As the one who mandated the installation of CCTV all across the UK, I can promise it has made for a more harmonious integration of man than simple freedom alone would create.
I know companies are singular, but let's not assume that "Sony" has only one mind. The guys that thought it cool to release a PS2 Linux development platform are not, I'll wager, the same guys litigating about modifications, nor the same guys who are concerned about "shareholder value".
There is a lot of Sony. It's not a big shock to see "it" do apparently contradictory things.
"...if you can show anyone, all the plans to your most secure lock in the world, and they still can't break it, i'd say that's amazing."
It is amazing. If, on the other hand, everyone assumes your lock cannot be broken *because* you are willing to share the plans with them, it's just stupid.
"Although Free/Open security software is widely acknowledged to be better than commercial alternatives..."
I'm sure this point will rapidly become a chorus in this thread, but that sentence is pointless fluff.
Open source means you can could inspect the source. Iff you choose to expertly inspect the source you may come to understand the security parameters of the application. You'll know how it works, and a lot of what it depends on in terms of libraries, OS calls etc. And you can evaluate on those terms whether it provides an adequate level of security for the environment in which you intend to use it.
If you haven't audited the code, all you know is that the code is auditable. You know nothing about the security of the system.
Most of us here haven't performed any of these steps on systems like OpenSSH, for instance. Instead we rely on two things: that someone else has peformed a competent, honest audit; that so many people use it that if it had problems we'd all know (surely). Both of those are flimsy, when you come right down to it.
Open source only means you could audit it if you wanted to. It doesn't make it any more or less secure than anything else.
This isn't a perfect analogy, but think of it like a building, where port 80 is the front door that comes into the foyer. The windows are miscellaneous ports, and the loading dock is some port you use for something else (maybe 22).
Let's say you have a security system hooked up to the front door, the windows, loading dock doors etc. Normally pretty much anyone is allowed to walk through the front door. You do hope nobody manages to climb in through a window, and you have strictly controlled access via the loading dock.
Now if your reception is poorly designed your only hope is that nobody who walks through the front door hacks off the head of your receptionist and proceeds to go walkabout through the building screwing with things. If your reception is well designed this will be hard to do.
You could even have it so that there's some hazard to those right there in reception but breaking out of reception is as hard as breaking in any other way. But you don't just assume it's secure because it's nicely decorated or (in this case) because so many people walk through receptions it *must* be secure.
It's just a security model. If you alter the constraints and facilities of the environment, then you've also changed the range of threats to that environment. And you tailor the prophylactic security, intrusion detection and response to the potential threats and damage of compromise.
Overall, if you want to have any security, you have to think about security. However the hell you set up your systems.
Encoded at reasonable bit rates from a reasonable source MP3 can sound fine. I'm running a digital feed out of a Turtle Beach Santa Cruz and into a Cambridge Audio DACMagic II, amped by a Marantz PM66SE KI, with Mordaunt-Short MS25i floorstanders. Not a super high-end setup, but fairly solid mid-range equipment.
No, MP3s fed from the PC don't sound as good as the source CD. But they are close. Certainly close enough that if I'm sat at my PC doing work and just playing some music, the quality is more than adequate. It's even adequate for just sitting around listening to music.
The notion (posted somewhere in this sub-thread) that cars are soundproofed to a degree where road, engine and wind noise aren't significant noise factors (whilst moving, obviously) is bullshit. Plus car stereos even at the high end are compromised by their environment. You have a setup where space is at a premium, you don't have luxury of completely defining the acoustic enclosure (why don't all hi-fi speakers look like car doors?) or of seating those listening in an optimal position. Yes, you can design with this in mind. But you will always be behind equally-priced systems that don't suffer the same basic constraints.
So essentially, I think you're talking out of your arse about quality being the issue. The difference between MP3 and CD quality is minor compared to other factors.
