So much security is not practical. Why stop at the browser?
Because the browser (or in this case flash) is processing untrusted input, plain and simple. If you're going to work with untrusted input, you need to do it securely, be it via filtering the input or using a sandbox. If the browser is so insecure that you need to run it on a hardened OS or inside of a VM, then maybe it's time for another browser.
Fair enough, we need to fix flash, not ban one of the unlimited number of sites that use flash. Of course, if individual users want to disable flash on their machine, I have no problem with that, but that shouldn't be the security solution for everyone.
And for ads posing as dialog boxes, I'd want to see a window manager that ensures the distinction is always clear. If a web page is able to alter the screen to the point that all you see is a "this workstation has been locked, please enter your password" screen without any window borders, then there's a security vulnerability of the browser and window manager.
The point being, fix the underlying issue. Security by censorship or security by blacklists doesn't work when you have a tool designed to connect to any computer on the internet.
Everyone is cheering for AdBlock when they read this, but why is it ok that a browser can install spyware, viruses, etc when you are browsing a web page? Shouldn't this be something that can only happen on sites that you explicitly permit or upon agreeing to a dialog asking if it's ok to run a given program? If you can experience this problem with double-click, then you can experience the same problem with any web site out there, so I'd much rather see us fixing the security holes in various browsers.
Sovereignty means the country establishes the rules within their boundaries. If the US doesn't like it, they can always go to war with China. It will be the quickest war ever - China immediately dumps their vast US currency holdings on the open market, the US dollar becomes (even more) worthless within 1 minute due to programmed trading, etc.
We are now in the global economy's version of mutual assured destruction. If either the US or China does something to break economic relations with the other, both economies would suffer. China depends on the US as an export economy just as much as we depend on them for imports, and drastically devaluing the dollar would only turn the US into an export economy for them to compete against. And as much as the US doesn't like China's policies, at least publicly, refusing their goods would only raise the cost of everything in the US (both because of reduced supply and because the lowest cost supplier is no longer available).
Much to many people's disappointment, things are being handled quite smoothly considering the staggering scale of the trade imbalance. China will take over as the super power, the USD will continue to devalue which is healthy for us to regain the trade balance, and another third world will take over as Wal-Mart's supplier. If I were to guess, it's going to look a lot like the cold war all over again, except this time, people realize it's possible to survive it as long as we keep a level head. The complaining we are hearing from politicians now is hypocritical to be sure, but not surprising considering all the other things they find to wine about without actually doing anything.
Wi-Fi-enabled security cameras that can identify illegally parked cars and issue tickets without an on-site witness
The current system is based on random luck. You don't feed the meter and maybe you're lucky, or maybe you aren't and you have a ticket. If you change to a system where every violator always pays, you're back to a fair system (especially if police aren't allowed to undo tickets for their friends). And with all this new revenue, you can decrease the fines so they don't become an unfair burden and find a way to adjust the fines to be based on how long the violation occurred. However, because government greed says the last part won't happen, we have to fight to keep the system unfair so that we aren't fined out the wazoo.
I think we can all agree his opinion is pretty useless. He's trying to suggest the iPhone is more secure, yet the problem there is that if there was a virus, you wouldn't be allowed to fix the problem. And considering they've already found ways to unlock them and run apps on them, a virus is sure to come one day. If we are going to look at the impact an open phone has, we can review the results of Palm and Windows Mobile and see just how far off from reality he is. You get security problems by writing an insecure OS (e.g. everything as administrator in Windows) and by allowing unknown software to run (ohh, I can click ok to see Britney's boobies!). And I suspect that google and friends will do a better job of that than either Palm or Windows Mobile did.
And the best part of all, the WSJ blog is run on Apache/Red Hat. Unless we're trying to say Ben Worthen is a worm:-)
That's a pretty narrow view on life. Parents are generally the ones who can least afford to pony up extra taxes to solely fund the schools. If parents cannot afford to pay for schools, would you want to live where there are lots of uneducated youth with nothing to do?
If you can't afford them, stop having them, or offer them up for adoption. Problem solved. And before you say I'm discriminating against the poor, such a tax would need to be a percentage of a family's income. The percentage would go up as you have more school aged children. And to further keep things fair, you would need to phase it in over time starting with children born X number of years from now. I suspect that education problems would quickly go away if parents saw the school system as something they were investing in rather than a government sponsored daycare service.
