It might do even better than that! You might be about to create a custom bios image; with the secure boot check deliberately broked to not actually check the boot loader is signed but still return attest that it was.
This could allow you to compromise the DRM all the way up the chain.
It takes two to tango. There was nothing stopping Saddam from shouting "wait wait stop ill cooperate, let the inspectors go where they want, and really I don't have WMDs" the moment the moment the bombs started falling and he knew we were serious. He would have had to follow thru at that point as well or face the invasion force on his door step.
He agreed to those inspections as part of the peace settlement in the gulf war; his lack of cooperation alone was grounds for invasion. Take an pbjective look at the Iraq situation for a moment and ask without the Benifet of hindsight was it really all that radical and I think the answer is no. Yes there were good arguments and know facts at the time for not doing it; but there were very good reasons to do it. If nothing else to put everyone on notice peace treaties have to be abided by or you loose the peace.
I don't think there is much to worry about. If our military flying in bomber to show off, in addition to our usual South Korea joint exercise does not do; I highly doubt abuse of their twitter account will.
Exactly - xedit, xclac, xvim, all work great over the slowest link you will find in use anywhere. The trouble is the world has moved on. I am not sure sending bit-maps ( regardless of how clever your scheme of sending just the changed parts, compress etc is ), is the right way to go but the fact is the X11 programs most people are using most of the time these days don't get the benefits of X11 server side rendering features.
Sending bit-maps be it X11 doing it, RDP, or VNC is certainly the simplest thing to do and it lets you display anything you want. Having clients send compressed postscript diffs possibly with some compositing, cursor, and clipboard extensions might be an interesting model; but how you go about dealing unpredictable motion like video playback would be real challenge.
No you don't do that. Its up to whoever feels they were wronged to sue the owners of the machines or not. Most people who get DDOSed wont do it. The time it work take to file all the discovery motions, collect the evidence and build a case would mostly be more than what they could hope to collect.
Yes the software vendors should absolutely be potentially on the hock to if you could show they made not effort to address security issues in a timely manor or knowing ignored security issues, etc.
You are trying to conflate the civil matters with the criminal ones. My argument is if your machine is used to damage mine I should be able to seek damages from you. Actually under current law I suspect I probably can. How successful would I be; probably not very. I would be happy to see some plaintiffs prevail though because I think it would do good thing for security posture everywhere and avoid draconian regulations that are coming otherwise.
Right a computer is not a car or a dog; the analogy is stretched in either case. I am not saying owners should be criminally culpable. Whoever made unauthorized use of the equipment should be. I do think they should be exposed to civil liability where their maintenance of the machine is found to be negligent.
A civil court would be free to decide for example that it appears your machine was pwnd by a zero day; and there is nothing therefore you could have 'reasonably' done so you have no responsibility for any damage it was used to inflict. OOTH your machine hasn't seen a patch in four years and your firewall is no-existent or configured so as to be nearly useless you could be responsible as you were negligent.
(here we go again another car analogy) Just like you'd be negligent if you left your car in neutral without the parking break applied and it rolled in to traffic while you were shopping. Sure we might blame the guy who gave it a push if he was known or could be found but in most cases its going to land in the owners lap.
I am not saying the analogies fit exactly or that its entirely fair but a few things are true: 1) Leaving an un-patched, unprotected box connected to the internet is a negligent (if not legally practically). 2) Something is going to be done about this issue now that banks and utilities are being DDOSed unless that stops; 3) Most of us won't like the something in 2 4) If you want individuals to take computer security seriously they will need to be either made to or to feel they are personally at risk if they don't.
I too have advocated the owners of machines should be responsible for its actions on the network. Someone does something bad from your open or weakly secured access point, you are at least liable for civil negligence claims. Someone makes your PC a botnet member and there is a ddos or spam incident, ditto.
I come down on side of end user owning the responsibility mostly because if the end users don't fix it someone like the DHS is going to fix it for them and the result will be another crony capitalism tax dollar give away, a strait jacket on everyone's freedom, and good bye to yet more privacy even for those who do choose to put effort into protecting that.
