Some will say that the Apple App Store is "no longer secure." This is ridiculous. It took 5 years for the first malware to show up...that's pretty damned good. Nothing is impermeable, after all. But the real value is that the malware can easily be removed...and its source eradicated. So it's not only about keeping malware out via the App Store, but also in having a swift and flexible response option for just this sort of occasion. Good security fails gracefully and a good defense in depth allows for easy recovery, and it looks to me like Apple meets those criteria.
I have a close friend who is a line producer and has been behind a lot of different shows you've seen on a particular set of science-oriented cable TV channels. I've listened while she's made phone calls for work, sorting out logistics and other such things...it's incredible what goes into a lot of this programming. Absolutely fascinating stuff! Well, there are a lot of challenges to the traditional way of shooting aerial, many of which have to do with nothing more than liability. There's the question of the pilot, and whether or not they have experience doing that kind of flying. There's the model of helicopter, and its suitability to having a rig put on its side (because that's how it usually pans out...special-purpose helicopters are almost never available for things that aren't major motion pictures). There's the rig itself, and how suitable it is for being on a helicopter. And then there's where you'll be shooting and how. All of this ties into the insurance coverage that you really need to have in order to shoot an aerial. The helicopter alone is worth millions; the liability risks related to what would happen in a crash go substantially beyond that.
Having a cheaper device with no humans aboard that is significantly smaller, inherently proven to be stable and effective for aerial shooting, is relatively easy to ship over distance and which has (as a whole package) a proven track record of safety would be a HUGE benefit with regard to the logistical planning and insurance costs. And if it's more flexible than a full-sized copter AND more effective? Total win.
Very simple: try flying an RC helicopter sometime. (Hint as to the outcome: helicopters meant for beginners...also the easiest ones to fly...come with extra replacement rotors for a reason.) They are incredibly difficult to pilot; just getting them off the ground is a herculean task. A perfect example of the learning curve showed up on a Mythbusters episode, the one where the myth was that you could cause a helicopter to crash by putting a postage stamp on the end of a rotor blade, thus destabilizing it. They were going to do it at scale with a decent-sized RC copter. They ended up having to abandon that approach because after a whole day of trying to learn how to get the thing off the ground without making it crash, not one of them had managed to do it.
Now, take that intense learning curve, and think about this...small UAVs are the main thrust of the UAV market now. Man-portable and carried by platoons or squads, they allow troops to see what's over a hill or in a neighborhood themselves, without the need for them to have a Predator tasked to them, without the need for them to have someone else try to interpret the view without the context of what things look like for the ground forces, or the need for a high-speed data link so that the ground forces can see for themselves. And unlike a Predator, it doesn't take over 160 people to maintain and keep one going. They're cheap, they're flexible, and they're actually better-suited to the intended mission of providing tactical real-time data to small units.
But here's the rub, and why these squad-level devices are all airplanes. Remember that learning curve for a helicopter? Apply that at the squad level. You have just added a new skill set that at least one person in each squad would have to develop, one that has nothing to do with any of their other skills, and is harder than any of their other skills. Imagine if shooting a rifle was so difficult that for the first few days you were learning, not only would you miss the target completely but the rifle would explode. How many riflemen would there be? How would that affect military doctrine? I bet you'd still see archers on the battlefield.
Wait a sec. How is it a privacy issue for the utility provider, that already knows how much power you consume, to use a smart meter? Help me out here.
Anecdotaly... As a multiple time sufferer from mis-read meters and the pain in the ass that results from convincing the power company to believe that you really didn't use 10000 KW/h last month when you've been average 1500 KW/h for years I love that my usage is precisely monitored and measured. I also get some cool features like email alerts if my usage spikes, the ability to see my projected bill ahead of time and make adjustments to my usage in advance, and I can compare my usage to other houses in the neighborhood. That last however DOES NOT IDENTIFY THE HOUSES. All I see is "your usage is x% more/less than similar size houses this week".
You ask a good question. The issue isn't in the kind of data being collected, but what happens as a result of the frequency with which it can be collected. With a traditional electromechanical meter (the one with the big spinning disk and the little dials) a person has to physically walk up to it and read it. Utilities with this kind of meter in service typically only take a measurement 4 times a year, and do estimates for the other months. (If you end up having overpaid when they actually do the meter reading, you get a credit towards your next bill.) Then, there are AMR meters; these can be read by a truck passing through your neighborhood. But these only get read about once a month, tops, because it still costs a good bit to do it. "Smart Meters," or Advanced Metering Infrastructure (AMI), reports back directly to the utility via wireless technology of some form or another...and usually in increments of every 15 minutes up to every hour. So now, instead of 4 data points per year per customer, you can end up with over 35,000 data points. And you get not just what the cumulative consumption has been, but also current consumption.
