However, that being said, anyone that hacks medical devices should be taken out and shot
Which is your naive way of saying you don't think there are bad people in the world, and that you don't believe people do malicious things just for the hell of it. I have no such faith in humanity. In fact, I take it as a certainty it will happen.
So, let's ratchet this up a little.
Say, for instance, that the president of country A is known to have a heart problem. Now, say that country B has been the sworn enemy of country A ever since that crushing loss at the Quidditch World Cup in the 1800s.
Now, say that the president of country A is going in for heart surgery in a few months.
Do you really think a determined nation state might not decide that this is a great way to do an assassination? Before you say "of course not, that's silly", I remind you that Stuxnet existed to target and ruin very specific things, which means nation states already do this.
Now, take this to the level of really scary... imagine bored script kiddies can access and muck with medical devices at will just for the lulz.
Because, really, I don't see any reason why these scenarios can't, won't, or haven't already happened.
And while it's been a fairly open secret that medical devices have terrible security for years, now it's been fairly well confirmed publicly that medical devices have utterly terrible security. Which means I think the likelihood of this has moved from "plausible" to "start planning for it".
This should be a wakeup call. It's bad enough every piece of consumer electronics and the entire IoT apparently have crap security, if any at all. But having pretty much every medical device be almost without any form of security is scary.
The teams didn't have time to dive deeply into the vulnerabilities they found, partly because they found so manyâ"defenseless operating systems, generic passwords that couldn't be changed, and so on.
So they're so completely and utterly insecure we can't even tell you how badly insecure most of it is or what we could do with it.
That should be setting off big huge alarm bells for a lot of people, but nobody ever does anything until it's too late.
Like I said putting torrent traffic through TOR only clogs the exit nodes.
Well, then honestly, if TOR is supposed to be your super secret onion-routing so people can't see what you do, and you don't put all of your traffic through it, it's pretty much useless as a security measure.
Because when you only use it for stuff which requires additional security, you give out the information of "I'm not doing anything important now" and "I've just started doing something important".
So, which would you prefer? Clogging the exit nodes, or broadcasting when you switch from "normal" traffic to "secure" traffic?
This may be a real-world limitation of TOR, but from a security perspective, this kind of thing should be used all the time, just like encryption.
Because when you don't use it, you leak additional information about how and when you DO use it -- and you reinforce that people are only using TOR and encryption to do shady things, and the assholes who don't want you to have this will keep trying to outlaw it on the basis that it is only used for shady things.
Even if you never do shady things, or things you want to do with a little extra security, only using these things some of the time really does defeat the purpose, and undermines why you should be free to use it in the first place.
Are you honesty suggesting people should only use Tor when they're doing something shady? Because that would be stupid.
See, things like encryption, the goal is to use it all the time, and deny anybody the ability to differentiate when you're doing something you feel needs some extra security.
It is legal to use Tor, as such, there is no reason why you wouldn't use it for everything just to send a big "fuck you" to the people who want to snoop on you. That the people who spy on you would prefer you didn't use it is too fucking bad.
This is why we need more and more things which are doing encryption by default, because if you only use it for things you don't want to be caught doing you send a big giant beacon when you are doing things you don't want to get caught doing.
If everyone was using this kind of stuff all the time, the people who want to track everything you do would be denied a LOT of information, for the simple fact that they'd have less information about how it's being used and when.
In fairness, there is no standard of evidence to be put on these lists. Damned near anybody in law enforcement can put someone on a list, just because they feel like it or have a hunch, or because they don't like you.
And then you're on a list managed by idiots who have no real idea why you're on the list. Then the idiocy becomes self-fulfilling, because if you're on the list, it must be for a reason.
If you are on a list, there is a very good chance the people who maintain that list have no idea why. Which means without evidence, documentation, or recourse your life can get somewhat screwed up, and the idiots who maintain the list don't know or care how you got there; which means there's not a damned thing you can do to fix it.
Really, as long as it's so trivial to put people on the list, there's probably tons of people who are there for no reason at all.
This whole bullshit notion of you have nothing to fear if you have nothing to hide is just that... bullshit. If using Tor is enough to get you on a watchlist, the people who run those lists are idiots, and ignoring things like evidence and probable cause.
