That's interesting, so the kid who can only communicate through a sip & puff connected to a laptop is better off without a laptop in the classroom? Oh that's an exception? What about the kid with a processing speed deficit who performs their work 3 times faster on a laptop? Another exception? What about a well run classroom where the teachers is supervising what the children are doing, the same way as my teachers called me out when I was doodling at my desk instead of getting my work done?
Like most things involving humans, sweeping conclusionary statements about the educational process are myopic and ill advised, because educational methods should be shaped to the PEOPLE involved. What works for one teacher/student/class will not work for another teacher/student/class combination. That's why teachers are professionals, the same way as IT professionals are, they shape their approach to the situation at hand. (and before someone makes a disparaging remark about teachers, allow me to point out we all know IT people who should be in another profession too)
if we could have a conversation about what the rules should be for once
But that conversation is hard. It's easier to throw rocks at a straw-man (did anyone seriously think Facebook is a paragon of getting this right that we should hold them up as a measuring stick and find all hat/discrimination rules useless?)
I'm sure RSA trained their employees not to do "stupid things like this" too,
To be fair, the RSA attack had less to do with a user making a dumb mistake and more a case of poor architectural choices (critical data on the same network as a low-level user, insufficient network segmentation, and honestly, there should have been an airgap between the RSA key secrets and the HR person whose system was compromised, or the admin user's workstation that the attack escalated too.
All that having been said, it was a VERY sophisticated attack by a well funded actor, and likely would have occurred in spite of countermeasures eventually (at the end of the day, if you're a well funded state actor, 'kinetic' (to use the favored euphemism) options are available when the cyber options prove ineffectual.
If you're interested this account is, as I understand it from other sources, fairly accurate:
Or better - install a VPN server at home and send everything on your phone out through it. Now you can connect to anything you want, it'll either be secure or won't work (captive portal won't be visible while you're on a VPN).
And maybe that works fine for you, it does my mother. Nothing wrong with using a solution that meets your needs and satisfies your risk tolerance. Companies make exactly that sort of trade-off all the time. The issue comes when they're not honest about one of those two variables.
We could define "secure as reasonably possible" as "occupying a value in a coordinate plane with one axis containing ease of use, and the other being risk (comprising an overall scoring for confidentiality, availability & integrity (in a data non-alteration sense, not a moral sense)) so as to minimize the risk axis while keeping the ease of use axis below a value that 75% of people would find acceptable".
VR Systems, a Florida-based election systems provider referenced in the material, said in a statement:
"When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all our customers and advised them not to click on the attachment. We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result."
Now we can argue on if it impacted the results of the election. I don't think anyone knows the answer to that question, but it now appears the question of if there was an attempt by someone to infiltrate the electoral system is pretty solidly answered.
Attribution is a trickier problem, but I'll buy that the NSA has pretty good resources at its fingers for that, and they seem pretty conclusive in the documents provided by the Intercept.
It'll be interesting to see how this comes out, but I'm now convinced that a crime occurred, since VR Systems has confirmed such and any vested interest they have in the matter would be to deny rather then confirm, as it'll undoubtedly damage them commercially going forward.
I'm going to assume he's talking about spoofing, or the technique of inserting a packet stream into the internet and making it appear like it's come from somewhere else.
This is in fact easily done if what you're attempting to do is DDOS a system. Doing it in such a way as to hack a system is NOT childsplay.
Here's one problem. You're typically (in the childs play scenario. State actor level games are NOT child's play) transmitting in the blind. TCP requires a three-way handshake. Assuming no one involved in the internet today is dumb enough to allow source routing packets, and that everyone is using decent random number generators for their sequence numbers, you can't see the SYN/ACK response from the host (since that'll have gone to the IP you're impersonating)
Add in ANY type of cryptography and you're totally hosed, as even the oldest version of SSL required you to exchange secrets, and since you're transmitting in the blind you won't see the response secret and it's game over.
There was a time when it was possible, because TCP sequence numbers were guessable due to poor randomness in a number of TCP stacks. You could make an intelligence guess as to what the next sequence number would be and send some bracketing packets in the hopes of getting lucky (more likely on a slow system then on a busy one).
