I disagree - I am a professional in the security space. I go to conferences for professional reasons.
I'd like the conference vendors to behave in a professional manner too and not insult my intelligence by implying that I'm more likely to sign off on a 6 figure deal because they have women dressed in biker leathers.
If I want to find scantily clad people of either gender, I can figure out where to look, trust me. I'm at a conference on my company's dollar, doing research on products we might want to invest in, I want to talk to someone who knows the bleedn product, not the woman they hired for the week because of her looks.
They tried that (http://www.washingtonpost.com/wp-dyn/content/article/2010/04/06/AR2010040600742.html) and the court said "You don't have authority to do that because internet isn't title II regulated". Therefore now internet is Title II regulated.
There's no need for corporal punishment, just bring back "punishment" in general, and make it consistent and fitting
This. My daughter knows that when Daddy starts counting down from 5 that she had better clean up her act NOW before the counter runs out. She knows this because I've consistently used that as a message to her that she has crossed the line since she was 2. Typically I only need to say 5, or hold up 5 fingers, and she changes her behavior (often she decides she needs a timeout and takes herself to her room).
That having been said, this is a technique that works with MY kid. Just like adults are different and if you interact with them assuming otherwise you're going to have issues, so are kids. Figure out what makes yours tick and use that knowledge and you'll both have an easier time of it.
Hey - if I had the choice to buy an iphone (I'm an android guy actually) and not have all the hassles and expenses of car ownership when I don't need them (there are days I don't drive, but my car still depreciates, gets one day closer to service, gets one day closer to breaking down, etc.). That'd be a trade I'd make.
I mentioned to my wife last night that it'd be great, I could nap with her and the kidlet, instead of being awake because they frown on napping while driving!
A good coverage of the technical stuff, I'll add some of my personal thoughts on "how to get there".
1) There is a community out there, find your place in it. Go to conferences, look for local meetup groups.
2) Become comfortable with PEOPLE. Many technical people are not, but you will be a LOT better at your job if you are. People build systems, people break them. A computer never wakes up in the morning and decides to hack something. If you understand people, you can guess what shortcuts they'll take and know where to start poking.
3) Go watch past defcon videos. There's gold in there. Not in the "oooh exploit" sense (although it's true that some people never get around to patching the old ones) but more importantly to understand how the people in the videos found the holes, and how the people not in the video left the holes to be found.
4) Find a mentor. Someone who's traveled your path before and can help you avoid the potholes before you get there. This is (imo) especially important if pentesting is calling you, as the legal potholes there are many and deep. Someone who's local will know what particular quirks your jurisdiction has.
5) Get a get out of jail free card. Others have covered this to death, but it's worth mentioning again. O&E insurance if you're ever doing this freelance is something I'd also consider to be mandatory underwear.
6) Find a safe playground. There are places you can practice your craft safely. Think the google bug bounty program. Look for these places, read their rules and make sure you stay inside them. https://dcdark.net/ too.
Hope that helps. Enjoy the ride, it's been good to me over the years.
Depends on your risk scenario planning. But yes, it does. A full rundown of our data integrity program would exceed the tl;dr scope on Slashdot, as well as violating NDAs:).
In general though I'd point out that disk based vaulting technologies have advanced considerably in the last few years and if I were providing advice to someone I'd point out that there are cloud based solutions which are write-only type solutions if your risk tolerance permits the use of third parties to store your data (e.g. CrashPlan). Avamar may also be an option depending on costs and resources.
That's where the professional part of IT professional comes in. You weigh your risks and have an honest discussion with your partners on the business side without fear mongering and you all decide on what your risk tolerance is, and have those discussions regularly (hint: Google's risk tolerance was different when they were in a garage then as a publicly traded company:)).
This. Even auditors have stopped blinking at me when I say "No tapes, we just have another data center like this one and a big ol pipe and XYZ data backup solution attached to the disks at the other end."
When auditors stop blinking, you know it's hit mainstream.
We encrypt using GPG at the DB extraction point so that when the file is sitting on the SFTP server in the DMZ waiting to go out it's not in cleartext. Also it allows us to sign the file and our partner can confirm that it's not been tampered with prior to them opening it in whatever trusted environment they process in. We need encryption at rest, as well as in transit, using GPG allows us to leave the 'transit' part up to the systems architects/developers because we know that whatever they do past db extraction is not reverent from a security pov.