I saw a BBC "Horizon" about this the other day on a flight. They talked a lot about "feeding" of apparent suppermassive black holes that they think live in (probably all) galactic centres.
Apparently they stop "feeding" after a while because the mass of the surounding matter in the galaxy means it won't fall in. The attraction from the black hole is balanced, so the matter orbits the hole. Anything itinerant -- like a comet say -- that passed near the hole slowly or closely enough would still get swallowed, but most of the galaxy should stay intact.
Of course, that's iff nothing else intereferes. The Andromeda Galaxy is heading our way, so in some (distant) future time matter in it will become a significant gravitational influence on matter in our own Milky Way. That should upset the balance, and researchers are hypothesising the disruption setting off feeding of the black holes at the centre of both galaxies, which will go on to swallow up large portions of each galaxy.
Your first point is valid, your second point is off target.
There will be people out there attepmting to hack, the same as there will be people attempting to break into houses. If you had the choice of hearing from those best-placed to break into you house exactly how they might choose to do it, giving you chance to prepare, wouldn't you take it? Or would you prefer to assume that because nobody's telling you that your house can be burgled, that nobody's about to break into your house?
Obviously, I'm assuming this is a troll. But just on the offchance it isn't, let's talk about the problems of your point.
First of all, logically extrapolating, there's some substance to what you say: if someone *doesn't* know about the security flaws of a system, they can't deliberately exploit them. However, your "hidden treasure" analogy isn't valid. For hidden treasure to be a useful mechanism, it has to stay hidden. The best way to keep it hidden is to put it somewhere that people are unlikely to look, like in a hole in an anonymous sand dune on a faraway island.
A modern OS, application platform or Web data centre isn't a desert island with much sand and few shovels. It's a series of interconnected systems based on a limited (actual) range of semantics. And it's faced by people who understand black and white box testing, boundary cases of data and so on -- the equivalent of seismic sensors, metal detectors, ground-penetrating radar and the like. And they all have a pretty good idea of the contours of the landscape and where different systems meet, and might not quite tesselate. They also understand where sysadmins are lazy, or tend to be less able.
All this means a better analogy is a bank. Lots of people walk in and out, and everyone knows where the treasure is. It's likely easy to find out how it's protected, too. But it's still hard to get at, because of well designed systems, monitoring and response procedures.
By all means take your pick: dig a hole in your back garden (or hell, make it tricky, use someone else's garden) or put your money in the bank. But don't sell those two options as having the same security level in the real world.
I was expecting some sort of hideous death-mask skull. This looks more like something that's about to sit next to you univited on a bus, start telling his life story. And all the while, emitting a not quite describable but definitely unpleasant smell...
The idea of transmitting data over power lines has been knocking around for a long time. Not sure about 2.5Gbps, but there have been a variety of trials here and there of more modest speeds. This CNet article has a good broad-brush overview of a few of the companies involved and the problems they face.
The article actually says that whilst people won't be being asked to take tests, they will be asked the results of any test they've had, and that insurance companies "would have the right to refuse to offer insurance if a customer refused to reveal details". So whilst it's voluntary, there are weasel ways at work here. Sooner or later it's going become de facto, whether or not it's technically "part of" the process of gaining insurance.
But then it's the same brush as having had an HIV test in UK and subsequently going for insurance. Companies don't bother asking you what the result of any HIV test was, they just ask if you've had one. If you have, don't be surprised to be refused insurance because you're "high risk".
As other posters have pointed out, there's much more to a company than just systems security.
As Schneier points out at one point in the book, the real problem is commitment to security. The odd high-profile Web site defacement or DB-of-card-numbers theft gets security onto the agenda inside companies, and the edict comes from the business to "guarantee security, whatever the cost" as the usual ill-informed media tsunami breaks all over the Web.
