Risk management is exactly what the TSA isn't doing. They are taking a past threat and building security they *think* would protect the current system from it. Only, that's not really what they're doing.
If we had learned anything from 911 planes would takeoff manually, land and fly on autopilot with a remote operator ready to take over in case of automation failure. A co-pilot who can only take control if the remote override is toggled would suffice to prevent the entire situation of flying bomb. Now you think we can't do that? We can put a missile through a window at 500 feet above the ground, we can fly a large lumbering bird through clear skies to a known destination safely and eliminate the threat. We don't want to do that, since it would mean "the terrists" won. Instead we put on a kindergarden play and let strangers touch our no-no places.
And WWII warfare was not security theater, it was misdirection. Totally different. The TSA is telling the world what they're doing is real security, they're buying real security devices and creating completely irrelevant measures.
And yes there is nothing currently in place to stop another rectum bomber. And yes, we know what the risks are without these measures. We flew hundreds of thousands of flights since air liners started to be used as a weapon of terror in the 70s.
As a security professional I must say what the TSA does is a mockery of real security.
It's a painful thing for an overly Nationalistic American to do, but if you look at the history of the Pajaro valley you would see that prior to WWII the Japanese businesses funded the Berry Farming that created such a huge demand for Strawberries. My family's ranch was funded primarily by Japanese investors before FDR stole their property and imprisoned their families.
One need only attend Security conferences to know the hardware and software vendors are required to provide this sort of (audited mind you) access to LE. They can do pretty much whatever they want by contacting their internal liason. Do a little research on "lawful" interception.
I think foreign intelligence services are using, or will be using Wikileaks as a counter-intelligence tool. Leak the right, almost accurate, information and you have a scenario for counter-intel. For instance, people were claiming that an Iranian source was compromised. But think about it, if you flip a couple bits (their source to our source) . When you think about it, it sounds like a great way for the CIA to get the Iranian government to do their dirty work for them.
They had that long ago. Haven't you ever read the prince? Your "rights" are an illusion the ruling class has instilled in you. They are as fleeting as Jefferson's dream. We never really had freedom, we had a dream of freedom and the same oppression we brought with us.
Never the less, why is it, if I'm pointing out evidence that even on one of the slowest travel days the screeners don't bother to do what they're supposed to you are so ignorant as to assume I am defending them?
I truly believe it's a ridiculous theater where even the actors can't remember their lines, cues, or choreography. Or better yet, it's like a kindergarten play, where the tree just has to stand there and instead they're peeing themselves and dancing all over the stage.
I weep at your ignorance and bigotry, since people making ill-thought out decisions are what got us into this mess. You sir, have become what you hate, congratulations.
No, I violated their policy and they did F all about it.
I was supposed to present it in a plastic bag all by itself etc. I didn't. They did nothing. They also hadn't completed screening my carry-on and I was able to go anyways. And the Pickset is definitely on the prohibited list, I completed forgot it was in there but laughed when I saw it the next day.
Missed an open bottle of mouthwash, missed my wallet pickset and totally did nothing about the oversized shoe inserts in my shoes... something that looks an awful lot like the device that caused the whole "Take of your shoes please sir" bullshit.
The security policies of the TSA are a bunch of horseshit. I had a pair of nondescript headphones wrapped around a "strange" looking (pico projector) device that wasn't even questioned. (Point of fact I had so much electronic shit in my carryon I was already down the hall of the terminal out of view of the screener as he was still looking at my shit.
Oh right, and the scanners themselves weren't isolated from the general public (they were in a raised Kiosk in a 3 point monitor setup, so if you walked up to "ask a question" 2 of the 3 displays were visible at all times. Fuck you TSA.
And if your satellite was launched by a multinational conglomorate holding assets in X countries from a seaborne vessel, who's responsible then? And if you use a frequency spectrum easily accessible with OTS equipment how could you stop people from connecting their own uplinks? And for the ultra paranoid, if your transport on the intarweb is a Tor darknet how do you go about attributing the uplinks to individuals?