Didn't get into it in the first post because I didn't think anyone would be interested:) Min
I partially agree with Moxie, GPG/PGP as an email encryption standard is never going to reach the "my mother uses it" point of say Skype. That doesn't mean its run its course. I also think it's disingenuous to imply that the number of keys on the public key servers is a useful proxy for utilization rates.
In my company we use GPG every day. Most people who work there have no idea that we do. It's used in sensitive communications at high levels between organizations, e.g. to send documents to auditors. It's also used in a huge number of automated processes to encrypt data during the DB extract process so we can move that data out of the DB network and send it to partners.
We don't send those keys to a public keyshare. That would provide attackers information and we don't do that (ya, security through obscurity sucks if it's your only line of protection. If you're using it to make life just a bit more difficult for an attacker tho, well I'm always for that!)
Now all that having been said, I have great respect for Moxie, and maybe he has the Next Great Thing up his sleeve. I hope to see it at Defcon:).
I have a few more examples - mostly because of situations I've been in over the years, and I know that the decisions get made today. Blind eyes get turned, "Oh dear, I appear to have left you way more drugs then required. Make sure they don't overdose on them." and then the death is ruled natural causes, all obvious evidence to the contrary.
I think overall this ruling is good, because it will remove the necessity for such "natural cause" deaths and ensure that the framework is followed instead. There's always going to be messy corner cases in law. There are people who get sentenced for murders they don't commit too. We can't ignore the problem because the solutions are going to be imperfect.
In the wake of this announcement there was someone who called into the local radio show. He said he had injected his loved one with a lethal dose of medication ("enough to kill a horse"). Imagine the guilt and suffering that person has gone through since, as they were unable to seek help, or therapy, etc, because what he did was technically speaking murder. We are not serving the greater good with the status quo.
The next step is for the competent government (federal most likely in this case, since the existing law is federal, although there's a non-zero chance that the feds might leave it up to the provinces through inaction) to take a stab at answering all the messy issues like "What does competent mean in this case". Then there will be court challenges, until we come up with a law that is acceptable within the Charter of Rights and Freedoms, and acceptable to the government(s) of the day. It's not pretty, but it is democracy.
Just to point out - that was NOT the decision the court made. instead of paraphrasing I'll quote:
physicianâ'assisted death for a competent adult person who (1) clearly consents to the termination of life and (2) has a grievous and irremediable medical condition (including an illness, disease or disability) that causes enduring suffering that is intolerable to the individual in the circumstances of his or her condition.
So the decision was not to allow doctors to make an arbitrary judgement on people who could not consent. The judgement was to prevent the government from finding doctors guilty of murder for respecting their patient's clearly expressed and competent wishes to end their lives only in circumstances of nonredeemable suffering. Min
This question isn't the best candidate for an ask Slashdot. The reason is that ANYTHING to do with raising kids is the equivilent of "Is Linux better then Windows" or "Iphone or Android, which should I pick? or "Ford or Honda?" for roughly the same reasons.
The group of people who have the source material you require to make your assessment have a deeply vested emotional commitment to the decision they have made. In this case what they did with their kids. So you're going to get emotional responses.
Additionally the KEY factor that we can't have any insight into is your kid(s). If there's one thing raising a kid has taught me it's that mine is a special snowflake, with all the positives and negitives that implies and I can't take decisions other parents have made for their kids and apply it to mine blindly outside of the most obvious cherry picked cases (e.g. vaccinations) My kid will react in a manner dictated by her personality.
For example, we've taken our kid to Defcon since she was 4. It's been a great experience for her and she self identifies with the type of kid who goes to a hacker conference and learns to solider and tell when someone is trying to social engineer her (a handy skill for your kid to have. Think puppies and vans). Is it the right thing for your kid? Who knows? Sure as heck not me. Do your research and find your answers, but do real research, don't ask on an internet forum:).
it will be due to interacting with others while infected and contagious
But what of carriers (Typhoid Mary being the obvious example) and conditions where you can be contagious and asymptomatic? Proactive vaccination in these situations represent the effective only defense society has.
Also the premise assumes that every member of society has the time and ability to educate themselves as to the symptoms and contagious periods of each condition for which they choose not to vaccinate themselves and a willingness to self isolate when they experience these conditions. The current measles outbreak provides its own counterexample.
One of my sibling posters pointed out the example of society requiring vision correction to within an acceptable standard prior to allowing you to drive (this is Slashdot, always go with the car analogy!). That seems very apt. It is reasonable for society to impose certain restrictions upon your freedom in exchange for the privilege of being a participant. We call this trust. I trust that when I let my child play with your child that you will do a whole list of things, and one of those is that you will do your best to ensure my child is not exposed to life threatening conditions. I do everything in my power to ensure the opposite is true.