But there is always the assumption that "cost" means a dollar (pound, mark, whatever) figure. It certainly costs money to do it right, but the real cost is in changing working practices, restricting timescales, guaranteeing proper code audits before deployment and so on. These are the costs that the business is rarely -- if ever -- willing to bear for more than a few fleeting moments. The day you walk into the Big New Project meeting and say "We can't deliver this on time because we need to do a security audit" is the day security gets ignored once more.
And the real motto? It's tough to be on the technical end, because even if your advice is ignored, you can bet your head is on the line for the mistakes.
You know what, I think they're right. But there's a better example of how connecting things together without serious regard for what (unwanted) new interactions might occur, and not understanding the security implications:
No, it was at ECTS -- really. It was harldy a box product though, so it's open to question whether what was being shown there is in any way representative of something soon to be on a shelf near you.
You may remember Power VR series 2, first sighted back in the early Voodoo 2 era. It was demoed impressively on quite a number of ocassions, environment mapping and (for the time) high frame rates. But it was an awful long time until the Neon 250 was actually released (well over a year). The distraction of Power VR going in Dreamcast was a big influence there, but it's an example of how much can go on between a board being demoed and a product being sold.
Everyone seems fairly concerned about the activities of Quova. Bugtraq has been heavy with traffic about Quova scans for a while, and it seems to have annoyed a lot of people, not least because nobody's so very sure about what they're doing with the information that is gathered.
But on a different note: how should one go about network mapping? Try using UDP or ICMP traceroute to anywhere and you can look forward to a flood of complaints to your ISP about 'hack attempts' as people interpret your actions as inbound scans (and UDP traceroute can look a lot like a straight scan of high UDP ports).
It isn't practical to contact every sys/network admin along the route -- remember you don't know what the routes are until you've mapped them. Even if you could, there are two problems: it's just your word you aren't doing anything nefarious; it's still going to set off a lot of intrusion detection systems, and why should anyone switch an IDS off just to avoid false alarms from your network mapping?
Some network maps are available, but they aren't necessarily useful (they don't typically include BGP parameter and ACLs or equivalent for all boxes en route).
So my question is: is it possible to map the network in an 'ethical' fashion that's still practical?
Without going to far into it, I remember discussing a lot of this stuff with the guys doing those tests at the time. Those (fairly) low-down tweaks were attempts to see if the Linux setup was tripping up on something obvious (e.g. trying to auto-negotiate on the NIC) and whether it could be speeded up. That was because everyone was really quite shocked at the figures coming out, and went to some trouble -- including talking to Red Hat -- to attempt to eliminate configuration issues and the like, because everyone thought the numbers looked odd. But after a lot of effort, they still looked odd.
And you don't (or shouldn't) 'root' for any of the platforms you're testing when you benchmark. You go to a reasonable amount of trouble to make sure that you are testing what you think you are (and not some config hiccup that's hamstringing the results). But having done that, you sometimes still get a surprise. That's what happened here.
Just in case you've missed the review and other comments: it's a very good book.
In particular, I found this a very balanced account. He's honest about what questions string theory has potentially found answers for, against the background of the assumptions that have been involved along the way. And, unlike some other popular string-theory books, the case is rather more complete and compelling than "It all looks nice in 10 dimensions (so let's use 10 dimensions)."
What's more, it's all understandable. Some of the concepts are (like much of quantum mechanics) a challenge to the intuition, but there's really nothing in the book that isn't made clear by careful explanation and qualified use of analogy.
I doubt it. The problem is, who do you actually agree with anyone with the specifics of more than a very few, well-chosen topics?
Start at "wars are bad" and just about everyone says "Yes they are". Say "That house needed to be burnt down as part of this campaign" and see how many takers you get...
If a politician was specific about his beliefs, people could only look at him and say "I don't quite agree with that."
One of the nicest things about the SSH v2 support in OpenSSH is that both protocol versions are supported in a single binary. No more installing SSH1 and then SSH2 over the top.
Okay, so it wasn't that much hassle installing both versions, but the OpenSSH way is a neater solution.
