I commented on this before, but here is a shorter version...
Legal issues.
If we get off this rock, we will probably allow asteroid mining. It would then be OK to reduce an asteroid to rubble to extract the ore that you want. Now imagine Pluto has some valuable Ultra-rareium at its core. Is it OK for a company or a country to smash it to pieces?
These definitions are important so laws can be made. Is it OK to bury radioactive waste in an asteroid? What about Mars? Does this apply to all planets, or just rocky planets?
So, while it might not matter scientifically, (like political borders don't matter to geologists), they may be important anyway.
Limit the amount of money that can be paid from one company to another for a patent to some fraction of the revenue stream related to that product from the company wanting to use the idea.
What if I design a new type of engine for a car that allows it to get 100 MPG? Do I get some fraction of the revenue from the sale of the entire car, or just the portion that could be considered the cost of the engine? What if I invent something that makes an reduces the size or weight of an existing device? The cost to the manufacturer is the same, but the cost to the consumer may go down (less shipping) so their overall revenue may go down because of my device. So do I have to pay them money? Finally, if it is tied to a revenue stream why not sell you 4 tires for $32,000 and you get the rest of the car (including the cool engine) for free? The car is free if you buy our Auto Care Package for 60 months at $500 a month! No revenue from the car, so no royalties. Hardly seems fair.
Open source software without revenue streams can stop worrying about infringing on patents, since 15% of $0 is still $0.
Imagine that we are competitors. I patent something really cool, and that is my main revenue stream. You want me to stop competing with your product, so you take my invention, give it away for free, (which doesn't affect your main revenue stream), and destroy my revenue stream causing my business to lose money, shut down and stop competing in your market. Does that seem fair? We complain about Microsoft doing things like this, but it's OK for OSS to do it? I don't think so.
Another idea - expiring patents. Have the patent holder pay a yearly fee to keep the patent in play, and have that fee increase each year.
So, if I invent something that will take many years to get into production, I should have to pay more money before I can profit from it? This is also unfair to smaller companies or individuals that don't have the resources of a corporation. $50k for year 20 of the patent is fine for IBM, but would make most individual broke. Think of RFID. It took a long time for manufacturing to catch up to the idea. The patent has already expired, but what if it hadn't?
The choice of storage for an individual depends on the nature of the data, the amount of data, the available bandwidth, the availability of a connection at all, what they are most comfortable with and what their idea of convenience is.
For example, you might not trust Microsoft or Google with your data even if it is encrypted. If you are in a competing business, you wouldn't want to store your business data on their servers. Alternatively, you may not trust them to provide you with the level of availability you desire. It doesn't help you if you can't access your data when you want it.
If you have a few hundred GB of data, you aren't going to want online storage. To access your data is going to take too much time. Even with decent bandwidth, anything more than a couple GB is going to give some serious delay. If you want to access the data at your grandparent's house and they use dial-up, online isn't an option.
Finally, if I am not comfortable with the online option, or I'm not comfortable with keeping my data in a single physical location, I'm not going to choose those options. Personally, I like having it on physical media that I can carry around. I like the bandwidth I get from a USB device and I don't have to worry about getting an online volume properly mounted.
On a side note, I don't trust the idea of "free" or even "cheap" online storage. The money for the hardware, bandwidth and administration have to come from somewhere. If I'm not paying for it directly, where is the money coming from? Either the company is getting some benefit from it - such as Google analyzing it for keywords to target advertising, or they are selling some sort of information about my data, or they are making it up in indirect costs (add $25 to the price of Vista). I would rather pay the direct costs so I know how much it is costing me; but that may be personal preference.
In this case, you can simply refer to the meet-in-the-middle attack as mentioned by dtfinch.
However, in the general case of debunking bogus encryption statements, it can be quite difficult. Why? Because encryption is hard, hard, hard, hard stuff. I've taken a graduate course in cryptography and all it did was reinforce how easy it is to make a mistake.
The only encryption scheme I know of that is provably unbreakable is the one-time pad. However, proper implementaion of that is a pain. Is AES secure? We don't know. We think it is, but there are researchers looking for weaknesses because we don't know for sure. It is possible, (however unlikely), that someone will develop an attack tomorrow sending everyone scrambling for a new encryption algorithm.
they properly inform people about the program and its uses before having them volunteer.
they are rigorous in protecting privacy. (No AOL fiasco.)
they closely monitor different companies are doing with the data - no cross-referencing with their own data to identify people, no reselling of the data, etc.
they allow patients to "opt-out" even after they have volunteered.
they provide it for free to interested, responsible paries. (Or at least cheap enough that major pharmaceutical companies aren't the only customers.)
they follow the ethical standards of the profession, and not the ethical standards of the mighty dollar (or pound).
I enjoyed the expansive environment for the first hour or so, then it just became annoying. If you miss one thing, then you have to run around making sure you didn't miss a small path that leads to the next area - or you need to perform a perfect jump to get onto a ledge and you aren't sure if you're supposed to jump to it or find a different way up. While I don't claim every game has to be linear, don't hide the route you have to go.
Also, I found a lot of the levels boring and repetative. (Library anyone?) Sure, it's realistic to go through a few levels, get something, and fight your way out - but if I wanted realistic I wouldn't be playing a game. Why not make another way out so the levels are different? Or, if it isn't necessary for gameplay, give an elevator/shuttle/monorail/teleporter/cutscene so I don't have to do the same thing twice!
If I wanted to see cool environments and just "tool around and check things out" I would play the Myst series.
I don't mean this as a troll, but I didn't find Halo to be a game that should be repeated in a sequel. Of course, I haven't played many games where I want a sequel that is very similar to the original - I like diversity in my games. Why should I pay $60 for the same game that has added a few new weapons and enemies and updated the graphics a bit? Why not call the new game what it is - an expansion pack.