Funny story - when we went to get our child vaccinated, we had some questions. The "Oh no, not another one" look in our pediatrician's eye was amusing, as was the relief when it was confirmation that I wasn't at risk from catching Chicken Pox from the Chicken Pox vaccination since I've never had a confirmed case.
Take Plex for example. When I'm at home, on the wifi my plex client on my android phone downloads any subscribed content from my server. Then I have it in local storage till I watch it, when it's deleted.
Way better then over the LTE anyways, fewer dropouts. Sometimes adversity breeds innovation.
Looking at the comment threads, yes, it appears to be a 'faithful' implementation of the original code's rules, or rather a superset, since it includes the pawn promotion rule and the original did not.
Sure, over an evolutionary timespan. Assuming that the disease in question kill before you can give birth, and that they kill enough of the population to be impactful in an evolutionary sense.
Call me soft though, I'd prefer we solve this problem in something less then an evolutionary timescale. I kinda care about the kids who'd die otherwise.
Hrmm, this might work out well for us non-govt people.
Consider:
NSA: "Apple, you must let us 'review' your code. We'll keep our findings to ourselves, you can't tell anyone" Apple: "OK" NSA digs through code, finds exploits, locks them up for future weaponization... China: "Apple, we'd like to "review" your code. We're going to tell the world about it" Apple: "OK" NSA: "Crap, now those evyl Chinese will find our exploits. Darn, I guess we'd better tell Apple to fix them after all or the Chinese will be spying on us!
At the end of the day, the best we can hope for is that the various spooks keep each other honest.
There was also a talk this last year that went into the architectural design of the car's network, and showed that in most cases there was no device between the head end unit and the sensitive items in a car, and where there was it wasn't a security device, merely a signal management unit, and the presenter expected to be able to jump it. But again, typically if you get access to the bus, you can talk to anything you want. There was also a lovely bonus bit where they showed you could update the to an arbitrary unsigned firmware due to some sloppiness in the process. (if you cut the power at the right time, the recovery process didn't do the appropriate checks. Once they got in and could analyze the python scripts being used, they discovered if you wrote a specific character (I think D but my memory could be playing tricks on me) to the right sector of the CD, it would bypass the signature checks and just update the firmware.
Engineers are generally smart, but they also tend to design to the specifications. If you don't TELL them to consider an attacker in their designs, they don't.
No need to do such extreme damage, when the same effect can be achieved with a simple fuse on the positive voltage line of the port. Suspicious activity? Burn the fuse-- BAM-- port is dead, but easily fixed.
Doesn't protect against other attack avenues that have either been hypothoized or demo'd though. The entertainment unit always seems popular. Trojaned CD in the player, for example or exploit against the bluetooth system. Hey I wonder what happens to that cute bit of software that displays what song the FM station is playing if the station sends YourPawnedxxxxxxxxxx....?
I'm not sure most of the security sector put it together that someone might voluntarily install their own remotely exploitable device into the bus in sufficient numbers to be interesting. Guess we should know better then to underestimate the power of a discount!
Just as a point of interest, there was a talk at Defcon last year where someone built a IPS (intrusion prevention system) for the bus of the car. It turns out that the communication matrix for a car is a very static system. The parts of a car that communicate with each other do so often (e.g. Engine controller and injection system), and predictably. Other parts that don't (e.g. entertainment system, or that ODBII plug from the insurance company and the traction control system) never do. So it's possible to build a device that models the system by listening on the bus and if it suddenly sees new traffic patterns shorts out the bus, leaving you with a less smart, but still on 4 wheels and not careening into oncoming traffic, car.
Seems like something the OEMs should be looking into.
Slashdot Mirror
I disagree - I am a professional in the security space. I go to conferences for professional reasons.
I'd like the conference vendors to behave in a professional manner too and not insult my intelligence by implying that I'm more likely to sign off on a 6 figure deal because they have women dressed in biker leathers.
If I want to find scantily clad people of either gender, I can figure out where to look, trust me. I'm at a conference on my company's dollar, doing research on products we might want to invest in, I want to talk to someone who knows the bleedn product, not the woman they hired for the week because of her looks.
Min
Hopefully RSA carries this over to their booths at other conferences. They were often among the worst offenders at Blackhat.
