Agree. It seems like a simple solution is to unbundle the testing and interpretation.
This is really no different from any other area of testing. A lab can assay the creatinine in my blood, or the microalbumin in my urine, or the concentration of glucose in my blood. Those results are likely to be very accurate and reproducible unless the lab is just criminally negligent.
What those results mean is an entirely different matter. A doctor will certainly utilize those results as well as the results of many other tests, history, interviewing the patient, and so on to make a diagnosis, and refine it as more data comes in.
Just make the labs, well, labs. Now you can certify them far more objectively.
everyone accepts that (for a given purpose; bank vaults and nuclear installations get judged differently than houses) there is some level of 'reasonable security', which reflects appropriate caution on the policyholder's part; but is known to be breakable.
I agree with your post. I'll just add that a big problem with IT security is that companies cannot rely on the same level of protection from governments in preventing intrusion.
For example, if I have a safe in my house, the means an attacker would have to penetrate it are going to be limited. Since my township has police and neighbors that wander around, they can only spend so much time there before they're likely to be detected. They can generally only carry in stuff that will fit in the doors and is man-portable, since if they have to cut a hole in the house and lower their equipment using a giant crane somebody is likely to notice. If they want to use explosives they will have to defeat numerous regulatory and border controls designed to prevent criminals from gaining access to them, and of course they will be detected quickly. Some destructive devices like nuclear weapons are theoretically possible to use to crack a safe, but in practice as so tightly controlled that no common thief will have them. If the criminal is detected at any point, the police will respond and will escalate force as necessary - it is extremely unlikely that the intruder will actually be able to defeat the police. If the criminal attempted to bring a platoon of tanks along to support their getaway the US would mobilize its considerable military and destroy them.
On the other hand, if somebody wants to break into my computer over the internet, most likely nobody is going to be looking for their intrusion attempts but me, and if they succeed there will be no immediate response unless I beg for a response from the FBI/etc. An intruder can attack me from a foreign country without ever having to go through a customs control point. They can use the absolute latest technology to pull off their intrusion. Indeed, a foreign military might even sponsor the intrusion using the resources of a major sate and most likely the military of my own state will not do anything to resist them.
The only reason our homes and businesses have physical security is that we have built governments that provide a reasonable assurance of physical security. Sure, we need to make small efforts like locking our doors to sufficiently deter an attacker, but these measures are very inexpensive because taxpayers are spending the necessary billions to build all the other infrastructure.
When it comes to computer security, for various reasons that secure environment does not exist.
If a company cuts corners on security, then in the same way that if I leave my door unlocked and get burgled, I can't make a claim. There's going to be a good living for lawyers establishing what is the required level of security. But if this incentivises senior managers to ask the right questions, then it's probably a good development.
Maybe. If you're buying an insurance policy to cover leaks of information, then almost by definition any claim is going to be the result of lax security. So, why bother buying insurance at all if the insurer can get out of it? The likely result is that those harmed won't be able to collect damages since there will be no insurance, and the company that lost the data will simply declare bankruptcy.
I think there are better precedents. For example, my company is routinely audited by its insurers or other certification bodies. If they spot a blocked electrical panel, that has consequences for the company. The purpose of the audits is to PREVENT bad things from happening, and of course passed audits will support later claims if something bad things happen anyway.
So, why not do the same with "cyber policies" or whatever they're calling them. The insurer states some standard that the policyholder is to be audited against. The policyholder agrees to be audited. If the audit passes, they're in the clear.
And that is what insurance is about - elimination of risk. If you are in charge of some big company you can get the blessing of the appropriate auditors and now it isn't you're fault if something bad happens. It is a bit like having an IT team with skin in the game.
Sure, you can hire what you think is a good IT security team, but how do you really know if you've gotten one? If you buy a cyber insurance policy you're getting that IT audit, but then if you're declared clean and you get burned anyway, that insurance company comes in and puts their money behind their words and pays for your loss. THAT is what insurance is supposed to be.
Plus, oversimplification can be used to justify all kinds of short-sighted behavior, with all the plausible deniability you describe.