How about a simple cell phone for kids with around 6 buttons that can be pre-programmed with phone numbers.
Button 1: Home
Button 2: Parent's cell/work number
Button 3: Other parent's cell/work number
Button 4: Other relative
Button 5: Neighbor
Button 6: 911
Now the kid can use it to call their parents in case of emergency or other problems, (or just need to be picked up after soccer practice). Can't use it to call their friends since it doesn't have a normal keypad. If you want to be paranoid, add some GPS tracking software so you know where your kid is.
This type of thing may also be appropriate for younger children since it is hard to abuse - except by calling 911 when your mommy doesn't answer her phone. But if your child isn't old/smart enough to know that, they probably shouldn't be out of your sight.
There is no "properly secured network", except for the very rare case where every single point of access is separated from every other device on the network by a firewall/IDS.
To quote Dr. Gene Spafford: "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."
However, you are confusing "properly secured" with "perfectly secured". To date, we do not have any perfectly secured systems. However, under the constraints we deal with in real situations, there are many properly secured systems/networks. Are they bulletproof? Foolproof? Or any other proof? No. However, we do what we can in an imperfect world.
Ethernet is just an unreliable und unauthenticating transport layer.
True. However, I would direct you to the Detecting Intrusions at Layer ONe (DILON) project at Iowa State University. This is researching how to fingerprint the physical attributes of a network card so you can't spoof MAC addresses. Very cool stuff.
Except for completely controlled environments it should not be trusted any more than a wireless network.
Yes, it should. Why? An attacker has to deal with the physical constraints of that environment. That is, they have to be physically present to attach to that network. This can include leaving things like fingerprints, DNA, footprints or any other physical evidence that is used on CSI. If they cause enough damage, or catch someone in the right mood, the effort will be made to catch them. Wireless is a much scarier animal. Using a directional antenna, I can be hundreds of yards away from the access point. This is a much larger area to search and is effectively impossible on a school campus. (Too many people have legitimate reasons to be in the area.)
Consequently, if the legitimate devices on your network are properly administered with that in mind, it doesn't matter what else is on the net. A deliberate flood should be necessary to disrupt network service on such a network.
Umm... no. How many zero-day exploits are there? A lot. This means that no one knows they exist, or how to protect against them before they happen. Even properly administered systems are not immune since, by definition, I don't know about the vulnerability. So, as long as I can reach the system with traffic, I can potentially hurt it. So, how do we protect the network? By not allowing unknown systems to connect to it.
"It's amazing how many people go there," Andrews said of iTunes. "We're hoping albums work there." Andrews said he wasn't sure if Apple eventually would allow the album to be kept intact.
I've seen a bunch of tracks that weren't available unless you purchase the entire album. The albums usually have 1 or 2 tracks for sale individually but the rest require you to buy the album. I understand the artistic concerns, but if you would release some of the songs as singles for play on the radio, why not make them available as downloads? Or do artistic concerns end when you want a hit single so the album sells well?
Network operators should not be concerned with who is on the network. All that matters is that the network works.
If they don't pay attention to who is on the network, then the network will cease to work. Would you want 10 people to use your home network and drive your performance through the floor?
I'm honestly interested: What is the reason for not wanting "rogue access points" on a network, except for the foolish belief that the network security is at risk?
First, it is not a foolish belief. The fact you believe it is foolish shows you do not really understand the underlying issues. While there are too many to list, here are a few off the top of my head:
Where I work, we've had people install wireless routers with DHCP turned on and giving out real network IPs because they wanted to get their assigned IP for their notebook. Of course, they made their SSID the same as the normal APs. Addressing and routing problems occured all over the building.
You can also interfere with other access points. If you set yours to the same channel as a nearby AP, you can wreck their performance. Your performance may be fine since you are in the same room as your rogue AP and your signal is strong enough. Not neccesarily true for neighboring rooms/buildings.
If you plug in a router that assigns IPs, even reserved IPs, you may be allowing an attacker to operate anonymously. The official APs may be set up to log all MAC addresses that attempt to connect or otherwise maintain information on the users. If your AP doesn't, then the attacker can't be traced in any way. Our location requires the MAC addresses to be registered - by going through a router this is eliminated. (MAC address is only seen by the router.)
There may be a firewall or IDS immediately "behind" official APs. There might not be a firewall where you connect into the wired network. Especially if you are in a lab, the machines might be patched with a firewall, anti-virus and other protection mechanisms in place, such as no administrator access to users. So anything entering from those machines has already made it past their defenses.
As for being connected to the internet thingy, sure there are a lot of bad things out there. However, if you look at properly secured networks, you would find that there is usually an "outer" firewall, then the DMZ with the machines (mail, web) that need to be accessed from the internet thingy, then there is an "inner" firewall with even more restrictive rules. Then you throw in a few IDS systems, proxy servers and other systems and any attacker has to really work to get into your network without at least alerting you something is going on.
Now, your point that someone can connect their laptop to the network is a valid one - which is why most corporations provide the laptops AND the administrative support for them to make sure they have the latest patches and security apps installed. Ideally, they also have a policy about how and where the laptop can be used. For example, the laptop is for work related business only - no online gambling, pr0n, etc. This greatly reduces the risk. Also, properly managed, the user doesn't have administrative access to the machine.
On a final note, don't assume that bad service indicates a bad admin. They may be operating under restrictions that you aren't aware of. For example, if a corporation donates equipment for a new lab, the school has to spend the time and money to wire it and maintain it. It's great that there is an additional lab, but there is no corresponding increase in staff, so everyone has to work harder. Lack of funds may prevent network upgrades or equipment replacements that are recommended by the admins. Maybe a switch went down and they can't replace it right away, so they decided to provide some service in each lab instead of eliminating all service in one lab.
