For most things, a decent, random password isn't that bad. You can combine a password manager program, like KeePass, with a file sync solution, like Dropbox, and gain several security benefits without sacrificing much (if anything).
In my case, I've got 50-75 accounts on various websites, each one has a different strong password (i.e. 15 characters of mixed-case alpha, numeric, and special characters), but the only password I absolutely have to know is the passphrase for my KeePass database, which is significantly stronger. KeePass handles filling in the login credentials, I don't have to even try typing the passwords, it clears the clipboard when it's done, so it's fairly tough for malware to grab them out of memory, and Dropbox ensures that I've got a cached copy on nearly every device I use, including my phone.
Compare that with the problems of PKI: if I lose my USB, I've lost access to site accessed with those keys; certificates are only really useful if you've done some form of vetting to confirm that I am who I said I am, which means either costly, time-consuming processes for registering or the use of large, "trusted" 3rd parties, which have been subject to a variety of attacks over the years (think: virus writers getting a legitimate certificate from a major vendor with a hostname in the microsoft.com domain).
Why go through the expense, complexity, and risks posed by all keys on a single USB drive when there are perfectly useful password-based solutions already available that don't involve me trusting parties I don't know?
The real fix would be to get users to realize that there's no such thing as a secret when you're yelling loud enough that people a half a block away can hear you. Even if you're talking in code, chances are, if someone really wants to screw with you, they'll figure out how.
Wireless networking is a convenience, and at Layer 2, there probably isn't much that can be done to secure traffic. If you want secure, either use your own encryption (IPSEC, SSL/TLS, SSH, etc.) or use a wire.
Of course, this is why serious attackers on a switch don't try cloning MACs. They send gratuitous ARPs to the systems they want to sniff traffic from and pretend to be the default router. Or they take over the root of the spanning tree on the switch. Or they send an email to their target that says "Click this link to download nekkid pictures of " but actually installs a keystroke logger.
None of that is as hard as the 133t hax0rs want you to believe. Not trivial, and not undetectable, but not particularly difficult these days, thanks to Ettercap.
Of course, it's often cheaper and easier to just slip the janitor a $50 to have them photocopy all the CEO's garbage, but that doesn't sound nearly geeky enough:-)
OK, I'll bite. Even though I don't think Wikipedia is authoritative for anything, this entry contains a better reference list than I could include here. To summarize, depending on the film, the spacial resolution of 35mm film ranges from 4 to 20 megapixels, but moderately-priced DSLRs (i.e. bodies around $1,000) are typically only managing nominal rates of 14-15 (i.e. raw number of photo sensor sites). Even on those bodies, diffraction introduces blurriness that reduces the effective spacial resolution achieved (a full-frame sensor that has 15 million photo sites has an effective spacial resolution of only 14.2 megapixels, and it gets much worse with smaller sensors). Comparing the output sharpness of my 6 megapixel Nikon D50 DSLR vs. my 12 megapixel Canon PowerShot D10, the D50 images appear sharper despite having only half the absolute number of photo sensors.
In terms of dynamic range, film can typically handle 9-10 stops (again, determined by film and processing used), but even if your digital camera can capture 16 bits/pixel (which most can't, RAW is usually 12 bpp), when you actually go to display your image, it's typically an 8 bit format (JPEG, GIF, etc.), which has just 8 stops of range. Again, the digital format is hampered by the various algorithms used to compress data, reproduce on monitors, etc., so while the file format may be able to contain more stops, digital displays are rarely able to keep up. Compression algorithms, particularly in JPEG files, do horrible things to gradients, as well.
Grain is an issue with film, albeit one that's well understood by those using it for art/career. In film, you can select different films to utilize different grain patterns that compliment the subject at hand. The equivalent issue for digital is thermal noise, which has been much harder to deal with, aesthetically, since it can vary depending on color (i.e. some cameras have more chroma noise in the blue channel, etc.), quality, and consistency. Also, while I can switch grain pattern easily with film by putting in a different kind of film (cost: $5-10/roll), doing the same with digital thermal patterns means buying A WHOLE OTHER CAMERA (cost: hundreds or thousands of dollars).
Despite ALL that, I still shoot digital exclusively, and have done so for ten years, because the technological benefits (no quality degradation over time, no processing costs, archival storage capacity, shot capacity per unit of volume within a camera, etc.) outweigh the imaging/aesthetic benefits of film.
I showed you mine, now you show me yours. Where's YOUR data to back up your claim that "Digital beats film in every one of those characteristics"? Or are you just spouting off about the old farts and their antiquated ways without actually bothering to have any facts?
Having been taking pictures pseudo-seriously (i.e. not a pro, but not just doing birthday pictures of my kid) for a couple decades, I can say that there are pluses and minuses to each.
Kodachrome was a really high-quality film. It had great grain characteristics, wonderful color reproduction, and extremely good shelf-life. It's been very popular with the NatGeo set because it worked so well for capturing things like sunsets on the Serengeti. On the down-side, it was only made in relatively low speeds, ISO 200 or slower, so it wasn't well suited for photojournalism, sports, kids playing in the back yard, etc. It also used a different chemical process from other films (C-41 for print, E-6 for most other slide films, K-14 for Kodachrome), and the chemical process was quite a bit more complicated than even other slide films.
Velvia is a nice film, as well, but it has a tendency towards super-saturated colors, so it has a different feel from Kodachrome.
Digital has come a long way over the years, but it still lacks the dynamic range, resolution, and color reproduction capabilities of film, particularly the specialty films like Kodachrome or Tech Pan. Despite that, it's much cheaper to shoot, easier to handle, easier to process, easier to print, and lends itself much more readily to the Web than film does, which is why I haven't shot a single roll of film in ten or twelve years.
HIPAA doesn't require whole-disk encryption (WDE), but HITECH grants a safe-harbor exception for the breach notification if WDE was in place on media that's gone missing. Breach notification is hideously expensive, particularly for large organizations, even if you discount the short-term reputation losses.
Beyond that, you're pretty much spot-on. It's the company's network, so it's their rules, and employees have to abide by them to stay employed. If the company wants you to check email from home, then it's their expense to provide the necessary tools to accomplish the job.
Been using Dreamhost for several years now. On the plus side, the shared hosting is dirt cheap. By and large, the servers stay up and available on the Internet. There have been hiccups, but between support and customer service, I'm mostly satisfied.
