I plan to trademark the word "faggots" in the context of a gaming company, and charge a dime for each use in public forums. I'll make millions off discussions regarding Ubisoft, EA's working environment and King's IP strategies.
I love how commentators come out of the woodwork after a breach to say how they would have stopped that particular event...after the event has happened, and especially after the full details have come out. The problem, of course, is that the actual defenders don't know how the attack will come, where it will come from, or when it will happen. I think it's particularly noteworthy that even after the fact, it took this guy weeks to come out with his suggestion, as single-minded as it is. Weak.
The premise that any form of payment will be inured against breach is ridiculous. This has never happened...of course, it's supposed to be a feature of each new system, but it never quite works out that way. I see no reason to think that this will change anytime soon.
No! Not French Fries! Freedom Fries! Remember 9/11!
Also, not French Kissing! Freedom kissing! NO TONGUE, OR THE TERRORISTS WIN!
(Sorry...apparently I've been possessed by the ghost of Ann Coulter's career. I have someone with common sense and knowledge of facts coming to perform an exorcism later today.)
Correlation with one data point is not causation, idiot.
The alternative explanation is most Netflix employee work is so routine that anyone could do it - you could hire a mediocre, good or brilliant employee and you'd end up with the same result.
They're not a research lab. Aside from the people who do their marketing and negotiate with the film labels, they're not doing anything that anyone else could do - indeed, the pirates are far better at delivering the films I want to watch. They can't even write decent HTML/JS/CSS, but again, it's "good enough", so who cares?
Actually...Netflix does quite a lot of research. They are famous as being tireless in their quest to improve every aspect of their business...and while most of those changes are invisible to us there are still plenty that are quite apparent.
Remember back many years ago,when the return envelopes started showing up with the window cut-outs so that the bar code of the DVD could be scanned from the outside? That effectively saved them an entire day on DVD turnaround by allowing them to validate which subscribers had returned DVDs before having to actually process said incoming DVDS.
Netflix has actually worked so hard at optimizing their content delivery that they use AWS more effectively and efficiently than Amazon does. This is not even remotely trivial.
Netflix's recommendation algorithms have undergone multiple generations of evolution, and Netflix was very early as a pioneer of crowdsourcing before the term even existed.
And now, Netflix is deliberately trying to disassemble the current content delivery model whereby things are bundled and then bundled again. The show is bundled with other shows in the network, and the network is bundled with other channels in the cable/dish/FIOS package. Netflix is creating entire series and delivering them a la carte; they are also producing those series in a different way, based on what they have learned (through...wait for it...RESEARCH) about how people will consume such shows when they are made available all at once instead of parceled out an episode at a time over the span of months.
I get a kick out of how as soon as a company has a lot of market share, a widely shared opinion on Slashdot forms that they must somehow be predatory and evil. As I see it, Netflix came out of nowhere, defeated the existing and universally-despised incumbents, survived attempts by major companies to copy their business model (showing in the process that for all the simplicity exposed to the customer, Netflix really is doing some amazing stuff in the back-end operations) and continued to deliver good customer service. I've never had a bad experience with Netflix, and that's saying something after over a decade as one of their customers. Seems to me that they're what I want big companies to be like...unlike pretty much every other company in the entertainment industry. Do I like every single solitary thing they do? No. I don't like every single solitary any company...or person...does. But when they say that X is part of their secret to success, I tend to believe them. It seems to me that they know more about how they got where they are than any of us do.
Please, please, please, somebody steal those wallets. What are the chances they haven't been secured correctly? All it takes is some bureaucratic error resulting in bad opsec and some thieves with big balls of steel and we'll have the bitcoin story of the year.
Actually, I bet something like this is happening as we speak:
John Travolta (made up to look slightly different, as a blonde with a bit of a goatee): "Hey, Stan. How've you been?" Hugh Jackman: "Oh, SHIT! Not this crap again..."
It's a fucking propaganda piece. It's quite easy to see right through the bullshit.
If a BIOS exploiting malware was a real threat where's the CVE for it? Where's the advisory?? A BIOS crippling virus released into the wild has no need for secrecy unless the NSA themselves released it. It's quite convenient they mention they thwarted a "major cyber attack" without releasing the name of the virus nor when this supposedly happened.
What a fucking joke that entire interview was....
One, there's no CVE for malware. The "V" in "CVE" stands for "Vulnerability."
But I think you're right otherwise, and this is total propaganda. So, let me get this straight, 60 Minutes: our largest trading partner, who manufactures more of our goods than any other country, and on razor-thin profit margins while your own economy wobbles, would for no particular reason go out and mess up the economy of their largest customer.
I CALL UNBELIEVABLE FUCKING ASS-FUCK SHENANIGANS.
It makes absolutely no sense. Not only does China have nothing to gain by disrupting our economy that way, they have a lot to lose. It would also be considered an act of war, and one that would be sure to align pretty much the whole planet against them.