Why is this important to the Army? Cyber intrusions and attacks are a real and emerging threat to national security. The Nation faces a dangerous combination of known and unknown vulnerabilities, capable adversaries, and limited situational awareness. It is critical for the Army to grow its cyberspace operations to counter adversary targeting of both our information and our information infrastructure. To maintain our dominance in cyberspace the Army will continue to grow our abilities to better defend our own networks and have capabilities in place to conduct network warfare against adversary networks.
Guess what with just that basic research I can tell you: according to that philosophy Wikileaks is an adversary, and Jullian Assange likely qualifies as an enemy of the state.
Being defended by the ACLU. Sure, it's even more involvement from two completely disparate allies but it struck me as truthful. Sometimes you end up making alliances with your next to worst enemy, so you can make the world more free for us all.
This should have been called "Extremely Popular Games from 1996, and some general archetypes I heard about from people that played them for real."
Meridian 59 had thousands of subs initially, as did the Realm (once it got outa beta) these subs were mostly short lived because the companies that were running these games did a horrible job initially. So much so you could say their history is like a "DO not do this" playbook.
In fact, the realm is a huge shame because Sierra had just gotten a chunk of change from their sale of THE SIERRA NETWORK (AKA The Imagination Network) to AT&T.
AT&T took what could have been a marginally profitable service, with thousands of users connected online playing games, and dismantled the service following strict supply side economics. Some games as diverse as card games like Hearts (very popular) to MMORPGs (before they had a name) like The Shadow of Yserbius (very Eye of the Beholder meets multiplayer Wizardry) and laggy as crap action games such as Red Baron all saw great success leading up to AT&T's slow murder of the service.
AT&T first took away all availability of "Unlimited" access plans. Since INN relied on a large system of non-toll POPs AT&T presumably was able to leverage their domestic backbones to decrease aggregate costs that Sierra was having to offset at a much larger percentage of their operating expenses. By cutting the unlmited subscription option they lost the majority of their most die hard fans and advocates. Shortly therafter they increased the hourly overage (because you bought time in 25-50 hour blocks) by over a dollar an hour (from 1.99 to 3.49.) And lowered the available hours to the lowest plan from 30 to 20 and scaled back all other plans while leaving their pricing schedule alone.
Shortly therafter the number of online users plumetted, and it can only be assumed so did subscription rates. AOL closed up shop in 1998 and sold the venture to AOL who immediately closed the service, users who tried logging in before the last day of service recieved an in game mail from the support team and AOL thanking them for their patronage and requesting they join AOL to continue such great gaming. AOL never transitioned any of the games to their platform, and until 2007 INN was a black hole.
Some hobbyists picked up the old client, reverse engineered the server protocol and packaged up INN in a Dosbox emulator, breathing life back to a service that many thought gone forever.
Meridian 59 on the other hand, who's history is fought back and forth in Wikipedia entries has come back to the beginning.
Initially it was a game developed by the Kirmses brothers and backed by limited funding by an independent shop. The story goes: 3do loved it, bought their studio and brought them to their team. The game had a great launch, and had thousands of subs. The game was not turning an incredible profit, trying to sell media for a game that *required* the update to play was a fruitless venture. Eventually because of lackluster sales, and an inefficient support model for the quantity of subscriptions Trip Hawkins aimed 3do's success straight at the ground and followed in AT&T's footsteps, cancelling all unlimited subs and creating time based pay model. Effectively the cost to play was trippled in one month, and the number of players plummetted in half. But, because of supply side economics... well it was more profitable to support fewer users paying more. It cost less in support staff, so they cut in game paid support almost completely, and they had fewer load issues so they scrimped on server refreshes. They let most of the developers go, leaving a small staff to continue developing content releases and game patches.
What happened after that is the sad story many games see, the critical mass required to make Meridian 59 "fun" for most peo
Transparent Win32 Execution, by default on install.
Take the grandma scenario. She wants Word, A photo applicaion and quickbooks. No it doesn't matter that there are alternatives, she's got a copy from 2002 that she uses with backups, and she doesn't care to learn a new product. If the average Joe PC can pop the CD in and double click the CD (autorun) and the setup pops right up (wine) without having to go too a command line you have immediately expanded your audience.