I remember learning my company's brand of six sigma, and they stressed not having more than a few CTQs for any process. It made for really nice-looking powerpoint slides (which seemed to be the main output of my company's six sigma efforts). It also made for some really broken processes in some cases, because the stuff the company was making was really hard to make. There were cases where somebody would optimize out some $10 part and end up destroying a million dollars worth of product from time to time due to a failure to deliver an acceptable level of quality. But, when you only focus on 3-5 key quality attributes, it is hard to justify every little $10 part in the multi-million-dollar manufacturing process.
I'm fairly convinced that far more was lost in market share due to an inability to meet demand than was ever gained from optimizing out the odd $10 part.
"For every complex problem there is an answer that is clear, simple, and wrong." --H. L. Mencken
Maybe Greeks are different but in Germany, if you borrow money, you are fully expected to pay it back. As soon as possible. Greece can make as much racket as it likes, but the Germans still want their money back. And frankly, I agree. If Greece is not willing to pay back what they take, that's theft, and they can go without aid for all I care. Especially when the borrowed money doesn't actually go to fixing its major economic issues.
That is a fairly naive viewpoint. No business approaches loans in this way. A loan is a contract, with terms that apply in the event of default, and terms governing repayment. Defaulting on a loan has consequences, but most businesses do not view it as a moral issue. If it ever becomes advantageous to default on a loan, they will do so. If it is advantageous to take measures to hinder attempts at collection, they will do this as well. As far as they're concerned, it isn't theft - it is just the terms of the agreement the lender agreed to. Most nations have bankruptcy laws, and sovereign nations have, well, sovereignty. Lenders who agree to make loans do so with full knowledge of these laws.
So, if a person declares bankruptcy I do not believe they are committing theft - the lender understood the bankruptcy laws when they freely made the loan, and they did so at an interest rate that they considered profitable even in light of this risk. Likewise, when a bank lends to a sovereign nation, they do so knowing that they have very little recourse if the nation chooses to default on the loan.
To the extent that anybody was forced to loan money against their will, they might be able to claim that whoever forced them to lend money was a thief.
Greece already has a primary surplus so they can cover their own needs. The problem is that the external debt is simply not viable. Up to 2030 greek debt obligations are up to 140billion euros. So while Greece managed with great sucrifices to have an unhealthy surplus based on neoliberal policies that finely IMF imposes for decades now, they still need 140/15 = 9 billions in average extra surplus for the next 15 years.
Well, the solution is simple then - they should just default. As long as they are internally self-sufficient as you assert, it won't be a problem for them. They won't be able to borrow money for a long time, but they shouldn't have to.
However, I'm not convinced their cash flow is nearly as rosy as you suggest. And of course they need to be able to defend their own borders/etc if they don't want somebody ticked off about their debts to come looking to collect.
And this is a general problem with federated governments. When it comes to socialism/etc they tend to be a race to the bottom, because companies can effectively pay the lowest tax rate anywhere in the federation. It happens in the US as well - if a US state wanted to raise state income taxes to 60% and pay basic income to all their residents, their employment would go to zero because companies would flee the state, since they could do so while still being able to sell their wares in the state's market, since US states cannot interfere with interstate commerce. This is why US states are only "laboratories of democracy" to a limited extent.
If you want to have different tax rates and social policies, then you need to have tariffs at the border. That is obviously a two-edged sword, but it is still the reality of the economics.
Somehow I doubt that is going to work on my $70 Seagate 7200RPM hard drive plugged into my $50 motherboard or $20 SATA controller card. However, by all means let me know if it will.
Plus, COW filesystems offer a lot more than just data checksumming.
Agree, as the other reply pointed out as well. And you can do the same with mdadm raid too (though obviously with none of the benefits btrfs/zfs bring for data integrity like checksumming and copy-on-write). Mdadm will also let you reshape an array in place (that is change raid levels or number of disks), though with mdadm that will often result in messing up your stripe alignment and of course it is more likely to eat your data if something goes wrong since if it finds a parity mismatch it has no way to know which copy is bad.