Hell hath no fury like a nerd whose favorite feature is being removed.
It's amazing to read the bugzilla thing and see just how vocal people are about "ZOMG, teh themes, teh world are ending".
I'm betting a stunningly small amount of the entire Mozilla user base gives a crap.
I'm pretty sure an old receptionist we used to have will be heart-broken, because if she wasn't getting a virus on her computer by downloading themes and other crap, she wasn't happy -- because apparently being able to have dinosaur cursors and cat themes was an integral part of her job. That and making sure her emails looks utterly hideous and unreadable.
And reading the comments on the bugzilla thread, apparently losing themes would ruin the lives of people who have nothing better to do than make their browser look like Iron Man took a dump on their monitor.
Can I get a version which doesn't have social network tie-ins, isn't a mail client, doesn't have its own chat, make it easy to block ads and other crap, doesn't spy on me, and doesn't otherwise think it's going to be the center of my damned universe?
Because that would be awesome.
Probably never gonna happen, but it would be awesome.
When entity A punishes group B because entity A disagrees with entity C... then, yes, I'm afraid "asshole" is how I would interpret that.
Going all "boo hoo, I'm taking my ball and going home" is pretty much the epitome of childish.
Please, shove your liberal and conservative crap up your ass, because I really don't care.
I rank this right up with "no black people can use my software because I dislike Jamie Foxx". It's stupid, petulant, and childish. I don't much care what the issue is.
$ file jetpack.png jetpack.png: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, not stripped
This bears pointing out.
UNIX systems have used "magic" for decades, and try to identify based on the actual file contents instead of its name.
And then Microsoft came along, decided the extension was magic and reliable, and then also decided to hide well known extensions (which created new problems).
Relying on the file name has pretty much always been a terrible way of dealing with this. Because it became exactly how things targeted people -- because calling.gif.exe hid the.exe part, and people thought it was a.gif.
Trusting a file name for an operating system to take action has pretty much always been a terrible idea. But, historically, Microsoft has been more focused on dumbing down the system than making it more secure.
The real question here is who is being more immature, the researcher or the publisher.
The researcher has decided to act like a childish asshole.
The publisher has said "unfortunately, due to your stupid manifesto we can no longer carry this paper because it violates our policy".
This guy is perfectly allowed to go all crazy and issue his manifesto of "you can't use my stuff". That doesn't mean that other entities are required to keep hosting his stuff.
The publisher is following a policy, and the people who wrote the paper agree.
This breaches the journalâ(TM)s editorial policy on software availability [2] which has been in effect since the time of publication. The other authors of the article, Arndt von Haeseler and Korbinian Strimmer, have no control over the licensing of the software and support the retraction of this article.
So, really, the only one acting immature is the childish idiot who has decided he's taking his ball and going home, and making up random rules about who can use his software.
But he can own that decision and the consequences.
This isn't two wrongs making a right, this is an idiot living with the real world consequences of being an idiot.
If you gave it enough resources, it wasn't bad. The machine I had it on was a quad-core machine with 8GB of RAM I'd bought at the end of 2008. Honestly, with a decent amount of resources on it, it was stable, solid, and didn't really have much in the way of pain points.
I actually was fairly happy with it over the life of the computer. If I hadn't started having hardware failures, I'd probably still be running it.
I honestly don't share the same experience of it being so awful. UAT makes perfect sense to me, and I didn't generally find it came up even daily, because I wasn't doing stuff that needed admin permissions daily.
Of course, now I'm stuck trying to fend off Microsoft deciding that, no, I don't really want the Windows 8.1 machine I bought as they try to shove Windows 10 up my ass.
I specifically bought 8.1 before the whole Windows 10 crap. Because I'm not interested in having Microsoft deciding it's their computer and they're only letting me use it.
Anyone left running Vista is an old Grandma that bought a laptop 7 years ago, and doesn't have any family that visits to notice the problem.
Right, and Grandma being able to afford a new laptop, or have it as a priority is a given, right?
Maybe Grandma thinks stuff is supposed to last for more than 7 years, and her fixed income doesn't leave a lot of room to buy a new damned laptop?