And if you take your waybackmachine to the 90s, you'd find that source routing packets were honoured. It's been awhile since I ran into a version of anything that had that turned on by default.
So unless you can get into the ISP that the victim machine is connected to, not happening for any real world situation. And pawning an ISP is decidedly not childs-play.
The good data centers have two PDUs, a 'red' and 'blue' one, plugged into different circuits, which run back to separate power distribution systems (transformers, UPS, generators, and through a switching system to multiple grids.)
You then plug one of your power supplies into the Red line and one into the Blue line and are protected against any single "oops!" that doesn't involve the Coyote trying to catch the road runner level hi-jinks.
It's hard for me to conceive of a situation where a 'biologic' as one of the IT managers I worked with called humans, could take out all of BA for a day by "turning off a switch".
The closest example I can think of from my experience would be a cable plant in Calgary that went down because someone mis-architected the fire suppression system and a fire in the 'Red' electrical room tripped water fire suppression in the 'Blue' room. But that requires some serious bad Murphy mojo, and considerably more then BA has copped to so far. I think there's more to the story, although they have improved form the power surge story.
Receipts are problematic. If you can prove to officials that you voted one way, you've also broken the concept of a secret ballot, which opens the door for vote manipulation (bribery, threats, etc).
I know of one local election that was decided by my mother's vote. She regularly lied to my father about how she voted.
I've lived in Toronto and Vancouver and found them lovely cities to live in. Stanley Park in Vancouver is a gem any city should be proud of, not to mention the lovely natural beauty.
Toronto on the other hand is a very functional city, with many different cultures.
Now property values in both of them is high, but that is because people like them and want to live there.
I have no knowledge of the actual attack, but likely it was malware on their device. Probably whomever go the malware sold the information on the phone sold the info to a data broker. The attacker who had access to the SS7 system bought data that would allow them to leverage their access to make money.
These things have gotten fairly sophisticated in the last few years. Not everyone is going to fall for every scam, but when you have 10 million targets, the law of big numbers kicks in.
TFA is no better. "Named", "uncovered", "described itself"...
"Today, Fred Flintstone was named in a conspiracy initially uncovered by Bedrock News. In an interview, Mr Flinstone described himself as 'a hard working guy'"
The whole thing is shaded to make you think something untoward is occurring here.
BlackBerry said Wednesday it has been awarded a preliminary $814.9 million in royalty overpayments made to Qualcomm.
If so it's a novel approach to being a patent troll, pay a company too much for their patents and then get some of it back... I wish more trolls would be so foolish.
Methinks the troll descriptor doesn't apply in this case. If there's any patent trolling involved it was Qualcomm overcharging for theirs. But overall it just sounds like the sort of thing that happens between two companies legitimately licensing each other IP rights.
I think you're conflating marginal and effective tax rates here.
Marginal tax only gets charged on the earnings that exceeds the tier. So say for example the tax regime is 0% on the first 20K, 4% up to 70K and 8% over 70K.
If I make 71K I'll pay ((1K*.08)+(50K*.04)+(20K*.0)=2,080
So (assuming 20% is the effective federal tax rate for the same example) the effective state tax rate would be: 71,000/2,080=2.9% at the state level, for a total of 22.9% all told.
Sorry, it's something a lot of people miss, and it impacts policy discussions because politicians often take advantage of the confusion. And we need less confusion in world politics, not more:).
or chooses a different full-time job specifically for the added flexibility
Just to point out that it's not only women who make this decision. I view raising my daughter as my most important job. Nothing I do at my 'real' job will matter in 50 years. Raising my daughter will impact the world statistically speaking for years after I shrug off the mortal coil.
So I don't work the jobs where they expect 80 hrs out of me. I moved career paths to positions and companies which have more respect for work/life balance. I actually make a point of mentioning my kid during interviews, because I figure if they decide that's a strike against me, I don't want that job anyways.
One was a CHOICE, the other was FORCEFULLY FORCED DOWN YOUR THROAT.
I'll speak to this, as I feel it gets to the core of an idea.
