It isn't nesscarily an oxymoron. There are quite legitimate reasons why a person might want to put themselves on an email list. Particularly ones that function as newsletters.
I hate it too, but yes it is now considered socially-acceptable to harvest info from your readers via "bugged" images.
About a year ago I was talking to a local party official about this, after I discovered the local party was doing this with its email list. He's a nice guy, but everyone who works there including himself is a volunteer, and none of them are particularly computer-saavy.
I tried to explain to him that that kind of harvesting is a Bad Thing, but I don't think I had much success. Email is about all of the internet he's ever been exposed to, so if he spends a lot of (scarce) local party money on a software tool based on all the nifty stuff the salescritters tell him he can do with it, and all his peers are using it or packages just like it, its going to take a lot more than one yahoo off the street to convince him there's an ethical problem with that.
Most folks don't have a clue about this kind of thing, and frankly there are more marketeers telling them its OK than there are knowledgable geeks telling them it isn't. I'm afraid we are going to lose this one. Harvesting info via embedded pictures has become standard operating procedure.
If you already have a working FTP server and are just looking to take the latest update, wouldn't it be more sensible to just do a source diff before you compile? Not only would that show you the trojan almost instantly, but it would also show you if there are any other changes to important bits of functionality that might cause you trouble. The latter seems far more likely.
I'm not "twisting the meaning" of anything. You said "take your guns away", and near as I can tell that law didn't take a gun away from anyone.
I hope I did not wake up in some bizzarro-world where insisting on factual accuracy is "twisting the meaning", whereas the origianal inaccuracy is somehow not.
I'd agree with that too, if there was any way of keeping those same companies from turning right around and soaking the rest of us for the entire cost (plus fees). Sadly, there is not, and that's exactly what they do. That's why health care costs in this country are soaring along with the number of uninsured. It isn't a coincidence.
So the extra tax penalty is just a way to encourage folks to do something that will stop this vicious cycle. Without it, there's nothing at all dicouraging current trends from continuing.
If you really wanted to, you could look at any tax incentive the government puts in the code as a "government requirement to buy something", be it a house, electric cars, or more children. Nobody rails against the governement unconstitutionally "requiring" them to have children by making filers without children pay more, because that would be stupid. Yet somehow this moronicity gets a pass when its something you can attack Democrats with.
This surprises me. There has actually appeared on one of your ballots the name of a Democrat who wants to take away guns from Law-abiding citizens who already legally own them? I know the Republican noise machine (the folks paid to keep people voting for those mega-corporation lovers you bemoan) likes to claim all Dems are that way, but they'd say anything, wouldn't they? I've never had such a person appear on any of my ballots. I'd certianly be unlikely to vote for them if they did.
Wait, the Republicans are dead-set against that too. Now I'm way confused...
That's really kind of a contorted way to look at things in order to make Mitt Romney-style health care setups look evil though.
I'm not a huge fan of the fine myself, but I think it makes sense. If you are not going to buy insurance at all, that means whenever you (or a certian percentage of folks like you) get really sick (which is more likely, since you'll be avoiding those full-price doctors), you'll end up at a really expensive emergency room, since they can't legally deny you treatment. Then you'll most likely declare bankrupcy when you get the >$10,000 bill, effectively sticking *me* and everyone else with insurance with your bill. It seems perfectly fair to me for there to be an extra fee on *your* tax bill to recoup some of the extra costs you will be incurring.
So if I jaywalk, someone else slows his car down a bit, and a Butterfly Effect ensues that causes a civil war in Sierra Leone, I can be charged with war crimes?
...or perhaps Comcast could just accept that they are in a business where they will be required to constantly upgrade their capacity in order to keep up with advances in technology, and price their services accordingly. Nobody forced them to become an ISP.
Yeah, that's what I was looking at when I wrote that.
In retrospect, I guess I should have gone with the funny, but the thought of someone else modding it up as insightful and it forever sitting around at +5 Insightful was just too ugly to contemplate...
Onboard audio always puts out white noise to the speakers, which you really can hear in a quiet environment.
So basically, as long as I have a wife and three kids in the house, I might as well not bother. But all you folks living in your parents' basement can really hear the difference.
Actually, most of my managers through my career have been women. I've had lots of crappy ones and I've had a few great ones. Pretty much just like the men. The good ones get promoted quickly, and the crappy ones stay at the bottom.:-(
It was a pretty natural mistake, considering that the writer referred to the other party this way:
this woman -- Monica
Typical usage when you and your readers both aren't familiar with the person in question would be to use either their full name, or their last name and a title like "Ms." or "Dr.". Refusing to use the person's last name is a fairly typical tactic to try to diminish the authority of somebody who happens to be female. Essentially you are repeatedly calling attention to the person's gender, like you believe that is relevant information in understanding the situation. If you are a bit slow and aren't picking up that nuance, the "this woman" makes sure to beat you upside the head once with it.
