The giveaway is the word "subscription" - Apple got itself a slice to mobile phone revenue by means of the iPhone, MS is trying it again with ad revenue now the Yahoo deal fell through (who do you think will feel ad blocking most? (OK, "selective" ad blocking, I'm willing to bet it won't take long before the "trusted partner" scam will show up)*.
I suspect that that "possibility" will become mandatory to "maintain browsing security". You're welcome to it. Just a quick reminder: Automatic Updates led to the WGA disaster, so I wouldn't invest *too* much trust in it.
And remember: these are just tools - they are not an excuse to avoid using your brain.
*: I may be harsh here, but it's not like we're talking about a sterling track record here. I believe it when I see it.
I said there were solutions, but I can't really talk about it because I work with the vendor that does IMHO the best solution (the main reason we're talking) - whatever I say will be deemed biased.
Instead, let me spell out what is interesting: you no longer NEED the secure terminal - all you need is a computer (or an iPhone) which can show Javascript, Flash or Animated GIF based images.
That means you can leave the POS designers to it - all you need is a window on the Web (read: you also use the same security at home, because you're using something that was originally designed to be used for private banking via the Internet). Man in the browser/middle, keylogging and trojans are thus no longer vectors of attack.
What this means is that that "price of fraud" suddenly acquires an unexpected component: the cost of upkeep of a secure terminal network falls away. Not big bang, gradually. In addition, retaining token numbers (formerly credit card numbers) will get you nothing because the number itself is useless without the support server.
Might be worth a spreadsheet model at Visa - the volume itself makes it interesting.
That more or less suggests that MC & Visa are about the only point of cohesion, and are in a good place to drive improvements. However, there is, of course, the observation that the sheer volume may create a challenge - it will at least happen slower.
I wonder what factors will drive up the cost of fraud to a point where there is active interest - at the moment it appears more to be considered the cost of doing business. That's no consolation for those that have to face the hassle and, in some cases, the costs and risks that come with a breach..
.. demonstrated in the UK: a wholesale transfer of liability.
Formerly the company had to prove it was you who authorised the transaction (i.e. fraud was their cost), now you have to prove it was NOT you who authorised the transaction - i.e. *you* carry the cost of fraud where they can get away with it.
Given that you have nil control over the systems where such data is held (nor are you to be assumed a security specialist who can spot a rigged terminal) I think the word "bastard" you use is justified. The problems are:
1 - you need credit cards if you have a normal life (note: card, NOT credit - that's the game you want to stay out of) 2 - is two companies in the whole world really enough not to be called a monopoly?
(1) is IMHO hard to fix, not because of hardware but because of coverage and size. There is no way to avoid those two. (2) is something that has always amazed me - why has this been left alone by anti-monopoly agencies?
.. get new credit cards every half year or so. You're not charged for the change, it secures any leakage you may have left behind and it ensures that data theft isn't a problem. If you think 6 months is too long (you could be travelling a lot), do it more often. And it means costs for the credit card company so maybe they start to come up with a better approach (or pass teh costs to the failing merchants, also a good incentive IMHO).
Personally, I'm waiting until one of the token manufacturers gets a deal with VISA and Mastercard. After all, a credit card is but a reference number to the contract you have with a credit card provider, and a token can do that just as well. But it could change the static challenge-response PIN with something smarter, and some tokens I've seen are even capable of working securely over a standard web browser.
Let me translate that last one for you: no more "secure" terminals needed (which is where some hacks now happen), using a token could be as simple as integrating an iframe right into the POS display. Also means safer shopping at home, btw.
And the technology exists already - it's just a matter of reaching the point where fraud is more costly than fixing the problem. Not needing secure terminals could mean that point is reached a lot earlier that originally thought. We're talking months here IMHO, followed by a few years while the terminals are phased out.
Have a browse through Ross Anderson's papers (sorry, no time to look it up). In a paper "The economics of fraud" or something he goes through the arguments. Blocking or limiting "non-bank" transfers is only a part solution.
These scammers also employ "mules" - people that allow their bank account to be used for transfers. That means they get a good cut as long as it lasts, but as soon as the police arrives the party is over, and the criminals are clever enough to remain untraceable. The mule invariably takes the hit and ends up in jail.
So, correct in that non-bank blocking would solve a degree of the problem, but it's not a total fix..
