The convenience factor of disposable plastic bags was over-valued.
They are simply amoral and apolitical money makers.
That's why engineers must refuse to do immoral things. Not just because they are immoral, but because it can make them personally liable or get blamed when things go wrong.
I've refused to do things I felt would make critical systems unsafe. I've refused to do things that screw customers. Without wishing to blow my own trumpet too much, because I'm valuable and because I choose to work for companies that employ other people with a sense of morality I've always been listened to. In fact in every case the request was either the result of excessive cost cutting or someone not thinking through the consequences (which is what I'm paid to do, among other things).
People respect you as a professional if you are straight with them and if you stand by your principals. Well, if they don't then it's a good sign you need to find a better place to work.
Slashdot Mirror
It was the fear of being extradited to the US, either legally or by rendition, that had him worried.
Remember this was happening around the time when the US was grabbing people off the streets of Europe and sending them to black sites in 3rd countries for torture.
The PLA has some pretty good stealth aircraft actually.
Have you considered the Compute Module or Zero? Even smaller, and lower power if you avoid the need for 5V and supply 3.3V directly (or LiPo 3.8-4.2V). For the CM you need your own base board, for the Zero you might be able to live with the pin header alone.
Flaws in drivers used to be attractive to malicious actors because drivers ran in the kernel and had immense power. Modern operating systems limit drivers so that the damage they can do is greatly reduced. Also helps with stability because your sound card driver crashing won't bring the whole machine down any more.
That's the key to security. Assume stuff will have bugs, isolate it, sandbox it, put layers of security in and limit the damage. A bug in the network stack should at worst crash the network stack, which while annoying is far less critical than being able to read parts of kernel or process memory.
The best minds have worked on some of this software, e.g. OpenSSL. That didn't prevent things like Heartbleed.
In engineering we acknowledge that the humans designing and building the thing are flawed, so we test extensively and look for ways to cause failures. We also develop tools that help us find potential failures at the design stage.
Software engineering should be no exception, but we don't have any equivalent of the crash safety testing we do far cars. Instead we have lots of random people, some of the with good intent and some of them malicious, doing their own testing and looking for flaws.
Imagine if our security services helped us fix all the flaws they find instead of exploiting them. Imagine if their budget was spend securing us instead of spying on us.
It would be useful if he did use a computer though, just so that he could put in to practice the things his department recommends. No better way to see how practical they are and understand the issues that prevent computer security.
The same thing happens all the time in the UK. Important jobs are given out as rewards or to groom allies of the Prime Minister. The people in charge of stuff like education, the army, Wales and of course cybersecurity are normally completely unqualified and clueless. It's the job of the civil servants to explain everything to them and handle the detail.
Let's Encrypt offers free certs. You can install your own trusted root cert on your own machines for stuff like routers.
Wikipedia manages.
Yes, but Wikipedia is the biggest donation funded site and has a huge charity operation behind it. That model probably won't work for a lot of sites.
If there was a way for people to easily contribute small amounts it might work. At the moment making a 10 cent donation is impossible online, the transaction fees kill it. Maybe there could be some kind of central tip handling org that member sites could register visits with to get a cut of a larger monthly donation, but it may be difficult to secure against fraud.
The point of the funding is to pay for the development and manufacturing of the product. If they don't get the money till after the product ships, then that completely defeats the purpose.
Guaranteed sales and proof of demand may generate other investment. Few successful projects are purely crowd funded.
Any half decent browser won't benefit from AV software anyway. They are all heavily sandboxed and protected now. If the malware can get past that then the AV software probably isn't going to help anyway.
Do you have any evidence of this? Because so far the only credible evidence I've seen has been of fraud favouring Republican candidates.
Extraordinary claims and all that...
How does putting export restrictions on nuclear technology to China prevent China from stealing it?
Aide from anything else if they were minded to steal it they could just get it from the US direct or from other countries it gets exported to.
What a terrible web site. They only have photos of the items, no text descriptions of alt tags so you can't even identify some of them. And the good/bad icons are tiny and grey on white.
Some lawyers will get very rich trying to determine if a product actually shipped and the insurance should pay out. What if the product that ships doesn't meet the promised spec? That's happened a lot.
What happens if your credit rating was damaged? You might be paying more for a mortgage, or not have got one at all.
In the UK you could get restitution, i.e. they would pay off part of your mortgage or whatever other losses you suffered, as well as the amount they over-charged. Does it not work that way in the US?
It only becomes a legal matter if someone chooses to elevate it to one.
You can. Simply go to your settings, then "exclusions" and tick the box next to msmash.
In Europe the company would have to justify their decision, either to a tribunal or in court. It would have to be pretty serious.
If the company feels that someone is being unreasonable they can sanction or fire them for it.
Open source is an interesting one. I'm pretty hard line when it comes to the GPL... But if someone submitted a patch to enable targeting Hellfire missiles from a drone I might be tempted to tell them to fork it instead of accepting.
The scent of a perfume has long been ruled as something not protected.
So you are saying they should sell their cheese in an expensive looking bottle out of a boutique store or airport duty free area. The TV ads should feature a model dipped in milk and lounging around some villa, with a breathless voice-over announcing "Heksenkaas" as a bloke with designer stubble sniffs a cheese platter.
Honestly I think they would sell a lot of cheese if they did that. Great idea, pr0t0.
Define merit.
For a product it can include any or all of the following: quality, reliability, cost, profit margin, yield, time to manufacture, TCO, long term availability, certifications, MTBF, effectiveness of DRM, lack of DRM, compatibility, incompatibility, aesthetics, durability, weight, size, energy consumption, elegance, simplicity, complexity, development time...
It's not that merit isn't valued any more, it's that more factors are being considered when determining merit, and we are realizing that what we thought was a meritocracy actually failed to consider important factors while giving too much weight to others.
Disposable plastic bags used to be the preferred option. More durable, cheaper, lighter, convenient. Then we realized that plastic was becoming a problem, and that actually re-usable bags and disposable paper bags had some merits we hadn't really considered before. The convenience factor of disposable plastic bags was over-valued.
They are simply amoral and apolitical money makers.
That's why engineers must refuse to do immoral things. Not just because they are immoral, but because it can make them personally liable or get blamed when things go wrong.
I've refused to do things I felt would make critical systems unsafe. I've refused to do things that screw customers. Without wishing to blow my own trumpet too much, because I'm valuable and because I choose to work for companies that employ other people with a sense of morality I've always been listened to. In fact in every case the request was either the result of excessive cost cutting or someone not thinking through the consequences (which is what I'm paid to do, among other things).
People respect you as a professional if you are straight with them and if you stand by your principals. Well, if they don't then it's a good sign you need to find a better place to work.
Bad tech and bad code often does very well in tech. Look at DOS and Windows. Javascript. XML. x86. They didn't succeed on technical merit.
Which is why it seems strange that people assume that for some reason hiring and career progression in tech are somehow different.