State
CALIFORNIA Regulatory Cost Recovery Charge
0.43 Federal Universal Service Fund
11.4% State Universal Service Fund
$0.00 Other AT&T Surcharges
0.18%
Believe it or not they actually tell you what the charges are for. This is 150 times better than what we had when I was younger. Training is an issue in any retail store, but before hitting the slashdot front page, maybe a bit of googling is in order.
That's funny. I was with Sprint for a decade - by far the worst customer service experience that I've ever had with any product. At ATT they actually answer their phones, they are usually helpful, and - get this - the call centers are in the U.S.!!!
Maybe different regions see different things, but I was floored at the difference when I switched to an iPhone and AT&T.
This guy will have a hard time getting a job in the future, and a guy with his credentials commands a lot more than he is making right now.
If it turns out that the facts of this case are far from the original story, and nobody from the city is stepping in to correct it, then SF is in the same situation as the US when Ashcroft pointed the finger at the Anthrax guy (who recently won a big chunk of change for the false accusation).
Something tells me that the wheels of government turn slowly enough that even if they wanted to correct themselves at this point, they won't until well after the publicity is over.
I've met less than 10 over the last decade, probably less than 5.
Further, the article makes it sound like the guy didn't have any free time to document or train, and management had plenty of time and opportunity to make that a priority for him and failed to do so.
That is really wierd. For a small company it wouldn't make a difference. Heck, I'm the CEO of my company and I apply patches all the time. But for a company the size of Diebold, I would expect that their CEO wouldn't know the first thing about applying a patch.
Suspicious isn't evidence though. Given RawStory's decided slant on things, an actual investigation and some comments from a new source would be nice.
certificates are for identification, not encryption. Encryption can be done just fine without an SSL certificate. The point behind SSL is to ensure that only the >IDENTIFIED party (read: website) can decrypt your data, and no man-in-the-middle can.
And therein lies my point.
If ANY trusted root CA does not perform identification properly, then everybody is at risk. When people are shopping, doing online banking, or doing anything else that would imply a secure connection they do not look at the cert to see if it is issued by a trustworthy provider. They accept the browser default trust relationships. The browser default trust relationships have providers that do not perform appropriate identification procedures.
Yes, there are plenty of hack-ish ways to put encryption on the line, but there is only one default way to encrypt traffic in a way that is seamless to the end user, and that is SSL/secure http.
The way things stand, I could with some effort pick up a citibank.com ssl cert and key from a trusted root CA (or a chained cert) that would present no problems. I could then poison the dns at a fixed geographic location (not that difficult), and nobody would be the wiser. Of course, I could in some situations push out a trust relationship to my own CA and do the same thing, but that leaves a trail on every machine I pushed it out to.
So if identification is essentially useless, then what is in place currently truly is a mechanism to easily enable encryption and nothing more.
A chain is only as strong as it's weakest link. Verisign can require all the verification they want, but there are other "trusted" root CAs that don't.
I purchased an SSL cert, and because my spam software rejected the provider's messages (with good reason), they had to send my ssl cert to a throwaway address I set up. There was nothing in the way of identification verification.
Regardless of whether or not this was a "one-time" instance, once again we have people trusting big providers simply because they are big providers. A revenue stream does not make you secure.
There is no difference between a free cert, a $25 cert, and a $500 cert - other than the fact that no free cert providers have trusted root CAs by default. Nobody actually reads the certificates, the only time an end user ever cares about cert's it is because a dialog popped up that gave them a warning, and half the time with a warning, the end user simply clicks on through anyways.
People should see SSL certs for what they are - end point-to-end point encryption mechanisms and nothing more. Thinking they are anything more is simply a false sense of security.
one thing i can see the motivation behind - not marking a fix as a security related until it has been developed, somewhat tested and maybe even a new kernel version is released
That sounds good on the surface, and certainly a lot of people have that mentality, but in the real open source world if you hide the fact that a bug is security related, you are dramatically slimming down the developer base that would put together a fix for it. I would argue that openly specifying security issues would increase the level of knowledge the general populous has about how the kernel works and also increase the size of the development community.
"fixed bug #23456 overflow at line #1234 causing dumaflopper() to return incorrect result - known security problem" or
"fixed bug #23456 overflow at line #1234 causing dumaflopper() to return incorrect result - important update"
would be more appropriate IMO. Letting people know where the security fixes are is important in getting the changes widely distributed.
By hiding it, you're only protecting yourself from second rate hackers. The first rate hackers found the problem and began taking advantage of it well before the development team was aware the problem existed.
