I love it! CALEA...the law that basically mandates that Carnivore be built-in to our telecommunications infrastructure, and which has probably made the warrantless wiretapping/metadata collection by the NSA far more technically simple to accomplish, is what ends up backfiring on the FBI. Priceless.
it was all over the tech sites, and everyone thought that they would revolutionize information-at-a-glance
No, idiot tech writers who don't actually know shit about tech or people trends thought it would 'revolutionize' anything.
The rest of us thought it was a shitty little under powered device locked into a shitty service and the only way to make it useful was to break it down into component parts which were far more valuable than the whole.
Well put.
Fundamentally, this thing is an overpriced, under-powered tablet. And it should serve as a warning to all the IoT adopters/designers out there who want to embed things like this in stoves and refrigerators: once you provide a device like this, it's an albatross. Kill the albatross, and you'll have a lot of upset customers. Remember that people don't get a new fridge every 3 years.
That only exists in the masturbatory fantasies of various techno-evangelist startups and large corps trying to cash in on a fad. In the real world I doubt many people want their white goods networked, or their home heating or their kettle or clothes or any of 101 other everyday objects that function perfectly well standalone and have no reason to be networked or even computerised. But where there's a sucker there's money to be made and the techno sharks are circling.
Think again.
I'm terrified of this inter-connectivity myself, but the damn devices are showing up everywhere I look. Locks on doors now have this capability. Nespresso's latest machine has an app. I do sous vide cooking...guess what, the latest immersion cooker out there, from Chef-Steps, can ONLY be controlled via a smartphone! I went to buy a new car a year ago...and I couldn't get one that wasn't a crappy econobox that DIDN'T have a network connection over cellular backhaul for telematics.
There's a twitter account...a very funny one...called "Internet of Shit." It makes fun of the ridiculous ways in which this trend is going completely over the edge. But even if only half of these products get any traction, that represents an incredible degree of added attack surface to our daily lives. And it looks like there is indeed a lot of traction out there. I see things like the outcry when Google changed their calendar API...and suddenly the first-model of Samsung smart fridges couldn't do calendaring properly. Turns out that a lot of people had those fridges, as insane as they seem to be. (I just got an iPad Mini and mounted it in the kitchen...more secure, upgradeable over time, better-managed, more flexible, better-placed, and I believe it was even a lot cheaper.)
A good way to see if you're in the movement of a trend is to look backwards. 30 years ago, nobody had a computer. 25 years ago, nobody had a network connection. 20 years ago, the lucky few had dialup Internet, and a bunch of people had "Fischer Price networking," (AOL), and while it wasn't essential, everybody knew about it and pretty much everyone wanted it. Now, most people carry a full-time networked computer in their pocket or purse. You can't job-shop effectively without going online, or having an email address. A staggering amount of individual purchasing takes place over networks using embedded devices like phones, and now entertainment is moving away from vertically-integrated institutions like cable companies to multi-vendor solutions like an ISP for data backhaul, Netflix/Pandora/Hulu/YouTube as the content distributor with tablet/phone/home computer/(Roku|AppleTV|FireTV) as the endpoint. I think I see a trend.
Good question. Why would you think that? S. Korea or Japan is much closer. Or the Aleutians if they are desperate to see American women.
It IS much closer...that's the reason why they probably wouldn't do it there if they could help it. Remember, when North Korean dictators have wanted certain things from South Korea or Japan, they've tended to just go and take them. Including movie producers and other artists. I really doubt they would fail to go after the crew, if they were so close by.
In that vein, the current pain-point for the ODroid-2 is the fact that the AMLogic S905 SoC it is based on has no mainline kernel support; and the current vendor fork is of a version heading toward EOL uncomfortably quickly. There is supposed to be a mainlining effort that will fix this before the current option actually goes EOL; but that remains to be seen.
I must admit that (having come into linux back in the delightful days when Broadcom wireless meant screwing around with NDISwrapper) it's a bit of a shock; but the rPi actually has an atypically high plays-well-with-others factor. You can get them cheaper; and you can get them better; but until the 'every ARM SoC is its own dysfunctional port' issue gets ironed out, some very promising hardware can end up hobbled by neurotic and antique software.
I think the current pain point is something a lot less technical.
From TFA:
While the ODROID-C2 doesn't appear to be shipping in quantities yet and Hardkernel hasn't offered to send over any sample...
Only if you're an idiot. It's only about the one phone until precedent is made.