Hmm, I guess tastes differ. The YouTube link was to one of the earlier appearances of Stephen Fry, with one of the funniest sketches he did at the beginning of his career. Nerev have I heard "oh shit" being said in such a meaningful way since:-).
But hey, we can't be all into English Humour, although I have seen Monty Python phrases spread throughout both UK and US English now:-).
On the one side that is amusing (but it must be said that the humor here *is* quite special), on the other side you must be really short of amusing things if Slashdot is your only outlet. There's also YouTube:-)
You ought to come down here for a break (he says looking out over the sunlit lake which is full with sailing boats)..
Heck, that was a given even before it was launched (sorry, sort of stumbled into the daylight, heavily blinking, clothes torn to shreds and stinking of booze and barf - and that was just one of the developers).
Kidding aside, we've just acquired a sysop who alleges he can make Vista actually work. And then he was told to downgrade to XP Pro regardless because we can't afford to down the development group for several weeks while they discover which app still works and which one doesn't.
Be careful not to read too much into word use - especially if someone isn't a native English speaker this can lead you astray:-)
"Perp" was only used in the context of "someone being pulled over" - there usually is a reason why cops decide to take a closer look (which too can be based on assumptions that may need correcting). No assumption of guilt implied, so probably used the wrong word. Suspect is also not quite right. Hmm.
I have mixed feelings about cameras. Some substantial abuses of power were only unearthed with video evidence - cases where self regulation clearly failed. Until there is some format to correct this I guess public exposure will be required, however much I dislike it (it's fighting unfairness with unfairness -lack of context-, which is IMHO never the most ideal route).
You're assuming that the perp was pulled over for a violation. Otherwise you're dealing with a gross abuse of power which is something that can cause a lot more trouble for the officer in question. If I were the officer I'd simply be hyper correct.
I'd also note that most people appear to feel that cops are "bad" by default. That's sad, because in the mean they're fairly normal people, and if you treat them that way they'll return the favour. The quantity of "cases" amongst cops is maybe a bit higher but don't forget that these people are lied to frequently so meeting someone who simply says "Hi, what's the problem" is for most of them welcome relief (also nice not to have someone trying to plant a knife or bullet in you just because you wear the uniform). However, if you DID break the law, be a man (/woman) and own up to it. You're more likely to get off with a warning if you don't try to BS your way out.
Behaving that way also gives you a lot more credibility when you DO come across someone in need of an attitude correction..
In a fair number of instances you mention it appears the reality is somewhat far removed from what the RIAA lawyers state, or it appears statements were made with the clear intention to mislead.
Isn't that a punishable offense? If not it should be IMHO - at a criminal level so that it cannot be insured against or subverted by some more creative lawyering. One must keep in mind that if a lawyer is prepared to step so far out of the expected modus operandi to make such statements, actual misdirection is not too much further from the accepted course of action.
It's up to the judges to safeguard the system. So far, that idea apparently hasn't worked too well..
Find someone else who has more or less the same time of attendance. The idea is that you both get each other to go, so on an off day you will still get a call. Helps when your motivation isn't quite there that day.
Alternatively, find a sport you like. If you want your head to work as well as your body, do Tai Chi. If you want a physical workout but hate a gym, find a place where they teach climbing. Etc etc. Adjust your activity to suit yourself because if you don't like it, even the best motivation wears thin after a while.
I would love to know what ping and traceroute for something like marslander01.nasa.gov would look like although you'd probably have to dramatically adjust timeouts (and don't wait for an ACK before you send the next packet - could be fun for the team to build a simulation..
Just before we were given the whole "www" idea and Spyglass and Mosaic appeared I remember we used to ping a site rumored to be on one of the poles (North, I think) called mcmurdo, and then show a traceroute to it. It was a nice way to demonstrate to people new to the Net to show routing and how everything was in reach. Of course, that was in the days that Usenet was still usable, and you could open a talk session to someone on the other side of the planet and be reasonably sure (s)he'd answer if they were awake. At least there's IM for that:-)
It's quite a challenge to communicate over that distance as timeouts make acknowledgement based transmissions useless. I think keep-alives may play a huge role here, and asymmetric transmission will be standard.
Having said that, some civil servants I have to deal with would just about fit in with the time lags of this traffic:-(.