Min
They tried that (http://www.washingtonpost.com/wp-dyn/content/article/2010/04/06/AR2010040600742.html) and the court said "You don't have authority to do that because internet isn't title II regulated". Therefore now internet is Title II regulated.
Min
There's no need for corporal punishment, just bring back "punishment" in general, and make it consistent and fitting
This. My daughter knows that when Daddy starts counting down from 5 that she had better clean up her act NOW before the counter runs out. She knows this because I've consistently used that as a message to her that she has crossed the line since she was 2. Typically I only need to say 5, or hold up 5 fingers, and she changes her behavior (often she decides she needs a timeout and takes herself to her room).
That having been said, this is a technique that works with MY kid. Just like adults are different and if you interact with them assuming otherwise you're going to have issues, so are kids. Figure out what makes yours tick and use that knowledge and you'll both have an easier time of it.
Min
No! Rot 13 is broken. Hey, Triple DES made DES secure again! We'll do quadrupedal Rot 13! That'll fix em!
Min
Hey - if I had the choice to buy an iphone (I'm an android guy actually) and not have all the hassles and expenses of car ownership when I don't need them (there are days I don't drive, but my car still depreciates, gets one day closer to service, gets one day closer to breaking down, etc.). That'd be a trade I'd make.
I mentioned to my wife last night that it'd be great, I could nap with her and the kidlet, instead of being awake because they frown on napping while driving!
Min
A good coverage of the technical stuff, I'll add some of my personal thoughts on "how to get there".
1) There is a community out there, find your place in it. Go to conferences, look for local meetup groups.
2) Become comfortable with PEOPLE. Many technical people are not, but you will be a LOT better at your job if you are. People build systems, people break them. A computer never wakes up in the morning and decides to hack something. If you understand people, you can guess what shortcuts they'll take and know where to start poking.
3) Go watch past defcon videos. There's gold in there. Not in the "oooh exploit" sense (although it's true that some people never get around to patching the old ones) but more importantly to understand how the people in the videos found the holes, and how the people not in the video left the holes to be found.
4) Find a mentor. Someone who's traveled your path before and can help you avoid the potholes before you get there. This is (imo) especially important if pentesting is calling you, as the legal potholes there are many and deep. Someone who's local will know what particular quirks your jurisdiction has.
5) Get a get out of jail free card. Others have covered this to death, but it's worth mentioning again. O&E insurance if you're ever doing this freelance is something I'd also consider to be mandatory underwear.
6) Find a safe playground. There are places you can practice your craft safely. Think the google bug bounty program. Look for these places, read their rules and make sure you stay inside them. https://dcdark.net/ too.
Hope that helps. Enjoy the ride, it's been good to me over the years.
Min
Depends - maybe not if they use progressive for insurance:
http://www.forbes.com/sites/th...
Min
Well I believe KSP is using unity and it has a pretty big map:
www.kerbalspaceprogram.com
If you can simulate a solar system, that meets the requirements of big in my book :)
Min
Depends on your risk scenario planning. But yes, it does. A full rundown of our data integrity program would exceed the tl;dr scope on Slashdot, as well as violating NDAs :).
In general though I'd point out that disk based vaulting technologies have advanced considerably in the last few years and if I were providing advice to someone I'd point out that there are cloud based solutions which are write-only type solutions if your risk tolerance permits the use of third parties to store your data (e.g. CrashPlan). Avamar may also be an option depending on costs and resources.
That's where the professional part of IT professional comes in. You weigh your risks and have an honest discussion with your partners on the business side without fear mongering and you all decide on what your risk tolerance is, and have those discussions regularly (hint: Google's risk tolerance was different when they were in a garage then as a publicly traded company :)).
This. Even auditors have stopped blinking at me when I say "No tapes, we just have another data center like this one and a big ol pipe and XYZ data backup solution attached to the disks at the other end."
When auditors stop blinking, you know it's hit mainstream.
Min
We encrypt using GPG at the DB extraction point so that when the file is sitting on the SFTP server in the DMZ waiting to go out it's not in cleartext. Also it allows us to sign the file and our partner can confirm that it's not been tampered with prior to them opening it in whatever trusted environment they process in. We need encryption at rest, as well as in transit, using GPG allows us to leave the 'transit' part up to the systems architects/developers because we know that whatever they do past db extraction is not reverent from a security pov.