I got lucky as a 5 year old. I happened to be in a situation where I got access to something most 5 year olds born in the 70s never got a chance to experience. How many more people would be out there with that wonderful moment if we'd ensured every 5 year old got the opportunity to try it?
Raising my own child, we encouraged her to try many different activities (or 'forced her' if you'd prefer I use your point of view). Some of them she liked, some of them she opted not to repeat. She didn't get a choice in the matter, as she did not have the experiential base yet to make an informed decision. She decided she loves STEM activities. If we hadn't introduced them to her at an early age, and social norms ('boy' activities vs 'girl' activities) had set in, who can say how it'd have turned out. I'd like to think that she'd have developed the same way, but I'm honest enough to say I don't know.
A big part of parenting IMO is providing the opportunities to children to find the things that excite them, that give them that passion in their lives to avoid the traps that will be placed in front of them as they get older.
For me it was technology, for another it might be hockey. Whatever it is, every parents job should be to help their child find theirs.
So as a parent, anything that helps take the luck out of finding that passion makes the world a better place for my kid and all of us.
I have nothing to add. I just want to say thank you for a well-written spot-on post. Your analogy was good, and your inspiring "feeling the world change" description gave me goosebumps to read.
Thank you. And you know the odd thing? Telling that story still gives me goosebumps too, because it makes me recall the feeling. I tell the story because it reminds me what I wanna do when I grow up.:)
Ya, my kid was taught scratch by an 8 yr old boy at Defcon when she was 3. Still plays around in scratch, it's great. She may never get involved in IT as a career (she's been pretty solid on vet for a few years), but she'll also never think of them as magic boxes, and there's a power in that too.
Put aside your cynicism for a moment. It's hard, I get that, but just for a moment....
OK, ready?
None of these coding initiatives are about teaching someone to code. It's about exposure. Think of football (or hockey, or...) camp for 8 year olds. Very few of those kids are going on to a brilliant professional sporting career. So we should shut them down, treat any parent who enrolls their child in such a camp with derision, etc. Right? No? Why not?
Because sometimes the experience is more important then the result.
When I was 5, I got a chance to play with a Vic 20. My landlords' daughter showed me how to do the classic:
10 PRINT "Hello World" 20 GOTO 10
I remember feeling the world change. It was a different place then before I wrote and ran that program. I *GOT* it. I knew this beige box was going to change everything.
Years later, when I was about 8, the local Commodore club got a modem. I saw what it did and felt that feeling again. I pestered my mom to let me check it out from the hardware library for months before she agreed and I dialed into a local Radio Shack BBS. The sysop started a chat and we talked in chat. This was the future.
In the years since, I ran a Fidonet network hub, ran two freenets in two cities, was the sole technical employee for a regional ISP in northern Canada, and have endeavored to make the world a slightly better place. To build the future I glimpsed when I was 5.
You know what? Never became a programmer. I can barely program my way out of a wet paper bag to this day. I know the concepts and understand how to use those concepts in my professional life, but programming itself has never set my soul alight. Does that make the experience of the journey any less important? Does it mean that the 5 year old wasted his time?
I'd argue no. I have no idea how my life might have changed if not for that chance encounter when I was 5. Maybe I'd still have followed the same life path. But for some of those kids getting exposed with the learn to code movement, statistically speaking, it will change their lives.
For me, that's enough. My daughter went to Defcon (the hacker conference) when she was 3, so hopefully she got 2 years on me in feeling that wonder.
Slashdot Mirror
That's interesting, so the kid who can only communicate through a sip & puff connected to a laptop is better off without a laptop in the classroom? Oh that's an exception? What about the kid with a processing speed deficit who performs their work 3 times faster on a laptop? Another exception? What about a well run classroom where the teachers is supervising what the children are doing, the same way as my teachers called me out when I was doodling at my desk instead of getting my work done?
