if you can milk something infinately, it removes all incentive to create new creative works
Honestly, I'm not sure this is a great argument for copyright reform...
If you look at Disney (who are notorious for lobbying copyright changes/extensions) for example... They've got an absolute stranglehold on a lot of their original IP. They've extended those copyrights well beyond the original limits. But they're still turning out new material. When is the last time you actually saw Mickey Mouse in anything new? I don't even think I've seen him in much of their advertising lately...
So, Disney is obviously turning out new creative works. Well... Ok... Maybe not terribly creative, as it seems they're all just princess stories... But they're rolling out new characters and new movies and whatnot.
Yes, their stranglehold on the copyright of the old Sleeping Beauty movie allows them to re-release it every couple of years in limited numbers, and make money off of it over and over again... But they're still turning out new stuff.
The problem with extending copyright to infinity (and beyond!) is that it doesn't allow other folks to expand on the original creation.
H.P. Lovecraft's greatest contribution to literature wasn't any of the actual stories he wrote, but his correspondence with other authors. They freely shared ideas and information... Swapped plot elements and settings and characters... And now you've firmly established the Cthulhu Mythos as a genre all its own. The Necronomicon has become, quite possibly, the best-known evil book in existence. It shows up everywhere. And this would never have happened if H.P. Lovercraft (or his estate, or whoever managed to buy his rights, or whatever) had maintained a stranglehold on his IP.
Look at recent variations on the old Jane Austen books... Pride and Prejudice and Zombies or Sense and Sensibility and Sea Monsters...
Or all the re-envisioning of Shakespeare's stuff... Romeo and Juliet becomes West Side Story becomes Romeo Must Die...
With the stranglehold that Disney has on its IP, nobody is going to be rolling out Mickey Mouse and Zombies anytime soon. Well, maybe if you could convince folks it was a parody or something... But you'd have one hell of a legal battle to fight.
And this is where perpetual copyright is harmful.
The original creators are going to create or not, according to their whims. Maybe they're content to milk a title forever... Maybe that title isn't interesting enough to be milked forever... Maybe they're just so full of ideas they can't stop creating... Maybe they'd like to create more, but they just don't have anything else to say...
No copyright law is ever going to magically flood the world with new creative works. No law or financial incentive is going to inspire creativity in somebody with absolutely no talent for creation. It isn't going to force some brilliant artist to take up the brush again just because he needs to eat. There are far easier ways to make a living.
But what it does do is prevent others from expanding on the original creation.
No West Side Story, no Pride and Prejudice and Zombies, no Re-Animator.
And I think Sherlock Holmes is a singularly bad example of this, as there are literally tons of derivative works out there.
You went from the above in your original post, to whistleblower employees playing Spy vs. Spy in your latest. I humored your first reply by pointing out ways that you can actually layer your security to prevent most data protection breaches, instead of resigning yourself to the fact that users prefer to make their passwords "password", and it's not like there's anything you can do about that... But come on, you're kind of changing the subject here... I specifically said that nothing is 100% effective. I realize that cognitive marvels can memorize things. Or write them down on a notepad. I wasn't talking about that, but then neither were you initially.
Yes, actually, I was. The original subject of this entire thread was, in regards to encryption:
what do you think the hold up is? Are the existing protocols somehow not good enough? Are the protocols fine, but not supported well enough in software? Is it too complicated to manage the various encryption protocols and keys? Is it ignorance or apathy on the part of the IT community, and that we've failed to demand it from our vendors?
Which eventually resulted in my posting my assent.
I never suggested that encryption was useless. Nor did I suggest that your layered approach has no merit. I stated, instead:
But when you're looking at where to spend money, and what effort is going to get you the most impact, encryption isn't necessarily it.
The weakest link is the people behind the terminals, which I've said over and over again.
You're pointing out one specific person behind a terminal - the sysadmin. And, yes, a lazy sysadmin is going to be a problem. And the solution to a lazy sysadmin isn't going to be throwing hardware and technology at that sysadmin - it's going to be training that sysadmin how to do their job correctly. And if the training succeeds, then that sysadmin will ask you for the appropriate tools to implement whatever security they feel is necessary.
I've just been throwing out one random example after another where technology isn't going to solve the problem for you.
I used the example of convincing a user to click something they shouldn't... I did not mean to suggest that this could only be a trojan on their computer. It could also be as simple as buzzing somebody through a door because they claimed to have left their key/badge/whatever in the car.
I never suggested any kind of spy vs. spy stuff... I pointed out that whistleblowers and corporate espionage have existed since before digital computers... Not to suggest that your layered approach would be useless in the face of such elite hax0rs... But to point out that information has been leaking out of companies since before digital encryption existed.
My whole assertion, from my very first post, is that technology (specifically in the form of encryption, but also in the form of just about any other security product) is not the whole solution. And that in many cases your time and effort is better spent in educating the users of that technology - both the end users reading their mail and the sysadmin running the mail server.
But accounts still get compromised left and right.
More accurately, the Windows machines of users with Blizzard accounts are compromised left and right as a means to compromise a Blizzard account. The system gets compromised and then phones home with account credentials as users log in.
Sometimes.
There are also frequent cases of an account being shared and one of the "trusted" individuals not being so trustworthy. I've seen it happen more than once myself.
Blizzard combats this with a key chain authenticator. Doesn't stop the machine from being infected but insures that when the user name/password makes it to the wrong hands it is not useful because the attackers don't have the 3rd login credential (which is time sensitive and cryptographically generated by a separate physical device).
The authenticator only adds security if the account belongs to a single user. If multiple people are using the account, intentionally, then they'll be sharing the authenticator as well. Yes, I realize this would mean they'd need physical access to the authenticator. But if one of them decides to sell all the lewtz for money, the authenticator isn't going to stop that.