I was just commenting that btrfs tends to have a lot of features that appeal to small system users that you'll actually find missing on zfs, even if it is far less mature overall, and lacking in many enterprise-scale features. It just reflects the emphasis of the developers behind it.
I really can't complain about zfs - it is a great filesystem. However, things like not being able to reshape an array or mix disk sizes in an array are some of the things that hold me back from adopting it. Heck, btrfs will let you switch from raid1 to raid5 without touching any of the data already written - newly-allocated chunks will use raid5 and existing chunks will continue to use raid1 - it doesn't manage arrays at the whole-device level. In practice though you're likely to tell it to rebalance your data of course.
Sure, but with btrfs you can just add one drive and sometimes get its entire capacity added to your array - it works fine with mixed-size disks.
Of course, it might just decide not to boot the next day, and that is the downside to btrfs. It does tend to be a bit more friendly in scenarios where you have a small number of disks, though, which was my main point.
Why would you want to add just one drive to a server with 5x 6-drive RAID6 arrays? Just add another 6 drives at a time.
ZFS isn't ideal for growing like that since it doesn't do rebalancing. Your younger raid arrays will always have more data on them. Also zfs destroy is very expensive.
Perhaps, but my point was more that if you want to grow ZFS this is the ONLY way to actually do it, as far as I'm aware. You can't add individual drives to individual "vdevs."
The problem is that the feature-list for ZFS is very enterprise-oriented.
Why would you want to add just one drive to a server with 5x 6-drive RAID6 arrays? Just add another 6 drives at a time.
On the other hand, if you have a PC with 3 drives in RAID5, you could easily want to turn that into a 4-drive RAID5 or a 5-drive RAID6 in-place.
Btrfs has a lot of features that are useful for smaller deployments, like being able to modify the equivalent of a vdev in-place. ZFS on the other hand has a lot of features like ZIL that are very useful for larger deployments.
Agree. RTGs aren't actually all that efficient - they're a very primitive form of nuclear power. Their advantage is in their simplicity and longevity, which makes them great for things like spacecraft that need low power for VERY long duration, and where repairs are impossible.
You'd need a pretty big aircraft before nuclear turns into a viable option.
I'm interested in whether this is limited to ONLY proprietary research.
I could actually see an argument for banning export of such research. Do we really want companies finding flaws in widely-used software, keeping those flaws secret from the software vendors and the general public, but then selling details on those flaws to others who could potentially turn around and exploit them? In a sense, this does sound like a munition.
I don't see the same concern with public research. If you disclose a vulnerability publicly, then everybody can fix it, and that strengthens the ecosystem instead of weakening it.
If the ban were limited to proprietary research, I don't see it as a bad thing. Of course, it does nothing to keep companies from selling their findings to NSA contractors and such, but I don't expect the US to lift a finger to ban practices like these.
Diagramming on a whiteboard remotely is a different problem. It's easily solved by pointing the camera at the whiteboard behind you, at least when you have 3 different people in 2 locations. When you have 27 locations and 150 people on the call, what then? A shared whiteboard that everyone fucks up completely in the first 15 seconds because there is not enough whiteboard space?
In my experience the problem isn't getting everybody to not scribble on the board. The problem is that everybody has a 14" monitor and it is just really hard to do anything freehand on such a display. Maybe with graphics tablets and better software it might work.
Even diagramming something solo is a mess in my experience. I tend to end up doing mindmaps or outlines in Word or visio, but the last tends to be pretty painful to do quickly.
Depends on how badly your meetings are organized... no offense. If you structure them properly you can use whiteboards just fine. Works the same with power point. If you can't see the whiteboard than how can you see the power point?
The powerpoint is shared over webex, which is how everybody is connected to the meeting?:)
Not sure what benefit "tampering" would provide. Why would you have to take it apart to extract its secrets, when you can just: steal the person's smartphone/computer and the yubikey, and use them in tandem to authenticate yourself as the user to whatever services they have locked behind it? You can use the Yubikey all by itself, assuming you have exclusive physical access to the device, to make it serve its purpose for you, the attacker.
Sure, but you can ONLY use it while it is under your control if the embedded keys cannot be extracted.
