We just went through this. We discussed it with our doctor (who happened to also be the head of obstetricss) his take on it was that it wasn't worth the investment, given the small set of conditions it would help with.
We instead donated our daughter's cord blood to the local Children's hospital, where they will extract the stem cells for research purposes and if her blood matches anyone who currently needs it, it will go to them. Seemed more civic minded then putting the blood into a bank and placing a "reserved" sign on it.
I'm glad you got lucky on the genetic lottery. and hope you continue to do so. My wife was born with a hole in her heart. Her parents declared bankruptcy because of it. Despite having military health care.
She married a Canadian, had a high risk pregnancy (because of her congenital heart defect) and developed preeclamcia (because she critical failed on that particular toss the medical dice).
Mom and baby are fine, and we're out of pocket 300$ for the private room we opted for.
I wish you a problem free and safe delivery, but if you do have one, have a thought for those who are not so lucky, for it could have been you.
My US born wife lives with me in Canada. When she was living down in the states, she was a retail worker who made retail worker wages. Her health insurance through her employer cost her 500$/month.
Making some reasonable assumptions for hourly salary and assuming she was working a full 40 hrs (she usually didn't), that means she was paying 28% of her salary for health care.
Put another way, in Canada with the same income, she'd be paying 25% for her whole income tax load. Therefore her health insurance ALONE was costing her more then her entire income tax burden in Canada. (I made the assumption she was living in an expensive province, with the highest provincial tax rate, her taxes would be lower in most other provinces).
We just had our first daughter. The entire out of pocket cost was 300$, because we upgraded to a private room. My wife was pre-eclamptic, which meant they needed to induce. We spent 4 days in Labour and Delivery due to complications, with 24 hr specialist nursing care (they sat in our room most of the time, and were 15 seconds away when they weren't).
After 4 days of complications the doctors recommended a C-section (our choice to do it or not), we accepted their recommendation and my wife was C-sectioned. Our daughter had a touch of Jaundice, so they wheeled a light unit into our room and we spent another 4 days in the hospital.
My wife is of the opinion that even with good medical coverage in the states (like the package that I was offered when I looked for work down there), we'd be out of pocket probably 10K in co-pays for the whole experience (we were high risk, so there were about 10 ultrasounds, 4 cardiac exams, etc). Let me repeat that number again: 300$ out of pocket, and it would have been 0 if we hadn't decided on a private room for the last part of our stay (Labour and Delivery was private anyways, so those days don't count).
Now in my particular case, most years, yes, I probably am a net contributor to the medical system, given my salary. I'm OK with that, knowing that someone else who goes through what we went through will have the same care I and my wife did. Being proud of my country counts for something, and I'll pay for that feeling.
Actually my wife and I discussed this too the other night. I consider what you said in your last paragraph to be patriotic by my definition of the word. My wife probably wouldn't have when she first said what she said about Canadians, but would now.
To me being patriotic does not mean "My country can do no wrong", I accept with full recognition the mistakes of the past, and I have some understanding and belief of what we're doing wrong in the present.
Blind patriotism to me is the stepping stone to fascism, and that is not my type of patriotism. I think the word has been largely given a bad rap because of the use south of the 49th to justify massive civil liberty abuses (see my previous remark about it being a stepping stone). On the other hand I do feel a sense of pride in what Canada has accomplished and feel good to be able to include myself in the group of people called Canadians.
Might that change in the future? Of course. You can stop being proud of something, if circumstances change. Only a fool hangs around the Titanic when its sinking. My wife considers herself to be a patriotic American, but not an unquestioningly so one. She hopped off the sinking ship. When we were living in a 3rd country, and considering weather to go back to Canada or the US, she looked at what was happening in the US and said we were moving to Canada.
Few other nations (perhaps Canada)can credibly claim this
It's interesting. My wife, (born in the US, lived there till her late 20s when we married, we now have a daughter who is a dual cit) when she was dating me commented on the differences between the US and Canada said that she thought that Canadians were less patriotic then the Americans. I responded that we have a different type of patriotism, more quiet, and we don't feel the need to rub it in other people's faces.