I suspect the people still running Vista are doing so because they don't have a whole lot of choice. There's tons of people for whom replacing their computer is a luxury they can't afford.
Such action is a violation of our trust and basic guidelines for ethical research.
I can't speak for the researchers, but essentially agencies like the FBI are long past trust and ethics.
They don't give a crap what the law says, they just do what they want. From illegal and overly broad surveillance to formalized perjury in the form of "Parallel Construction" -- modern police forces have decided they don't give a fuck what we think is legal, and think whatever they do is legal because they say so.
They don't give a damn about pesky little things like warrants.
Any government that has/demands authority needs to recognize that citizens demand accountability as that is the only way to prevent abuse of said power.
I'd say that isn't historically true, and definitely isn't true of a lot of governments today.
Even the supposed "free" Western "democracies" have decided they don't give a crap what citizens say about certain things. They want to operate in the dark shadows and not have any scrutiny.
Just imagine what the rest of the governments in the world do.
Abusing their power and claiming it's for our own good seems to have replaced any form of accountability. And the spy agencies are increasingly refusing to be accountable to the people who are supposed to oversee them.
Basically they want to claim the laws don't apply, they can do anything they wish, and there's nothing we can do about it.
Accountability is now a quaint notion, but increasingly it's not reality. The illusion of accountability, or the claim that they can't protect us and be accountable to us.
Those redundant tasks include 'analyzing reports and data to inform operational decisions; preparing staff assignments; and reviewing status reports,'
You mean using a ouija board and sheer dumb luck to manage a corporation?
Because, really, just how many short term strategies have we all seen the CEO announce only to see them not work? How many bad acquisitions or other bad decisions?
CEOs act like they do Really Important and Difficult Things. Watching major corporations who have been through several CEOs who haven't achieved the desired outcomes tells me this probably isn't true.
Tie a CEOs pay to his actual measurable results, and I might believe it. Right now, they're just high level strategists and salesmen, who may or may not make good choices, which may or may not have good outcomes.
Of course, the USB can probably cache more than the floppy can hold, and can definitely move it around a lot faster.
My brain hurts, this is like a laser-guided carrier pigeon. You could transmit more with the laser in less time.
One does wonder what people are using floppies for. There's probably some things without which society would collapse still relying on floppies. And that should scare the heck out of us.
In the old days they would hire some kid out of high school and TRAIN HIM. What the hell happened to that?
What are you, some kind of communist?
Workers are to be cast aside as soon as they become inconvenient or expensive. If you're not evicting little old ladies and shooting puppies, you're not trying hard enough.
How do you expect to maximize shareholder value (and therefore executive bonuses) if you have to act like humans?
America has reached the point where "asshole capitalism" is the expected norm, and is almost a religion unto itself. Everything else is irrelevant.
Go find another job and give the company the finger.
Companies don't want that, which is why the H1Bs work the way they do... because that's what industry wanted.
If they're using an H1B to fill jobs they can't find people for, wages should be going up. Instead they're bringing in cheaper labor to drive down American salaries and displace Americans.
If those people had any ability to fight back or demand more, they just might. This way they're exactly what they're supposed to be.. cheap labor with fewer rights.
Seriously, this didn't happen by accident. It was bought and paid for by industry.
I heard a movie reviewer last week saying a new Bond film was a lot like an election; that it was impervious to reviews.
Because, like an election, a good portion of people are going to see the movie no matter what some reviewer says. The reviewer cannot influence their decision.
At the end of the day, if the movie makes money and the critics hate it... well, the critics have an opinion, and the movie going public may not care.
Sorry, but do we still believe reviewers are honest, objective, and tell us all of these things?
Aren't they basically put under a gag order, told they can't release reviews early, and pretty much told they won't get access to future games if they give a bad review?
I was kind of under the impression game reviewers have been glossing over crap like this for years.
And if I'm aware of it, it's gotta be a pretty open secret. Because I don't read video game reviews, because I don't buy brand-new releases.
From the sounds of it, game companies are now so reliant on shipping a broken product and then patching it later, getting a new release is like being the beta testers.
Slashdot Mirror
Which is your naive way of saying you don't think there are bad people in the world, and that you don't believe people do malicious things just for the hell of it. I have no such faith in humanity. In fact, I take it as a certainty it will happen.