Anyway, just because you don't think there is a problem with doing something doesn't mean there isn't. Respect the opinion of a professional - unless you know, from experience, they are wrong.
Anyways, to answer the rest of your question: I'd guess you'd need the reciept; how else are they to know that you're the one who bought the cassette or that you didn't buy it after you were charged?
Unfortunately, this would fail in the case of gifts. I could always give you my copy of the music/movie/whatever and could claim that I purchased it as a gift for you (possibly true). This is a valid scenario where someone else is shown as the purchaser of the music. It gets even harder if you pay cash, or go to a store where they give a receipt with the amount on it, but not the item description (used music store, eBay, buy from a friend, etc.).
Alternatively, you could use missiles that would home in on the jammers and blow them up so they couldn't be used anymore. We could call them high-speed anti-radiation missiles HARM.
Wireless ad hoc nets have two major points of vulnerability: they are vulnerable to routing protocol attacks, and they consist of nodes with finite energy reserves.
While true for generic networks, your first point does not apply to the network in this situation.
In a normal MANET, untrusted nodes are able to connect to the network and provide/receive services. However, in a military network, only trusted nodes will be allowed to join the network since you don't want an enemy to have access to your resources.
Now, the question is, how do we have trusted nodes? We can't allow access based on hardware since there is always the risk of a node being captured by the enemy, (and we might sell the equipment to our allies). This means each node will have to have some sort of certificate that allows access to the network. Since each node must have a certificate, we can encrypt our routing protocols, preventing them from being attacked directly. (Actually, the hard part of the problem is certificate revocation.)
Finite energy reserves are a problem, normally, but this is the military. If each node in the network costs US$1000, they deploy 10,000 of them and they only have power for 1 day, this is only US$10 million per day. This would only be a 1-2% increase in the cost of the war in Iraq. Well worth it if it helps fight a war. When ones dies, you drop off another one from a helicopter. If you want them transported by infantry, you just give them more to carry, or replacement batteries for the one they carry.
So it's no surprise that the trend has been to develop "underlay" meshing protocols instead of traditional layer 3 routing schemes, because all of the security has to be built into layers 1 and 2 anyway on account of the fact that traffic can be easily sniffer or injected by passers by.
If we use (good) encryption for the physical layer, meaningful traffic can't be injected and sniffing the channel provides no information other than communication is occuring. However, using frequency hopping, spread spectrum and other techniques you can actually get the signal below the threshold of noise making it essentially undetectable. Also, it makes jamming difficult since the jammer would have to jam all of the frequencies used instead of the small band used in a specific time slice. Ex: If you hop over 10 frequencies, and it appears random from the viewpoint for the attacker, they must jam all 10 frequencies at all times. If you use spread spectrum to spread the signal over 10 times the actual bandwidth required, this requires 10x the jamming also. So, if you transmit at 1 watt, they have to use 100 watts to jam you. This makes them nice targets for high-speed anti-radiation missiles (HARM).
Could Americans have LOST the Bravery needed to actually BE free
Yes.
I wonder when exactly the Airlines forgot they needed to obey the Constitution.
They aren't bound by the Constitution. They are a private organization and you have the choice to not fly with them, and they have the choice to not allow you to fly. Another example is freedom of religion. The state has to recognize this right, but a private agency doesn't. Want to get married in a church? They don't have to let you if you aren't a member of their faith. Want to get married in the courthouse? It doesn't matter what religion you are.
It is a common misconception that the rules that apply to the government apply to private entities as well. Another case, I asked my lawyer if it was "age discrimination" for a restaurant to deny my order from the kids menu. His reply was that it is discrimination, but legal descrimination. Legal descrimination happens all the time in areas like sports. A man can't play on a female sports team, even if there isn't a male team for that sport.
I agree. However, if you are working with a retail website for music, books, etc. it is extremely unlikely you will see that amount. While BigNum would be safer, if you have a popular site, with an overworked server, performance would be better with float.
I think an important thing to remember is that if you design an app for a retail bookstore, you shouldn't expect that same app to work for wholesale heavy machinery. You don't expect a bridge on a county road to handle thousands of trucks a day, but a bridge on a busy interstate should.
Again, BigNum is safer, but has an overhead associated with it.
Exactly. Unfortunately, there are too many people out there who are programmers, even good ones, who don't know, or understand, the basics. While I'm not claiming that formal education is the only way to get the knowledge you need, it is a good way to avoid gaps in your knowledge. I hated some of the computer science classes I had to take, but I did learn something important in each and every one of them.
Another advantage in the formal classes is you get the theory that allows you to make decisions on what data types to use and when. Sometimes you need the precision of BigNum systems, (crypto for example), and sometimes the accuracy of float is enough. For example, in a lot of financial applications, float would be good enough since 2 decimal places is enough. If you need performance, float will beat any BigNum system hands down. However, if you are dealing with decimals on top of decimals, (such as calculating someone's dividend from a mutual fund where they own partial shares), you might need BigNum. Either way, with the proper theory and good understanding of the formats, you can make these decisions.
These situations are why I am a big supporter of actual software engineering instead of programming. Sure, standard programming is great for a lot of situations, but serious applications need to use software engineering practices. You wouldn't build a bridge without an engineer, so why build an application that handles billions of dollars without applying the same rules and principles?
Well, it doesn't matter at the moment, but it may matter when we get our butts off this planet and start colonizing the rest of the solar system. Why? Well, we will need a lot of treaties and laws and rules that govern how we handle ourselves out there. For example, we may decide that no one can claim ownership of a planet - kind of like Antarctica. Or that there are certain envrionmental guidelines that apply to planets - no dumping of toxic/radioactive waste.