She now lives here and is considering getting her Canadian citizenship. The other day I raised the question again, and she commented that she totally agreed, Canadians weren't any less patriotic then Americans, we just show it differently and that's not a bad thing. I always find it interesting to discuss politics with her, as she has a unique viewpoint from having one foot in each side of the pond. I'm glad my daughter will have the opportunity to have her foot in both sides of the pond too, it can only serve to broaden her views.
Yep, the 'testing' goes from softballs (let's face it, whats the diff between a router and a switch is a very softball question for a network person) and goes up, and I cut it off when I find the person's level.
But one of my real decision questions actually comes much later, when the "interview" is over and I talk about how I got into computers and invite the candidate to share. I want people with passion, not people looking for lots of dollar signs.
I'm an IT Manager, and have been for a few years now. I test for three reasons:
1) the obvious: There are some people out there much better at creative writing then IT. Great resumes, good talk in the interview, but epic fail when you ask them "What's the difference between a router and a switch?". Finding this out now is important.
2) Sometimes the answers provide illumination into the candidate's troubleshooting and thought processes. For example, asking how you would rate limit two routers connected together has a few different solutions. Which one they pick is interesting. Do they go with the easy (but CPU intensive) solution of QoS, or do they dig deeper and ask if a serial connection with a fixed clock speed would be workable.
3) If they get flustered by my asking them to prove themselves, they're gonna be up the creek when the another manager challenges them on something. You're always needing to prove yourself, and if you don't have the confidence and poise to defend yourself to me, how are you going to do it to your peers and non-line managers?
In a previous company I worked for, based in Canada, an auditor noticed that we were using an offsite backup system based out of the US (a big one, you'd know it if I typed, it but since none of this is their fault, they'll remain anonymous) and informed us that we may be violating Canadian law in sending our traffic into the US given the Patriot act and similar moves by US lawmakers.
So we took our (fairly lucrative) offsite backup contract and rolled our own solution based at a Canadian data center.
The transition sucked, and we probably wouldn't have bothered if the auditor bring it up, but the end result was that a few dollars got removed from the US GDP and added to the Canadian one. Now that's one case, there are undoubtedly more. I would not at this point recommend to an employer that we should make use of any service that requires our data to land in the US.
What does this mean? Most 'Cloud' services that are US based will be given a pass. Even if they have Canadian storage facilities, the keys are still owned by a US firm and subject to the Patriot act.
Agreed, this is the web-of-trust method, and is analogous to what PGP uses. The problem of course is finding a web of people who are worthy of trust, whose identity is known by you and with whom you have a secure communications mechanism that Dr Evil cannot subvert. This is the same problem that has plagued widespread use of PGP. CAs provide a method of dealing with the introduction issue, since, it is unlikely that my mother has a disperse enough group of technically qualified friends to make the determination that her bank is not compromised:). (no slight against my mom, she's got a technical clue, but her peer group...:))
I'm going to assume that there is a sizable minority here who doesn't actually understand what is going on with SSL certificates and why they are important. So here goes:
Assume you're trying to access your online bank, and that Dr Evil is your ISP's systems admin (or anyone else who can get between you and your bank).
In the normal course of things, your web browser makes an SSL connection to your bank, validates the certificate is signed by one of the certificate authorities that your browser trusts and you're good to go.
The certificate authority check is there to prevent Dr. Evil from setting up a server in between you and your bank. In that scenario, you would connect to Dr Evil, get his key, encrypt your username and password using his key. Dr Evil then decodes the user/password and sends it onto the bank in another connection. Then he bridges the two connections, walks off with your password and you're none the wiser.
Because of SSL certificates, if Dr Evil did try it, you'd get the nasty certificate warning, and hopefully not give Dr Evil your banking passwords.
