Agreed on all, though I'd argue the problem isn't so much with social security existing so much as the fact that we've been on a massive spending spree in general for two decades. Whethering a baby boom if the US were currently debt-free and the promises were more reasonable and the funding tax less regressive would be a lot different than the mess we're in now.
Alexis de Tocqueville suggested that democracy would fail when the average voter realized that they could pay themselves out of the treasury. Our politicians have turned that into an art - they get elected on PROMISES to pay taxpayers out of the treasury without even having the means to do it, and then they go ahead and pay the actual money to contractors who no doubt give them kickbacks.
Oh, I agree with all of this. My point is that good security depends on security-conscious users (unless you intend to not let them pick their own passwords). You obviously grok all this stuff, but Pete down in sales likely does not.
As I stated at the start of my post, "I agree with [your argument about] vendor laziness."
Many (others) use software like CM to suggest that vendors don't actually have to provide support. That simply isn't the case - CM really isn't as good as a properly vendor-supported product should be.
Yup - one of the reasons Windows doesn't have these kinds of problems is that you can take a driver from 1999 and there is a decent chance it will work on Windows 8, and it certainly will work on XP (which is still supported).
Either ship your drivers as source, or make a stable ABI. Not doing either creates a mess.
its not the vendors. don't blame them. its the creator of android.
Yeah, just look at how badly Google's Nexus devices are supported compared to phones/tablets supported by their manufacturers. It's terrible!
12 year old desktop running Windows XP - receives monthly security updates automatically, and will for more than a year longer. (We're talking Pentium IIIs here that could be going as slow as 400MHz - and XP supports systems older than that.)
3 year old Nexus One - doesn't receive any security updates, and hasn't for a while now. The ADP (the Android phone sold directly by Google that everybody forgets) was supported for even less time.
Google certainly does better than any of the other Android vendors, but they're really not up to the level of serious long-term support. Granted, MS is about as good as it gets in this department (despite their various faults).
You know when Cyanogenmod 10.1 supported the Galaxy S III? Within 3 weeks of release. The problem IS vendor lazyness.
So I agree with vendor laziness, but CM isn't really the final answer. While many devices have CM available for them, few support JB. You happened to pick the most popular phone of this year as your example. CM doesn't even have a stable release for the Nexus 4.
Yup, but they benefit from the fact that most of the essential hardware in a modern PC is documented, or at least has binary drivers available for windows (which has had a stable driver ABI for ages). So, you can either write code, port code, or at least write a shim for a windows driver blob.
With Android everything is a moving target, and there are no stable ABIs. That means that the drivers for Gingerbread won't work on ICS, which means you have to do a lot more work and patching to get newer releases to work on older devices.
That isn't an excuse for the vendors though - they have all the code, and if Debian can backport fixes so can they...
Yup, and half of them don't run anything newer than Gingerbread. Cyanogen himself owned the last phone I was using, and CM doesn't support anything higher than Gingerbread on it.
The fact that there are so many binary blobs on the devices and there is no stable ABI for them means that devices get dropped pretty quickly even by the mods. About the only old devices that get that much love and care are the G1 and the N1, largely because they were big milestones at a time when there wasn't many alternatives so almost all the devs own them.
If you're doing this server-side then you still need to let the passwords replicate between systems, and that makes them vulnerable. You also need to back them up.
If you're doing this client-side you additionally need to sync them across multiple devices, and during transit they're likely to be even more vulnerable unless the TPM chips support this internally. Back up is also an issue here.
For syncing you could have the TPM devices do a CA-mediated key exchange and that keeps things pretty secure no matter what media the data passes over. For backups unless you have a backup TPM somewhere you need to have a copy of your encryption keys stored otherwise you won't be able to recover them if you lose the TPM. For client machines that is going to be tough to pull off.
a 4 word randomly chosen password from a dictionary is by far the better password, and much easier to remember too.
Yes, IF it is RANDOMLY chosen from a DICTIONARY. Actually, dictionary isn't even right - a word list is more appropriate*.