However, it may be beneficial to allow political or corporate entities to lay claim to asteroids for purposes of development or mining. In fact, we may state that it is OK to change their orbits for economic gain. Let's decide that we aren't allowed to smash planets (or moons for that matter) into pieces to make mining easier. There are a lot of plans for deflecting an asteroid away from Earth, so can we deflect it to hit Mars instead? It would certainly make it easier to obtain the metals we want if it is already smashed into pieces. Is it OK to deflect it into another asteroid, but not a planet?
While these may seem like useless things to consider, we have learned the hard way that humans tend to exploit environments once they get their hands on them. It is only after destroying large areas that we decide we should protect what's left. Hopefully, we can create a good system to prevent that from happening with other planets and major solar system objects, while still getting the economic benefits of mining in space.
It can take a few hours, but only has to be done once or, at most, every year or two. However, once done, you don't have to spend 20-30 minutes on each demo you might like. Also, it can be hard to tell how good a game is from a demo - it doesn't last long enough to get a feel for overall storyline or playability.
And RDP is not a keystroke-per-packet, 100% of the time. Neither is SSH. Without that, you couldn't make any assumptions about the data you may have missed.
That's why you send the data multiple times. Even if you miss 10% of the data each time, if you send it 100 times, its likely you will receive it all. You could even add some sort of checksum so you would know when you receive it all.
Encryption latency, packet retransmissions upon collisions at routing equipement... there are 1000 reasons outside the lab this wouldn't be even remotely useful for tracking activity off the desktop, and there's way easier ways of doing it on the desktop.
There are 1000 papers on covert channels on how to get this to work. It has been done outside of a lab, using the real Internet under real conditions. Easier ways to do this? Absolutely. However, the idea is to get the signal hidden in the "noise" so it's never detected and the data channel lasts for a long time.
Secondly, computers age quite fast. If you buy a computer, it is reasonable to overcompensate because in 2-3 years an average computer will be out of date and underpowered. The top of the line computer today will be the below average in 5 years but you still can get some life out of it.
Actually, it makes more sense to buy a middle of the road system today and upgrade it in 1.5 - 2 years. You probably break even on the money since you avoid the premium for the best hw, but you will have more power than that when you buy you next system. There is an added benefit of actually having 2 systems after 2 years. You may not like the power of the first one, but it will make a good file server, a good PC for your kids, or whatever else you feel like using it for.
I am roughly the same age as you and I also find myself caring less about the latest tech. I think I can identify a few root causes...
I have less time to mess around with new gear. I only learn the basic functions of new gear (such as cell phones) because I don't have time to figure out all the features, or to use them.
I have learned the value of my money. I don't need to spend a couple grand buying a brand new system to get a little better framerate or slightly shorter compile times. My current system is a few years old and I don't have any problems with my apps, and a new system won't make me type any faster or let me enjoy movies at twice the speed. I would rather save my money for travel.
I have learned that new tech is just that - new. There are a lot of bugs and other issues that haven't been worked out yet. I want my tech to work well and be hassle free.
The "new" technology is new, but it isn't better. Better graphics? OK. But is it a better game? No. I can keep my PS2 and have a huge library of great games that can be had for $20. The reason I bought a DS is the new Super Mario Bros. game. I liked the gameplay. The updated graphics are just a bonus.
The only tech I have been interested in are the new MacBooks - great OS and not as much $$$ and the Nintendo Wii - because of access to the Nintendo game library.
People should rely more on reviews from people that have the same gaming opinions as they do instead of some number. Consider: How many poorly rated movies do well at the box office, and how many highly rated movies do poorly? A lot. Check out Yahoo! movies or similar site and compare the critics to the people. They are never the same and rarely similar. Why? Movie critics see a lot of movies, so are biased towards the storyline and acting instead of a big action sequence. So, they view movies differently than I do.
Extending that to video games; a reviewer who enjoys FPS games is going to give a high rating to the latest shooter with great graphics. I like older FPS games, but hate the direction that the industry has gone with newer games. So, if a reviewer is a fan of the genre, and I'm not, should I use their review? Of course not! I hate RTS games, so even if one had a 10 rating I wouldn't buy it. However, maybe someone does something new and it is worth my time and money to give it a shot. How do I know? I need to find a reviewer who doesn't like RTS games and get their rating - if they give it a 7 or 8, but they don't like RTS, then I should look into it.
So, how do you find these reviewers? Give ratings to the games you have played, maybe separated by genre, and then go looking for reviews that are close to your own and look at the name of the reviewers. Then search by reviewer to see how close their ratings are to your own, pick the closest (or some sort of combination - Alice for RTS and Bob for FPS). Now you have some reviewers you can trust will like the same games you do, and you can shop accordingly.
How do you handle sites where the bad pages are hidden behind a robots file? The front page may be crawlable, but the page with the malware isn't.
How do they handle redirects? If I have a site that redirects a user to bad content, is the original page flagged as bad? Combined with a page that isn't crawled, how would they know to flag it?
How are they going to handle any obfuscation that takes place? Or handle new malware? This might not be a show-stopper, but I think it is a techinical issue that should be addressed.
How are they going to handle the lag between crawling and new content? My server gets crawled about once a week. So I would have ~6 days to host bad content before switching it back to look legit for my next Google crawl.
What system are they going to have to handle complaints or appeals? If my site is flagged incorrectly, Google is taking a risk of liability by flagging it that way. It seems that if they take due diligence to keep the false positives low, there will be an increase in false negatives.
These are just off the top of my head and I am sure there are a lot more issues that I haven't thought of.
Really? How? The lab is researching something new and doesn't know how to get to the end stage without trial and error. Sound like evolution? Of course, they can look at the most promising avenues and pursue those. Oh, wait. Evolution does it as well. I know! We will rely on the beings behind Intelligent Design to create them, and then just use them.
Sorry for sounding like a Troll, but you can't just skip steps in a lab if you don't know how to get where you are going.