Down side: shared hosting is shared hosting. My instance is on an old server, and they're trying to incentivize people to move off of it by not upgrading certain software (i.e. Rails is stuck at version 2.2.2). I could move to a newer server, but my client's also using DH and is on an old server. If I move, and they upgrade Rails again without telling me, it'll either break my integration server or it'll break the client's production server. Not fun, trust me. I've had the unwanted upgrades that broke the app happen twice now.
In the end, my cheap side is winning out over my quality side. I've not seen a VPS solution that'll handle Rails well for $10/month, so for now, I'm not moving. If you keep the problems of shared hosting in mind, DH is a good place.
If you haven't check out this study publicized in Wired, where they detected human emotion activity in the brain of a salmon. A dead salmon.
Just because the fMRI shows some colors, that doesn't necessarily mean that there's really cognition going on. It could just be false detections from imperfect scanning, or it could be scientists seeing patterns in data that don't really exist, or it could be the result of our imperfect understanding of how the brain works, or a whole slew of other things.
This is made worse by things like the Houben case, which used Facilitated Communication to "prove" that Houben had an intact consciousness. FC hasn't passed any rigorous scientific study (i.e. blind tests to prevent the facilitator's motivations/desires from modifying the results), but stories like Houben cause those with loved ones with sever brain damage in PVS to start clamoring that there may still be hope. James Randi has written about FC, and the Houben case in particular.
I couldn't care less to get my slashdot feed unencrypted.
Coming from a reasonably-free Western country, I can understand that attitude, but there are still problems. What if, for some reason, a government with jurisdiction over you decides to start monitoring Internet activity, looking for signs of insurrection? You're fine, because you're doing nothing wrong, so there's nothing for you to hide. But wait, you were in a chat room one night at the same time as a guy on their watchlist, so now you're connected to terrorists, and they'll be watching you more closely. And then, one day, you click a link to a news story from Slashdot, and the story's on Al Jazeera's website. It doesn't matter that the story's about the earthquake in Haiti, it could contain coded instructions, blah, blah, blah. And then, all the sudden, you go to this website that's encrypted. The encrypted traffic itself is a red flag, since it is unusual for your normal behavior, even if they can't see the data itself.
This is a real problem for people who truly need security. There are lots of places in the world where activists (freedom fighters, terrorists, whatever) need to be able to communicate securely, but the governments they're protesting explicitly watch for encrypted sessions as evidence of wrongdoing (think China, North Korea, Myanmar, etc.)
Even if you take governments out of the picture, there are still places where I might want even slashdot encrypted. Say, for example, I were to read slashdot from work (completely hypothetically, mind you:-), and I read a story that contained a comment with graphic sexual content. I didn't go there for that content, I might not have even read that far down the thread to see the text, but the network monitors at the office saw it, and now I'm getting looked at by security or HR. Sure, I'll probably be cleared for the one-off event, but the investigation will get logged, and they'll look more closely next time, etc.
It used to be the norm that there were places with an expectation of privacy, where governments and employers couldn't look without a court order. Ubiquitous Internet encryption moves us back towards that, which should be a good thing.
Two thoughts. First, there are times where it is better to be using a system that you know without a doubt is insecure than to use a system that appears secure, but isn't. At least with the known unsecure system, there's a chance that the user will stop and think "hmm, this is pretty sensitive, maybe I shouldn't be doing this over the unprotected link". If the user has that magic gold lock icon, they'll think they're secure even when they're not, which not only increases the chance of compromise, it also increases the chance that high-value data is compromised.
Second, key-signing parties are not a panacea. When it comes to trust and identity, how well do you really know people? There are exactly two people in the world that I can say with confidence that I'm 100% sure that I know who they are. I am the first (self-evident). My son is the other. I know that because I was in the room when he was born, he was handed to me, I carried him to another room, and he never left that room unless he was accompanied by either my wife or myself. Since then, he's been in our possession and we've maintained documentation of him (i.e. pictures, medical records, hand prints in clay, etc.)
For everyone else I know, there is no way for me to establish their identity with that level of certainty. I know that the people I call my parents today are the same people that I've called my parents for as long as I've had the concept of parent, but when it comes down to it, there's no way I can be sure that my father really is Bob Bitslinger and not, for example, D. B. Cooper, or Alice Cooper, or James Fennimore Cooper, and that's with someone that I've supposedly known my whole life.
Read Cory Doctorow's book Little Brother. It isn't particularly well written, and the story's a bit overblown, but it does a great job of explaining why key-signing parties don't solve the trust and identity problems in security.
Since I work in corporate computer security, I was going to post from that perspective, but then I decided to do the other side. Where I work, all employees have to sign one of those "everything I create at work belongs to the company" agreements. Combine that agreement with doing work on my personal computer at home. What happens if I come up with something cool, salable, and completely not related to my day job, but all that work was done on a machine that I also use in conjunction with my day job? What's to prevent my employer's lawyers from laying claim to my new product? After all, if I came up with any part of that product during a timeframe where I was also logged into work, they could reasonably claim that the private-time innovations were influenced by the simultaneous company-time activities. It would also be very difficult for me to prove the inverse (i.e. that there was no absolutely relationship between the two activities that were occurring at the same time on the same computer).
Beyond that, I don't trust my company to not do stupid things that would break my home computer (i.e. try to force out a patch or force-install the corporate antivirus software), search my home computer looking for content or software that's not approved for the work environment, use my private activities done on my own time with my own resources against me when it comes time for promotions, raises, insurance, etc.
In the end, I look at it this way: either me working from home is important to the company, in which case, it's the company's responsibility to provide the equipment/connectivity to do the job, or it isn't, in which case they can go fsck themselves when they ask me to work from home on my personal computer.
The problem is the difference between "provably secure" in theory and practice. From recent news Schneier's blog reports on a quantum encryption system that was provably secure that has been broken.
Sure, but what do we replace it with? We know that monarchy-type governments lead to tyranny, and the U.S. of A. is an existence proof of what happens when you elect people who determine the rules under which they operate, not to mention vote on their own salaries. What else is there?
I don't have any creased photos that I need to restore, but I've got boxes of matte finish prints that are a pain to scan. I wonder if a similar technique couldn't be used to automatically remove the scanning artifacts (little regularly-spaced crescent moon shapes) from those.
I work for a large company (50k+ employees). One of the bosses in my division has officially stated "If the job can be done from home, it can be done from India." With that attitude, digital nomad becomes something more akin to digital homeless.
I've been playing WoW for 3-4 years now, and I'm curious as to what unique experiences you're looking for. Getting ganked during the Stranglethorn fishing contest? Spending 40 hours fishing pools in Northrend trying to get the sea turtle mount? Watching some bot-based toon running in circles for some Chinese gold farmer? Spending 30 minutes challenging the door boss to get in to an instance?