Now the real question -- apparent minor lack of functionality aside -- is: how long before we're all happy to chuck out our official copies of both SSH 1 and 2 and start using OpenSSH instead? How long do people wait before deciding "It's been out long enough that it's probably as secure as the alternative"? (It being something of a faith issue for those of us who don't have the time or skill to do a full audit of the code.)
Does anyone think that haven't been blithely pursuing 'cyber-criminals' through the networks according to wherever the trail leads so far? Do they just need to make this formal and write down some rules somewhere for the sake of actual legal proceedings: "Exhibit 'A', some router logs from er, some other country... That are valid because, er... And erm, evidence and civil rights there dovetail with local US civil rights because erm... Look, can't we just throw the son of bitch in jail?"
London -- A budding British inventor today unveils a stunning friction-circumventing invention that will ease moving heavy objects and revolution transportation.
The "Wheel" is a simple but clever idea involving sections cut from a cylindrical shape being employed to roll over surfaces. When attached to the end of a stick, which the inventor calls an "axle", wheels allow for speedy movement over a range of surfaces with none of the severe undertray ablation and huge energy output associated with pushing large lumps of stuff along the ground.
Investment from an unnamed company in Redmond, Wa. allowed for continued devlopment of the wheel concept, and it bullish projections suggest that the old "Push the bastard thing along the ground" approach favoured in Redmond may soon be rendered obsolete by wheel-using devices.
There's a critical problem with a general lack of security expertise in the media. It has lead to an unfortunate slant 'on the side of safety', where anyone highlighting an apparent security problem is instantly believed.
This is often regardless of credentials, and I've seen some journalists maintain a tenacious grip on a flawed notion of bad security because bad security makes a good story. Copy gets churned out that all too often recites doomsaying of the original source, without reference to any independent expertise.
It's even worse when there's actually a story in there, but it isn't the story that they're choosing to write.
Sensible, timely reporting of security issues, and pentrating questions aimed at those who seek to deflect them are sensible and useful. Grabbing the latest 'see here security disaster!' hype isn't.
Slashdot Mirror
As the one who mandated the installation of CCTV all across the UK, I can promise it has made for a more harmonious integration of man than simple freedom alone would create.
I know companies are singular, but let's not assume that "Sony" has only one mind. The guys that thought it cool to release a PS2 Linux development platform are not, I'll wager, the same guys litigating about modifications, nor the same guys who are concerned about "shareholder value".
There is a lot of Sony. It's not a big shock to see "it" do apparently contradictory things.
"...if you can show anyone, all the plans to your most secure lock in the world, and they still can't break it, i'd say that's amazing."
It is amazing. If, on the other hand, everyone assumes your lock cannot be broken *because* you are willing to share the plans with them, it's just stupid.
"Although Free/Open security software is widely acknowledged to be better than commercial alternatives..."
I'm sure this point will rapidly become a chorus in this thread, but that sentence is pointless fluff.
Open source means you can could inspect the source. Iff you choose to expertly inspect the source you may come to understand the security parameters of the application. You'll know how it works, and a lot of what it depends on in terms of libraries, OS calls etc. And you can evaluate on those terms whether it provides an adequate level of security for the environment in which you intend to use it.
If you haven't audited the code, all you know is that the code is auditable. You know nothing about the security of the system.
Most of us here haven't performed any of these steps on systems like OpenSSH, for instance. Instead we rely on two things: that someone else has peformed a competent, honest audit; that so many people use it that if it had problems we'd all know (surely). Both of those are flimsy, when you come right down to it.
Open source only means you could audit it if you wanted to. It doesn't make it any more or less secure than anything else.
This isn't a perfect analogy, but think of it like a building, where port 80 is the front door that comes into the foyer. The windows are miscellaneous ports, and the loading dock is some port you use for something else (maybe 22).