Slashdot Mirror
I commented on this before, but here is a shorter version...
Legal issues.
If we get off this rock, we will probably allow asteroid mining. It would then be OK to reduce an asteroid to rubble to extract the ore that you want. Now imagine Pluto has some valuable Ultra-rareium at its core. Is it OK for a company or a country to smash it to pieces?
These definitions are important so laws can be made. Is it OK to bury radioactive waste in an asteroid? What about Mars? Does this apply to all planets, or just rocky planets?
So, while it might not matter scientifically, (like political borders don't matter to geologists), they may be important anyway.
Limit the amount of money that can be paid from one company to another for a patent to some fraction of the revenue stream related to that product from the company wanting to use the idea.
What if I design a new type of engine for a car that allows it to get 100 MPG? Do I get some fraction of the revenue from the sale of the entire car, or just the portion that could be considered the cost of the engine? What if I invent something that makes an reduces the size or weight of an existing device? The cost to the manufacturer is the same, but the cost to the consumer may go down (less shipping) so their overall revenue may go down because of my device. So do I have to pay them money? Finally, if it is tied to a revenue stream why not sell you 4 tires for $32,000 and you get the rest of the car (including the cool engine) for free? The car is free if you buy our Auto Care Package for 60 months at $500 a month! No revenue from the car, so no royalties. Hardly seems fair.
Open source software without revenue streams can stop worrying about infringing on patents, since 15% of $0 is still $0.
Imagine that we are competitors. I patent something really cool, and that is my main revenue stream. You want me to stop competing with your product, so you take my invention, give it away for free, (which doesn't affect your main revenue stream), and destroy my revenue stream causing my business to lose money, shut down and stop competing in your market. Does that seem fair? We complain about Microsoft doing things like this, but it's OK for OSS to do it? I don't think so.
Another idea - expiring patents. Have the patent holder pay a yearly fee to keep the patent in play, and have that fee increase each year.
So, if I invent something that will take many years to get into production, I should have to pay more money before I can profit from it? This is also unfair to smaller companies or individuals that don't have the resources of a corporation. $50k for year 20 of the patent is fine for IBM, but would make most individual broke. Think of RFID. It took a long time for manufacturing to catch up to the idea. The patent has already expired, but what if it hadn't?
The choice of storage for an individual depends on the nature of the data, the amount of data, the available bandwidth, the availability of a connection at all, what they are most comfortable with and what their idea of convenience is.
For example, you might not trust Microsoft or Google with your data even if it is encrypted. If you are in a competing business, you wouldn't want to store your business data on their servers. Alternatively, you may not trust them to provide you with the level of availability you desire. It doesn't help you if you can't access your data when you want it.
If you have a few hundred GB of data, you aren't going to want online storage. To access your data is going to take too much time. Even with decent bandwidth, anything more than a couple GB is going to give some serious delay. If you want to access the data at your grandparent's house and they use dial-up, online isn't an option.
Finally, if I am not comfortable with the online option, or I'm not comfortable with keeping my data in a single physical location, I'm not going to choose those options. Personally, I like having it on physical media that I can carry around. I like the bandwidth I get from a USB device and I don't have to worry about getting an online volume properly mounted.
On a side note, I don't trust the idea of "free" or even "cheap" online storage. The money for the hardware, bandwidth and administration have to come from somewhere. If I'm not paying for it directly, where is the money coming from? Either the company is getting some benefit from it - such as Google analyzing it for keywords to target advertising, or they are selling some sort of information about my data, or they are making it up in indirect costs (add $25 to the price of Vista). I would rather pay the direct costs so I know how much it is costing me; but that may be personal preference.
In this case, you can simply refer to the meet-in-the-middle attack as mentioned by dtfinch.
However, in the general case of debunking bogus encryption statements, it can be quite difficult. Why? Because encryption is hard, hard, hard, hard stuff. I've taken a graduate course in cryptography and all it did was reinforce how easy it is to make a mistake.
The only encryption scheme I know of that is provably unbreakable is the one-time pad. However, proper implementaion of that is a pain. Is AES secure? We don't know. We think it is, but there are researchers looking for weaknesses because we don't know for sure. It is possible, (however unlikely), that someone will develop an attack tomorrow sending everyone scrambling for a new encryption algorithm.
If...
they properly inform people about the program and its uses before having them volunteer.
they are rigorous in protecting privacy. (No AOL fiasco.)
they closely monitor different companies are doing with the data - no cross-referencing with their own data to identify people, no reselling of the data, etc.
they allow patients to "opt-out" even after they have volunteered.
they provide it for free to interested, responsible paries. (Or at least cheap enough that major pharmaceutical companies aren't the only customers.)
they follow the ethical standards of the profession, and not the ethical standards of the mighty dollar (or pound).
Am I the only one who didn't like Halo?
I enjoyed the expansive environment for the first hour or so, then it just became annoying. If you miss one thing, then you have to run around making sure you didn't miss a small path that leads to the next area - or you need to perform a perfect jump to get onto a ledge and you aren't sure if you're supposed to jump to it or find a different way up. While I don't claim every game has to be linear, don't hide the route you have to go.
Also, I found a lot of the levels boring and repetative. (Library anyone?) Sure, it's realistic to go through a few levels, get something, and fight your way out - but if I wanted realistic I wouldn't be playing a game. Why not make another way out so the levels are different? Or, if it isn't necessary for gameplay, give an elevator/shuttle/monorail/teleporter/cutscene so I don't have to do the same thing twice!
If I wanted to see cool environments and just "tool around and check things out" I would play the Myst series.
I don't mean this as a troll, but I didn't find Halo to be a game that should be repeated in a sequel. Of course, I haven't played many games where I want a sequel that is very similar to the original - I like diversity in my games. Why should I pay $60 for the same game that has added a few new weapons and enemies and updated the graphics a bit? Why not call the new game what it is - an expansion pack.