As for governments not having a reason to exist: it is an endless source of fascination to me that a government in Switzerland can get a country fully functional on only 30% tax whereas the UK can't even keep public transport running at double the taxation AND much higher fares..
Oh, and as for pollution and global warming: the reality is that *nobody* is willing to touch the main polluters, cars are just so much easier as a target. The big elephant in the room in any "climate control" meeting is the meat industry. I like my meat, but I'm now well aware of the fact that producing that nice bit of meat on your plate represents a good 70% of the problem (and if that comes as a surprise to you, well, it did that to me too but it checks out).
But I can't really see any politician stand up to tell that story..
Almost 2 decades ago I worked in the color lab of one of the suppliers of the plastic granules that LEGO uses, and I can tell you that even then, LEGO had about the most tight color and quality control in place I've ever come across. That's probably why a new brick and a brick bought a decade ago are still so much alike.
I remember that most of that production was checked in double tact: twice as often during a run then any other plastic, and that included metamere checking (ensuring that the color also changes correctly when you switch from daylight to artificial light - not always a given as every pigment you use can act differently).
I've not been involved in developing the LEGO color recipes, but hats off to whoever did them from their samples - that must have taken at least a week. New stuff like matching the color of the leather going to be used in car seats was easier IMHO (although also challenging, precisely because of the metamere issues). But it was fun, albeit occasionally dangerous work, in those days some of the additives were highly toxic..
The main issue is, quite simply, that an SSL cert is used for tow things at the same time which don't always need to be in sync.
First, an SSL cert is a public key to start up an SSL session (public key begets public key begets shared symmetric key and hey, presto - we have an encrypted tunnel).
In addition to that, the SSL cert serves as a site identifier, and this is where the problem starts because that requires a chain of trust to work. I personally would prefer a system almost like the Web Of Trust (www.thawte.com/wot) so that there is a DEGREE of trust that can be injected into a cert, but not as much as is presently the case.
You see, there is nothing that tells me I can trust the CA itself. Why should I trust Verisign? At the point where Thawte was sold to Verisign, Thawte was IMHO both a LOT more secure in the way it issued certs as well as significantly more efficient, so if anything I would have trusted a Thawte cert more for server identity than I trust Verisign (not to mention the fact that Verisign being US is now another recipe for mistrust, but I digress).
It is in the interest of Verisign to pass off their certs as "secure" but few understand that "secure" just means "the result of a process we followed" so it depends on the process - and I can't find any public, independent audits of that mechanism. Ergo, I can't determine if I can trust the cert or not, and all the marketing in the world can't change that little fact.
In addition, research has shown that the average end user cannot distinguish a safe site from a fraudulent one, even just putting the padlock icon on the webpage itself is sometimes enough to mislead them into thinking a site is safe..
Commingling the two purposes is confusing, and FF3 doesn't help here. But they're IMHO just following this trend of wrongly trusting what a cert states to identify the identity of a site..
The key is "appropriate" speed. Any moron who drives 100 km/h in a 30 km/h zone should lose his license and deserved IMHO some extra education with a cluebat (those areas tend to have small kids running around). Ditto for people speeding and weaving in and out lanes during peak hour (ditto for morons hanging in an overtaking lane for no apparent reason).
However, if someone hammers along at twice the permitted speed at 3am on an empty road with a car that can handle it and does this sensibly (not flying into unknown bends at a stupid speed) I actually can't see the problem.
I regularly have the pleasure of driving in Germany, and my car is capable of doing well over twice the national speed limit in the UK (and other EU countries). It is stable at those speeds, but regardless of being able to do so you will not catch me doing that sort of speed when it's busy.
The simple argument is risk management, your very first duty as a driver is to be safe - also for others. This also provides the argument for sticking very firmly to restrictions: with the exception of a few places in the UK where they simply want speeding revenue, speed is normally reduced for a reason: risk. It's stupid to think you know better than the people who spent effort, time and tax money putting those signs up IMHO..
Incidentally, there's another barrier to driving very fast: fuel consumption at 260 km/h can be about 5x of that at 120 km/h. It's fun for a short while but I prefer to have as less stress as possible when driving - risk means stress.
First off, you HAVE monetary damages unless you got those computers for free, and it they were insured your insurers could be interested in recovery. Secondly, your question to law enforcement should be if they would be so kind to confirm that they have no interest in solving a crime and apprehend those responsible. Don't get technical, just say the systems have called home and there is a way to find where they are.
