I bought coin at Coinbase 30 minutes ago. If you followed them on a regular basis, you'd know about their daily global cap, which they're working to remove as soon as is feasible. That's expected of a service that's still technically in beta, and they're working on other kinks here and they're. All in all, I haven't been troubled by such quirks, and the site has worked well for me. Give them a shot.
You really, really didn't look very hard. Your next stop should be Coinbase, where you can transfer your coins to a wallet with them and cash them out to a bank account.
It's not a problem with Amazon. The issue is with developers not bothering to think about what they're doing when they chuck data into buckets that are expressly set to public. It's potentially a very large problem for companies that expose sensitive customer information or things like access credentials in this manner. If you think I'm kidding about the latter, I'm not, having seen that happen.
The difference here is most of this shit is supposed to be public.
Most != All. The entire point of this sort of exploit is to draw attention to widespread gross misunderstanding and misconfiguration of services used by a great many developers, content managers, etc. Maybe this is difficult to understand, so allow me to rephrase it: the entire point is that a large number of these files shouldn't be public, and at minimum this demonstrates incompetence on the part of those who put those files into public buckets. More interestingly, depending on the nature of the improperly stored data, the companies who employ these people can be held liable for severe legal penalties related to failure to properly secure their customers' sensitive information.
In short, you're either the sort of asshat who blames security researchers in general for finding and publishing security problems, or you're grossly ignorant of how these things actually work, or both. Have a nice day.
The nice thing about things like OpenStack is the fact that you can exert as much control over the underlying hypervisor/host functionality as you want. With such facilities, I can give you better isolation and security than VMware can provide right now, and I say this as a senior engineer who deals with VMware on a daily basis. It appears you're once again speaking without properly researching things first.
KVM provides full virtualization with hardware acceleration, and the line between Type 1 and Type 2 is significantly blurred by virtue of the fact that the loadable kernel module for it does indeed operate as a bare metal hypervisor. You aren't limited to Linux guests, either. I've got a combination of Linux, BSD, Windows, and Solaris guests running in a cluster right now. These guests run unmodified, and performance is admirable. In fact, it's better than I've achieved on similar hardware with VMware, and I actually have better control of the entire network stack from a host perspective via ebtables and arptables. Fine grained resource management is available via cgroups facilities.
Do you actually operate anything in a KVM environment?
This isn't merely a problem of specialization limiting perception. You're expecting average users to consistently conduct themselves in a manner they're demonstrably incapable of, at least the majority of them. Terminating the employment of those who fall victim to attacks through their own inaction or outright carelessness isn't a long term solution either, as it merely results in churn and a significantly higher bar in terms of what sort of person may be employed at a company. Money is limited, and organizations have to make decisions on the most effective ways to spend that capital with an aim to improving overall organizational security. That money is best spent on incrementally improved and frequently reevaluated security infrastructure and processes that inhibit improper access or information disclosure without overt reliance on human operators to make correct choices in terms of security posture, because those operators will often fail.
I've spent years dealing with problems in this area, and I strongly dislike the reality of the situation. Unfortunately, my disliking it doesn't make it less true.
Here's a better car analogy. You're driving down the street on four bald tires, and a guy driving a truck for a tire shop happens to pull up next to you at a red light. The guy remarks on your crap tires, and now you have two choices. You can listen to him because he probably knows what he's talking about when he tells you you're running a serious risk of dying on the highway when one of those tires fails catastrophically, or irrationally ignore him because you perceive that he's just trying to sell you something.
All the driving skills and seat belts in the world won't beat physics when one of those tires blows out at 80 mph and you flip the median into an ongoing semi.
Bruce is right. In many environments, information awareness training is an attempt to solve the problem at entirely the wrong end of the failure chain, and is frequently ineffective. It may be difficult to hear for some, but the fact is that such training simply doesn't have a great track record of producing significant overall gains in organizational security, largely owing to the difficulty of mitigating widespread stupidity on the part of human operators. Most companies are not wholly staffed by information security experts, and any perceived near term security gains following training sessions quickly erode as employees revert back to an attitude of "I just want to do X, Y, and Z, and I'm too busy to keep thinking about those scary stories portrayed in last week's training."
Even military environments suffer from these training challenges. The difference in a military unit is the very real possibility of going to prison for merely mishandling cryptographic material on accident. On the "low" end of the punishment scale, there's more than a few senior enlisted military comms folks out of a job because of such process failures. I served with one such person.
It's worth noting in closing that you might want to spend a bit of time looking into who Bruce Schneier is before framing him in any additional snarky quote marks. To say this is a man who typically knows what he's talking about is an understatement.