Now, there's a lot of really good things that the utility can do with that data, which is in the true common interest. They can develop more sophisticated models of what demand looks like on their grid (which they can't do now, because the coarse nature of monthly readings gives no insight into demand patterns, just aggregate demand), which in turn helps them plan for future needs more effectively. They can detect power diversion (as done in areas where a lot of pot is being grown, for example), and they can also help detect situations where power is being wasted due to a faulty wiring situation in a home. Also, the data is made available to the customer, so they can see (and usually influence) their own power consumption. But now, you have a model of not just how much power is being used by a household over a period of time, but exactly what their patterns of usage are.
Some look at this and expect it to be used by thieves to tell if people are home or not. That makes no sense to me; it's far easier to just look and see if the lights are on and the TV playing than it is to build a rig to insert yourself into an Ember mesh network (you have to defeat the crypto first, by the way) just so you can impersonate the AMI head-end and have the meter tell you if the lights are on and the TV playing. But there is the risk of what I've called "privacy drift."
Privacy drift is where non-private information becomes private information when it is cross-referenced against another form of data, or when it turns out there's a way to analyze it and identify people using a new technique. One example of the latter: AOL gave out search engine query sets without the identities of the people who made them, only to learn from researchers that most of the time you could indeed figure out which queries went to which people...and often, who those people actually were. The former happened to Netflix, when they made ratings available to competitors who were trying to develop a better movie suggesting algorithm. Netflix did everything right to anonymize
Remember the woman who played the young John Connor's step/foster mother in T2? Yeah, I don't know her name either, and that's my point. She's one of those actors/actresses whose face you remember, but whose name you don't. But as a result of having small parts in so many movies, she's pulling in somewhere at the low seven figures from royalties. She's not Brad Pitt, Helena Bonham-Carter or any other famous professional from the acting world, but she embodies a more likely form of success to anyone who would choose acting as a career. But alas, the center of the bell curve is never all that interesting...and nobody wants to be at the lower side of what falls off the slope. So everyone focuses on the exceptional and strange (in a good way) examples.
Possibly, but possibly not. For one thing, the attack being shown here is far, far from news. And there are actually tons of ways to build a GPS receiver with the native ability to detect spoofing, and those features are standard for high-risk equipment (like classified stealth drones). But on the other hand, all of the details are classified in some way or another, so it's really hard to know for sure...but I doubt that it was all that simple as the attack shown here.
One simple way of detecting spoofing is by frequency strength. The most basic attack is to impersonate the satellites, and to be strong enough in output that the receiver is sure to pick up your "sats" instead of the real ones. But that typically means you're putting out a WAY stronger signal than you'd normally get from a GPS, and that ends up being a dead giveaway.
For military uses, the open and unencrypted C/A code GPS signal isn't even used; they use the more secure (and originally supposedly more accurate...but not really more accurate) P code signal (which now has a W code overlaid onto it as well). So there are inherent features involved in military GPS that act as anti-spoofing as well.
There is authentication, it's just not done by a computer. Do you hand your credit cards out to people at random? Pass them around in a club for everyone to play with, regardless of whether you know them or not? Of course not...and why not? Because the simple act of doing so authorizes them to access the information on the card. Looking at it will give them your name on the card, the number, expiry date and CVV number on the back. With a $40 device, they can get the read direct off the magnetic strip as well (which is the exact same vulnerability as this). So I really don't see what the big deal is here. It's just skimming, using a new kind of reader.
As an employer that is realistic, often you *have* to do drug screening. Many industries have external regulatory requirements mandating such testing, and many companies have customers that insist upon it from the service providers they use. I'm no fan of drug testing myself; it's too prone to false positives and the consequences of coming up with a false positive are dire. But all the same, most of the time when drug testing is in place, it's not really up to the company that's having their employees tested.
If I were to buy a laptop with Windows (heavens forbid), then I'd expect installation media to go with it. I can understand NewEgg not fielding support questions on every flavor of Unix, but my grandmother should be able to restore the laptop to mint (pun intended) condition by inserting a DVD.
If NewEgg fails to deliver that, then there's the problem, not a user installing something else.
You haven't bought any laptops in a while, have you? I haven't seen installation media coming with hardware in years. At best, you got a disc that would blow away the entire drive and re-image it...but these days there isn't enough room on a disc to do that, so laptops come with "recovery" partitions. Also, there are the inevitable manufacturer-specific utilities that come with the machine, and you usually need specific drivers in the course of the installation, so just including a Windows 7 install disc doesn't cut the mustard either.