While there aren't ends for the players, there are story lines that run through the game. Theoretically, they could easily pick something from the Lich King, the whole Scourge vs. everybody fight thing, but I suspect that pessimism here is warranted. I don't enjoy the game itself, per se. I like having something to do while chatting with guildies. That, and the achievement system integrates nicely with my OCD.
Perhaps poor form to reply to my own post, but I don't feel like replying to every comment individually, so I'm rolling up here.
First, most of the replies appear to be from people who stopped reading at "fire everyone with passwords on sticky notes", which means they missed the rest of my post: I agree with the findings of the paper and have started working towards implementing what I can in my environment. Long, complex passwords don't solve the main problems faced by businesses today (keyboard logging, password sniffing, and social engineering), and, since the things they do address aren't common, the net to a company is a loss of security.
Next, there were lots of replies stating that passwords are different from the examples I listed because passwords are ephemeral. I would agree if passwords changed every couple days; it takes me as much as a week before I stop swearing every time I try to unlock my screen after a password change. The thing is, I use the password every day, multiple times a day, for MONTHS. If that's not long enough to learn 8 bytes of new information, I don't know what is.
Similarly, people claim that the problem is having to change multiple passwords on different rotation schemes. Here, I agree. In my job, I have multiple accounts that I deal with, one primary that I use many times a day, but several others that I may only use once a month. I use a more secure version of the sticky note for those accounts: Keepass. It has an encrypted file stored on your primary system (a.k.a. the one you can learn a password for), and contains the passwords you don't use often enough to commit to long-term memory. Keepass is free, it works, and it includes a password generator to help you pick new passwords. Between repetition of my primary password and Keepass, I can log into all the systems required for my job and it doesn't involve disclosing passwords to the janitor.
Finally, many people mentioned how passwords simply aren't important to people, and that's why people can't remember them. In my view, either the accounts are personal (i.e. my bank account, my/. account, etc.), in which case the password SHOULD be important to me, since it's MY data, or the account is on my employer's system, in which case the password SHOULD be important to me, as failure to protect my employer's data could result in me being fired. If loss of my own information or the loss of my job aren't important enough reasons to remember passwords, I'm not sure what would be. If it were my job to unlock the store first thing in the morning and I kept forgetting to bring the key in, I'd be fired. If I had the key to the store and gave it to someone because they offered me a candy bar, I'd be fired. Just because passwords protect data instead of physical goods doesn't mean that passwords are any less important than physical keys.
I run the secured FTP server for my company, and I'm finding that FTPS survives through one layer of protection (i.e. a NAT on one end), but it dies if there are more (i.e. NAT on one end, firewall on the other). It isn't 100%, we do have some users that are just fine on FTPS, but the vast majority of my users are coming in through SSH-based SFTP.
Glad to see you read the first paragraph of my post. Did you happen to see the end, where I said that I agreed with the paper, increasing password complexity doesn't solve the problems that we face today, and that I'm engaging my management with an eye towards changing our password policy?
But, since you brought it up, sure those don't change, but we have all sorts of information that we learn every day. If you're a programmer, you might have to learn a new technique, the parameters for a new method invocation, whatever. The password itself doesn't change for six months (in the parent's example), so while the first few days or so are a pain, it is possible to learn one new eight character "word" twice a year.
Passwords are FAR from perfect, but for most businesses, the alternatives are too costly to implement for the incremental gains. Biometrics always get mentioned, as do their inherent weaknesses (jello fingers, photocopies, etc.) PKI is perennially "next year's hot technology", but it never gets implemented because of the staggering costs and the inherent problems of determining who you really trust. One-time password tokens are a proven technology, but they're expensive to deploy, wear out after a fairly short time period, and are easily lost/stolen. All of the other technologies still have training and management issues for the users. Compared with those options, keeping passwords makes business sense.
The problem is that the same people who won't pay for other authentication methods also read in CIO Weekly about the latest brute-force attack that cracks 14 bajillion passwords a second, and they think that longer, more complex passwords equal better security. Same goes for the external auditors. Everyone's been schooled in longer=better when it comes to password strength, so that's all they care about. This is the mindset that needs to be changed, but it won't happen over night. I'm doing what I can for my users here, but the rest of you are on your own:-)
Do you remember your mother's birthday? Your anniversary? Who won the last 5 World Series? The name of the first girl you had a crush on? What I'd mean if I were to say "Ni!" to an old woman? While you might not know all of them (I have no clue who won the most recent World Series, nor do I care), I'm sure you know all sorts of similarly esoteric information.
People can remember all sorts of information, if it is important enough to them. People look at passwords as inconveniences at best.
If you can't manage to remember one new chunk of information every 6 months, seems to me you're woefully over-employed. Perhaps you'd remember better if your boss would walk around and fire everyone with passwords on sticky notes.
Having said that, I did read the paper, and I agree with the conclusion the author makes: long, complex passwords only work to deter offline brute-force attacks and, to some extent, shoulder surfing. Both of these attacks are not likely these days. It is time for those of us in the computer security field (and yes, I am one of them) to take a hard look at our treasured "standards" and make sure that they still apply. I've already started discussions with my management with an eye towards implementing some of the recommendations. To be honest, I doubt management will agree to lower the password complexity rules since a) they haven't read the paper, and b) neither have the auditors, but I want to get the conversation started so we can do the other things (improve analysis of the log files).
According to US law, at least (and not always followed by US cops, I might add), whether the evidence on the secondary offense is admissible or not depends on how it was found. If a cop pulls over a car for speeding and sees an open container of beer sitting on the seat next to the driver, the open container is typically admissible. If, on the other hand, the cops raid a house looking for a stolen 62" television and, as long as they're in the house, decide to check in the toilet tank and find a stash of cocaine, that typically is not, since searching the toilet wouldn't have been part of the search for the big TV. Likewise, the original warrant would probably not allow the cops to bring along drug-sniffing dogs on a search for a stolen TV. Of course, I'm generalizing here, and am not a lawyer, but you get the picture.
Thus far, the same principles apply to computer searches. If the warrant says that the cops are looking for evidence related to illegal gambling operations on the computer, the cops are typically not allowed to search for non-related keywords (i.e. "lolita", "cocaine", etc.) unless such terms show up in documents found by the warranted search. If, in reviewing a document named IllegalGamblingProfits.doc, they see a reference to cocaine sales, the cops may have just cause to perform another search looking for cocaine. Since they've already got the computer at that point, though, they'd be better off to go back to the judge and get a 2nd warrant that authorizes the cocaine search, but given the similarities between finding the information in an admissible piece of evidence and seeing the open container in plain sight, I can see how a judge would give the benefit of the doubt in court.