The term "smart" may be interpreted in many ways, depending on context. In terms of raw utility, I tend to classify a marked ability to synthesize disparate pieces of information into new observations and processes that eliminate or leverage inefficiencies (which are really the same thing, as any given number of systems interact with one another to some defined degree) as the most important definition. It's the working model which tends to have the greatest tangible impact on societies on the whole when viewed on scales as small as a decade. Using this definition, it sensibly follows that formal education as defined by mere conveyance of raw facts and figures, with a dose of what essentially amounts to an attractive but largely fictitious promise of enhancement of "critical thinking skills, creative thinking, and interpersonal communication abilities" is at best a sideshow distraction in terms of long term practical utility for individuals with high marks in the initial representation of "smart."
Smart people absorb information and make connections. This is learning in a very pure sense. Smarter people collect smart people and repeat that process using the first batch of smart folks as inputs. The rest of society trundles along doing what they can to live their idea of a happy and functional life, which is perfectly fine and and is a representative of the greater part of the curve.
It is indeed difficult to educate smart people. They're frequently too busy solving problems, building things, and interacting with other smart people.
Are you aware that most labels do in fact control distribution as well as marketing and in many cases production? Do you even know what a record label is, or anything about contract grants and copyright law?
It appears you lack the capacity to grasp the literary utility of an emphatic opening statement. For your convenience, the balance of the GP follows.
If there is anything the Obama administration has proven, is that Democrats ONLY hate the GWB neo con agenda when the GOP does it. When a Democrat is even more hardcore than GWB.... Fucking crickets. America would better off by far if every GOP and DNC POS simultaneously had massive strokes. It could be called the stroke of luck in future history books.
In expectation of your inability to comprehend the overarching sentiment expressed therein, please permit me to distill its essence thusly: seriously, fuck you.
Depending of course upon the physical stage for the transaction, the verification period may indeed be a rote formality, more importantly if you've dealt with the other party to the transaction before and most importantly if you plan on dealing with that party again (which represents the very foundation of "credit" ala reputation in economic systems). Again, it's also easy to drastically accelerate the verification time by paying a small transaction fee to the network for processing it. I'd also encourage you to think in more flexible terms such as stored value purchase devices; to use a common example, Starbucks cards let you buy goods from Starbucks. The retailer can set an arbitrary minimum balance on the retail stored value account, at which point verification time means nothing. Especially coupled with additional fiscal and social rewards for utilizing such payments vehicles, the transaction verification time to load the stored value device with credits is removed as a significant factor in the relationship.
I think you're missing some of the benefits of BTC-based transactions. First, they're rather difficult to forge by virtue of reliance upon math for integrity verification. The same can't be said of cash, and the average man on the street would be hard pressed to discern half decent counterfeit paper currency from the real deal. While this particular example may represent a corner case for some, I happen to know two people who have been defrauded with counterfeit currency.
Second, Internet connected devices are everywhere. It's getting rather hard to find people without basic web access via a smart-ish phone in many areas, and full fledged BTC apps are popping up for those with anything fairly modern in terms of radio handsets. I wouldn't be terribly shocked to find devices that cater to simple apps and BTC transactions popping up in developing areas in the near future either.
With respect to waiting for confirmation, most transactions are verified on the BTC network within one hour. If you're willing to pay a small transaction fee to the network, verification can come more quickly. As a side effect of this state of affairs, you might just gain the benefit of meeting up with your transactional counterpart at a coffee house and having a tasty beverage. I call that an excuse to take a break, and welcome it.
Please bear in mind that one of the more interesting aspects of this story is the fact that there is no standard set of currency exchanges for BTC. In fact, it's rather trivial to set one up. For well recognized exchanges, there are various actors in the market, each with varying codebases driving their infrastructure.
This is a fairly direct example of one of the strengths of Bitcoin as a currency, and speaks volumes to the advantages that can be gained by network users who utilize as many distributed exchange mechanisms as possible. The best part of all is the fact that such endeavors are trivially implemented in simple software constructs on the part of other actors. Avoiding being tied to a very limited set of transaction authorities can be a very good thing, especially for actors who aren't sensitive to short term fluctuation in currency valuation and can leverage gains in various ways.
Welcome to the digital currency equivalent of the "sexy side" of insurance businesses, sans a few of the standard issue problems, at least for modestly capitalized players.
There's nothing stopping you from conducting a Bitcoin transaction in person, aside from the other party needing to hold and/or be able to receive BTC as well. For the holding part, new solutions providers such as Coinbase are starting to focus on merchant gateway style solutions. Progress is being made.
Slashdot Mirror
This explains the quality of many iOS apps.
Yeah, "I see dead people, they're everywhere" does seem like a decent description of most corporate boards.
Such projects are already funded with USD, and no, there is no accountability involved.
At the risk of getting called out for double posting, here's the screencap for that transaction I just mentioned in my last reply.
