Very true. I was assuming that the need thus to transport the data is proven. For example, a case worker might need to look up notes at a client residence while interviewing the client, or to update notes immediately after a client visit because they will be stale by the time s/he returns to the office after several, possibly ewearing, client visits. These are legitimate reasons to take the data off site. Obviously, they are reasons with a security cost, and the cost/benefit must be positively evaluated rather than just let slip. It seems that this organisation is doing just such an evaluation, and taking appropriate proceures to minimise the cost - which will actually allow more benefits to pass the cost/benefit threshold. Far too few organisations do that, and they are to be applauded for doing so. Obviously, eache benefit must be evaluated, and should not exceed its cost. And particularly, as you say, if there is no need for the data to go away from the central storage, there is a need for it not to do so. Every organisation handling confidential data should have a frequently-reviewed policy for secure data handling, and every reduction in security should be justified by needs which cannot be met other ways,
And how sure are you that/dev/zero actually destroys the data rather than just removing pointers to it? A study of disk drives bought on ebay showed that 1/3 had not been wiped at all and 1/3 had been re-initialised in a way that made it trivially easy to recover the "deleted" data.
The whole point of the article is that they are replacing dives of unknown source and capabilities with encryptes drives which self-wipe on to many access failures. They are, correctly, replacing insecure devices with secure ones and destroying insecure ones with confidential data.
Given the casual way in which UK goverement employees, both civil and military, have been treating confidential information, I am glad that a department with seriously confidential information is taking the security of portable storage media seriously. Obviously, if the media were personally ppurchased and used in good faith, the owners of the media must be compensated. But, as previously suggested, these were probably privately purchased and then refunded as expenses, to the belong to the emplyer already.
As to destroying them... Put this in proportion: 150 devices, at perhaps $30 apiece if they wern't bought yesterday: about $4500. On the otyher side, when the UK government lost 2 CDs with large amounts of personal information, the mailshot warning the people whose personal and banking information had been misplaced cost $6,000,000. With cost ratios of this magnitude, the precautionary principle applies. Yes, you could wipe them, and they probably wouldn't leak info. But the cost if they did is so high that the tiny loss involved in destruction is irrelevant.
So I applaud a government department for finally taking privacy seriously. The cost arises becasue they didn't do so before, and is small. The cost for all the other departments who have not yet got it is increasing every day.
That is true - in fact, many of them are hydraulic engineers, which explains the steamroller power behind the Three Gorges Dam. They all want to crate the Greatres Dam Evah! But the system through which they rose, and the training they were given, was remarkably limited by Western standards. The were trained from the start as hydraulic engineers, and told to mignore anything which did not affect rivers and dams. Western education trues to priduce fairly genral purpose engineers who then specialise; Chinese training at the time turnsed out single-subject specialists in the quantity requested by the central control. So Li Peng, and his peers, will be less open minded than we would expect of the majority of engineers.
No. Because to non-technical people a network is a static thing, structural. Things don't travel over nets, they get casugt by nets, which hold them in place. The internet and its relatives is called a network because a picture of a computer network looks a niot like a pictutre of q net, be it fishing, climbing, safety or whatever. But you have already to bone of the cognoscenti to realise that those lines in the picture are active communications channels, not structural componenet. By the time they have got that far, they are already insiders.
There are a lot of words which techies have borroved from everyday language, often becasue of a fairly tortured analogy, and then re-used with a technical meaning which has very little relationship to everyday use. "Organic", as use in chemistry to mean compoints containg carbon and hudrogen, is very differnt from usage in "organic food" or "an organic part" - the latter being probably truest to the original meaning. The curvature of the univers described by physicists has a mathematical rlationship to the curves of a beutiful woman, but it it pretty tenous. And the word net used by a geet has little to do with fishnet stockings, functionally or socially.
True, but not very relevant. If you take the exclusionist approach, when Van Gogh becomes relevant, someone will write the article. Until then, the article is not needed and there is little point in writing articles for, say, every would-be artist. The set of artist who have sold at least one picture is probably pretty large - inluuding, for example, all the trite seaside watercolourers. The subset who will ever be studied by anybody, let alone searched for at large, is tiny.