As for the other parts of your ill considered rant, property owners generally DO pay for fire protection through property taxes, which get passed down to the renters. Roads are funded chiefly through gasoline taxes (43 cents per gallon in my state).
I was stating a general theory, which as you've pointed out is backed up in reality in more ways than not. As for the gas tax, Virginia is 17.5 cents, and we make up for it using the $3000 speeding ticket.
While I subscribe to a lot of the Libertarian ideas, this is where we part ways.
Part of the beauty of politics, everyone has an opinion, and everyone's opinions are flawed, mine included.
Sadly, in any democracy where money and votes result in power, entrepreneurs will always lose. We are a minority of the vote, so all the wealth redistribution fans will put people in power that take money from anybody but them. And when it comes to money, the shoe-string garage operations just don't compare to the mega-corporations and their government sponsored monopolies.
This is why we are seeing more and more laws passed that tax hotel guests, reckless drivers, smokers, the self employed, and um-teen other small groups to fund something like (to use Virginia as an example) our traffic problems when the gas tax is forbidden from being touched, not indexed to inflation, and unchanged since I was born. The more we tax the minorities, the more the minorities will go elsewhere, and eventually they will come for those in the majority because there's no one else left.
I'd much rather see taxes targeted at people that use the given service. Every person needs to fund the police, property owners need to fund the fire departments, families with children need to fund the schools, drivers with cars or people buying gas need to fund our roads, etc. These kinds of taxes should encourage people to live a more efficient lifestyle and for those that want to pay more to live better, that's their choice. Today, we have a system setup to encourage the poor to have more children to collect a bigger welfare check, I'm paying for their school, and some smoker is paying for the roads that I drive on. The disconnect means that roads are overcrowded and under maintained, schools use trailers to handle the overflow, and every politician promises to do something to cut down on the high property taxes.
Either 89 cents or 99 cents per song, albums weigh in at $5.99, $8.99, and $9.99. All of these prices trump are on par with the competition or slightly better. Don't forget a major competition piece: the $16.95 brick and mortar cd price.
The album competition isn't there yet. Taking KT Tunstall's Eye of the Telescope, you have $8.99 @ amazon, $9.72 @ walmart, and $9.99 @ target. I'm guessing you could find it cheaper elsewhere. And if I'm buying the whole album, having the physical cd and jewel case is worth the extra $0.73. But for singles, this is the best I've seen yet for anyone that likes mainstream music, legally, and without drm/OS restrictions/etc.
allowing more highly educated foreign workers into the country
I guess Aaron Ricadela has no problem with the industry bulking up with people who are accustomed to earning under $1USD per day in their home country.
Personally, I don't have an issue with someone coming to the US that was accustomed to earning under $1/day. But they should play by the same rules, and not the "do what we say or you'll be deported" semi-slavery we have now. If someone is willing to do the same work under the same conditions and terms for less money than me, then I should be finding something better to do.
After all, if the US didn't believe in getting the best scientist from other countries, Germany would have had the atom bomb first and Nasa would have been set back years.
IBM flat out removed license keys from some of their software. It was used by big businesses, everyone that needed it had a key already, and it made it easier for people to setup labs and learn the software so they would want to use it. Of course, their software is big enough and visible enough that the risk of someone reporting a pirate install is too high for most. And they make sure to get paid well for support. In the end, they simply looked at their customer and realized that stopping pirates does more harm to their business than good.
When you get into the personal market, that model changes. But since you are targeting businesses, the most I would do is call home from time to time to let you know where your software is being used, but not to disable it. Then you just use places with an unusually large number of machines reporting back as an opportunity for a sales call to help them get in compliance. Tie the call home in with an update notification service, and most businesses won't have a problem with the connection.
Watching TV leads to parents yelling at kids to stop wasting all the time doing nothing. So kids learn to get their viewing in quickly. There's also the issue with advertisements and multiple channels. People learn to not focus too much on one show because their ad will be over in the important channel in 2 minutes, but dvr's are fixing that. I still like blaming parents, well them and society, since they made things so bad in the world that the den is the last semi-safe place for kids to play. Whatever happened to the innocence of riding a bike down the middle of the street with a toy gun playing cops and robbers?