I can't quite tell what the cops in TFA are asking for, though. If, on the one side, they want to be able to bring along a device that's pre-configured with the search terms for the warrant (gambling terms, from the above example), such a device would theoretically be legal in the US, since it would simply be automating the search that would otherwise have been performed by the trained analyst. If, on the other side, they want a device that identifies any illegal activity, that should be unconstitutional for 4th Amendment reasons.
All of the legal discussion ignores the technical aspects. I am a professional forensic analyst, and with relatively good hardware (dual 64-bit CPUs, 10k RPM SATA drives, 4GB of RAM, etc.) it can take hours to perform even a simple search with a small list (i.e. fewer than 5) of static (i.e. non-regex) keywords. Adding complexity in, or adding keywords, can increase the search time to days. There's no way that untrained cops could simply plug a device into a suspect's 5 year old laptop and be able to get results back in less than an hour, and that's not counting the potential modifications to the evidence caused by booting without a write-blocker, doing deleted-file recovery, opening compound files (Outlook offline storage, ZIP files, etc.) or doing signature analysis to identify obfuscated data. Don't even think about it if the suspect thought enough to use encryption.
The cops may want something like this, but it will probably be the laws of physics that prevent it and not the Constitution.
The big thing that most users don't quite catch is that "protected to the same level as the work PC" means that you can't install unapproved software at home, either. This means no games, no Quicken, no TurboTax, no Elf Bowling, etc. It would also mean that the employee would be the only user allowed to use said home computer (i.e. no spouse, no kids, no parents).
Part of the problem is corporations are pushing all of this work responsibility off on employees and trying to avoid the associated costs. If the company says "You must do work from home", the associated cost is either ensuring that the laptop assigned to the employee is sufficient to do the work or purchasing a separate desktop for the employee's home. If the requirement is for rapid response from the employee even when away from the desk, then the cost is paying for a capable smart phone and associated service. Companies want to push the costs on employees, but we, as employees, should tell them to go screw themselves. I'm not paying my money to subsidize my boss' bonus.
Completely true, and one of the big reasons that I believe that static passwords provide almost no security. I'd much rather see the use of stronger authentication methods, such as SecurID tokens or digital certificates, which really do improve security without the extreme pain caused to end-users by passwords that can be cracked in a few minutes anyway.
Here we get back into the whole "security is overhead until after compromize, and then they're scapegoats" mode. Both token and certificate-based authentication cost HUGE amounts of money. They require adding servers, more administrative work, and frequently more hardware on the workstation, so very few companies actually deploy them, despite the obvious benefits.
Sometimes the 'user mindset' gets silly. I often find our users think they're so important to the company that they're justified in doing ANYTHING, including surfing for porn in open cubicles during business hours at world headquarters with tour groups walking past. Or, more frightening, to cover up their ignorance or to short-cut understanding... blah, blah, blah.
Sure, there are roadblock powertrippers out there in the IT security field, just as there are in pretty much any security field (CIA, cops, mall security, etc.) On the other hand, there are legitimate risks out there that do have real-world bottom-line consequences. No one thinks that viruses are a big deal until you've got an entire factory floor idled because the controller's infected. No one thinks that they'll be hacked and make the news for it, but they do (Caterpillar, TJX, even security company Guidance Software, to name a few).
What gets me down about my job (yes, I'm in IT security) is not the adversarial nature of it. What really gets me is that absolutely NO ONE really wants security implemented until AFTER the company makes the Wall Street Journal for being hacked. Who gets fired on that day? Often times, it's the security people, despite the fact that they'd been trying to implement countermeasures that would have at least reduced the damage from the attack. Until your company makes the WSJ, security is overhead, a liability, a roadblock. Afterwards, they're the ones who let the barbarians through the gates, regardless of how many times the board denied funding security projects.
I used to be jazzed about IT security, but 10+ years of being told that nothing overrides the business need, and that I'm nothing but a roadblock has ground me down to the point where I'm just punching the clock and trying to figure out what career path to do next.
And to all you whiny, lazy, good-for-nothing assholes who can't remember their precious password: Can you remember where your car keys are? Your Social Security Number? Your birthdate? Your wife's birthdate? The phone number to the restaurant that delivers your dinner? The name of the girl you had a crush on in 4th grade? People remember all sorts of things when they want to, and when it's important to them. Now, think about this... if your company makes the WSJ because you set your password to Ripken09, who are they going to fire? Yeah, you're right: they'll can the poor security schmuck that's dedicated his career to compensating for stupid pukes like you, but you'll probably keep your job since there really wasn't much that could be done about the hacker anyway.
I guess there's the problem in a nutshell. The only people who care enough about security to do something about it are those who stand a chance of losing something when security fails. The vast majority of the time, the only people at risk are the security guys.
Holy crap, I just re-read that. Never realized how bitter and vindictive I've become. I got to get me a new job!
Do you honestly believe that you or your employees are going to build a system with higher availability than Google? In the magical fantasy world we all wish we lived in, you may have the budget, skill, manpower, and infrastructure resources to do this. In the real world it is not even remotely possible.
Do I believe it? You betcha! While my company doesn't have 100% uptime for every employee all the time, we haven't suffered an across-the-board outage of a critical system (i.e. email, ERP, core business applications, etc.) in the 11 years that I've been here. Sure, we'll lose an email server once in a while, but we have many such servers, so the loss of a single system only impacts a few thousand employees tops. That's far better than impacting ALL our employees if Google has an outage. And don't get me started about the idea of not being able to do word processing just because a WAN link is down. How on earth could you run a business that way???
And it's possible to provide uptime even in the event of widespread events, such as flooding, tornadoes, etc. We have multiple datacenters, geographically dispersed. Each center has multiple Internet connections through multiple providers carefully chosen such that the lines go to different cities (i.e. one link to Chicago, one to Denver). Similarly, our power is connected to multiple grids, with the feeds coming in on opposite ends of the buildings. Critical centers have on-site generators spec'd to handle 100% load of the datacenter and requisite support stations, plus enough battery backup to allow for all systems to continue running between loss of grid feed and when the generators are spun up, not to mention on-site diesel sufficient for several days of operations and contracts to get more as needed.
Was this cheap? Not in the least. Was it worth it? Definitely. We kept our main datacenter running without interruption during a week that saw multiple weather events (i.e. tornadoes, flooding, lightning-related power loss, etc.) when every building around ours for multiple miles was without power.