So, let's ratchet this up a little.
Say, for instance, that the president of country A is known to have a heart problem. Now, say that country B has been the sworn enemy of country A ever since that crushing loss at the Quidditch World Cup in the 1800s.
Now, say that the president of country A is going in for heart surgery in a few months.
Do you really think a determined nation state might not decide that this is a great way to do an assassination? Before you say "of course not, that's silly", I remind you that Stuxnet existed to target and ruin very specific things, which means nation states already do this.
Now, take this to the level of really scary ... imagine bored script kiddies can access and muck with medical devices at will just for the lulz.
Because, really, I don't see any reason why these scenarios can't, won't, or haven't already happened.
And while it's been a fairly open secret that medical devices have terrible security for years, now it's been fairly well confirmed publicly that medical devices have utterly terrible security. Which means I think the likelihood of this has moved from "plausible" to "start planning for it".
This should be a wakeup call. It's bad enough every piece of consumer electronics and the entire IoT apparently have crap security, if any at all. But having pretty much every medical device be almost without any form of security is scary.
So they're so completely and utterly insecure we can't even tell you how badly insecure most of it is or what we could do with it.
That should be setting off big huge alarm bells for a lot of people, but nobody ever does anything until it's too late.
Well, then honestly, if TOR is supposed to be your super secret onion-routing so people can't see what you do, and you don't put all of your traffic through it, it's pretty much useless as a security measure.
Because when you only use it for stuff which requires additional security, you give out the information of "I'm not doing anything important now" and "I've just started doing something important".
So, which would you prefer? Clogging the exit nodes, or broadcasting when you switch from "normal" traffic to "secure" traffic?
This may be a real-world limitation of TOR, but from a security perspective, this kind of thing should be used all the time, just like encryption.
Because when you don't use it, you leak additional information about how and when you DO use it -- and you reinforce that people are only using TOR and encryption to do shady things, and the assholes who don't want you to have this will keep trying to outlaw it on the basis that it is only used for shady things.
Even if you never do shady things, or things you want to do with a little extra security, only using these things some of the time really does defeat the purpose, and undermines why you should be free to use it in the first place.
Are you honesty suggesting people should only use Tor when they're doing something shady? Because that would be stupid.
See, things like encryption, the goal is to use it all the time, and deny anybody the ability to differentiate when you're doing something you feel needs some extra security.
It is legal to use Tor, as such, there is no reason why you wouldn't use it for everything just to send a big "fuck you" to the people who want to snoop on you. That the people who spy on you would prefer you didn't use it is too fucking bad.
This is why we need more and more things which are doing encryption by default, because if you only use it for things you don't want to be caught doing you send a big giant beacon when you are doing things you don't want to get caught doing.
If everyone was using this kind of stuff all the time, the people who want to track everything you do would be denied a LOT of information, for the simple fact that they'd have less information about how it's being used and when.
It's not pointless, not even a little.
In fairness, there is no standard of evidence to be put on these lists. Damned near anybody in law enforcement can put someone on a list, just because they feel like it or have a hunch, or because they don't like you.
And then you're on a list managed by idiots who have no real idea why you're on the list. Then the idiocy becomes self-fulfilling, because if you're on the list, it must be for a reason.
If you are on a list, there is a very good chance the people who maintain that list have no idea why. Which means without evidence, documentation, or recourse your life can get somewhat screwed up, and the idiots who maintain the list don't know or care how you got there; which means there's not a damned thing you can do to fix it.
Really, as long as it's so trivial to put people on the list, there's probably tons of people who are there for no reason at all.
This whole bullshit notion of you have nothing to fear if you have nothing to hide is just that ... bullshit. If using Tor is enough to get you on a watchlist, the people who run those lists are idiots, and ignoring things like evidence and probable cause.
Fascists just love things like that.
Does "basically want Chrome then" mean "don't want a browser which tries to put 10 pounds of shit in a 5 pound bag"?
Because the answer is overwhelmingly "oh hell yes".
If Firefox is differentiating itself by adding features most people don't want or use, they're doing it wrong.
So many features added to browsers these days leave me immediately thinking "How do I disable this crap?".