Do that IN WRITING, like "could you please confirm by return post that you have no interest in pursuing this case, even though new evidence has come to light that will assist in apprehending those responsible. If I don't receive an answer from you bx (14 days ahead) I will assume your answer into the affirmative".
Once you have this in writing your options are going to the press (will not make you popular with the fuzz, and you still live there), going to the insurers or go back to whoever you found friendliest at your police station and explain to them (patiently) that they would get the glory, you jut want your systems and you can help.
I personally would start with the last option. There's plenty of time to get into a fight later but ideally you want the police on your side.
What you do NOT want to do is hack your own systems because you'll zap your changes of obtaining untainted forensics, and may even be accused of hacking. You don't know if someone has bought these systems as secondhand..
My principle problem with NAS is that they're all easy to install, but few of them document recovery of a dead drive. I want a simple mirror or RAID5 for home, but I've put it off until I find out how recovery works, and I find that often not very well documented.
- Those who propose such nonsense should be the first to be entered into such system. - Those who operate such a system should be in it, and monitored (also a solution for the UK CCTV - as it's allegedly "for the public good" it's only fair that the public can have a real time look at those allegedly "protecting" them). - *ANY* system that fails to deliver on its promise will require extensive review of what went wrong and by who. That includes, but isn't limited to the politicians promoting it, the consultants confirming feasibility (I'm talking about the "rent an outcome" mob) and the quality of project definition, control and implementation. To put this in a simple phrase: if it fails go after those who have been feeding at the trough. - Anyone falling foul of the above will have their biometrics published
However, this should be balanced with reporting where it has been done well, to encourage good practices.
I reckon implementing the above could tamper enthusiasm somewhat. It also nicely bounces back the "nothing to hide" argument - if it's all so good and wonderful I'm sure there is no problem with doing it right..
Slashdot Mirror
I would have put it more, um, diplomatic but you may be right - it seems that any other consumer messages simply don't get through.
Sow, reap, etc..
Now *THAT* is the observation of the month.
Don't get carried away though, there are only a few day of August left :-)
The giveaway is the word "subscription" - Apple got itself a slice to mobile phone revenue by means of the iPhone, MS is trying it again with ad revenue now the Yahoo deal fell through (who do you think will feel ad blocking most? (OK, "selective" ad blocking, I'm willing to bet it won't take long before the "trusted partner" scam will show up)*.
I suspect that that "possibility" will become mandatory to "maintain browsing security". You're welcome to it. Just a quick reminder: Automatic Updates led to the WGA disaster, so I wouldn't invest *too* much trust in it.
And remember: these are just tools - they are not an excuse to avoid using your brain.
*: I may be harsh here, but it's not like we're talking about a sterling track record here. I believe it when I see it.
I said there were solutions, but I can't really talk about it because I work with the vendor that does IMHO the best solution (the main reason we're talking) - whatever I say will be deemed biased.
Instead, let me spell out what is interesting: you no longer NEED the secure terminal - all you need is a computer (or an iPhone) which can show Javascript, Flash or Animated GIF based images.
That means you can leave the POS designers to it - all you need is a window on the Web (read: you also use the same security at home, because you're using something that was originally designed to be used for private banking via the Internet). Man in the browser/middle, keylogging and trojans are thus no longer vectors of attack.
What this means is that that "price of fraud" suddenly acquires an unexpected component: the cost of upkeep of a secure terminal network falls away. Not big bang, gradually. In addition, retaining token numbers (formerly credit card numbers) will get you nothing because the number itself is useless without the support server.
Might be worth a spreadsheet model at Visa - the volume itself makes it interesting.
That more or less suggests that MC & Visa are about the only point of cohesion, and are in a good place to drive improvements. However, there is, of course, the observation that the sheer volume may create a challenge - it will at least happen slower.
I wonder what factors will drive up the cost of fraud to a point where there is active interest - at the moment it appears more to be considered the cost of doing business. That's no consolation for those that have to face the hassle and, in some cases, the costs and risks that come with a breach..
.. demonstrated in the UK: a wholesale transfer of liability.
Formerly the company had to prove it was you who authorised the transaction (i.e. fraud was their cost), now you have to prove it was NOT you who authorised the transaction - i.e. *you* carry the cost of fraud where they can get away with it.