Button 1: Home
Button 2: Parent's cell/work number
Button 3: Other parent's cell/work number
Button 4: Other relative
Button 5: Neighbor
Button 6: 911
Now the kid can use it to call their parents in case of emergency or other problems, (or just need to be picked up after soccer practice). Can't use it to call their friends since it doesn't have a normal keypad. If you want to be paranoid, add some GPS tracking software so you know where your kid is.
This type of thing may also be appropriate for younger children since it is hard to abuse - except by calling 911 when your mommy doesn't answer her phone. But if your child isn't old/smart enough to know that, they probably shouldn't be out of your sight.
There is no "properly secured network", except for the very rare case where every single point of access is separated from every other device on the network by a firewall/IDS.
To quote Dr. Gene Spafford: "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."
However, you are confusing "properly secured" with "perfectly secured". To date, we do not have any perfectly secured systems. However, under the constraints we deal with in real situations, there are many properly secured systems/networks. Are they bulletproof? Foolproof? Or any other proof? No. However, we do what we can in an imperfect world.
Ethernet is just an unreliable und unauthenticating transport layer.
True. However, I would direct you to the Detecting Intrusions at Layer ONe (DILON) project at Iowa State University. This is researching how to fingerprint the physical attributes of a network card so you can't spoof MAC addresses. Very cool stuff.
Except for completely controlled environments it should not be trusted any more than a wireless network.
Yes, it should. Why? An attacker has to deal with the physical constraints of that environment. That is, they have to be physically present to attach to that network. This can include leaving things like fingerprints, DNA, footprints or any other physical evidence that is used on CSI. If they cause enough damage, or catch someone in the right mood, the effort will be made to catch them. Wireless is a much scarier animal. Using a directional antenna, I can be hundreds of yards away from the access point. This is a much larger area to search and is effectively impossible on a school campus. (Too many people have legitimate reasons to be in the area.)
Consequently, if the legitimate devices on your network are properly administered with that in mind, it doesn't matter what else is on the net. A deliberate flood should be necessary to disrupt network service on such a network.
Umm... no. How many zero-day exploits are there? A lot. This means that no one knows they exist, or how to protect against them before they happen. Even properly administered systems are not immune since, by definition, I don't know about the vulnerability. So, as long as I can reach the system with traffic, I can potentially hurt it. So, how do we protect the network? By not allowing unknown systems to connect to it.
"It's amazing how many people go there," Andrews said of iTunes. "We're hoping albums work there." Andrews said he wasn't sure if Apple eventually would allow the album to be kept intact.
I've seen a bunch of tracks that weren't available unless you purchase the entire album. The albums usually have 1 or 2 tracks for sale individually but the rest require you to buy the album. I understand the artistic concerns, but if you would release some of the songs as singles for play on the radio, why not make them available as downloads? Or do artistic concerns end when you want a hit single so the album sells well?
Network operators should not be concerned with who is on the network. All that matters is that the network works.
If they don't pay attention to who is on the network, then the network will cease to work. Would you want 10 people to use your home network and drive your performance through the floor?
I'm honestly interested: What is the reason for not wanting "rogue access points" on a network, except for the foolish belief that the network security is at risk?
First, it is not a foolish belief. The fact you believe it is foolish shows you do not really understand the underlying issues. While there are too many to list, here are a few off the top of my head:
Where I work, we've had people install wireless routers with DHCP turned on and giving out real network IPs because they wanted to get their assigned IP for their notebook. Of course, they made their SSID the same as the normal APs. Addressing and routing problems occured all over the building.
You can also interfere with other access points. If you set yours to the same channel as a nearby AP, you can wreck their performance. Your performance may be fine since you are in the same room as your rogue AP and your signal is strong enough. Not neccesarily true for neighboring rooms/buildings.
If you plug in a router that assigns IPs, even reserved IPs, you may be allowing an attacker to operate anonymously. The official APs may be set up to log all MAC addresses that attempt to connect or otherwise maintain information on the users. If your AP doesn't, then the attacker can't be traced in any way. Our location requires the MAC addresses to be registered - by going through a router this is eliminated. (MAC address is only seen by the router.)
There may be a firewall or IDS immediately "behind" official APs. There might not be a firewall where you connect into the wired network. Especially if you are in a lab, the machines might be patched with a firewall, anti-virus and other protection mechanisms in place, such as no administrator access to users. So anything entering from those machines has already made it past their defenses.
As for being connected to the internet thingy, sure there are a lot of bad things out there. However, if you look at properly secured networks, you would find that there is usually an "outer" firewall, then the DMZ with the machines (mail, web) that need to be accessed from the internet thingy, then there is an "inner" firewall with even more restrictive rules. Then you throw in a few IDS systems, proxy servers and other systems and any attacker has to really work to get into your network without at least alerting you something is going on.
Now, your point that someone can connect their laptop to the network is a valid one - which is why most corporations provide the laptops AND the administrative support for them to make sure they have the latest patches and security apps installed. Ideally, they also have a policy about how and where the laptop can be used. For example, the laptop is for work related business only - no online gambling, pr0n, etc. This greatly reduces the risk. Also, properly managed, the user doesn't have administrative access to the machine.
On a final note, don't assume that bad service indicates a bad admin. They may be operating under restrictions that you aren't aware of. For example, if a corporation donates equipment for a new lab, the school has to spend the time and money to wire it and maintain it. It's great that there is an additional lab, but there is no corresponding increase in staff, so everyone has to work harder. Lack of funds may prevent network upgrades or equipment replacements that are recommended by the admins. Maybe a switch went down and they can't replace it right away, so they decided to provide some service in each lab instead of eliminating all service in one lab.