If they can, then you can duplicate the key and return the original, perhaps undetected. That gives you the ability to retain access to whatever was secured.
There is definitely value in tamper-resistant key vaults.
There are so many ways that could be abused though - both by the ISPs and the end users.
Game server too laggy? Switch it to port 443 UDP - ISPs will think it's Skype voice and give it top priority.
There is a really simple solution to this. Allow users to set their own QoS rules, and the ISPs respect them, and can charge a different rate for different levels of service.
So, if you just want your SYNs prioritized it isn't a problem, and it probably won't cost you much. If you want your bittorrent traffic prioritized, that also isn't a problem, and it will cost you a fortune.
If everybody tried to ship all their mail/etc FedEx priority overnight FedEx would grind to a halt for months until they scaled up. It isn't a problem, and there are no limitations on what can be sent priority overnight, but people regulate themselves because most will not pay $70 to ship something when the $7 service that takes 2 days longer is good enough.
Geographical project management is a known hard problem. Most professionals are sloppy, and so only a few really good project managers can manage wide, disparate teams.
No argument there. However, project management and diagramming on a whiteboard remotely are really two different problems.
We have a couple of whiteboards that will spit out a printed copy of what is on them or send off a PDF of what is on them. Seems to work great.
That wouldn't work for a realtime meeting (think webex/etc). Also, if it only prints then you end up digitizing that and looking at it on a screen, which might or might not be readable.
One challenge with replacing whiteboards is just how much info you can present. If you're working close to it you could be writing on post-its/etc and it could be the equivalent of 30+pages of content on regular paper. Short of having ubiquitous 2m monitors I'm not sure if you'll ever completely replace them.
If you have an existing system that is as good as a more expensive electronic option then you would be foolish to replace the existing system.
Chalkboards and whiteboards are fine. They're entirely modern and you'll find them in use in modern business and modern academic settings at the HIGHEST level.
Yes and no. What I struggle with is the fact that most of the teams I work with are global in scale, and thus the whiteboard just doesn't work, and I've yet to find a really good alternative. Whiteboards also are not self-documenting. I've literally snapped photos of them with my cell phone and then I have to try to scroll around them on a tiny monitor (even on a PC).
I'm not sure whether Microsoft has a compelling solution to this problem, but I'm willing to buy into the argument that whiteboards are non-ideal in a lot of situations.
Now, in a traditional classroom with a teacher and 25 kids watching them lecture in a single room, I think the whiteboard works just fine. I do realize that is the focus of this discussion.
chalkboards and whiteboards are entirely reasonable in lectures and are still used in modern settings in business all the time.
TBH, whiteboards are pretty limiting in modern business settings these days. I love and hate them.
I love them because they really are the best medium for getting the job done.
I hate them because in a typical meeting only 10% of the participants can see the whiteboard, and we don't have many electronic alternatives that don't suck.
A good solution for students that actually works when viewed remotely would probably be something that would take off in the large business world.
The NTSB says he's been cooperative, so I guess your theory is bogus. As far as "lawyering up," well, that might have something to do with people like you that have already tried, convicted, and sentenced him. Retaining counsel is not an admission of guilt in our system of jurisprudence.
Indeed, the NTSB has in the past discouraged rushes to prosecution. Our standard justice system is outstanding at thoroughly punishing people anytime something goes wrong (regardless of whether they could have done much about it happening). It is less good at actually fixing problems so that they don't happen over and over again. The NTSB tends to take a longer view and they're less interested in whether one train engineer goes to jail than why we have a system where a single delinquent engineer can kill a whole bunch of people. That kind of distinction is why aircraft are so much safer than cars. With a car crash we throw the drunk in jail. With a plane crash we ask how it was that a drunk even was able to get behind the controls, and thus we don't really have drunks flying planes because there are so many places they'd get caught along the way that it just doesn't happen. The former approach leads to lots of satisfied families who can watch their loved one's killer rot in jail, while the latter approach avoids having victims in the first place.
Slashdot Mirror
Agree. It seems like a simple solution is to unbundle the testing and interpretation.