So, maybe it was someone else...I can think of very few countries that have any reason to do something so much like poking a sleeping lion with a stick, but they are out there. As you said...why not provide more details?
I'd be willing to bet that what they actually stopped was a very small targeted attack like Shamoon, and that attribution is classified. Unless they're completely making it up entirely, which is less likely in my opinion.
Not as good as it used to be, we run Forefront which uses the same definitions and have had a number of things get through it as of late.
MSE used to be good, but MS seems to have really slipped up last couple of years. They have fallen to the bottom of all the tests, that they use to be in the top of, and even if you don't believe in tests, more and more real-world reports of things slipping through, like poster above here. It has gotten so bad that MS themselves now publicly recommend that their customers use additional 3rd party AV. That is pretty damning.
The test you refer to (not tests) is a notoriously vendor-driven one, which really has no credence with the larger AV community. And there's a bit of misinterpretation; MSE is designed to be compatible with another AV solution, so that the two can coexist. This is made possible by the fact that MSE integrates with Windows as only a Microsoft product could. MS didn't say "don't use our solution all by itself, the MSE r h4x0red!"
offloading all of that effort to the owners of the cars.
And eliminating a good deal of it, too.
The owners aren't going to be doing the engineering to safely house the batteries, nor will they be installing the monitor system to detect problems, nor becoming experts in the maintenance and electrical construction of battery systems. That's all been done already by the vehicle manufacturer, and the work has been paid for whether or not the company uses the batteries.
What's offloaded to owners is the cost of consumables, like the charge/discharge cycles mentioned here several times already. Then it's a question of whether the trade is mutually-beneficial. If six cars saves the company $4600, the company can pay the owners about $700 each year for about 250 recharge cycles. With that in mind, the cost of batteries (which I don't know offhand) and the lifetime in cycles (also unknown to me) will determine whether that's a fair trade. Sharing resources to reduce expenses might just end up being mutually profitable.
Your first point is kind of true, and kind of not. It's not eliminating any of that stuff at all...the cars do have to be designed to be safe, after all. But it's the owners of the cars paying the auto companies, in essence, to do that engineering for them. But the selection process of choosing a safe car over an unsafe one still resides with the owner. And yes, the consumables cost is entirely offloaded...and I would say, possibly increased also. The way in which an electric car in motion cycles its batteries is very different from how the cycling takes place when a car that was recharging flips over to become a demand response power source for a short period of time...and I would suggest that the car is optimized for the former and not the latter.
The batteries in a Leaf are a significant fraction of the price, few business want to spend $120k on batteries, when they can get them for 'free' from their workers.
The cost of the batteries is small in comparison to maintenance. Managing the batteries means hiring someone with that knowledge or paying for training/other development to get it in-house...at which point, those people would become more desirable on the job market as more buildings installed battery systems, increasing cost of retaining that talent. Then there are the business processes that need to be developed, the provisioning of a room to store them (and OSHA/building code concerns around a room full of batteries, which is no minor thing), and so on.
Or, they can just use the cars parked outside, offloading all of that effort to the owners of the cars.
When the company sanctions plugging into the companies grid, the maintenance and potential OSHA violations that go along with the cars is now their responsibility as well.
The company ends up with more responsibility, not less, because now they have to make sure your car isn't going to be any more of a risk since its powering the building... and that you've made sure to take proper care so that it doesn't explode when I walk by. And yes, LiPo's explode.
Ah, no. There are no OSHA considerations around either electric cars or their charging stations. The fact that something can, under certain conditions, be dangerous is not an automatic trigger of OSHA regulatory oversight. And unlike you, I'm not guessing at this; I work for a civil engineering firm that does an enormous amount of work on the power grid and I've been involved in a number of projects related to DR (Demand Response), which is the body of technologies that this includes. The company's oversight does not extend to personal property of their employees when their cars are parked at work.
The batteries in a Leaf are a significant fraction of the price, few business want to spend $120k on batteries, when they can get them for 'free' from their workers.
The cost of the batteries is small in comparison to maintenance. Managing the batteries means hiring someone with that knowledge or paying for training/other development to get it in-house...at which point, those people would become more desirable on the job market as more buildings installed battery systems, increasing cost of retaining that talent. Then there are the business processes that need to be developed, the provisioning of a room to store them (and OSHA/building code concerns around a room full of batteries, which is no minor thing), and so on.
Or, they can just use the cars parked outside, offloading all of that effort to the owners of the cars.
That would be the perfect user interface design for such a device. Nipple.Navigation(tm)
Except if they let the Windows 8 team design the interface, they'd misinterpret the requirements and you'd have to softly caress a pair of hairy balls instead.
You people and your simplistic "Good Guys/Bad Guys" concepts, dear lord....
So...it's called "sarcasm," yeah. What you just said was the point of my entire post...the person I was responding to was taking the view of "weapons can do bad things, so all people who make weapons are doing bad things, and should feel bad about it." There was no recognition of "dual use" technologies (like the Internet, GPS, explosives, etc.) or the fact that sometimes fighting is the morally correct choice, as unpleasant as it may be.