Of course not. However, it's not my fault because my boss bought a shit cell phone that can't sink up with whatever before talking to me about it. By the very same (lack of) logic it is going to be my fault when the "cloud" explodes and goes down for three days. Many people are just not knowledgeable enough to understand where one sphere of influence begins and another ends. And it doesn't matter if the decision was made as a group; it's still YOUR fault.
I help in every way possible, but no one knows everything when it's a subject as big as "computer."
You're not entirely powerless (or blameless) when dealing with someone like that. The difference between competent IT professionals and *great* IT professionals is the ability to 'manage up,' to get themselves injected into the decision process of those above them. By doing so, they are able to prevent poor choices from being made, and in doing so lower the amount of disruption...and along the same path, they also reduce the overall amount of blame there is to pass around. Consultants love to use the phrase "trusted advisor," because that's the best position to be in with regard to their client...the same holds true with your boss. Any knowledge-based career is as much about marketing yourself to others as it is actually performing the core work of your skillset.
And in today's world, avoiding third-world nations "just because" is ridiculous. You're saying that executives from Apple should never have gone to China. You're saying that Venezuela, a member of OPEC, should never have members from other OPEC nations visiting there. And where do you draw the line...I'm not sure I'd consider Argentina a third-world country just because they had an economic breakdown...and there is no way they are more akin to an African country than a Western one. If a financial meltdown with long-term effects qualifies a country for third world status, then why not Japan? They still haven't recovered from the financial collapse that happened in the 90s.
And let's keep something in mind...this was Richard Stallman speaking at a conference in a major city. This was not him going off into a remote area in the countryside to dig a well. There are places in most American states where he'd be statistically more likely to come to harm than he was in that hotel. Petty crime is what happens in such places, and little else.
The reason why the post had been modded down...and why it should still be, even if it is not...is because the whole point of it is ridiculous. For a soccer mom to avoid nations with shaky economies? Fine, if a bit wimpy. But for large-impact entities...be they people or simply influential people at large organizations...to shun safe areas in third-world countries because of petty crime is entirely infeasible, self-defeating, and frankly smacks of the armchair thinking of someone who has never ventured outside middle America. The world is global; that's how it is now.
Not in the DRC. A friend of mine is a producer for National Geographic, and they've just finished filming a documentary there. Those mosquito nets that Gates is paying to have distributed? Most people use them...as nets to catch fish. This is one of the big problems with non-profit groups. They often seem to be more focused on how hard they are trying than about how effective their actions really are.
Dr. Bibbins-Domingo credits the taxation of tobacco products with being the sole cause of decreased smoking. But it seems to me that I grew up with no desire to try cigarettes after spending my childhood watching PSA after PSA pointing out that it would cause all sorts of horrible diseases. Taxation never figured into it for me...and it also seems that taxation only matters after you're hooked on cigarettes, too. I smoke cigars occasionally, but whatever added cost comes from the taxes don't matter, since it's a rare occurrence. The taxes would matter only if I were regularly spending money on them, like habitual cigarette smokers do. And I've seen how hard it is for smokers to stop, once they are hooked...it's incredibly hard. So I doubt that taxation was the main cause of the decrease in smoking.
For example, when I look at Comcast's site, I see "When Comcast decided to participate in World IPv6 Launch, we committed to enabling at least 1% of our customers with IPv6 by June 6, 2012." So, how does that figure into the 60%? If there are 50 ISPs in the world, but Comcast has 5% of the subscriber base, is that 2% out of the 60%? Or is it 5% Or is it.002%? I'm curious how this 60% number was calculated.
It's ironic, then, that neither of you have put anything forth to foster the discussion along what you would consider "proper" lines. Oh, and you both posted as ACs, too...
HERE? This is one of those topics that is guaranteed to garner intelligent discourse by a few amidst a horrifying see of flame from the majority. Why not look into studies on the impact of skilled workers joining a workforce, and the cultural effects of immigration instead? My take is that there should be minimal (but some) financial incentive on the short-term for employment of such workers (IMHO, H1-B is *too* much incentive) and incentives towards citizenship. I believe that immigration of good skilled workers is good for this nation. I've only ever learned from smarter and more educated people around me in the workplace, and have rarely been at their mercy. If a population of 100 grows to 101 because 1 person of a highly-skilled nature joins it, that's a good thing.
Why not ask something more acceptable to the Slashdot community, like "I've just inherited a medium-sized business where everything runs on a mix of Linux and FreeBSD. Which Windows variant should I migrate them all to?"
Ah...but when was the last time you saw someone wearing Level IV or higher armor in public who wasn't a cop or a soldier? I'm willing to bet the answer is "never," and that's because there's a difference between "available" in the technical sense and "available" in reality. And I can tell you up front what happens when a police officer sees someone armored that way...they confront the individual and grill them on the spot, because the wearing of armor of that nature is considered a major pre-incident indicator of a bad event. So, no...it's not really feasible for civilians to wear the same heavy multi-hit ceramic armor as soldiers wear.
