Let's not get too confused here. "Stealing business" is a very different thing than stealing apples (or Apples as the case may be).
As an aside, Apple's relationship with clones is a bit more complex than that. The early years of Apple clones involved copyright infringement. Then you have licensed clones that ended with The Return of Steve Jobs. Whether Jobs was right is up to debate (I think it was a mistake but then, I wouldn't much care one way or another if Apple survived).
Whereas when you do deprive someone the ability to sell something (and post about in on Slashdot) you're not stealing. Aren't double standards fun?
I see how this works. Let's say you have an apple cart and are selling apples. I come along with my own apple cart and start selling apples. I am therefore stealing your apples. That explains so many attitudes in business.
Google are already turning into Microsoft on this front too. Small companies regularly out-innovate (I hate that word too) them. So Google just buys them out.
It's pretty common in the tech industry to let others spend money vetting out ideas and then coming in to buy what survives the process. I suspect you would be hard pressed to find any substantially large name in IT that hasn't done this at least once. The interesting thing is that you get large enough, you find the names hedging their bets - dishing out their own R&D funds as well as simply buying other's R&D efforts.
Incidentally, the only reason I despise the "innovate" term is because of Microsoft's hubris. They often bandy that about as if they (or at least their development methods) are the sole source of advancing the state of technology. When, in fact, Microsoft does exactly what everyone else in the industry does (Open Source, proprietary, hobbyist, or commercial effort). And that includes adopting other's efforts.
These reports did not come from some long overlooked rainforest tribe, but rather from people intelligent enough to call NASA with worries and fears. These are people able to read or at least watch TV news, or surf the net.
Yes and if they do enough web surfing, they'll run in to the 2012 apocalyptic believers. And if they're watching TV, they might also run in to the series of quasi-documentaries / commercials History channel is running on 2012 doomsday prophecies (some of which do this great job of intermixing astrophysicists' descriptions of phenomena like solar flares while explaining it's not doom with some dude screaming "doom").
The lie is a lot larger than just a single movie. This isn't someone suddenly fearing hobbits. This is something that exists because the mythos is so widely spread that plugging in to it is instant buzz.
That's not to say that these people aren't acting foolish when they believe all this crap. But the crap is spread widely enough that all avenues of messages will deliver it. And that itself adds weight to something that is otherwise void of substance.
You must realize, he is fielding questions from a population of millions of people, some significant percentage of whom are literally psychotic (which actually means losing touch with reality, not being an axe murderer).
After the Columbia incident, NASA had an email address for citizens to email tips and photographs of Columbia debris. There was plenty of good information coming in from concerned folks helping NASA literally pick up the pieces. There were well-meaning photographs of burnt toast found in a restaurant parking lot. And there were more than a few eye-witness descriptions of aliens attacking the shuttle and end-of-times prophecies. NASA attracts lots of attention; some of it very weird.
Some reports of this kind of action have mentioned electrical systems being disrupted over a wide area. That's direct physical damage. Especially if any hospital systems go down. (Could be over-voltage rather than under-voltage, too, but the reports weren't that detailed.)
Certainly *this year* the physical damage that could be done by this kind of attack is less than it will be in a decade. Or next year. But that doesn't mean that it isn't present, and isn't a growing threat.
Sure - all this leads to physical damage; be it directly or indirectly. But the underlying systems involved are all well within the realms of information security. And that requires a different mindset than the battlefield.
Espionage and sabotage are closely linked. In fact, sabotage is often treated as a subset of espionage despite the distinctions between the two. The desired outcomes may be different. But the skills, tools, and avenues of attack are often the same. Protecting against one is protecting against the other. The stakes involved only become a factor when one needs to determine what degree of protection is appropriate.
It seems to me the first mistake to be made is to treat a digital front as if it was a front in an actual war. All you're doing it guarding secrets most often, or sometimes vital services.
There are two fundamental issues that bug me whenever I see these stories. The first is treating information security like physical security. And the second is whether this really is warfare.
