Oh, I'm sure my employer would say that I don't need a deferral.
You're assuming a level of altrusim that most people don't get from their employers. I exaggerate the case a bit with my employer (though a multi-week absence would surely be missed). However, many people would definitely suffer in such a situation.
Yup. But, they would be stopped in their tracks. After all, nobody contributes kernel code from general-purpose operating systems, so there is no way a worm could sneak in the back door, right?:)
The other issue is the whole black swan thing. Your competitors probably aren't going to invest so heavily in security. So, they'll be at a cost advantage. It is guaranteed therefore that given sufficient time you will go out of business.
The question is then which will happen first - you going out of business, or your competitors all being taken out by a worm that you survive? Most managers would put their money on the former, and most of the time they're right. And that is why we don't have much security...
First, who gets to define the term civic duty. That's right - we all do. Or I guess we could go with a majority, and judging by everybody voting with their feet most people disagree with you.
Second - this isn't a bribe - it is compensating jurors for the fair value of their time. Why do we pay them at all?
Bottom line, either way the civic duty isn't getting done well right now. So, you can either complain about it on slashdot, or do something about it - like pay people...
Because today's megacorp does in fact have 100 BILLION dollars!
Of course they don't - but that is what they are valued at, which of course takes into account likely future earning and not just cash on hand.
So, somebody looking to do industrial sabotage isn't trying to get a payment from the company that they're taking down. Instead they probably work for a government that wants to see the company go down so that some other company can take its place (think nationalism). They wouldn't ask for a ransom - they're not doing it for a payout - they win if the company goes bankrupt. The programmers themselves of course don't win big - they're just collecting salaries like anybody writing software for a living.
I suspect that in the 1700s they didn't have trials that lasted two weeks, and employers probably weren't able to get away with punishing people who go on jury duty.
If I miss two weeks at work nobody will mind one bit. Of course, I still need to complete my three month project that was already super-aggressive on timeline in the alloted time. I'd never be fired for going on jury duty. I might suffer for not getting a project done on time, however, and that is basically the same thing...
I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.
The software out there that runs on intranets around the world is some of the most insecure stuff you'll ever see. It rarely gets subjected to serious attack, and the vulnerabilities aren't evident to the average corporate IT guy who is just doing basic due-diligence. Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.
We'll see more of these attacks in the future - count on it...
Agreed - everybody else in that courtroom is paid to be there.
When I was in jury selection one guy who was called claimed the excuse that he was a lawyer who had to prepare for a trial. He was immediately excused. I didn't hear anybody else who just had a job to do get excused.
I've known people called as witnesses in courts and they get similar treatment. They're forced to show up and are not paid, and half the time somebody goofs and there is a continuance. Oh well, good thing everybody else gets paid to be there whether anything gets done or not.
People should be paid more than their current salary to be on a jury, to compensate them for the fact that their boss is going to be upset that they didn't weasel their way out. Will that cost taxpayers money, sure? Maybe then we'll think twice about what we drag people into court for, and court fees can be raised accordingly to cover the true value of everybody's time.
I suspect that way back in the past jurors were decently compensated. The problem is that the fees were not adjusted for inflation, so we probably get the same daily rate they got back when Parliament was running things.
Well, at least in the Philadelphia region the state police routinely survail the onramps to highways like I-95 from the first stop in Delaware and people entering from that onramp are often stopped to check for alcohol. Another beautiful feature of PA law is that it is illegal to smuggle alcohol into the state - personal use or otherwise.
Good thing we have strong laws. We wouldn't want to be like Europe where everybody is intoxicated all day long, from age 3 and up, right?
The DNA of mitochondria, a cell within a cell, is like bacteria and has no protective protein covering.
And why should it last any longer after 100 generations of egg production and 30 years of dormancy than it would last after 100 generations of sperm production and no dormancy? It isn't like the eggs aren't duplicates in the first place - the difference is when they form.
Maybe it makes a difference, and maybe there is life on titan. Saying it doesn't make it so.
The mechanism for passing on pure mitochondria was to preserve it in a female egg, thus arose the need for sexes.
While an interesting idea, I'd like to see some proof that mitochondrial preservation was the primary driver behind the need for sexes. Could not hermaphroditic organisms employ the same mechanism to protect mDNA, assuming such protection is even necessary?