This.
And Apple's statement to this effect has already been proven true...for there are multiple cases where the FBI has asked for "just this one phone" to be unlocked in this manner. There are literally more than a dozen parallel efforts, in addition to this one particularly high-profile one, to get this to happen.
What this tells me is that being the "Godfather of Encryption" is not mutually exclusive with being a dunce on operational security.
Waiting for a future, better case would sure end up looking foolish when the government argues, "What's the problem? You agreed to do this exact same thing before, in the San Bernardino case..."
Should he know better? I'm not sure. On one hand, Shamir is really good at math. But math has almost nothing to do with Constitutional law, which is what this is really about.
There's a big difference between who can create/build a certain technology, and who should be trusted with knowing how and when to use it. A lot of people conflate the two, but they are incredibly different skillsets.
"Mindfulness meditation" is how one would describe someone actively practicing not living in the moment. In other words, they're saying that people who exist higher on the consciousness scale (there are several terms for what boils down to heightened awareness) are better able to distinguish reality from virtual reality.
Actually, you have that backwards. "Mindfulness" is very much about living in the moment. It's nothing new, just a Western term for what is basically zen meditation. Think of it in terms of being "mindful," as in, just paying attention and not having your head up your ass.
Mindfulness meditators are less rattled by actual reality as well. That's kind of the whole point of it. Things that are scary or stressful don't knock them off balance as much. The VR angle should not be a surprise.
I'm sure that once just one of these rounds malfunctions and destroys itself while still in the barrel, your rifle will disintegrate quite effectively while firing subsequent rounds.
Read TFA.
The rounds don't destroy themselves, they just become aerodynamically unstable and tumble, which makes them lose energy VERY quickly and subsequently drop like a rock so that they don't travel very far. None of this is a problem inside the ammo case, the magazine, the breech, the barrel itself or the muzzle.
Actually, as I understand it, the project started under George W. Bush, so the original research proposal stated that the desired bullet would be "morer ineffectivicated" after it went "kinda far."
How is this any different than a regular ICE car having remote start? Those have been pitched as "get the car warmed up inside and out before stepping outside!" deals for ages now.
That's a perfectly accepted use case now. The problem is the app/IoT side. Currently, it uses your keyfob to "authenticate" the request.
You raise an awesome question, and I'll answer it.
One, in the regular car example you describe, the attacker needs two things: to be able to spoof the keyfob, and physical proximity. The first hasn't always been trivial, but it's still got a lot of challenges. The second keeps the attack from scaling; you can't sit in one place at one time and simultaneously mess with tons and tons of cars. This attack is far, far easier to accomplish (you just need to know the network range in question and only have to iterate VINs, which for all their length really isn't all that hard) and scales like a motherfucker.
But two...and here's what's really fucked up...is that if you manage to spoof the keyfob, then you can start the car remotely, open the trunk, and lock/unlock the doors...and that's it. That's all you can do. But this..in TFA, they talk about how the attack doesn't work if the car is moving. That means one very important thing...that the hardware that provides this functionality is tied into the car's main CAN bus, and communicates directly with the ECU. That also means it speaks to pretty much everything else, as well. Given that there was obviously no real rigor around security, how much do we want to bet that this web-like interface with poor authentication is also vulnerable to worse attacks...that it would be possible to even execute code on the car, potentially? On a system that's tied into things like engine management, or ABS devices...very scary. You can't even imagine that kind of thing by spoofing a keyfob.
If the new owners of Slashdot really want to improve this site (and I have seen no evidence that they do), a good first step would be stop linking to stories that are paywalled, or that prohibit adblockers. There are always plenty of alternatives.
I think the solution is for people not to submit links that are paywalled, or that prohibit adblockers.
The economics of this is something the employer should take seriously; if you're paying your employees so poorly that they literally have nothing to lose by calling you out, then it's gonna happen.
If she had nothing to lose, then why is she complaining that she lost it?
Show me the law, ordnance, or other document of equal or greater weight (like the Constitution) that states this fact. I see no evidence that anyone is owned such things, nor do I see any means by which to defend this "right" you are talking about.
Do I believe that it's in the best interest of society to see that all people are provided these things? Absolutely. But that doesn't mean that they're actually owed to anyone, either as defined by reality or even the intent of the foundations of our society.
Maybe in retrospect, you should have just went with it and allowed Bush to have bad security.