Nor is an authenticator going to prevent somebody with appropriate access from emptying out a guild's vaults.
No measure or countermeasure is ever 100%, but in your disgruntled employee scenario, if you know what the confidential information is, you could use some mix of Rights Management Software... as well as the blocking of file types (say,.png,.jpg,.gif screenshots) from exiting the internal network... as well as preventing USB drive access, etc... and a lock on the computer case. So now the disgruntled employee would have to walk out the door with the computer
Or press CTRL+P... Or snap a picture with their cell phone... Or write the information down on a post-it note... Or call someone up and read the information off to them over the phone... Or just remember enough important information to share it with someone else...
Again, it might not be 100%, but depending on how many 9's you need to put next to your certainty that no confidential data can leave the network, and how much the business is willing to pay to implement it, you can have a fair amount of data protection. You're definitely not helpless to the whims and malice of your users.
The problem isn't in somehow constraining your data from leaving the network. The problem is in keeping the information from leaving the company.
Corporate espionage and whistleblowers and whatever else existed long before digital computers did.
Which is my whole point - no amount of technology is going to prevent a user from leaking information that they have legitimate access to in the course of their work.
You can reduce the impact of accidental leaks... You can block out viruses and keyloggers and whatnot... You can make it hard for someone who isn't supposed to have access to your data...
But the easiest vector of attack has always been the person behind the terminal.
And implementing all sorts of high-tech security isn't going to make it any harder to exploit that weakest link.
If you can bribe a user, or trick them into clicking something they shouldn't, or convince them to trust you, or whatever - you can get access to their data. Regardless of the security measures put in place.
In a sense, though, the weakest link is actually the sysadmin, who isn't enforcing appropriate password complexity, length, age, etc... As well as, in a corporate context, not locking-down the network and machine and user profile, so that keylogging executables aren't so much of a problem. Even if the business and/or customers complain about "impact", there's always a way to win the argument for establishing and enforcing IT policies that make sense. You have to be willing to save users from themselves.
Negative.
Say I'm the absolute best sysadmin in the universe. I've got everyone required to use long, complex passwords that they have to change frequently. I've got smartcards and retinal scanners and crazy sci-fi encryption going on. Absolute top-of-the-line security.
And some disgruntled employee decides to share some confidential information with someone he shouldn't.
How am I going to prevent that?
That employee has whatever credentials are necessary to access that information. They have to, because their job requires it. So no amount of passwords and encryption are going to prevent that employee from accessing the information.
The weakest link is always going to be the person sitting in front of the terminal. It doesn't matter how secure your network is... If someone decides to share information that they shouldn't, that information is going to get out.
Everything you do online provides personal information in some way.
That's true... But who are you trying to hide that personal information from? If you're sending everything with HTTPS you're protected from maybe your ISP snooping... Or your network administrator... Or someone in the middle like that...
But the website you're visiting is perfectly free to collect anything and everything it wants. You've just secured the connection between you and the site.
If the bank has a pile of tapes stolen, you're still in trouble. If Google leaks some more documents, you're still in trouble. If Facebook changes their privacy policy again, you're still in trouble. If Amazon shares your purchase history, you're still in trouble. If some advertiser drops a cookie on your system, you're still in trouble. If you get re-directed to a sophisticated phishing site and don't notice it, you're still in trouble.
I'm fairly certain Blizzard uses some kind of encryption on their database. Probably doesn't send passwords in cleartext. But accounts still get compromised left and right. Not because the encryption is failing, but because people set stupid passwords and share them with friends.
The same thing is true of banking websites, and PINs, and logins to the corporate network, and whatever else. The weakest link isn't whether your data/authentication/network/connection/whatever is encrypted... The weakest link is the person sitting in front of the terminal. And as long as you've got users who'll click on random executables and use their kid's name as a password and share their credentials with someone else, encryption isn't really going to get you very far.
Sure, it'd help... It'd be another layer of protection. Another bit of security. I'm not saying that people shouldn't use encryption... But when you're looking at where to spend money, and what effort is going to get you the most impact, encryption isn't necessarily it.
What about the software that interprets the data? The driver to connect the scale to the software? Yeah I bet you could slap together some code in python in a day or two, but it still has to be documented, and verified by the FDA. I'd rather they be too careful, and have a device they can trust, rather than look at some data, notice an anomaly, and dismiss it because "the software is buggy", when in fact it might be significant in that you had a minor stroke and they didn't catch it due to crappy data collection. And then you die. Or are paralyzed. No, I'd rather have the correctly build, specified, and documented devices used on me, thanks. Medical care (quality, not cost/availability)in the US is top notch due to all the checks the FDA has.
You them to be careful, and create a device that they can trust... With FDA oversight and whatnot. Which is, in the case of this article, raising the price from $100 to $18,000.
I understand that you want reliable software and hardware... Usable results...
But I'm suggesting that "good enough" may very well be good enough. If we're talking about a scale, do we really need to spend $10,000 for FDA testing and approval? It measures weight... Can't you pretty much verify that with another scale or two? And if it isn't 100% accurate, is the difference of a half pound here or there going to make that big of a difference?
exactly. the FDA requires significant documentation of the hardware and software along all lines of the R&D, and manufacturing process. which are actively audited by the FDA. documentation, and documentation compliance is a huge chunk (not the largest, but definitely a line item on their accounting paperwork) of their budget.
Seems to me that all this documentation and testing is perhaps not all that necessary for some "medical" devices.
Sure, something that's going to irradiate me to kill tumors or check for broken bones? Go ahead and get it all kinds of FDA tested. Pills? Drugs? Implants? Yeah, let's get those tested too.
