We were always nervous when one of them went back home on vacation as to whether they'd be able to get back into the country. We endured the legal nightmare that was their work visa because they really were that important to our company. I presume they were paid accordingly.
They were probably paid the minimum amount necessary to keep them from leaving. Their knowledge of your company would not be valuable to another employer. They are legally not permitted to go work for some other American company anyway (if I understand the system correctly). So they would only need be paid more than the legal minimum and more than they can make by going back to India and working for someone else, regardless of how valuable they were to your company.
I can get a programmer in India for $1200 a month tops (that's everything, benefits, taxes, computer. _everything_). The cheapest American is 10 times that. Are you really 10 times more productive?
In software development (as in most or all knowledge fields) you cannot substitute quantity for quality. If your workers are digging ditches, if one is half as fast as another, and half as expensive, and willing to work twice as long, he's a better deal. If a programmer is half as good, he may never produce the same quality of product as the developer that's twice as good no matter how long he works at it. And if he can ever get there at all it will certainly take much more than twice as long.
I'm not saying American programmers are ten times better, but hiring the Indians who are 10% as expensive is probably a false economy.
The US District and other federal court which the CFTC acts through has authority through their laws and the connection with other nations to bring legal recourse to foreign companies.
So is the Irish government or courts involved in this case? Because if they're doing what the Irish government tells them to, that's a whole other ball of wax.
You're very unlikely to see the US governement sue a foreign company over more munane things, this has to do with the sale of commodities futures, not stuffed bears.
Yeah, but I don't really trust the government when they say "don't worry, we'll only use this discretionary power when it's really important". That generally ends up being only a matter of time before it's abused.
If you will for a moment consider if the CFTC had no legal authority to sue them and consider how corporations would utilize their unregulated foreign futures exchange or any similar design.
Sure, but we can't let the ends justify the means. The CFTC nor any other agency should overstep its authority, no matter how beneficial the end result. I'm not saying they did this time, I don't really know enough details.
If they are not in the US yet are soliciting US citizens to buy and sell futures then they are entering our market by engaging them.
That sounds totally fair to me. What I have a problem with is if they just set up their service and US customers start using it, and the US government think that means that company is now US jurisdiction. I don't think it should be the burden of every online service to follow every law of every country on the planet just because their business takes place on the internet. The details of this case aside, I'm concerned that our feds believe they can regulate anyone who happens to do business with someone who's in the US.
Hell companies in other countries will realize how to completely avoid the financial regulation their nation, the answer is to simply place it in a different country.
I'm not being snarky here, but your position is that they should have to follow US law even if they're not in the US? Or anyone operating on the internet where US customers could possibly get to them has to follow US laws?
I see something about a 2005 "order" but that seems like exactly the same overreach: a US agency telling an Irish company how it can and cannot operate. From what I can tell, it wasn't a voluntary agreement that Intrade entered. There could be details about intentionally selling to US customers which is a bit in the weeds for me, but didn't they since then refuse to accept US credit cards? How much are they supposed to do to follow the laws of some other country?
It would ideal for them to go after the traders but as the provider of service Intrade is just as, if not more, culpable.
They're culpable for providing a service that's perfectly legal in the country where they provide it? Why should US law apply to an Irish company? Your argument is still that it's OK to go after someone who is not breaking the law, because that is easier than going after the people who are breaking the law. I know that's a very prevalent attitude, particularly among federal law enforcement, but it's bonkers. Or perhaps you think there's some threshold of difficulty beyond which we shouldn't expect LEOs do to their jobs properly, and if it gets too hard they can start taking shortcuts. We must not set up our society to make sure law enforcement's job is easy; that just leads to a police state. After all, it's hard to follow rules of evidence too, but we (mostly) make the police do it, because we think it's important to have actual justice. This is similar. Justice is not served just because law enforcement's objective has been accomplished.
Yeah it can be really inconvenient to go after the people actually breaking the law. Let's just go after the convenient targets instead, because law enforcement is hard!
The main reason I have always done, those extra thirty seconds at the store to quickly check the contents is a whole lot less time than would be required to return to the store and try to beg for a replacement or my money back.
This paper indicates 1) that in Lightstone notation, the real number.999... would be written as the hyperreal number.999...;...999 (with a caret over the last 9). And secondly, that that number wouldn't actually be the same number as.999...
It was originally designed to allow a small inventor to not taken over or forced out of the market by a big company.