I bought coin at Coinbase 30 minutes ago. If you followed them on a regular basis, you'd know about their daily global cap, which they're working to remove as soon as is feasible. That's expected of a service that's still technically in beta, and they're working on other kinks here and they're. All in all, I haven't been troubled by such quirks, and the site has worked well for me. Give them a shot.
You really, really didn't look very hard. Your next stop should be Coinbase, where you can transfer your coins to a wallet with them and cash them out to a bank account.
It's not a problem with Amazon. The issue is with developers not bothering to think about what they're doing when they chuck data into buckets that are expressly set to public. It's potentially a very large problem for companies that expose sensitive customer information or things like access credentials in this manner. If you think I'm kidding about the latter, I'm not, having seen that happen.
The difference here is most of this shit is supposed to be public.
Most != All. The entire point of this sort of exploit is to draw attention to widespread gross misunderstanding and misconfiguration of services used by a great many developers, content managers, etc. Maybe this is difficult to understand, so allow me to rephrase it: the entire point is that a large number of these files shouldn't be public, and at minimum this demonstrates incompetence on the part of those who put those files into public buckets. More interestingly, depending on the nature of the improperly stored data, the companies who employ these people can be held liable for severe legal penalties related to failure to properly secure their customers' sensitive information.
In short, you're either the sort of asshat who blames security researchers in general for finding and publishing security problems, or you're grossly ignorant of how these things actually work, or both. Have a nice day.
The nice thing about things like OpenStack is the fact that you can exert as much control over the underlying hypervisor/host functionality as you want. With such facilities, I can give you better isolation and security than VMware can provide right now, and I say this as a senior engineer who deals with VMware on a daily basis. It appears you're once again speaking without properly researching things first.
KVM provides full virtualization with hardware acceleration, and the line between Type 1 and Type 2 is significantly blurred by virtue of the fact that the loadable kernel module for it does indeed operate as a bare metal hypervisor. You aren't limited to Linux guests, either. I've got a combination of Linux, BSD, Windows, and Solaris guests running in a cluster right now. These guests run unmodified, and performance is admirable. In fact, it's better than I've achieved on similar hardware with VMware, and I actually have better control of the entire network stack from a host perspective via ebtables and arptables. Fine grained resource management is available via cgroups facilities.
Do you actually operate anything in a KVM environment?
Obligatory
Automatic breaking
Yeah, that does describe a lot of IT deployments from a security perspective.
This isn't merely a problem of specialization limiting perception. You're expecting average users to consistently conduct themselves in a manner they're demonstrably incapable of, at least the majority of them. Terminating the employment of those who fall victim to attacks through their own inaction or outright carelessness isn't a long term solution either, as it merely results in churn and a significantly higher bar in terms of what sort of person may be employed at a company. Money is limited, and organizations have to make decisions on the most effective ways to spend that capital with an aim to improving overall organizational security. That money is best spent on incrementally improved and frequently reevaluated security infrastructure and processes that inhibit improper access or information disclosure without overt reliance on human operators to make correct choices in terms of security posture, because those operators will often fail.
I've spent years dealing with problems in this area, and I strongly dislike the reality of the situation. Unfortunately, my disliking it doesn't make it less true.
Here's a better car analogy. You're driving down the street on four bald tires, and a guy driving a truck for a tire shop happens to pull up next to you at a red light. The guy remarks on your crap tires, and now you have two choices. You can listen to him because he probably knows what he's talking about when he tells you you're running a serious risk of dying on the highway when one of those tires fails catastrophically, or irrationally ignore him because you perceive that he's just trying to sell you something.
All the driving skills and seat belts in the world won't beat physics when one of those tires blows out at 80 mph and you flip the median into an ongoing semi.
Bruce is right. In many environments, information awareness training is an attempt to solve the problem at entirely the wrong end of the failure chain, and is frequently ineffective. It may be difficult to hear for some, but the fact is that such training simply doesn't have a great track record of producing significant overall gains in organizational security, largely owing to the difficulty of mitigating widespread stupidity on the part of human operators. Most companies are not wholly staffed by information security experts, and any perceived near term security gains following training sessions quickly erode as employees revert back to an attitude of "I just want to do X, Y, and Z, and I'm too busy to keep thinking about those scary stories portrayed in last week's training."
Even military environments suffer from these training challenges. The difference in a military unit is the very real possibility of going to prison for merely mishandling cryptographic material on accident. On the "low" end of the punishment scale, there's more than a few senior enlisted military comms folks out of a job because of such process failures. I served with one such person.
It's worth noting in closing that you might want to spend a bit of time looking into who Bruce Schneier is before framing him in any additional snarky quote marks. To say this is a man who typically knows what he's talking about is an understatement.