Let's say you have a security system hooked up to the front door, the windows, loading dock doors etc. Normally pretty much anyone is allowed to walk through the front door. You do hope nobody manages to climb in through a window, and you have strictly controlled access via the loading dock.
Now if your reception is poorly designed your only hope is that nobody who walks through the front door hacks off the head of your receptionist and proceeds to go walkabout through the building screwing with things. If your reception is well designed this will be hard to do.
You could even have it so that there's some hazard to those right there in reception but breaking out of reception is as hard as breaking in any other way. But you don't just assume it's secure because it's nicely decorated or (in this case) because so many people walk through receptions it *must* be secure.
It's just a security model. If you alter the constraints and facilities of the environment, then you've also changed the range of threats to that environment. And you tailor the prophylactic security, intrusion detection and response to the potential threats and damage of compromise.
Overall, if you want to have any security, you have to think about security. However the hell you set up your systems.
Encoded at reasonable bit rates from a reasonable source MP3 can sound fine. I'm running a digital feed out of a Turtle Beach Santa Cruz and into a Cambridge Audio DACMagic II, amped by a Marantz PM66SE KI, with Mordaunt-Short MS25i floorstanders. Not a super high-end setup, but fairly solid mid-range equipment.
No, MP3s fed from the PC don't sound as good as the source CD. But they are close. Certainly close enough that if I'm sat at my PC doing work and just playing some music, the quality is more than adequate. It's even adequate for just sitting around listening to music.
The notion (posted somewhere in this sub-thread) that cars are soundproofed to a degree where road, engine and wind noise aren't significant noise factors (whilst moving, obviously) is bullshit. Plus car stereos even at the high end are compromised by their environment. You have a setup where space is at a premium, you don't have luxury of completely defining the acoustic enclosure (why don't all hi-fi speakers look like car doors?) or of seating those listening in an optimal position. Yes, you can design with this in mind. But you will always be behind equally-priced systems that don't suffer the same basic constraints.
So essentially, I think you're talking out of your arse about quality being the issue. The difference between MP3 and CD quality is minor compared to other factors.
I saw a BBC "Horizon" about this the other day on a flight. They talked a lot about "feeding" of apparent suppermassive black holes that they think live in (probably all) galactic centres.
Apparently they stop "feeding" after a while because the mass of the surounding matter in the galaxy means it won't fall in. The attraction from the black hole is balanced, so the matter orbits the hole. Anything itinerant -- like a comet say -- that passed near the hole slowly or closely enough would still get swallowed, but most of the galaxy should stay intact.
Of course, that's iff nothing else intereferes. The Andromeda Galaxy is heading our way, so in some (distant) future time matter in it will become a significant gravitational influence on matter in our own Milky Way. That should upset the balance, and researchers are hypothesising the disruption setting off feeding of the black holes at the centre of both galaxies, which will go on to swallow up large portions of each galaxy.
Should be quite a show.
Wouldn't be the first time, eh?
Your first point is valid, your second point is off target.
There will be people out there attepmting to hack, the same as there will be people attempting to break into houses. If you had the choice of hearing from those best-placed to break into you house exactly how they might choose to do it, giving you chance to prepare, wouldn't you take it? Or would you prefer to assume that because nobody's telling you that your house can be burgled, that nobody's about to break into your house?
Obviously, I'm assuming this is a troll. But just on the offchance it isn't, let's talk about the problems of your point.
First of all, logically extrapolating, there's some substance to what you say: if someone *doesn't* know about the security flaws of a system, they can't deliberately exploit them. However, your "hidden treasure" analogy isn't valid. For hidden treasure to be a useful mechanism, it has to stay hidden. The best way to keep it hidden is to put it somewhere that people are unlikely to look, like in a hole in an anonymous sand dune on a faraway island.