Didn't get into it in the first post because I didn't think anyone would be interested :)
Min
I partially agree with Moxie, GPG/PGP as an email encryption standard is never going to reach the "my mother uses it" point of say Skype. That doesn't mean its run its course. I also think it's disingenuous to imply that the number of keys on the public key servers is a useful proxy for utilization rates.
In my company we use GPG every day. Most people who work there have no idea that we do. It's used in sensitive communications at high levels between organizations, e.g. to send documents to auditors. It's also used in a huge number of automated processes to encrypt data during the DB extract process so we can move that data out of the DB network and send it to partners.
We don't send those keys to a public keyshare. That would provide attackers information and we don't do that (ya, security through obscurity sucks if it's your only line of protection. If you're using it to make life just a bit more difficult for an attacker tho, well I'm always for that!)
Now all that having been said, I have great respect for Moxie, and maybe he has the Next Great Thing up his sleeve. I hope to see it at Defcon :).
Min
I have a few more examples - mostly because of situations I've been in over the years, and I know that the decisions get made today. Blind eyes get turned, "Oh dear, I appear to have left you way more drugs then required. Make sure they don't overdose on them." and then the death is ruled natural causes, all obvious evidence to the contrary.
I think overall this ruling is good, because it will remove the necessity for such "natural cause" deaths and ensure that the framework is followed instead. There's always going to be messy corner cases in law. There are people who get sentenced for murders they don't commit too. We can't ignore the problem because the solutions are going to be imperfect.
In the wake of this announcement there was someone who called into the local radio show. He said he had injected his loved one with a lethal dose of medication ("enough to kill a horse"). Imagine the guilt and suffering that person has gone through since, as they were unable to seek help, or therapy, etc, because what he did was technically speaking murder. We are not serving the greater good with the status quo.
The next step is for the competent government (federal most likely in this case, since the existing law is federal, although there's a non-zero chance that the feds might leave it up to the provinces through inaction) to take a stab at answering all the messy issues like "What does competent mean in this case". Then there will be court challenges, until we come up with a law that is acceptable within the Charter of Rights and Freedoms, and acceptable to the government(s) of the day. It's not pretty, but it is democracy.
Min
when someone is incapable to decide
Just to point out - that was NOT the decision the court made. instead of paraphrasing I'll quote:
physicianâ'assisted death for a competent adult person who (1) clearly consents to the termination of life and (2) has a grievous and irremediable medical condition (including an illness, disease or disability) that causes enduring suffering that is intolerable to the individual in the circumstances of his or her condition.
Full judgement text available here
So the decision was not to allow doctors to make an arbitrary judgement on people who could not consent. The judgement was to prevent the government from finding doctors guilty of murder for respecting their patient's clearly expressed and competent wishes to end their lives only in circumstances of nonredeemable suffering.
Min
This question isn't the best candidate for an ask Slashdot. The reason is that ANYTHING to do with raising kids is the equivilent of "Is Linux better then Windows" or "Iphone or Android, which should I pick? or "Ford or Honda?" for roughly the same reasons.
The group of people who have the source material you require to make your assessment have a deeply vested emotional commitment to the decision they have made. In this case what they did with their kids. So you're going to get emotional responses.
Additionally the KEY factor that we can't have any insight into is your kid(s). If there's one thing raising a kid has taught me it's that mine is a special snowflake, with all the positives and negitives that implies and I can't take decisions other parents have made for their kids and apply it to mine blindly outside of the most obvious cherry picked cases (e.g. vaccinations) My kid will react in a manner dictated by her personality.
For example, we've taken our kid to Defcon since she was 4. It's been a great experience for her and she self identifies with the type of kid who goes to a hacker conference and learns to solider and tell when someone is trying to social engineer her (a handy skill for your kid to have. Think puppies and vans). Is it the right thing for your kid? Who knows? Sure as heck not me. Do your research and find your answers, but do real research, don't ask on an internet forum :).
Min
it will be due to interacting with others while infected and contagious
But what of carriers (Typhoid Mary being the obvious example) and conditions where you can be contagious and asymptomatic? Proactive vaccination in these situations represent the effective only defense society has.
Also the premise assumes that every member of society has the time and ability to educate themselves as to the symptoms and contagious periods of each condition for which they choose not to vaccinate themselves and a willingness to self isolate when they experience these conditions. The current measles outbreak provides its own counterexample.