However, I take a fairly inclusionist approach, because the Wikipedia Index (aka Google) is so good. However, it would be entirely possible to automatedly create an entry for every star, cluster and galaxy in one of the big star catalogues. This could be justified in an inclusionist way by stating that if such an astronomic object turns out to be the home of intelligent life, it will suddenly be of enormous interest.
If something can be covered by an external, authoritative, catalogue, Wikipedia should reference that, not copy it. It is the complex network of information which does not lend itself to rigid catalogues which Wikipedia should support.
No - it shows that the specification did not define what should happen with out of range conditions. The use formal specification languages to define what they want the software to do, but it is precisely these sorts of unforeseen circumstances which show that the spec was wrong, and the code only did what was specified.
The first linked article is more-or-less gossip, and gives no reason to blame the avionics. Not to say that it wasn't, but we want some evidence. The second is a much more reasoned article, and gives a number of possibilities, including avionics but also a number of others, all of which is possible. My favourite is fuel contamination - but we shall see.
The simple "running out of fuel" hypothesis is very unlikely. All aircraft are supposed to carry reserves to divert to another airport (not far in this case) plus ninety minutes flying. While cheapo airlines might short-cut on this, I cannot imagine BA doing so. There is no indication that the aircraft had been "stacked" for any length of time, so it shoudl have landed with two hours worth of fuel on board. There have been cases of aircraft being misfueled, but on a regular run between two sophisticated endpoints, this seems unlikely.
Concorde did not actually have a very good record - counted by flying hours. The fleet was very small, end even those aircraft that did fly only did one round trip per day, which was not very lone because of the aircraft's speed. The one accident Concorde did have moved it from perfect to the worst per hour of any moder aircraft. And if you look at the frequency of "events" like damaged rudders,, they were fairly frequent. The 777 fleet probably has more than 100 times the flying yo9urs of the Concorde fleet already.
Actually, they have given up creating multiple implementations of the code. There were only ever two implementations, scattered across several computers. However, when developing the systems for this very aircraft type, Boeing decided that they now have tools which can verify precisely that the software matches the specification, and where they actually need to put the effort in is in checking that the specification makes sense. Rather than wasting effort in having two teams implement implement the specification, and verify that using automated tools, you use the extra effort to look closely at the specification.
You need to inquire into the nature of the connection. If it is IP packets routed straight through, then this is obviously extremely dangerous. But IP is explicitly designed as a "carry anything" network. So what you need is an explicit bridge that basically gives every message (not packet) a strip search. This bridge only carries pre-determined messages in a known, non-IP, format. So a would-be hacker cannot send pings and miscellaneous enquiries through this bridge. It simply doesn't understand ping or the IP discovery protocols, so it cannot pass them through.
TFA explicitly says that they are two separate networks, with some kind of bridging between them. There are reasons to have bridging. One example is flight progress information, which has already been quited by many. This might be regarded as a luxury, and deleted on safety grounds. But, for example, both cabin crew and flight crew need access to the air conditioning system, - the cabin crew to turn the temperature up or down, the flight crew to turn it down/off as part of their power management if they get a generation loss. There are plenty of others.
Very true - but this article is about the relevant supervisory authority, the FAA, doing their job and raising a yellow warning with Boeing. Boeing now have to respond appropriately. So far, I see a supervisory system working OK. Of course any unsupervised organisation will, from time to time, fall prey to the temptation to cut corners. That is why every system needs checks and balances.
And yes, you can wonder where the supervision of Microsoft is. Answer: nowhere. Which is why Linux is so important as a balance. At least people have some choice, though I would rather it was better.