If I ask somebody for four random words it is unlikely they'll consult a dictionary, and it is also unlikely that they'll do anything involving true randomness. That means that the set of possible words being selected from is less than the entire English vocabulary, and some words are more likely to be chosen than others.
If you really roll a d10000 to pick a page followed by a d200 to pick a word then you're fine.
* - why a word list? Look up the definition of "run" in an unabridged dictionary sometime and note its length. Depending on the selection method this might bias it as being more likely to be selected.
Ultimately what you're getting at is that the whole password model is broken in the first place.
All services like Lastpass/Keepass are is a semi-manual implementation of something like Kerberos. It is more about having a token than knowing a password, though access to the token might be governed by a password.
The Cities are supposed to be represented in the State just as the States are subjective to the US Government.
That is actually not strictly correct.
States are not completely subject to the Federal Government. City governments generally ARE completely subject to state governments.
The US constitution grants certain powers to the Federal vs State governments. On ones granted to the states the Federal Government cannot interfere. Now, in practice everybody ignores the constitution, but there are still some limits.
If your local school board gets out of hand chances are the state would just appoint an administrator and tell the democratically-elected local representatives what to go do with themselves. The state ALLOWS local communities to elect local representatives, but it is not required to do so. On the other hand, the Federal government cannot disband a state legislature no matter how much it gets out of hand.
To use some terminology, states are unitary governments, and the US government is a federal government.
Gotta milk it for three episodes, and that requires pacing things so that the drama builds and the conflicts are resolved in the right places. You can't do that by just following the book since the book didn't have the constraint of needing to be three freestanding works.
That said, I don't know that ANY of Tolkein's Middle-Earth stuff really has pacing like that. Huge side-tracks, and stuff like the scouring of the shire where the plot takes about 200 pages to actually wind down. I think the thing that made his work compelling was interest in all the backdrop and the care he took to create it - the actual plots seemed like more of a device to introduce a bazillion unrelated stories, which were themselves devices to do the same.
Wow! If they're that good, then it makes me wonder why they have to have a government-granted monopoly on letters.
Simple - that is the only way to have people in cities subsidize people who live in the middle of nowhere.
It isn't exactly a bad concept - at least for its day (which I believe has passed). Having half the country be unable to so much as read a newspaper isn't all that good for democracy in the 1800s.
These days I think these goals could be accomplished far more effectively by just having government-issued email addresses for official correspondence. There shouldn't be any kind of monopoly on communication, but rather there should be a set of mailboxes where: 1. Costs of operation are billed to senders. 2. Recipients are legally accountable for messages sent (like summons/bills/etc). 3. Identity of senders/recipients is assured. 4. Individuals can request to not receive bulk mail. Bulk mail would be licensed as it is with regular mail, and the fees would be sufficient to ensure it would not become burdensome.
If you did all this then there is no reason to keep the post office - lots of money could be saved. For packages just use a commercial courier.
While I agree with much of what you say, you do raise a bad argument that seems to be common - that money that goes into the general fund is somehow failing to be saved.
Money is fungible. If the treasury receives money today that it needs to pay back in a decade, it can either just keep the cash in bills and stick it under a mattress, or use it to pay today's bills. If it does the former it has to borrow money to pay today's bills, which means it has to pay additional interest. If it does the latter then it saves money on interest, and just has to borrow money later if necessary to pay back the original source of the money (social security, whatever).
This isn't like a homeowner who is sticking money in a bank account paying 1% interest to save for retirement, when they're making minimum payments on a mortgage at 5% interest. They would be far wiser to just pay off the mortgage faster (aside from a rainy day fund). Then they can just take out a reverse mortgage later if they need the extra cash back and in general they'll have more money on hand due to all the interest saved (assuming they didn't just spend more money - which is no different than not saving it in the first place).