I am not sure the car analogies really work here. Not sure but I think there have heard some cases where owners of guns and cars have faced some civil liability for damages where they failed to secure them properly and they were used in crimes. So there may be some useful precedent there.
A better analogy though still stretched is to give the computer equipment some agency. Treat it like a large dog. If you have one and you leave it outside you'd better have a secure fence or some other way to keep it confined to your property. If the dog gets loose and does something unintended like bite someone you the owner have to be responsible for it.
No it certainly does not always exist in short order. It took years to jailbreak the ps3 and Xbox 360. Just because apples plan is security thru marketing does not mean you can depend on that.
My only objection is the way they prevent you doing what you want. If the box every IPad is delivered in had a top sheet saying "For the best user experience Apple recommends you only install applications of the App store" I'd have no problem.
They don't even need to make it obvious how to use other app stores or types of sources. No gui button no problem; users that want to do that can learn enough to open up a text file some place and make some edits. I am fine with that too. Hey even if they want to make a dialog pop up every time you run an unsigned app; fine.
I just think there is a bright line where you create methods actively designed to prevent people from doing things out side the nine dots. If your customers have to "jail break" your device, and you have a cat and mouse game going where you constantly try to close the latest hole they found I think you have crossed that line.
Sounds like the crap they put on motivational awful posters.
Seriously even in your example there is no reason to bar be from replacing the engine fluids. A stern warning against it (being rather unusual for the class of item) when you purchases it and some bold print in the owners manual should more than suffice.
Maybe I have a damn good reason for wanting to replace the super lube, like I think I came up with an even better super lube in the basement with my chemistry set and need to road test it. Sorry limitations are just what they are: limitations.
I see the possibilities perfectly clearly; its the destruction of personal and social mobility. The possibly offered by those limitations belongs entirely to those currently in control. Its exactly what they need to ensure they stay there forever.
More technical users see this as limiting, but non-technical users see the ability to not rely on technical people to help them as freeing.
And those people are buying into the lie the powerful have told since the start of time. Its the very same lie used by every Marxist, would be autocrat, feudal lord, etc; just in a slightly less ambitious domain restricted form. Sure if you choose to rely on someone else you are 'freed' from having to worry about certain things but you are forever bent under their rod.
Using a managed platform like IOS might 'free' from having to learn to maintain an un-managed platform yourself but you can NEVER do anything outside of what apple says you can. Meanwhile they never truly relied on the "technical people to help them" they chose to hire them or beg that help, but were never prevented from cracking a book, reading man page or help file, perhaps doing a little Googling and solving their own problems. There is a big difference between not doing the work yourself because you don't want to or don't want to learn to do it, and someone else preventing you from doing it.
Just like people who don't change their own oil. Nothing wrong with having it done for you if your time is valuable probably makes sense for many. I hope you'd have enough sense to object if you needed a special key to turn the drain plug retained by the dealer and that any attempts to defeat the lock would void your warranty and exclude you from any future deal service paid or otherwise. That is what we are talking about here. It really is very insidious.
I read that and the first thing I thought is just because its not good enough for Apple does not mean it has no value and should not be put out there.
Access to less than ideal software can be a great thing!
I have over the years run across tons of scripts, small basic programs, little C snippets in the back of magazines, than on bbs, finally on blogs etc that were just terrible. Hardly worked, did not consider not so uncommon corner cases, were in efficient etc. Still they offered a great an useful idea, and more important one I had not had. If you can get something like that a little spit and polish and you may have something really great.
Apple though would say its to buggy, has quality problems or whatever and it would never see the light of day.
Thanks for that. I do have some filters that were making the button not work. I expected the prank was just not fully fleshed out; but yes it does work.
To say nothing about why your any hardware requirement is impossible this caught me:
sits an untrained user in front of the app, and it behaves exactly as expected.
The largest software and hardware vendors have been at that since commercial computing began. They all still have to offer end user support and or build a community around the product to support users.