This may be OK with upmarket cars like BMWs, but *all* the problems on my 10-year-old Ford have been related to electrical systems. Sensors that brake is pushed breaking, so it would let me go into Drive. Some sensor in the gearbox freaking out so it remained in bottom gear. A fuse regularly blowing (monthly) that fed so many random systems that we could never find out which it was, but it disabled the starter. Cruise control screwed. Reversing sensors screwed. The basic car has never given any problems, but the sensor/control systems have been a total PITA.
If you are about to enter turbulence, the captain must turn on the seatbelt light and get on the PA to tell everybody to sit down NOW, not when he can get the attention of an attendant puring coffee half way down the cabin.
Cost and complexity. The wiring loom for the aircraft is becoming heavy and complex. The reason the A380 was nearly two years late was because of problems in the wiring loom, cause by incompatible CAD systems between France and Germany. The fact that it took so long to correct an (inexcusable) cockup in the wiring shows how complicated the damn things are. The 747 is said to have 500km of wire in it: that weighs, and weight is fuel consumption, cost, and CO2 emission.
London used to have a system of hydraulic power distribution to power lifts (elevators) in the business areas. When it finally closed down, the network of pipes was in exactly those areas, full of high profile financial companies, in which they wanted to fit fibre optic cables, so they were recycled almost immediately.
But if you get addicted to drugs instead of reproducing, you lose. If you get involved in gangs with guns, you probably lose. If you get imprisoned through your reproductive years, you lose. If you are oversensitive to urban pollution, you lose. If your girl cheats with the Big Man and you bring up his children, you lose. If you kill yourself driving like an idiot (too common near me) you lose.
The environment is changing very, very fast. Changing environments drive evolution. But not in the way you might expect, nor might want.
Some years ago, my employers found out that (a) if a clause in an employment is found to be unreasonable, the clause is simple wiped out, not set to whatever is decided to be reasonable and (b) that most of the non-compete and patent-assignment in their current contract would be regarded as unreasonable. Therefore, in effect, they had no such clauses if an employee chose to argue about it. They therefore hastily drew up a new contract taking legal advice as to what would be regarded by courts as reasonable. The resultant contract was much more lenient.
If I invent something not directly associated with my current project, I have to give them first refusal to develop it, but if they don't take it up, they retain no rights. The have not rights over inventions I make after I leave - unless, of course, they can show that I was working on them before I left.
I only have a three month "no compete" over projects which would complete directly with equipment that I have been working on. So I can go straight to another company that makes competing equipment provided that I don't work on that equipment for three months.
Those requirements are actually less restrictive than my own sense of fair play, so I have no problem with them. Other UK workers might be interested; obviously it is different elesewhere. And, as always, IANAL.
I agree with this. Japan and China are as "physically and culturally linked" as the US and Latin America. Lots of cultural exchange, and not a few invasions, but that has not made the two merge together at all.
Not. It says that the only thing you can say is that you perceive them as happening right now, but you know they happened at different times in the past. A different observer would not certainly not perceive the same simultaneity - obviously, because they are in a differnt place so would have different speed-of-light delays. But if they worked back to when the supernovae "really" happened, they would not necessarily see the suparnovae being the same time-distance away, or with the same time-distance between them.
The reason for keeping your vote secret is so that the thugs employed by corrupt politicians do not come round and beat you up. This used to be a big problem before secret ballots. It also means that anybody so attempted to buy your vote has no way of knowing whether you delivered what they paid for, so much less motive to pay you.
You only have the (relatively) uncorrupt system you currently have because the precautions have been in place, and known to be in place, for decades. The ability to trace votes back to voters bring a risk to a return of Tammanay Hall politics, where a corrupt but unshiftable city boss terrorises everybody.
The Oxford English Dictionary puts the etymology later - about 1910. They claim it was first used in musical performances, when people would express their displeasure by stamping their feet so they would "saboter" the piece (actually probably just heavy boots rather than sabots). The word "sabotage" spread from this to mean the destruction of anything, not just a musical performance, by malignant non-participants. Frankly, this sounds more credible to me than throwing your (valuable) footwear into the machinery. Are you going to hop home?