Why exactly SHOULDN'T the US spend that money now, vs socking it away and borrowing more? The only reason to save it is if you're afraid that the US won't be able to borrow the money later. However, if the US is unable to borrow the money later chances are those dollars that it saved will be worthless anyway. A dollar bill really has little value in excess of a treasury bill of equal value.
That said, having the post office overfund its pensions is just dumb - but less dumb than the more common practice of letting companies underfund them.
If you don't have a plan to pay for your funeral, you're simply irresponsible.
If you have kids, do you need to plan for their funerals, and their kids funerals (assuming they have 27 children), and their kids funerals (assuming they also have 27 kids), and so on until the heat death of the universe?
There is this thing called time-value of money. I'd say that we're far too lenient on most pension plans in not requiring them to fund as much as they should. However, it seems like they've gone to the opposite extreme with the post office.
My feeling is that all pensions should be defined-contribution, should be escrowed in the name of the employee, and contributions should be made in full at the time the benefit is earned (basically every paycheck, or at least annually). If the company goes bankrupt all the money can be transferred into an IRA or whatever - it is not a debt to the employee but money already paid. Essentially this just turns pensions into another form of 401k/etc. This is far more honest because right now companies can promise the world to employees and then simply fail to deliver.
Agreed - it isn't much of a sacrifice. On that note, please post your banking info so that I can initiate a $5/month transfer into my account. You'll never miss it.
CM is obviously great, and it is even better for the price.
However, it isn't available for all devices, and because of the large number of devices these days it seems like many devices only have one or two devices. My previous phone was a G2 and CM never got past Gingerbread despite a 3rd party mod being sort-of working with Jellybean. Their quality control is better than the average mod, but isn't really up to professional standards. When a build that just came out of the compiler is released the same day as "stable" they can't have any kind of formal quality process. The definition of stable is not that it works, but that it hasn't changed recently - something lost on CM (they could learn a lot from projects like Debian/etc).
So, with CM you're often stuck with stable releases that are a year or more old (few phones have stable Jellybean releases still) or nightlies that have no particular quality reputation whatsoever.
Your best bet is a Nexus, but my Nexus 10 is pretty glitchy and of course there is no stable CM release for it.
I can't complain since it is free, but I'm not going to call CM the magic bullet either.
My N4 is my first Nexus phone - the last time I was up for one I got a G2 figuring that the CM team would just make it work (a bit of a mistake - with the increase in the number of phones their effort is REALLY diluted and CM hasn't come out with a release on that phone since Gingerbread).
I'm pretty happy with the N4 despite the flaws you mentioned. I wish Google had more variety on the phone front, but they're at least starting to get that with the Tablets (it remains to be seen if they sustain annual releases in 3 formats though).
True enough, but the isolation only protects apps from each other. It doesn't protect your data from apps, unless the app in question doesn't have rights to read your SD card (and if you're attacking an app chances are it was from reading some data from the SD card in the first place, like an attachment to an email).
Does Dalvik have the same security problems Oracle Java does? If so this is a serious problem
It is an independent implementation, so I'd say it likely has a similar but altogether different set of security problems.
At least it doesn't run arbitrary code from applets, and since applications run as individual users they benefit from the underlying linux security model. That said, maybe if you open some document in an application the document might exploit some dalvik flaw to gain access to other data the application can view (likely your entire SD card), and if the app has rights (likely the case) upload it to random places on the internet.
Legally they're people. In practice they are nothing like people. Hence the reason the world is messed up. People have incentive to not do bad things because they might be punished. Companies have no incentive to not do anything, because they don't actually make decisions - the people working in them make the decisions and usually don't sufferer the consequences.
Sure, but what I'm getting at is that the design of a SAM site is somewhat different from the design of a typical fighter jet, and the drones of the future might resemble the former more than the latter (though obviously with less need for tracks, wheels, and huge rocket engines, and more of a need for lightweight composites).
Agreed on all, though I'd argue the problem isn't so much with social security existing so much as the fact that we've been on a massive spending spree in general for two decades. Whethering a baby boom if the US were currently debt-free and the promises were more reasonable and the funding tax less regressive would be a lot different than the mess we're in now.