This is really no different from any other area of testing. A lab can assay the creatinine in my blood, or the microalbumin in my urine, or the concentration of glucose in my blood. Those results are likely to be very accurate and reproducible unless the lab is just criminally negligent.
What those results mean is an entirely different matter. A doctor will certainly utilize those results as well as the results of many other tests, history, interviewing the patient, and so on to make a diagnosis, and refine it as more data comes in.
Just make the labs, well, labs. Now you can certify them far more objectively.
everyone accepts that (for a given purpose; bank vaults and nuclear installations get judged differently than houses) there is some level of 'reasonable security', which reflects appropriate caution on the policyholder's part; but is known to be breakable.
I agree with your post. I'll just add that a big problem with IT security is that companies cannot rely on the same level of protection from governments in preventing intrusion.
For example, if I have a safe in my house, the means an attacker would have to penetrate it are going to be limited. Since my township has police and neighbors that wander around, they can only spend so much time there before they're likely to be detected. They can generally only carry in stuff that will fit in the doors and is man-portable, since if they have to cut a hole in the house and lower their equipment using a giant crane somebody is likely to notice. If they want to use explosives they will have to defeat numerous regulatory and border controls designed to prevent criminals from gaining access to them, and of course they will be detected quickly. Some destructive devices like nuclear weapons are theoretically possible to use to crack a safe, but in practice as so tightly controlled that no common thief will have them. If the criminal is detected at any point, the police will respond and will escalate force as necessary - it is extremely unlikely that the intruder will actually be able to defeat the police. If the criminal attempted to bring a platoon of tanks along to support their getaway the US would mobilize its considerable military and destroy them.
On the other hand, if somebody wants to break into my computer over the internet, most likely nobody is going to be looking for their intrusion attempts but me, and if they succeed there will be no immediate response unless I beg for a response from the FBI/etc. An intruder can attack me from a foreign country without ever having to go through a customs control point. They can use the absolute latest technology to pull off their intrusion. Indeed, a foreign military might even sponsor the intrusion using the resources of a major sate and most likely the military of my own state will not do anything to resist them.
The only reason our homes and businesses have physical security is that we have built governments that provide a reasonable assurance of physical security. Sure, we need to make small efforts like locking our doors to sufficiently deter an attacker, but these measures are very inexpensive because taxpayers are spending the necessary billions to build all the other infrastructure.
When it comes to computer security, for various reasons that secure environment does not exist.
If a company cuts corners on security, then in the same way that if I leave my door unlocked and get burgled, I can't make a claim. There's going to be a good living for lawyers establishing what is the required level of security. But if this incentivises senior managers to ask the right questions, then it's probably a good development.
Maybe. If you're buying an insurance policy to cover leaks of information, then almost by definition any claim is going to be the result of lax security. So, why bother buying insurance at all if the insurer can get out of it? The likely result is that those harmed won't be able to collect damages since there will be no insurance, and the company that lost the data will simply declare bankruptcy.
I think there are better precedents. For example, my company is routinely audited by its insurers or other certification bodies. If they spot a blocked electrical panel, that has consequences for the company. The purpose of the audits is to PREVENT bad things from happening, and of course passed audits will support later claims if something bad things happen anyway.
So, why not do the same with "cyber policies" or whatever they're calling them. The insurer states some standard that the policyholder is to be audited against. The policyholder agrees to be audited. If the audit passes, they're in the clear.
And that is what insurance is about - elimination of risk. If you are in charge of some big company you can get the blessing of the appropriate auditors and now it isn't you're fault if something bad happens. It is a bit like having an IT team with skin in the game.
Sure, you can hire what you think is a good IT security team, but how do you really know if you've gotten one? If you buy a cyber insurance policy you're getting that IT audit, but then if you're declared clean and you get burned anyway, that insurance company comes in and puts their money behind their words and pays for your loss. THAT is what insurance is supposed to be.
Heck, I remember continuous film slide projectors in school where the projector even auto-advanced the slides when it heard the bing. :)
Plus, oversimplification can be used to justify all kinds of short-sighted behavior, with all the plausible deniability you describe.