Slashdot Mirror
Very true. I was assuming that the need thus to transport the data is proven. For example, a case worker might need to look up notes at a client residence while interviewing the client, or to update notes immediately after a client visit because they will be stale by the time s/he returns to the office after several, possibly ewearing, client visits. These are legitimate reasons to take the data off site. Obviously, they are reasons with a security cost, and the cost/benefit must be positively evaluated rather than just let slip. It seems that this organisation is doing just such an evaluation, and taking appropriate proceures to minimise the cost - which will actually allow more benefits to pass the cost/benefit threshold. Far too few organisations do that, and they are to be applauded for doing so. Obviously, eache benefit must be evaluated, and should not exceed its cost. And particularly, as you say, if there is no need for the data to go away from the central storage, there is a need for it not to do so. Every organisation handling confidential data should have a frequently-reviewed policy for secure data handling, and every reduction in security should be justified by needs which cannot be met other ways,
And how sure are you that /dev/zero actually destroys the data rather than just removing pointers to it? A study of disk drives bought on ebay showed that 1/3 had not been wiped at all and 1/3 had been re-initialised in a way that made it trivially easy to recover the "deleted" data.
The whole point of the article is that they are replacing dives of unknown source and capabilities with encryptes drives which self-wipe on to many access failures. They are, correctly, replacing insecure devices with secure ones and destroying insecure ones with confidential data.
Given the casual way in which UK goverement employees, both civil and military, have been treating confidential information, I am glad that a department with seriously confidential information is taking the security of portable storage media seriously. Obviously, if the media were personally ppurchased and used in good faith, the owners of the media must be compensated. But, as previously suggested, these were probably privately purchased and then refunded as expenses, to the belong to the emplyer already.
As to destroying them... Put this in proportion: 150 devices, at perhaps $30 apiece if they wern't bought yesterday: about $4500. On the otyher side, when the UK government lost 2 CDs with large amounts of personal information, the mailshot warning the people whose personal and banking information had been misplaced cost $6,000,000. With cost ratios of this magnitude, the precautionary principle applies. Yes, you could wipe them, and they probably wouldn't leak info. But the cost if they did is so high that the tiny loss involved in destruction is irrelevant.
So I applaud a government department for finally taking privacy seriously. The cost arises becasue they didn't do so before, and is small. The cost for all the other departments who have not yet got it is increasing every day.
That is true - in fact, many of them are hydraulic engineers, which explains the steamroller power behind the Three Gorges Dam. They all want to crate the Greatres Dam Evah! But the system through which they rose, and the training they were given, was remarkably limited by Western standards. The were trained from the start as hydraulic engineers, and told to mignore anything which did not affect rivers and dams. Western education trues to priduce fairly genral purpose engineers who then specialise; Chinese training at the time turnsed out single-subject specialists in the quantity requested by the central control. So Li Peng, and his peers, will be less open minded than we would expect of the majority of engineers.
No. Because to non-technical people a network is a static thing, structural. Things don't travel over nets, they get casugt by nets, which hold them in place. The internet and its relatives is called a network because a picture of a computer network looks a niot like a pictutre of q net, be it fishing, climbing, safety or whatever. But you have already to bone of the cognoscenti to realise that those lines in the picture are active communications channels, not structural componenet. By the time they have got that far, they are already insiders.
There are a lot of words which techies have borroved from everyday language, often becasue of a fairly tortured analogy, and then re-used with a technical meaning which has very little relationship to everyday use. "Organic", as use in chemistry to mean compoints containg carbon and hudrogen, is very differnt from usage in "organic food" or "an organic part" - the latter being probably truest to the original meaning. The curvature of the univers described by physicists has a mathematical rlationship to the curves of a beutiful woman, but it it pretty tenous. And the word net used by a geet has little to do with fishnet stockings, functionally or socially.
True, but not very relevant. If you take the exclusionist approach, when Van Gogh becomes relevant, someone will write the article. Until then, the article is not needed and there is little point in writing articles for, say, every would-be artist. The set of artist who have sold at least one picture is probably pretty large - inluuding, for example, all the trite seaside watercolourers. The subset who will ever be studied by anybody, let alone searched for at large, is tiny.