Hell hath no fury like a nerd whose favorite feature is being removed.
It's amazing to read the bugzilla thing and see just how vocal people are about "ZOMG, teh themes, teh world are ending".
I'm betting a stunningly small amount of the entire Mozilla user base gives a crap.
I'm pretty sure an old receptionist we used to have will be heart-broken, because if she wasn't getting a virus on her computer by downloading themes and other crap, she wasn't happy -- because apparently being able to have dinosaur cursors and cat themes was an integral part of her job. That and making sure her emails looks utterly hideous and unreadable.
And reading the comments on the bugzilla thread, apparently losing themes would ruin the lives of people who have nothing better to do than make their browser look like Iron Man took a dump on their monitor.
I'm definitely in favor of hacking out the bloat.
Can I get a version which doesn't have social network tie-ins, isn't a mail client, doesn't have its own chat, make it easy to block ads and other crap, doesn't spy on me, and doesn't otherwise think it's going to be the center of my damned universe?
Because that would be awesome.
Probably never gonna happen, but it would be awesome.
When entity A punishes group B because entity A disagrees with entity C ... then, yes, I'm afraid "asshole" is how I would interpret that.
Going all "boo hoo, I'm taking my ball and going home" is pretty much the epitome of childish.
Please, shove your liberal and conservative crap up your ass, because I really don't care.
I rank this right up with "no black people can use my software because I dislike Jamie Foxx". It's stupid, petulant, and childish. I don't much care what the issue is.
This bears pointing out.
UNIX systems have used "magic" for decades, and try to identify based on the actual file contents instead of its name.
And then Microsoft came along, decided the extension was magic and reliable, and then also decided to hide well known extensions (which created new problems).
Relying on the file name has pretty much always been a terrible way of dealing with this. Because it became exactly how things targeted people -- because calling .gif.exe hid the .exe part, and people thought it was a .gif.
Trusting a file name for an operating system to take action has pretty much always been a terrible idea. But, historically, Microsoft has been more focused on dumbing down the system than making it more secure.
Corporations apparently can, and do it all the time.
Many of us disagree you should be able to change the terms of a license retroactively or at all.
But since corporations have apparently bought the right to do it, why not crazy idiots?
The researcher has decided to act like a childish asshole.
The publisher has said "unfortunately, due to your stupid manifesto we can no longer carry this paper because it violates our policy".
This guy is perfectly allowed to go all crazy and issue his manifesto of "you can't use my stuff". That doesn't mean that other entities are required to keep hosting his stuff.
The publisher is following a policy, and the people who wrote the paper agree.
So, really, the only one acting immature is the childish idiot who has decided he's taking his ball and going home, and making up random rules about who can use his software.
But he can own that decision and the consequences.
This isn't two wrongs making a right, this is an idiot living with the real world consequences of being an idiot.
I ran it up until January of this year.
If you gave it enough resources, it wasn't bad. The machine I had it on was a quad-core machine with 8GB of RAM I'd bought at the end of 2008. Honestly, with a decent amount of resources on it, it was stable, solid, and didn't really have much in the way of pain points.
I actually was fairly happy with it over the life of the computer. If I hadn't started having hardware failures, I'd probably still be running it.
I honestly don't share the same experience of it being so awful. UAT makes perfect sense to me, and I didn't generally find it came up even daily, because I wasn't doing stuff that needed admin permissions daily.
Of course, now I'm stuck trying to fend off Microsoft deciding that, no, I don't really want the Windows 8.1 machine I bought as they try to shove Windows 10 up my ass.
I specifically bought 8.1 before the whole Windows 10 crap. Because I'm not interested in having Microsoft deciding it's their computer and they're only letting me use it.
Sorry, I paid for it. My computer.
Right, and Grandma being able to afford a new laptop, or have it as a priority is a given, right?
Maybe Grandma thinks stuff is supposed to last for more than 7 years, and her fixed income doesn't leave a lot of room to buy a new damned laptop?
I suspect the people still running Vista are doing so because they don't have a whole lot of choice. There's tons of people for whom replacing their computer is a luxury they can't afford.
Crocnado!!
Zombie Crocodiles!
Mega Croc vs Mecha Croc!