Given that you have nil control over the systems where such data is held (nor are you to be assumed a security specialist who can spot a rigged terminal) I think the word "bastard" you use is justified. The problems are:
1 - you need credit cards if you have a normal life (note: card, NOT credit - that's the game you want to stay out of)
2 - is two companies in the whole world really enough not to be called a monopoly?
(1) is IMHO hard to fix, not because of hardware but because of coverage and size. There is no way to avoid those two. (2) is something that has always amazed me - why has this been left alone by anti-monopoly agencies?
.. get new credit cards every half year or so. You're not charged for the change, it secures any leakage you may have left behind and it ensures that data theft isn't a problem. If you think 6 months is too long (you could be travelling a lot), do it more often. And it means costs for the credit card company so maybe they start to come up with a better approach (or pass teh costs to the failing merchants, also a good incentive IMHO).
Personally, I'm waiting until one of the token manufacturers gets a deal with VISA and Mastercard. After all, a credit card is but a reference number to the contract you have with a credit card provider, and a token can do that just as well. But it could change the static challenge-response PIN with something smarter, and some tokens I've seen are even capable of working securely over a standard web browser.
Let me translate that last one for you: no more "secure" terminals needed (which is where some hacks now happen), using a token could be as simple as integrating an iframe right into the POS display. Also means safer shopping at home, btw.
And the technology exists already - it's just a matter of reaching the point where fraud is more costly than fixing the problem. Not needing secure terminals could mean that point is reached a lot earlier that originally thought. We're talking months here IMHO, followed by a few years while the terminals are phased out.
Have a browse through Ross Anderson's papers (sorry, no time to look it up). In a paper "The economics of fraud" or something he goes through the arguments. Blocking or limiting "non-bank" transfers is only a part solution.
These scammers also employ "mules" - people that allow their bank account to be used for transfers. That means they get a good cut as long as it lasts, but as soon as the police arrives the party is over, and the criminals are clever enough to remain untraceable. The mule invariably takes the hit and ends up in jail.
So, correct in that non-bank blocking would solve a degree of the problem, but it's not a total fix..
Hmm, I guess tastes differ. The YouTube link was to one of the earlier appearances of Stephen Fry, with one of the funniest sketches he did at the beginning of his career. Nerev have I heard "oh shit" being said in such a meaningful way since :-).
But hey, we can't be all into English Humour, although I have seen Monty Python phrases spread throughout both UK and US English now :-).
On the one side that is amusing (but it must be said that the humor here *is* quite special), on the other side you must be really short of amusing things if Slashdot is your only outlet. There's also YouTube :-)
You ought to come down here for a break (he says looking out over the sunlit lake which is full with sailing boats)..
Let me get this right: there has been an injunction barring these people from talking, but not from publishing?
Duh, talk about drawing attention to a problem..
Heck, that was a given even before it was launched (sorry, sort of stumbled into the daylight, heavily blinking, clothes torn to shreds and stinking of booze and barf - and that was just one of the developers).
Kidding aside, we've just acquired a sysop who alleges he can make Vista actually work. And then he was told to downgrade to XP Pro regardless because we can't afford to down the development group for several weeks while they discover which app still works and which one doesn't.
Be careful not to read too much into word use - especially if someone isn't a native English speaker this can lead you astray :-)
"Perp" was only used in the context of "someone being pulled over" - there usually is a reason why cops decide to take a closer look (which too can be based on assumptions that may need correcting). No assumption of guilt implied, so probably used the wrong word. Suspect is also not quite right. Hmm.
I have mixed feelings about cameras. Some substantial abuses of power were only unearthed with video evidence - cases where self regulation clearly failed. Until there is some format to correct this I guess public exposure will be required, however much I dislike it (it's fighting unfairness with unfairness -lack of context-, which is IMHO never the most ideal route).
You're assuming that the perp was pulled over for a violation. Otherwise you're dealing with a gross abuse of power which is something that can cause a lot more trouble for the officer in question. If I were the officer I'd simply be hyper correct.
I'd also note that most people appear to feel that cops are "bad" by default. That's sad, because in the mean they're fairly normal people, and if you treat them that way they'll return the favour. The quantity of "cases" amongst cops is maybe a bit higher but don't forget that these people are lied to frequently so meeting someone who simply says "Hi, what's the problem" is for most of them welcome relief (also nice not to have someone trying to plant a knife or bullet in you just because you wear the uniform). However, if you DID break the law, be a man (/woman) and own up to it. You're more likely to get off with a warning if you don't try to BS your way out.