Of course either gender can be jerks like that, but it is pretty stupid to bring gender into it if doing so also hurts you (assuming it hurts anyone). So the natural assumption is that the writer was not female. Our bad for assuming intelligence out of somebody dim enough to get themselves into this kind of pickle in the first place.
The main part of this that is appalling to me is that they would have software that controls centrifuges available on a network where it could get infected by a wild virus. Although perhaps the virus was instead inserted manually. All you'd need would be a few collaborators (or dupes) in the right places....
The virus actually contained a rootkit for their PLC's (sort of quasi-intelligent I/O gathering devices), which is a first for a virus. There are so many different ones out there, how did they know which ones to code for? It looks like someone had to physically steal the plans. (!) Then the infected network waited for code updates from the virus authors (spread via P2P on the infected network). Wow.
Also, I was correct that the target machines are not networked. It got around that by spreading itself to them from infected machines via removable media.
There's no way somebody just threw something like this together on a whim. At the absolute least they had to have very good intelligence about what their targetted networks look like, and could build a good mock-up copy of that network (reconfigurable for various setups) for testing. So it has to be someone whose intelligence service has penetrated Iran. That rules out damn near everybody save one or two suspects...
Here's the relevant section, for those who have read this far:
Industrial control systems (ICS) are operated by a specialized assembly like code on programmable logic controllers (PLCs). The PLCs are often programmed from Windows computers not connected to the Internet or even the internal network. In addition, the industrial control systems themselves are also unlikely to be connected to the Internet.
First, the attackers needed to conduct reconnaissance. As each PLC is configured in a unique manner, the attackers would first need the ICS’s schematics. These design documents may have been stolen by an insider or even retrieved by an early version of Stuxnet or other malicious binary. Once attackers had the design documents and potential knowledge of the computing environment in the facility, they would develop the latest version of Stuxnet. Each feature of Stuxnet was implemented for a specific reason and for the final goal of potentially sabotaging the ICS.
Attackers would need to setup a mirrored environment that would include the necessary ICS hardware, such as PLCs, modules, and peripherals in order to test their code. The full cycle may have taken six months and five to ten core developers not counting numerous other individuals, such as quality assurance and management.
In addition their malicious binaries contained driver files that needed to be digitally signed to avoid suspicion. The attackers compromised two digital certificates to achieve this task. The attackers would have needed to obtain the digital certificates from someone who may have physically entered the premises of the two companies and stole them, as the two companies are in close physical proximity.
To infect their target, Stuxnet would need to be introduced into the target environment. This may have occurred by infecting a willing or unknowing third party, such as a contractor who perhaps had access to the facility, or an insider. The original infection may have been introduced by removable drive.
Once Stuxnet had infected a computer within the organization it began to spread in search of Field PGs, which are typical Windows computers but used to program PLCs. Since most of these computers are non-networked, Stuxnet would first try to spread to other computers on the LAN through a zero-day vulnerability, a two year old vulnerability, infecting Step 7 projects, and through removable drives. Propagation through
Presumably Green Hills put a lot of work into that OS to make it secure (probably with the incentive of getting sold on government contracts with security requirements). It should be known however that your typical RTOS (eg: Green Hill's much more common vxWorks) is not like that. They generally operate like old 16-bit user OS's, where every application shares the same memory space, even the OS calls. So RTOS is typically an antonym for "secure".
The main part of this that is appalling to me is that they would have software that controls centrifuges available on a network where it could get infected by a wild virus. Although perhaps the virus was instead inserted manually. All you'd need would be a few collaborators (or dupes) in the right places....
So? I'd wager that about that percentage of crowbar use is for helping to remove flat tires from cars, the rest being nefarious. After all, your typical tire-iron crowbar sits in a trunk gathering dust until needed. But when you need one for legal purposes, you really need it. So should we arrest anyone found with a crowbar in their hands, no matter what the reason?
Slashdot Mirror
It isn't nesscarily an oxymoron. There are quite legitimate reasons why a person might want to put themselves on an email list. Particularly ones that function as newsletters.
I hate it too, but yes it is now considered socially-acceptable to harvest info from your readers via "bugged" images.
About a year ago I was talking to a local party official about this, after I discovered the local party was doing this with its email list. He's a nice guy, but everyone who works there including himself is a volunteer, and none of them are particularly computer-saavy.