Every single person needs to do this. If you work in the weapons industry and don't feel bad about it, you are a psychopath. Simple.
So your view is that good guys produce no weapons, and bad guys produce lots of weapons...and it's that simple? What happens when the bad guys decide to be bad with their weapons by turning them on the unarmed, defenseless good guys?
Or, is it that some people should work in the weapons industry, but feel really really bad about it. And of course, those of us who have happy jobs are the better people, since we took the "high road" by forcing someone else to be bad. Perhaps we could have a lottery (Shirley Jackson's version), to decide who among us has to be bad so that our good lives can continue safely. Then we can all sit back and bask in the shiny, sunny warmth of just how good we all are, unlike those bad, bad people who make weapons that we can defend ourselves with...
My lame company only prides itself on stupid shit like making good products and pleasing its customers.
Submitter never said what his company actually does.
Perhaps having a "nice office aesthetic" is a requirement in the field they work in - perhaps it's even... design! Last thing most customers looking for design work want to do is walk into a butt-ugly office that's full of drab (but functional) office furniture.
And there are many fields where yes, the office aesthetic does matter, especially in creative industries. And customers expect it, nay, demand it - they want to see what sort of creative "product" the company has, and office design is one of them that's visible, beyond existing products on the market.
Apple has shown that form is important - if not as important, as function. Having function is necessary, but so is form, as function without form is a complex mess no user desires. Though of course, sometimes they lean too far towards the "form" part at times.
And sometimes, it's actually GOOD to work in an environment that's not just beige cubes in a beige office with beige tables and beige equipment.
Okay...but then, if something like a "nice office aesthetic" is core to their business, why are they asking for design advice on Slashdot? Either way, something is amiss here.
Sounds like they aren't planning on just dumping the weapons into the ocean, they are going to literally destroy them. As another poster said, probably by incineration. So no, you won't be fishing up rusted nerve gas canisters.
You hit it on the head.
The thing to balance here isn't the threat of all that stuff being dumped into the ocean, but the ecological consequences should a more-accessible site for consolidation and destruction of the weapons be attacked. An attack would almost certainly release some agent into the atmosphere, and of course should the attackers make off with any of the weapons or chemicals then you'd probably have an even larger release down the road. Despite what the Call of Duty franchise of games put forth, isolated military sites in the middle of open ocean are quite easy to defend, and make it very difficult for an attacker to abscond successfully with anything of significant weight. The defenders can easily establish a no-go zone that extends for quite some distance, and use active means (divers, passive sensors, sonar) to detect anything larger than a fish that approaches either above or below the surface. It's a lot harder to deny access to such a large area on land, and even harder still to find a country willing to accept such a large stockpile on their own territory (which means transporting the hazardous materials through their territory, starting with either a large airport or a seaport...both of which would suffer greatly in the event of a spill). This way, the materials can leave Syria and stop posing a major threat to civilians as soon as they are over the water.
What is the case at the IRS is actually true pretty much across the board at civilian federal agencies. The problem is FISMA, which is more about ridiculously long reports of checklists about what is in an environment than about any meaningful security approach. The worst part of it, however, is the compliance reporting which is so odious and operose that it actually gets in the way of getting anything changed. (That reporting is the "things we said we do to protect information" part of this story.) So much manpower (or, if consultants are used, money) goes into reporting on security that it significantly drains away those resources from efforts to improve things. So, you can either continuously report a fairly static state of affairs or skimp on the accuracy of the reporting and try to fix things. But, as with all unintended consequences, there is another road...just become so discouraged that you stop giving a shit and just fudge it. Obviously, that third path isn't uncommon among federal workers in many things, not just IT security.
I think anyone who has ever been bird hunting (or clay pigeon shooting) knows exactly how hard it is to hit small moving targets hundreds of feet in the air.
Yes, but two things. One, drones of the sort described in the report don't move around much when being used, and definitely not at the speed of a clay pigeon. Two, you get more than one shot at it. Three, you can use a scope, or a shotgun with a smaller or larger choke as you like. Four, even if you miss, just shooting at the drone may be enough to get them to move it, thus succeeding in impeding its usefulness.
And five, the difficulty of shooting a moving object with a projectile is less than that of shooting at it with a HERF gun. Unlike a rifle, you can't easily zero the sights of a HERF gun or be assured of exactly what the field it generates looks like. Maybe it's wide, maybe it's narrow...testing it is not simple. And even if you can, then you still have to aim it...just like a gun.
New Zealand security researcher Stuart MacIntosh told delegates at the Kiwicon 7 conference in Wellington that some vulnerable drone technology designed in the hobby space had trickled down into use by police and commercial operators.
Which makes it notable. Before you use a consumer-oriented item for more serious use, you need to evaluate its fitness for purpose.
Of course, you might go ahead and use it anyway - that's what risk assessment is all about.