That ramification of what facts my teammate and I (for 48 hours, only two of us knew what we'd found) knew crossed my mind for about a millisecond. But then, I thought of two things:
1, That he was (as much as I disliked it) elected lawfully, through due process. It went up to the ragged edge of that due process, but still. I was being trusted to help defend more than just one person, but rather the idea that an assassin shouldn't be allowed to negate or counter the rights of hundreds of millions of people.
I remember the days of the Clipper Chip, and of the prohibition on exporting strong crypto. I remember getting a package from Checkpoint in Ramat Gan, Israel (over international DHL, I believe it was) that was slathered with warning stickers that said it could not leave the USA...when it originated from Israel.
I remember in 2000, doing an IV&V of a VPN solution that did something really funky with their key generation, such that they were allowed to export strong (based on bit size) encryption without having to do key escrow. They put some of the key generation material in the handshake exchange...which means it went in the clear. I shit you not. Oh, and also, their algorithm had no forward secrecy...which was the whole point. Anyone who had sniffed the session could go to the operator of the VPN with a warrant, and have them re-generate the key that was negotiated between the two endpoints...making it possible to decrypt the session. Of course, this came along with a whole metric shitload of security problems, like the fact that compromising the VPN concentrator and pulling a little data off of it would give you the ability to decrypt any session that included that concentrator (we never got to the point of seeing if we could get the same effect by attacking the client). Basically, the whole thing was just a big pile of bitch cock, just waiting for disaster. (We also found a one-packed DoS, a buffer overflow, and other things...all unauthenticated attacks.)
And the best part? The client for whom it turned out I was doing this IV&V. It was the United States Secret Service...specifically the protective detail for the incoming Bush administration. This pig-fucker of a VPN solution was going to be used to protect the President of the United States. That was fun to find out...at the outset of the engagement, we thought our client was the Treasury Department in general (which was kind of true, in a way). When we had "The Meeting" to tell them what a disaster the solution was, they told us who we were really working for in specific. I really needed a drink after that meeting.
Needless to say, the Secret Service ended up going with a different solution.
And now here we are again...with different people but the same organizations bringing up the same dogshit reasons to try and justify demanding the same dumb-shit idea be implemented...backdoored encryption. I find it so incredibly interesting that, when it came down to it, the US Government wouldn't rely on a solution like that to protect themselves, but they would insist that the rest of us accept it for our own use. It makes me want to spew a litany of every obscene word and phrase I can remember, in alphabetical order.
Yeah and we are focused on fixing all the issues that have caused projects to move.
I want to commend you for participating in the forums, and keeping a remarkably calm demeanor as a significant number of Slashdot readers demonstrate that they go online primarily to yell at other people. It took me a minute to grasp that someone who is actually accountable for Slashdot and SourceForge was actually participating; we've become used to seeing strange behavior (Bennett Haselton*cough*) with no accountability, and not even someone willing to step up and speak to the complaints/arguments/whatever.
And now, here you are standing in the aftermath of that behavior...for which you are not responsible...and taking the brunt of it even after you announce that you've done a good thing that all the screaming howler monkeys actually wanted. Bravo, sir, bravo! Keep to the course, and I believe that it will get better.
As for those who are serving as the voice of reason, and pointing out that this new management is in no way responsible for past sins...keep that up too. We've got to help these people turn things back around by backing them up.
Please, please, please... No more Bennett Haselton monologs!
In other news, Bennett Haselton stood there dumbfounded, his cock still slick with the saliva of DHI as it gradually dried in the open air for the first time in years.
You don't have to worry about mileage because as soon as you drive one you'll understand why DMC went out of business. Also the added derp from all the people saying "OMG BACK TO THE FUTURE CAR" will wear off and you'll want to keep it locked away in your garage.
Trust me as someone who drove the the "Urkel Mobile" (BMW Isetta) for a few weeks.
Except that for a DeLorean, "good" is incredibly relative. The car's engine was an engineering disaster, and if one still runs it's on *very* borrowed time. There are a million kluges in the way they're built...for example, there was a problem where the throttle would stick in cold weather. It turned out that there was an issue with condensation forming, which would then run down into the throttle cable assembly...and freeze. Their solution? Put an l-shaped bracket above the assembly to make the water miss and land somewhere else.
In another example of how at-risk the engines are, an episode of "Comedians Getting Coffee" with Jerry Seinfeld and Patton Oswalt began...began...in a DeLorean. I say "began" because they didn't make it half a mile before the engine suffered a catastrophic failure, resulting in all kinds of fluids running freely and horrible sounds coming from inside. Chest-burster kind of engine failure.
