A real enterprise system for encryption at rest keeps the data encrypted even while running. The way to do this is you replace/add to the file system device drivers and any request for information from the encrypted file system must be from an authorized user id and process (i.e. even root can't have it, if properly configured) and then it decrypts it on the fly after the file system is read and passes it into the authorized application, which should also be designed to encrypt the data in flight anywhere, i.e. between process, across the network, etc...
If ideally configured, you would be making it possible for the data to be used on a specific system by a specific process, but you would be fencing things at a hardware enforced level so that no matter what, the data could never leave that system except in very specific small amounts via an authorized method.
Truecrypt isn't an example of encryption at rest, it's more like Pointsec, an application for full disk encryption, which is only part of the equation.
Because encryption at rest of any taxpayer identification data is a federal government requirement as part of a normal contracting process. So either Equifax does something different between their government-facing systems and their public ones (possible), or they are also in noncompliance of the contractual requirement.
In a large, security conscious organization, even one much, much larger than Equifax (like where I work, which probably has a few hundred or more Equifax sized financial operations), any security vulnerability like not encrypting restricted data at rest would be specifically risk accepted by the business and technical owners of the system, and then would be included in a report to the CEO and the Board highlighting the issue and requiring them to specifically sign off on it before it was allowed.
So yeah, it doesn't shock me that the CEO of Equifax (which doesn't appear to have much in the way of data security processes) doesn't know, but in a responsible organization, the CEO and the Board would not only know about something like that, they'd have explicitly signed off on taking the risk, because there isn't anyone else besides the shareholders who are going to be holding the bag when the risk turns into a reality. Wouldn't you want to know, if you were in that position of responsibility?
So what you're saying is, if the people vote explicitly for legislative representatives to act a certain way while in charge, someone else (presumably you and/or your buddies?) should be able to just override their will and decide what you think is best anyway? There are some words to describe that as a political process, but I'm pretty sure they aren't the ones found in the U.S. Constitution...
What you left out is that the individual deductions and credits being removed will be more than offset by a big increase in the standard deduction. The idea is for less people to have to itemize and for less picking specific winners using deductions and more everyone benefits. So in the end after offsetting the standard deduction and the removed deductions, according to every analysis, the middle class and poor end up with lower taxes.
If you look at standard economic analysis, corporations don't pay taxes. Consumers end up paying for the taxes (because the competing corporations are all forced by the tax payments to charge more), while the employees and stockholders lose some of the money they would have made (because higher prices from including the taxes results in lower purchase volume). That's why economists call corporate taxes some of the worst ideas with a big dead weight loss to the economy. At best, some economists will make a reducing tax avoidance argument for having a corporate income tax level similar to the personal income tax level. The current situation of corporate taxes being nominally higher than elsewhere is just economically stupid.
If electric cars are economically viable, then they don't need a tax credit to convince people to buy them. The angst is mostly about the fact that they aren't economically viable (and thus will mostly stop being purchased) and actually a waste of resources compared to purchasing the same vehicle in an IC configuration. Where that isn't true, they'll continue being purchased.
In the first episode, an outspoken Billionaire reality TV star wins the Presidency against the bitter wife of a former President who believes it's her turn next...
What evidence can you supply that these mandates are uniformly positive? Have you compared a no-mandate condition to the mandated condition?
You might be surprised to learn how many of the mandates you've mentioned have actually made things worse for most people over time.
Standards are important, but mandating them isn't the way to go. How about a mandate that all web browsers must support flash, back when that was the primary mechanism, ie. de facto standard, to ensure we have a shared standard? What could possibly go wrong? Who wouldn't want a browser with flash support? I mean, it'd be practically criminal if a browser developer didn't include flash as part of their standard offering, right? Besides, no one wants to use lync or fetch or wget, anyway.
The average age of cars on the road is about 12 years. So a dozen years is probably a good approximation for your usefulness measure of adoption, reaching about 50% penetration.
How much technological advancement has there been in related car autonomous technology since 2005? Yeah, a lot.