Again, this and much else about cells, such as DNA-RNA and other quite complex cellular mechanisms that we read about, is universal in all life.
No argument there. The question is WHY is it conserved, and are all elements of this truly important, or do they just happen to come together?
I think the only thing that can truly answer these questions are experiments - not conjecture about mechanisms. Sure, you have to start with a hypothesis, but you can't stop there.
It's quite the commonly-known fact that solely female mitochondria get inherited in humans.
Yes. I knew that already.
What isn't known is if it actually makes a difference. An anecdote doesn't constitute strong evidence - especially a human example since clearly no living human was conceived under controlled experimental conditions.
Interesting. Do you have a citation for this study where they actually grew embryos to term using male and female-originated mitochodria and determined that it actually made a difference?
I'm not quite sure why the DNA in the mitochondria would be any more aged and defective than the haploid genome in the sperm in the first place. It is true that eggs in a woman are essentially formed early vs sperm forming late, but that applies to all DNA in the sperm and not just the mitochondria.
Maybe you're right and that it is this way for a reason. However, having a nice argument doesn't really translate into proof...
Agreed - this is interesting stuff, but this isn't airtight evidence of life on titan or something like that.
Most people who discover stuff like this just publish it in the literature and then let the NYT science page or whatever pick it up.
I mean really - if you have a major article in Science it isn't like you need to hype it up a whole lot more for it to get attention.
On the other hand, they could very well have more controls/etc - journals like Science like to keep things really brief due to the demand for space, so they're not going to publish tons of supporting data. That said, the researchers probably would have done well to publish the supporting details elsewhere in anticipation of this demand.
The difference between how these things were handled decades ago and today is that anybody can publish a blog, and thus you don't have to wait six months for the filtered letters to the editor to come out in Science/etc.
My feeling when I heard the announcement is that this was an AWFULLY big claim to make based on indirect evidence like what they had.
The paper itself was probably fine. The big issue was how it was blown up.
Confirmation by independent methodology would only make sense here. Some controls would also make sense - take some ordinary bacteria with ordinary DNA, mix them up with arsenate solutions like what were used, and then purify the DNA in the same way and show that the arsenate ISN'T carried over.
You could probably also do some mass spec work to show that the arsenic is incorporated into the DNA backbone. In fact, that would tell you exactly how it is incorporated.
Part of the issue is that this is a mixture of microbiology and analytical chemistry, and getting it all right requires multidisciplinary collaboration. A mistake anywhere along the line invalidates the results.
The other big objection I have to this whole debacle is the over-hyping. People are trumping this as a "this changes everything" moment and talk about independent abiogenesis. All I see is evidence for bacteria that have evolved the ability to live on lots of arsenic. Considering we have bacteria adapted to just about every niche we can explore this doesn't surprise me. Now, if we sequence their DNA and find that it bears no relationship or a VERY distant relationship to other forms of life then I'll be impressed. Actually, I'm still impressed, as this is exotic stuff. However, it really isn't life-on-Titan levels of exciting yet.
The bottom line is that big claims require big evidence and confirmation. I'd love to see confirmation on this, and in the meantime there is nothing wrong with experts in the field pointing out alternative explanations for the results. Science is all about disproving the null, and that means disproving all the alternatives. Sure, there is a cutoff where things get general acceptance, but it isn't a few days after initial publication...
Uh, I'm not sure whether you can really use the term "majority" to describe the level of government funding. The "marginal" investment in this case averages something like a few hundred million dollars per compound, which is a pretty significant chunk of money - considering that most of the time that money gets spent to figure out that the drug doesn't work.
Sure, government tends to fund most of the blue-sky R&D, which is the interesting part. That is where you get the idea that disrupting enzyme X might cure disease Y. Maybe they might even suggest that compound Z inhibits enzyme X. What they never pay for is figuring out if compound Z also has the side effect of causing heart attacks, or whatever.
Oh, and such a system still allows for freeloaders. Once any government anywhere in the world develops a drug all the other ones can take advantage of it. So, what's to stop a first-world nation from not chipping in their fair share? And, what's to stop ALL the first-world nations from not chipping in their fair share?