A balance board or a scale? I'm thinking it's probably good enough to make sure they read accurately and then call it done. What's the worst that's going to happen if a scale malfunctions? Is anybody going to be killed in a freak balance board accident?
SysRq is the print screen button, and I use it all of the time too. It is cut and paste for me, alt-printscreen (or control-printscreen) then shift-printscreen. Fastest screen paste in the west....
Yup. I don't know that I've ever actually used SysRq for anything... But I use Print Screen all the freaking time.
If they're just going to take off the SysRq text, and leave the key simply labeled Print Screen that's fine... But if they're going to remove the entire key, physically, that's going to be a problem.
It isn't the ending that's going out of style, it's the plot.
The reason we had an ending before, is because we had a plot. There was a beginning a middle and an end. Exposition, rising action, climax, and resolution. These days a lot of games don't have much of a plot.
Instead, you'll have a setting... You're some random soldier in WWII, or a grunt running around World of Warcraft... And there really isn't any exposition or climax or anything like that... It's just kind of a day in the life of...
And that's fine for something like an MMO or a multiplayer-oriented FPS or something...
But I'm starting to see single-player games that don't have much of a plot either. Individual missions/levels/whatever might have some kind of plot to them... Maybe you're trying to keep the enemy from capturing the fuel dump or whatever... But the game as a whole is just kind of a collection of random missions strung together. There isn't any real story being told - other than these are the things that this guy did.
And when you have no overall plot, you can't really have much of an ending.
It'd be much more useful if they printed the minimum battery life on the box. Then I know, no matter what, I'll get at least that much time out of the battery... And if I'm not actually working it that hard, I'll get more.
That would be nice, but given the nature of Lithium-Ion batteries it would still be unrealistic. Anyone who has a laptop or a cell phone knows that after the first few times you use it, the battery loses a great deal of its charge capacity. What I really want to see is how long the battery lasts, after you've been using the machine for a month.
Of course, if they did that.... Especially if they advertised the minimum like I'd want.... Their advertising would look pretty unimpressive. They'd be advertising minimum battery life of 30 minutes or something.
So what they mean is that the laptop will be deciding when it should be fast or slow, with no input from the user? How's this different than the gazillion power management settings we have now (except switching between GPUs of course)?
I am also not sure I like the sentiment of "user-independent" is somehow more beneficial to the user. It sounds too much like the drivel from the RIAA/MPAA: "we will enhance customer value by increasing the price and decreasing what they can do with it."
If you know enough to dig into the power settings and get everything set up just right for your own usage patterns, then this laptop is not aimed at you.
This laptop is aimed at users who don't know enough to configure their own power options. The whole point is that the laptop's hardware will make decent guesses as to the necessary power settings and switch as necessary - hopefully getting you performance when you need it, while still saving power when you don't.
Which can be accomplished right now, if you know what you're doing.
Keep in mind that the quoted number is always for minimal usage.
This always annoys me.
I guess it's good to know how long the battery will last if I do basically nothing... But how long will it last if I'm actually using the wireless to surf the web? Or if I'm playing a game? Or watching a video?
Obviously it'll be less than what's advertised on the box... But how much less?
Of course I can figure this out for myself fairly easily just by trying it out and timing how long the battery lasts. But that doesn't help me much when I'm trying to make a purchasing decision.
It'd be much more useful if they printed the minimum battery life on the box. Then I know, no matter what, I'll get at least that much time out of the battery... And if I'm not actually working it that hard, I'll get more.
What is wrong with you slashdotters? Not so much you individually, but in general? Every week we have the required slashvertisement for e-ink based displays, and the astroturfers come out and post unbelievable claims about humans eyes being physically unable to gaze upon LCDs, like they're a medusa's head made of silicon.
It would be laughable if read on time.com or something, but its even worse here. Come on, this is slashdot. Supposedly we all spend 16 hours a day gazing into our L C D computer screens doing programming or sysadmining or WOW or Pr0n or slashdot or whatever. I have spent 40 hours a week at work gazing into my "horrible LCD" since the early 2000s, and prior to that I spent at least a decade or so gazing into CRTs. It doesn't hurt. At all. Its actually kind of nice.
Obviously, your mileage will vary...
Myself, I don't generally spend all day long reading text on a screen. I'll read some text, then take a phone call or talk to someone. Then have to leave my desk to go fix a machine. Maybe have to drive somewhere.
When I get home in the evening I might watch something on TV, or I might play a video game... But thatt's not text on a screen either.
On the rare occasions that I do spend all day reading text on a screen, I definitely feel it. It's called eye strain. It doesn't mean that you have an untreated illness any more than your muscles hurting after a strenuous workout means that there's something wrong with you.
I have glasses. I see an optometrist on a fairly regular basis. There is nothing unusually wrong with my eyes.
But the fact of the matter is that eye strain is real.
Reading from a backlit display causes more strain than reading something lit with reflected light.
What does hurt, is holding a Sony e-ink reader and being able to read the tiny little page faster than it refreshes, while I squint at gray on gray color scheme and no proper backlight so its always got weird distracting shadows. Its about as appealing as reading a book in a cave with the worlds slowest robot arm turning the pages. I'm sorry if it ruins the slashvertisement, but the product just sucks.
I agree with your assessment of the Sony device. I shopped around quite a bit recently and I was not impressed with their device. The display refreshed very slowly, the contrast was not good, and the addition of a touchscreen overlay caused odd shadowing.
The lack of a backlight, however, is par for the course. I don't believe any of the ereaders have a backlight, because that would kind of defeat the purpose of a display that uses reflected light.