Also true...but honestly, I can't recall the last time cops had to worry about crooks with HERF guns. It would be a lot easier, safer and cheaper for the bad guys to simply *shoot* at the drones in these situations. We're not talking about flights of Predators or Reapers flying thousands of feet up, backed by a Gorgon's Eye implementation. We're talking about what's basically a glorified RC copter flying at hundreds of feet.
I will now coin a new acronym..."KEDW," or "Kinetic Energy Directed Weapon," also known as a "gun," and go speak to a conference about how it is a much worse threat than this...because not only can it shoot down police drones, it can hurt people too!
Unless I run my own DNS, which is far easier than running a CA.
Not if you are using DNSSEC, it isn't. You talk about running your own DNS under those conditions as though a self-signed cert doesn't require a CA; it does. There's no such thing as certs without a CA...
DANE (DNS-based Authentication of Named Entities) RFC6698 does NOT require the use of a recognized CA, although it does not disallow it. There are four "usage" types for certificates (excerpts from the RFC follows):
Certificate usage 0 is used to specify a CA certificate, or
the public key of such a certificate, that MUST be found in any of
the PKIX certification paths for the end entity certificate given
by the server in TLS.
Certificate usage 1 is used to specify an end entity
certificate, or the public key of such a certificate, that MUST be
matched with the end entity certificate given by the server in
TLS.
Certificate usage 2 is used to specify a certificate, or the
public key of such a certificate, that MUST be used as the trust
anchor when validating the end entity certificate given by the
server in TLS.
Certificate usage 3 is used to specify a certificate, or the
public key of such a certificate, that MUST match the end entity
certificate given by the server in TLS.
Both Certificate usage 2 and Certificate usage 3 allow a domain's administrator to issue a certificate without requiring the involvement of a third party CA.
You're confusing "CA" with "third party CA." You need a CA to have a certificate. Hint: the "C" in "CA" stands for "Certificate."
I mean, I guess you could just open an editor and type something out that looks like a certificate pair, but it won't be mathematically usable, and it won't work when you try to do a Diffie-Hellman key exchange with it:)
One big point in favor of this plan is that if it doesn't work well (i.e., if adoption is poor), then they can add support for opportunistic encryption later. Going from opportunistic to mandatory encryption would be a much harder task.
Err...isn't going from opportunistic to mandatory encryption what they're trying to do now? Last I saw, HTTP was seeing a little bit of use already. The addition of a version number to it doesn't change the fact that they're already faced with existing behavior. It seems to me that adoption is already poor...they're just trying to force the issue now instead.
Unless I run my own DNS, which is far easier than running a CA.
Not if you are using DNSSEC, it isn't. You talk about running your own DNS under those conditions as though a self-signed cert doesn't require a CA; it does. There's no such thing as certs without a CA. So, we're back to the "extortion" challenge again...either you run your own CA or are forced to pay someone else so that you can have a cert from theirs. I will say that at least the DNSSEC approach gets rid of the situation where any CA can give out a cert that would impersonate the valid one. In other words, the cert for www.google.com would actually be tied to www.google.com instead of having to just come from any one of the dozens of accepted CAs out in the world.
You may pass on eating a meal, instead giving it to the other guy in exchange for the thing you want.
If the other guy has sufficient food available, he will not want your meal.
Exhibit A: epidemic obesity. All kinds of people obviously want more food than they need.
Exhibit B: how many people eat to deal with depression and stress...and while I've never been to prison, I don't think it's a very happy place with lots of things you can indulge in.
Exhibit C: as stated above, many components of a meal can be used to make things like fermented alcoholic beverages. So it's not always food, per se, that is being traded but rather the precursors of other things which are also desirable.
And you assume that every single prisoner has the exact same caloric needs...whether they're a skinny old guy or an 18-year-old who is hitting the weights every chance they get. I find it profoundly impossible for that to be true.
Prisoners going hungry seems cruel to me.
You do know what a prison IS, don't you? Seriously?
Students learn organic by memorization. It is unfortunate but it's the truth. That said, we expect med students to excel at memorization and regurgitation so OChem is a good tool for learning that. The problem though is that we de-incentivize actual comprehension as the students learn that they won't need >90% of what they memorized in OChem later on (if we exclude that which is acceptable to look up in a reference later).
Quite true. My father is a clinical chemist, having a Ph.D. on the topic and even having taught at an Ivy League university. As a child, I read some of his tomes on things like toxicology and diabetes, just out of boredom. (I read a lot as a kid.) His advice to me when I was going to college? "Don't take organic chem if you don't need it." I've always been good at science, but the gist of it is that orgo is just a long litany of exceptions, like a nightmarishly inconsistent language. Hence the memorization...and the difficulty. Yes, mapping out the electrons helps a bit, but in truth that's more used like a requirement than an aid in keeping straight what is really going on at the molecular level. At one point I took a peek into orgo, and entirely understood the advice I'd been given all those years before. Holy crap...