And when you consider that a Mazda Miata genuinely has more horsepower than these cars ever had, the concept of having the look of a DeLorean, the body of a DeLorean, but NOT the original engine they came with...well, that sounds like a pretty good idea to me. I can see why they're giving it a shot, and it doesn't surprise me that the demand has been pretty high so far.
A. occur anytime soon or B. drive down car ownership,
is a pipe dream.
Billions have been poured into flight control systems and they all still require someone to sit behind the yoke and monitor them. While they do have an extra dimension, they also don't have to deal with as many variables, crappy roads, detours, crappy drivers to avoid, nonsensical roads, etc.
Before driverless cars are ubiquitous, nothing less than a complete overhaul of the roads to simplify routes, clearly mark boundaries, simplify interchanges, and reduce to a minimum possible conflicts, will be necessary. Billions and billions of infrastructure overhaul.
Comparing commercial passenger airline operations to driving cars is ridiculous. Airplanes are treated very, very differently from cars in a great number of ways..let's look at a few.
Okay, so let's start off with the regulations on maintenance of airliners. Logbooks are kept, specific forms of maintenance are required, people working on the planes MUST have specific training and credentials...and those are just the basics. Any material change to the aircraft, including updates to software or even flight mapping data, require re-testing. And failing to comply with any of these standards is actually considered a violation of law. Imagine if you'd get fined for being late for an oil change in your car, or for not getting the car re-certified when you got new tires?
Now, on for the more relevant point...training of the pilots. These are people who work their way up to being able to fly large jets, including a substantial amount of time in simulators...very expensive, elaborate simulators...before they even get to put their hands on the yoke of a real passenger jet. Compare and contrast this to student drivers with less than 30 hours of classroom time before they are driving regular cars on regular roads as the next step in their training, after which they are able to get a full-privilege license and drive just like anyone else.
Consider the accident rate of driving...32,675 deaths in 2015 in the United States (according to the Administrator of the NHTSA when he spoke last week at the Vehicle Cybersecurity Roundtable), of which "94%" (his number as well) were the result of "human error or human choice." Even if a car held as many passengers as a 737, that number of accidents (which actually represents fantastic progress, given that it's the lowest number of car-related deaths per 100,000 people since 1920) would cause people to go batshit insane if it happened in our airline industry. But in cars, it's just considered normal.
People...both the public and those in government...are WAY more tolerant of risk in cars than with regard to airlines. The head of the National Highway Transportation Safety Administration himself stood up last week in front of an audience of hundreds and espoused the expected life-saving benefits of self-driving technology. It won't be perfect, it'll need to improve, it will evolve over time...but those who would be in charge of promoting or limiting the technology have spoken and stated clearly that they are fully on the "promoting" side.
Define "properly". Having domain users in the local administrators group can save a small fortune in IT related support costs in many scenarios. It just needs to be weighed against the potential risks.
I would imagine that the potential risks for randsomware hitting an organisation with proper IT support should be minimal... unless someone isn't doing their backups properly.
When everyone goes home at night, re-image all PCs, and restore backups. That shouldn't cost $1m.
So...you're a fan of building a whole new PC image every time there's a patch? Not to mention the bandwidth needed to push images to all PCs at the same time, every single night, and be sure that there have been no issues? Let's also keep in mind the fact that desktop configurations in nearly all organizations differ, so you'll have driver concerns for some devices, and one-off applications (especially for the most critical users) on others.
At first blush, your "re-image all PCs" idea sounds great...but I've seen it tried and it never works. I'm guessing you've never even tried it.
Most of these ransomware packages can traverse laterally within an org; they run in the rights context of the user on the first infected computer and use that to infect other systems, spreading within the local network. So if you don't have your permissions properly set up (having "Domain Users" in the local Administrators group on your desktops as a matter of standard, for example), it's a cakewalk for the malware to hit everyone.
Slashdot Mirror
I love it! CALEA...the law that basically mandates that Carnivore be built-in to our telecommunications infrastructure, and which has probably made the warrantless wiretapping/metadata collection by the NSA far more technically simple to accomplish, is what ends up backfiring on the FBI. Priceless.
it was all over the tech sites, and everyone thought that they would revolutionize information-at-a-glance
No, idiot tech writers who don't actually know shit about tech or people trends thought it would 'revolutionize' anything.