You talked up specs; and then want to offer the product to untrained users. Specs are great for things where the end user is another program or a person who *is* trained and knows what they wanted in the first place; can understand the specs themselves for the most part and therefor hasn't got unrealistic expectations about what the program will and won't do.
'Specs' for end user applications though don't carry that sort of weight and won't save you from the LUSERS. Access is the perfect example. I actually rather like it. There are lots of occasions where you want to trap and manipulate smallish data sets to see something while working on a problem. Given Windows usually hasn't got tools like, cut, paste, diff, comm, join, (useful version of ) sort, uniq, grep, awk, and sed installed Access makes a marginally suitable replacement.
Nobody would suggest discarding your RDBMs and just keeping ALL your data in flat text files. Microsoft never claimed Access was designed to handle the data volume and complexity to be the ERP for your Medium sized business either. Yet lots of people try or at least tried. I haven't seen that as much in recent years. Still they were shocked, shocked, I tell you when they hit the walls.
Personally identifiable facts separated from there other facts my be PI without actually being enough to identify on there own. Knowing only your birth date I can't do much but if I have your birthday and full name I can come up with a much smaller list of candidate people who might be you.
There need not be a direct connection between some datum being characterized as PI and using it as a unique and reliable identifier. That said, I don't disagree with googles position; having to treat IP addresses as PI while might be a great privacy protection, would completely impair Internet as it exists today, operationally, and commercially
I actually enjoy Slashdot taking a day of the year out to just be silly. In past years some of the jokes have been hysterical. I enjoyed the "achievements" thing. The rot13 though is just irritating. So much fun having to paste all the summaries into my terminal so I can read them; I just love obvious repetitive tasks.
Except that does hold for the most part. As the parent poster pointed out lots of restaurants, bars, etc tried to go smoke free before most states passed laws requiring. Many ended up back pedaling because it was a huge hit to patronage.
If it was all that desirable to offer not just a segregated but entirely smoke free facility it should have given them an advantage with lots of clients. People like you should have preferred those places to other eateries and clubs. Here is Cleveland I can tell you the really popular places that are always packed tend to be the ones that where they look past folks lighting up for the most part and just pay the fines when law enforcement shows up.
Frankly I think smoking bans outside a very narrow range of facilities where people who may be especial sensitive to it may also not have a choice in being there are an unethical infringement on the freedoms of the owners. K-12 Schools, Hospitals, and places where it would pose a clear and immediate hazard like gas stations and some manufacturing plats are about the only places where the sate has a legitimate interest in banning smoking.
I just can't get behind that sort of regulation. I don't see why we can't expect people to refuse to do something that they think will get them killed.
I mean really so what if you loose your job. Not like having money to eat will do you much good if you are a corpse.
Good post. Which is why when you government trying to regulate naked shorting you know that is regulation being bought and paid for by the folks at the top to help keep them there. Shorts are good thing. The real tragedy is that when our banks were nearly shorted into the ground a few years back now; we let the pols interfere.
That sad thing is you really think that crap is true. Most people are not as dumb as you think. The vast majority of libertarian / tea party type folks I know; don't expect to ever be billionaires. Most of us just want to be able to claim a few acres of own and be left alone. Which we probably could do if "teh liburls" would not try to tax us for breathing.
But you'd need a lot of power. Somethin' like a government body. And that'd be socialism (cue dramatic music).
You are right! With government and socialism we can replace the sometimes abusive aristocracy that usually is smart enough not to strangle their golden goose (us) even if we are caged. If history is any indication of things though. We can exchange that for an even smaller number of pols who will be even more abusive with less common sense and be even more painful to eventually oust.
CEOs at big companies often have very short tenures; and no even abject failures are not necessarily career enders. It really comes down to investor perceptions. If the company is/was a mess to start with or the objective (I'll get to that) is thought to have not made any sense; they usually go on to other things without much trouble. Yes the existing board and management always blame the departing CEO for their ills if things are not great because lets face it, if you have to assign blame who better than they guy/gal who isn't there anymore? This works well because blaming the CEO (even if completely undeserved) is credible enough to protect the company and its board from share holder legal actions or votes that might require other board-members or management to be removed.