Like most things involving humans, sweeping conclusionary statements about the educational process are myopic and ill advised, because educational methods should be shaped to the PEOPLE involved. What works for one teacher/student/class will not work for another teacher/student/class combination. That's why teachers are professionals, the same way as IT professionals are, they shape their approach to the situation at hand. (and before someone makes a disparaging remark about teachers, allow me to point out we all know IT people who should be in another profession too)
Min
if we could have a conversation about what the rules should be for once
But that conversation is hard. It's easier to throw rocks at a straw-man (did anyone seriously think Facebook is a paragon of getting this right that we should hold them up as a measuring stick and find all hat/discrimination rules useless?)
Min
I'm sure RSA trained their employees not to do "stupid things like this" too,
To be fair, the RSA attack had less to do with a user making a dumb mistake and more a case of poor architectural choices (critical data on the same network as a low-level user, insufficient network segmentation, and honestly, there should have been an airgap between the RSA key secrets and the HR person whose system was compromised, or the admin user's workstation that the attack escalated too.
All that having been said, it was a VERY sophisticated attack by a well funded actor, and likely would have occurred in spite of countermeasures eventually (at the end of the day, if you're a well funded state actor, 'kinetic' (to use the favored euphemism) options are available when the cyber options prove ineffectual.
If you're interested this account is, as I understand it from other sources, fairly accurate:
https://www.slideshare.net/Kun...
Min
Or better - install a VPN server at home and send everything on your phone out through it. Now you can connect to anything you want, it'll either be secure or won't work (captive portal won't be visible while you're on a VPN).
Min
lol - I had the same dyslexic moment when I read the headline. Need more coffee.
Min
And maybe that works fine for you, it does my mother. Nothing wrong with using a solution that meets your needs and satisfies your risk tolerance. Companies make exactly that sort of trade-off all the time. The issue comes when they're not honest about one of those two variables.
Min
We could define "secure as reasonably possible" as "occupying a value in a coordinate plane with one axis containing ease of use, and the other being risk (comprising an overall scoring for confidentiality, availability & integrity (in a data non-alteration sense, not a moral sense)) so as to minimize the risk axis while keeping the ease of use axis below a value that 75% of people would find acceptable".
That work for everyone?
Min
We're actually going through something very similar at work right now.
If you've not found https://www.crashplan.com/ yet, you might wanna check them out. They have BYOK options.
Not associated with them, just evaluated them a couple years back for a similar project.
Min
Intent != crime.
Generally speaking breaking into someone else's system and sending a spear phishing email would get you well into illegal.
Quoting form the NPR's article at: http://www.npr.org/2017/06/05/...
VR Systems, a Florida-based election systems provider referenced in the material, said in a statement:
"When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all our customers and advised them not to click on the attachment. We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result."
Now we can argue on if it impacted the results of the election. I don't think anyone knows the answer to that question, but it now appears the question of if there was an attempt by someone to infiltrate the electoral system is pretty solidly answered.
Attribution is a trickier problem, but I'll buy that the NSA has pretty good resources at its fingers for that, and they seem pretty conclusive in the documents provided by the Intercept.
It'll be interesting to see how this comes out, but I'm now convinced that a crime occurred, since VR Systems has confirmed such and any vested interest they have in the matter would be to deny rather then confirm, as it'll undoubtedly damage them commercially going forward.
Min
I'm going to assume he's talking about spoofing, or the technique of inserting a packet stream into the internet and making it appear like it's come from somewhere else.
This is in fact easily done if what you're attempting to do is DDOS a system. Doing it in such a way as to hack a system is NOT childsplay.
Here's one problem. You're typically (in the childs play scenario. State actor level games are NOT child's play) transmitting in the blind. TCP requires a three-way handshake. Assuming no one involved in the internet today is dumb enough to allow source routing packets, and that everyone is using decent random number generators for their sequence numbers, you can't see the SYN/ACK response from the host (since that'll have gone to the IP you're impersonating)
Add in ANY type of cryptography and you're totally hosed, as even the oldest version of SSL required you to exchange secrets, and since you're transmitting in the blind you won't see the response secret and it's game over.
There was a time when it was possible, because TCP sequence numbers were guessable due to poor randomness in a number of TCP stacks. You could make an intelligence guess as to what the next sequence number would be and send some bracketing packets in the hopes of getting lucky (more likely on a slow system then on a busy one).