We now return to the regularly scheduled "what were you talking about" jokes.
I'd love to see a GPS that allows more 2-way interaction. They already have bluetooth in many of them to allow traffic and weather downloads. Having users able to upload accident info, construction, speed traps, etc would be a fantastic extension. The trick will be taking an off the shelf gps product and writing the open source firmware since I doubt any major vendor would permit the flexibility that people really want.
A more interesting question would be how these things hold up when used for swap.
I suspect the concept of swap will need to be reevaluated with these disks. As you mentioned, random seek-times will improve while write times are disproportionately high, so the ram fs cache we see now may have its priority greatly reduced. It may become more appropriate to put more RAM in a machine than to allocate swap space for many users, which I've seen done in servers years ago (on a government project were cost wasn't the issue it is for others admittedly). For those that still have swap, it will likely be for a space to suspend the OS while hibernating. Considering how low performance goes with heavily used disk swap, and how that's usually attributed to too little ram or a badly behaving application, I'm not worried about this impact on the over-hyped write limit. People will kill the offending apps and buy more ram long before they kill the drive.
Not sure where to even start. First of all, there is no ban on stem cell research. You are free to take your money and fund all the stem cell research that you would like. The ban is on federal funding of *embryonic* stem cell research.
The government may as well ban a good portion of it then. Any commercial company funding this research would likely be boycott immediately by a decent size chunk of the population and driven out of business before they can realize the benefit of their funding. And if they do find some good from their funding, they will almost certainly patent the result and keep the US 20 years behind the rest of the world.
And the reason for the ban has nothing to do with science, but with *morality*. Is it murder to kill a human being for scientific research? Oh, you say an embryo isn't a human being? Then what is a human being? Where do you draw the line?
Since you asked, I draw the line where you "decide to preserve a living human life". At the end of life, this is typically around the point when organs fail and brain waves cease. Hair and fingernails may still be growing, but the person is no longer alive and can now be used for organ donation to improve someone else's life. I forget where brain waves come in an embryo's development, somewhere in the second trimester I believe, but that's where I think it deserves protection.
I have yet to hear any reasonable justification, scientific or otherwise, for where that line should be drawn. For the abortion issue, the line has been drawn in quite a strange manner. If the unborn baby is wanted by its mother, it is a human being and is protected by the law. But if the mother doesn't want the unborn baby, then it's not a human being, and is not protected by the law.
No doubt about it, it's a tough issue that we haven't handled well. It gets even more interesting when you consider a fathers rights. Can he insist that an accidental pregnancy be terminated, or that a disabled child that a mother doesn't want be carried to term and placed in his custody? Is he responsible for child support when the mother insist on having a child and he offered to pay for an early term abortion?
Where's the scientific justification for that? There is none. This situation is not based upon any scientific principle, but upon the decision by our society that a woman has the right to choose the fate of a baby she is carrying. That decision is not based on science. There is no scientific experiment that can be setup to determine whether this was the correct moral decision. In fact, this is a moral decision that *many* people in our society are uncomfortable with. Do you have scientific data that shows they're wrong? There is no such data, and there never will be.
Morals plain and simple are not scientific, they are created by humans to make existence easier. Each society has developed morals a little differently, but for the most part, there are common themes. Killing and violence are limited if not forbidden, and other rules are designed to make things fair. People view religions in different ways, but philosophically, they are designed to maintain order in society, and in many ways, what's moral for society and moral in a religious sense have many parallels. And it's important to realize that what's moral for yourself, moral for a religion, moral for others, and moral for society will always have differences because everyone is different. Democracy and monarchy have been the two main ways to reduce those differences, but there are still far too many of those to eliminate conflict, and many people belong to multiple, sometimes conflicting, groups.
Science has its limits. If you can't recognize that, then you are just as guilty as those who don't recognize science for what it *can* do.