Mega Croc vs Godzilla!
Super Croc!
Attack of the Jurassic Croc!
Two Headed Croc Attack!
I for one welcome our new Crocodile Prison Guard overlords.
I can't speak for the researchers, but essentially agencies like the FBI are long past trust and ethics.
They don't give a crap what the law says, they just do what they want. From illegal and overly broad surveillance to formalized perjury in the form of "Parallel Construction" -- modern police forces have decided they don't give a fuck what we think is legal, and think whatever they do is legal because they say so.
They don't give a damn about pesky little things like warrants.
I'd say that isn't historically true, and definitely isn't true of a lot of governments today.
Even the supposed "free" Western "democracies" have decided they don't give a crap what citizens say about certain things. They want to operate in the dark shadows and not have any scrutiny.
Just imagine what the rest of the governments in the world do.
Abusing their power and claiming it's for our own good seems to have replaced any form of accountability. And the spy agencies are increasingly refusing to be accountable to the people who are supposed to oversee them.
Basically they want to claim the laws don't apply, they can do anything they wish, and there's nothing we can do about it.
Accountability is now a quaint notion, but increasingly it's not reality. The illusion of accountability, or the claim that they can't protect us and be accountable to us.
You mean using a ouija board and sheer dumb luck to manage a corporation?
Because, really, just how many short term strategies have we all seen the CEO announce only to see them not work? How many bad acquisitions or other bad decisions?
CEOs act like they do Really Important and Difficult Things. Watching major corporations who have been through several CEOs who haven't achieved the desired outcomes tells me this probably isn't true.
Tie a CEOs pay to his actual measurable results, and I might believe it. Right now, they're just high level strategists and salesmen, who may or may not make good choices, which may or may not have good outcomes.
Probably not very common, but a little googling got me here pretty fast.
Again, probably not very common, but not impossible.
Of course, the USB can probably cache more than the floppy can hold, and can definitely move it around a lot faster.
My brain hurts, this is like a laser-guided carrier pigeon. You could transmit more with the laser in less time.
One does wonder what people are using floppies for. There's probably some things without which society would collapse still relying on floppies. And that should scare the heck out of us.
What are you, some kind of communist?
Workers are to be cast aside as soon as they become inconvenient or expensive. If you're not evicting little old ladies and shooting puppies, you're not trying hard enough.
How do you expect to maximize shareholder value (and therefore executive bonuses) if you have to act like humans?
America has reached the point where "asshole capitalism" is the expected norm, and is almost a religion unto itself. Everything else is irrelevant.
Companies don't want that, which is why the H1Bs work the way they do ... because that's what industry wanted.
If they're using an H1B to fill jobs they can't find people for, wages should be going up. Instead they're bringing in cheaper labor to drive down American salaries and displace Americans.
If those people had any ability to fight back or demand more, they just might. This way they're exactly what they're supposed to be .. cheap labor with fewer rights.
Seriously, this didn't happen by accident. It was bought and paid for by industry.
Now, show of hands ... who the hell is surprised to find out that this whole thing is being misused? Anyone?
The whole bloody point is to drive down wages and replace American workers.
Anybody who tells you otherwise is lying to you.
How anybody could possibly be shocked at this 'revelation' is mind boggling.
I heard a movie reviewer last week saying a new Bond film was a lot like an election; that it was impervious to reviews.
Because, like an election, a good portion of people are going to see the movie no matter what some reviewer says. The reviewer cannot influence their decision.
At the end of the day, if the movie makes money and the critics hate it ... well, the critics have an opinion, and the movie going public may not care.
Sorry, but do we still believe reviewers are honest, objective, and tell us all of these things?
Aren't they basically put under a gag order, told they can't release reviews early, and pretty much told they won't get access to future games if they give a bad review?
I was kind of under the impression game reviewers have been glossing over crap like this for years.
And if I'm aware of it, it's gotta be a pretty open secret. Because I don't read video game reviews, because I don't buy brand-new releases.
From the sounds of it, game companies are now so reliant on shipping a broken product and then patching it later, getting a new release is like being the beta testers.
Oh, OK. I didn't know that.
Thanks! I've always assumed it was intrinsic.