I think the pure government R&D model needs to be tried before we abandon the status quo wholesale. I'm all for trying the experiment - the reward is potentially very high.
Clearly drug costs need to be contained. However, you can't reduce prices to the marginal price to manufacture a drug, unless you have the government fund 100% of the R&D. That is a valid model - and in fact you can leave the current industry alone and pursue it by just having the NIH or whatever just develop some drugs start-to-finish and just release the compounds into the public domain. If as you say the industry investment is marginal then the taxpayer expense would be minimal. In reality taxpayers would spend quite a bit of money on this - though they would likely get a return on this investment.
Such a system still allows for freeloading. The US, as an example, could just choose to spend nothing on medical research, and instead leverage discoveries in Europe. The Europeans could get upset and axe their own R&D. Wonderful - a race for the bottom. There is no reason of course that this has to happen except human nature.
There are lots of open questions around how end-to-end government R&D would actually work out. I think it is worth trying just the same, but let's try it before we decide it is the perfect solution and get rid of patents/etc...
I tend to agree, although one aspect of their strategy at least makes sense.
They released the insurance file. Presumably over time they can release additional ones.
As long as the insurance files contain unredacted information that is MORE damaging than the stuff that will be released, there is incentive for governments to leave wikileaks alone.
On the other hand, no doubt the powers that be will place the wikileaks operators under heavy survailence, with the intent of figuring out who has the keys to the insurance files. If they feel confident that they know where all the keys are, they could act quickly and secure everything in a single move. Of course, to do that they need to sequester the keyholders indefinitely - if they provide them access to attorneys, press, etc, then the keys could be disclosed.
While this is a fairly dangerous cat-and-mouse game, the wikileaks strategy actually could be better in the long-term for their operations. A more decentralized system would probably still be more effective, if it could be made to work (who do you leak something to, when nobody is in charge?).
In theory Freenet/I2P and tor internal sites already form a way to disclose leaks in a fairly secure and hard to stop way. The problem is that these kinds of decentralized technologies are so arcane that the people who have the information to leak don't use them.
Uh, I think my 450D supports the image authenticity checks, although I don't know if Canon uses a different system in their higher-end cameras. Sure, any DSLR is going to be moderately expensive, but $500 isn't exactly massive in cost.
Also - any camera that supports EF-mount lenses will support the latest-and-greatest L-series lenses. You don't need a $2k camera to use a $2k lens. Their bottom-of-the-line $500 DSLR body will work just fine with them (and the cheaper ones also support the EF-S lenses - one or two of which are L-level quality for a lot less cost, but for marketing reasons they won't put an EF-S lens in that series since the people with the $2k cameras that don't support them would feel left out).
Finally, there are lots of half-decent lenses out there that don't have the red band on them. Sure, the L-lenses are certainly nice, but you can do quite fine with a lot less.
So, what you're saying is that I should write a virus that claims to have encrypted user data, and demands money, but in reality it just overwrites the data with random bytes.
Then I can collect the money and sleep in good conscience, knowing that I'm destroying the market for others doing this scam, and thus helping the human race by making it less likely that others will do the same?
While we're at it, maybe we can start hijacking planes, and then blowing them up after our demands are met. Suddenly terrorism-for-ransom goes away too. (Not that much terrorism-for-ransom actually happens much nowadays anyway.)
And no, I'm not suggesting that anybody should actually do these things...
I doubt the guys collecting the money care about bank charges. They just make it the user's problem to figure out how to get the money to them. If it costs $1k to send them $100 they still get their $100.
I'm using sarab with some shell scripts to manage my backups to S3. Everything gets gpg encrypted before it leaves my PC, and backups are differential.
I'm backing up maybe 12GB of data, and the total space I'm paying for isn't a whole lot more than that. I run a full backup, then 8 weekly backups against each other, and then daily backups against the previous weekly. Then I start over.
Data transfer is the biggest expense - but even so I pay less than $5/month for the whole thing. I use their reduced-redundancy storage rate (the whole thing is already redundant) to save a bit.
The only advantage a commercial service might have besides convenience is de-duplication, if you trust them with your data. Since my data is encrypted prior to leaving my PC, there is no way on the S3 side to consolidate different backups.