Alexis de Tocqueville suggested that democracy would fail when the average voter realized that they could pay themselves out of the treasury. Our politicians have turned that into an art - they get elected on PROMISES to pay taxpayers out of the treasury without even having the means to do it, and then they go ahead and pay the actual money to contractors who no doubt give them kickbacks.
Oh, I agree with all of this. My point is that good security depends on security-conscious users (unless you intend to not let them pick their own passwords). You obviously grok all this stuff, but Pete down in sales likely does not.
As I stated at the start of my post, "I agree with [your argument about] vendor laziness."
Many (others) use software like CM to suggest that vendors don't actually have to provide support. That simply isn't the case - CM really isn't as good as a properly vendor-supported product should be.
Yup - one of the reasons Windows doesn't have these kinds of problems is that you can take a driver from 1999 and there is a decent chance it will work on Windows 8, and it certainly will work on XP (which is still supported).
Either ship your drivers as source, or make a stable ABI. Not doing either creates a mess.
its not the vendors. don't blame them. its the creator of android.
Yeah, just look at how badly Google's Nexus devices are supported compared to phones/tablets supported by their manufacturers. It's terrible!
12 year old desktop running Windows XP - receives monthly security updates automatically, and will for more than a year longer. (We're talking Pentium IIIs here that could be going as slow as 400MHz - and XP supports systems older than that.)
3 year old Nexus One - doesn't receive any security updates, and hasn't for a while now. The ADP (the Android phone sold directly by Google that everybody forgets) was supported for even less time.
Google certainly does better than any of the other Android vendors, but they're really not up to the level of serious long-term support. Granted, MS is about as good as it gets in this department (despite their various faults).
You know when Cyanogenmod 10.1 supported the Galaxy S III? Within 3 weeks of release. The problem IS vendor lazyness.
So I agree with vendor laziness, but CM isn't really the final answer. While many devices have CM available for them, few support JB. You happened to pick the most popular phone of this year as your example. CM doesn't even have a stable release for the Nexus 4.
Yup, but they benefit from the fact that most of the essential hardware in a modern PC is documented, or at least has binary drivers available for windows (which has had a stable driver ABI for ages). So, you can either write code, port code, or at least write a shim for a windows driver blob.
With Android everything is a moving target, and there are no stable ABIs. That means that the drivers for Gingerbread won't work on ICS, which means you have to do a lot more work and patching to get newer releases to work on older devices.
That isn't an excuse for the vendors though - they have all the code, and if Debian can backport fixes so can they...
There is a simple solution to that problem - have an unlocked ROM firmware that is capable of reflashing everything with operator intervention.
Now you have an unbrickable device - something every Android developer wouldn't mind having. If you mess up a windows install you just do a reinstall.
And with Android that process is less painful than on most systems because so much is cloud-backed.
Yup, and half of them don't run anything newer than Gingerbread. Cyanogen himself owned the last phone I was using, and CM doesn't support anything higher than Gingerbread on it.
The fact that there are so many binary blobs on the devices and there is no stable ABI for them means that devices get dropped pretty quickly even by the mods. About the only old devices that get that much love and care are the G1 and the N1, largely because they were big milestones at a time when there wasn't many alternatives so almost all the devs own them.
That only works for apps.
If there is a problem with the API framework or the kernel then you're stuck.
That's like saying that Windows NT is perfectly secure because Adobe bundles an updater with their apps.
If you're doing this server-side then you still need to let the passwords replicate between systems, and that makes them vulnerable. You also need to back them up.
If you're doing this client-side you additionally need to sync them across multiple devices, and during transit they're likely to be even more vulnerable unless the TPM chips support this internally. Back up is also an issue here.
For syncing you could have the TPM devices do a CA-mediated key exchange and that keeps things pretty secure no matter what media the data passes over. For backups unless you have a backup TPM somewhere you need to have a copy of your encryption keys stored otherwise you won't be able to recover them if you lose the TPM. For client machines that is going to be tough to pull off.
a 4 word randomly chosen password from a dictionary is by far the better password, and much easier to remember too.