One of my sibling posters pointed out the example of society requiring vision correction to within an acceptable standard prior to allowing you to drive (this is Slashdot, always go with the car analogy!). That seems very apt. It is reasonable for society to impose certain restrictions upon your freedom in exchange for the privilege of being a participant. We call this trust. I trust that when I let my child play with your child that you will do a whole list of things, and one of those is that you will do your best to ensure my child is not exposed to life threatening conditions. I do everything in my power to ensure the opposite is true.
Funny story - when we went to get our child vaccinated, we had some questions. The "Oh no, not another one" look in our pediatrician's eye was amusing, as was the relief when it was confirmation that I wasn't at risk from catching Chicken Pox from the Chicken Pox vaccination since I've never had a confirmed case.
Min
So we'll see innovation in other places.
Take Plex for example. When I'm at home, on the wifi my plex client on my android phone downloads any subscribed content from my server. Then I have it in local storage till I watch it, when it's deleted.
Way better then over the LTE anyways, fewer dropouts. Sometimes adversity breeds innovation.
Min
Looking at the comment threads, yes, it appears to be a 'faithful' implementation of the original code's rules, or rather a superset, since it includes the pawn promotion rule and the original did not.
Min
Sure, over an evolutionary timespan. Assuming that the disease in question kill before you can give birth, and that they kill enough of the population to be impactful in an evolutionary sense.
Call me soft though, I'd prefer we solve this problem in something less then an evolutionary timescale. I kinda care about the kids who'd die otherwise.
Min
Hrmm, this might work out well for us non-govt people.
Consider:
NSA: "Apple, you must let us 'review' your code. We'll keep our findings to ourselves, you can't tell anyone" ...
Apple: "OK"
NSA digs through code, finds exploits, locks them up for future weaponization
China: "Apple, we'd like to "review" your code. We're going to tell the world about it"
Apple: "OK"
NSA: "Crap, now those evyl Chinese will find our exploits. Darn, I guess we'd better tell Apple to fix them after all or the Chinese will be spying on us!
At the end of the day, the best we can hope for is that the various spooks keep each other honest.
Min
Sadly the relevant research shows that while you would like this to be the case, it isn't.
If you'd like to know more, look at the defcon conference videos for the last few years.
Just as a for example, I'll direct you to this article:
http://www.nytimes.com/2011/03...
There was also a talk this last year that went into the architectural design of the car's network, and showed that in most cases there was no device between the head end unit and the sensitive items in a car, and where there was it wasn't a security device, merely a signal management unit, and the presenter expected to be able to jump it. But again, typically if you get access to the bus, you can talk to anything you want. There was also a lovely bonus bit where they showed you could update the to an arbitrary unsigned firmware due to some sloppiness in the process. (if you cut the power at the right time, the recovery process didn't do the appropriate checks. Once they got in and could analyze the python scripts being used, they discovered if you wrote a specific character (I think D but my memory could be playing tricks on me) to the right sector of the CD, it would bypass the signature checks and just update the firmware.
Engineers are generally smart, but they also tend to design to the specifications. If you don't TELL them to consider an attacker in their designs, they don't.
Min
No need to do such extreme damage, when the same effect can be achieved with a simple fuse on the positive voltage line of the port. Suspicious activity? Burn the fuse-- BAM-- port is dead, but easily fixed.
Doesn't protect against other attack avenues that have either been hypothoized or demo'd though. The entertainment unit always seems popular. Trojaned CD in the player, for example or exploit against the bluetooth system. Hey I wonder what happens to that cute bit of software that displays what song the FM station is playing if the station sends YourPawnedxxxxxxxxxx....?
I'm not sure most of the security sector put it together that someone might voluntarily install their own remotely exploitable device into the bus in sufficient numbers to be interesting. Guess we should know better then to underestimate the power of a discount!
(I do agree with the rest of your post btw.)
Min
lol - exactly what I thought. Where's my floppy with OMMM (opus matrix mail masher, fidonet's answer to sendmail!).
Min
Just as a point of interest, there was a talk at Defcon last year where someone built a IPS (intrusion prevention system) for the bus of the car. It turns out that the communication matrix for a car is a very static system. The parts of a car that communicate with each other do so often (e.g. Engine controller and injection system), and predictably. Other parts that don't (e.g. entertainment system, or that ODBII plug from the insurance company and the traction control system) never do. So it's possible to build a device that models the system by listening on the bus and if it suddenly sees new traffic patterns shorts out the bus, leaving you with a less smart, but still on 4 wheels and not careening into oncoming traffic, car.
Seems like something the OEMs should be looking into.
Min