Actually, looks like/. code epic failed. He clicked the "withhold my name" button on the submission but it didn't withhold his name from the firehose section.
[i]The answers to these questions depend on your threat model.[/i]
Sounds like this is the parents point exactly (and one I agree with). Depending on your circumstances, risks and the value of the data being protected, it may be that a reasonable analysis indicates that the admins of the computer at work are trusted enough with the information being protected (it might after all be a set of work related docs that the user is securing to and from his home office, in which case the admin of his work system already has access and is therefore not a risk.)
It seems like it would be best if there was an option here for people who are primarily protecting against losing their keyfob and not against the systems admin.
Yep, I was one at one point. Seconded from my day job to assist the feds in an investigation because they didn't have any local resources. This was back in 97 when resources were a bit more scarce tho.
One market segment that will probably jump on this. Governments. Many governments are required by law to archive all important documents. I worked for the archive division of a comparably small regional (state equiv) govt in Canada, and the measures and expense they went through to ensure that the data was still readable, even when it started off on 8" floppies was impressive.
When the law says you MUST preserve data, 18k is not a lot of money to toss at the project. Heck a core router runs you 70k to get into the game. 18K is lunch money.
You might try posting here: www.tsa.gov/blog/ - at least from appearances it's monitored by TSA ppl with "get stuff done" authority. Worth a shot anyways.
I moved when my VPN sessions started getting hacked up because of that stupid Roger's "if we can't see the traffic, we'll throttle it just in case it might be p2p" move. I'm now at Teksavvy, which means I'm impacted by this too. No winning for me!
It's the same problem as there is any IT security problem. Protectors need to be perfect every time, attackers need to be lucky/good (in that the protector missed something) once. Add to this basic fact the matter that there is an inherent architectural problem in content protection (you gotta give the attacker what they need or users can't see the media) and the fact that the usual relentless march of technology favors the attacker (more CPU power = easier key breaking, additional CPU power doesn't benefit the defenders) and I'm glad I'm not in the digital chastity belt biz, AKA content protection.
Yes, but since the customers of these companies tend towards the type of customers who do pay for SLAs (ISPs, companies rather then home users) I think the point is valid. Personally I've never used either of them as a provider, so I don't know how their SLAs are written, and they probably don't provide any assurances beyond their boundary, but I think an argument could be made that since the problem is demonstrably an issue within their control (a contract dispute) that the SLA should hold.
Hrm, last time I checked, my phone company was unable to open a tunnel from the internal side of my corporate firewall back to them. Since the script allows them to execute *any* command and most people put their PBX inside their most secure corporate network segment, this would prove to be an issue. Leaving beside for the moment the issues of DNS poisoning, and someone hijacking the script.
Whats wrong from a technical POV is that the code does the following:
Connects to the servers at home and DOWNLOADS a list of commands to execute as root.
From the comments on the file:
# This file is design to be executed regularly by an external controller such as cron. # It retrieves a list of commands to be executed from the specified URI and executes them, saving the output # and returning it to the webserver as an encrypted string.
So a quick and dirty analysis shows the following:
If someone poisons your DNS cache at any point they now own your phone system. Ouch. Since peoples phone servers tend to be on the inside of their network the attacks are pretty obvious to imagine. 1) Poison DNS cache to change $COMMANDURI to http://evylhackerz.org/illgetyoumypretty.sh 2) Use the script to open a tunnel from the internal network of $YOURCLIENT to evylhackerz.org 3) Profit.
The ethical implications of installing an unannounced script that executes any command you want is pretty obvious. Feel free to google Sony rootkit for examples:)
Slashdot Mirror
We just went through this. We discussed it with our doctor (who happened to also be the head of obstetricss) his take on it was that it wasn't worth the investment, given the small set of conditions it would help with.
We instead donated our daughter's cord blood to the local Children's hospital, where they will extract the stem cells for research purposes and if her blood matches anyone who currently needs it, it will go to them. Seemed more civic minded then putting the blood into a bank and placing a "reserved" sign on it.