To begin with, there are different rules in play for physical security than information security. Physical security is governed by the rules of physics. There's not much we can do to alter that. We can discover new ways to make use of these rules but we can't fundamentally alter them. Information security is governed by the rules of the systems and protocols we use. And while there are inherent limitations involved in these, one still has the ability to change systems and protocols if needed. With information security, you can change the basic rules by which you operate.
This comes to play in different ways. If you're providing security for a building, there's only so many people that are able to attack it at any given time. Doing so requires the cost of either establishing a physical presence (showing up) or investing in the appropriate infrastructure (spy satalites). Protecting a server involves an almost infinite number of potential attackers who have very low investment (nmap from the comfort of the local cafe / living room). You can't physically deny entry to a building but you can make it very difficult to do so with various barriers, locks, etc. - often with exponential cost for each mechanism. But with physical security, you can make attempting to bypass those barriers costly. So deterrence becomes a very important factor. With information security, it is possible to select a system and protocol that does make it effectively impossible to gain access to a logical location with limited cost. But it is very difficult to induce a cost with a network attack (outside of tar pits and cycles needed to brute-force attacks).
The second concern is referring to these activities as war. "Cyberwarfare" is no more war than business. Like comparing physical security to information security, the comparison to war offers some conceptual convenience; basic mindset and theory. But ultimately we're really talking about espionage with different tools than a battlefield with different weapons. Battlefield fundamentals are rooted in that physical space which information security only partly touches. Espionage has a lot better set of memes to deal with not only those occasional intersections with physical space, but also the nature of data and information system security.
I don't really understand how this is even an issue. I seem to remember reading an article almost a decade ago [sadly I don't remember the source] which explained how the NSA operated their networking and it was EXACTLY what you're saying. The only connection their networks had to the outside world were stations with two terminals, internal network on one and external networks on the other with the agent in the chair being the ONLY connection between the two.
No amount of efficiency gained is worth having truly sensitive data being ANYWHERE on an exposed network.
In one of my formal environments, there were networks like this; all the very sensitive kit is tucked away on aggressively segmented if not air-gapped networks. However, there was a time when we were migrating the firewall infrastructure which would involve complete disruption with the public internet for the non-critical / normal internal network. We had to reschedule twice because the critical business didn't have another way of passing on data to / from their international partners. It's not that they couldn't - we came up with a half dozen options while cooling our feet that Saturday morning while the high-ups discussed things. Some of those methods involved dedicated circuits that they had directly with their partners. But rather, in the normal flow of doing business, they had come to expect availability of the Internet even though it is not classified as critical infrastructure. It's the ubiquity of the network; the network effect in full glory.
I'm sure the majority of sensitive data is safely squirreled away in proper network containers. But that doesn't mean it's not possible to impact the effectiveness of a target organization but disrupting non-sensitive networks.
A battery cover that falls off? A physical keyboard that "peels" off?
I've had my Droid since Friday morning and yet to see any sign of any of this. So it piqued my curiosity.
I could sort of see the back panel coming off if you catch it right. Mine is on there pretty snug. And it sort of locks in place as you slide it home. I'll watch for this happening in the future. But I'm not exactly expecting it to.
As for the keyboard, it turns out the keyboard issue was due to a protector being installed incorrectly on the individual's Droid. Yeah, if I run my fingernail around the little keys, I can get it to sort of catch. I could probably peel off the tops of the keyboards with a bit of effort. But I wouldn't have known this was even possible if it weren't for this article (thanks for the heads-up). And I couldn't imagine any keyboard would appreciate the rough treatment this protector was dishing out. Once again - I'll have to see if this is a problem long-term.
Scoble has some decent points - don't get me wrong. After all, there's plenty of little rough edges to be found on the Droid. But I get this feeling that although the criticism is welcome, he's being a bit picky about some of his points.
I've yet to really regret my purchase. The Droid is turning out to be what I wanted it to be. But be cautious - YMMV.