Slashdot Mirror
For most things, a decent, random password isn't that bad. You can combine a password manager program, like KeePass, with a file sync solution, like Dropbox, and gain several security benefits without sacrificing much (if anything).
In my case, I've got 50-75 accounts on various websites, each one has a different strong password (i.e. 15 characters of mixed-case alpha, numeric, and special characters), but the only password I absolutely have to know is the passphrase for my KeePass database, which is significantly stronger. KeePass handles filling in the login credentials, I don't have to even try typing the passwords, it clears the clipboard when it's done, so it's fairly tough for malware to grab them out of memory, and Dropbox ensures that I've got a cached copy on nearly every device I use, including my phone.
Compare that with the problems of PKI: if I lose my USB, I've lost access to site accessed with those keys; certificates are only really useful if you've done some form of vetting to confirm that I am who I said I am, which means either costly, time-consuming processes for registering or the use of large, "trusted" 3rd parties, which have been subject to a variety of attacks over the years (think: virus writers getting a legitimate certificate from a major vendor with a hostname in the microsoft.com domain).
Why go through the expense, complexity, and risks posed by all keys on a single USB drive when there are perfectly useful password-based solutions already available that don't involve me trusting parties I don't know?
The real fix would be to get users to realize that there's no such thing as a secret when you're yelling loud enough that people a half a block away can hear you. Even if you're talking in code, chances are, if someone really wants to screw with you, they'll figure out how.
Wireless networking is a convenience, and at Layer 2, there probably isn't much that can be done to secure traffic. If you want secure, either use your own encryption (IPSEC, SSL/TLS, SSH, etc.) or use a wire.
Of course, this is why serious attackers on a switch don't try cloning MACs. They send gratuitous ARPs to the systems they want to sniff traffic from and pretend to be the default router. Or they take over the root of the spanning tree on the switch. Or they send an email to their target that says "Click this link to download nekkid pictures of " but actually installs a keystroke logger.
None of that is as hard as the 133t hax0rs want you to believe. Not trivial, and not undetectable, but not particularly difficult these days, thanks to Ettercap.
Of course, it's often cheaper and easier to just slip the janitor a $50 to have them photocopy all the CEO's garbage, but that doesn't sound nearly geeky enough :-)
OK, I'll bite. Even though I don't think Wikipedia is authoritative for anything, this entry contains a better reference list than I could include here. To summarize, depending on the film, the spacial resolution of 35mm film ranges from 4 to 20 megapixels, but moderately-priced DSLRs (i.e. bodies around $1,000) are typically only managing nominal rates of 14-15 (i.e. raw number of photo sensor sites). Even on those bodies, diffraction introduces blurriness that reduces the effective spacial resolution achieved (a full-frame sensor that has 15 million photo sites has an effective spacial resolution of only 14.2 megapixels, and it gets much worse with smaller sensors). Comparing the output sharpness of my 6 megapixel Nikon D50 DSLR vs. my 12 megapixel Canon PowerShot D10, the D50 images appear sharper despite having only half the absolute number of photo sensors.
In terms of dynamic range, film can typically handle 9-10 stops (again, determined by film and processing used), but even if your digital camera can capture 16 bits/pixel (which most can't, RAW is usually 12 bpp), when you actually go to display your image, it's typically an 8 bit format (JPEG, GIF, etc.), which has just 8 stops of range. Again, the digital format is hampered by the various algorithms used to compress data, reproduce on monitors, etc., so while the file format may be able to contain more stops, digital displays are rarely able to keep up. Compression algorithms, particularly in JPEG files, do horrible things to gradients, as well.
Grain is an issue with film, albeit one that's well understood by those using it for art/career. In film, you can select different films to utilize different grain patterns that compliment the subject at hand. The equivalent issue for digital is thermal noise, which has been much harder to deal with, aesthetically, since it can vary depending on color (i.e. some cameras have more chroma noise in the blue channel, etc.), quality, and consistency. Also, while I can switch grain pattern easily with film by putting in a different kind of film (cost: $5-10/roll), doing the same with digital thermal patterns means buying A WHOLE OTHER CAMERA (cost: hundreds or thousands of dollars).
Despite ALL that, I still shoot digital exclusively, and have done so for ten years, because the technological benefits (no quality degradation over time, no processing costs, archival storage capacity, shot capacity per unit of volume within a camera, etc.) outweigh the imaging/aesthetic benefits of film.
I showed you mine, now you show me yours. Where's YOUR data to back up your claim that "Digital beats film in every one of those characteristics"? Or are you just spouting off about the old farts and their antiquated ways without actually bothering to have any facts?
Having been taking pictures pseudo-seriously (i.e. not a pro, but not just doing birthday pictures of my kid) for a couple decades, I can say that there are pluses and minuses to each.
Kodachrome was a really high-quality film. It had great grain characteristics, wonderful color reproduction, and extremely good shelf-life. It's been very popular with the NatGeo set because it worked so well for capturing things like sunsets on the Serengeti. On the down-side, it was only made in relatively low speeds, ISO 200 or slower, so it wasn't well suited for photojournalism, sports, kids playing in the back yard, etc. It also used a different chemical process from other films (C-41 for print, E-6 for most other slide films, K-14 for Kodachrome), and the chemical process was quite a bit more complicated than even other slide films.
Velvia is a nice film, as well, but it has a tendency towards super-saturated colors, so it has a different feel from Kodachrome.
Digital has come a long way over the years, but it still lacks the dynamic range, resolution, and color reproduction capabilities of film, particularly the specialty films like Kodachrome or Tech Pan. Despite that, it's much cheaper to shoot, easier to handle, easier to process, easier to print, and lends itself much more readily to the Web than film does, which is why I haven't shot a single roll of film in ten or twelve years.
HIPAA doesn't require whole-disk encryption (WDE), but HITECH grants a safe-harbor exception for the breach notification if WDE was in place on media that's gone missing. Breach notification is hideously expensive, particularly for large organizations, even if you discount the short-term reputation losses.
Beyond that, you're pretty much spot-on. It's the company's network, so it's their rules, and employees have to abide by them to stay employed. If the company wants you to check email from home, then it's their expense to provide the necessary tools to accomplish the job.
Been using Dreamhost for several years now. On the plus side, the shared hosting is dirt cheap. By and large, the servers stay up and available on the Internet. There have been hiccups, but between support and customer service, I'm mostly satisfied.