I remember learning my company's brand of six sigma, and they stressed not having more than a few CTQs for any process. It made for really nice-looking powerpoint slides (which seemed to be the main output of my company's six sigma efforts). It also made for some really broken processes in some cases, because the stuff the company was making was really hard to make. There were cases where somebody would optimize out some $10 part and end up destroying a million dollars worth of product from time to time due to a failure to deliver an acceptable level of quality. But, when you only focus on 3-5 key quality attributes, it is hard to justify every little $10 part in the multi-million-dollar manufacturing process.
I'm fairly convinced that far more was lost in market share due to an inability to meet demand than was ever gained from optimizing out the odd $10 part.
"For every complex problem there is an answer that is clear, simple, and wrong."
--H. L. Mencken
Maybe Greeks are different but in Germany, if you borrow money, you are fully expected to pay it back. As soon as possible. Greece can make as much racket as it likes, but the Germans still want their money back. And frankly, I agree. If Greece is not willing to pay back what they take, that's theft, and they can go without aid for all I care. Especially when the borrowed money doesn't actually go to fixing its major economic issues.
That is a fairly naive viewpoint. No business approaches loans in this way. A loan is a contract, with terms that apply in the event of default, and terms governing repayment. Defaulting on a loan has consequences, but most businesses do not view it as a moral issue. If it ever becomes advantageous to default on a loan, they will do so. If it is advantageous to take measures to hinder attempts at collection, they will do this as well. As far as they're concerned, it isn't theft - it is just the terms of the agreement the lender agreed to. Most nations have bankruptcy laws, and sovereign nations have, well, sovereignty. Lenders who agree to make loans do so with full knowledge of these laws.
So, if a person declares bankruptcy I do not believe they are committing theft - the lender understood the bankruptcy laws when they freely made the loan, and they did so at an interest rate that they considered profitable even in light of this risk. Likewise, when a bank lends to a sovereign nation, they do so knowing that they have very little recourse if the nation chooses to default on the loan.
To the extent that anybody was forced to loan money against their will, they might be able to claim that whoever forced them to lend money was a thief.
Greece already has a primary surplus so they can cover their own needs.
The problem is that the external debt is simply not viable. Up to 2030 greek debt obligations are up to 140billion euros. So while Greece managed with great sucrifices to have an unhealthy surplus based on neoliberal policies that finely IMF imposes for decades now, they still need 140/15 = 9 billions in average extra surplus for the next 15 years.
Well, the solution is simple then - they should just default. As long as they are internally self-sufficient as you assert, it won't be a problem for them. They won't be able to borrow money for a long time, but they shouldn't have to.
However, I'm not convinced their cash flow is nearly as rosy as you suggest. And of course they need to be able to defend their own borders/etc if they don't want somebody ticked off about their debts to come looking to collect.
And this is a general problem with federated governments. When it comes to socialism/etc they tend to be a race to the bottom, because companies can effectively pay the lowest tax rate anywhere in the federation. It happens in the US as well - if a US state wanted to raise state income taxes to 60% and pay basic income to all their residents, their employment would go to zero because companies would flee the state, since they could do so while still being able to sell their wares in the state's market, since US states cannot interfere with interstate commerce. This is why US states are only "laboratories of democracy" to a limited extent.
If you want to have different tax rates and social policies, then you need to have tariffs at the border. That is obviously a two-edged sword, but it is still the reality of the economics.
Somehow I doubt that is going to work on my $70 Seagate 7200RPM hard drive plugged into my $50 motherboard or $20 SATA controller card. However, by all means let me know if it will.
Plus, COW filesystems offer a lot more than just data checksumming.
Agree, as the other reply pointed out as well. And you can do the same with mdadm raid too (though obviously with none of the benefits btrfs/zfs bring for data integrity like checksumming and copy-on-write). Mdadm will also let you reshape an array in place (that is change raid levels or number of disks), though with mdadm that will often result in messing up your stripe alignment and of course it is more likely to eat your data if something goes wrong since if it finds a parity mismatch it has no way to know which copy is bad.