Flagging this as "Troll" for being critical of how Linux distros don't get the same levels of QA testing isn't exactly demonstrating great professionalism...
However, flagging this as a troll since it is obviously designed to invite flames and ire is entirely spot-on. The OP pulls the hypocrisy card and then makes general statements about QA quality with weasel words like "professional." This is not discussion much less criticism.
Do you really think that Microsoft is responsible for those viruses? Virus makers target Microsoft products because they have the widest user base and the greatest number of users who aren't computer savy (and are therefore more likely to fall for the tricks).
To be sure - a lot of the current issues are squarely on the shoulders of end users; the dancing pigs problem. But that doesn't completely absolve the platform. There are times when people do dangerous things that simply shouldn't be dangerous. Often these come down to poor decisions on Microsoft's part. Couple that with a history of ignoring security issues and Microsoft's history is full of issues that, yes, I would put squarely on Microsoft's shoulders.
It's difficult to see that now. If your perspective is short, one could dismiss so many complaints as FUD. Microsoft has improved a lot over the years. It's a pity they didn't pick up on these things earlier. And they could have.
You see, neither Microsoft nor Windows should be credited with trivial exploits, trust by default (enable by default?), worms, or even (arguably) botnets. Most of this ilk had very clear examples in the Unix world. Lessons were (reluctantly) learned and the Unix world started to grudgingly shuffle their feet towards a more secure reality. Microsoft had excellent object lessons to learn from. One of the many sins of Microsoft is that they ignored these lessons. With abandon.
Slashdot Mirror
It's what you type in to the Google search bar.
Forget car analogies. We've struck fertile ground with produce analogies!
Let's not get too confused here. "Stealing business" is a very different thing than stealing apples (or Apples as the case may be).
As an aside, Apple's relationship with clones is a bit more complex than that. The early years of Apple clones involved copyright infringement. Then you have licensed clones that ended with The Return of Steve Jobs. Whether Jobs was right is up to debate (I think it was a mistake but then, I wouldn't much care one way or another if Apple survived).
Whereas when you do deprive someone the ability to sell something (and post about in on Slashdot) you're not stealing. Aren't double standards fun?
I see how this works. Let's say you have an apple cart and are selling apples. I come along with my own apple cart and start selling apples. I am therefore stealing your apples. That explains so many attitudes in business.
You'd be surprised what gets mixed in to "beef" on occasion. Every once in awhile, there's some big scandal.
Not even if it's sushi-grade?
And yet the Android phones are rolling out. Go figure.
Google is not a technology company. Google is an advertising company with a sideline in email hosting. That's where their money comes from.
Someone owes me a refund on past purchases. I'm probably not the only one.
Google are already turning into Microsoft on this front too. Small companies regularly out-innovate (I hate that word too) them. So Google just buys them out.
It's pretty common in the tech industry to let others spend money vetting out ideas and then coming in to buy what survives the process. I suspect you would be hard pressed to find any substantially large name in IT that hasn't done this at least once. The interesting thing is that you get large enough, you find the names hedging their bets - dishing out their own R&D funds as well as simply buying other's R&D efforts.
Incidentally, the only reason I despise the "innovate" term is because of Microsoft's hubris. They often bandy that about as if they (or at least their development methods) are the sole source of advancing the state of technology. When, in fact, Microsoft does exactly what everyone else in the industry does (Open Source, proprietary, hobbyist, or commercial effort). And that includes adopting other's efforts.
These reports did not come from some long overlooked rainforest tribe, but rather from people intelligent enough to call NASA with worries and fears. These are people able to read or at least watch TV news, or surf the net.
Yes and if they do enough web surfing, they'll run in to the 2012 apocalyptic believers. And if they're watching TV, they might also run in to the series of quasi-documentaries / commercials History channel is running on 2012 doomsday prophecies (some of which do this great job of intermixing astrophysicists' descriptions of phenomena like solar flares while explaining it's not doom with some dude screaming "doom").
The lie is a lot larger than just a single movie. This isn't someone suddenly fearing hobbits. This is something that exists because the mythos is so widely spread that plugging in to it is instant buzz.