Conversely, military-grade body armor will stop rounds fired by 99% of the weapons held by civilians.
Oddly enough, you can have all the same typical service issue ammo that the military uses.
Define "typical service issue ammo"? If you mean the +P 9mm rounds in their sidearms, yes, even though about 65% of civilian-owned 9mm firearms will not last long when firing that ammunition. If you mean steel core AP.223 and 7.68mm rounds, which is what's needed to penetrate the armor, then no. You need to either use AP rounds or very high caliber firearms (like.50 caliber) to have much luck against the aforementioned body armor used by the military. The fact that civilians can get standard ball ammo does not counter this.
The most heavily armored of civilian vehicles (and I do mean armored, as in cars that have been retrofitted, or the BMW models that can be bought pre-armored) would not stand up to military weaponry
...though neither do most military vehicles...
Military vehicles stand up a lot better than civilian ones. I'll put a lightly-armored humvee against a Buick any day of the week with regard to small arms fire. But these days what we're talking about are MRAPS and APCs, and if you think those are an equivalent to a civilian vehicle of any nature, you must seriously be smoking something. The point I am making is that military gear is significantly more defensible, not that it's invincible. And if these vehicles don't hold up better against military weaponry, why are we spending billions on them, and crediting them for saving thousands of lives?
while any armored military vehicle would shrug off an attack using weapons available to civilians
Except for IEDs, for which we are having to redesign our entire fleet basically.
Which are always made from repurposed military explosives and artillery. This only supports my point.
The day when civilians have the same capability to do harm that the military and intelligence communities do, things will go very, very badly.
Things have been going very, very badly for a long time. Companies like Coca-Cola and Nestle have their own military forces in third world countries. Corporatists have utterly taken over the majority of world governments. So while I agree with your premise, I don't agree with your conclusion. Civilians already have that capacity, and they always have, and things are already going that way.
Your definition of "badly" is a bit narrow. Go visit a country where the civilians actually have the same weapons as the military. Might I recommend Somalia as a sterling example?
Civilian-grade bullet-proof vests won't stop bullets fired from the primary weapons carried by military personnel. Conversely, military-grade body armor will stop rounds fired by 99% of the weapons held by civilians. The most heavily armored of civilian vehicles (and I do mean armored, as in cars that have been retrofitted, or the BMW models that can be bought pre-armored) would not stand up to military weaponry, while any armored military vehicle would shrug off an attack using weapons available to civilians. There are many other analogues involving surveillance technologies, etc. that show the dichotomy that has always existed between the military/intelligence communities and the civilian world.
But so what? Of course their tools are more sophisticated...they should be. The day when civilians have the same capability to do harm that the military and intelligence communities do, things will go very, very badly.
"Cyberweapons may give nations a way to attack enemies without killing anyone."
I doubt very much that there was no loss of life involved in Stuxnet's effects. A P2 gas centrifuge that spins so fast that there are only a few metal alloys in the world that are tough enough to hold together. When one of those tubes lets go because it wobbles at one of the unstable speed zones it enters, or because it over-runs (as Stuxnet made happen), it's like a grenade going off. As I recall the estimate was that at least 40% of the centrifuges at Natanz failed in this fashion...and I find it difficult to imagine that nobody was ever standing near any of them when it happened.
The article focuses on security problems that have been largely addressed, in exactly the way he's complaining hasn't happened yet. He focuses on smack stashing and buffer overruns, for example...and disregards the latest higher-level languages that manage memory in ways that makes these attacks far less common. He entirely ignores the most frequent and effective attacks (XSS, SQL injection) nor does he talk about the underlying causes of such vulnerabilities. (I, for one, am extremely curious how a SQL injection attack can be the fault of a fundamentally insecure operating system, since in many cases the attack traverses across multiple different OSes with nary a hiccup.) I'm not entirely convinced that he even understands the current state of what most vulnerabilities look like, to be honest. And finally, he gives absolutely no indications as to how to accomplish this lofty goal of an OS that would prevent there from being such a thing as an insecure app in the first place. It looks to me that all he's doing is whining about the fact that he's having to learn about proper and secure programming methods, which is taking away from his hobby of eating bear claws two at a time.
Slashdot Mirror
it's not nearly the first ios app that sends contact infos off the phone for no particularly good reason.