Often CEO's will be moving on to "pursue other interests", "spend time with families", etc almost regardless of success or failure and almost always with a giant cash payout. Sure companies that are experiencing really good time might bring in a care taker CEO that hangs on longer; and sometimes you have founding father type CEO (Jobs for example), but most are brought in to effect some thing, they have demonstrated they can do in the past. Maybe its move the target demographic for the product, major re-branding, off shoring efforts; but something along those lines. They can either do it or they can't. At the end of the 18-24 months its time for them to go; even if they are successful as being good at getting one of those projects that sucks up an entire corporations' focus and doing day to day well after the dust settles are different skills and its rare one guy has both.
I was responding to the idea that Kim might somehow be compelled to keep his position in order to protect his life of privilege. I don't think it's true, I think if all he wanted was to be an international playboy there are those who might help him. Wether or not command #1 hischosen successor, is able to fend off #2-n or not is really nothing to Kim who has his suit case full of money is 1000s of miles away.
In my hypothetical #1 helps Kim leave with some cash in exchange for the political advantage Kim naming him the legitimate new leader will offer. Kim getting away could happen any number of ways. My point is Kim is where he is because he wants to be leader of the DPRK; and that is true wether or not he is an absolute autocrat or mostly a puppet of some cabal. I mearly suggest he could probably find away to leave and do so as a wealthy man if he were so incline.
It all depends are what you are willing to do. Because of its proximity to other nations a neutron bomb as someone suggest is probably no go; but if you don't care how many civilians you kill or maim the area is not so large you could not just carpet bomb the whole thing; from high altitude likely out of effective reach of the Anti Aircraft equipment. Anyone know what the DPRK has in terms of old Soviet arms and or newer Chinese built stuff that could hit a B-52?
Slashdot Mirror
It might do even better than that! You might be about to create a custom bios image; with the secure boot check deliberately broked to not actually check the boot loader is signed but still return attest that it was.
This could allow you to compromise the DRM all the way up the chain.
It takes two to tango. There was nothing stopping Saddam from shouting "wait wait stop ill cooperate, let the inspectors go where they want, and really I don't have WMDs" the moment the moment the bombs started falling and he knew we were serious. He would have had to follow thru at that point as well or face the invasion force on his door step.
He agreed to those inspections as part of the peace settlement in the gulf war; his lack of cooperation alone was grounds for invasion. Take an pbjective look at the Iraq situation for a moment and ask without the Benifet of hindsight was it really all that radical and I think the answer is no. Yes there were good arguments and know facts at the time for not doing it; but there were very good reasons to do it. If nothing else to put everyone on notice peace treaties have to be abided by or you loose the peace.
I don't think there is much to worry about. If our military flying in bomber to show off, in addition to our usual South Korea joint exercise does not do; I highly doubt abuse of their twitter account will.
grief the griefers is at least a proportional response.
Exactly - xedit, xclac, xvim, all work great over the slowest link you will find in use anywhere. The trouble is the world has moved on. I am not sure sending bit-maps ( regardless of how clever your scheme of sending just the changed parts, compress etc is ), is the right way to go but the fact is the X11 programs most people are using most of the time these days don't get the benefits of X11 server side rendering features.
Sending bit-maps be it X11 doing it, RDP, or VNC is certainly the simplest thing to do and it lets you display anything you want. Having clients send compressed postscript diffs possibly with some compositing, cursor, and clipboard extensions might be an interesting model; but how you go about dealing unpredictable motion like video playback would be real challenge.
No you don't do that. Its up to whoever feels they were wronged to sue the owners of the machines or not. Most people who get DDOSed wont do it. The time it work take to file all the discovery motions, collect the evidence and build a case would mostly be more than what they could hope to collect.
Yes the software vendors should absolutely be potentially on the hock to if you could show they made not effort to address security issues in a timely manor or knowing ignored security issues, etc.