Min
I'm glad you got lucky on the genetic lottery. and hope you continue to do so. My wife was born with a hole in her heart. Her parents declared bankruptcy because of it. Despite having military health care.
She married a Canadian, had a high risk pregnancy (because of her congenital heart defect) and developed preeclamcia (because she critical failed on that particular toss the medical dice).
Mom and baby are fine, and we're out of pocket 300$ for the private room we opted for.
I wish you a problem free and safe delivery, but if you do have one, have a thought for those who are not so lucky, for it could have been you.
Min
My US born wife lives with me in Canada. When she was living down in the states, she was a retail worker who made retail worker wages. Her health insurance through her employer cost her 500$/month.
Making some reasonable assumptions for hourly salary and assuming she was working a full 40 hrs (she usually didn't), that means she was paying 28% of her salary for health care.
Put another way, in Canada with the same income, she'd be paying 25% for her whole income tax load. Therefore her health insurance ALONE was costing her more then her entire income tax burden in Canada. (I made the assumption she was living in an expensive province, with the highest provincial tax rate, her taxes would be lower in most other provinces).
We just had our first daughter. The entire out of pocket cost was 300$, because we upgraded to a private room. My wife was pre-eclamptic, which meant they needed to induce. We spent 4 days in Labour and Delivery due to complications, with 24 hr specialist nursing care (they sat in our room most of the time, and were 15 seconds away when they weren't).
After 4 days of complications the doctors recommended a C-section (our choice to do it or not), we accepted their recommendation and my wife was C-sectioned. Our daughter had a touch of Jaundice, so they wheeled a light unit into our room and we spent another 4 days in the hospital.
My wife is of the opinion that even with good medical coverage in the states (like the package that I was offered when I looked for work down there), we'd be out of pocket probably 10K in co-pays for the whole experience (we were high risk, so there were about 10 ultrasounds, 4 cardiac exams, etc). Let me repeat that number again: 300$ out of pocket, and it would have been 0 if we hadn't decided on a private room for the last part of our stay (Labour and Delivery was private anyways, so those days don't count).
Now in my particular case, most years, yes, I probably am a net contributor to the medical system, given my salary. I'm OK with that, knowing that someone else who goes through what we went through will have the same care I and my wife did. Being proud of my country counts for something, and I'll pay for that feeling.
Min
Actually my wife and I discussed this too the other night. I consider what you said in your last paragraph to be patriotic by my definition of the word. My wife probably wouldn't have when she first said what she said about Canadians, but would now.
To me being patriotic does not mean "My country can do no wrong", I accept with full recognition the mistakes of the past, and I have some understanding and belief of what we're doing wrong in the present.
Blind patriotism to me is the stepping stone to fascism, and that is not my type of patriotism. I think the word has been largely given a bad rap because of the use south of the 49th to justify massive civil liberty abuses (see my previous remark about it being a stepping stone). On the other hand I do feel a sense of pride in what Canada has accomplished and feel good to be able to include myself in the group of people called Canadians.
Might that change in the future? Of course. You can stop being proud of something, if circumstances change. Only a fool hangs around the Titanic when its sinking. My wife considers herself to be a patriotic American, but not an unquestioningly so one. She hopped off the sinking ship. When we were living in a 3rd country, and considering weather to go back to Canada or the US, she looked at what was happening in the US and said we were moving to Canada.
Min
Few other nations (perhaps Canada)can credibly claim this
It's interesting. My wife, (born in the US, lived there till her late 20s when we married, we now have a daughter who is a dual cit) when she was dating me commented on the differences between the US and Canada said that she thought that Canadians were less patriotic then the Americans. I responded that we have a different type of patriotism, more quiet, and we don't feel the need to rub it in other people's faces.