The rest of us thought it was a shitty little under powered device locked into a shitty service and the only way to make it useful was to break it down into component parts which were far more valuable than the whole.
Well put.
Fundamentally, this thing is an overpriced, under-powered tablet. And it should serve as a warning to all the IoT adopters/designers out there who want to embed things like this in stoves and refrigerators: once you provide a device like this, it's an albatross. Kill the albatross, and you'll have a lot of upset customers. Remember that people don't get a new fridge every 3 years.
That only exists in the masturbatory fantasies of various techno-evangelist startups and large corps trying to cash in on a fad. In the real world I doubt many people want their white goods networked, or their home heating or their kettle or clothes or any of 101 other everyday objects that function perfectly well standalone and have no reason to be networked or even computerised. But where there's a sucker there's money to be made and the techno sharks are circling.
Think again.
I'm terrified of this inter-connectivity myself, but the damn devices are showing up everywhere I look. Locks on doors now have this capability. Nespresso's latest machine has an app. I do sous vide cooking...guess what, the latest immersion cooker out there, from Chef-Steps, can ONLY be controlled via a smartphone! I went to buy a new car a year ago...and I couldn't get one that wasn't a crappy econobox that DIDN'T have a network connection over cellular backhaul for telematics.
There's a twitter account...a very funny one...called "Internet of Shit." It makes fun of the ridiculous ways in which this trend is going completely over the edge. But even if only half of these products get any traction, that represents an incredible degree of added attack surface to our daily lives. And it looks like there is indeed a lot of traction out there. I see things like the outcry when Google changed their calendar API...and suddenly the first-model of Samsung smart fridges couldn't do calendaring properly. Turns out that a lot of people had those fridges, as insane as they seem to be. (I just got an iPad Mini and mounted it in the kitchen...more secure, upgradeable over time, better-managed, more flexible, better-placed, and I believe it was even a lot cheaper.)
A good way to see if you're in the movement of a trend is to look backwards. 30 years ago, nobody had a computer. 25 years ago, nobody had a network connection. 20 years ago, the lucky few had dialup Internet, and a bunch of people had "Fischer Price networking," (AOL), and while it wasn't essential, everybody knew about it and pretty much everyone wanted it. Now, most people carry a full-time networked computer in their pocket or purse. You can't job-shop effectively without going online, or having an email address. A staggering amount of individual purchasing takes place over networks using embedded devices like phones, and now entertainment is moving away from vertically-integrated institutions like cable companies to multi-vendor solutions like an ISP for data backhaul, Netflix/Pandora/Hulu/YouTube as the content distributor with tablet/phone/home computer/(Roku|AppleTV|FireTV) as the endpoint. I think I see a trend.
Good question. Why would you think that? S. Korea or Japan is much closer. Or the Aleutians if they are desperate to see American women.
It IS much closer...that's the reason why they probably wouldn't do it there if they could help it. Remember, when North Korean dictators have wanted certain things from South Korea or Japan, they've tended to just go and take them. Including movie producers and other artists. I really doubt they would fail to go after the crew, if they were so close by.
We'd better call Steven Seagal
You go ahead and call Seagal. I'm calling Erika Eleniak.
As I remember it, she was an essential part of it too. She shot O'Brien from Star Trek before he could shoot Seagal in the face.
On second thought...don't call Erika Eleniak. Let's have Seagal do this one solo.
In that vein, the current pain-point for the ODroid-2 is the fact that the AMLogic S905 SoC it is based on has no mainline kernel support; and the current vendor fork is of a version heading toward EOL uncomfortably quickly. There is supposed to be a mainlining effort that will fix this before the current option actually goes EOL; but that remains to be seen.
I must admit that (having come into linux back in the delightful days when Broadcom wireless meant screwing around with NDISwrapper) it's a bit of a shock; but the rPi actually has an atypically high plays-well-with-others factor. You can get them cheaper; and you can get them better; but until the 'every ARM SoC is its own dysfunctional port' issue gets ironed out, some very promising hardware can end up hobbled by neurotic and antique software.
I think the current pain point is something a lot less technical.
From TFA:
While the ODROID-C2 doesn't appear to be shipping in quantities yet and Hardkernel hasn't offered to send over any sample...
Only if you're an idiot. It's only about the one phone until precedent is made.
This.
And Apple's statement to this effect has already been proven true...for there are multiple cases where the FBI has asked for "just this one phone" to be unlocked in this manner. There are literally more than a dozen parallel efforts, in addition to this one particularly high-profile one, to get this to happen.