Very true...but despite my best efforts to raise awareness, Facebook has yet to be classified as a very large botnet :)
Some will say that the Apple App Store is "no longer secure." This is ridiculous. It took 5 years for the first malware to show up...that's pretty damned good. Nothing is impermeable, after all. But the real value is that the malware can easily be removed...and its source eradicated. So it's not only about keeping malware out via the App Store, but also in having a swift and flexible response option for just this sort of occasion. Good security fails gracefully and a good defense in depth allows for easy recovery, and it looks to me like Apple meets those criteria.
Insurance.
I have a close friend who is a line producer and has been behind a lot of different shows you've seen on a particular set of science-oriented cable TV channels. I've listened while she's made phone calls for work, sorting out logistics and other such things...it's incredible what goes into a lot of this programming. Absolutely fascinating stuff! Well, there are a lot of challenges to the traditional way of shooting aerial, many of which have to do with nothing more than liability. There's the question of the pilot, and whether or not they have experience doing that kind of flying. There's the model of helicopter, and its suitability to having a rig put on its side (because that's how it usually pans out...special-purpose helicopters are almost never available for things that aren't major motion pictures). There's the rig itself, and how suitable it is for being on a helicopter. And then there's where you'll be shooting and how. All of this ties into the insurance coverage that you really need to have in order to shoot an aerial. The helicopter alone is worth millions; the liability risks related to what would happen in a crash go substantially beyond that.
Having a cheaper device with no humans aboard that is significantly smaller, inherently proven to be stable and effective for aerial shooting, is relatively easy to ship over distance and which has (as a whole package) a proven track record of safety would be a HUGE benefit with regard to the logistical planning and insurance costs. And if it's more flexible than a full-sized copter AND more effective? Total win.
Very simple: try flying an RC helicopter sometime. (Hint as to the outcome: helicopters meant for beginners...also the easiest ones to fly...come with extra replacement rotors for a reason.) They are incredibly difficult to pilot; just getting them off the ground is a herculean task. A perfect example of the learning curve showed up on a Mythbusters episode, the one where the myth was that you could cause a helicopter to crash by putting a postage stamp on the end of a rotor blade, thus destabilizing it. They were going to do it at scale with a decent-sized RC copter. They ended up having to abandon that approach because after a whole day of trying to learn how to get the thing off the ground without making it crash, not one of them had managed to do it.
Now, take that intense learning curve, and think about this...small UAVs are the main thrust of the UAV market now. Man-portable and carried by platoons or squads, they allow troops to see what's over a hill or in a neighborhood themselves, without the need for them to have a Predator tasked to them, without the need for them to have someone else try to interpret the view without the context of what things look like for the ground forces, or the need for a high-speed data link so that the ground forces can see for themselves. And unlike a Predator, it doesn't take over 160 people to maintain and keep one going. They're cheap, they're flexible, and they're actually better-suited to the intended mission of providing tactical real-time data to small units.
But here's the rub, and why these squad-level devices are all airplanes. Remember that learning curve for a helicopter? Apply that at the squad level. You have just added a new skill set that at least one person in each squad would have to develop, one that has nothing to do with any of their other skills, and is harder than any of their other skills. Imagine if shooting a rifle was so difficult that for the first few days you were learning, not only would you miss the target completely but the rifle would explode. How many riflemen would there be? How would that affect military doctrine? I bet you'd still see archers on the battlefield.
Wait a sec. How is it a privacy issue for the utility provider, that already knows how much power you consume, to use a smart meter? Help me out here.
Anecdotaly... As a multiple time sufferer from mis-read meters and the pain in the ass that results from convincing the power company to believe that you really didn't use 10000 KW/h last month when you've been average 1500 KW/h for years I love that my usage is precisely monitored and measured. I also get some cool features like email alerts if my usage spikes, the ability to see my projected bill ahead of time and make adjustments to my usage in advance, and I can compare my usage to other houses in the neighborhood. That last however DOES NOT IDENTIFY THE HOUSES. All I see is "your usage is x% more/less than similar size houses this week".
You ask a good question. The issue isn't in the kind of data being collected, but what happens as a result of the frequency with which it can be collected. With a traditional electromechanical meter (the one with the big spinning disk and the little dials) a person has to physically walk up to it and read it. Utilities with this kind of meter in service typically only take a measurement 4 times a year, and do estimates for the other months. (If you end up having overpaid when they actually do the meter reading, you get a credit towards your next bill.) Then, there are AMR meters; these can be read by a truck passing through your neighborhood. But these only get read about once a month, tops, because it still costs a good bit to do it. "Smart Meters," or Advanced Metering Infrastructure (AMI), reports back directly to the utility via wireless technology of some form or another...and usually in increments of every 15 minutes up to every hour. So now, instead of 4 data points per year per customer, you can end up with over 35,000 data points. And you get not just what the cumulative consumption has been, but also current consumption.