The main reason I rolled my own was knowing that my data was secure. I get the daily sarab report via email, can check my backups from time to time if necessary, and I know that nothing leaves my server unsecure since I wrote the code. The last step before upload is gpg, so the risk of any kind of leak is pretty minor - I encrypt everything from data to metadata. Basically I create a local backup with sarab/dar, and then run the whole directory through gpg to create an encrypted copy, and use s3cmd to sync that up with S3 (which uses hashes to identify and upload modified files).
I have about 15Mbps outgoing, and those full backups can take a while. However, it isn't that big a deal since that happens once every two months.
Oh, don't count on getting more than 2-3Mbps up to S3 anyway - I don't know where the bottleneck is but I rarely can burst to them at my full link speed.
Well, not having read up on him much, could this just be a case of the lamppost principle? Maybe some particular technology allows gold impurities to be separated more readily than in other metals. If so, then we might as well see what we find when we look for them.
In theory you're as likely to find a magnetic monopole in a teacup as you are to find one in a massive tank of super-ultra-pure water buried a mile under a mountain in a salt mine. However, you're a lot more likely to detect the monopole in the latter than in the former, so that is where we look for them.
Ditto with studying genetics in E. Coli - do we care about the bacteria that much? No, but chances are that if you find something interesting going on you'll have a wealth of other material to leverage when figuring out how it works.
Oh, I'm sure my employer would say that I don't need a deferral.
You're assuming a level of altrusim that most people don't get from their employers. I exaggerate the case a bit with my employer (though a multi-week absence would surely be missed). However, many people would definitely suffer in such a situation.
Yup. But, they would be stopped in their tracks. After all, nobody contributes kernel code from general-purpose operating systems, so there is no way a worm could sneak in the back door, right? :)
The other issue is the whole black swan thing. Your competitors probably aren't going to invest so heavily in security. So, they'll be at a cost advantage. It is guaranteed therefore that given sufficient time you will go out of business.
The question is then which will happen first - you going out of business, or your competitors all being taken out by a worm that you survive? Most managers would put their money on the former, and most of the time they're right. And that is why we don't have much security...
First, who gets to define the term civic duty. That's right - we all do. Or I guess we could go with a majority, and judging by everybody voting with their feet most people disagree with you.
Second - this isn't a bribe - it is compensating jurors for the fair value of their time. Why do we pay them at all?
Bottom line, either way the civic duty isn't getting done well right now. So, you can either complain about it on slashdot, or do something about it - like pay people...
Because today's megacorp does in fact have 100 BILLION dollars!
Of course they don't - but that is what they are valued at, which of course takes into account likely future earning and not just cash on hand.
So, somebody looking to do industrial sabotage isn't trying to get a payment from the company that they're taking down. Instead they probably work for a government that wants to see the company go down so that some other company can take its place (think nationalism). They wouldn't ask for a ransom - they're not doing it for a payout - they win if the company goes bankrupt. The programmers themselves of course don't win big - they're just collecting salaries like anybody writing software for a living.
I suspect that in the 1700s they didn't have trials that lasted two weeks, and employers probably weren't able to get away with punishing people who go on jury duty.
If I miss two weeks at work nobody will mind one bit. Of course, I still need to complete my three month project that was already super-aggressive on timeline in the alloted time. I'd never be fired for going on jury duty. I might suffer for not getting a project done on time, however, and that is basically the same thing...
I think this attack just shows the difference that good engineering can make. Most worms out there are relatively unsophisticated, or are developed by people with limited means to pull off quick scams.
Stuxnet shows what a truly determined adversary can do. One who knows your internal processes. One who understands your industry-specific software - the stuff nobody outside the industry ever touches. One who has a large team of talented programmers, carefully designing and building the attack. One who has access to government resources - the ability to tap communications lines, inject traffic, etc. One who is funded strategically - they don't want to hold your business for ransom for $1M, they want your $100B company to collapse so that one they favor can take over, or whatever.
The software out there that runs on intranets around the world is some of the most insecure stuff you'll ever see. It rarely gets subjected to serious attack, and the vulnerabilities aren't evident to the average corporate IT guy who is just doing basic due-diligence. Your average PHB doesn't want to pay for testing that will actually uncover serious flaws - they want the system to look good to their customers and have the right bells and whistles - and pricetag.