I was just commenting that btrfs tends to have a lot of features that appeal to small system users that you'll actually find missing on zfs, even if it is far less mature overall, and lacking in many enterprise-scale features. It just reflects the emphasis of the developers behind it.
I really can't complain about zfs - it is a great filesystem. However, things like not being able to reshape an array or mix disk sizes in an array are some of the things that hold me back from adopting it. Heck, btrfs will let you switch from raid1 to raid5 without touching any of the data already written - newly-allocated chunks will use raid5 and existing chunks will continue to use raid1 - it doesn't manage arrays at the whole-device level. In practice though you're likely to tell it to rebalance your data of course.
Sure, but with btrfs you can just add one drive and sometimes get its entire capacity added to your array - it works fine with mixed-size disks.
Of course, it might just decide not to boot the next day, and that is the downside to btrfs. It does tend to be a bit more friendly in scenarios where you have a small number of disks, though, which was my main point.
ZFS isn't ideal for growing like that since it doesn't do rebalancing. Your younger raid arrays will always have more data on them.
Also zfs destroy is very expensive.
Perhaps, but my point was more that if you want to grow ZFS this is the ONLY way to actually do it, as far as I'm aware. You can't add individual drives to individual "vdevs."
The problem is that the feature-list for ZFS is very enterprise-oriented.
Why would you want to add just one drive to a server with 5x 6-drive RAID6 arrays? Just add another 6 drives at a time.
On the other hand, if you have a PC with 3 drives in RAID5, you could easily want to turn that into a 4-drive RAID5 or a 5-drive RAID6 in-place.
Btrfs has a lot of features that are useful for smaller deployments, like being able to modify the equivalent of a vdev in-place. ZFS on the other hand has a lot of features like ZIL that are very useful for larger deployments.
Agree. RTGs aren't actually all that efficient - they're a very primitive form of nuclear power. Their advantage is in their simplicity and longevity, which makes them great for things like spacecraft that need low power for VERY long duration, and where repairs are impossible.
You'd need a pretty big aircraft before nuclear turns into a viable option.
I'm interested in whether this is limited to ONLY proprietary research.
I could actually see an argument for banning export of such research. Do we really want companies finding flaws in widely-used software, keeping those flaws secret from the software vendors and the general public, but then selling details on those flaws to others who could potentially turn around and exploit them? In a sense, this does sound like a munition.
I don't see the same concern with public research. If you disclose a vulnerability publicly, then everybody can fix it, and that strengthens the ecosystem instead of weakening it.
If the ban were limited to proprietary research, I don't see it as a bad thing. Of course, it does nothing to keep companies from selling their findings to NSA contractors and such, but I don't expect the US to lift a finger to ban practices like these.
Diagramming on a whiteboard remotely is a different problem. It's easily solved by pointing the camera at the whiteboard behind you, at least when you have 3 different people in 2 locations. When you have 27 locations and 150 people on the call, what then? A shared whiteboard that everyone fucks up completely in the first 15 seconds because there is not enough whiteboard space?
In my experience the problem isn't getting everybody to not scribble on the board. The problem is that everybody has a 14" monitor and it is just really hard to do anything freehand on such a display. Maybe with graphics tablets and better software it might work.
Even diagramming something solo is a mess in my experience. I tend to end up doing mindmaps or outlines in Word or visio, but the last tends to be pretty painful to do quickly.
Depends on how badly your meetings are organized... no offense. If you structure them properly you can use whiteboards just fine. Works the same with power point. If you can't see the whiteboard than how can you see the power point?
The powerpoint is shared over webex, which is how everybody is connected to the meeting? :)
Not sure what benefit "tampering" would provide. Why would you have to take it apart to extract its secrets, when you can just: steal the person's smartphone/computer and the yubikey, and use them in tandem to authenticate yourself as the user to whatever services they have locked behind it? You can use the Yubikey all by itself, assuming you have exclusive physical access to the device, to make it serve its purpose for you, the attacker.
Sure, but you can ONLY use it while it is under your control if the embedded keys cannot be extracted.