And if you take your waybackmachine to the 90s, you'd find that source routing packets were honoured. It's been awhile since I ran into a version of anything that had that turned on by default.
So unless you can get into the ISP that the victim machine is connected to, not happening for any real world situation. And pawning an ISP is decidedly not childs-play.
So I give this claim 4-CRC errors out of 5.
Min
The good data centers have two PDUs, a 'red' and 'blue' one, plugged into different circuits, which run back to separate power distribution systems (transformers, UPS, generators, and through a switching system to multiple grids.)
You then plug one of your power supplies into the Red line and one into the Blue line and are protected against any single "oops!" that doesn't involve the Coyote trying to catch the road runner level hi-jinks.
It's hard for me to conceive of a situation where a 'biologic' as one of the IT managers I worked with called humans, could take out all of BA for a day by "turning off a switch".
The closest example I can think of from my experience would be a cable plant in Calgary that went down because someone mis-architected the fire suppression system and a fire in the 'Red' electrical room tripped water fire suppression in the 'Blue' room. But that requires some serious bad Murphy mojo, and considerably more then BA has copped to so far. I think there's more to the story, although they have improved form the power surge story.
Min
Receipts are problematic. If you can prove to officials that you voted one way, you've also broken the concept of a secret ballot, which opens the door for vote manipulation (bribery, threats, etc).
I know of one local election that was decided by my mother's vote. She regularly lied to my father about how she voted.
Min
I've lived in Toronto and Vancouver and found them lovely cities to live in. Stanley Park in Vancouver is a gem any city should be proud of, not to mention the lovely natural beauty.
Toronto on the other hand is a very functional city, with many different cultures.
Now property values in both of them is high, but that is because people like them and want to live there.
Min
I believe her reasons largely centered around the Vietnam war and not wanting her children to be drafted actually.
Min
I have no knowledge of the actual attack, but likely it was malware on their device. Probably whomever go the malware sold the information on the phone sold the info to a data broker. The attacker who had access to the SS7 system bought data that would allow them to leverage their access to make money.
These things have gotten fairly sophisticated in the last few years. Not everyone is going to fall for every scam, but when you have 10 million targets, the law of big numbers kicks in.
Min
TFA is no better. "Named", "uncovered", "described itself"...
"Today, Fred Flintstone was named in a conspiracy initially uncovered by Bedrock News. In an interview, Mr Flinstone described himself as 'a hard working guy'"
The whole thing is shaded to make you think something untoward is occurring here.
Min
BlackBerry said Wednesday it has been awarded a preliminary $814.9 million in royalty overpayments made to Qualcomm.
If so it's a novel approach to being a patent troll, pay a company too much for their patents and then get some of it back... I wish more trolls would be so foolish.
Methinks the troll descriptor doesn't apply in this case. If there's any patent trolling involved it was Qualcomm overcharging for theirs. But overall it just sounds like the sort of thing that happens between two companies legitimately licensing each other IP rights.
Min
top marginal rate (at ~$70k) is over 8%, which puts the total over 32%
https://en.wikipedia.org/wiki/...
I think you're conflating marginal and effective tax rates here.
Marginal tax only gets charged on the earnings that exceeds the tier. So say for example the tax regime is 0% on the first 20K, 4% up to 70K and 8% over 70K.
If I make 71K I'll pay ((1K*.08)+(50K*.04)+(20K*.0)=2,080
So (assuming 20% is the effective federal tax rate for the same example) the effective state tax rate would be:
71,000/2,080=2.9% at the state level, for a total of 22.9% all told.
Sorry, it's something a lot of people miss, and it impacts policy discussions because politicians often take advantage of the confusion. And we need less confusion in world politics, not more :).
Min
or chooses a different full-time job specifically for the added flexibility
Just to point out that it's not only women who make this decision. I view raising my daughter as my most important job. Nothing I do at my 'real' job will matter in 50 years. Raising my daughter will impact the world statistically speaking for years after I shrug off the mortal coil.