I tried to explain to him that that kind of harvesting is a Bad Thing, but I don't think I had much success. Email is about all of the internet he's ever been exposed to, so if he spends a lot of (scarce) local party money on a software tool based on all the nifty stuff the salescritters tell him he can do with it, and all his peers are using it or packages just like it, its going to take a lot more than one yahoo off the street to convince him there's an ethical problem with that.
Most folks don't have a clue about this kind of thing, and frankly there are more marketeers telling them its OK than there are knowledgable geeks telling them it isn't. I'm afraid we are going to lose this one. Harvesting info via embedded pictures has become standard operating procedure.
If you already have a working FTP server and are just looking to take the latest update, wouldn't it be more sensible to just do a source diff before you compile? Not only would that show you the trojan almost instantly, but it would also show you if there are any other changes to important bits of functionality that might cause you trouble. The latter seems far more likely.
I'm not "twisting the meaning" of anything. You said "take your guns away", and near as I can tell that law didn't take a gun away from anyone.
I hope I did not wake up in some bizzarro-world where insisting on factual accuracy is "twisting the meaning", whereas the origianal inaccuracy is somehow not.
I'd agree with that too, if there was any way of keeping those same companies from turning right around and soaking the rest of us for the entire cost (plus fees). Sadly, there is not, and that's exactly what they do. That's why health care costs in this country are soaring along with the number of uninsured. It isn't a coincidence.
So the extra tax penalty is just a way to encourage folks to do something that will stop this vicious cycle. Without it, there's nothing at all dicouraging current trends from continuing.
If you really wanted to, you could look at any tax incentive the government puts in the code as a "government requirement to buy something", be it a house, electric cars, or more children. Nobody rails against the governement unconstitutionally "requiring" them to have children by making filers without children pay more, because that would be stupid. Yet somehow this moronicity gets a pass when its something you can attack Democrats with.
This surprises me. There has actually appeared on one of your ballots the name of a Democrat who wants to take away guns from Law-abiding citizens who already legally own them? I know the Republican noise machine (the folks paid to keep people voting for those mega-corporation lovers you bemoan) likes to claim all Dems are that way, but they'd say anything, wouldn't they? I've never had such a person appear on any of my ballots. I'd certianly be unlikely to vote for them if they did.
Wait, the Republicans are dead-set against that too. Now I'm way confused...
That's really kind of a contorted way to look at things in order to make Mitt Romney-style health care setups look evil though.
I'm not a huge fan of the fine myself, but I think it makes sense. If you are not going to buy insurance at all, that means whenever you (or a certian percentage of folks like you) get really sick (which is more likely, since you'll be avoiding those full-price doctors), you'll end up at a really expensive emergency room, since they can't legally deny you treatment. Then you'll most likely declare bankrupcy when you get the >$10,000 bill, effectively sticking *me* and everyone else with insurance with your bill. It seems perfectly fair to me for there to be an extra fee on *your* tax bill to recoup some of the extra costs you will be incurring.
So if I jaywalk, someone else slows his car down a bit, and a Butterfly Effect ensues that causes a civil war in Sierra Leone, I can be charged with war crimes?
...or perhaps Comcast could just accept that they are in a business where they will be required to constantly upgrade their capacity in order to keep up with advances in technology, and price their services accordingly. Nobody forced them to become an ISP.
If you can't stand either MS or patents, who do you root for here?"
The only side certain to win this.
The lawyers?
Yeah, that's what I was looking at when I wrote that.
In retrospect, I guess I should have gone with the funny, but the thought of someone else modding it up as insightful and it forever sitting around at +5 Insightful was just too ugly to contemplate...
Onboard audio always puts out white noise to the speakers, which you really can hear in a quiet environment.
So basically, as long as I have a wife and three kids in the house, I might as well not bother. But all you folks living in your parents' basement can really hear the difference.
Ack. I have mod points, but I can't decide if I should mod this "funny", and there's no "-1 scary".
After extended use, an ice touchscreen would probably become a bit pitted. I see a nice new market for Zamboni!
Dick Cheney tried that and failed.
Worried about spoilers, eh?
SCCS was the first thing I looked for on his chart, so I was as disappointed as you.
However, the article itself does mention SCCS quite a bit. Just not on a topic by itself.
We're still using VSS here in 2010. We have the crown jewels of a 4000+ person company with 20 sites worldwide "protected" by it.
I'm taking donations into my pity jar.