Now, there's a lot of really good things that the utility can do with that data, which is in the true common interest. They can develop more sophisticated models of what demand looks like on their grid (which they can't do now, because the coarse nature of monthly readings gives no insight into demand patterns, just aggregate demand), which in turn helps them plan for future needs more effectively. They can detect power diversion (as done in areas where a lot of pot is being grown, for example), and they can also help detect situations where power is being wasted due to a faulty wiring situation in a home. Also, the data is made available to the customer, so they can see (and usually influence) their own power consumption. But now, you have a model of not just how much power is being used by a household over a period of time, but exactly what their patterns of usage are.
Some look at this and expect it to be used by thieves to tell if people are home or not. That makes no sense to me; it's far easier to just look and see if the lights are on and the TV playing than it is to build a rig to insert yourself into an Ember mesh network (you have to defeat the crypto first, by the way) just so you can impersonate the AMI head-end and have the meter tell you if the lights are on and the TV playing. But there is the risk of what I've called "privacy drift."
Privacy drift is where non-private information becomes private information when it is cross-referenced against another form of data, or when it turns out there's a way to analyze it and identify people using a new technique. One example of the latter: AOL gave out search engine query sets without the identities of the people who made them, only to learn from researchers that most of the time you could indeed figure out which queries went to which people...and often, who those people actually were. The former happened to Netflix, when they made ratings available to competitors who were trying to develop a better movie suggesting algorithm. Netflix did everything right to anonymize
Remember the woman who played the young John Connor's step/foster mother in T2? Yeah, I don't know her name either, and that's my point. She's one of those actors/actresses whose face you remember, but whose name you don't. But as a result of having small parts in so many movies, she's pulling in somewhere at the low seven figures from royalties. She's not Brad Pitt, Helena Bonham-Carter or any other famous professional from the acting world, but she embodies a more likely form of success to anyone who would choose acting as a career. But alas, the center of the bell curve is never all that interesting...and nobody wants to be at the lower side of what falls off the slope. So everyone focuses on the exceptional and strange (in a good way) examples.
Possibly, but possibly not. For one thing, the attack being shown here is far, far from news. And there are actually tons of ways to build a GPS receiver with the native ability to detect spoofing, and those features are standard for high-risk equipment (like classified stealth drones). But on the other hand, all of the details are classified in some way or another, so it's really hard to know for sure...but I doubt that it was all that simple as the attack shown here.
One simple way of detecting spoofing is by frequency strength. The most basic attack is to impersonate the satellites, and to be strong enough in output that the receiver is sure to pick up your "sats" instead of the real ones. But that typically means you're putting out a WAY stronger signal than you'd normally get from a GPS, and that ends up being a dead giveaway.
For military uses, the open and unencrypted C/A code GPS signal isn't even used; they use the more secure (and originally supposedly more accurate...but not really more accurate) P code signal (which now has a W code overlaid onto it as well). So there are inherent features involved in military GPS that act as anti-spoofing as well.
There is authentication, it's just not done by a computer. Do you hand your credit cards out to people at random? Pass them around in a club for everyone to play with, regardless of whether you know them or not? Of course not...and why not? Because the simple act of doing so authorizes them to access the information on the card. Looking at it will give them your name on the card, the number, expiry date and CVV number on the back. With a $40 device, they can get the read direct off the magnetic strip as well (which is the exact same vulnerability as this). So I really don't see what the big deal is here. It's just skimming, using a new kind of reader.
As an employer that is realistic, often you *have* to do drug screening. Many industries have external regulatory requirements mandating such testing, and many companies have customers that insist upon it from the service providers they use. I'm no fan of drug testing myself; it's too prone to false positives and the consequences of coming up with a false positive are dire. But all the same, most of the time when drug testing is in place, it's not really up to the company that's having their employees tested.
If I were to buy a laptop with Windows (heavens forbid), then I'd expect installation media to go with it. I can understand NewEgg not fielding support questions on every flavor of Unix, but my grandmother should be able to restore the laptop to mint (pun intended) condition by inserting a DVD.
If NewEgg fails to deliver that, then there's the problem, not a user installing something else.
You haven't bought any laptops in a while, have you? I haven't seen installation media coming with hardware in years. At best, you got a disc that would blow away the entire drive and re-image it...but these days there isn't enough room on a disc to do that, so laptops come with "recovery" partitions. Also, there are the inevitable manufacturer-specific utilities that come with the machine, and you usually need specific drivers in the course of the installation, so just including a Windows 7 install disc doesn't cut the mustard either.
Of course not. However, it's not my fault because my boss bought a shit cell phone that can't sink up with whatever before talking to me about it. By the very same (lack of) logic it is going to be my fault when the "cloud" explodes and goes down for three days. Many people are just not knowledgeable enough to understand where one sphere of influence begins and another ends. And it doesn't matter if the decision was made as a group; it's still YOUR fault.