Down side: shared hosting is shared hosting. My instance is on an old server, and they're trying to incentivize people to move off of it by not upgrading certain software (i.e. Rails is stuck at version 2.2.2). I could move to a newer server, but my client's also using DH and is on an old server. If I move, and they upgrade Rails again without telling me, it'll either break my integration server or it'll break the client's production server. Not fun, trust me. I've had the unwanted upgrades that broke the app happen twice now.
In the end, my cheap side is winning out over my quality side. I've not seen a VPS solution that'll handle Rails well for $10/month, so for now, I'm not moving. If you keep the problems of shared hosting in mind, DH is a good place.
If you haven't check out this study publicized in Wired, where they detected human emotion activity in the brain of a salmon. A dead salmon.
Just because the fMRI shows some colors, that doesn't necessarily mean that there's really cognition going on. It could just be false detections from imperfect scanning, or it could be scientists seeing patterns in data that don't really exist, or it could be the result of our imperfect understanding of how the brain works, or a whole slew of other things.
This is made worse by things like the Houben case, which used Facilitated Communication to "prove" that Houben had an intact consciousness. FC hasn't passed any rigorous scientific study (i.e. blind tests to prevent the facilitator's motivations/desires from modifying the results), but stories like Houben cause those with loved ones with sever brain damage in PVS to start clamoring that there may still be hope. James Randi has written about FC, and the Houben case in particular.
I couldn't care less to get my slashdot feed unencrypted.
Coming from a reasonably-free Western country, I can understand that attitude, but there are still problems. What if, for some reason, a government with jurisdiction over you decides to start monitoring Internet activity, looking for signs of insurrection? You're fine, because you're doing nothing wrong, so there's nothing for you to hide. But wait, you were in a chat room one night at the same time as a guy on their watchlist, so now you're connected to terrorists, and they'll be watching you more closely. And then, one day, you click a link to a news story from Slashdot, and the story's on Al Jazeera's website. It doesn't matter that the story's about the earthquake in Haiti, it could contain coded instructions, blah, blah, blah. And then, all the sudden, you go to this website that's encrypted. The encrypted traffic itself is a red flag, since it is unusual for your normal behavior, even if they can't see the data itself.
This is a real problem for people who truly need security. There are lots of places in the world where activists (freedom fighters, terrorists, whatever) need to be able to communicate securely, but the governments they're protesting explicitly watch for encrypted sessions as evidence of wrongdoing (think China, North Korea, Myanmar, etc.)
Even if you take governments out of the picture, there are still places where I might want even slashdot encrypted. Say, for example, I were to read slashdot from work (completely hypothetically, mind you :-), and I read a story that contained a comment with graphic sexual content. I didn't go there for that content, I might not have even read that far down the thread to see the text, but the network monitors at the office saw it, and now I'm getting looked at by security or HR. Sure, I'll probably be cleared for the one-off event, but the investigation will get logged, and they'll look more closely next time, etc.
It used to be the norm that there were places with an expectation of privacy, where governments and employers couldn't look without a court order. Ubiquitous Internet encryption moves us back towards that, which should be a good thing.
Two thoughts. First, there are times where it is better to be using a system that you know without a doubt is insecure than to use a system that appears secure, but isn't. At least with the known unsecure system, there's a chance that the user will stop and think "hmm, this is pretty sensitive, maybe I shouldn't be doing this over the unprotected link". If the user has that magic gold lock icon, they'll think they're secure even when they're not, which not only increases the chance of compromise, it also increases the chance that high-value data is compromised.
Second, key-signing parties are not a panacea. When it comes to trust and identity, how well do you really know people? There are exactly two people in the world that I can say with confidence that I'm 100% sure that I know who they are. I am the first (self-evident). My son is the other. I know that because I was in the room when he was born, he was handed to me, I carried him to another room, and he never left that room unless he was accompanied by either my wife or myself. Since then, he's been in our possession and we've maintained documentation of him (i.e. pictures, medical records, hand prints in clay, etc.)
For everyone else I know, there is no way for me to establish their identity with that level of certainty. I know that the people I call my parents today are the same people that I've called my parents for as long as I've had the concept of parent, but when it comes down to it, there's no way I can be sure that my father really is Bob Bitslinger and not, for example, D. B. Cooper, or Alice Cooper, or James Fennimore Cooper, and that's with someone that I've supposedly known my whole life.
Read Cory Doctorow's book Little Brother. It isn't particularly well written, and the story's a bit overblown, but it does a great job of explaining why key-signing parties don't solve the trust and identity problems in security.
Since I work in corporate computer security, I was going to post from that perspective, but then I decided to do the other side. Where I work, all employees have to sign one of those "everything I create at work belongs to the company" agreements. Combine that agreement with doing work on my personal computer at home. What happens if I come up with something cool, salable, and completely not related to my day job, but all that work was done on a machine that I also use in conjunction with my day job? What's to prevent my employer's lawyers from laying claim to my new product? After all, if I came up with any part of that product during a timeframe where I was also logged into work, they could reasonably claim that the private-time innovations were influenced by the simultaneous company-time activities. It would also be very difficult for me to prove the inverse (i.e. that there was no absolutely relationship between the two activities that were occurring at the same time on the same computer).
Beyond that, I don't trust my company to not do stupid things that would break my home computer (i.e. try to force out a patch or force-install the corporate antivirus software), search my home computer looking for content or software that's not approved for the work environment, use my private activities done on my own time with my own resources against me when it comes time for promotions, raises, insurance, etc.
In the end, I look at it this way: either me working from home is important to the company, in which case, it's the company's responsibility to provide the equipment/connectivity to do the job, or it isn't, in which case they can go fsck themselves when they ask me to work from home on my personal computer.
The problem is the difference between "provably secure" in theory and practice. From recent news Schneier's blog reports on a quantum encryption system that was provably secure that has been broken.
Sure, but what do we replace it with? We know that monarchy-type governments lead to tyranny, and the U.S. of A. is an existence proof of what happens when you elect people who determine the rules under which they operate, not to mention vote on their own salaries. What else is there?
I don't have any creased photos that I need to restore, but I've got boxes of matte finish prints that are a pain to scan. I wonder if a similar technique couldn't be used to automatically remove the scanning artifacts (little regularly-spaced crescent moon shapes) from those.
I work for a large company (50k+ employees). One of the bosses in my division has officially stated "If the job can be done from home, it can be done from India." With that attitude, digital nomad becomes something more akin to digital homeless.
I've been playing WoW for 3-4 years now, and I'm curious as to what unique experiences you're looking for. Getting ganked during the Stranglethorn fishing contest? Spending 40 hours fishing pools in Northrend trying to get the sea turtle mount? Watching some bot-based toon running in circles for some Chinese gold farmer? Spending 30 minutes challenging the door boss to get in to an instance?