That's not to say that these people aren't acting foolish when they believe all this crap. But the crap is spread widely enough that all avenues of messages will deliver it. And that itself adds weight to something that is otherwise void of substance.
We are landing on asteroids so that they don't land at home.
You must realize, he is fielding questions from a population of millions of people, some significant percentage of whom are literally psychotic (which actually means losing touch with reality, not being an axe murderer).
After the Columbia incident, NASA had an email address for citizens to email tips and photographs of Columbia debris. There was plenty of good information coming in from concerned folks helping NASA literally pick up the pieces. There were well-meaning photographs of burnt toast found in a restaurant parking lot. And there were more than a few eye-witness descriptions of aliens attacking the shuttle and end-of-times prophecies. NASA attracts lots of attention; some of it very weird.
Some reports of this kind of action have mentioned electrical systems being disrupted over a wide area. That's direct physical damage. Especially if any hospital systems go down. (Could be over-voltage rather than under-voltage, too, but the reports weren't that detailed.)
Certainly *this year* the physical damage that could be done by this kind of attack is less than it will be in a decade. Or next year. But that doesn't mean that it isn't present, and isn't a growing threat.
Sure - all this leads to physical damage; be it directly or indirectly. But the underlying systems involved are all well within the realms of information security. And that requires a different mindset than the battlefield.
Espionage and sabotage are closely linked. In fact, sabotage is often treated as a subset of espionage despite the distinctions between the two. The desired outcomes may be different. But the skills, tools, and avenues of attack are often the same. Protecting against one is protecting against the other. The stakes involved only become a factor when one needs to determine what degree of protection is appropriate.
It seems to me the first mistake to be made is to treat a digital front as if it was a front in an actual war. All you're doing it guarding secrets most often, or sometimes vital services.
There are two fundamental issues that bug me whenever I see these stories. The first is treating information security like physical security. And the second is whether this really is warfare.
To begin with, there are different rules in play for physical security than information security. Physical security is governed by the rules of physics. There's not much we can do to alter that. We can discover new ways to make use of these rules but we can't fundamentally alter them. Information security is governed by the rules of the systems and protocols we use. And while there are inherent limitations involved in these, one still has the ability to change systems and protocols if needed. With information security, you can change the basic rules by which you operate.
This comes to play in different ways. If you're providing security for a building, there's only so many people that are able to attack it at any given time. Doing so requires the cost of either establishing a physical presence (showing up) or investing in the appropriate infrastructure (spy satalites). Protecting a server involves an almost infinite number of potential attackers who have very low investment (nmap from the comfort of the local cafe / living room). You can't physically deny entry to a building but you can make it very difficult to do so with various barriers, locks, etc. - often with exponential cost for each mechanism. But with physical security, you can make attempting to bypass those barriers costly. So deterrence becomes a very important factor. With information security, it is possible to select a system and protocol that does make it effectively impossible to gain access to a logical location with limited cost. But it is very difficult to induce a cost with a network attack (outside of tar pits and cycles needed to brute-force attacks).
The second concern is referring to these activities as war. "Cyberwarfare" is no more war than business. Like comparing physical security to information security, the comparison to war offers some conceptual convenience; basic mindset and theory. But ultimately we're really talking about espionage with different tools than a battlefield with different weapons. Battlefield fundamentals are rooted in that physical space which information security only partly touches. Espionage has a lot better set of memes to deal with not only those occasional intersections with physical space, but also the nature of data and information system security.
I don't really understand how this is even an issue. I seem to remember reading an article almost a decade ago [sadly I don't remember the source] which explained how the NSA operated their networking and it was EXACTLY what you're saying. The only connection their networks had to the outside world were stations with two terminals, internal network on one and external networks on the other with the agent in the chair being the ONLY connection between the two.
No amount of efficiency gained is worth having truly sensitive data being ANYWHERE on an exposed network.