It is annoying in low-light conditions... I would like to see one with a built-in book light of some sort. Not a back-light, but just a little LED I could flip up to light the thing from the front, like a normal book.
This e-ink stuff is a marketing gimmick to justify charging outrageous prices. If someone would just release a very basic LCD book reader for $19.99 it would probably sell 100,000 units faster than e-ink sellers could sell 100 units. It would probably put the e-ink people out of business, almost overnight.
You have obviously not spent much time reading books on an LCD.
I've been reading ebooks for literally years now. I started out on a Handspring Visor... Then I moved to a Palm m505... Then to a desktop with a CRT, and a laptop with an LCD... And now I've got a nook with an e-ink display.
There is a huge difference.
The first difference is battery life. I can read for about four days on my nook before I feel the need to recharge it. And I could go much longer than that if I'd turn off the wireless. My netbook, by comparison, is good for about a day. My old PDAs were good for about two days, roughly. Whether you like it or not, e-ink draws significantly less power than an LCD does.
The second difference is readability. When I'm reading a novel I'll be looking at text for a good couple of hours at a time. Reading on a backlit display (like most LCDs) causes more eyestrain than reading something that uses reflected light (like a paper book or e-ink display). While you can do a reflectively-lit LCD (my old Handspring did that) there's still the refresh rate and contrast. Ultimately, if I'm going to spend 8+ hours looking at text on a screen, it'll hurt a lot less if it's e-ink.
Seems like people are really bitching that e-readers can't be used for video. My question is why did you buy an e-READER if you wanted to watch VIDEO? You should have bought a laptop.
I got a nook for the holidays.
Had it at work last week, someone noticed it and asked what it was. I told them it was an ereader, for reading books. They then asked if it could play video too. They looked slightly confused when I indicated that it was just for books.
I think there are two major problems with ereaders right now...
First of all, people have come to expect that electronic gadgets can do a bunch of different things. Typically one of those things is video playback. Many MP3 players can also play video. iTunes (ostensibly a music store) sells video. Many cell phones can play music and video. So the idea of a device that basically does just one thing, and doesn't play video, is a little weird.
The second problem is that not all that many people are familiar with the idea of reading novels for entertainment. When I tell someone that the nook is just for reading books, they usually look at me slightly odd.
So maybe someone who owns a Kindle or a Nook can answer me something that has bugged me for a while: Why on earth do these things appear to have screensavers? By changing the image when the machine is idle, doesn't a screensaver actually drain the battery where normally there would be no drain at all? Does an e-ink screen really need to be "saved" (i.e. will it burn out/burn in)?
I don't know if it's possible to actually burn-in an e-ink display or not... I'm thinking probably not, but that's just a guess.
One reason for the screensaver is a very basic privacy measure. Just like closing a book obscures the text within, a screensaver obscures the text you were reading.
As for the power consumption... Changing the image will draw a tiny amount. If the screensaver is anything like the one on my nook, it'll only change the image once in a great while. So the screensaver itself is hardly going to drain anything. A far bigger draw will be leaving the wireless enabled, or keeping the thing in standby/sleep instead of completely powering it off.
The big draw of E-Ink is that it only uses power when doing a page change. Do the color versions mentioned in TFA do that as well? If so, welcome. If not, nice try but fail.
That is a big part of it... But readability is also a huge bonus with e-ink. The fact of the matter is that a backlight is harder on the eyes than simple reflected light. Most of the ereaders advertise that they're as readable as paper books - largely because of the lack of backlight.
A domain name is the thing you type into your browser to find a website, or the bit after the @ in an email address. It generally identifies an organization.
For example, fred@example.com is looking for the user "fred" at the organization "example.com"
In the case of a private individual, there really isn't a whole lot of need for your own domain name. I have my family's name registered... Run a blog there, and a photo gallery, and email for family members... But I'm a geek. Most folks do just fine with an AOL or HOTMAIL or GMAIL address. And that's fine if you're a private individual communicating with your friends and family.
If you're a business however... It's part of how you present your business to the rest of the world. Much like the signage you hang on your building and the ads you run.
Say I'm shopping around for an electrician... One of them suggests I contact "ElectroJoe123@aol.com" and the other suggests I can email "j.smith@electricians.com" - one of those looks far more professional than the other. It's kind of like having a plumber show up to your house in a clean uniform and all the tools he needs, with an air of professionalism and competence. Or having a plumber show up in ripped jeans, covered with grime, constantly muttering to himself and running back to the shop for parts that he forgot.
Of course there's no guarantee that one is better than the other... But when you're shopping around for somebody to hire, appearances matter. All things being equal, I'll hire the professional-looking guy.
Given the cost-cutting trend we've seen in IT over the past decade, would the image of someone that spends additional money/time on unnecessary technology be appealing?
A domain registration costs something like $10/year.
Cheap hosting, if you don't have hardware yourself, costs something like $40/year.
For $50/year you can get yourself a nice, shiny, professional looking email address instead of something @aol.com Which says to me, if they're still using an AOL address, that they just don't care.
If it's somebody's private email address, for friends and family, it really doesn't matter. I've got a GMAIL address I use for such personal communication. But for a business email address, that's really pretty sloppy.
I'm not saying I'll just ignore anybody with an AOL or HOTMAIL email address... But if I'm looking to hire an electrician or something like that, the guy with the AOL address already looks less professional than someone who has their own domain.
I think they're going to have a hard time making that case since so few people will make the connection. Dick is not one of those authors whose works are so familiar to the general public that there is likely to be any mental connection between the average person visiting a T-Mobile store and thinking about buying an Android phone and Do Androids Dream of Electric Sheep.
I might agree with you if they'd named their new phone the Ubik or something like that...