The same thing applies to WoW, and pick your latest release game. Hell Fallout3 might run better under wine than it does in windows!
Why not adopt microsoft's implementation strategy on Win32 only applied to Linux. Right now a Linux machine running wine is only little more effective than a Windows 98 Virtual Machine... This should change Dramatically to expect people to come to linux in droves.
Don't get me wrong I run Linux in a medium sized datacenter in all the places it's right for, but until my desktops are all linux we still need Active Directory to manage the systems, and expensive Anti-Virus products running on every endpoint chewing up cycles. Give users an apples to apples experience to vista, make Wine work on 99% of software without the user having to do a damn thing. You do that, and you've got the same compatibility Windows on Windows emulation gives Vista64 and XP64.
There are now dozens of cars packed full of cheetos cheap laptops and foul smelling individuals travelling near, or perhaps at the speed limit, towards san francisco. They're full of people thinking the same thing, "Shit if they can't find a wired device, they sure as hell can't find a wireless one!"
Unless the criminal is a complete idiot there's more than one drop spot... I mean, obviously you wouldn't want to design this sort of single point of failure into any C&C system.
The problem isn't so much that the code isn't fixable, or that the client side code will show something obviously exploitable (as this is most likely the case.) But really, it's about the fact that every developer writing code for this has been doing it under the assumption that nobody is going to look at it except their peers, now the world is staring at their dangling unmentionables. Imagine your rushed proprietary coding project was now instantly made open source against your wishes...
I consider myself in the 80th percentile. I shouldn't really be in IT (I care about the user experience) but I also hate my core audience. If I was a rocker, I'd be an Emo rocker insulting my audience as I perform.
However, when dealing with people (in general) they normally are dealing with me because they're paid much more than me, dumb call or no. Who's really the idiot; the one making the call, or the one getting paid to take it?
I think this is a narrowness of vision when it comes to the usefulness of that many threads for isolation and (for lack of a better word) multitasking your system can do. With intelligent resource allocation in Desktop OS's there could easily be a marked boost in performance with 16+ cores.
Instead of having 1 processor having to deal with my 48 simultaneous running processes (Yawcam for my system's Webcam is always chugging away on interval, my messaging eating a tiny slice, the game I'm playing taking another slice, the mp3 player another slice, etc etc ad infinum. I've then got each processor doing things independent of each other and the game I'm in doesn't come to a crawl with my mp3 player or background virtual machines start chugging away.
All it takes now to do this with a decent Quad core (or hell a dualie can do it too to some extent) You shove the crap you don't care about being realtime on the processor/core your realtime application is on but having this many cores means you've got an incredible performance jump for *EVERY* unique process... makes someone waiting for that bittorrent to download while all that other crap is going on, with a flash induced cpu-crawling website on one monitor and a slashdot article in the foreground, wish they had about a dozen more cores to shuffle processes around on.
Expect to see a technological solution, this isn't a company full of middle managers or people who are used to losing technical battles.
If I were a betting man I'd say Google will either A) release a new authentication/authorization scheme for creating new accounts, or B) they'll evolve their current system to be resistant to delivering false negatives on bot provided responses.
Because honestly, isn't this just graphical/visual acuity based Turing test that needs to be treated as "passed" by the industry? The reasoning being: the equivalent of Alicebot now exists for the graphical world, so the test needs to be re-engineered to test another (currently) unpassed Turing style evaluation.
Based on that realization: the whole reason capcha's are stupid is that if you keep the existing design but try and make it "harder" to break, the designer of the Bot need only account for that change and not an entire redesign.
All this sounds like a great technical challenge: think up a new Turing test... When in reality those posting go back to invite only are absolutely right but it's likely we won't see that come out of Google.
Slashdot Mirror
Yeah, not like you can read the information off the registers or anything.... or snoop L1/L2 cache if it's that tightly integrated....
Risk management is exactly what the TSA isn't doing. They are taking a past threat and building security they *think* would protect the current system from it. Only, that's not really what they're doing.