She now lives here and is considering getting her Canadian citizenship. The other day I raised the question again, and she commented that she totally agreed, Canadians weren't any less patriotic then Americans, we just show it differently and that's not a bad thing. I always find it interesting to discuss politics with her, as she has a unique viewpoint from having one foot in each side of the pond. I'm glad my daughter will have the opportunity to have her foot in both sides of the pond too, it can only serve to broaden her views.
Min
Yep, the 'testing' goes from softballs (let's face it, whats the diff between a router and a switch is a very softball question for a network person) and goes up, and I cut it off when I find the person's level.
But one of my real decision questions actually comes much later, when the "interview" is over and I talk about how I got into computers and invite the candidate to share. I want people with passion, not people looking for lots of dollar signs.
Min
I'm an IT Manager, and have been for a few years now. I test for three reasons:
1) the obvious: There are some people out there much better at creative writing then IT. Great resumes, good talk in the interview, but epic fail when you ask them "What's the difference between a router and a switch?". Finding this out now is important.
2) Sometimes the answers provide illumination into the candidate's troubleshooting and thought processes. For example, asking how you would rate limit two routers connected together has a few different solutions. Which one they pick is interesting. Do they go with the easy (but CPU intensive) solution of QoS, or do they dig deeper and ask if a serial connection with a fixed clock speed would be workable.
3) If they get flustered by my asking them to prove themselves, they're gonna be up the creek when the another manager challenges them on something. You're always needing to prove yourself, and if you don't have the confidence and poise to defend yourself to me, how are you going to do it to your peers and non-line managers?
Min
Here's an example of why it's bad for the US:
In a previous company I worked for, based in Canada, an auditor noticed that we were using an offsite backup system based out of the US (a big one, you'd know it if I typed, it but since none of this is their fault, they'll remain anonymous) and informed us that we may be violating Canadian law in sending our traffic into the US given the Patriot act and similar moves by US lawmakers.
So we took our (fairly lucrative) offsite backup contract and rolled our own solution based at a Canadian data center.
The transition sucked, and we probably wouldn't have bothered if the auditor bring it up, but the end result was that a few dollars got removed from the US GDP and added to the Canadian one. Now that's one case, there are undoubtedly more. I would not at this point recommend to an employer that we should make use of any service that requires our data to land in the US.
What does this mean? Most 'Cloud' services that are US based will be given a pass. Even if they have Canadian storage facilities, the keys are still owned by a US firm and subject to the Patriot act.
Min
Agreed, this is the web-of-trust method, and is analogous to what PGP uses. The problem of course is finding a web of people who are worthy of trust, whose identity is known by you and with whom you have a secure communications mechanism that Dr Evil cannot subvert. This is the same problem that has plagued widespread use of PGP. CAs provide a method of dealing with the introduction issue, since, it is unlikely that my mother has a disperse enough group of technically qualified friends to make the determination that her bank is not compromised :). (no slight against my mom, she's got a technical clue, but her peer group... :))
Min
I'm going to assume that there is a sizable minority here who doesn't actually understand what is going on with SSL certificates and why they are important. So here goes:
Assume you're trying to access your online bank, and that Dr Evil is your ISP's systems admin (or anyone else who can get between you and your bank).
In the normal course of things, your web browser makes an SSL connection to your bank, validates the certificate is signed by one of the certificate authorities that your browser trusts and you're good to go.
The certificate authority check is there to prevent Dr. Evil from setting up a server in between you and your bank. In that scenario, you would connect to Dr Evil, get his key, encrypt your username and password using his key. Dr Evil then decodes the user/password and sends it onto the bank in another connection. Then he bridges the two connections, walks off with your password and you're none the wiser.
Because of SSL certificates, if Dr Evil did try it, you'd get the nasty certificate warning, and hopefully not give Dr Evil your banking passwords.
Min
Actually, looks like /. code epic failed. He clicked the "withhold my name" button on the submission but it didn't withhold his name from the firehose section.
Min
That'd be cool. GoogleMUSH! @desc me=A grue. He is likely to eat you.;@adesc me=@emit The Grue pours water on your lantern.