Yes, IF it is RANDOMLY chosen from a DICTIONARY. Actually, dictionary isn't even right - a word list is more appropriate*.
If I ask somebody for four random words it is unlikely they'll consult a dictionary, and it is also unlikely that they'll do anything involving true randomness. That means that the set of possible words being selected from is less than the entire English vocabulary, and some words are more likely to be chosen than others.
If you really roll a d10000 to pick a page followed by a d200 to pick a word then you're fine.
* - why a word list? Look up the definition of "run" in an unabridged dictionary sometime and note its length. Depending on the selection method this might bias it as being more likely to be selected.
Ultimately what you're getting at is that the whole password model is broken in the first place.
All services like Lastpass/Keepass are is a semi-manual implementation of something like Kerberos. It is more about having a token than knowing a password, though access to the token might be governed by a password.
The Cities are supposed to be represented in the State just as the States are subjective to the US Government.
That is actually not strictly correct.
States are not completely subject to the Federal Government. City governments generally ARE completely subject to state governments.
The US constitution grants certain powers to the Federal vs State governments. On ones granted to the states the Federal Government cannot interfere. Now, in practice everybody ignores the constitution, but there are still some limits.
If your local school board gets out of hand chances are the state would just appoint an administrator and tell the democratically-elected local representatives what to go do with themselves. The state ALLOWS local communities to elect local representatives, but it is not required to do so. On the other hand, the Federal government cannot disband a state legislature no matter how much it gets out of hand.
To use some terminology, states are unitary governments, and the US government is a federal government.
Gotta milk it for three episodes, and that requires pacing things so that the drama builds and the conflicts are resolved in the right places. You can't do that by just following the book since the book didn't have the constraint of needing to be three freestanding works.
That said, I don't know that ANY of Tolkein's Middle-Earth stuff really has pacing like that. Huge side-tracks, and stuff like the scouring of the shire where the plot takes about 200 pages to actually wind down. I think the thing that made his work compelling was interest in all the backdrop and the care he took to create it - the actual plots seemed like more of a device to introduce a bazillion unrelated stories, which were themselves devices to do the same.
Wow! If they're that good, then it makes me wonder why they have to have a government-granted monopoly on letters.
Simple - that is the only way to have people in cities subsidize people who live in the middle of nowhere.
It isn't exactly a bad concept - at least for its day (which I believe has passed). Having half the country be unable to so much as read a newspaper isn't all that good for democracy in the 1800s.
These days I think these goals could be accomplished far more effectively by just having government-issued email addresses for official correspondence. There shouldn't be any kind of monopoly on communication, but rather there should be a set of mailboxes where:
1. Costs of operation are billed to senders.
2. Recipients are legally accountable for messages sent (like summons/bills/etc).
3. Identity of senders/recipients is assured.
4. Individuals can request to not receive bulk mail. Bulk mail would be licensed as it is with regular mail, and the fees would be sufficient to ensure it would not become burdensome.
If you did all this then there is no reason to keep the post office - lots of money could be saved. For packages just use a commercial courier.
While I agree with much of what you say, you do raise a bad argument that seems to be common - that money that goes into the general fund is somehow failing to be saved.
Money is fungible. If the treasury receives money today that it needs to pay back in a decade, it can either just keep the cash in bills and stick it under a mattress, or use it to pay today's bills. If it does the former it has to borrow money to pay today's bills, which means it has to pay additional interest. If it does the latter then it saves money on interest, and just has to borrow money later if necessary to pay back the original source of the money (social security, whatever).
This isn't like a homeowner who is sticking money in a bank account paying 1% interest to save for retirement, when they're making minimum payments on a mortgage at 5% interest. They would be far wiser to just pay off the mortgage faster (aside from a rainy day fund). Then they can just take out a reverse mortgage later if they need the extra cash back and in general they'll have more money on hand due to all the interest saved (assuming they didn't just spend more money - which is no different than not saving it in the first place).