The term "smart" may be interpreted in many ways, depending on context. In terms of raw utility, I tend to classify a marked ability to synthesize disparate pieces of information into new observations and processes that eliminate or leverage inefficiencies (which are really the same thing, as any given number of systems interact with one another to some defined degree) as the most important definition. It's the working model which tends to have the greatest tangible impact on societies on the whole when viewed on scales as small as a decade. Using this definition, it sensibly follows that formal education as defined by mere conveyance of raw facts and figures, with a dose of what essentially amounts to an attractive but largely fictitious promise of enhancement of "critical thinking skills, creative thinking, and interpersonal communication abilities" is at best a sideshow distraction in terms of long term practical utility for individuals with high marks in the initial representation of "smart."
Smart people absorb information and make connections. This is learning in a very pure sense. Smarter people collect smart people and repeat that process using the first batch of smart folks as inputs. The rest of society trundles along doing what they can to live their idea of a happy and functional life, which is perfectly fine and and is a representative of the greater part of the curve.
It is indeed difficult to educate smart people. They're frequently too busy solving problems, building things, and interacting with other smart people.
Are you aware that most labels do in fact control distribution as well as marketing and in many cases production? Do you even know what a record label is, or anything about contract grants and copyright law?
It appears you lack the capacity to grasp the literary utility of an emphatic opening statement. For your convenience, the balance of the GP follows.
If there is anything the Obama administration has proven, is that Democrats ONLY hate the GWB neo con agenda when the GOP does it. When a Democrat is even more hardcore than GWB .... Fucking crickets. America would better off by far if every GOP and DNC POS simultaneously had massive strokes. It could be called the stroke of luck in future history books.
In expectation of your inability to comprehend the overarching sentiment expressed therein, please permit me to distill its essence thusly: seriously, fuck you.
You can't.
Don't worry, radiation probably won't bring him back to life.
Depending of course upon the physical stage for the transaction, the verification period may indeed be a rote formality, more importantly if you've dealt with the other party to the transaction before and most importantly if you plan on dealing with that party again (which represents the very foundation of "credit" ala reputation in economic systems). Again, it's also easy to drastically accelerate the verification time by paying a small transaction fee to the network for processing it. I'd also encourage you to think in more flexible terms such as stored value purchase devices; to use a common example, Starbucks cards let you buy goods from Starbucks. The retailer can set an arbitrary minimum balance on the retail stored value account, at which point verification time means nothing. Especially coupled with additional fiscal and social rewards for utilizing such payments vehicles, the transaction verification time to load the stored value device with credits is removed as a significant factor in the relationship.
BTC is divisible into smaller units. To quote the link:
In trade, one bitcoin is subdivided into 100-million smaller units called satoshis, defined by eight decimal places.
Your entire argument is therefore invalid. Perhaps you shouldn't have wasted so much time typing it.
I think you're missing some of the benefits of BTC-based transactions. First, they're rather difficult to forge by virtue of reliance upon math for integrity verification. The same can't be said of cash, and the average man on the street would be hard pressed to discern half decent counterfeit paper currency from the real deal. While this particular example may represent a corner case for some, I happen to know two people who have been defrauded with counterfeit currency.
Second, Internet connected devices are everywhere. It's getting rather hard to find people without basic web access via a smart-ish phone in many areas, and full fledged BTC apps are popping up for those with anything fairly modern in terms of radio handsets. I wouldn't be terribly shocked to find devices that cater to simple apps and BTC transactions popping up in developing areas in the near future either.
With respect to waiting for confirmation, most transactions are verified on the BTC network within one hour. If you're willing to pay a small transaction fee to the network, verification can come more quickly. As a side effect of this state of affairs, you might just gain the benefit of meeting up with your transactional counterpart at a coffee house and having a tasty beverage. I call that an excuse to take a break, and welcome it.
Please bear in mind that one of the more interesting aspects of this story is the fact that there is no standard set of currency exchanges for BTC. In fact, it's rather trivial to set one up. For well recognized exchanges, there are various actors in the market, each with varying codebases driving their infrastructure.
This is a fairly direct example of one of the strengths of Bitcoin as a currency, and speaks volumes to the advantages that can be gained by network users who utilize as many distributed exchange mechanisms as possible. The best part of all is the fact that such endeavors are trivially implemented in simple software constructs on the part of other actors. Avoiding being tied to a very limited set of transaction authorities can be a very good thing, especially for actors who aren't sensitive to short term fluctuation in currency valuation and can leverage gains in various ways.
Welcome to the digital currency equivalent of the "sexy side" of insurance businesses, sans a few of the standard issue problems, at least for modestly capitalized players.
There's nothing stopping you from conducting a Bitcoin transaction in person, aside from the other party needing to hold and/or be able to receive BTC as well. For the holding part, new solutions providers such as Coinbase are starting to focus on merchant gateway style solutions. Progress is being made.