If we had learned anything from 911 planes would takeoff manually, land and fly on autopilot with a remote operator ready to take over in case of automation failure. A co-pilot who can only take control if the remote override is toggled would suffice to prevent the entire situation of flying bomb. Now you think we can't do that? We can put a missile through a window at 500 feet above the ground, we can fly a large lumbering bird through clear skies to a known destination safely and eliminate the threat. We don't want to do that, since it would mean "the terrists" won. Instead we put on a kindergarden play and let strangers touch our no-no places.
And WWII warfare was not security theater, it was misdirection. Totally different. The TSA is telling the world what they're doing is real security, they're buying real security devices and creating completely irrelevant measures.
And yes there is nothing currently in place to stop another rectum bomber. And yes, we know what the risks are without these measures. We flew hundreds of thousands of flights since air liners started to be used as a weapon of terror in the 70s.
As a security professional I must say what the TSA does is a mockery of real security.
It's a painful thing for an overly Nationalistic American to do, but if you look at the history of the Pajaro valley you would see that prior to WWII the Japanese businesses funded the Berry Farming that created such a huge demand for Strawberries. My family's ranch was funded primarily by Japanese investors before FDR stole their property and imprisoned their families.
And you've never been moderator censored? Bullshit. The GP is dead on.
We are serfs, and the political elite are as well. We are all beholden to the infrastructure owners, and they could give two shits about one customer.
One need only attend Security conferences to know the hardware and software vendors are required to provide this sort of (audited mind you) access to LE. They can do pretty much whatever they want by contacting their internal liason. Do a little research on "lawful" interception.
I think foreign intelligence services are using, or will be using Wikileaks as a counter-intelligence tool. Leak the right, almost accurate, information and you have a scenario for counter-intel. For instance, people were claiming that an Iranian source was compromised. But think about it, if you flip a couple bits (their source to our source) . When you think about it, it sounds like a great way for the CIA to get the Iranian government to do their dirty work for them.
falling in space....
They had that long ago. Haven't you ever read the prince? Your "rights" are an illusion the ruling class has instilled in you. They are as fleeting as Jefferson's dream. We never really had freedom, we had a dream of freedom and the same oppression we brought with us.
Never the less, why is it, if I'm pointing out evidence that even on one of the slowest travel days the screeners don't bother to do what they're supposed to you are so ignorant as to assume I am defending them?
I truly believe it's a ridiculous theater where even the actors can't remember their lines, cues, or choreography. Or better yet, it's like a kindergarten play, where the tree just has to stand there and instead they're peeing themselves and dancing all over the stage.
I weep at your ignorance and bigotry, since people making ill-thought out decisions are what got us into this mess. You sir, have become what you hate, congratulations.
The kiosk was manned by a male and female, but that's not necessarily 100% effective since they're not allowed to ask the person's sexual persuasion.
No, I violated their policy and they did F all about it.
I was supposed to present it in a plastic bag all by itself etc. I didn't. They did nothing. They also hadn't completed screening my carry-on and I was able to go anyways. And the Pickset is definitely on the prohibited list, I completed forgot it was in there but laughed when I saw it the next day.
Missed an open bottle of mouthwash, missed my wallet pickset and totally did nothing about the oversized shoe inserts in my shoes... something that looks an awful lot like the device that caused the whole "Take of your shoes please sir" bullshit.
The security policies of the TSA are a bunch of horseshit. I had a pair of nondescript headphones wrapped around a "strange" looking (pico projector) device that wasn't even questioned. (Point of fact I had so much electronic shit in my carryon I was already down the hall of the terminal out of view of the screener as he was still looking at my shit.
Oh right, and the scanners themselves weren't isolated from the general public (they were in a raised Kiosk in a 3 point monitor setup, so if you walked up to "ask a question" 2 of the 3 displays were visible at all times. Fuck you TSA.
And if your satellite was launched by a multinational conglomorate holding assets in X countries from a seaborne vessel, who's responsible then? And if you use a frequency spectrum easily accessible with OTS equipment how could you stop people from connecting their own uplinks? And for the ultra paranoid, if your transport on the intarweb is a Tor darknet how do you go about attributing the uplinks to individuals?
Let me just use some flashy marketting material:
Land, Air, Sea, Space and Cyber.