However, I take a fairly inclusionist approach, because the Wikipedia Index (aka Google) is so good. However, it would be entirely possible to automatedly create an entry for every star, cluster and galaxy in one of the big star catalogues. This could be justified in an inclusionist way by stating that if such an astronomic object turns out to be the home of intelligent life, it will suddenly be of enormous interest.
If something can be covered by an external, authoritative, catalogue, Wikipedia should reference that, not copy it. It is the complex network of information which does not lend itself to rigid catalogues which Wikipedia should support.
No - it shows that the specification did not define what should happen with out of range conditions. The use formal specification languages to define what they want the software to do, but it is precisely these sorts of unforeseen circumstances which show that the spec was wrong, and the code only did what was specified.
The first linked article is more-or-less gossip, and gives no reason to blame the avionics. Not to say that it wasn't, but we want some evidence. The second is a much more reasoned article, and gives a number of possibilities, including avionics but also a number of others, all of which is possible. My favourite is fuel contamination - but we shall see.
The simple "running out of fuel" hypothesis is very unlikely. All aircraft are supposed to carry reserves to divert to another airport (not far in this case) plus ninety minutes flying. While cheapo airlines might short-cut on this, I cannot imagine BA doing so. There is no indication that the aircraft had been "stacked" for any length of time, so it shoudl have landed with two hours worth of fuel on board. There have been cases of aircraft being misfueled, but on a regular run between two sophisticated endpoints, this seems unlikely.
Concorde did not actually have a very good record - counted by flying hours. The fleet was very small, end even those aircraft that did fly only did one round trip per day, which was not very lone because of the aircraft's speed. The one accident Concorde did have moved it from perfect to the worst per hour of any moder aircraft. And if you look at the frequency of "events" like damaged rudders,, they were fairly frequent. The 777 fleet probably has more than 100 times the flying yo9urs of the Concorde fleet already.
The didn't fail exactly at the same time: one was spinning and one not when it hit the ground.
Actually, they have given up creating multiple implementations of the code. There were only ever two implementations, scattered across several computers. However, when developing the systems for this very aircraft type, Boeing decided that they now have tools which can verify precisely that the software matches the specification, and where they actually need to put the effort in is in checking that the specification makes sense. Rather than wasting effort in having two teams implement implement the specification, and verify that using automated tools, you use the extra effort to look closely at the specification.
You need to inquire into the nature of the connection. If it is IP packets routed straight through, then this is obviously extremely dangerous. But IP is explicitly designed as a "carry anything" network. So what you need is an explicit bridge that basically gives every message (not packet) a strip search. This bridge only carries pre-determined messages in a known, non-IP, format. So a would-be hacker cannot send pings and miscellaneous enquiries through this bridge. It simply doesn't understand ping or the IP discovery protocols, so it cannot pass them through.
TFA explicitly says that they are two separate networks, with some kind of bridging between them. There are reasons to have bridging. One example is flight progress information, which has already been quited by many. This might be regarded as a luxury, and deleted on safety grounds. But, for example, both cabin crew and flight crew need access to the air conditioning system, - the cabin crew to turn the temperature up or down, the flight crew to turn it down/off as part of their power management if they get a generation loss. There are plenty of others.
Very true - but this article is about the relevant supervisory authority, the FAA, doing their job and raising a yellow warning with Boeing. Boeing now have to respond appropriately. So far, I see a supervisory system working OK. Of course any unsupervised organisation will, from time to time, fall prey to the temptation to cut corners. That is why every system needs checks and balances.
And yes, you can wonder where the supervision of Microsoft is. Answer: nowhere. Which is why Linux is so important as a balance. At least people have some choice, though I would rather it was better.
