Linus Torvalds famously called himself "cvs with taste". Ubuntu is pretty much "Debian with taste." If you don't like their taste, go to Debian, who IS a democracy.
Right now everyone does have insurance, just in the most inefficient way possible. Emergency rooms must treat patients who show up there, and everyone else paying insurance or using the hospital pays for that service indirectly. However, it is just about the least inefficient way cost wise to provide most health care services to people.
Chip and pin is exactly as secure as I think. Which is to say much more so then card # + CVV2 + zip code.
Yes, it's not impenetrable, but it's worlds better then our current card verification, or even the RSA SecureID dongles you mention. The US military uses CAC cards built on similar technology as chip and pin, which should tell you something about it's strength.
From what little research I've done into chip and pin, there are 2 modes of operation: Dynamic data authentication and static data authentication. Dynamic data authentication seems to be similar to what the CAC and other smartcards do, while static data authentication is.. Well, kind of crappy. It seems most card issuers are using the simpler, more easily broken static data authentication mode. But even this half-crappy mode is 1000% better then the American no protection system.
So you're telling me whitelisting is going to give less false positives then current AV? That software updates will always be whitelisted before any user has a chance to download them?
The current crop of whitelisting software is nowhere near that good, and I doubt we will get there anytime soon. The whitelisted software is more trustworthy, but there are huge number of packages that are missed. In a corporation you can set them to ask permission from your IT staff who might be able to evaluate the software, but real-time updates for whitelisted AV for any sizable fraction of software out there is still a pipe dream at the moment. The only way for this to work is for software vendors to submit their programs to the whitelisters and wait until verification before releaseing, creating a vetting model much like Apple's app store. Unfortunately, without that whitelisting won't work for the home user so there's no benefit for them to use it. And if there's not a critical mass of users, there's no advantage for the software producers to deal with that gatekeeper either.
As Windows Vista showed, popups have to be really infrequent to be of any use. Once you ask the average user something more then 10 times or so, they've stopped considering the real threat at that point, and just say yes to anything..
Also, we have the problem that evaluating software for whitelisting is really hard and complicated. Hiding malicious code for VMs, time limiting bugs, and other nasty tricks can be used to get around it. For good examples of how hard a problem this is, see the underhanded C contest: http://underhanded.xcott.com/
For business users, whitelisting can make sense. For home users, this will lead to just another popup for them to click through to get the thing they want. How should they know if it is just too new and not covered by the whitelist or actually bad? Remember, a few percent of people still click the links in spam, and enough of them buy the product to make the spammers tons of money.
Fraud happens all the time, but the banks have developed heuristics to stop it before too much money is lost. Often transactions can be rolled back and accounts frozen before the money disapears, but not always.
Banks do lose huge amounts of money however, much of it through credit card fraud. That's the reason credit card interest rates are as high as they are. Customers are willing to pay those rates for easy access to money, so there is no incentive for US banks to move to something more secure like chip&pin or other techniques. Also, much of the cost of fraud is pushed back on the merchants, who have virtually no say in the card security policies.
If you're interested in learning more, there's some great inforation that was presented to the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology as “Do the Payment Card Industry Data Standards Reduce Cybercrime?” on Tuesday, March 31, 2009 from the perspective of both the merchants and the credit card industry.
Here's how our most sensitive secrets are protected: Air gapped, behind massive physical security including guys with M-16s.
Our nukes are especially well protected, and a study of how they do it is quite telling. A google search for "nuclear security air force" reveals a lot about the good and bad of the approach, including some high profile failures.
Note that they are not doing business or interfacing with the public on a regular basis. Airgaps are great until you actually want to give things to some people, but not others. For this reason, commercial operational security is a much harder problem then military operational security.
Note that that was installed from a non-Ubuntu source, effectively breaking the whitelist.
It's simple to tell your users they can only install from the Ubuntu repositories, and set up controls that would keep most users from being able to install other software...
Once again, no defense against a skilled user who really wanted to install something either in windows or Linux, but setting the policy along with reasonable protection measures keeps most users from installing dancing bears screen saver malware.
These exist, bit9 has one of the better ones out there. Also, the Unix package management system functions as a defacto whitelist approach. The problem is whitelisting limits what you can install. Adding programs to the whitelist is time intensive, and the major benefit of Windows is the fact that there's so much stuff out there you can run on it..