From the USAA posture statement 2009:
Why is this important to the Army?
Cyber intrusions and attacks are a real and emerging threat to national security. The Nation faces a dangerous combination of known and unknown vulnerabilities, capable adversaries, and limited situational awareness. It is critical for the Army to grow its cyberspace operations to counter adversary targeting of both our information and our information infrastructure. To maintain our dominance in cyberspace the Army will continue to grow our abilities to better defend our own networks and have capabilities in place to conduct network warfare against adversary networks.
Guess what with just that basic research I can tell you: according to that philosophy Wikileaks is an adversary, and Jullian Assange likely qualifies as an enemy of the state.
Being defended by the ACLU. Sure, it's even more involvement from two completely disparate allies but it struck me as truthful. Sometimes you end up making alliances with your next to worst enemy, so you can make the world more free for us all.
This should have been called "Extremely Popular Games from 1996, and some general archetypes I heard about from people that played them for real."
Meridian 59 had thousands of subs initially, as did the Realm (once it got outa beta) these subs were mostly short lived because the companies that were running these games did a horrible job initially. So much so you could say their history is like a "DO not do this" playbook.
In fact, the realm is a huge shame because Sierra had just gotten a chunk of change from their sale of THE SIERRA NETWORK (AKA The Imagination Network) to AT&T.
AT&T took what could have been a marginally profitable service, with thousands of users connected online playing games, and dismantled the service following strict supply side economics. Some games as diverse as card games like Hearts (very popular) to MMORPGs (before they had a name) like The Shadow of Yserbius (very Eye of the Beholder meets multiplayer Wizardry) and laggy as crap action games such as Red Baron all saw great success leading up to AT&T's slow murder of the service.
AT&T first took away all availability of "Unlimited" access plans. Since INN relied on a large system of non-toll POPs AT&T presumably was able to leverage their domestic backbones to decrease aggregate costs that Sierra was having to offset at a much larger percentage of their operating expenses. By cutting the unlmited subscription option they lost the majority of their most die hard fans and advocates. Shortly therafter they increased the hourly overage (because you bought time in 25-50 hour blocks) by over a dollar an hour (from 1.99 to 3.49.) And lowered the available hours to the lowest plan from 30 to 20 and scaled back all other plans while leaving their pricing schedule alone.
Shortly therafter the number of online users plumetted, and it can only be assumed so did subscription rates. AOL closed up shop in 1998 and sold the venture to AOL who immediately closed the service, users who tried logging in before the last day of service recieved an in game mail from the support team and AOL thanking them for their patronage and requesting they join AOL to continue such great gaming. AOL never transitioned any of the games to their platform, and until 2007 INN was a black hole.
Some hobbyists picked up the old client, reverse engineered the server protocol and packaged up INN in a Dosbox emulator, breathing life back to a service that many thought gone forever.
Meridian 59 on the other hand, who's history is fought back and forth in Wikipedia entries has come back to the beginning.
Initially it was a game developed by the Kirmses brothers and backed by limited funding by an independent shop. The story goes: 3do loved it, bought their studio and brought them to their team. The game had a great launch, and had thousands of subs. The game was not turning an incredible profit, trying to sell media for a game that *required* the update to play was a fruitless venture. Eventually because of lackluster sales, and an inefficient support model for the quantity of subscriptions Trip Hawkins aimed 3do's success straight at the ground and followed in AT&T's footsteps, cancelling all unlimited subs and creating time based pay model. Effectively the cost to play was trippled in one month, and the number of players plummetted in half. But, because of supply side economics... well it was more profitable to support fewer users paying more. It cost less in support staff, so they cut in game paid support almost completely, and they had fewer load issues so they scrimped on server refreshes. They let most of the developers go, leaving a small staff to continue developing content releases and game patches.
What happened after that is the sad story many games see, the critical mass required to make Meridian 59 "fun" for most peo
Transparent Win32 Execution, by default on install.
Take the grandma scenario. She wants Word, A photo applicaion and quickbooks. No it doesn't matter that there are alternatives, she's got a copy from 2002 that she uses with backups, and she doesn't care to learn a new product. If the average Joe PC can pop the CD in and double click the CD (autorun) and the setup pops right up (wine) without having to go too a command line you have immediately expanded your audience.