You are trying to conflate the civil matters with the criminal ones. My argument is if your machine is used to damage mine I should be able to seek damages from you. Actually under current law I suspect I probably can. How successful would I be; probably not very. I would be happy to see some plaintiffs prevail though because I think it would do good thing for security posture everywhere and avoid draconian regulations that are coming otherwise.
Right a computer is not a car or a dog; the analogy is stretched in either case. I am not saying owners should be criminally culpable. Whoever made unauthorized use of the equipment should be. I do think they should be exposed to civil liability where their maintenance of the machine is found to be negligent.
A civil court would be free to decide for example that it appears your machine was pwnd by a zero day; and there is nothing therefore you could have 'reasonably' done so you have no responsibility for any damage it was used to inflict. OOTH your machine hasn't seen a patch in four years and your firewall is no-existent or configured so as to be nearly useless you could be responsible as you were negligent.
(here we go again another car analogy) Just like you'd be negligent if you left your car in neutral without the parking break applied and it rolled in to traffic while you were shopping. Sure we might blame the guy who gave it a push if he was known or could be found but in most cases its going to land in the owners lap.
I am not saying the analogies fit exactly or that its entirely fair but a few things are true:
1) Leaving an un-patched, unprotected box connected to the internet is a negligent (if not legally practically).
2) Something is going to be done about this issue now that banks and utilities are being DDOSed unless that stops;
3) Most of us won't like the something in 2
4) If you want individuals to take computer security seriously they will need to be either made to or to feel they are personally at risk if they don't.
I too have advocated the owners of machines should be responsible for its actions on the network. Someone does something bad from your open or weakly secured access point, you are at least liable for civil negligence claims. Someone makes your PC a botnet member and there is a ddos or spam incident, ditto.
I come down on side of end user owning the responsibility mostly because if the end users don't fix it someone like the DHS is going to fix it for them and the result will be another crony capitalism tax dollar give away, a strait jacket on everyone's freedom, and good bye to yet more privacy even for those who do choose to put effort into protecting that.
I am not sure the car analogies really work here. Not sure but I think there have heard some cases where owners of guns and cars have faced some civil liability for damages where they failed to secure them properly and they were used in crimes. So there may be some useful precedent there.
A better analogy though still stretched is to give the computer equipment some agency. Treat it like a large dog. If you have one and you leave it outside you'd better have a secure fence or some other way to keep it confined to your property. If the dog gets loose and does something unintended like bite someone you the owner have to be responsible for it.
No it certainly does not always exist in short order. It took years to jailbreak the ps3 and Xbox 360. Just because apples plan is security thru marketing does not mean you can depend on that.
My only objection is the way they prevent you doing what you want. If the box every IPad is delivered in had a top sheet saying "For the best user experience Apple recommends you only install applications of the App store" I'd have no problem.
They don't even need to make it obvious how to use other app stores or types of sources. No gui button no problem; users that want to do that can learn enough to open up a text file some place and make some edits. I am fine with that too. Hey even if they want to make a dialog pop up every time you run an unsigned app; fine.
I just think there is a bright line where you create methods actively designed to prevent people from doing things out side the nine dots. If your customers have to "jail break" your device, and you have a cat and mouse game going where you constantly try to close the latest hole they found I think you have crossed that line.
see possibilities opened up by limitations
Sounds like the crap they put on motivational awful posters.
Seriously even in your example there is no reason to bar be from replacing the engine fluids. A stern warning against it (being rather unusual for the class of item) when you purchases it and some bold print in the owners manual should more than suffice.
Maybe I have a damn good reason for wanting to replace the super lube, like I think I came up with an even better super lube in the basement with my chemistry set and need to road test it. Sorry limitations are just what they are: limitations.
I see the possibilities perfectly clearly; its the destruction of personal and social mobility. The possibly offered by those limitations belongs entirely to those currently in control. Its exactly what they need to ensure they stay there forever.
More technical users see this as limiting, but non-technical users see the ability to not rely on technical people to help them as freeing.