Slashdot Mirror
I plan to trademark the word "faggots" in the context of a gaming company, and charge a dime for each use in public forums. I'll make millions off discussions regarding Ubisoft, EA's working environment and King's IP strategies.
What they should do is play the theme from Jaws on the beach PA system, changing the tempo based on the shark's distance.
Except that now it sounds different. Instead of "dum-dum," it's "oh, hai"...
Oh, hai.
Oh, hai.
OH HAI OH HAI OH HAI OH HAI OH HAI...
I love how commentators come out of the woodwork after a breach to say how they would have stopped that particular event...after the event has happened, and especially after the full details have come out. The problem, of course, is that the actual defenders don't know how the attack will come, where it will come from, or when it will happen. I think it's particularly noteworthy that even after the fact, it took this guy weeks to come out with his suggestion, as single-minded as it is. Weak.
The premise that any form of payment will be inured against breach is ridiculous. This has never happened...of course, it's supposed to be a feature of each new system, but it never quite works out that way. I see no reason to think that this will change anytime soon.
No! Not French Fries! Freedom Fries! Remember 9/11!
Also, not French Kissing! Freedom kissing! NO TONGUE, OR THE TERRORISTS WIN!
(Sorry...apparently I've been possessed by the ghost of Ann Coulter's career. I have someone with common sense and knowledge of facts coming to perform an exorcism later today.)
Correlation with one data point is not causation, idiot.
The alternative explanation is most Netflix employee work is so routine that anyone could do it - you could hire a mediocre, good or brilliant employee and you'd end up with the same result.
They're not a research lab. Aside from the people who do their marketing and negotiate with the film labels, they're not doing anything that anyone else could do - indeed, the pirates are far better at delivering the films I want to watch. They can't even write decent HTML/JS/CSS, but again, it's "good enough", so who cares?
Actually...Netflix does quite a lot of research. They are famous as being tireless in their quest to improve every aspect of their business...and while most of those changes are invisible to us there are still plenty that are quite apparent.
Remember back many years ago,when the return envelopes started showing up with the window cut-outs so that the bar code of the DVD could be scanned from the outside? That effectively saved them an entire day on DVD turnaround by allowing them to validate which subscribers had returned DVDs before having to actually process said incoming DVDS.
Netflix has actually worked so hard at optimizing their content delivery that they use AWS more effectively and efficiently than Amazon does. This is not even remotely trivial.
Netflix's recommendation algorithms have undergone multiple generations of evolution, and Netflix was very early as a pioneer of crowdsourcing before the term even existed.
And now, Netflix is deliberately trying to disassemble the current content delivery model whereby things are bundled and then bundled again. The show is bundled with other shows in the network, and the network is bundled with other channels in the cable/dish/FIOS package. Netflix is creating entire series and delivering them a la carte; they are also producing those series in a different way, based on what they have learned (through...wait for it...RESEARCH) about how people will consume such shows when they are made available all at once instead of parceled out an episode at a time over the span of months.
I get a kick out of how as soon as a company has a lot of market share, a widely shared opinion on Slashdot forms that they must somehow be predatory and evil. As I see it, Netflix came out of nowhere, defeated the existing and universally-despised incumbents, survived attempts by major companies to copy their business model (showing in the process that for all the simplicity exposed to the customer, Netflix really is doing some amazing stuff in the back-end operations) and continued to deliver good customer service. I've never had a bad experience with Netflix, and that's saying something after over a decade as one of their customers. Seems to me that they're what I want big companies to be like...unlike pretty much every other company in the entertainment industry. Do I like every single solitary thing they do? No. I don't like every single solitary any company...or person...does. But when they say that X is part of their secret to success, I tend to believe them. It seems to me that they know more about how they got where they are than any of us do.
Please, please, please, somebody steal those wallets. What are the chances they haven't been secured correctly? All it takes is some bureaucratic error resulting in bad opsec and some thieves with big balls of steel and we'll have the bitcoin story of the year.
Actually, I bet something like this is happening as we speak:
John Travolta (made up to look slightly different, as a blonde with a bit of a goatee): "Hey, Stan. How've you been?"
Hugh Jackman: "Oh, SHIT! Not this crap again..."
It's a fucking propaganda piece. It's quite easy to see right through the bullshit.
If a BIOS exploiting malware was a real threat where's the CVE for it? Where's the advisory?? A BIOS crippling virus released into the wild has no need for secrecy unless the NSA themselves released it. It's quite convenient they mention they thwarted a "major cyber attack" without releasing the name of the virus nor when this supposedly happened.
What a fucking joke that entire interview was....
One, there's no CVE for malware. The "V" in "CVE" stands for "Vulnerability."
But I think you're right otherwise, and this is total propaganda. So, let me get this straight, 60 Minutes: our largest trading partner, who manufactures more of our goods than any other country, and on razor-thin profit margins while your own economy wobbles, would for no particular reason go out and mess up the economy of their largest customer.
I CALL UNBELIEVABLE FUCKING ASS-FUCK SHENANIGANS.