In theory, it was originally designed to encourage invention, and ensure that inventions got publicized. Protection for inventors is the means, not the end. I'm not even sure there was such a thing as big companies when US patent law was created.
No, not all possible algorithms, but specifically the Dvorak one would surely be near the top of the list. I'm not saying it won't help, I'm just saying if it's something important you should make sure it's a strong password regardless. That way you don't have to worry about whether the obscurity is working.
I was thinking of office computers rather than servers. If you have someone covertly surveilling a computer, then either your security is inadequate, or whatever they might take/disrupt is not worth the security measures it would require to defeat that. But basically yes, if your physical security is compromised, which could easily be the case in an insider attack, you're probably in trouble. As for keylogging, that would only be a vulnerability because the password is next to the machine, right? I don't know a whole lot about keyloggers other than I don't want one.:-)
I would say not by any useful definition. The real principle is that if a system depends on its design not being known, it's secure only through obscurity. The Dvorak system is like that, because if anybody knows you're using a substitution cypher, especially which one, it loses its security.
A good encryption system doesn't rely on security through obscurity just because the keys need to be kept secret. After all, any security system involves secrets, so such a broad definition of security through obscurity would render the term effectively meaningless.
The problem with this approach is that it fails if the password file itself becomes compromised. If that occurs the hacker can simply hash "passw@rd" and then look for any accounts using that hash.
Unless there's salt, which I hope there would be. That would not make the attack impossible, just much, much, slower.
That's security through obscurity. It's basically a substitution cypher that relies on the attacker not knowing it's being used. It's maybe fine for something like your slashdot account, but should not be relied on for real security.
Slashdot Mirror
We were always nervous when one of them went back home on vacation as to whether they'd be able to get back into the country. We endured the legal nightmare that was their work visa because they really were that important to our company. I presume they were paid accordingly.
They were probably paid the minimum amount necessary to keep them from leaving. Their knowledge of your company would not be valuable to another employer. They are legally not permitted to go work for some other American company anyway (if I understand the system correctly). So they would only need be paid more than the legal minimum and more than they can make by going back to India and working for someone else, regardless of how valuable they were to your company.
I can get a programmer in India for $1200 a month tops (that's everything, benefits, taxes, computer. _everything_). The cheapest American is 10 times that. Are you really 10 times more productive?
In software development (as in most or all knowledge fields) you cannot substitute quantity for quality. If your workers are digging ditches, if one is half as fast as another, and half as expensive, and willing to work twice as long, he's a better deal. If a programmer is half as good, he may never produce the same quality of product as the developer that's twice as good no matter how long he works at it. And if he can ever get there at all it will certainly take much more than twice as long.
I'm not saying American programmers are ten times better, but hiring the Indians who are 10% as expensive is probably a false economy.
The conclusion I really want you to take away is that just because somebody has a degree in CS doesn't mean we can hire them.
Have you considered the inverse? Just because somebody doesn't have a degree in CS (or anything) doesn't mean you can't hire them?
I can understand wanting the character to be hot, but why do you enjoy misogyny and sexism?
The US District and other federal court which the CFTC acts through has authority through their laws and the connection with other nations to bring legal recourse to foreign companies.
So is the Irish government or courts involved in this case? Because if they're doing what the Irish government tells them to, that's a whole other ball of wax.
You're very unlikely to see the US governement sue a foreign company over more munane things, this has to do with the sale of commodities futures, not stuffed bears.
Yeah, but I don't really trust the government when they say "don't worry, we'll only use this discretionary power when it's really important". That generally ends up being only a matter of time before it's abused.
If you will for a moment consider if the CFTC had no legal authority to sue them and consider how corporations would utilize their unregulated foreign futures exchange or any similar design.
Sure, but we can't let the ends justify the means. The CFTC nor any other agency should overstep its authority, no matter how beneficial the end result. I'm not saying they did this time, I don't really know enough details.
If they are not in the US yet are soliciting US citizens to buy and sell futures then they are entering our market by engaging them.
That sounds totally fair to me. What I have a problem with is if they just set up their service and US customers start using it, and the US government think that means that company is now US jurisdiction. I don't think it should be the burden of every online service to follow every law of every country on the planet just because their business takes place on the internet. The details of this case aside, I'm concerned that our feds believe they can regulate anyone who happens to do business with someone who's in the US.