We'll see more of these attacks in the future - count on it...
Trials are expensive and the schedules are always packed.
And yet despite all this "expense" they can't be bothered to pay the jurors the market value of their time as well as for inconvenience?
I suspect more would be happy to serve on jury duty if they got paid the judge's salary to sit there.
Agreed - everybody else in that courtroom is paid to be there.
When I was in jury selection one guy who was called claimed the excuse that he was a lawyer who had to prepare for a trial. He was immediately excused. I didn't hear anybody else who just had a job to do get excused.
I've known people called as witnesses in courts and they get similar treatment. They're forced to show up and are not paid, and half the time somebody goofs and there is a continuance. Oh well, good thing everybody else gets paid to be there whether anything gets done or not.
People should be paid more than their current salary to be on a jury, to compensate them for the fact that their boss is going to be upset that they didn't weasel their way out. Will that cost taxpayers money, sure? Maybe then we'll think twice about what we drag people into court for, and court fees can be raised accordingly to cover the true value of everybody's time.
I suspect that way back in the past jurors were decently compensated. The problem is that the fees were not adjusted for inflation, so we probably get the same daily rate they got back when Parliament was running things.
Well, at least in the Philadelphia region the state police routinely survail the onramps to highways like I-95 from the first stop in Delaware and people entering from that onramp are often stopped to check for alcohol. Another beautiful feature of PA law is that it is illegal to smuggle alcohol into the state - personal use or otherwise.
Good thing we have strong laws. We wouldn't want to be like Europe where everybody is intoxicated all day long, from age 3 and up, right?
The DNA of mitochondria, a cell within a cell, is like bacteria and has no protective protein covering.
And why should it last any longer after 100 generations of egg production and 30 years of dormancy than it would last after 100 generations of sperm production and no dormancy? It isn't like the eggs aren't duplicates in the first place - the difference is when they form.
Maybe it makes a difference, and maybe there is life on titan. Saying it doesn't make it so.
The mechanism for passing on pure mitochondria was to preserve it in a female egg, thus arose the need for sexes.
While an interesting idea, I'd like to see some proof that mitochondrial preservation was the primary driver behind the need for sexes. Could not hermaphroditic organisms employ the same mechanism to protect mDNA, assuming such protection is even necessary?
Again, this and much else about cells, such as DNA-RNA and other quite complex cellular mechanisms that we read about, is universal in all life.
No argument there. The question is WHY is it conserved, and are all elements of this truly important, or do they just happen to come together?
I think the only thing that can truly answer these questions are experiments - not conjecture about mechanisms. Sure, you have to start with a hypothesis, but you can't stop there.
It's quite the commonly-known fact that solely female mitochondria get inherited in humans.
Yes. I knew that already.
What isn't known is if it actually makes a difference. An anecdote doesn't constitute strong evidence - especially a human example since clearly no living human was conceived under controlled experimental conditions.
I dunno - is there an AMI for that hacking tool? I can think of a way to obtain enough bandwidth to do the job... :)
Sure, but then after the disaster is over you find that you are fired, a scapegoat, and unemployable.
This is really just a case of long-term self-preservation vs short-term self-preservation.
Maybe if companies weren't able to get away with sleazy safety practices then people wouldn't be more afraid for their jobs than their lives.
Interesting. Do you have a citation for this study where they actually grew embryos to term using male and female-originated mitochodria and determined that it actually made a difference?
I'm not quite sure why the DNA in the mitochondria would be any more aged and defective than the haploid genome in the sperm in the first place. It is true that eggs in a woman are essentially formed early vs sperm forming late, but that applies to all DNA in the sperm and not just the mitochondria.
Maybe you're right and that it is this way for a reason. However, having a nice argument doesn't really translate into proof...
Agreed - this is interesting stuff, but this isn't airtight evidence of life on titan or something like that.
Most people who discover stuff like this just publish it in the literature and then let the NYT science page or whatever pick it up.
I mean really - if you have a major article in Science it isn't like you need to hype it up a whole lot more for it to get attention.