If they can, then you can duplicate the key and return the original, perhaps undetected. That gives you the ability to retain access to whatever was secured.
There is definitely value in tamper-resistant key vaults.
There are so many ways that could be abused though - both by the ISPs and the end users.
Game server too laggy? Switch it to port 443 UDP - ISPs will think it's Skype voice and give it top priority.
There is a really simple solution to this. Allow users to set their own QoS rules, and the ISPs respect them, and can charge a different rate for different levels of service.
So, if you just want your SYNs prioritized it isn't a problem, and it probably won't cost you much. If you want your bittorrent traffic prioritized, that also isn't a problem, and it will cost you a fortune.
If everybody tried to ship all their mail/etc FedEx priority overnight FedEx would grind to a halt for months until they scaled up. It isn't a problem, and there are no limitations on what can be sent priority overnight, but people regulate themselves because most will not pay $70 to ship something when the $7 service that takes 2 days longer is good enough.
Geographical project management is a known hard problem. Most professionals are sloppy, and so only a few really good project managers can manage wide, disparate teams.
No argument there. However, project management and diagramming on a whiteboard remotely are really two different problems.
We have a couple of whiteboards that will spit out a printed copy of what is on them or send off a PDF of what is on them. Seems to work great.
That wouldn't work for a realtime meeting (think webex/etc). Also, if it only prints then you end up digitizing that and looking at it on a screen, which might or might not be readable.
One challenge with replacing whiteboards is just how much info you can present. If you're working close to it you could be writing on post-its/etc and it could be the equivalent of 30+pages of content on regular paper. Short of having ubiquitous 2m monitors I'm not sure if you'll ever completely replace them.
If you have an existing system that is as good as a more expensive electronic option then you would be foolish to replace the existing system.
Chalkboards and whiteboards are fine. They're entirely modern and you'll find them in use in modern business and modern academic settings at the HIGHEST level.
Yes and no. What I struggle with is the fact that most of the teams I work with are global in scale, and thus the whiteboard just doesn't work, and I've yet to find a really good alternative. Whiteboards also are not self-documenting. I've literally snapped photos of them with my cell phone and then I have to try to scroll around them on a tiny monitor (even on a PC).
I'm not sure whether Microsoft has a compelling solution to this problem, but I'm willing to buy into the argument that whiteboards are non-ideal in a lot of situations.
Now, in a traditional classroom with a teacher and 25 kids watching them lecture in a single room, I think the whiteboard works just fine. I do realize that is the focus of this discussion.
chalkboards and whiteboards are entirely reasonable in lectures and are still used in modern settings in business all the time.
TBH, whiteboards are pretty limiting in modern business settings these days. I love and hate them.
I love them because they really are the best medium for getting the job done.
I hate them because in a typical meeting only 10% of the participants can see the whiteboard, and we don't have many electronic alternatives that don't suck.
A good solution for students that actually works when viewed remotely would probably be something that would take off in the large business world.
The NTSB says he's been cooperative, so I guess your theory is bogus. As far as "lawyering up," well, that might have something to do with people like you that have already tried, convicted, and sentenced him. Retaining counsel is not an admission of guilt in our system of jurisprudence.
Indeed, the NTSB has in the past discouraged rushes to prosecution. Our standard justice system is outstanding at thoroughly punishing people anytime something goes wrong (regardless of whether they could have done much about it happening). It is less good at actually fixing problems so that they don't happen over and over again. The NTSB tends to take a longer view and they're less interested in whether one train engineer goes to jail than why we have a system where a single delinquent engineer can kill a whole bunch of people. That kind of distinction is why aircraft are so much safer than cars. With a car crash we throw the drunk in jail. With a plane crash we ask how it was that a drunk even was able to get behind the controls, and thus we don't really have drunks flying planes because there are so many places they'd get caught along the way that it just doesn't happen. The former approach leads to lots of satisfied families who can watch their loved one's killer rot in jail, while the latter approach avoids having victims in the first place.
Except the NC constitution makes it not unitary, but at least semi-federalist
Well, to the degree that this is the case within a particular state, they certainly are sounding like hypocrites!