Further, a better community understanding and acceptance of insecurity would be an even better idea. Too many people out there think "I've secured this box, I know what I'm doing, nobody can get in" when in fact there are very few such boxes out there and the real security layer being utilized is the fact that there are so many other machines out there that are easier to control. If you know you are vulnerable the mindset changes.
Example: "E-mail has lots of viruses, so I don't open up strange email. Now that I have Norton, it protects me so I open up strange email if it has a subject that draws me in." That's a mindset a lot of people have. Norton gives them the mindset they are secure, but the reality is far from that. If everyone knew how insecure they really were, less people would open up spam or virus-laden spam.
On the same token, you'd need an exceptionally large solar panel array - well beyond what could reasonably be spent to generate enough electricity to take the average urban household off the grid.
But keep electricity prices where they are at or higher in comparison with average incomes and people will find ways to generate their own at a much lower price point.
These belts are just one idea that is waiting to be extrapolated from.
There's a guy who came up with a way to use water (hydrogen/electrolysis) to increase mileage dramatically on big rigs who's making a killing right now. There are plenty of other recent examples of people either inventing things or re-engineering old ideas to save a few bucks on electricity or gas - either for commercial profit, or just to save themselves a few bucks.
There's also the fact that a solar system increases your home value by something like 1K for every $100 in monthly electrical reduced.
You could go on and on.
The problem is that investing 60K in an electrical system is such a huge investment. If people are really going to start using "alternative" energy sources, it's going to have to be a smaller number with a quicker ROI.
Generating electricity isn't that difficult. Generating enough electricity to keep an average american home electric-bill free is. I started looking into solar and found it was too expensive for too little of a return. Maybe a few years down the road it will be better.
I'm sure a lot of people have done the same, and I'm sure a lot of people have also taken the next step as well and started looking into less expensive ways to generate energy. It seems odd, but very little attention has been paid to the home-electricity arena and there are huge opportunities for engineers and innovators. Building a radial flux generator is well within the capabilities of most do-it-your-selfers for less then a few hundred dollars and the only problem is how to turn it.
Should it really have taken until 2007 before flutter belts came along? Is it really that hard to engineer a device that would take advantage of rooftop wind energy? I bet some products hit the market soon and some DIY projects start showing up online as well.
But wind energy isn't the only thing out there. PV isn't the only way to extract energy from the sun. Gravity can be harnessed pretty easily. And there are plenty of other sources as well.
If there's one good thing to come out of the gas price situation we are dealing with, it's that a lot of smart people will be looking at energy generation all over again.
There is a certain amount of freedom that comes from not being afraid of your own actions and thoughts, but that is a luxury that few of us are able to afford.
Most of us live in compartmentalized worlds. Between family, work, our real world social lives, and our online lives people have secrets. They can range in size from something that would cause an inconvenient discussion or an unappealing judgement to something that could break up a family or worse.
Pushing people to give up the potential of anonymity is akin to implementing Thought Police. The thought that internet laws would be sane if anonymity were not so prevalent is just idealist thinking. The idea that "right wing" politicians are the only ones who write or vote for laws which attack common sensibility is simply ludicrous.
People use anonymity to do bad things. People also use anonymity to do good things. Sometimes people use anonymity just because they feel like it.
Should this lady be punished? Yes. Are the charges appropriate? No. The DA is either not very creative or is pushing a political agenda. Would taking away the potential for online anonymity have prevented this woman from doing harm to the young girl? Probably not.
However, much like DRM technology, people will ALWAYS find a way around this kind of thing.
If it's based on packet inspection, they secure the packets. If it's based on connection patterns, change the connection patterns. If it's based on... the list goes on.
The only thing this technology ensures is that the people who are passionate about what they want to do will educate themselves.
My wifi is wide open purposely. It makes it easier when I get a new device or when a friend comes over and wants to use their laptop.
Within the last year, my neighbors finally joined the WIFI club. I appreciate that their networks are all encrypted so I don't accidentally attach to their networks, and my guests don't either.
If someone were to abuse my network, I would lock it down - but in the last 5 years that hasn't happened to my knowledge. I've noticed strange devices attached on occasion, but traffic has been minimal and I've noticed nothing in the way of security breaches on my machines. I probably made someone happy that they could get to the net. Conversely, if those people were clever enough to cover their tracks, they were probably clever enough to break into a secure network anyhow.
Having an insecure network for me is a choice I make consciously, and I would by no means consider someone a thief for simply connecting to my network and accessing the internet.
Many people don't have insecure networks by choice, though. If they left a window open, or a door unlocked, it would be illegal to go into their house unannounced. Is it that much different for a network? I would think that since the signals escape the boundaries of my home that they are open to use by the public, but I think the debate is still pretty wide open.