Whitelisting is a good approach for certain locked down, single purpose terminals, but for general computing you might just as well deploy Ubuntu to your users instead...
There is no perfect security, offline or online. I like to say there are 3 main types of attacks:
Bots, worms, and other randomly spewed attacks.
Industry targeted attacks. An attacker wants to compromise a bank, any bank, and will go for the easiest target
Comany or resource targeted attack. An attacker wants access to you specifically.
We have mechanisms that are pretty good at class 1. We can shore up our defenses enough to not be the low hanging fruit to get some protection against level 2.
Level 3 is only starting to enter the public eye. There is no defense that will withstand a well funded targeted attack. The best you can do is make it too difficult for most attackers, and monitor and clean up after the really good ones.
This is true for airline security, concert security, bank security, web site security, and network security. There is no impenetrable defense for any of these. You minimize the risk as much as you can, then build your systems so they can be effectively monitored and rebuilt/restored in case of attack.
Were I to individually insure the items in my house, the overhead of the policy would make it unwise.
However, I insure my house, which is the thing of greater value, and theft protection comes almost for free. Since the risk of loss is so low(most people will never be burgled), but the cost of replacement is fairly high, it makes sense for me as an individual to share that risk, and for the insurance company to be able to cover it and make a profit. Do I buy insurance for my electronics, jewelry, or other valuables individually? No. But the very very minimal cost of making sure those items are covered by my home insurance is worth it to me.
If I was wealthier, had more or less stuff to worry about, or had chosen different home insurance, the trade offs might be different. But the fact that the home insurance I chose based on other factors covers the value of my stuff anyway, the marginal cost is literally nothing except the opportunity cost of documenting my valuables, and I think that's a pretty good deal..
I suppose to be pedantic I'm protecting against the financial impact of loss, not the loss itself, but that's really splitting hairs.
Also note that living in a fortress also has a cost in terms of building materials and labor, as well as the opportunity cost of feeling depressed and lonely in an ugly house.
Everything has a cost in life. Security is a cost/benefit trade-off like everything else. In my field there's a saying for this: "Amateurs Study Cryptography; Professionals Study Economics".
I lock my doors so that burglers are likely to smash something to get in.
Yeah, they could pick my deadbolts, but it would take a good locksmith multiple minutes to do so.
What burglers do is go to the back door and kick it open. The way my deadbolts are installed with metal sleves in the frame, they would have to break the entire doorframe to gain entrance. Otherwise I have some deadbolts with knobs on the inside and glass doors, which they could break the glass then unlock the deadbolts. Once again they would leave physical evidence.
I consider my locks:
There to keep my friends out when I don't want them in.
There to leave physical evidence of a break in for my insurance company.
I trust my locks to be strong enough against the average burglar to make them bypass them entirely, and honestly I think that's all you can expect in residential security. I enjoy having a sunroom and don't want to live in a fortress to protect against a small risk.. Instead I live how I want and protect against loss through insurance.
Not really.. Unintended acceleration was a problem back in the carburetor days also when mechanical failures happened in certain ways. Cars are complicated machince, and no matter the design will have some percentage of failures.
The real fix was then and is now not technical: It's user education. If you experience UA, switch into neutral in an automatic or hit the clutch if you're in a manual transmission. My drivers ed teacher taught me this many years ago.
The technical mitigation to this is actually more complexity: adding in multiple sensors and sanity checks in the code.
Remember how Java was panned at first for being so darned slow?
If you have a well designed language, you can always make the implementation faster later.
If you have a poorly designed language, you fix it by building a new one. The problem with Java isn't that it's slow(it's not) or even that it eats memory like Jabba the Hutt(it does), but the fact that they have tried too many times to evolve the language without changing it. Java proves you can make stuff fast later, but bolting good concepts on to languages after the fact while maintaining backwards compatibility and ending up with something usable is near impossible.
Google has been spending time designing the language, and performance optimization is still yet to come. I for one think they're doing the correct thing.
There is still no one search engine.. Google search is obviously the largest for text based web page searches, but my websites still see ~5% of search hits from Live and Yahoo.
More to the point, even in the Google family you have google search, google image search, google video search, google news search, etc.. There isn't one search engine to rule them all, even if there is one commercial in the space. In the future we might see google GO scripting edition, google GO embedded, etc, but there are more niches then can be served by one language effectively.