And from someone who really ought to know better.
What this tells me is that being the "Godfather of Encryption" is not mutually exclusive with being a dunce on operational security.
Waiting for a future, better case would sure end up looking foolish when the government argues, "What's the problem? You agreed to do this exact same thing before, in the San Bernardino case..."
Should he know better? I'm not sure. On one hand, Shamir is really good at math. But math has almost nothing to do with Constitutional law, which is what this is really about.
There's a big difference between who can create/build a certain technology, and who should be trusted with knowing how and when to use it. A lot of people conflate the two, but they are incredibly different skillsets.
"Mindfulness meditation" is how one would describe someone actively practicing not living in the moment. In other words, they're saying that people who exist higher on the consciousness scale (there are several terms for what boils down to heightened awareness) are better able to distinguish reality from virtual reality.
Actually, you have that backwards. "Mindfulness" is very much about living in the moment. It's nothing new, just a Western term for what is basically zen meditation. Think of it in terms of being "mindful," as in, just paying attention and not having your head up your ass.
Mindfulness meditators are less rattled by actual reality as well. That's kind of the whole point of it. Things that are scary or stressful don't knock them off balance as much. The VR angle should not be a surprise.
I'm sure that once just one of these rounds malfunctions and destroys itself while still in the barrel, your rifle will disintegrate quite effectively while firing subsequent rounds.
Read TFA.
The rounds don't destroy themselves, they just become aerodynamically unstable and tumble, which makes them lose energy VERY quickly and subsequently drop like a rock so that they don't travel very far. None of this is a problem inside the ammo case, the magazine, the breech, the barrel itself or the muzzle.
Fewer effective.
Morons.
Actually, as I understand it, the project started under George W. Bush, so the original research proposal stated that the desired bullet would be "morer ineffectivicated" after it went "kinda far."
How is this any different than a regular ICE car having remote start? Those have been pitched as "get the car warmed up inside and out before stepping outside!" deals for ages now.
That's a perfectly accepted use case now. The problem is the app/IoT side. Currently, it uses your keyfob to "authenticate" the request.
You raise an awesome question, and I'll answer it.
One, in the regular car example you describe, the attacker needs two things: to be able to spoof the keyfob, and physical proximity. The first hasn't always been trivial, but it's still got a lot of challenges. The second keeps the attack from scaling; you can't sit in one place at one time and simultaneously mess with tons and tons of cars. This attack is far, far easier to accomplish (you just need to know the network range in question and only have to iterate VINs, which for all their length really isn't all that hard) and scales like a motherfucker.
But two...and here's what's really fucked up...is that if you manage to spoof the keyfob, then you can start the car remotely, open the trunk, and lock/unlock the doors...and that's it. That's all you can do. But this..in TFA, they talk about how the attack doesn't work if the car is moving. That means one very important thing...that the hardware that provides this functionality is tied into the car's main CAN bus, and communicates directly with the ECU. That also means it speaks to pretty much everything else, as well. Given that there was obviously no real rigor around security, how much do we want to bet that this web-like interface with poor authentication is also vulnerable to worse attacks...that it would be possible to even execute code on the car, potentially? On a system that's tied into things like engine management, or ABS devices...very scary. You can't even imagine that kind of thing by spoofing a keyfob.
If the new owners of Slashdot really want to improve this site (and I have seen no evidence that they do), a good first step would be stop linking to stories that are paywalled, or that prohibit adblockers. There are always plenty of alternatives.
I think the solution is for people not to submit links that are paywalled, or that prohibit adblockers.
And I am sure it had nothing to do with her getting alcohol delivered to her while at work or bragging about making sexual jokes to the companies twitter account. It's either quite a coincidence or she knew she was in trouble and wrote the letter to try and make the company look worse.
Wow...Bulleit bourbon, delivered to her at work. And she was supposedly poor?
The economics of this is something the employer should take seriously; if you're paying your employees so poorly that they literally have nothing to lose by calling you out, then it's gonna happen.
If she had nothing to lose, then why is she complaining that she lost it?
You're a human being.
True.
You're owed food, shelter and healthcare.
So not true.
Show me the law, ordnance, or other document of equal or greater weight (like the Constitution) that states this fact. I see no evidence that anyone is owned such things, nor do I see any means by which to defend this "right" you are talking about.