But they chose a reference that the average person just might get - seeing as Blade Runner is a fairly well-known movie.
Slashdot Mirror
if you can milk something infinately, it removes all incentive to create new creative works
Honestly, I'm not sure this is a great argument for copyright reform...
If you look at Disney (who are notorious for lobbying copyright changes/extensions) for example... They've got an absolute stranglehold on a lot of their original IP. They've extended those copyrights well beyond the original limits. But they're still turning out new material. When is the last time you actually saw Mickey Mouse in anything new? I don't even think I've seen him in much of their advertising lately...
So, Disney is obviously turning out new creative works. Well... Ok... Maybe not terribly creative, as it seems they're all just princess stories... But they're rolling out new characters and new movies and whatnot.
Yes, their stranglehold on the copyright of the old Sleeping Beauty movie allows them to re-release it every couple of years in limited numbers, and make money off of it over and over again... But they're still turning out new stuff.
The problem with extending copyright to infinity (and beyond!) is that it doesn't allow other folks to expand on the original creation.
H.P. Lovecraft's greatest contribution to literature wasn't any of the actual stories he wrote, but his correspondence with other authors. They freely shared ideas and information... Swapped plot elements and settings and characters... And now you've firmly established the Cthulhu Mythos as a genre all its own. The Necronomicon has become, quite possibly, the best-known evil book in existence. It shows up everywhere. And this would never have happened if H.P. Lovercraft (or his estate, or whoever managed to buy his rights, or whatever) had maintained a stranglehold on his IP.
Look at recent variations on the old Jane Austen books... Pride and Prejudice and Zombies or Sense and Sensibility and Sea Monsters...
Or all the re-envisioning of Shakespeare's stuff... Romeo and Juliet becomes West Side Story becomes Romeo Must Die...
With the stranglehold that Disney has on its IP, nobody is going to be rolling out Mickey Mouse and Zombies anytime soon. Well, maybe if you could convince folks it was a parody or something... But you'd have one hell of a legal battle to fight.
And this is where perpetual copyright is harmful.
The original creators are going to create or not, according to their whims. Maybe they're content to milk a title forever... Maybe that title isn't interesting enough to be milked forever... Maybe they're just so full of ideas they can't stop creating... Maybe they'd like to create more, but they just don't have anything else to say...
No copyright law is ever going to magically flood the world with new creative works. No law or financial incentive is going to inspire creativity in somebody with absolutely no talent for creation. It isn't going to force some brilliant artist to take up the brush again just because he needs to eat. There are far easier ways to make a living.
But what it does do is prevent others from expanding on the original creation.
No West Side Story, no Pride and Prejudice and Zombies, no Re-Animator.
And I think Sherlock Holmes is a singularly bad example of this, as there are literally tons of derivative works out there.
You went from the above in your original post, to whistleblower employees playing Spy vs. Spy in your latest. I humored your first reply by pointing out ways that you can actually layer your security to prevent most data protection breaches, instead of resigning yourself to the fact that users prefer to make their passwords "password", and it's not like there's anything you can do about that... But come on, you're kind of changing the subject here... I specifically said that nothing is 100% effective. I realize that cognitive marvels can memorize things. Or write them down on a notepad. I wasn't talking about that, but then neither were you initially.
Yes, actually, I was.
The original subject of this entire thread was, in regards to encryption:
what do you think the hold up is? Are the existing protocols somehow not good enough? Are the protocols fine, but not supported well enough in software? Is it too complicated to manage the various encryption protocols and keys? Is it ignorance or apathy on the part of the IT community, and that we've failed to demand it from our vendors?
To which bugs2squash replied:
encryption alone is not the whole solution
Which eventually resulted in my posting my assent.
I never suggested that encryption was useless. Nor did I suggest that your layered approach has no merit. I stated, instead:
But when you're looking at where to spend money, and what effort is going to get you the most impact, encryption isn't necessarily it.
The weakest link is the people behind the terminals, which I've said over and over again.
You're pointing out one specific person behind a terminal - the sysadmin. And, yes, a lazy sysadmin is going to be a problem. And the solution to a lazy sysadmin isn't going to be throwing hardware and technology at that sysadmin - it's going to be training that sysadmin how to do their job correctly. And if the training succeeds, then that sysadmin will ask you for the appropriate tools to implement whatever security they feel is necessary.
I've just been throwing out one random example after another where technology isn't going to solve the problem for you.
I used the example of convincing a user to click something they shouldn't... I did not mean to suggest that this could only be a trojan on their computer. It could also be as simple as buzzing somebody through a door because they claimed to have left their key/badge/whatever in the car.
I never suggested any kind of spy vs. spy stuff... I pointed out that whistleblowers and corporate espionage have existed since before digital computers... Not to suggest that your layered approach would be useless in the face of such elite hax0rs... But to point out that information has been leaking out of companies since before digital encryption existed.
My whole assertion, from my very first post, is that technology (specifically in the form of encryption, but also in the form of just about any other security product) is not the whole solution. And that in many cases your time and effort is better spent in educating the users of that technology - both the end users reading their mail and the sysadmin running the mail server.
More accurately, the Windows machines of users with Blizzard accounts are compromised left and right as a means to compromise a Blizzard account. The system gets compromised and then phones home with account credentials as users log in.
Sometimes.
There are also frequent cases of an account being shared and one of the "trusted" individuals not being so trustworthy. I've seen it happen more than once myself.
Blizzard combats this with a key chain authenticator. Doesn't stop the machine from being infected but insures that when the user name/password makes it to the wrong hands it is not useful because the attackers don't have the 3rd login credential (which is time sensitive and cryptographically generated by a separate physical device).