The other point to consider is the responsibility for traffic generated from your endpoint. Does a network owner have responsibility to ensure that all traffic coming through a network is on the up and up? That's an interesting debate and I'm not sure what the answer really should be.
Wait a minute here. Wasn't DirecTV trying to get people to settle for upwards of $3K for stealing signals, and suing them for absurd amounts over 6 figures.
Is the end result of all that litigation a $1500 fine? Or is this somehow different?
But to your point - would the number of externally facing windows or the total amount of externally facing glass change significantly? I wouldn't think so.
Natural lighting typically produces significantly less heat than electrical lighting, so you generally see a reduction in electricity costs related to air conditioning as well as for lighting (in commercial facilities where there is a lot of electrical lighting, these costs are measurable). I don't know about heating costs increasing in the winter time - but I would imagine the same phenomina is reversed.
I imagine there's no way around the need for augmented lighting during the dark times, but having a central distribution point for lighting leaves your options pretty open. You could have one high powered central light source to shine directly at your collection point - and you could charge that light via solar power and augment it with good old fashioned coal. Alternatively, you could wire up each room for direct lighting, but that sort of defeats the purpose.
Funny, I've thought about this for quite some time. Having a central repository for high traffic common files is a good idea in general - it would reduce page load times significantly for people since their browser would cache the files and re-use them across multiple sites.
I played with the YUI libraries and I noticed that the files were being sent without cache control headers. The load times were great because of akamai, but by placing those files in somebody else's hands (not picking on yahoo, anybody else's hands), I'm providing information about my sites visitors to a third party in order to save 50K of bandwidth. If I host the files myself, and use appropriate cache-control headers, I only have to spend that bandwidth one time or a few times per visitor per month (some visitors will force-refresh, and some will not support cacheing).
On the client side of the street, an expenditure of 50K of disk space is not unreasonable.
Personally, I'm wary of providing so much information to Google and simply hoping they'll continue to follow the "Don't be evil" mantra.
Slashdot Mirror
Point taken. I have no trouble admitting when I'm wrong :)
Time to take a look at my bill!
That's why they have a web page that tells you what your charges are for your area:
http://www.wireless.att.com/cell-phone-service/additionalcharges/
State
CALIFORNIA
Regulatory Cost Recovery Charge
0.43
Federal Universal Service Fund
11.4%
State Universal Service Fund
$0.00
Other AT&T Surcharges
0.18%
Believe it or not they actually tell you what the charges are for. This is 150 times better than what we had when I was younger. Training is an issue in any retail store, but before hitting the slashdot front page, maybe a bit of googling is in order.
That's funny. I was with Sprint for a decade - by far the worst customer service experience that I've ever had with any product. At ATT they actually answer their phones, they are usually helpful, and - get this - the call centers are in the U.S.!!!
Maybe different regions see different things, but I was floored at the difference when I switched to an iPhone and AT&T.
The city has a huge issue here.
This guy will have a hard time getting a job in the future, and a guy with his credentials commands a lot more than he is making right now.
If it turns out that the facts of this case are far from the original story, and nobody from the city is stepping in to correct it, then SF is in the same situation as the US when Ashcroft pointed the finger at the Anthrax guy (who recently won a big chunk of change for the false accusation).
Something tells me that the wheels of government turn slowly enough that even if they wanted to correct themselves at this point, they won't until well after the publicity is over.
Password recovery on most of the devices is disabled.
Router configurations are recoverable on re-boot now, but it sounds like the backups are not available, so...
A recovery of administrative permissions would necessitate destroying the configuration, which would have to be re-built from scratch.
There are ways of getting everything back, but the standard methods are not effective.
How many GOOD Cisco guys have you run into?
I've met less than 10 over the last decade, probably less than 5.
Further, the article makes it sound like the guy didn't have any free time to document or train, and management had plenty of time and opportunity to make that a priority for him and failed to do so.
That is really wierd. For a small company it wouldn't make a difference. Heck, I'm the CEO of my company and I apply patches all the time. But for a company the size of Diebold, I would expect that their CEO wouldn't know the first thing about applying a patch.
Suspicious isn't evidence though. Given RawStory's decided slant on things, an actual investigation and some comments from a new source would be nice.
And therein lies my point.
If ANY trusted root CA does not perform identification properly, then everybody is at risk. When people are shopping, doing online banking, or doing anything else that would imply a secure connection they do not look at the cert to see if it is issued by a trustworthy provider. They accept the browser default trust relationships. The browser default trust relationships have providers that do not perform appropriate identification procedures.
Yes, there are plenty of hack-ish ways to put encryption on the line, but there is only one default way to encrypt traffic in a way that is seamless to the end user, and that is SSL/secure http.