This may be OK with upmarket cars like BMWs, but *all* the problems on my 10-year-old Ford have been related to electrical systems. Sensors that brake is pushed breaking, so it would let me go into Drive. Some sensor in the gearbox freaking out so it remained in bottom gear. A fuse regularly blowing (monthly) that fed so many random systems that we could never find out which it was, but it disabled the starter. Cruise control screwed. Reversing sensors screwed. The basic car has never given any problems, but the sensor/control systems have been a total PITA.
If you are about to enter turbulence, the captain must turn on the seatbelt light and get on the PA to tell everybody to sit down NOW, not when he can get the attention of an attendant puring coffee half way down the cabin.
Cost and complexity. The wiring loom for the aircraft is becoming heavy and complex. The reason the A380 was nearly two years late was because of problems in the wiring loom, cause by incompatible CAD systems between France and Germany. The fact that it took so long to correct an (inexcusable) cockup in the wiring shows how complicated the damn things are. The 747 is said to have 500km of wire in it: that weighs, and weight is fuel consumption, cost, and CO2 emission.
London used to have a system of hydraulic power distribution to power lifts (elevators) in the business areas. When it finally closed down, the network of pipes was in exactly those areas, full of high profile financial companies, in which they wanted to fit fibre optic cables, so they were recycled almost immediately.
But if you get addicted to drugs instead of reproducing, you lose. If you get involved in gangs with guns, you probably lose. If you get imprisoned through your reproductive years, you lose. If you are oversensitive to urban pollution, you lose. If your girl cheats with the Big Man and you bring up his children, you lose. If you kill yourself driving like an idiot (too common near me) you lose.
The environment is changing very, very fast. Changing environments drive evolution. But not in the way you might expect, nor might want.
Some years ago, my employers found out that (a) if a clause in an employment is found to be unreasonable, the clause is simple wiped out, not set to whatever is decided to be reasonable and (b) that most of the non-compete and patent-assignment in their current contract would be regarded as unreasonable. Therefore, in effect, they had no such clauses if an employee chose to argue about it. They therefore hastily drew up a new contract taking legal advice as to what would be regarded by courts as reasonable. The resultant contract was much more lenient.
If I invent something not directly associated with my current project, I have to give them first refusal to develop it, but if they don't take it up, they retain no rights. The have not rights over inventions I make after I leave - unless, of course, they can show that I was working on them before I left.
I only have a three month "no compete" over projects which would complete directly with equipment that I have been working on. So I can go straight to another company that makes competing equipment provided that I don't work on that equipment for three months.
Those requirements are actually less restrictive than my own sense of fair play, so I have no problem with them. Other UK workers might be interested; obviously it is different elesewhere. And, as always, IANAL.
I agree with this. Japan and China are as "physically and culturally linked" as the US and Latin America. Lots of cultural exchange, and not a few invasions, but that has not made the two merge together at all.
Not. It says that the only thing you can say is that you perceive them as happening right now, but you know they happened at different times in the past. A different observer would not certainly not perceive the same simultaneity - obviously, because they are in a differnt place so would have different speed-of-light delays. But if they worked back to when the supernovae "really" happened, they would not necessarily see the suparnovae being the same time-distance away, or with the same time-distance between them.
The reason for keeping your vote secret is so that the thugs employed by corrupt politicians do not come round and beat you up. This used to be a big problem before secret ballots. It also means that anybody so attempted to buy your vote has no way of knowing whether you delivered what they paid for, so much less motive to pay you.
You only have the (relatively) uncorrupt system you currently have because the precautions have been in place, and known to be in place, for decades. The ability to trace votes back to voters bring a risk to a return of Tammanay Hall politics, where a corrupt but unshiftable city boss terrorises everybody.
The Oxford English Dictionary puts the etymology later - about 1910. They claim it was first used in musical performances, when people would express their displeasure by stamping their feet so they would "saboter" the piece (actually probably just heavy boots rather than sabots). The word "sabotage" spread from this to mean the destruction of anything, not just a musical performance, by malignant non-participants. Frankly, this sounds more credible to me than throwing your (valuable) footwear into the machinery. Are you going to hop home?