Behaving that way also gives you a lot more credibility when you DO come across someone in need of an attitude correction..
Just my $0.02
In a fair number of instances you mention it appears the reality is somewhat far removed from what the RIAA lawyers state, or it appears statements were made with the clear intention to mislead.
Isn't that a punishable offense? If not it should be IMHO - at a criminal level so that it cannot be insured against or subverted by some more creative lawyering. One must keep in mind that if a lawyer is prepared to step so far out of the expected modus operandi to make such statements, actual misdirection is not too much further from the accepted course of action.
It's up to the judges to safeguard the system. So far, that idea apparently hasn't worked too well..
Find someone else who has more or less the same time of attendance. The idea is that you both get each other to go, so on an off day you will still get a call. Helps when your motivation isn't quite there that day.
Alternatively, find a sport you like. If you want your head to work as well as your body, do Tai Chi. If you want a physical workout but hate a gym, find a place where they teach climbing. Etc etc. Adjust your activity to suit yourself because if you don't like it, even the best motivation wears thin after a while.
And good luck :-)
I would love to know what ping and traceroute for something like marslander01.nasa.gov would look like although you'd probably have to dramatically adjust timeouts (and don't wait for an ACK before you send the next packet - could be fun for the team to build a simulation..
Just before we were given the whole "www" idea and Spyglass and Mosaic appeared I remember we used to ping a site rumored to be on one of the poles (North, I think) called mcmurdo, and then show a traceroute to it. It was a nice way to demonstrate to people new to the Net to show routing and how everything was in reach. Of course, that was in the days that Usenet was still usable, and you could open a talk session to someone on the other side of the planet and be reasonably sure (s)he'd answer if they were awake. At least there's IM for that :-)
It's quite a challenge to communicate over that distance as timeouts make acknowledgement based transmissions useless. I think keep-alives may play a huge role here, and asymmetric transmission will be standard.
Having said that, some civil servants I have to deal with would just about fit in with the time lags of this traffic :-(.
As for governments not having a reason to exist: it is an endless source of fascination to me that a government in Switzerland can get a country fully functional on only 30% tax whereas the UK can't even keep public transport running at double the taxation AND much higher fares..
Oh, and as for pollution and global warming: the reality is that *nobody* is willing to touch the main polluters, cars are just so much easier as a target. The big elephant in the room in any "climate control" meeting is the meat industry. I like my meat, but I'm now well aware of the fact that producing that nice bit of meat on your plate represents a good 70% of the problem (and if that comes as a surprise to you, well, it did that to me too but it checks out).
But I can't really see any politician stand up to tell that story..
Almost 2 decades ago I worked in the color lab of one of the suppliers of the plastic granules that LEGO uses, and I can tell you that even then, LEGO had about the most tight color and quality control in place I've ever come across. That's probably why a new brick and a brick bought a decade ago are still so much alike.
I remember that most of that production was checked in double tact: twice as often during a run then any other plastic, and that included metamere checking (ensuring that the color also changes correctly when you switch from daylight to artificial light - not always a given as every pigment you use can act differently).
I've not been involved in developing the LEGO color recipes, but hats off to whoever did them from their samples - that must have taken at least a week. New stuff like matching the color of the leather going to be used in car seats was easier IMHO (although also challenging, precisely because of the metamere issues). But it was fun, albeit occasionally dangerous work, in those days some of the additives were highly toxic..
The main issue is, quite simply, that an SSL cert is used for tow things at the same time which don't always need to be in sync.
First, an SSL cert is a public key to start up an SSL session (public key begets public key begets shared symmetric key and hey, presto - we have an encrypted tunnel).
In addition to that, the SSL cert serves as a site identifier, and this is where the problem starts because that requires a chain of trust to work. I personally would prefer a system almost like the Web Of Trust (www.thawte.com/wot) so that there is a DEGREE of trust that can be injected into a cert, but not as much as is presently the case.