Do I believe that it's in the best interest of society to see that all people are provided these things? Absolutely. But that doesn't mean that they're actually owed to anyone, either as defined by reality or even the intent of the foundations of our society.
Maybe in retrospect, you should have just went with it and allowed Bush to have bad security.
That ramification of what facts my teammate and I (for 48 hours, only two of us knew what we'd found) knew crossed my mind for about a millisecond. But then, I thought of two things:
1, That he was (as much as I disliked it) elected lawfully, through due process. It went up to the ragged edge of that due process, but still. I was being trusted to help defend more than just one person, but rather the idea that an assassin shouldn't be allowed to negate or counter the rights of hundreds of millions of people.
2, Also, Cheney was next in line.
I remember the days of the Clipper Chip, and of the prohibition on exporting strong crypto. I remember getting a package from Checkpoint in Ramat Gan, Israel (over international DHL, I believe it was) that was slathered with warning stickers that said it could not leave the USA...when it originated from Israel.
I remember in 2000, doing an IV&V of a VPN solution that did something really funky with their key generation, such that they were allowed to export strong (based on bit size) encryption without having to do key escrow. They put some of the key generation material in the handshake exchange...which means it went in the clear. I shit you not. Oh, and also, their algorithm had no forward secrecy...which was the whole point. Anyone who had sniffed the session could go to the operator of the VPN with a warrant, and have them re-generate the key that was negotiated between the two endpoints...making it possible to decrypt the session. Of course, this came along with a whole metric shitload of security problems, like the fact that compromising the VPN concentrator and pulling a little data off of it would give you the ability to decrypt any session that included that concentrator (we never got to the point of seeing if we could get the same effect by attacking the client). Basically, the whole thing was just a big pile of bitch cock, just waiting for disaster. (We also found a one-packed DoS, a buffer overflow, and other things...all unauthenticated attacks.)
And the best part? The client for whom it turned out I was doing this IV&V. It was the United States Secret Service...specifically the protective detail for the incoming Bush administration. This pig-fucker of a VPN solution was going to be used to protect the President of the United States. That was fun to find out...at the outset of the engagement, we thought our client was the Treasury Department in general (which was kind of true, in a way). When we had "The Meeting" to tell them what a disaster the solution was, they told us who we were really working for in specific. I really needed a drink after that meeting.
Needless to say, the Secret Service ended up going with a different solution.
And now here we are again...with different people but the same organizations bringing up the same dogshit reasons to try and justify demanding the same dumb-shit idea be implemented...backdoored encryption. I find it so incredibly interesting that, when it came down to it, the US Government wouldn't rely on a solution like that to protect themselves, but they would insist that the rest of us accept it for our own use. It makes me want to spew a litany of every obscene word and phrase I can remember, in alphabetical order.
Yeah and we are focused on fixing all the issues that have caused projects to move.
I want to commend you for participating in the forums, and keeping a remarkably calm demeanor as a significant number of Slashdot readers demonstrate that they go online primarily to yell at other people. It took me a minute to grasp that someone who is actually accountable for Slashdot and SourceForge was actually participating; we've become used to seeing strange behavior (Bennett Haselton *cough*) with no accountability, and not even someone willing to step up and speak to the complaints/arguments/whatever.
And now, here you are standing in the aftermath of that behavior...for which you are not responsible...and taking the brunt of it even after you announce that you've done a good thing that all the screaming howler monkeys actually wanted. Bravo, sir, bravo! Keep to the course, and I believe that it will get better.
As for those who are serving as the voice of reason, and pointing out that this new management is in no way responsible for past sins...keep that up too. We've got to help these people turn things back around by backing them up.
Please, please, please... No more Bennett Haselton monologs!
In other news, Bennett Haselton stood there dumbfounded, his cock still slick with the saliva of DHI as it gradually dried in the open air for the first time in years.
You could already get a good used one for $15,000-$30,000... http://www.hemmings.com/classi...
You don't have to worry about mileage because as soon as you drive one you'll understand why DMC went out of business. Also the added derp from all the people saying "OMG BACK TO THE FUTURE CAR" will wear off and you'll want to keep it locked away in your garage.
Trust me as someone who drove the the "Urkel Mobile" (BMW Isetta) for a few weeks.
Except that for a DeLorean, "good" is incredibly relative. The car's engine was an engineering disaster, and if one still runs it's on *very* borrowed time. There are a million kluges in the way they're built...for example, there was a problem where the throttle would stick in cold weather. It turned out that there was an issue with condensation forming, which would then run down into the throttle cable assembly...and freeze. Their solution? Put an l-shaped bracket above the assembly to make the water miss and land somewhere else.