On the other hand, they could very well have more controls/etc - journals like Science like to keep things really brief due to the demand for space, so they're not going to publish tons of supporting data. That said, the researchers probably would have done well to publish the supporting details elsewhere in anticipation of this demand.
The difference between how these things were handled decades ago and today is that anybody can publish a blog, and thus you don't have to wait six months for the filtered letters to the editor to come out in Science/etc.
My feeling when I heard the announcement is that this was an AWFULLY big claim to make based on indirect evidence like what they had.
The paper itself was probably fine. The big issue was how it was blown up.
Confirmation by independent methodology would only make sense here. Some controls would also make sense - take some ordinary bacteria with ordinary DNA, mix them up with arsenate solutions like what were used, and then purify the DNA in the same way and show that the arsenate ISN'T carried over.
You could probably also do some mass spec work to show that the arsenic is incorporated into the DNA backbone. In fact, that would tell you exactly how it is incorporated.
Part of the issue is that this is a mixture of microbiology and analytical chemistry, and getting it all right requires multidisciplinary collaboration. A mistake anywhere along the line invalidates the results.
The other big objection I have to this whole debacle is the over-hyping. People are trumping this as a "this changes everything" moment and talk about independent abiogenesis. All I see is evidence for bacteria that have evolved the ability to live on lots of arsenic. Considering we have bacteria adapted to just about every niche we can explore this doesn't surprise me. Now, if we sequence their DNA and find that it bears no relationship or a VERY distant relationship to other forms of life then I'll be impressed. Actually, I'm still impressed, as this is exotic stuff. However, it really isn't life-on-Titan levels of exciting yet.
The bottom line is that big claims require big evidence and confirmation. I'd love to see confirmation on this, and in the meantime there is nothing wrong with experts in the field pointing out alternative explanations for the results. Science is all about disproving the null, and that means disproving all the alternatives. Sure, there is a cutoff where things get general acceptance, but it isn't a few days after initial publication...
Uh, I'm not sure whether you can really use the term "majority" to describe the level of government funding. The "marginal" investment in this case averages something like a few hundred million dollars per compound, which is a pretty significant chunk of money - considering that most of the time that money gets spent to figure out that the drug doesn't work.
Sure, government tends to fund most of the blue-sky R&D, which is the interesting part. That is where you get the idea that disrupting enzyme X might cure disease Y. Maybe they might even suggest that compound Z inhibits enzyme X. What they never pay for is figuring out if compound Z also has the side effect of causing heart attacks, or whatever.
Oh, and such a system still allows for freeloaders. Once any government anywhere in the world develops a drug all the other ones can take advantage of it. So, what's to stop a first-world nation from not chipping in their fair share? And, what's to stop ALL the first-world nations from not chipping in their fair share?
I think the pure government R&D model needs to be tried before we abandon the status quo wholesale. I'm all for trying the experiment - the reward is potentially very high.
Clearly drug costs need to be contained. However, you can't reduce prices to the marginal price to manufacture a drug, unless you have the government fund 100% of the R&D. That is a valid model - and in fact you can leave the current industry alone and pursue it by just having the NIH or whatever just develop some drugs start-to-finish and just release the compounds into the public domain. If as you say the industry investment is marginal then the taxpayer expense would be minimal. In reality taxpayers would spend quite a bit of money on this - though they would likely get a return on this investment.
Such a system still allows for freeloading. The US, as an example, could just choose to spend nothing on medical research, and instead leverage discoveries in Europe. The Europeans could get upset and axe their own R&D. Wonderful - a race for the bottom. There is no reason of course that this has to happen except human nature.
There are lots of open questions around how end-to-end government R&D would actually work out. I think it is worth trying just the same, but let's try it before we decide it is the perfect solution and get rid of patents/etc...
I tend to agree, although one aspect of their strategy at least makes sense.
They released the insurance file. Presumably over time they can release additional ones.
As long as the insurance files contain unredacted information that is MORE damaging than the stuff that will be released, there is incentive for governments to leave wikileaks alone.
On the other hand, no doubt the powers that be will place the wikileaks operators under heavy survailence, with the intent of figuring out who has the keys to the insurance files. If they feel confident that they know where all the keys are, they could act quickly and secure everything in a single move. Of course, to do that they need to sequester the keyholders indefinitely - if they provide them access to attorneys, press, etc, then the keys could be disclosed.