I use C, Bash, Ruby, Lua, and PHP for wildly different things. While I'd like to have one language to cover all that, it's not likely in my lifetime anyway.
I still have my Courier V.everything modem from the 90's.. Was upgradeable for every change up until the v.92 standard, and was the best modem available through v.90.
I don't even have a landline at home anymore, but still can't bring my self to get rid such a long-lived piece of tech...
Also, security tip: Wardialing isn't dead, it's just gotten better.. Modems are an oft overlooked piece of a security strategy, and it's still fun to get to p0wn a company through some old 33.6K modem on an audit..
I'm merely making the argument that there are good reasons to be unhappy with the current health care system in the US.
The reason most people are happy with their insurance is they're not directly footing the bill.
And yes, I'd rather see piecemeal health care reform then one huge lumbering hulk of a package also. The creation of Healthcare Savings Accounts is the only time I've seen anyone from any party take on the health care issues without going off tilting at windmills, for whatever reason.
Weird, I was pretty sure that dislike of the US health care system was pretty universal regardless of party affiliation or position on the political spectrum.
Weird, I was pretty sure that disinformation about dislike of the US health care system was pretty universal -- particuarly from the left.
Don't let little things like facts get in your way (most Americans satisfied with quality of their own medical care and health care costs)...
The majority of people don't pay for their own individual health insurance plan. I do, and it really sucks.
Note that while corporations pay for insurance pre-tax, individuals pay with post-tax dollars. Add to that the fact that it's more expensive to buy an individual plan in the first place, and it really really sucks to buy your own private health insurance.
I've been there in the dead of winter, and I'll tell you 4 things you need to know if you want to go:
Stay at the King Eider Inn. Nice place, stand-up owners, highly recommended. It's only bed and breakfast sized, but much nicer then you'd expect in what is otherwise pretty much a slum town.
Chip and pin is definitely better then card swipe, or card swipe and pin.
The only problem is the banks are treating the increase in security as absolute security, and refusing to handle any fraud concerning a chip and pin transaction.
Slashdot Mirror
Seriously. If you're printing emails on the school's inkjet printers, your font is probably not the only change you need to make.
Yeah, I program for fun too.
But if someone wanted to give me an award and a million dollars for it, I'd take it.
Linus Torvalds famously called himself "cvs with taste".
Ubuntu is pretty much "Debian with taste." If you don't like their taste, go to Debian, who IS a democracy.
Right now everyone does have insurance, just in the most inefficient way possible. Emergency rooms must treat patients who show up there, and everyone else paying insurance or using the hospital pays for that service indirectly. However, it is just about the least inefficient way cost wise to provide most health care services to people.
Chip and pin is exactly as secure as I think. Which is to say much more so then card # + CVV2 + zip code.
Yes, it's not impenetrable, but it's worlds better then our current card verification, or even the RSA SecureID dongles you mention. The US military uses CAC cards built on similar technology as chip and pin, which should tell you something about it's strength.
From what little research I've done into chip and pin, there are 2 modes of operation: Dynamic data authentication and static data authentication. Dynamic data authentication seems to be similar to what the CAC and other smartcards do, while static data authentication is.. Well, kind of crappy. It seems most card issuers are using the simpler, more easily broken static data authentication mode. But even this half-crappy mode is 1000% better then the American no protection system.
So you're telling me whitelisting is going to give less false positives then current AV? That software updates will always be whitelisted before any user has a chance to download them?
The current crop of whitelisting software is nowhere near that good, and I doubt we will get there anytime soon. The whitelisted software is more trustworthy, but there are huge number of packages that are missed. In a corporation you can set them to ask permission from your IT staff who might be able to evaluate the software, but real-time updates for whitelisted AV for any sizable fraction of software out there is still a pipe dream at the moment. The only way for this to work is for software vendors to submit their programs to the whitelisters and wait until verification before releaseing, creating a vetting model much like Apple's app store. Unfortunately, without that whitelisting won't work for the home user so there's no benefit for them to use it. And if there's not a critical mass of users, there's no advantage for the software producers to deal with that gatekeeper either.
As Windows Vista showed, popups have to be really infrequent to be of any use. Once you ask the average user something more then 10 times or so, they've stopped considering the real threat at that point, and just say yes to anything..