Anyway, just because you don't think there is a problem with doing something doesn't mean there isn't. Respect the opinion of a professional - unless you know, from experience, they are wrong.
Anyways, to answer the rest of your question: I'd guess you'd need the reciept; how else are they to know that you're the one who bought the cassette or that you didn't buy it after you were charged?
Unfortunately, this would fail in the case of gifts. I could always give you my copy of the music/movie/whatever and could claim that I purchased it as a gift for you (possibly true). This is a valid scenario where someone else is shown as the purchaser of the music. It gets even harder if you pay cash, or go to a store where they give a receipt with the amount on it, but not the item description (used music store, eBay, buy from a friend, etc.).
Alternatively, you could use missiles that would home in on the jammers and blow them up so they couldn't be used anymore. We could call them high-speed anti-radiation missiles HARM.
Wireless ad hoc nets have two major points of vulnerability: they are vulnerable to routing protocol attacks, and they consist of nodes with finite energy reserves.
While true for generic networks, your first point does not apply to the network in this situation.
In a normal MANET, untrusted nodes are able to connect to the network and provide/receive services. However, in a military network, only trusted nodes will be allowed to join the network since you don't want an enemy to have access to your resources.
Now, the question is, how do we have trusted nodes? We can't allow access based on hardware since there is always the risk of a node being captured by the enemy, (and we might sell the equipment to our allies). This means each node will have to have some sort of certificate that allows access to the network. Since each node must have a certificate, we can encrypt our routing protocols, preventing them from being attacked directly. (Actually, the hard part of the problem is certificate revocation.)
Finite energy reserves are a problem, normally, but this is the military. If each node in the network costs US$1000, they deploy 10,000 of them and they only have power for 1 day, this is only US$10 million per day. This would only be a 1-2% increase in the cost of the war in Iraq. Well worth it if it helps fight a war. When ones dies, you drop off another one from a helicopter. If you want them transported by infantry, you just give them more to carry, or replacement batteries for the one they carry.
So it's no surprise that the trend has been to develop "underlay" meshing protocols instead of traditional layer 3 routing schemes, because all of the security has to be built into layers 1 and 2 anyway on account of the fact that traffic can be easily sniffer or injected by passers by.
If we use (good) encryption for the physical layer, meaningful traffic can't be injected and sniffing the channel provides no information other than communication is occuring. However, using frequency hopping, spread spectrum and other techniques you can actually get the signal below the threshold of noise making it essentially undetectable. Also, it makes jamming difficult since the jammer would have to jam all of the frequencies used instead of the small band used in a specific time slice. Ex: If you hop over 10 frequencies, and it appears random from the viewpoint for the attacker, they must jam all 10 frequencies at all times. If you use spread spectrum to spread the signal over 10 times the actual bandwidth required, this requires 10x the jamming also. So, if you transmit at 1 watt, they have to use 100 watts to jam you. This makes them nice targets for high-speed anti-radiation missiles (HARM).
Could Americans have LOST the Bravery needed to actually BE free
Yes.
I wonder when exactly the Airlines forgot they needed to obey the Constitution.
They aren't bound by the Constitution. They are a private organization and you have the choice to not fly with them, and they have the choice to not allow you to fly. Another example is freedom of religion. The state has to recognize this right, but a private agency doesn't. Want to get married in a church? They don't have to let you if you aren't a member of their faith. Want to get married in the courthouse? It doesn't matter what religion you are.
It is a common misconception that the rules that apply to the government apply to private entities as well. Another case, I asked my lawyer if it was "age discrimination" for a restaurant to deny my order from the kids menu. His reply was that it is discrimination, but legal descrimination. Legal descrimination happens all the time in areas like sports. A man can't play on a female sports team, even if there isn't a male team for that sport.
I agree. However, if you are working with a retail website for music, books, etc. it is extremely unlikely you will see that amount. While BigNum would be safer, if you have a popular site, with an overworked server, performance would be better with float.
I think an important thing to remember is that if you design an app for a retail bookstore, you shouldn't expect that same app to work for wholesale heavy machinery. You don't expect a bridge on a county road to handle thousands of trucks a day, but a bridge on a busy interstate should.
Again, BigNum is safer, but has an overhead associated with it.
Exactly. Unfortunately, there are too many people out there who are programmers, even good ones, who don't know, or understand, the basics. While I'm not claiming that formal education is the only way to get the knowledge you need, it is a good way to avoid gaps in your knowledge. I hated some of the computer science classes I had to take, but I did learn something important in each and every one of them.
Another advantage in the formal classes is you get the theory that allows you to make decisions on what data types to use and when. Sometimes you need the precision of BigNum systems, (crypto for example), and sometimes the accuracy of float is enough. For example, in a lot of financial applications, float would be good enough since 2 decimal places is enough. If you need performance, float will beat any BigNum system hands down. However, if you are dealing with decimals on top of decimals, (such as calculating someone's dividend from a mutual fund where they own partial shares), you might need BigNum. Either way, with the proper theory and good understanding of the formats, you can make these decisions.
These situations are why I am a big supporter of actual software engineering instead of programming. Sure, standard programming is great for a lot of situations, but serious applications need to use software engineering practices. You wouldn't build a bridge without an engineer, so why build an application that handles billions of dollars without applying the same rules and principles?
Well, it doesn't matter at the moment, but it may matter when we get our butts off this planet and start colonizing the rest of the solar system. Why? Well, we will need a lot of treaties and laws and rules that govern how we handle ourselves out there. For example, we may decide that no one can claim ownership of a planet - kind of like Antarctica. Or that there are certain envrionmental guidelines that apply to planets - no dumping of toxic/radioactive waste.