While this is a fairly dangerous cat-and-mouse game, the wikileaks strategy actually could be better in the long-term for their operations. A more decentralized system would probably still be more effective, if it could be made to work (who do you leak something to, when nobody is in charge?).
In theory Freenet/I2P and tor internal sites already form a way to disclose leaks in a fairly secure and hard to stop way. The problem is that these kinds of decentralized technologies are so arcane that the people who have the information to leak don't use them.
Uh, I think my 450D supports the image authenticity checks, although I don't know if Canon uses a different system in their higher-end cameras. Sure, any DSLR is going to be moderately expensive, but $500 isn't exactly massive in cost.
Also - any camera that supports EF-mount lenses will support the latest-and-greatest L-series lenses. You don't need a $2k camera to use a $2k lens. Their bottom-of-the-line $500 DSLR body will work just fine with them (and the cheaper ones also support the EF-S lenses - one or two of which are L-level quality for a lot less cost, but for marketing reasons they won't put an EF-S lens in that series since the people with the $2k cameras that don't support them would feel left out).
Finally, there are lots of half-decent lenses out there that don't have the red band on them. Sure, the L-lenses are certainly nice, but you can do quite fine with a lot less.
So, what you're saying is that I should write a virus that claims to have encrypted user data, and demands money, but in reality it just overwrites the data with random bytes.
Then I can collect the money and sleep in good conscience, knowing that I'm destroying the market for others doing this scam, and thus helping the human race by making it less likely that others will do the same?
While we're at it, maybe we can start hijacking planes, and then blowing them up after our demands are met. Suddenly terrorism-for-ransom goes away too. (Not that much terrorism-for-ransom actually happens much nowadays anyway.)
And no, I'm not suggesting that anybody should actually do these things...
I doubt the guys collecting the money care about bank charges. They just make it the user's problem to figure out how to get the money to them. If it costs $1k to send them $100 they still get their $100.
I'm using sarab with some shell scripts to manage my backups to S3. Everything gets gpg encrypted before it leaves my PC, and backups are differential.
I'm backing up maybe 12GB of data, and the total space I'm paying for isn't a whole lot more than that. I run a full backup, then 8 weekly backups against each other, and then daily backups against the previous weekly. Then I start over.
Data transfer is the biggest expense - but even so I pay less than $5/month for the whole thing. I use their reduced-redundancy storage rate (the whole thing is already redundant) to save a bit.
The only advantage a commercial service might have besides convenience is de-duplication, if you trust them with your data. Since my data is encrypted prior to leaving my PC, there is no way on the S3 side to consolidate different backups.
The main reason I rolled my own was knowing that my data was secure. I get the daily sarab report via email, can check my backups from time to time if necessary, and I know that nothing leaves my server unsecure since I wrote the code. The last step before upload is gpg, so the risk of any kind of leak is pretty minor - I encrypt everything from data to metadata. Basically I create a local backup with sarab/dar, and then run the whole directory through gpg to create an encrypted copy, and use s3cmd to sync that up with S3 (which uses hashes to identify and upload modified files).
I have about 15Mbps outgoing, and those full backups can take a while. However, it isn't that big a deal since that happens once every two months.
Oh, don't count on getting more than 2-3Mbps up to S3 anyway - I don't know where the bottleneck is but I rarely can burst to them at my full link speed.
In the extended Star Trek canon dilithium was commonly mistaken for quartz. So, we have prior art on this one. :)
Well, not having read up on him much, could this just be a case of the lamppost principle? Maybe some particular technology allows gold impurities to be separated more readily than in other metals. If so, then we might as well see what we find when we look for them.
In theory you're as likely to find a magnetic monopole in a teacup as you are to find one in a massive tank of super-ultra-pure water buried a mile under a mountain in a salt mine. However, you're a lot more likely to detect the monopole in the latter than in the former, so that is where we look for them.
Ditto with studying genetics in E. Coli - do we care about the bacteria that much? No, but chances are that if you find something interesting going on you'll have a wealth of other material to leverage when figuring out how it works.