Science has the advantage that it can show logically what it knows and how it knows it. I
I'm rapidly strengthening my belief that this will not be the only company
I'm pretty sure you're right. It's a high value target to hit and a hard target to secure. First, you have stores that move things around frequently, tempting them to go wireless (ala Best Buy's fiasco). Next, you have a low margin highly competitive business where cutting cost on employees, hardware, security, etc, (especially in the stores where each dollar spent is multiplied by thousands) is good for business. Then you have customers that want speed and convenience or they will go elsewhere so credit cards are handled with less than desirable security. And there's the store wan that is usually too slow and unreliable to use good security practices like centralized storage of all customer data and network booting of unsecured devices. Any company that moves first to fix all of these issues will go out of business because of their high costs, long before customers go to them for the benefit of security.
For just one example, ponder for a second when you've recently returned an item purchased with a credit card. How many times was the refund given to you on your credit card without you giving them your card. This means they still have your full card number on file for that receipt. The POS software is usually where the credit card charge and refund is processed from, so from that machine, they have access to your number (not centrally like you would need to be secure). And therefore, from any machine you can get on the store network, you have access to every credit card number handled by them if you can crack the POS software (which is always produced by a 3rd party). With the wireless hand-held devices (or even the cart mounted onces I've seen at home improvement stores) to check inventory, the easy thing is to put the wireless on the store WAN as well, so you have an easy access point for any determined cracker. The store WAN also tends to have access to every other store in the company plus nonfirewalled access to multiple high priority servers at the corporate side.
I've consulted for multiple retail organizations, TJX included, and none of them are perfect. The example above is only looking at the stores, and not the corporate PC's, and laptops, and vendors laptops that are prime jumping off points for worms and trojans. I think the question isn't how many will be breached in the future, but rather how many have been breached and we don't know it, and more importantly, how many have been breached and they don't even know it.
2. If you were paying attention, every article for the past 6 months has been referring to it as TJX (it is the corporate name after all). The first articles about it included something about it being TJ Maxx/Marshalls/etc.
Of course the knee jerk reaction is to make corporations more accountable, raise the risks for the owners, etc. As others have pointed out, no one would want to run a corporation where they are liable not just for doing their job, but being sure that no mistakes were made by anyone else (like the IT worker turning off a firewall, or the janitor that doesn't put down a wet floor sign). Take the current executive pay and bump it up by a factor of 10. Honestly, all the barriers, rules, legal risk, etc are part of the reason big companies have gotten so big.
Also, lets not forget that if the executives really did something wrong, closing the business isn't enough. There's still a legal record of who owned the business when the breach occurred. What the hospitals are upset about is that the investors stopped putting money into the company which they could try to get their hands on. The investors already lost because the company folded, they never saw a return on their money, and probably lost their principle, too. As did the shareholders (stock=0), employees (no unemployed, a few of them rightfully so), executives (with a black mark on their record for something they didn't do), etc. Anyone who walks away from a folded company as a winner either did nothing wrong, scammed the system, or was really good and didn't get caught. None of which appears to have happened here.
If you want to be anti-big business, you need to cut down the barriers so that "locally owned" has a fighting chance against the "benefits of scalability".
When your weapons are used against you, you have to wonder if you really needed that weapon in the first place. And people should question why we let you have that weapon. Of course this all assumes that people have an influence on the government, which seems like we haven't for quite a long time, if ever. But I digress, this can all be summed up by a child in a cartoon:
Calvin and Hobbes
Slashdot Mirror
Fair enough, we need to fix flash, not ban one of the unlimited number of sites that use flash. Of course, if individual users want to disable flash on their machine, I have no problem with that, but that shouldn't be the security solution for everyone.
And for ads posing as dialog boxes, I'd want to see a window manager that ensures the distinction is always clear. If a web page is able to alter the screen to the point that all you see is a "this workstation has been locked, please enter your password" screen without any window borders, then there's a security vulnerability of the browser and window manager.
The point being, fix the underlying issue. Security by censorship or security by blacklists doesn't work when you have a tool designed to connect to any computer on the internet.
Everyone is cheering for AdBlock when they read this, but why is it ok that a browser can install spyware, viruses, etc when you are browsing a web page? Shouldn't this be something that can only happen on sites that you explicitly permit or upon agreeing to a dialog asking if it's ok to run a given program? If you can experience this problem with double-click, then you can experience the same problem with any web site out there, so I'd much rather see us fixing the security holes in various browsers.