Why exactly SHOULDN'T the US spend that money now, vs socking it away and borrowing more? The only reason to save it is if you're afraid that the US won't be able to borrow the money later. However, if the US is unable to borrow the money later chances are those dollars that it saved will be worthless anyway. A dollar bill really has little value in excess of a treasury bill of equal value.
That said, having the post office overfund its pensions is just dumb - but less dumb than the more common practice of letting companies underfund them.
If you don't have a plan to pay for your funeral, you're simply irresponsible.
If you have kids, do you need to plan for their funerals, and their kids funerals (assuming they have 27 children), and their kids funerals (assuming they also have 27 kids), and so on until the heat death of the universe?
There is this thing called time-value of money. I'd say that we're far too lenient on most pension plans in not requiring them to fund as much as they should. However, it seems like they've gone to the opposite extreme with the post office.
My feeling is that all pensions should be defined-contribution, should be escrowed in the name of the employee, and contributions should be made in full at the time the benefit is earned (basically every paycheck, or at least annually). If the company goes bankrupt all the money can be transferred into an IRA or whatever - it is not a debt to the employee but money already paid. Essentially this just turns pensions into another form of 401k/etc. This is far more honest because right now companies can promise the world to employees and then simply fail to deliver.
Agreed - it isn't much of a sacrifice. On that note, please post your banking info so that I can initiate a $5/month transfer into my account. You'll never miss it.
CM is obviously great, and it is even better for the price.
However, it isn't available for all devices, and because of the large number of devices these days it seems like many devices only have one or two devices. My previous phone was a G2 and CM never got past Gingerbread despite a 3rd party mod being sort-of working with Jellybean. Their quality control is better than the average mod, but isn't really up to professional standards. When a build that just came out of the compiler is released the same day as "stable" they can't have any kind of formal quality process. The definition of stable is not that it works, but that it hasn't changed recently - something lost on CM (they could learn a lot from projects like Debian/etc).
So, with CM you're often stuck with stable releases that are a year or more old (few phones have stable Jellybean releases still) or nightlies that have no particular quality reputation whatsoever.
Your best bet is a Nexus, but my Nexus 10 is pretty glitchy and of course there is no stable CM release for it.
I can't complain since it is free, but I'm not going to call CM the magic bullet either.
My N4 is my first Nexus phone - the last time I was up for one I got a G2 figuring that the CM team would just make it work (a bit of a mistake - with the increase in the number of phones their effort is REALLY diluted and CM hasn't come out with a release on that phone since Gingerbread).
I'm pretty happy with the N4 despite the flaws you mentioned. I wish Google had more variety on the phone front, but they're at least starting to get that with the Tablets (it remains to be seen if they sustain annual releases in 3 formats though).
True enough, but the isolation only protects apps from each other. It doesn't protect your data from apps, unless the app in question doesn't have rights to read your SD card (and if you're attacking an app chances are it was from reading some data from the SD card in the first place, like an attachment to an email).
Does Dalvik have the same security problems Oracle Java does? If so this is a serious problem
It is an independent implementation, so I'd say it likely has a similar but altogether different set of security problems.
At least it doesn't run arbitrary code from applets, and since applications run as individual users they benefit from the underlying linux security model. That said, maybe if you open some document in an application the document might exploit some dalvik flaw to gain access to other data the application can view (likely your entire SD card), and if the app has rights (likely the case) upload it to random places on the internet.
Legally they're people. In practice they are nothing like people. Hence the reason the world is messed up. People have incentive to not do bad things because they might be punished. Companies have no incentive to not do anything, because they don't actually make decisions - the people working in them make the decisions and usually don't sufferer the consequences.
Sure, but what I'm getting at is that the design of a SAM site is somewhat different from the design of a typical fighter jet, and the drones of the future might resemble the former more than the latter (though obviously with less need for tracks, wheels, and huge rocket engines, and more of a need for lightweight composites).