In another example of how at-risk the engines are, an episode of "Comedians Getting Coffee" with Jerry Seinfeld and Patton Oswalt began...began...in a DeLorean. I say "began" because they didn't make it half a mile before the engine suffered a catastrophic failure, resulting in all kinds of fluids running freely and horrible sounds coming from inside. Chest-burster kind of engine failure.
And when you consider that a Mazda Miata genuinely has more horsepower than these cars ever had, the concept of having the look of a DeLorean, the body of a DeLorean, but NOT the original engine they came with...well, that sounds like a pretty good idea to me. I can see why they're giving it a shot, and it doesn't surprise me that the demand has been pretty high so far.
The idea that "self driving cars" will
A. occur anytime soon or
B. drive down car ownership,
is a pipe dream.
Billions have been poured into flight control systems and they all still require someone to sit behind the yoke and monitor them. While they do have an extra dimension, they also don't have to deal with as many variables, crappy roads, detours, crappy drivers to avoid, nonsensical roads, etc.
Before driverless cars are ubiquitous, nothing less than a complete overhaul of the roads to simplify routes, clearly mark boundaries, simplify interchanges, and reduce to a minimum possible conflicts, will be necessary. Billions and billions of infrastructure overhaul.
Comparing commercial passenger airline operations to driving cars is ridiculous. Airplanes are treated very, very differently from cars in a great number of ways..let's look at a few.
Okay, so let's start off with the regulations on maintenance of airliners. Logbooks are kept, specific forms of maintenance are required, people working on the planes MUST have specific training and credentials...and those are just the basics. Any material change to the aircraft, including updates to software or even flight mapping data, require re-testing. And failing to comply with any of these standards is actually considered a violation of law. Imagine if you'd get fined for being late for an oil change in your car, or for not getting the car re-certified when you got new tires?
Now, on for the more relevant point...training of the pilots. These are people who work their way up to being able to fly large jets, including a substantial amount of time in simulators...very expensive, elaborate simulators...before they even get to put their hands on the yoke of a real passenger jet. Compare and contrast this to student drivers with less than 30 hours of classroom time before they are driving regular cars on regular roads as the next step in their training, after which they are able to get a full-privilege license and drive just like anyone else.
Consider the accident rate of driving...32,675 deaths in 2015 in the United States (according to the Administrator of the NHTSA when he spoke last week at the Vehicle Cybersecurity Roundtable), of which "94%" (his number as well) were the result of "human error or human choice." Even if a car held as many passengers as a 737, that number of accidents (which actually represents fantastic progress, given that it's the lowest number of car-related deaths per 100,000 people since 1920) would cause people to go batshit insane if it happened in our airline industry. But in cars, it's just considered normal.
People...both the public and those in government...are WAY more tolerant of risk in cars than with regard to airlines. The head of the National Highway Transportation Safety Administration himself stood up last week in front of an audience of hundreds and espoused the expected life-saving benefits of self-driving technology. It won't be perfect, it'll need to improve, it will evolve over time...but those who would be in charge of promoting or limiting the technology have spoken and stated clearly that they are fully on the "promoting" side.
Define "properly". Having domain users in the local administrators group can save a small fortune in IT related support costs in many scenarios. It just needs to be weighed against the potential risks.
I would imagine that the potential risks for randsomware hitting an organisation with proper IT support should be minimal... unless someone isn't doing their backups properly.
When everyone goes home at night, re-image all PCs, and restore backups. That shouldn't cost $1m.
So...you're a fan of building a whole new PC image every time there's a patch? Not to mention the bandwidth needed to push images to all PCs at the same time, every single night, and be sure that there have been no issues? Let's also keep in mind the fact that desktop configurations in nearly all organizations differ, so you'll have driver concerns for some devices, and one-off applications (especially for the most critical users) on others.
At first blush, your "re-image all PCs" idea sounds great...but I've seen it tried and it never works. I'm guessing you've never even tried it.
Most of these ransomware packages can traverse laterally within an org; they run in the rights context of the user on the first infected computer and use that to infect other systems, spreading within the local network. So if you don't have your permissions properly set up (having "Domain Users" in the local Administrators group on your desktops as a matter of standard, for example), it's a cakewalk for the malware to hit everyone.