Also, we have the problem that evaluating software for whitelisting is really hard and complicated. Hiding malicious code for VMs, time limiting bugs, and other nasty tricks can be used to get around it. For good examples of how hard a problem this is, see the underhanded C contest: http://underhanded.xcott.com/
For business users, whitelisting can make sense.
For home users, this will lead to just another popup for them to click through to get the thing they want. How should they know if it is just too new and not covered by the whitelist or actually bad? Remember, a few percent of people still click the links in spam, and enough of them buy the product to make the spammers tons of money.
The problem is perhaps most accurately depicted in this comic:
http://www.smbc-comics.com/index.php?db=comics&id=1801#comic
Because they are monitored and recovered.
Fraud happens all the time, but the banks have developed heuristics to stop it before too much money is lost. Often transactions can be rolled back and accounts frozen before the money disapears, but not always.
Banks do lose huge amounts of money however, much of it through credit card fraud. That's the reason credit card interest rates are as high as they are. Customers are willing to pay those rates for easy access to money, so there is no incentive for US banks to move to something more secure like chip&pin or other techniques. Also, much of the cost of fraud is pushed back on the merchants, who have virtually no say in the card security policies.
If you're interested in learning more, there's some great inforation that was presented to the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology as
“Do the Payment Card Industry Data Standards Reduce Cybercrime?” on Tuesday, March 31, 2009 from the perspective of both the merchants and the credit card industry.
http://hsc.house.gov/Hearings/index.asp?ID=185
Some good selections from the talks can be heard on the Risky Business podcast, episode #102.
http://risky.biz/netcasts/risky-business/risky-business-102-washington-spanks-pci-dss
Here's how our most sensitive secrets are protected: Air gapped, behind massive physical security including guys with M-16s.
Our nukes are especially well protected, and a study of how they do it is quite telling.
A google search for "nuclear security air force" reveals a lot about the good and bad of the approach, including some high profile failures.
Note that they are not doing business or interfacing with the public on a regular basis. Airgaps are great until you actually want to give things to some people, but not others. For this reason, commercial operational security is a much harder problem then military operational security.
Note that that was installed from a non-Ubuntu source, effectively breaking the whitelist.
It's simple to tell your users they can only install from the Ubuntu repositories, and set up controls that would keep most users from being able to install other software...
Once again, no defense against a skilled user who really wanted to install something either in windows or Linux, but setting the policy along with reasonable protection measures keeps most users from installing dancing bears screen saver malware.
These exist, bit9 has one of the better ones out there. Also, the Unix package management system functions as a defacto whitelist approach. The problem is whitelisting limits what you can install. Adding programs to the whitelist is time intensive, and the major benefit of Windows is the fact that there's so much stuff out there you can run on it..
Whitelisting is a good approach for certain locked down, single purpose terminals, but for general computing you might just as well deploy Ubuntu to your users instead...
There is no perfect security, offline or online.
I like to say there are 3 main types of attacks:
We have mechanisms that are pretty good at class 1. We can shore up our defenses enough to not be the low hanging fruit to get some protection against level 2.
Level 3 is only starting to enter the public eye. There is no defense that will withstand a well funded targeted attack. The best you can do is make it too difficult for most attackers, and monitor and clean up after the really good ones.
This is true for airline security, concert security, bank security, web site security, and network security. There is no impenetrable defense for any of these. You minimize the risk as much as you can, then build your systems so they can be effectively monitored and rebuilt/restored in case of attack.
My provider gives me my rated speed for ~5 seconds, then limits the connection to ~1/5 the rated speed after that.
Unfortunately, this is long enough for the FCC test to say I'm getting what I'm paying for, though my perspective is slightly different...
Were I to individually insure the items in my house, the overhead of the policy would make it unwise.
However, I insure my house, which is the thing of greater value, and theft protection comes almost for free. Since the risk of loss is so low(most people will never be burgled), but the cost of replacement is fairly high, it makes sense for me as an individual to share that risk, and for the insurance company to be able to cover it and make a profit. Do I buy insurance for my electronics, jewelry, or other valuables individually? No. But the very very minimal cost of making sure those items are covered by my home insurance is worth it to me.
If I was wealthier, had more or less stuff to worry about, or had chosen different home insurance, the trade offs might be different. But the fact that the home insurance I chose based on other factors covers the value of my stuff anyway, the marginal cost is literally nothing except the opportunity cost of documenting my valuables, and I think that's a pretty good deal..