A modern OS, application platform or Web data centre isn't a desert island with much sand and few shovels. It's a series of interconnected systems based on a limited (actual) range of semantics. And it's faced by people who understand black and white box testing, boundary cases of data and so on -- the equivalent of seismic sensors, metal detectors, ground-penetrating radar and the like. And they all have a pretty good idea of the contours of the landscape and where different systems meet, and might not quite tesselate. They also understand where sysadmins are lazy, or tend to be less able.
All this means a better analogy is a bank. Lots of people walk in and out, and everyone knows where the treasure is. It's likely easy to find out how it's protected, too. But it's still hard to get at, because of well designed systems, monitoring and response procedures.
By all means take your pick: dig a hole in your back garden (or hell, make it tricky, use someone else's garden) or put your money in the bank. But don't sell those two options as having the same security level in the real world.
I was expecting some sort of hideous death-mask skull. This looks more like something that's about to sit next to you univited on a bus, start telling his life story. And all the while, emitting a not quite describable but definitely unpleasant smell...
The idea of transmitting data over power lines has been knocking around for a long time. Not sure about 2.5Gbps, but there have been a variety of trials here and there of more modest speeds. This CNet article has a good broad-brush overview of a few of the companies involved and the problems they face.
The article actually says that whilst people won't be being asked to take tests, they will be asked the results of any test they've had, and that insurance companies "would have the right to refuse to offer insurance if a customer refused to reveal details". So whilst it's voluntary, there are weasel ways at work here. Sooner or later it's going become de facto, whether or not it's technically "part of" the process of gaining insurance.
But then it's the same brush as having had an HIV test in UK and subsequently going for insurance. Companies don't bother asking you what the result of any HIV test was, they just ask if you've had one. If you have, don't be surprised to be refused insurance because you're "high risk".
As Schneier points out at one point in the book, the real problem is commitment to security. The odd high-profile Web site defacement or DB-of-card-numbers theft gets security onto the agenda inside companies, and the edict comes from the business to "guarantee security, whatever the cost" as the usual ill-informed media tsunami breaks all over the Web.
But there is always the assumption that "cost" means a dollar (pound, mark, whatever) figure. It certainly costs money to do it right, but the real cost is in changing working practices, restricting timescales, guaranteeing proper code audits before deployment and so on. These are the costs that the business is rarely -- if ever -- willing to bear for more than a few fleeting moments. The day you walk into the Big New Project meeting and say "We can't deliver this on time because we need to do a security audit" is the day security gets ignored once more.
And the real motto? It's tough to be on the technical end, because even if your advice is ignored, you can bet your head is on the line for the mistakes.
The internet
No, it was at ECTS -- really. It was harldy a box product though, so it's open to question whether what was being shown there is in any way representative of something soon to be on a shelf near you.
You may remember Power VR series 2, first sighted back in the early Voodoo 2 era. It was demoed impressively on quite a number of ocassions, environment mapping and (for the time) high frame rates. But it was an awful long time until the Neon 250 was actually released (well over a year). The distraction of Power VR going in Dreamcast was a big influence there, but it's an example of how much can go on between a board being demoed and a product being sold.
Surely the mechanism to prevent abuses failed in this case -- it was suppoed to be a deterrent. It wasn't, and now they're trying to clear it up.
Everyone seems fairly concerned about the activities of Quova. Bugtraq has been heavy with traffic about Quova scans for a while, and it seems to have annoyed a lot of people, not least because nobody's so very sure about what they're doing with the information that is gathered.
But on a different note: how should one go about network mapping? Try using UDP or ICMP traceroute to anywhere and you can look forward to a flood of complaints to your ISP about 'hack attempts' as people interpret your actions as inbound scans (and UDP traceroute can look a lot like a straight scan of high UDP ports).
It isn't practical to contact every sys/network admin along the route -- remember you don't know what the routes are until you've mapped them. Even if you could, there are two problems: it's just your word you aren't doing anything nefarious; it's still going to set off a lot of intrusion detection systems, and why should anyone switch an IDS off just to avoid false alarms from your network mapping?