It makes absolutely no sense. Not only does China have nothing to gain by disrupting our economy that way, they have a lot to lose. It would also be considered an act of war, and one that would be sure to align pretty much the whole planet against them.
So, maybe it was someone else...I can think of very few countries that have any reason to do something so much like poking a sleeping lion with a stick, but they are out there. As you said...why not provide more details?
I'd be willing to bet that what they actually stopped was a very small targeted attack like Shamoon, and that attribution is classified. Unless they're completely making it up entirely, which is less likely in my opinion.
Not as good as it used to be, we run Forefront which uses the same definitions and have had a number of things get through it as of late.
MSE used to be good, but MS seems to have really slipped up last couple of years. They have fallen to the bottom of all the tests, that they use to be in the top of, and even if you don't believe in tests, more and more real-world reports of things slipping through, like poster above here. It has gotten so bad that MS themselves now publicly recommend that their customers use additional 3rd party AV. That is pretty damning.
The test you refer to (not tests) is a notoriously vendor-driven one, which really has no credence with the larger AV community. And there's a bit of misinterpretation; MSE is designed to be compatible with another AV solution, so that the two can coexist. This is made possible by the fact that MSE integrates with Windows as only a Microsoft product could. MS didn't say "don't use our solution all by itself, the MSE r h4x0red!"
offloading all of that effort to the owners of the cars.
And eliminating a good deal of it, too.
The owners aren't going to be doing the engineering to safely house the batteries, nor will they be installing the monitor system to detect problems, nor becoming experts in the maintenance and electrical construction of battery systems. That's all been done already by the vehicle manufacturer, and the work has been paid for whether or not the company uses the batteries.
What's offloaded to owners is the cost of consumables, like the charge/discharge cycles mentioned here several times already. Then it's a question of whether the trade is mutually-beneficial. If six cars saves the company $4600, the company can pay the owners about $700 each year for about 250 recharge cycles. With that in mind, the cost of batteries (which I don't know offhand) and the lifetime in cycles (also unknown to me) will determine whether that's a fair trade. Sharing resources to reduce expenses might just end up being mutually profitable.
Your first point is kind of true, and kind of not. It's not eliminating any of that stuff at all...the cars do have to be designed to be safe, after all. But it's the owners of the cars paying the auto companies, in essence, to do that engineering for them. But the selection process of choosing a safe car over an unsafe one still resides with the owner. And yes, the consumables cost is entirely offloaded...and I would say, possibly increased also. The way in which an electric car in motion cycles its batteries is very different from how the cycling takes place when a car that was recharging flips over to become a demand response power source for a short period of time...and I would suggest that the car is optimized for the former and not the latter.
The batteries in a Leaf are a significant fraction of the price, few business want to spend $120k on batteries, when they can get them for 'free' from their workers.
The cost of the batteries is small in comparison to maintenance. Managing the batteries means hiring someone with that knowledge or paying for training/other development to get it in-house...at which point, those people would become more desirable on the job market as more buildings installed battery systems, increasing cost of retaining that talent. Then there are the business processes that need to be developed, the provisioning of a room to store them (and OSHA/building code concerns around a room full of batteries, which is no minor thing), and so on.
Or, they can just use the cars parked outside, offloading all of that effort to the owners of the cars.
When the company sanctions plugging into the companies grid, the maintenance and potential OSHA violations that go along with the cars is now their responsibility as well.
The company ends up with more responsibility, not less, because now they have to make sure your car isn't going to be any more of a risk since its powering the building ... and that you've made sure to take proper care so that it doesn't explode when I walk by. And yes, LiPo's explode.
Ah, no. There are no OSHA considerations around either electric cars or their charging stations. The fact that something can, under certain conditions, be dangerous is not an automatic trigger of OSHA regulatory oversight. And unlike you, I'm not guessing at this; I work for a civil engineering firm that does an enormous amount of work on the power grid and I've been involved in a number of projects related to DR (Demand Response), which is the body of technologies that this includes. The company's oversight does not extend to personal property of their employees when their cars are parked at work.
The batteries in a Leaf are a significant fraction of the price, few business want to spend $120k on batteries, when they can get them for 'free' from their workers.
The cost of the batteries is small in comparison to maintenance. Managing the batteries means hiring someone with that knowledge or paying for training/other development to get it in-house...at which point, those people would become more desirable on the job market as more buildings installed battery systems, increasing cost of retaining that talent. Then there are the business processes that need to be developed, the provisioning of a room to store them (and OSHA/building code concerns around a room full of batteries, which is no minor thing), and so on.
Or, they can just use the cars parked outside, offloading all of that effort to the owners of the cars.
Dude... I'm dying over here.
That would be the perfect user interface design for such a device. Nipple.Navigation(tm)
Except if they let the Windows 8 team design the interface, they'd misinterpret the requirements and you'd have to softly caress a pair of hairy balls instead.