Actually, most of my managers through my career have been women. I've had lots of crappy ones and I've had a few great ones. Pretty much just like the men. The good ones get promoted quickly, and the crappy ones stay at the bottom. :-(
It was a pretty natural mistake, considering that the writer referred to the other party this way:
this woman -- Monica
Typical usage when you and your readers both aren't familiar with the person in question would be to use either their full name, or their last name and a title like "Ms." or "Dr.". Refusing to use the person's last name is a fairly typical tactic to try to diminish the authority of somebody who happens to be female. Essentially you are repeatedly calling attention to the person's gender, like you believe that is relevant information in understanding the situation. If you are a bit slow and aren't picking up that nuance, the "this woman" makes sure to beat you upside the head once with it.
Of course either gender can be jerks like that, but it is pretty stupid to bring gender into it if doing so also hurts you (assuming it hurts anyone). So the natural assumption is that the writer was not female. Our bad for assuming intelligence out of somebody dim enough to get themselves into this kind of pickle in the first place.
So you are telling me that when you go to work for a company built around cheating, you are liable to get cheated by your employers? Imagine my shock!
The main part of this that is appalling to me is that they would have software that controls centrifuges available on a network where it could get infected by a wild virus. Although perhaps the virus was instead inserted manually. All you'd need would be a few collaborators (or dupes) in the right places....
Wow. After reading the Symantec Security Response white paper posted elsewhere here, it looks like I was right, sort of.
The virus actually contained a rootkit for their PLC's (sort of quasi-intelligent I/O gathering devices), which is a first for a virus. There are so many different ones out there, how did they know which ones to code for? It looks like someone had to physically steal the plans. (!) Then the infected network waited for code updates from the virus authors (spread via P2P on the infected network). Wow.
Also, I was correct that the target machines are not networked. It got around that by spreading itself to them from infected machines via removable media.
There's no way somebody just threw something like this together on a whim. At the absolute least they had to have very good intelligence about what their targetted networks look like, and could build a good mock-up copy of that network (reconfigurable for various setups) for testing. So it has to be someone whose intelligence service has penetrated Iran. That rules out damn near everybody save one or two suspects...
Here's the relevant section, for those who have read this far:
Industrial control systems (ICS) are operated by a specialized assembly like code on programmable logic controllers (PLCs). The PLCs are often programmed from Windows computers not connected to the Internet or even the internal network. In addition, the industrial control systems themselves are also unlikely to be connected to the Internet.
First, the attackers needed to conduct reconnaissance. As each PLC is configured in a unique manner, the attackers would first need the ICS’s schematics. These design documents may have been stolen by an insider or even retrieved by an early version of Stuxnet or other malicious binary. Once attackers had the design documents and potential knowledge of the computing environment in the facility, they would develop the latest version of Stuxnet. Each feature of Stuxnet was implemented for a specific reason and for the final goal of potentially sabotaging the ICS.
Attackers would need to setup a mirrored environment that would include the necessary ICS hardware, such as PLCs, modules, and peripherals in order to test their code. The full cycle may have taken six months and five to ten core developers not counting numerous other individuals, such as quality assurance and management.
In addition their malicious binaries contained driver files that needed to be digitally signed to avoid suspicion. The attackers compromised two digital certificates to achieve this task. The attackers would have needed to obtain the digital certificates from someone who may have physically entered the premises of the two companies and stole them, as the two companies are in close physical proximity.
To infect their target, Stuxnet would need to be introduced into the target environment. This may have occurred by infecting a willing or unknowing third party, such as a contractor who perhaps had access to the facility, or an insider. The original infection may have been introduced by removable drive.
Once Stuxnet had infected a computer within the organization it began to spread in search of Field PGs, which are typical Windows computers but used to program PLCs. Since most of these computers are non-networked, Stuxnet would first try to spread to other computers on the LAN through a zero-day vulnerability, a two year old vulnerability, infecting Step 7 projects, and through removable drives. Propagation through
I guess you are thinking of Integrity.
Presumably Green Hills put a lot of work into that OS to make it secure (probably with the incentive of getting sold on government contracts with security requirements). It should be known however that your typical RTOS (eg: Green Hill's much more common vxWorks) is not like that. They generally operate like old 16-bit user OS's, where every application shares the same memory space, even the OS calls. So RTOS is typically an antonym for "secure".
The main part of this that is appalling to me is that they would have software that controls centrifuges available on a network where it could get infected by a wild virus. Although perhaps the virus was instead inserted manually. All you'd need would be a few collaborators (or dupes) in the right places....
Uhm. I'm moving at 0.8c. It looks very
0.8c relative to what?
So? I'd wager that about that percentage of crowbar use is for helping to remove flat tires from cars, the rest being nefarious. After all, your typical tire-iron crowbar sits in a trunk gathering dust until needed. But when you need one for legal purposes, you really need it. So should we arrest anyone found with a crowbar in their hands, no matter what the reason?