However, it may be beneficial to allow political or corporate entities to lay claim to asteroids for purposes of development or mining. In fact, we may state that it is OK to change their orbits for economic gain. Let's decide that we aren't allowed to smash planets (or moons for that matter) into pieces to make mining easier. There are a lot of plans for deflecting an asteroid away from Earth, so can we deflect it to hit Mars instead? It would certainly make it easier to obtain the metals we want if it is already smashed into pieces. Is it OK to deflect it into another asteroid, but not a planet?
While these may seem like useless things to consider, we have learned the hard way that humans tend to exploit environments once they get their hands on them. It is only after destroying large areas that we decide we should protect what's left. Hopefully, we can create a good system to prevent that from happening with other planets and major solar system objects, while still getting the economic benefits of mining in space.
It can take a few hours, but only has to be done once or, at most, every year or two. However, once done, you don't have to spend 20-30 minutes on each demo you might like. Also, it can be hard to tell how good a game is from a demo - it doesn't last long enough to get a feel for overall storyline or playability.
And RDP is not a keystroke-per-packet, 100% of the time. Neither is SSH. Without that, you couldn't make any assumptions about the data you may have missed.
That's why you send the data multiple times. Even if you miss 10% of the data each time, if you send it 100 times, its likely you will receive it all. You could even add some sort of checksum so you would know when you receive it all.
Encryption latency, packet retransmissions upon collisions at routing equipement... there are 1000 reasons outside the lab this wouldn't be even remotely useful for tracking activity off the desktop, and there's way easier ways of doing it on the desktop.
There are 1000 papers on covert channels on how to get this to work. It has been done outside of a lab, using the real Internet under real conditions. Easier ways to do this? Absolutely. However, the idea is to get the signal hidden in the "noise" so it's never detected and the data channel lasts for a long time.
Secondly, computers age quite fast. If you buy a computer, it is reasonable to overcompensate because in 2-3 years an average computer will be out of date and underpowered. The top of the line computer today will be the below average in 5 years but you still can get some life out of it.
Actually, it makes more sense to buy a middle of the road system today and upgrade it in 1.5 - 2 years. You probably break even on the money since you avoid the premium for the best hw, but you will have more power than that when you buy you next system. There is an added benefit of actually having 2 systems after 2 years. You may not like the power of the first one, but it will make a good file server, a good PC for your kids, or whatever else you feel like using it for.
I have less time to mess around with new gear. I only learn the basic functions of new gear (such as cell phones) because I don't have time to figure out all the features, or to use them.
I have learned the value of my money. I don't need to spend a couple grand buying a brand new system to get a little better framerate or slightly shorter compile times. My current system is a few years old and I don't have any problems with my apps, and a new system won't make me type any faster or let me enjoy movies at twice the speed. I would rather save my money for travel.
I have learned that new tech is just that - new. There are a lot of bugs and other issues that haven't been worked out yet. I want my tech to work well and be hassle free.
The "new" technology is new, but it isn't better. Better graphics? OK. But is it a better game? No. I can keep my PS2 and have a huge library of great games that can be had for $20. The reason I bought a DS is the new Super Mario Bros. game. I liked the gameplay. The updated graphics are just a bonus.
The only tech I have been interested in are the new MacBooks - great OS and not as much $$$ and the Nintendo Wii - because of access to the Nintendo game library.
People should rely more on reviews from people that have the same gaming opinions as they do instead of some number. Consider: How many poorly rated movies do well at the box office, and how many highly rated movies do poorly? A lot. Check out Yahoo! movies or similar site and compare the critics to the people. They are never the same and rarely similar. Why? Movie critics see a lot of movies, so are biased towards the storyline and acting instead of a big action sequence. So, they view movies differently than I do.
Extending that to video games; a reviewer who enjoys FPS games is going to give a high rating to the latest shooter with great graphics. I like older FPS games, but hate the direction that the industry has gone with newer games. So, if a reviewer is a fan of the genre, and I'm not, should I use their review? Of course not! I hate RTS games, so even if one had a 10 rating I wouldn't buy it. However, maybe someone does something new and it is worth my time and money to give it a shot. How do I know? I need to find a reviewer who doesn't like RTS games and get their rating - if they give it a 7 or 8, but they don't like RTS, then I should look into it.
So, how do you find these reviewers? Give ratings to the games you have played, maybe separated by genre, and then go looking for reviews that are close to your own and look at the name of the reviewers. Then search by reviewer to see how close their ratings are to your own, pick the closest (or some sort of combination - Alice for RTS and Bob for FPS). Now you have some reviewers you can trust will like the same games you do, and you can shop accordingly.
How do you handle sites where the bad pages are hidden behind a robots file? The front page may be crawlable, but the page with the malware isn't.
How do they handle redirects? If I have a site that redirects a user to bad content, is the original page flagged as bad? Combined with a page that isn't crawled, how would they know to flag it?
How are they going to handle any obfuscation that takes place? Or handle new malware? This might not be a show-stopper, but I think it is a techinical issue that should be addressed.
How are they going to handle the lag between crawling and new content? My server gets crawled about once a week. So I would have ~6 days to host bad content before switching it back to look legit for my next Google crawl.
What system are they going to have to handle complaints or appeals? If my site is flagged incorrectly, Google is taking a risk of liability by flagging it that way. It seems that if they take due diligence to keep the false positives low, there will be an increase in false negatives.
These are just off the top of my head and I am sure there are a lot more issues that I haven't thought of.
You get to a giant locker door that leads to a train station. (MIB 2)
Alternatively, you could run into a huge stack of turtles or possibly some elephants.
Really? How? The lab is researching something new and doesn't know how to get to the end stage without trial and error. Sound like evolution? Of course, they can look at the most promising avenues and pursue those. Oh, wait. Evolution does it as well. I know! We will rely on the beings behind Intelligent Design to create them, and then just use them.
Sorry for sounding like a Troll, but you can't just skip steps in a lab if you don't know how to get where you are going.