The way things stand, I could with some effort pick up a citibank.com ssl cert and key from a trusted root CA (or a chained cert) that would present no problems. I could then poison the dns at a fixed geographic location (not that difficult), and nobody would be the wiser. Of course, I could in some situations push out a trust relationship to my own CA and do the same thing, but that leaves a trail on every machine I pushed it out to.
So if identification is essentially useless, then what is in place currently truly is a mechanism to easily enable encryption and nothing more.
A chain is only as strong as it's weakest link. Verisign can require all the verification they want, but there are other "trusted" root CAs that don't.
I purchased an SSL cert, and because my spam software rejected the provider's messages (with good reason), they had to send my ssl cert to a throwaway address I set up. There was nothing in the way of identification verification.
Regardless of whether or not this was a "one-time" instance, once again we have people trusting big providers simply because they are big providers. A revenue stream does not make you secure.
There is no difference between a free cert, a $25 cert, and a $500 cert - other than the fact that no free cert providers have trusted root CAs by default. Nobody actually reads the certificates, the only time an end user ever cares about cert's it is because a dialog popped up that gave them a warning, and half the time with a warning, the end user simply clicks on through anyways.
People should see SSL certs for what they are - end point-to-end point encryption mechanisms and nothing more. Thinking they are anything more is simply a false sense of security.
That sounds good on the surface, and certainly a lot of people have that mentality, but in the real open source world if you hide the fact that a bug is security related, you are dramatically slimming down the developer base that would put together a fix for it. I would argue that openly specifying security issues would increase the level of knowledge the general populous has about how the kernel works and also increase the size of the development community.
"fixed bug #23456 overflow at line #1234 causing dumaflopper() to return incorrect result - known security problem" or
"fixed bug #23456 overflow at line #1234 causing dumaflopper() to return incorrect result - important update"
would be more appropriate IMO. Letting people know where the security fixes are is important in getting the changes widely distributed.
By hiding it, you're only protecting yourself from second rate hackers. The first rate hackers found the problem and began taking advantage of it well before the development team was aware the problem existed.
Further, a better community understanding and acceptance of insecurity would be an even better idea. Too many people out there think "I've secured this box, I know what I'm doing, nobody can get in" when in fact there are very few such boxes out there and the real security layer being utilized is the fact that there are so many other machines out there that are easier to control. If you know you are vulnerable the mindset changes.
Example: "E-mail has lots of viruses, so I don't open up strange email. Now that I have Norton, it protects me so I open up strange email if it has a subject that draws me in." That's a mindset a lot of people have. Norton gives them the mindset they are secure, but the reality is far from that. If everyone knew how insecure they really were, less people would open up spam or virus-laden spam.
Where is that option? The preview usually takes so long that I end up not submitting my comments. I can't seem to find it in my own preferences.
On the same token, you'd need an exceptionally large solar panel array - well beyond what could reasonably be spent to generate enough electricity to take the average urban household off the grid.
But keep electricity prices where they are at or higher in comparison with average incomes and people will find ways to generate their own at a much lower price point.
These belts are just one idea that is waiting to be extrapolated from.
There's a guy who came up with a way to use water (hydrogen/electrolysis) to increase mileage dramatically on big rigs who's making a killing right now. There are plenty of other recent examples of people either inventing things or re-engineering old ideas to save a few bucks on electricity or gas - either for commercial profit, or just to save themselves a few bucks.
Have a look at this video, though there are a lot of resources online that talk about the concept.
There's also the fact that a solar system increases your home value by something like 1K for every $100 in monthly electrical reduced.
You could go on and on.
The problem is that investing 60K in an electrical system is such a huge investment. If people are really going to start using "alternative" energy sources, it's going to have to be a smaller number with a quicker ROI.
Generating electricity isn't that difficult. Generating enough electricity to keep an average american home electric-bill free is. I started looking into solar and found it was too expensive for too little of a return. Maybe a few years down the road it will be better.
I'm sure a lot of people have done the same, and I'm sure a lot of people have also taken the next step as well and started looking into less expensive ways to generate energy. It seems odd, but very little attention has been paid to the home-electricity arena and there are huge opportunities for engineers and innovators. Building a radial flux generator is well within the capabilities of most do-it-your-selfers for less then a few hundred dollars and the only problem is how to turn it.
Should it really have taken until 2007 before flutter belts came along? Is it really that hard to engineer a device that would take advantage of rooftop wind energy? I bet some products hit the market soon and some DIY projects start showing up online as well.