Much to many people's disappointment, things are being handled quite smoothly considering the staggering scale of the trade imbalance. China will take over as the super power, the USD will continue to devalue which is healthy for us to regain the trade balance, and another third world will take over as Wal-Mart's supplier. If I were to guess, it's going to look a lot like the cold war all over again, except this time, people realize it's possible to survive it as long as we keep a level head. The complaining we are hearing from politicians now is hypocritical to be sure, but not surprising considering all the other things they find to wine about without actually doing anything.
I think we can all agree his opinion is pretty useless. He's trying to suggest the iPhone is more secure, yet the problem there is that if there was a virus, you wouldn't be allowed to fix the problem. And considering they've already found ways to unlock them and run apps on them, a virus is sure to come one day. If we are going to look at the impact an open phone has, we can review the results of Palm and Windows Mobile and see just how far off from reality he is. You get security problems by writing an insecure OS (e.g. everything as administrator in Windows) and by allowing unknown software to run (ohh, I can click ok to see Britney's boobies!). And I suspect that google and friends will do a better job of that than either Palm or Windows Mobile did.
:-)
And the best part of all, the WSJ blog is run on Apache/Red Hat. Unless we're trying to say Ben Worthen is a worm
I'm a bit concerned of what would happen when a vi hotrod and an emacs SUV start a holy war.
Sadly, in any democracy where money and votes result in power, entrepreneurs will always lose. We are a minority of the vote, so all the wealth redistribution fans will put people in power that take money from anybody but them. And when it comes to money, the shoe-string garage operations just don't compare to the mega-corporations and their government sponsored monopolies.
This is why we are seeing more and more laws passed that tax hotel guests, reckless drivers, smokers, the self employed, and um-teen other small groups to fund something like (to use Virginia as an example) our traffic problems when the gas tax is forbidden from being touched, not indexed to inflation, and unchanged since I was born. The more we tax the minorities, the more the minorities will go elsewhere, and eventually they will come for those in the majority because there's no one else left.
I'd much rather see taxes targeted at people that use the given service. Every person needs to fund the police, property owners need to fund the fire departments, families with children need to fund the schools, drivers with cars or people buying gas need to fund our roads, etc. These kinds of taxes should encourage people to live a more efficient lifestyle and for those that want to pay more to live better, that's their choice. Today, we have a system setup to encourage the poor to have more children to collect a bigger welfare check, I'm paying for their school, and some smoker is paying for the roads that I drive on. The disconnect means that roads are overcrowded and under maintained, schools use trailers to handle the overflow, and every politician promises to do something to cut down on the high property taxes.
...they want their band back.
After all, if the US didn't believe in getting the best scientist from other countries, Germany would have had the atom bomb first and Nasa would have been set back years.
IBM flat out removed license keys from some of their software. It was used by big businesses, everyone that needed it had a key already, and it made it easier for people to setup labs and learn the software so they would want to use it. Of course, their software is big enough and visible enough that the risk of someone reporting a pirate install is too high for most. And they make sure to get paid well for support. In the end, they simply looked at their customer and realized that stopping pirates does more harm to their business than good.
When you get into the personal market, that model changes. But since you are targeting businesses, the most I would do is call home from time to time to let you know where your software is being used, but not to disable it. Then you just use places with an unusually large number of machines reporting back as an opportunity for a sales call to help them get in compliance. Tie the call home in with an update notification service, and most businesses won't have a problem with the connection.
Let the flames begin!
Sorry, couldn't help it.
Watching TV leads to parents yelling at kids to stop wasting all the time doing nothing. So kids learn to get their viewing in quickly. There's also the issue with advertisements and multiple channels. People learn to not focus too much on one show because their ad will be over in the important channel in 2 minutes, but dvr's are fixing that. I still like blaming parents, well them and society, since they made things so bad in the world that the den is the last semi-safe place for kids to play. Whatever happened to the innocence of riding a bike down the middle of the street with a toy gun playing cops and robbers?
We now return to the regularly scheduled "what were you talking about" jokes.
I'd love to see a GPS that allows more 2-way interaction. They already have bluetooth in many of them to allow traffic and weather downloads. Having users able to upload accident info, construction, speed traps, etc would be a fantastic extension. The trick will be taking an off the shelf gps product and writing the open source firmware since I doubt any major vendor would permit the flexibility that people really want.