I suppose to be pedantic I'm protecting against the financial impact of loss, not the loss itself, but that's really splitting hairs.
Also note that living in a fortress also has a cost in terms of building materials and labor, as well as the opportunity cost of feeling depressed and lonely in an ugly house.
Everything has a cost in life. Security is a cost/benefit trade-off like everything else. In my field there's a saying for this: "Amateurs Study Cryptography; Professionals Study Economics".
I lock my doors so that burglers are likely to smash something to get in.
Yeah, they could pick my deadbolts, but it would take a good locksmith multiple minutes to do so.
What burglers do is go to the back door and kick it open. The way my deadbolts are installed with metal sleves in the frame, they would have to break the entire doorframe to gain entrance. Otherwise I have some deadbolts with knobs on the inside and glass doors, which they could break the glass then unlock the deadbolts. Once again they would leave physical evidence.
I consider my locks:
I trust my locks to be strong enough against the average burglar to make them bypass them entirely, and honestly I think that's all you can expect in residential security. I enjoy having a sunroom and don't want to live in a fortress to protect against a small risk.. Instead I live how I want and protect against loss through insurance.
Not really.. Unintended acceleration was a problem back in the carburetor days also when mechanical failures happened in certain ways. Cars are complicated machince, and no matter the design will have some percentage of failures.
The real fix was then and is now not technical: It's user education. If you experience UA, switch into neutral in an automatic or hit the clutch if you're in a manual transmission. My drivers ed teacher taught me this many years ago.
The technical mitigation to this is actually more complexity: adding in multiple sensors and sanity checks in the code.
Remember how Java was panned at first for being so darned slow?
If you have a well designed language, you can always make the implementation faster later.
If you have a poorly designed language, you fix it by building a new one. The problem with Java isn't that it's slow(it's not) or even that it eats memory like Jabba the Hutt(it does), but the fact that they have tried too many times to evolve the language without changing it. Java proves you can make stuff fast later, but bolting good concepts on to languages after the fact while maintaining backwards compatibility and ending up with something usable is near impossible.
Google has been spending time designing the language, and performance optimization is still yet to come. I for one think they're doing the correct thing.
There is still no one search engine.. Google search is obviously the largest for text based web page searches, but my websites still see ~5% of search hits from Live and Yahoo.
More to the point, even in the Google family you have google search, google image search, google video search, google news search, etc.. There isn't one search engine to rule them all, even if there is one commercial in the space. In the future we might see google GO scripting edition, google GO embedded, etc, but there are more niches then can be served by one language effectively.
I use C, Bash, Ruby, Lua, and PHP for wildly different things. While I'd like to have one language to cover all that, it's not likely in my lifetime anyway.
I still have my Courier V.everything modem from the 90's.. Was upgradeable for every change up until the v.92 standard, and was the best modem available through v.90.
I don't even have a landline at home anymore, but still can't bring my self to get rid such a long-lived piece of tech...
Also, security tip: Wardialing isn't dead, it's just gotten better.. Modems are an oft overlooked piece of a security strategy, and it's still fun to get to p0wn a company through some old 33.6K modem on an audit..
I'm merely making the argument that there are good reasons to be unhappy with the current health care system in the US.
The reason most people are happy with their insurance is they're not directly footing the bill.
And yes, I'd rather see piecemeal health care reform then one huge lumbering hulk of a package also. The creation of Healthcare Savings Accounts is the only time I've seen anyone from any party take on the health care issues without going off tilting at windmills, for whatever reason.
Weird, I was pretty sure that disinformation about dislike of the US health care system was pretty universal -- particuarly from the left.
Don't let little things like facts get in your way (most Americans satisfied with quality of their own medical care and health care costs)...
The majority of people don't pay for their own individual health insurance plan. I do, and it really sucks.
Note that while corporations pay for insurance pre-tax, individuals pay with post-tax dollars. Add to that the fact that it's more expensive to buy an individual plan in the first place, and it really really sucks to buy your own private health insurance.
LIttle do you know, he moved from Barrow, Alaska.
I've been there in the dead of winter, and I'll tell you 4 things you need to know if you want to go:
I'd also add relational algebra and database normalization, but you've got a pretty good list there.
Chip and pin is definitely better then card swipe, or card swipe and pin.
The only problem is the banks are treating the increase in security as absolute security, and refusing to handle any fraud concerning a chip and pin transaction.