Hell companies in other countries will realize how to completely avoid the financial regulation their nation, the answer is to simply place it in a different country.
I'm not being snarky here, but your position is that they should have to follow US law even if they're not in the US? Or anyone operating on the internet where US customers could possibly get to them has to follow US laws?
I see something about a 2005 "order" but that seems like exactly the same overreach: a US agency telling an Irish company how it can and cannot operate. From what I can tell, it wasn't a voluntary agreement that Intrade entered. There could be details about intentionally selling to US customers which is a bit in the weeds for me, but didn't they since then refuse to accept US credit cards? How much are they supposed to do to follow the laws of some other country?
It doesnt matter the host is in ireland if they are trading futures off exchange.
You're saying it doesn't matter what country they're in, they still have to obey US regulations?
It would ideal for them to go after the traders but as the provider of service Intrade is just as, if not more, culpable.
They're culpable for providing a service that's perfectly legal in the country where they provide it? Why should US law apply to an Irish company? Your argument is still that it's OK to go after someone who is not breaking the law, because that is easier than going after the people who are breaking the law. I know that's a very prevalent attitude, particularly among federal law enforcement, but it's bonkers. Or perhaps you think there's some threshold of difficulty beyond which we shouldn't expect LEOs do to their jobs properly, and if it gets too hard they can start taking shortcuts. We must not set up our society to make sure law enforcement's job is easy; that just leads to a police state. After all, it's hard to follow rules of evidence too, but we (mostly) make the police do it, because we think it's important to have actual justice. This is similar. Justice is not served just because law enforcement's objective has been accomplished.
Yeah it can be really inconvenient to go after the people actually breaking the law. Let's just go after the convenient targets instead, because law enforcement is hard!
Having actually been around a cat in a bag, the only thing that would have given it away after it settled down was the purring.
The main reason I have always done, those extra thirty seconds at the store to quickly check the contents is a whole lot less time than would be required to return to the store and try to beg for a replacement or my money back.
How often does it pay off?
This paper indicates 1) that in Lightstone notation, the real number .999... would be written as the hyperreal number .999...;...999 (with a caret over the last 9). And secondly, that that number wouldn't actually be the same number as .999...
http://www.math.umt.edu/tmme/vol7no1/TMME_vol7no1_2010_article1_pp.3_30.pdf
Finally, you still have not shown any flaw in the original (or any other) proof, as far as I've seen.
So where is the flaw in TFA's proof?
When do all the apps save their state to disk so they can be recovered like that?
It was originally designed to allow a small inventor to not taken over or forced out of the market by a big company.
In theory, it was originally designed to encourage invention, and ensure that inventions got publicized. Protection for inventors is the means, not the end. I'm not even sure there was such a thing as big companies when US patent law was created.
I saw some of those bikes last weekend. Guess what? They were RED!!
Nominally, meaning in name only.
No, not all possible algorithms, but specifically the Dvorak one would surely be near the top of the list. I'm not saying it won't help, I'm just saying if it's something important you should make sure it's a strong password regardless. That way you don't have to worry about whether the obscurity is working.
Fair enough. My point is that plenty of security systems rely on secrets, but not on security through obscurity.
I was thinking of office computers rather than servers. If you have someone covertly surveilling a computer, then either your security is inadequate, or whatever they might take/disrupt is not worth the security measures it would require to defeat that. But basically yes, if your physical security is compromised, which could easily be the case in an insider attack, you're probably in trouble. As for keylogging, that would only be a vulnerability because the password is next to the machine, right? I don't know a whole lot about keyloggers other than I don't want one. :-)
I would say not by any useful definition. The real principle is that if a system depends on its design not being known, it's secure only through obscurity. The Dvorak system is like that, because if anybody knows you're using a substitution cypher, especially which one, it loses its security.
A good encryption system doesn't rely on security through obscurity just because the keys need to be kept secret. After all, any security system involves secrets, so such a broad definition of security through obscurity would render the term effectively meaningless.
The problem with this approach is that it fails if the password file itself becomes compromised. If that occurs the hacker can simply hash "passw@rd" and then look for any accounts using that hash.
Unless there's salt, which I hope there would be. That would not make the attack impossible, just much, much, slower.
That's security through obscurity. It's basically a substitution cypher that relies on the attacker not knowing it's being used. It's maybe fine for something like your slashdot account, but should not be relied on for real security.