The government may as well ban a good portion of it then. Any commercial company funding this research would likely be boycott immediately by a decent size chunk of the population and driven out of business before they can realize the benefit of their funding. And if they do find some good from their funding, they will almost certainly patent the result and keep the US 20 years behind the rest of the world.
Since you asked, I draw the line where you "decide to preserve a living human life". At the end of life, this is typically around the point when organs fail and brain waves cease. Hair and fingernails may still be growing, but the person is no longer alive and can now be used for organ donation to improve someone else's life. I forget where brain waves come in an embryo's development, somewhere in the second trimester I believe, but that's where I think it deserves protection.
No doubt about it, it's a tough issue that we haven't handled well. It gets even more interesting when you consider a fathers rights. Can he insist that an accidental pregnancy be terminated, or that a disabled child that a mother doesn't want be carried to term and placed in his custody? Is he responsible for child support when the mother insist on having a child and he offered to pay for an early term abortion?
Morals plain and simple are not scientific, they are created by humans to make existence easier. Each society has developed morals a little differently, but for the most part, there are common themes. Killing and violence are limited if not forbidden, and other rules are designed to make things fair. People view religions in different ways, but philosophically, they are designed to maintain order in society, and in many ways, what's moral for society and moral in a religious sense have many parallels. And it's important to realize that what's moral for yourself, moral for a religion, moral for others, and moral for society will always have differences because everyone is different. Democracy and monarchy have been the two main ways to reduce those differences, but there are still far too many of those to eliminate conflict, and many people belong to multiple, sometimes conflicting, groups.
Science has the advantage that it can show logically what it knows and how it knows it. I
For just one example, ponder for a second when you've recently returned an item purchased with a credit card. How many times was the refund given to you on your credit card without you giving them your card. This means they still have your full card number on file for that receipt. The POS software is usually where the credit card charge and refund is processed from, so from that machine, they have access to your number (not centrally like you would need to be secure). And therefore, from any machine you can get on the store network, you have access to every credit card number handled by them if you can crack the POS software (which is always produced by a 3rd party). With the wireless hand-held devices (or even the cart mounted onces I've seen at home improvement stores) to check inventory, the easy thing is to put the wireless on the store WAN as well, so you have an easy access point for any determined cracker. The store WAN also tends to have access to every other store in the company plus nonfirewalled access to multiple high priority servers at the corporate side.
I've consulted for multiple retail organizations, TJX included, and none of them are perfect. The example above is only looking at the stores, and not the corporate PC's, and laptops, and vendors laptops that are prime jumping off points for worms and trojans. I think the question isn't how many will be breached in the future, but rather how many have been breached and we don't know it, and more importantly, how many have been breached and they don't even know it.
1. What's so bad about RTFA?
2. If you were paying attention, every article for the past 6 months has been referring to it as TJX (it is the corporate name after all). The first articles about it included something about it being TJ Maxx/Marshalls/etc.
Of course the knee jerk reaction is to make corporations more accountable, raise the risks for the owners, etc. As others have pointed out, no one would want to run a corporation where they are liable not just for doing their job, but being sure that no mistakes were made by anyone else (like the IT worker turning off a firewall, or the janitor that doesn't put down a wet floor sign). Take the current executive pay and bump it up by a factor of 10. Honestly, all the barriers, rules, legal risk, etc are part of the reason big companies have gotten so big.
Also, lets not forget that if the executives really did something wrong, closing the business isn't enough. There's still a legal record of who owned the business when the breach occurred. What the hospitals are upset about is that the investors stopped putting money into the company which they could try to get their hands on. The investors already lost because the company folded, they never saw a return on their money, and probably lost their principle, too. As did the shareholders (stock=0), employees (no unemployed, a few of them rightfully so), executives (with a black mark on their record for something they didn't do), etc. Anyone who walks away from a folded company as a winner either did nothing wrong, scammed the system, or was really good and didn't get caught. None of which appears to have happened here.
If you want to be anti-big business, you need to cut down the barriers so that "locally owned" has a fighting chance against the "benefits of scalability".
When your weapons are used against you, you have to wonder if you really needed that weapon in the first place. And people should question why we let you have that weapon. Of course this all assumes that people have an influence on the government, which seems like we haven't for quite a long time, if ever. But I digress, this can all be summed up by a child in a cartoon:
Calvin and Hobbes