And those people are buying into the lie the powerful have told since the start of time. Its the very same lie used by every Marxist, would be autocrat, feudal lord, etc; just in a slightly less ambitious domain restricted form. Sure if you choose to rely on someone else you are 'freed' from having to worry about certain things but you are forever bent under their rod.
Using a managed platform like IOS might 'free' from having to learn to maintain an un-managed platform yourself but you can NEVER do anything outside of what apple says you can. Meanwhile they never truly relied on the "technical people to help them" they chose to hire them or beg that help, but were never prevented from cracking a book, reading man page or help file, perhaps doing a little Googling and solving their own problems. There is a big difference between not doing the work yourself because you don't want to or don't want to learn to do it, and someone else preventing you from doing it.
Just like people who don't change their own oil. Nothing wrong with having it done for you if your time is valuable probably makes sense for many. I hope you'd have enough sense to object if you needed a special key to turn the drain plug retained by the dealer and that any attempts to defeat the lock would void your warranty and exclude you from any future deal service paid or otherwise. That is what we are talking about here. It really is very insidious.
I read that and the first thing I thought is just because its not good enough for Apple does not mean it has no value and should not be put out there.
Access to less than ideal software can be a great thing!
I have over the years run across tons of scripts, small basic programs, little C snippets in the back of magazines, than on bbs, finally on blogs etc that were just terrible. Hardly worked, did not consider not so uncommon corner cases, were in efficient etc. Still they offered a great an useful idea, and more important one I had not had. If you can get something like that a little spit and polish and you may have something really great.
Apple though would say its to buggy, has quality problems or whatever and it would never see the light of day.
Thanks for that. I do have some filters that were making the button not work. I expected the prank was just not fully fleshed out; but yes it does work.
Contests that are impossible are not much fun.
To say nothing about why your any hardware requirement is impossible this caught me:
sits an untrained user in front of the app, and it behaves exactly as expected.
The largest software and hardware vendors have been at that since commercial computing began. They all still have to offer end user support and or build a community around the product to support users.
You talked up specs; and then want to offer the product to untrained users. Specs are great for things where the end user is another program or a person who *is* trained and knows what they wanted in the first place; can understand the specs themselves for the most part and therefor hasn't got unrealistic expectations about what the program will and won't do.
'Specs' for end user applications though don't carry that sort of weight and won't save you from the LUSERS. Access is the perfect example. I actually rather like it. There are lots of occasions where you want to trap and manipulate smallish data sets to see something while working on a problem. Given Windows usually hasn't got tools like, cut, paste, diff, comm, join, (useful version of ) sort, uniq, grep, awk, and sed installed Access makes a marginally suitable replacement.
Nobody would suggest discarding your RDBMs and just keeping ALL your data in flat text files. Microsoft never claimed Access was designed to handle the data volume and complexity to be the ERP for your Medium sized business either. Yet lots of people try or at least tried. I haven't seen that as much in recent years. Still they were shocked, shocked, I tell you when they hit the walls.
Personally identifiable facts separated from there other facts my be PI without actually being enough to identify on there own. Knowing only your birth date I can't do much but if I have your birthday and full name I can come up with a much smaller list of candidate people who might be you.
There need not be a direct connection between some datum being characterized as PI and using it as a unique and reliable identifier. That said, I don't disagree with googles position; having to treat IP addresses as PI while might be a great privacy protection, would completely impair Internet as it exists today, operationally, and commercially
I actually enjoy Slashdot taking a day of the year out to just be silly. In past years some of the jokes have been hysterical. I enjoyed the "achievements" thing. The rot13 though is just irritating. So much fun having to paste all the summaries into my terminal so I can read them; I just love obvious repetitive tasks.
Except that does hold for the most part. As the parent poster pointed out lots of restaurants, bars, etc tried to go smoke free before most states passed laws requiring. Many ended up back pedaling because it was a huge hit to patronage.