The authenticator only adds security if the account belongs to a single user. If multiple people are using the account, intentionally, then they'll be sharing the authenticator as well. Yes, I realize this would mean they'd need physical access to the authenticator. But if one of them decides to sell all the lewtz for money, the authenticator isn't going to stop that.
Nor is an authenticator going to prevent somebody with appropriate access from emptying out a guild's vaults.
No measure or countermeasure is ever 100%, but in your disgruntled employee scenario, if you know what the confidential information is, you could use some mix of Rights Management Software... as well as the blocking of file types (say, .png, .jpg, .gif screenshots) from exiting the internal network... as well as preventing USB drive access, etc... and a lock on the computer case. So now the disgruntled employee would have to walk out the door with the computer
Or press CTRL+P... Or snap a picture with their cell phone... Or write the information down on a post-it note... Or call someone up and read the information off to them over the phone... Or just remember enough important information to share it with someone else...
Again, it might not be 100%, but depending on how many 9's you need to put next to your certainty that no confidential data can leave the network, and how much the business is willing to pay to implement it, you can have a fair amount of data protection. You're definitely not helpless to the whims and malice of your users.
The problem isn't in somehow constraining your data from leaving the network. The problem is in keeping the information from leaving the company.
Corporate espionage and whistleblowers and whatever else existed long before digital computers did.
Which is my whole point - no amount of technology is going to prevent a user from leaking information that they have legitimate access to in the course of their work.
You can reduce the impact of accidental leaks... You can block out viruses and keyloggers and whatnot... You can make it hard for someone who isn't supposed to have access to your data...
But the easiest vector of attack has always been the person behind the terminal.
And implementing all sorts of high-tech security isn't going to make it any harder to exploit that weakest link.
If you can bribe a user, or trick them into clicking something they shouldn't, or convince them to trust you, or whatever - you can get access to their data. Regardless of the security measures put in place.
Too bad you can't fix stupid.
Well... You can't fix stupid with technology. At least not yet.
No amount of software or hardware will protect you from stupidity. But good training can fix stupidity.
In a sense, though, the weakest link is actually the sysadmin, who isn't enforcing appropriate password complexity, length, age, etc... As well as, in a corporate context, not locking-down the network and machine and user profile, so that keylogging executables aren't so much of a problem. Even if the business and/or customers complain about "impact", there's always a way to win the argument for establishing and enforcing IT policies that make sense. You have to be willing to save users from themselves.
Negative.
Say I'm the absolute best sysadmin in the universe. I've got everyone required to use long, complex passwords that they have to change frequently. I've got smartcards and retinal scanners and crazy sci-fi encryption going on. Absolute top-of-the-line security.
And some disgruntled employee decides to share some confidential information with someone he shouldn't.
How am I going to prevent that?
That employee has whatever credentials are necessary to access that information. They have to, because their job requires it. So no amount of passwords and encryption are going to prevent that employee from accessing the information.
The weakest link is always going to be the person sitting in front of the terminal. It doesn't matter how secure your network is... If someone decides to share information that they shouldn't, that information is going to get out.
The Guardian is reporting that Google China is investigating it's staff in lieu of The Incident.
I do not think those words mean what you think they mean.
Everything you do online provides personal information in some way.
That's true... But who are you trying to hide that personal information from? If you're sending everything with HTTPS you're protected from maybe your ISP snooping... Or your network administrator... Or someone in the middle like that...
But the website you're visiting is perfectly free to collect anything and everything it wants. You've just secured the connection between you and the site.
If the bank has a pile of tapes stolen, you're still in trouble. If Google leaks some more documents, you're still in trouble. If Facebook changes their privacy policy again, you're still in trouble. If Amazon shares your purchase history, you're still in trouble. If some advertiser drops a cookie on your system, you're still in trouble. If you get re-directed to a sophisticated phishing site and don't notice it, you're still in trouble.
is not the whole solution.
This.
I'm fairly certain Blizzard uses some kind of encryption on their database. Probably doesn't send passwords in cleartext. But accounts still get compromised left and right. Not because the encryption is failing, but because people set stupid passwords and share them with friends.
The same thing is true of banking websites, and PINs, and logins to the corporate network, and whatever else. The weakest link isn't whether your data/authentication/network/connection/whatever is encrypted... The weakest link is the person sitting in front of the terminal. And as long as you've got users who'll click on random executables and use their kid's name as a password and share their credentials with someone else, encryption isn't really going to get you very far.
Sure, it'd help... It'd be another layer of protection. Another bit of security. I'm not saying that people shouldn't use encryption... But when you're looking at where to spend money, and what effort is going to get you the most impact, encryption isn't necessarily it.
What about the software that interprets the data? The driver to connect the scale to the software? Yeah I bet you could slap together some code in python in a day or two, but it still has to be documented, and verified by the FDA. I'd rather they be too careful, and have a device they can trust, rather than look at some data, notice an anomaly, and dismiss it because "the software is buggy", when in fact it might be significant in that you had a minor stroke and they didn't catch it due to crappy data collection. And then you die. Or are paralyzed. No, I'd rather have the correctly build, specified, and documented devices used on me, thanks. Medical care (quality, not cost/availability)in the US is top notch due to all the checks the FDA has.
You them to be careful, and create a device that they can trust... With FDA oversight and whatnot. Which is, in the case of this article, raising the price from $100 to $18,000.
I understand that you want reliable software and hardware... Usable results...
But I'm suggesting that "good enough" may very well be good enough. If we're talking about a scale, do we really need to spend $10,000 for FDA testing and approval? It measures weight... Can't you pretty much verify that with another scale or two? And if it isn't 100% accurate, is the difference of a half pound here or there going to make that big of a difference?
exactly. the FDA requires significant documentation of the hardware and software along all lines of the R&D, and manufacturing process. which are actively audited by the FDA. documentation, and documentation compliance is a huge chunk (not the largest, but definitely a line item on their accounting paperwork) of their budget.