You see, there is nothing that tells me I can trust the CA itself. Why should I trust Verisign? At the point where Thawte was sold to Verisign, Thawte was IMHO both a LOT more secure in the way it issued certs as well as significantly more efficient, so if anything I would have trusted a Thawte cert more for server identity than I trust Verisign (not to mention the fact that Verisign being US is now another recipe for mistrust, but I digress).
It is in the interest of Verisign to pass off their certs as "secure" but few understand that "secure" just means "the result of a process we followed" so it depends on the process - and I can't find any public, independent audits of that mechanism. Ergo, I can't determine if I can trust the cert or not, and all the marketing in the world can't change that little fact.
In addition, research has shown that the average end user cannot distinguish a safe site from a fraudulent one, even just putting the padlock icon on the webpage itself is sometimes enough to mislead them into thinking a site is safe..
Commingling the two purposes is confusing, and FF3 doesn't help here. But they're IMHO just following this trend of wrongly trusting what a cert states to identify the identity of a site..
The key is "appropriate" speed. Any moron who drives 100 km/h in a 30 km/h zone should lose his license and deserved IMHO some extra education with a cluebat (those areas tend to have small kids running around). Ditto for people speeding and weaving in and out lanes during peak hour (ditto for morons hanging in an overtaking lane for no apparent reason).
However, if someone hammers along at twice the permitted speed at 3am on an empty road with a car that can handle it and does this sensibly (not flying into unknown bends at a stupid speed) I actually can't see the problem.
I regularly have the pleasure of driving in Germany, and my car is capable of doing well over twice the national speed limit in the UK (and other EU countries). It is stable at those speeds, but regardless of being able to do so you will not catch me doing that sort of speed when it's busy.
The simple argument is risk management, your very first duty as a driver is to be safe - also for others. This also provides the argument for sticking very firmly to restrictions: with the exception of a few places in the UK where they simply want speeding revenue, speed is normally reduced for a reason: risk. It's stupid to think you know better than the people who spent effort, time and tax money putting those signs up IMHO..
Incidentally, there's another barrier to driving very fast: fuel consumption at 260 km/h can be about 5x of that at 120 km/h. It's fun for a short while but I prefer to have as less stress as possible when driving - risk means stress.
First off, you HAVE monetary damages unless you got those computers for free, and it they were insured your insurers could be interested in recovery. Secondly, your question to law enforcement should be if they would be so kind to confirm that they have no interest in solving a crime and apprehend those responsible. Don't get technical, just say the systems have called home and there is a way to find where they are.
Do that IN WRITING, like "could you please confirm by return post that you have no interest in pursuing this case, even though new evidence has come to light that will assist in apprehending those responsible. If I don't receive an answer from you bx (14 days ahead) I will assume your answer into the affirmative".
Once you have this in writing your options are going to the press (will not make you popular with the fuzz, and you still live there), going to the insurers or go back to whoever you found friendliest at your police station and explain to them (patiently) that they would get the glory, you jut want your systems and you can help.
I personally would start with the last option. There's plenty of time to get into a fight later but ideally you want the police on your side.
What you do NOT want to do is hack your own systems because you'll zap your changes of obtaining untainted forensics, and may even be accused of hacking. You don't know if someone has bought these systems as secondhand..
Good luck.
Edges wear off. And what kind of edge do you want? Sharp? Rounded?
A sphere avoids the whole problem.
My principle problem with NAS is that they're all easy to install, but few of them document recovery of a dead drive. I want a simple mirror or RAID5 for home, but I've put it off until I find out how recovery works, and I find that often not very well documented.
But I'll have to bite the bullet at some point :-)
- Those who propose such nonsense should be the first to be entered into such system.
- Those who operate such a system should be in it, and monitored (also a solution for the UK CCTV - as it's allegedly "for the public good" it's only fair that the public can have a real time look at those allegedly "protecting" them).
- *ANY* system that fails to deliver on its promise will require extensive review of what went wrong and by who. That includes, but isn't limited to the politicians promoting it, the consultants confirming feasibility (I'm talking about the "rent an outcome" mob) and the quality of project definition, control and implementation. To put this in a simple phrase: if it fails go after those who have been feeding at the trough.
- Anyone falling foul of the above will have their biometrics published
However, this should be balanced with reporting where it has been done well, to encourage good practices.
I reckon implementing the above could tamper enthusiasm somewhat. It also nicely bounces back the "nothing to hide" argument - if it's all so good and wonderful I'm sure there is no problem with doing it right..