You people and your simplistic "Good Guys/Bad Guys" concepts, dear lord....
So...it's called "sarcasm," yeah. What you just said was the point of my entire post...the person I was responding to was taking the view of "weapons can do bad things, so all people who make weapons are doing bad things, and should feel bad about it." There was no recognition of "dual use" technologies (like the Internet, GPS, explosives, etc.) or the fact that sometimes fighting is the morally correct choice, as unpleasant as it may be.
Every single person needs to do this. If you work in the weapons industry and don't feel bad about it, you are a psychopath. Simple.
So your view is that good guys produce no weapons, and bad guys produce lots of weapons...and it's that simple? What happens when the bad guys decide to be bad with their weapons by turning them on the unarmed, defenseless good guys?
Or, is it that some people should work in the weapons industry, but feel really really bad about it. And of course, those of us who have happy jobs are the better people, since we took the "high road" by forcing someone else to be bad. Perhaps we could have a lottery (Shirley Jackson's version), to decide who among us has to be bad so that our good lives can continue safely. Then we can all sit back and bask in the shiny, sunny warmth of just how good we all are, unlike those bad, bad people who make weapons that we can defend ourselves with...
Submitter never said what his company actually does.
Perhaps having a "nice office aesthetic" is a requirement in the field they work in - perhaps it's even ... design! Last thing most customers looking for design work want to do is walk into a butt-ugly office that's full of drab (but functional) office furniture.
And there are many fields where yes, the office aesthetic does matter, especially in creative industries. And customers expect it, nay, demand it - they want to see what sort of creative "product" the company has, and office design is one of them that's visible, beyond existing products on the market.
Apple has shown that form is important - if not as important, as function. Having function is necessary, but so is form, as function without form is a complex mess no user desires. Though of course, sometimes they lean too far towards the "form" part at times.
And sometimes, it's actually GOOD to work in an environment that's not just beige cubes in a beige office with beige tables and beige equipment.
Okay...but then, if something like a "nice office aesthetic" is core to their business, why are they asking for design advice on Slashdot? Either way, something is amiss here.
Sounds like they aren't planning on just dumping the weapons into the ocean, they are going to literally destroy them. As another poster said, probably by incineration. So no, you won't be fishing up rusted nerve gas canisters.
You hit it on the head.
The thing to balance here isn't the threat of all that stuff being dumped into the ocean, but the ecological consequences should a more-accessible site for consolidation and destruction of the weapons be attacked. An attack would almost certainly release some agent into the atmosphere, and of course should the attackers make off with any of the weapons or chemicals then you'd probably have an even larger release down the road. Despite what the Call of Duty franchise of games put forth, isolated military sites in the middle of open ocean are quite easy to defend, and make it very difficult for an attacker to abscond successfully with anything of significant weight. The defenders can easily establish a no-go zone that extends for quite some distance, and use active means (divers, passive sensors, sonar) to detect anything larger than a fish that approaches either above or below the surface. It's a lot harder to deny access to such a large area on land, and even harder still to find a country willing to accept such a large stockpile on their own territory (which means transporting the hazardous materials through their territory, starting with either a large airport or a seaport...both of which would suffer greatly in the event of a spill). This way, the materials can leave Syria and stop posing a major threat to civilians as soon as they are over the water.
What is the case at the IRS is actually true pretty much across the board at civilian federal agencies. The problem is FISMA, which is more about ridiculously long reports of checklists about what is in an environment than about any meaningful security approach. The worst part of it, however, is the compliance reporting which is so odious and operose that it actually gets in the way of getting anything changed. (That reporting is the "things we said we do to protect information" part of this story.) So much manpower (or, if consultants are used, money) goes into reporting on security that it significantly drains away those resources from efforts to improve things. So, you can either continuously report a fairly static state of affairs or skimp on the accuracy of the reporting and try to fix things. But, as with all unintended consequences, there is another road...just become so discouraged that you stop giving a shit and just fudge it. Obviously, that third path isn't uncommon among federal workers in many things, not just IT security.
I think anyone who has ever been bird hunting (or clay pigeon shooting) knows exactly how hard it is to hit small moving targets hundreds of feet in the air.
Yes, but two things. One, drones of the sort described in the report don't move around much when being used, and definitely not at the speed of a clay pigeon. Two, you get more than one shot at it. Three, you can use a scope, or a shotgun with a smaller or larger choke as you like. Four, even if you miss, just shooting at the drone may be enough to get them to move it, thus succeeding in impeding its usefulness.
And five, the difficulty of shooting a moving object with a projectile is less than that of shooting at it with a HERF gun. Unlike a rifle, you can't easily zero the sights of a HERF gun or be assured of exactly what the field it generates looks like. Maybe it's wide, maybe it's narrow...testing it is not simple. And even if you can, then you still have to aim it...just like a gun.
Beautifully put, and correct.
However:
New Zealand security researcher Stuart MacIntosh told delegates at the Kiwicon 7 conference in Wellington that some vulnerable drone technology designed in the hobby space had trickled down into use by police and commercial operators.