So I don't work the jobs where they expect 80 hrs out of me. I moved career paths to positions and companies which have more respect for work/life balance. I actually make a point of mentioning my kid during interviews, because I figure if they decide that's a strike against me, I don't want that job anyways.
Just sayin'
Min
Good idea - I'll queue that up after my current todos :)
Min
Current
Empire Game, Charles Stross
Next ups:
For we are many (book 2 of Bobiverse) by Dennis Taylor
Change Agent, Daniel Saurez
Min
One was a CHOICE, the other was FORCEFULLY FORCED DOWN YOUR THROAT.
I'll speak to this, as I feel it gets to the core of an idea.
I got lucky as a 5 year old. I happened to be in a situation where I got access to something most 5 year olds born in the 70s never got a chance to experience. How many more people would be out there with that wonderful moment if we'd ensured every 5 year old got the opportunity to try it?
Raising my own child, we encouraged her to try many different activities (or 'forced her' if you'd prefer I use your point of view). Some of them she liked, some of them she opted not to repeat. She didn't get a choice in the matter, as she did not have the experiential base yet to make an informed decision. She decided she loves STEM activities. If we hadn't introduced them to her at an early age, and social norms ('boy' activities vs 'girl' activities) had set in, who can say how it'd have turned out. I'd like to think that she'd have developed the same way, but I'm honest enough to say I don't know.
A big part of parenting IMO is providing the opportunities to children to find the things that excite them, that give them that passion in their lives to avoid the traps that will be placed in front of them as they get older.
For me it was technology, for another it might be hockey. Whatever it is, every parents job should be to help their child find theirs.
So as a parent, anything that helps take the luck out of finding that passion makes the world a better place for my kid and all of us.
Min
I have nothing to add. I just want to say thank you for a well-written spot-on post. Your analogy was good, and your inspiring "feeling the world change" description gave me goosebumps to read.
Thank you. And you know the odd thing? Telling that story still gives me goosebumps too, because it makes me recall the feeling. I tell the story because it reminds me what I wanna do when I grow up. :)
Min
Ya, my kid was taught scratch by an 8 yr old boy at Defcon when she was 3. Still plays around in scratch, it's great. She may never get involved in IT as a career (she's been pretty solid on vet for a few years), but she'll also never think of them as magic boxes, and there's a power in that too.
Min
Put aside your cynicism for a moment. It's hard, I get that, but just for a moment....
OK, ready?
None of these coding initiatives are about teaching someone to code. It's about exposure. Think of football (or hockey, or ...) camp for 8 year olds. Very few of those kids are going on to a brilliant professional sporting career. So we should shut them down, treat any parent who enrolls their child in such a camp with derision, etc. Right? No? Why not?
Because sometimes the experience is more important then the result.
When I was 5, I got a chance to play with a Vic 20. My landlords' daughter showed me how to do the classic:
10 PRINT "Hello World"
20 GOTO 10
I remember feeling the world change. It was a different place then before I wrote and ran that program. I *GOT* it. I knew this beige box was going to change everything.
Years later, when I was about 8, the local Commodore club got a modem. I saw what it did and felt that feeling again. I pestered my mom to let me check it out from the hardware library for months before she agreed and I dialed into a local Radio Shack BBS. The sysop started a chat and we talked in chat. This was the future.
In the years since, I ran a Fidonet network hub, ran two freenets in two cities, was the sole technical employee for a regional ISP in northern Canada, and have endeavored to make the world a slightly better place. To build the future I glimpsed when I was 5.
You know what? Never became a programmer. I can barely program my way out of a wet paper bag to this day. I know the concepts and understand how to use those concepts in my professional life, but programming itself has never set my soul alight. Does that make the experience of the journey any less important? Does it mean that the 5 year old wasted his time?
I'd argue no. I have no idea how my life might have changed if not for that chance encounter when I was 5. Maybe I'd still have followed the same life path. But for some of those kids getting exposed with the learn to code movement, statistically speaking, it will change their lives.
For me, that's enough. My daughter went to Defcon (the hacker conference) when she was 3, so hopefully she got 2 years on me in feeling that wonder.
Min