In one of my formal environments, there were networks like this; all the very sensitive kit is tucked away on aggressively segmented if not air-gapped networks. However, there was a time when we were migrating the firewall infrastructure which would involve complete disruption with the public internet for the non-critical / normal internal network. We had to reschedule twice because the critical business didn't have another way of passing on data to / from their international partners. It's not that they couldn't - we came up with a half dozen options while cooling our feet that Saturday morning while the high-ups discussed things. Some of those methods involved dedicated circuits that they had directly with their partners. But rather, in the normal flow of doing business, they had come to expect availability of the Internet even though it is not classified as critical infrastructure. It's the ubiquity of the network; the network effect in full glory.
I'm sure the majority of sensitive data is safely squirreled away in proper network containers. But that doesn't mean it's not possible to impact the effectiveness of a target organization but disrupting non-sensitive networks.
Less Hasselhoff, more Streisand.
They've had GPL code in products before.
A battery cover that falls off? A physical keyboard that "peels" off?
I've had my Droid since Friday morning and yet to see any sign of any of this. So it piqued my curiosity.
I could sort of see the back panel coming off if you catch it right. Mine is on there pretty snug. And it sort of locks in place as you slide it home. I'll watch for this happening in the future. But I'm not exactly expecting it to.
As for the keyboard, it turns out the keyboard issue was due to a protector being installed incorrectly on the individual's Droid. Yeah, if I run my fingernail around the little keys, I can get it to sort of catch. I could probably peel off the tops of the keyboards with a bit of effort. But I wouldn't have known this was even possible if it weren't for this article (thanks for the heads-up). And I couldn't imagine any keyboard would appreciate the rough treatment this protector was dishing out. Once again - I'll have to see if this is a problem long-term.
Scoble has some decent points - don't get me wrong. After all, there's plenty of little rough edges to be found on the Droid. But I get this feeling that although the criticism is welcome, he's being a bit picky about some of his points.
I've yet to really regret my purchase. The Droid is turning out to be what I wanted it to be. But be cautious - YMMV.
'nuff said.
That sounds as useful as "don't snitch."
The irony is too good...
Flagging this as "Troll" for being critical of how Linux distros don't get the same levels of QA testing isn't exactly demonstrating great professionalism...
However, flagging this as a troll since it is obviously designed to invite flames and ire is entirely spot-on. The OP pulls the hypocrisy card and then makes general statements about QA quality with weasel words like "professional." This is not discussion much less criticism.
Two trojans and a coding bug that could affect anyone ?
Yep - that's exactly the mentality that helped shape the very history I mentioned.
Off the top of my head, I'd suggest ILOVEYOU, Life Stages, and http://www.microsoft.com/technet/security/Bulletin/MS01-020.mspx
Do you really think that Microsoft is responsible for those viruses? Virus makers target Microsoft products because they have the widest user base and the greatest number of users who aren't computer savy (and are therefore more likely to fall for the tricks).
To be sure - a lot of the current issues are squarely on the shoulders of end users; the dancing pigs problem. But that doesn't completely absolve the platform. There are times when people do dangerous things that simply shouldn't be dangerous. Often these come down to poor decisions on Microsoft's part. Couple that with a history of ignoring security issues and Microsoft's history is full of issues that, yes, I would put squarely on Microsoft's shoulders.
It's difficult to see that now. If your perspective is short, one could dismiss so many complaints as FUD. Microsoft has improved a lot over the years. It's a pity they didn't pick up on these things earlier. And they could have.
You see, neither Microsoft nor Windows should be credited with trivial exploits, trust by default (enable by default?), worms, or even (arguably) botnets. Most of this ilk had very clear examples in the Unix world. Lessons were (reluctantly) learned and the Unix world started to grudgingly shuffle their feet towards a more secure reality. Microsoft had excellent object lessons to learn from. One of the many sins of Microsoft is that they ignored these lessons. With abandon.
I bet their board meetings are a blast.
I did not know any of this, and I don't know how I can facepalm any harder.
Be the Director of Marketing for Nokia.