I help in every way possible, but no one knows everything when it's a subject as big as "computer."
You're not entirely powerless (or blameless) when dealing with someone like that. The difference between competent IT professionals and *great* IT professionals is the ability to 'manage up,' to get themselves injected into the decision process of those above them. By doing so, they are able to prevent poor choices from being made, and in doing so lower the amount of disruption...and along the same path, they also reduce the overall amount of blame there is to pass around. Consultants love to use the phrase "trusted advisor," because that's the best position to be in with regard to their client...the same holds true with your boss. Any knowledge-based career is as much about marketing yourself to others as it is actually performing the core work of your skillset.
And in today's world, avoiding third-world nations "just because" is ridiculous. You're saying that executives from Apple should never have gone to China. You're saying that Venezuela, a member of OPEC, should never have members from other OPEC nations visiting there. And where do you draw the line...I'm not sure I'd consider Argentina a third-world country just because they had an economic breakdown...and there is no way they are more akin to an African country than a Western one. If a financial meltdown with long-term effects qualifies a country for third world status, then why not Japan? They still haven't recovered from the financial collapse that happened in the 90s.
And let's keep something in mind...this was Richard Stallman speaking at a conference in a major city. This was not him going off into a remote area in the countryside to dig a well. There are places in most American states where he'd be statistically more likely to come to harm than he was in that hotel. Petty crime is what happens in such places, and little else.
The reason why the post had been modded down...and why it should still be, even if it is not...is because the whole point of it is ridiculous. For a soccer mom to avoid nations with shaky economies? Fine, if a bit wimpy. But for large-impact entities...be they people or simply influential people at large organizations...to shun safe areas in third-world countries because of petty crime is entirely infeasible, self-defeating, and frankly smacks of the armchair thinking of someone who has never ventured outside middle America. The world is global; that's how it is now.
Not in the DRC. A friend of mine is a producer for National Geographic, and they've just finished filming a documentary there. Those mosquito nets that Gates is paying to have distributed? Most people use them...as nets to catch fish. This is one of the big problems with non-profit groups. They often seem to be more focused on how hard they are trying than about how effective their actions really are.
Dr. Bibbins-Domingo credits the taxation of tobacco products with being the sole cause of decreased smoking. But it seems to me that I grew up with no desire to try cigarettes after spending my childhood watching PSA after PSA pointing out that it would cause all sorts of horrible diseases. Taxation never figured into it for me...and it also seems that taxation only matters after you're hooked on cigarettes, too. I smoke cigars occasionally, but whatever added cost comes from the taxes don't matter, since it's a rare occurrence. The taxes would matter only if I were regularly spending money on them, like habitual cigarette smokers do. And I've seen how hard it is for smokers to stop, once they are hooked...it's incredibly hard. So I doubt that taxation was the main cause of the decrease in smoking.
For example, when I look at Comcast's site, I see "When Comcast decided to participate in World IPv6 Launch, we committed to enabling at least 1% of our customers with IPv6 by June 6, 2012." So, how does that figure into the 60%? If there are 50 ISPs in the world, but Comcast has 5% of the subscriber base, is that 2% out of the 60%? Or is it 5% Or is it .002%? I'm curious how this 60% number was calculated.
This is just the first step. The next step is counterfeiting "The Sound of Music," using that village.
It's ironic, then, that neither of you have put anything forth to foster the discussion along what you would consider "proper" lines. Oh, and you both posted as ACs, too...
I was married to one for a while.
HERE? This is one of those topics that is guaranteed to garner intelligent discourse by a few amidst a horrifying see of flame from the majority. Why not look into studies on the impact of skilled workers joining a workforce, and the cultural effects of immigration instead? My take is that there should be minimal (but some) financial incentive on the short-term for employment of such workers (IMHO, H1-B is *too* much incentive) and incentives towards citizenship. I believe that immigration of good skilled workers is good for this nation. I've only ever learned from smarter and more educated people around me in the workplace, and have rarely been at their mercy. If a population of 100 grows to 101 because 1 person of a highly-skilled nature joins it, that's a good thing.
Why not ask something more acceptable to the Slashdot community, like "I've just inherited a medium-sized business where everything runs on a mix of Linux and FreeBSD. Which Windows variant should I migrate them all to?"
Civilian-grade bullet-proof vests won't stop bullets fired from the primary weapons carried by military personnel.
ballocks
Ah...but when was the last time you saw someone wearing Level IV or higher armor in public who wasn't a cop or a soldier? I'm willing to bet the answer is "never," and that's because there's a difference between "available" in the technical sense and "available" in reality. And I can tell you up front what happens when a police officer sees someone armored that way...they confront the individual and grill them on the spot, because the wearing of armor of that nature is considered a major pre-incident indicator of a bad event. So, no...it's not really feasible for civilians to wear the same heavy multi-hit ceramic armor as soldiers wear.