Some network maps are available, but they aren't necessarily useful (they don't typically include BGP parameter and ACLs or equivalent for all boxes en route).
So my question is: is it possible to map the network in an 'ethical' fashion that's still practical?
Without going to far into it, I remember discussing a lot of this stuff with the guys doing those tests at the time. Those (fairly) low-down tweaks were attempts to see if the Linux setup was tripping up on something obvious (e.g. trying to auto-negotiate on the NIC) and whether it could be speeded up. That was because everyone was really quite shocked at the figures coming out, and went to some trouble -- including talking to Red Hat -- to attempt to eliminate configuration issues and the like, because everyone thought the numbers looked odd. But after a lot of effort, they still looked odd.
And you don't (or shouldn't) 'root' for any of the platforms you're testing when you benchmark. You go to a reasonable amount of trouble to make sure that you are testing what you think you are (and not some config hiccup that's hamstringing the results). But having done that, you sometimes still get a surprise. That's what happened here.
Just in case you've missed the review and other comments: it's a very good book.
In particular, I found this a very balanced account. He's honest about what questions string theory has potentially found answers for, against the background of the assumptions that have been involved along the way. And, unlike some other popular string-theory books, the case is rather more complete and compelling than "It all looks nice in 10 dimensions (so let's use 10 dimensions)."
What's more, it's all understandable. Some of the concepts are (like much of quantum mechanics) a challenge to the intuition, but there's really nothing in the book that isn't made clear by careful explanation and qualified use of analogy.
Start at "wars are bad" and just about everyone says "Yes they are". Say "That house needed to be burnt down as part of this campaign" and see how many takers you get...
If a politician was specific about his beliefs, people could only look at him and say "I don't quite agree with that."
Okay, so it wasn't that much hassle installing both versions, but the OpenSSH way is a neater solution.
Now the real question -- apparent minor lack of functionality aside -- is: how long before we're all happy to chuck out our official copies of both SSH 1 and 2 and start using OpenSSH instead? How long do people wait before deciding "It's been out long enough that it's probably as secure as the alternative"? (It being something of a faith issue for those of us who don't have the time or skill to do a full audit of the code.)
Does anyone think that haven't been blithely pursuing 'cyber-criminals' through the networks according to wherever the trail leads so far? Do they just need to make this formal and write down some rules somewhere for the sake of actual legal proceedings: "Exhibit 'A', some router logs from er, some other country... That are valid because, er... And erm, evidence and civil rights there dovetail with local US civil rights because erm... Look, can't we just throw the son of bitch in jail?"
London --
A budding British inventor today unveils a stunning friction-circumventing invention that will ease moving heavy objects and revolution transportation.
The "Wheel" is a simple but clever idea involving sections cut from a cylindrical shape being employed to roll over surfaces. When attached to the end of a stick, which the inventor calls an "axle", wheels allow for speedy movement over a range of surfaces with none of the severe undertray ablation and huge energy output associated with pushing large lumps of stuff along the ground.
Investment from an unnamed company in Redmond, Wa. allowed for continued devlopment of the wheel concept, and it bullish projections suggest that the old "Push the bastard thing along the ground" approach favoured in Redmond may soon be rendered obsolete by wheel-using devices.
There's a critical problem with a general lack of security expertise in the media. It has lead to an unfortunate slant 'on the side of safety', where anyone highlighting an apparent security problem is instantly believed.
This is often regardless of credentials, and I've seen some journalists maintain a tenacious grip on a flawed notion of bad security because bad security makes a good story. Copy gets churned out that all too often recites doomsaying of the original source, without reference to any independent expertise.
It's even worse when there's actually a story in there, but it isn't the story that they're choosing to write.
Sensible, timely reporting of security issues, and pentrating questions aimed at those who seek to deflect them are sensible and useful. Grabbing the latest 'see here security disaster!' hype isn't.