Seems to me that all this documentation and testing is perhaps not all that necessary for some "medical" devices.
Sure, something that's going to irradiate me to kill tumors or check for broken bones? Go ahead and get it all kinds of FDA tested. Pills? Drugs? Implants? Yeah, let's get those tested too.
A balance board or a scale? I'm thinking it's probably good enough to make sure they read accurately and then call it done. What's the worst that's going to happen if a scale malfunctions? Is anybody going to be killed in a freak balance board accident?
SysRq is the print screen button, and I use it all of the time too. It is cut and paste for me, alt-printscreen (or control-printscreen) then shift-printscreen. Fastest screen paste in the west....
Yup. I don't know that I've ever actually used SysRq for anything... But I use Print Screen all the freaking time.
If they're just going to take off the SysRq text, and leave the key simply labeled Print Screen that's fine... But if they're going to remove the entire key, physically, that's going to be a problem.
It isn't the ending that's going out of style, it's the plot.
The reason we had an ending before, is because we had a plot. There was a beginning a middle and an end. Exposition, rising action, climax, and resolution. These days a lot of games don't have much of a plot.
Instead, you'll have a setting... You're some random soldier in WWII, or a grunt running around World of Warcraft... And there really isn't any exposition or climax or anything like that... It's just kind of a day in the life of...
And that's fine for something like an MMO or a multiplayer-oriented FPS or something...
But I'm starting to see single-player games that don't have much of a plot either. Individual missions/levels/whatever might have some kind of plot to them... Maybe you're trying to keep the enemy from capturing the fuel dump or whatever... But the game as a whole is just kind of a collection of random missions strung together. There isn't any real story being told - other than these are the things that this guy did.
And when you have no overall plot, you can't really have much of an ending.
It'd be much more useful if they printed the minimum battery life on the box. Then I know, no matter what, I'll get at least that much time out of the battery... And if I'm not actually working it that hard, I'll get more.
That would be nice, but given the nature of Lithium-Ion batteries it would still be unrealistic. Anyone who has a laptop or a cell phone knows that after the first few times you use it, the battery loses a great deal of its charge capacity. What I really want to see is how long the battery lasts, after you've been using the machine for a month.
Of course, if they did that.... Especially if they advertised the minimum like I'd want.... Their advertising would look pretty unimpressive. They'd be advertising minimum battery life of 30 minutes or something.
So what they mean is that the laptop will be deciding when it should be fast or slow, with no input from the user? How's this different than the gazillion power management settings we have now (except switching between GPUs of course)?
I am also not sure I like the sentiment of "user-independent" is somehow more beneficial to the user. It sounds too much like the drivel from the RIAA/MPAA: "we will enhance customer value by increasing the price and decreasing what they can do with it."
If you know enough to dig into the power settings and get everything set up just right for your own usage patterns, then this laptop is not aimed at you.
This laptop is aimed at users who don't know enough to configure their own power options. The whole point is that the laptop's hardware will make decent guesses as to the necessary power settings and switch as necessary - hopefully getting you performance when you need it, while still saving power when you don't.
Which can be accomplished right now, if you know what you're doing.
Keep in mind that the quoted number is always for minimal usage.
This always annoys me.
I guess it's good to know how long the battery will last if I do basically nothing... But how long will it last if I'm actually using the wireless to surf the web? Or if I'm playing a game? Or watching a video?
Obviously it'll be less than what's advertised on the box... But how much less?
Of course I can figure this out for myself fairly easily just by trying it out and timing how long the battery lasts. But that doesn't help me much when I'm trying to make a purchasing decision.
It'd be much more useful if they printed the minimum battery life on the box. Then I know, no matter what, I'll get at least that much time out of the battery... And if I'm not actually working it that hard, I'll get more.
Yes, there's been some good rebooots...
And I understand the appeal - if it was popular the first time around, you can assume it'll be popular the second time around...
And from the fan's perspective, it's always good to see more of your favorite shows...
But do we have to keep rebooting everything? How about some new content?
What is wrong with you slashdotters? Not so much you individually, but in general? Every week we have the required slashvertisement for e-ink based displays, and the astroturfers come out and post unbelievable claims about humans eyes being physically unable to gaze upon LCDs, like they're a medusa's head made of silicon.
It would be laughable if read on time.com or something, but its even worse here. Come on, this is slashdot. Supposedly we all spend 16 hours a day gazing into our L C D computer screens doing programming or sysadmining or WOW or Pr0n or slashdot or whatever. I have spent 40 hours a week at work gazing into my "horrible LCD" since the early 2000s, and prior to that I spent at least a decade or so gazing into CRTs. It doesn't hurt. At all. Its actually kind of nice.
Obviously, your mileage will vary...
Myself, I don't generally spend all day long reading text on a screen. I'll read some text, then take a phone call or talk to someone. Then have to leave my desk to go fix a machine. Maybe have to drive somewhere.
When I get home in the evening I might watch something on TV, or I might play a video game... But thatt's not text on a screen either.
On the rare occasions that I do spend all day reading text on a screen, I definitely feel it. It's called eye strain. It doesn't mean that you have an untreated illness any more than your muscles hurting after a strenuous workout means that there's something wrong with you.
I have glasses. I see an optometrist on a fairly regular basis. There is nothing unusually wrong with my eyes.
But the fact of the matter is that eye strain is real.
Reading from a backlit display causes more strain than reading something lit with reflected light.