The same thing applies to WoW, and pick your latest release game. Hell Fallout3 might run better under wine than it does in windows!
Why not adopt microsoft's implementation strategy on Win32 only applied to Linux. Right now a Linux machine running wine is only little more effective than a Windows 98 Virtual Machine... This should change Dramatically to expect people to come to linux in droves.
Don't get me wrong I run Linux in a medium sized datacenter in all the places it's right for, but until my desktops are all linux we still need Active Directory to manage the systems, and expensive Anti-Virus products running on every endpoint chewing up cycles. Give users an apples to apples experience to vista, make Wine work on 99% of software without the user having to do a damn thing. You do that, and you've got the same compatibility Windows on Windows emulation gives Vista64 and XP64.
US Schools do the same shit
News at 11
There are now dozens of cars packed full of cheetos cheap laptops and foul smelling individuals travelling near, or perhaps at the speed limit, towards san francisco. They're full of people thinking the same thing, "Shit if they can't find a wired device, they sure as hell can't find a wireless one!"
Unless the criminal is a complete idiot there's more than one drop spot... I mean, obviously you wouldn't want to design this sort of single point of failure into any C&C system.
I don't mind using the same operating system than an elitist zealot uses - just not the same computer.
I totally agree. I can't stand using a Fanboi's Apple gear either..... OOOOOH you meant Linux, my appologies.
The problem isn't so much that the code isn't fixable, or that the client side code will show something obviously exploitable (as this is most likely the case.) But really, it's about the fact that every developer writing code for this has been doing it under the assumption that nobody is going to look at it except their peers, now the world is staring at their dangling unmentionables. Imagine your rushed proprietary coding project was now instantly made open source against your wishes...
I consider myself in the 80th percentile. I shouldn't really be in IT (I care about the user experience) but I also hate my core audience. If I was a rocker, I'd be an Emo rocker insulting my audience as I perform.
However, when dealing with people (in general) they normally are dealing with me because they're paid much more than me, dumb call or no. Who's really the idiot; the one making the call, or the one getting paid to take it?
I think this is a narrowness of vision when it comes to the usefulness of that many threads for isolation and (for lack of a better word) multitasking your system can do. With intelligent resource allocation in Desktop OS's there could easily be a marked boost in performance with 16+ cores.
Instead of having 1 processor having to deal with my 48 simultaneous running processes (Yawcam for my system's Webcam is always chugging away on interval, my messaging eating a tiny slice, the game I'm playing taking another slice, the mp3 player another slice, etc etc ad infinum. I've then got each processor doing things independent of each other and the game I'm in doesn't come to a crawl with my mp3 player or background virtual machines start chugging away.
All it takes now to do this with a decent Quad core (or hell a dualie can do it too to some extent) You shove the crap you don't care about being realtime on the processor/core your realtime application is on but having this many cores means you've got an incredible performance jump for *EVERY* unique process... makes someone waiting for that bittorrent to download while all that other crap is going on, with a flash induced cpu-crawling website on one monitor and a slashdot article in the foreground, wish they had about a dozen more cores to shuffle processes around on.
Expect to see a technological solution, this isn't a company full of middle managers or people who are used to losing technical battles.
If I were a betting man I'd say Google will either A) release a new authentication/authorization scheme for creating new accounts, or B) they'll evolve their current system to be resistant to delivering false negatives on bot provided responses.
Because honestly, isn't this just graphical/visual acuity based Turing test that needs to be treated as "passed" by the industry? The reasoning being: the equivalent of Alicebot now exists for the graphical world, so the test needs to be re-engineered to test another (currently) unpassed Turing style evaluation.
Based on that realization: the whole reason capcha's are stupid is that if you keep the existing design but try and make it "harder" to break, the designer of the Bot need only account for that change and not an entire redesign.
All this sounds like a great technical challenge: think up a new Turing test... When in reality those posting go back to invite only are absolutely right but it's likely we won't see that come out of Google.
MIT OCW
There's a course on this sorta thing from 5 years ago...