[i]The answers to these questions depend on your threat model.[/i]
Sounds like this is the parents point exactly (and one I agree with). Depending on your circumstances, risks and the value of the data being protected, it may be that a reasonable analysis indicates that the admins of the computer at work are trusted enough with the information being protected (it might after all be a set of work related docs that the user is securing to and from his home office, in which case the admin of his work system already has access and is therefore not a risk.)
It seems like it would be best if there was an option here for people who are primarily protecting against losing their keyfob and not against the systems admin.
Min
Nuclear/Biological/Chemical?
No, someone got fired, before they leaked the informatX8&$NO CARRIER
underhand jihad and propaganda cd distributions
You're right! Quick, let's ban distribution of all islamic language CDs! Its the only way to fight censorship... er...
Min
Yep, I was one at one point. Seconded from my day job to assist the feds in an investigation because they didn't have any local resources. This was back in 97 when resources were a bit more scarce tho.
One market segment that will probably jump on this. Governments. Many governments are required by law to archive all important documents. I worked for the archive division of a comparably small regional (state equiv) govt in Canada, and the measures and expense they went through to ensure that the data was still readable, even when it started off on 8" floppies was impressive.
When the law says you MUST preserve data, 18k is not a lot of money to toss at the project. Heck a core router runs you 70k to get into the game. 18K is lunch money.
Min
You might try posting here: www.tsa.gov/blog/ - at least from appearances it's monitored by TSA ppl with "get stuff done" authority. Worth a shot anyways.
Min
I moved when my VPN sessions started getting hacked up because of that stupid Roger's "if we can't see the traffic, we'll throttle it just in case it might be p2p" move. I'm now at Teksavvy, which means I'm impacted by this too. No winning for me!
Min
It's the same problem as there is any IT security problem. Protectors need to be perfect every time, attackers need to be lucky/good (in that the protector missed something) once. Add to this basic fact the matter that there is an inherent architectural problem in content protection (you gotta give the attacker what they need or users can't see the media) and the fact that the usual relentless march of technology favors the attacker (more CPU power = easier key breaking, additional CPU power doesn't benefit the defenders) and I'm glad I'm not in the digital chastity belt biz, AKA content protection.
Min
Yes, but since the customers of these companies tend towards the type of customers who do pay for SLAs (ISPs, companies rather then home users) I think the point is valid. Personally I've never used either of them as a provider, so I don't know how their SLAs are written, and they probably don't provide any assurances beyond their boundary, but I think an argument could be made that since the problem is demonstrably an issue within their control (a contract dispute) that the SLA should hold.
Min
I expect that what you see on the website was carefully vetted by the various legal teams involved.
MIn
Hrm, last time I checked, my phone company was unable to open a tunnel from the internal side of my corporate firewall back to them. Since the script allows them to execute *any* command and most people put their PBX inside their most secure corporate network segment, this would prove to be an issue. Leaving beside for the moment the issues of DNS poisoning, and someone hijacking the script.
Min.
Whats wrong from a technical POV is that the code does the following:
:)
Connects to the servers at home and DOWNLOADS a list of commands to execute as root.
From the comments on the file:
# This file is design to be executed regularly by an external controller such as cron.
# It retrieves a list of commands to be executed from the specified URI and executes them, saving the output
# and returning it to the webserver as an encrypted string.
So a quick and dirty analysis shows the following:
If someone poisons your DNS cache at any point they now own your phone system. Ouch. Since peoples phone servers tend to be on the inside of their network the attacks are pretty obvious to imagine.
1) Poison DNS cache to change $COMMANDURI to http://evylhackerz.org/illgetyoumypretty.sh
2) Use the script to open a tunnel from the internal network of $YOURCLIENT to evylhackerz.org
3) Profit.
The ethical implications of installing an unannounced script that executes any command you want is pretty obvious. Feel free to google Sony rootkit for examples
Min.