While there aren't ends for the players, there are story lines that run through the game. Theoretically, they could easily pick something from the Lich King, the whole Scourge vs. everybody fight thing, but I suspect that pessimism here is warranted. I don't enjoy the game itself, per se. I like having something to do while chatting with guildies. That, and the achievement system integrates nicely with my OCD.
Perhaps poor form to reply to my own post, but I don't feel like replying to every comment individually, so I'm rolling up here.
First, most of the replies appear to be from people who stopped reading at "fire everyone with passwords on sticky notes", which means they missed the rest of my post: I agree with the findings of the paper and have started working towards implementing what I can in my environment. Long, complex passwords don't solve the main problems faced by businesses today (keyboard logging, password sniffing, and social engineering), and, since the things they do address aren't common, the net to a company is a loss of security.
Next, there were lots of replies stating that passwords are different from the examples I listed because passwords are ephemeral. I would agree if passwords changed every couple days; it takes me as much as a week before I stop swearing every time I try to unlock my screen after a password change. The thing is, I use the password every day, multiple times a day, for MONTHS. If that's not long enough to learn 8 bytes of new information, I don't know what is.
Similarly, people claim that the problem is having to change multiple passwords on different rotation schemes. Here, I agree. In my job, I have multiple accounts that I deal with, one primary that I use many times a day, but several others that I may only use once a month. I use a more secure version of the sticky note for those accounts: Keepass. It has an encrypted file stored on your primary system (a.k.a. the one you can learn a password for), and contains the passwords you don't use often enough to commit to long-term memory. Keepass is free, it works, and it includes a password generator to help you pick new passwords. Between repetition of my primary password and Keepass, I can log into all the systems required for my job and it doesn't involve disclosing passwords to the janitor.
Finally, many people mentioned how passwords simply aren't important to people, and that's why people can't remember them. In my view, either the accounts are personal (i.e. my bank account, my /. account, etc.), in which case the password SHOULD be important to me, since it's MY data, or the account is on my employer's system, in which case the password SHOULD be important to me, as failure to protect my employer's data could result in me being fired. If loss of my own information or the loss of my job aren't important enough reasons to remember passwords, I'm not sure what would be. If it were my job to unlock the store first thing in the morning and I kept forgetting to bring the key in, I'd be fired. If I had the key to the store and gave it to someone because they offered me a candy bar, I'd be fired. Just because passwords protect data instead of physical goods doesn't mean that passwords are any less important than physical keys.
I run the secured FTP server for my company, and I'm finding that FTPS survives through one layer of protection (i.e. a NAT on one end), but it dies if there are more (i.e. NAT on one end, firewall on the other). It isn't 100%, we do have some users that are just fine on FTPS, but the vast majority of my users are coming in through SSH-based SFTP.
Glad to see you read the first paragraph of my post. Did you happen to see the end, where I said that I agreed with the paper, increasing password complexity doesn't solve the problems that we face today, and that I'm engaging my management with an eye towards changing our password policy?
But, since you brought it up, sure those don't change, but we have all sorts of information that we learn every day. If you're a programmer, you might have to learn a new technique, the parameters for a new method invocation, whatever. The password itself doesn't change for six months (in the parent's example), so while the first few days or so are a pain, it is possible to learn one new eight character "word" twice a year.
Passwords are FAR from perfect, but for most businesses, the alternatives are too costly to implement for the incremental gains. Biometrics always get mentioned, as do their inherent weaknesses (jello fingers, photocopies, etc.) PKI is perennially "next year's hot technology", but it never gets implemented because of the staggering costs and the inherent problems of determining who you really trust. One-time password tokens are a proven technology, but they're expensive to deploy, wear out after a fairly short time period, and are easily lost/stolen. All of the other technologies still have training and management issues for the users. Compared with those options, keeping passwords makes business sense.
The problem is that the same people who won't pay for other authentication methods also read in CIO Weekly about the latest brute-force attack that cracks 14 bajillion passwords a second, and they think that longer, more complex passwords equal better security. Same goes for the external auditors. Everyone's been schooled in longer=better when it comes to password strength, so that's all they care about. This is the mindset that needs to be changed, but it won't happen over night. I'm doing what I can for my users here, but the rest of you are on your own :-)
Do you remember your mother's birthday? Your anniversary? Who won the last 5 World Series? The name of the first girl you had a crush on? What I'd mean if I were to say "Ni!" to an old woman? While you might not know all of them (I have no clue who won the most recent World Series, nor do I care), I'm sure you know all sorts of similarly esoteric information.
People can remember all sorts of information, if it is important enough to them. People look at passwords as inconveniences at best.
If you can't manage to remember one new chunk of information every 6 months, seems to me you're woefully over-employed. Perhaps you'd remember better if your boss would walk around and fire everyone with passwords on sticky notes.
Having said that, I did read the paper, and I agree with the conclusion the author makes: long, complex passwords only work to deter offline brute-force attacks and, to some extent, shoulder surfing. Both of these attacks are not likely these days. It is time for those of us in the computer security field (and yes, I am one of them) to take a hard look at our treasured "standards" and make sure that they still apply. I've already started discussions with my management with an eye towards implementing some of the recommendations. To be honest, I doubt management will agree to lower the password complexity rules since a) they haven't read the paper, and b) neither have the auditors, but I want to get the conversation started so we can do the other things (improve analysis of the log files).
According to US law, at least (and not always followed by US cops, I might add), whether the evidence on the secondary offense is admissible or not depends on how it was found. If a cop pulls over a car for speeding and sees an open container of beer sitting on the seat next to the driver, the open container is typically admissible. If, on the other hand, the cops raid a house looking for a stolen 62" television and, as long as they're in the house, decide to check in the toilet tank and find a stash of cocaine, that typically is not, since searching the toilet wouldn't have been part of the search for the big TV. Likewise, the original warrant would probably not allow the cops to bring along drug-sniffing dogs on a search for a stolen TV. Of course, I'm generalizing here, and am not a lawyer, but you get the picture.
Thus far, the same principles apply to computer searches. If the warrant says that the cops are looking for evidence related to illegal gambling operations on the computer, the cops are typically not allowed to search for non-related keywords (i.e. "lolita", "cocaine", etc.) unless such terms show up in documents found by the warranted search. If, in reviewing a document named IllegalGamblingProfits.doc, they see a reference to cocaine sales, the cops may have just cause to perform another search looking for cocaine. Since they've already got the computer at that point, though, they'd be better off to go back to the judge and get a 2nd warrant that authorizes the cocaine search, but given the similarities between finding the information in an admissible piece of evidence and seeing the open container in plain sight, I can see how a judge would give the benefit of the doubt in court.