Which makes it notable. Before you use a consumer-oriented item for more serious use, you need to evaluate its fitness for purpose.
Of course, you might go ahead and use it anyway - that's what risk assessment is all about.
Also true...but honestly, I can't recall the last time cops had to worry about crooks with HERF guns. It would be a lot easier, safer and cheaper for the bad guys to simply *shoot* at the drones in these situations. We're not talking about flights of Predators or Reapers flying thousands of feet up, backed by a Gorgon's Eye implementation. We're talking about what's basically a glorified RC copter flying at hundreds of feet.
I will now coin a new acronym..."KEDW," or "Kinetic Energy Directed Weapon," also known as a "gun," and go speak to a conference about how it is a much worse threat than this...because not only can it shoot down police drones, it can hurt people too!
...skydiving is not for you.
Unless I run my own DNS, which is far easier than running a CA.
Not if you are using DNSSEC, it isn't. You talk about running your own DNS under those conditions as though a self-signed cert doesn't require a CA; it does. There's no such thing as certs without a CA...
DANE (DNS-based Authentication of Named Entities) RFC6698 does NOT require the use of a recognized CA, although it does not disallow it. There are four "usage" types for certificates (excerpts from the RFC follows):
the public key of such a certificate, that MUST be found in any of
the PKIX certification paths for the end entity certificate given
by the server in TLS.
certificate, or the public key of such a certificate, that MUST be
matched with the end entity certificate given by the server in
TLS.
public key of such a certificate, that MUST be used as the trust
anchor when validating the end entity certificate given by the
server in TLS.
public key of such a certificate, that MUST match the end entity
certificate given by the server in TLS.
Both Certificate usage 2 and Certificate usage 3 allow a domain's administrator to issue a certificate without requiring the involvement of a third party CA.
For more information on DANE, refer to either rfc6698 or the the wikipedia article.
You're confusing "CA" with "third party CA." You need a CA to have a certificate. Hint: the "C" in "CA" stands for "Certificate."
I mean, I guess you could just open an editor and type something out that looks like a certificate pair, but it won't be mathematically usable, and it won't work when you try to do a Diffie-Hellman key exchange with it :)
Err...isn't going from opportunistic to mandatory encryption what they're trying to do now? Last I saw, HTTP was seeing a little bit of use already. The addition of a version number to it doesn't change the fact that they're already faced with existing behavior. It seems to me that adoption is already poor...they're just trying to force the issue now instead.
Unless I run my own DNS, which is far easier than running a CA.
Not if you are using DNSSEC, it isn't. You talk about running your own DNS under those conditions as though a self-signed cert doesn't require a CA; it does. There's no such thing as certs without a CA. So, we're back to the "extortion" challenge again...either you run your own CA or are forced to pay someone else so that you can have a cert from theirs. I will say that at least the DNSSEC approach gets rid of the situation where any CA can give out a cert that would impersonate the valid one. In other words, the cert for www.google.com would actually be tied to www.google.com instead of having to just come from any one of the dozens of accepted CAs out in the world.
Yes it is a real question.
Okay, then...let's break this down...
You may pass on eating a meal, instead giving it to the other guy in exchange for the thing you want.
If the other guy has sufficient food available, he will not want your meal.
Exhibit A: epidemic obesity. All kinds of people obviously want more food than they need.
Exhibit B: how many people eat to deal with depression and stress...and while I've never been to prison, I don't think it's a very happy place with lots of things you can indulge in.
Exhibit C: as stated above, many components of a meal can be used to make things like fermented alcoholic beverages. So it's not always food, per se, that is being traded but rather the precursors of other things which are also desirable.
And you assume that every single prisoner has the exact same caloric needs...whether they're a skinny old guy or an 18-year-old who is hitting the weights every chance they get. I find it profoundly impossible for that to be true.
Prisoners going hungry seems cruel to me.
You do know what a prison IS, don't you? Seriously?
Students learn organic by memorization. It is unfortunate but it's the truth. That said, we expect med students to excel at memorization and regurgitation so OChem is a good tool for learning that. The problem though is that we de-incentivize actual comprehension as the students learn that they won't need >90% of what they memorized in OChem later on (if we exclude that which is acceptable to look up in a reference later).
Quite true. My father is a clinical chemist, having a Ph.D. on the topic and even having taught at an Ivy League university. As a child, I read some of his tomes on things like toxicology and diabetes, just out of boredom. (I read a lot as a kid.) His advice to me when I was going to college? "Don't take organic chem if you don't need it." I've always been good at science, but the gist of it is that orgo is just a long litany of exceptions, like a nightmarishly inconsistent language. Hence the memorization...and the difficulty. Yes, mapping out the electrons helps a bit, but in truth that's more used like a requirement than an aid in keeping straight what is really going on at the molecular level. At one point I took a peek into orgo, and entirely understood the advice I'd been given all those years before. Holy crap...