Conversely, military-grade body armor will stop rounds fired by 99% of the weapons held by civilians.
Oddly enough, you can have all the same typical service issue ammo that the military uses.
Define "typical service issue ammo"? If you mean the +P 9mm rounds in their sidearms, yes, even though about 65% of civilian-owned 9mm firearms will not last long when firing that ammunition. If you mean steel core AP .223 and 7.68mm rounds, which is what's needed to penetrate the armor, then no. You need to either use AP rounds or very high caliber firearms (like .50 caliber) to have much luck against the aforementioned body armor used by the military. The fact that civilians can get standard ball ammo does not counter this.
The most heavily armored of civilian vehicles (and I do mean armored, as in cars that have been retrofitted, or the BMW models that can be bought pre-armored) would not stand up to military weaponry
...though neither do most military vehicles...
Military vehicles stand up a lot better than civilian ones. I'll put a lightly-armored humvee against a Buick any day of the week with regard to small arms fire. But these days what we're talking about are MRAPS and APCs, and if you think those are an equivalent to a civilian vehicle of any nature, you must seriously be smoking something. The point I am making is that military gear is significantly more defensible, not that it's invincible. And if these vehicles don't hold up better against military weaponry, why are we spending billions on them, and crediting them for saving thousands of lives?
while any armored military vehicle would shrug off an attack using weapons available to civilians
Except for IEDs, for which we are having to redesign our entire fleet basically.
Which are always made from repurposed military explosives and artillery. This only supports my point.
The day when civilians have the same capability to do harm that the military and intelligence communities do, things will go very, very badly.
Things have been going very, very badly for a long time. Companies like Coca-Cola and Nestle have their own military forces in third world countries. Corporatists have utterly taken over the majority of world governments. So while I agree with your premise, I don't agree with your conclusion. Civilians already have that capacity, and they always have, and things are already going that way.
Your definition of "badly" is a bit narrow. Go visit a country where the civilians actually have the same weapons as the military. Might I recommend Somalia as a sterling example?
Question: What are most IEDs made from?
Answer: Artillery shells.
Question: Can you buy artillery shells at Wal-mart? How about Home Depot? Radio Shack?
Civilian-grade bullet-proof vests won't stop bullets fired from the primary weapons carried by military personnel. Conversely, military-grade body armor will stop rounds fired by 99% of the weapons held by civilians. The most heavily armored of civilian vehicles (and I do mean armored, as in cars that have been retrofitted, or the BMW models that can be bought pre-armored) would not stand up to military weaponry, while any armored military vehicle would shrug off an attack using weapons available to civilians. There are many other analogues involving surveillance technologies, etc. that show the dichotomy that has always existed between the military/intelligence communities and the civilian world.
But so what? Of course their tools are more sophisticated...they should be. The day when civilians have the same capability to do harm that the military and intelligence communities do, things will go very, very badly.
"Cyberweapons may give nations a way to attack enemies without killing anyone."
I doubt very much that there was no loss of life involved in Stuxnet's effects. A P2 gas centrifuge that spins so fast that there are only a few metal alloys in the world that are tough enough to hold together. When one of those tubes lets go because it wobbles at one of the unstable speed zones it enters, or because it over-runs (as Stuxnet made happen), it's like a grenade going off. As I recall the estimate was that at least 40% of the centrifuges at Natanz failed in this fashion...and I find it difficult to imagine that nobody was ever standing near any of them when it happened.
The article focuses on security problems that have been largely addressed, in exactly the way he's complaining hasn't happened yet. He focuses on smack stashing and buffer overruns, for example...and disregards the latest higher-level languages that manage memory in ways that makes these attacks far less common. He entirely ignores the most frequent and effective attacks (XSS, SQL injection) nor does he talk about the underlying causes of such vulnerabilities. (I, for one, am extremely curious how a SQL injection attack can be the fault of a fundamentally insecure operating system, since in many cases the attack traverses across multiple different OSes with nary a hiccup.) I'm not entirely convinced that he even understands the current state of what most vulnerabilities look like, to be honest. And finally, he gives absolutely no indications as to how to accomplish this lofty goal of an OS that would prevent there from being such a thing as an insecure app in the first place. It looks to me that all he's doing is whining about the fact that he's having to learn about proper and secure programming methods, which is taking away from his hobby of eating bear claws two at a time.
(*puts out a large neon sign saying "HUMOR" and the dons his flame-retardant suit*)
Put the data centers in the kitchen?