I can't quite tell what the cops in TFA are asking for, though. If, on the one side, they want to be able to bring along a device that's pre-configured with the search terms for the warrant (gambling terms, from the above example), such a device would theoretically be legal in the US, since it would simply be automating the search that would otherwise have been performed by the trained analyst. If, on the other side, they want a device that identifies any illegal activity, that should be unconstitutional for 4th Amendment reasons.
All of the legal discussion ignores the technical aspects. I am a professional forensic analyst, and with relatively good hardware (dual 64-bit CPUs, 10k RPM SATA drives, 4GB of RAM, etc.) it can take hours to perform even a simple search with a small list (i.e. fewer than 5) of static (i.e. non-regex) keywords. Adding complexity in, or adding keywords, can increase the search time to days. There's no way that untrained cops could simply plug a device into a suspect's 5 year old laptop and be able to get results back in less than an hour, and that's not counting the potential modifications to the evidence caused by booting without a write-blocker, doing deleted-file recovery, opening compound files (Outlook offline storage, ZIP files, etc.) or doing signature analysis to identify obfuscated data. Don't even think about it if the suspect thought enough to use encryption.
The cops may want something like this, but it will probably be the laws of physics that prevent it and not the Constitution.
The big thing that most users don't quite catch is that "protected to the same level as the work PC" means that you can't install unapproved software at home, either. This means no games, no Quicken, no TurboTax, no Elf Bowling, etc. It would also mean that the employee would be the only user allowed to use said home computer (i.e. no spouse, no kids, no parents).
Part of the problem is corporations are pushing all of this work responsibility off on employees and trying to avoid the associated costs. If the company says "You must do work from home", the associated cost is either ensuring that the laptop assigned to the employee is sufficient to do the work or purchasing a separate desktop for the employee's home. If the requirement is for rapid response from the employee even when away from the desk, then the cost is paying for a capable smart phone and associated service. Companies want to push the costs on employees, but we, as employees, should tell them to go screw themselves. I'm not paying my money to subsidize my boss' bonus.
Completely true, and one of the big reasons that I believe that static passwords provide almost no security. I'd much rather see the use of stronger authentication methods, such as SecurID tokens or digital certificates, which really do improve security without the extreme pain caused to end-users by passwords that can be cracked in a few minutes anyway.
Here we get back into the whole "security is overhead until after compromize, and then they're scapegoats" mode. Both token and certificate-based authentication cost HUGE amounts of money. They require adding servers, more administrative work, and frequently more hardware on the workstation, so very few companies actually deploy them, despite the obvious benefits.
Sometimes the 'user mindset' gets silly. I often find our users think they're so important to the company that they're justified in doing ANYTHING, including surfing for porn in open cubicles during business hours at world headquarters with tour groups walking past. Or, more frightening, to cover up their ignorance or to short-cut understanding... blah, blah, blah.
Sure, there are roadblock powertrippers out there in the IT security field, just as there are in pretty much any security field (CIA, cops, mall security, etc.) On the other hand, there are legitimate risks out there that do have real-world bottom-line consequences. No one thinks that viruses are a big deal until you've got an entire factory floor idled because the controller's infected. No one thinks that they'll be hacked and make the news for it, but they do (Caterpillar, TJX, even security company Guidance Software, to name a few).
What gets me down about my job (yes, I'm in IT security) is not the adversarial nature of it. What really gets me is that absolutely NO ONE really wants security implemented until AFTER the company makes the Wall Street Journal for being hacked. Who gets fired on that day? Often times, it's the security people, despite the fact that they'd been trying to implement countermeasures that would have at least reduced the damage from the attack. Until your company makes the WSJ, security is overhead, a liability, a roadblock. Afterwards, they're the ones who let the barbarians through the gates, regardless of how many times the board denied funding security projects.
I used to be jazzed about IT security, but 10+ years of being told that nothing overrides the business need, and that I'm nothing but a roadblock has ground me down to the point where I'm just punching the clock and trying to figure out what career path to do next.
And to all you whiny, lazy, good-for-nothing assholes who can't remember their precious password: Can you remember where your car keys are? Your Social Security Number? Your birthdate? Your wife's birthdate? The phone number to the restaurant that delivers your dinner? The name of the girl you had a crush on in 4th grade? People remember all sorts of things when they want to, and when it's important to them. Now, think about this... if your company makes the WSJ because you set your password to Ripken09, who are they going to fire? Yeah, you're right: they'll can the poor security schmuck that's dedicated his career to compensating for stupid pukes like you, but you'll probably keep your job since there really wasn't much that could be done about the hacker anyway.
I guess there's the problem in a nutshell. The only people who care enough about security to do something about it are those who stand a chance of losing something when security fails. The vast majority of the time, the only people at risk are the security guys.
Holy crap, I just re-read that. Never realized how bitter and vindictive I've become. I got to get me a new job!
Do you honestly believe that you or your employees are going to build a system with higher availability than Google? In the magical fantasy world we all wish we lived in, you may have the budget, skill, manpower, and infrastructure resources to do this. In the real world it is not even remotely possible.
Do I believe it? You betcha! While my company doesn't have 100% uptime for every employee all the time, we haven't suffered an across-the-board outage of a critical system (i.e. email, ERP, core business applications, etc.) in the 11 years that I've been here. Sure, we'll lose an email server once in a while, but we have many such servers, so the loss of a single system only impacts a few thousand employees tops. That's far better than impacting ALL our employees if Google has an outage. And don't get me started about the idea of not being able to do word processing just because a WAN link is down. How on earth could you run a business that way???
And it's possible to provide uptime even in the event of widespread events, such as flooding, tornadoes, etc. We have multiple datacenters, geographically dispersed. Each center has multiple Internet connections through multiple providers carefully chosen such that the lines go to different cities (i.e. one link to Chicago, one to Denver). Similarly, our power is connected to multiple grids, with the feeds coming in on opposite ends of the buildings. Critical centers have on-site generators spec'd to handle 100% load of the datacenter and requisite support stations, plus enough battery backup to allow for all systems to continue running between loss of grid feed and when the generators are spun up, not to mention on-site diesel sufficient for several days of operations and contracts to get more as needed.
Was this cheap? Not in the least. Was it worth it? Definitely. We kept our main datacenter running without interruption during a week that saw multiple weather events (i.e. tornadoes, flooding, lightning-related power loss, etc.) when every building around ours for multiple miles was without power.