But wind energy isn't the only thing out there. PV isn't the only way to extract energy from the sun. Gravity can be harnessed pretty easily. And there are plenty of other sources as well.
If there's one good thing to come out of the gas price situation we are dealing with, it's that a lot of smart people will be looking at energy generation all over again.
There is a certain amount of freedom that comes from not being afraid of your own actions and thoughts, but that is a luxury that few of us are able to afford.
Most of us live in compartmentalized worlds. Between family, work, our real world social lives, and our online lives people have secrets. They can range in size from something that would cause an inconvenient discussion or an unappealing judgement to something that could break up a family or worse.
Pushing people to give up the potential of anonymity is akin to implementing Thought Police. The thought that internet laws would be sane if anonymity were not so prevalent is just idealist thinking. The idea that "right wing" politicians are the only ones who write or vote for laws which attack common sensibility is simply ludicrous.
People use anonymity to do bad things. People also use anonymity to do good things. Sometimes people use anonymity just because they feel like it.
Should this lady be punished? Yes. Are the charges appropriate? No. The DA is either not very creative or is pushing a political agenda. Would taking away the potential for online anonymity have prevented this woman from doing harm to the young girl? Probably not.
All it would take in this instance is the availability and choice of another registration system.
I'm surprised nobody has taken that idea to a point of popularity yet. I know there have been at least two attempts that flopped.
However, much like DRM technology, people will ALWAYS find a way around this kind of thing.
If it's based on packet inspection, they secure the packets. If it's based on connection patterns, change the connection patterns. If it's based on ... the list goes on.
The only thing this technology ensures is that the people who are passionate about what they want to do will educate themselves.
My wifi is wide open purposely. It makes it easier when I get a new device or when a friend comes over and wants to use their laptop.
Within the last year, my neighbors finally joined the WIFI club. I appreciate that their networks are all encrypted so I don't accidentally attach to their networks, and my guests don't either.
If someone were to abuse my network, I would lock it down - but in the last 5 years that hasn't happened to my knowledge. I've noticed strange devices attached on occasion, but traffic has been minimal and I've noticed nothing in the way of security breaches on my machines. I probably made someone happy that they could get to the net. Conversely, if those people were clever enough to cover their tracks, they were probably clever enough to break into a secure network anyhow.
Having an insecure network for me is a choice I make consciously, and I would by no means consider someone a thief for simply connecting to my network and accessing the internet.
Many people don't have insecure networks by choice, though. If they left a window open, or a door unlocked, it would be illegal to go into their house unannounced. Is it that much different for a network? I would think that since the signals escape the boundaries of my home that they are open to use by the public, but I think the debate is still pretty wide open.
The other point to consider is the responsibility for traffic generated from your endpoint. Does a network owner have responsibility to ensure that all traffic coming through a network is on the up and up? That's an interesting debate and I'm not sure what the answer really should be.
Mod this man up.
Wait a minute here. Wasn't DirecTV trying to get people to settle for upwards of $3K for stealing signals, and suing them for absurd amounts over 6 figures.
Is the end result of all that litigation a $1500 fine? Or is this somehow different?
LOL. Yep! :)
But to your point - would the number of externally facing windows or the total amount of externally facing glass change significantly? I wouldn't think so.
Natural lighting typically produces significantly less heat than electrical lighting, so you generally see a reduction in electricity costs related to air conditioning as well as for lighting (in commercial facilities where there is a lot of electrical lighting, these costs are measurable). I don't know about heating costs increasing in the winter time - but I would imagine the same phenomina is reversed.
http://natures-lighting.com/products.php?pid=2100
I imagine there's no way around the need for augmented lighting during the dark times, but having a central distribution point for lighting leaves your options pretty open. You could have one high powered central light source to shine directly at your collection point - and you could charge that light via solar power and augment it with good old fashioned coal. Alternatively, you could wire up each room for direct lighting, but that sort of defeats the purpose.
Funny, I've thought about this for quite some time. Having a central repository for high traffic common files is a good idea in general - it would reduce page load times significantly for people since their browser would cache the files and re-use them across multiple sites.
I played with the YUI libraries and I noticed that the files were being sent without cache control headers. The load times were great because of akamai, but by placing those files in somebody else's hands (not picking on yahoo, anybody else's hands), I'm providing information about my sites visitors to a third party in order to save 50K of bandwidth. If I host the files myself, and use appropriate cache-control headers, I only have to spend that bandwidth one time or a few times per visitor per month (some visitors will force-refresh, and some will not support cacheing).
On the client side of the street, an expenditure of 50K of disk space is not unreasonable.
Personally, I'm wary of providing so much information to Google and simply hoping they'll continue to follow the "Don't be evil" mantra.