If it was all that desirable to offer not just a segregated but entirely smoke free facility it should have given them an advantage with lots of clients. People like you should have preferred those places to other eateries and clubs. Here is Cleveland I can tell you the really popular places that are always packed tend to be the ones that where they look past folks lighting up for the most part and just pay the fines when law enforcement shows up.
Frankly I think smoking bans outside a very narrow range of facilities where people who may be especial sensitive to it may also not have a choice in being there are an unethical infringement on the freedoms of the owners. K-12 Schools, Hospitals, and places where it would pose a clear and immediate hazard like gas stations and some manufacturing plats are about the only places where the sate has a legitimate interest in banning smoking.
For the record; I am a non-smoker.
I just can't get behind that sort of regulation. I don't see why we can't expect people to refuse to do something that they think will get them killed.
I mean really so what if you loose your job. Not like having money to eat will do you much good if you are a corpse.
Good post. Which is why when you government trying to regulate naked shorting you know that is regulation being bought and paid for by the folks at the top to help keep them there. Shorts are good thing. The real tragedy is that when our banks were nearly shorted into the ground a few years back now; we let the pols interfere.
That sad thing is you really think that crap is true. Most people are not as dumb as you think. The vast majority of libertarian / tea party type folks I know; don't expect to ever be billionaires. Most of us just want to be able to claim a few acres of own and be left alone. Which we probably could do if "teh liburls" would not try to tax us for breathing.
But you'd need a lot of power. Somethin' like a government body. And that'd be socialism (cue dramatic music).
You are right! With government and socialism we can replace the sometimes abusive aristocracy that usually is smart enough not to strangle their golden goose (us) even if we are caged. If history is any indication of things though. We can exchange that for an even smaller number of pols who will be even more abusive with less common sense and be even more painful to eventually oust.
I'll stick with the status quo, k thanks bye.
The reason is blame taking is the CEO's real job.
CEOs at big companies often have very short tenures; and no even abject failures are not necessarily career enders. It really comes down to investor perceptions. If the company is/was a mess to start with or the objective (I'll get to that) is thought to have not made any sense; they usually go on to other things without much trouble. Yes the existing board and management always blame the departing CEO for their ills if things are not great because lets face it, if you have to assign blame who better than they guy/gal who isn't there anymore? This works well because blaming the CEO (even if completely undeserved) is credible enough to protect the company and its board from share holder legal actions or votes that might require other board-members or management to be removed.
Often CEO's will be moving on to "pursue other interests", "spend time with families", etc almost regardless of success or failure and almost always with a giant cash payout. Sure companies that are experiencing really good time might bring in a care taker CEO that hangs on longer; and sometimes you have founding father type CEO (Jobs for example), but most are brought in to effect some thing, they have demonstrated they can do in the past. Maybe its move the target demographic for the product, major re-branding, off shoring efforts; but something along those lines. They can either do it or they can't. At the end of the 18-24 months its time for them to go; even if they are successful as being good at getting one of those projects that sucks up an entire corporations' focus and doing day to day well after the dust settles are different skills and its rare one guy has both.
I was responding to the idea that Kim might somehow be compelled to keep his position in order to protect his life of privilege. I don't think it's true, I think if all he wanted was to be an international playboy there are those who might help him. Wether or not command #1 hischosen successor, is able to fend off #2-n or not is really nothing to Kim who has his suit case full of money is 1000s of miles away.
In my hypothetical #1 helps Kim leave with some cash in exchange for the political advantage Kim naming him the legitimate new leader will offer. Kim getting away could happen any number of ways. My point is Kim is where he is because he wants to be leader of the DPRK; and that is true wether or not he is an absolute autocrat or mostly a puppet of some cabal. I mearly suggest he could probably find away to leave and do so as a wealthy man if he were so incline.
It all depends are what you are willing to do. Because of its proximity to other nations a neutron bomb as someone suggest is probably no go; but if you don't care how many civilians you kill or maim the area is not so large you could not just carpet bomb the whole thing; from high altitude likely out of effective reach of the Anti Aircraft equipment. Anyone know what the DPRK has in terms of old Soviet arms and or newer Chinese built stuff that could hit a B-52?