I agree with your assessment of the Sony device. I shopped around quite a bit recently and I was not impressed with their device. The display refreshed very slowly, the contrast was not good, and the addition of a touchscreen overlay caused odd shadowing.
The lack of a backlight, however, is par for the course. I don't believe any of the ereaders have a backlight, because that would kind of defeat the purpose of a display that uses reflected light.
It is annoying in low-light conditions... I would like to see one with a built-in book light of some sort. Not a back-light, but just a little LED I could flip up to light the thing from the front, like a normal book.
This e-ink stuff is a marketing gimmick to justify charging outrageous prices. If someone would just release a very basic LCD book reader for $19.99 it would probably sell 100,000 units faster than e-ink sellers could sell 100 units. It would probably put the e-ink people out of business, almost overnight.
You have obviously not spent much time reading books on an LCD.
I've been reading ebooks for literally years now. I started out on a Handspring Visor... Then I moved to a Palm m505... Then to a desktop with a CRT, and a laptop with an LCD... And now I've got a nook with an e-ink display.
There is a huge difference.
The first difference is battery life. I can read for about four days on my nook before I feel the need to recharge it. And I could go much longer than that if I'd turn off the wireless. My netbook, by comparison, is good for about a day. My old PDAs were good for about two days, roughly. Whether you like it or not, e-ink draws significantly less power than an LCD does.
The second difference is readability. When I'm reading a novel I'll be looking at text for a good couple of hours at a time. Reading on a backlit display (like most LCDs) causes more eyestrain than reading something that uses reflected light (like a paper book or e-ink display). While you can do a reflectively-lit LCD (my old Handspring did that) there's still the refresh rate and contrast. Ultimately, if I'm going to spend 8+ hours looking at text on a screen, it'll hurt a lot less if it's e-ink.
I got a nook for the holidays.
Had it at work last week, someone noticed it and asked what it was. I told them it was an ereader, for reading books. They then asked if it could play video too. They looked slightly confused when I indicated that it was just for books.
I think there are two major problems with ereaders right now...
First of all, people have come to expect that electronic gadgets can do a bunch of different things. Typically one of those things is video playback. Many MP3 players can also play video. iTunes (ostensibly a music store) sells video. Many cell phones can play music and video. So the idea of a device that basically does just one thing, and doesn't play video, is a little weird.
The second problem is that not all that many people are familiar with the idea of reading novels for entertainment. When I tell someone that the nook is just for reading books, they usually look at me slightly odd.
I don't know if it's possible to actually burn-in an e-ink display or not... I'm thinking probably not, but that's just a guess.
One reason for the screensaver is a very basic privacy measure. Just like closing a book obscures the text within, a screensaver obscures the text you were reading.
As for the power consumption... Changing the image will draw a tiny amount. If the screensaver is anything like the one on my nook, it'll only change the image once in a great while. So the screensaver itself is hardly going to drain anything. A far bigger draw will be leaving the wireless enabled, or keeping the thing in standby/sleep instead of completely powering it off.
The big draw of E-Ink is that it only uses power when doing a page change. Do the color versions mentioned in TFA do that as well? If so, welcome. If not, nice try but fail.
That is a big part of it... But readability is also a huge bonus with e-ink. The fact of the matter is that a backlight is harder on the eyes than simple reflected light. Most of the ereaders advertise that they're as readable as paper books - largely because of the lack of backlight.
what is the point of your own domain name?
A domain name is the thing you type into your browser to find a website, or the bit after the @ in an email address. It generally identifies an organization.
For example, fred@example.com is looking for the user "fred" at the organization "example.com"
In the case of a private individual, there really isn't a whole lot of need for your own domain name. I have my family's name registered... Run a blog there, and a photo gallery, and email for family members... But I'm a geek. Most folks do just fine with an AOL or HOTMAIL or GMAIL address. And that's fine if you're a private individual communicating with your friends and family.
If you're a business however... It's part of how you present your business to the rest of the world. Much like the signage you hang on your building and the ads you run.
Say I'm shopping around for an electrician... One of them suggests I contact "ElectroJoe123@aol.com" and the other suggests I can email "j.smith@electricians.com" - one of those looks far more professional than the other. It's kind of like having a plumber show up to your house in a clean uniform and all the tools he needs, with an air of professionalism and competence. Or having a plumber show up in ripped jeans, covered with grime, constantly muttering to himself and running back to the shop for parts that he forgot.
Of course there's no guarantee that one is better than the other... But when you're shopping around for somebody to hire, appearances matter. All things being equal, I'll hire the professional-looking guy.
Given the cost-cutting trend we've seen in IT over the past decade, would the image of someone that spends additional money/time on unnecessary technology be appealing?
A domain registration costs something like $10/year.
Cheap hosting, if you don't have hardware yourself, costs something like $40/year.
For $50/year you can get yourself a nice, shiny, professional looking email address instead of something @aol.com Which says to me, if they're still using an AOL address, that they just don't care.
If it's somebody's private email address, for friends and family, it really doesn't matter. I've got a GMAIL address I use for such personal communication. But for a business email address, that's really pretty sloppy.
I'm not saying I'll just ignore anybody with an AOL or HOTMAIL email address... But if I'm looking to hire an electrician or something like that, the guy with the AOL address already looks less professional than someone who has their own domain.
I think they're going to have a hard time making that case since so few people will make the connection. Dick is not one of those authors whose works are so familiar to the general public that there is likely to be any mental connection between the average person visiting a T-Mobile store and thinking about buying an Android phone and Do Androids Dream of Electric Sheep.
I might agree with you if they'd named their new phone the Ubik or something like that...
But they chose a reference that the average person just might get - seeing as Blade Runner is a fairly well-known movie.