Again, this decision doesn't stop anyone, just doesn't throw them in prison or fine them if they don't do it the government prescribed way. Now, if the major car companies got together and decided to adopt an open standard for intercar communication and began outfitting cars with transmitter/sensors and software modifiable systems for controlling them, maybe in a dozen years we'd have something useful which could be updated retrospectively to be of some use with the latest technology. That's still iffy, but it has a much better chance of long term success. In the meantime, hey, you could presumably use the built in sensors to double as a police radar/laser speed detection tool so that people would willingly spend the extra few hundred dollars on it.:)
You'll note this decision doesn't prevent car manufacturers from implementing this or a similar system, it just doesn't throw people who build cars in jail if they decide their customers will want something different, like lower costs, or a different style of safety feature, or even a similar system which is more advanced later on.
When the government mandates something like this, it creates legal lock-in of that specific solution, preventing better things for customers from occurring. Imagine if every car built was required to implement the 802.11a standard at the time it became a standard, for example. Sure, it's easy with 20/20 hindsight to explain what a disaster that would've been, but at the time people would've been claiming the government needed to ensure every car used the same protocol. All a similar regulation really does is prevent alternate solutions, lower costs options and future different forms of innovation.
We trust our devices: We trust them to surface the correct sources in our information feeds, we trust them to deliver our news, and we trust them to surface the opinions of our friends. So the biggest and most influential platforms falling prey to manipulations upsets that trust—and the order of things.
No, no we don't. We don't just trust everything we read, and for good reason. Typically, the more you know about the subject of a news story, the more you realize how inaccurate it is. That also applies to the news stories you don't know a lot about, you just may not be the one who has the right background on it. I like hearing from the people who do.
massive platforms and services we rely on routinely communicate and coordinate, despite the fact that they are also competitors.
No, we're not pining for the "good old days" when you only had to get the NY Times to preview a story for the three major TV network news teams and it became magically enshrined as the "truth" because no one ever got to see any other opinions.
The answer to bad speech is more speech to compete with it, not censoring speech in order to "control the narrative". Deciding to federate all the Internet media companies into a shared censorship regime because a few spammers purchased a rounding error's worth of advertising in order to promote their click farms is completely out of proportion. It's almost like someone was waiting for an excuse to propose the solution they've been wishing for, a return to the days when not anyone could just speak, when you had to get past the "gatekeepers" in order to communicate to the masses.
Agreed. I'd love it if Facebook had open data APIs where you could get your own data and relationships on and off of it, but I don't want the government stepping in to force them to do it.
You apparently missed the point. I'll attempt to make it more explicit for you.
You claimed "killed, crippled, maimed, sickened, and exploited in the name of free market capitalism, greed, and the almighty profit."
I merely pointed out that the largest group doing those actions isn't part of "free market capitalism" and that to blame greed and profits of the companies for it is a bit much when the government makes just as much off of it.
These two facts are inconsistent with your thesis that these actions are _caused_ by free market capitalism. There is apparently another factor you aren't considering, as the actions occur in the absence of free market capitalist companies and also in the presence of extreme government regulation and profit off of them.
Explain to me again how tobacco companies have some special tie to free market capitalism, when the largest one in the world is 100% government owned? When in the U.S. governments make almost as much as the tobacco companies do from selling cigarettes. When a safer (but not perfect) alternative in vaping is being blocked by the FDA?
Your story about "free market capitalism" doesn't match the facts back in reality.
I know it's difficult on./ to expect even the person writing the article summary to read the article, but here's what says:
Both the House and Senate bills would let automakers test and eventually sell self-driving cars as long as they prove to federal regulators that the level of safety is "at least equal" to current requirements for regular cars.
Note the word "prove".
Also, the bill does:
Require companies selling self-driving cars to submit “safety evaluation reports,” spelling out how the vehicles will be safe according to nine separate criteria including crash protection, data recording and cybersecurity. Require companies to develop cybersecurity plans to protect car occupants and their data. Direct NHTSA to work with state and law-enforcement authorities to research the traffic-safety implications for self-driving cars.
So to suggest this is an effort which will just turn loose a bunch of driverless cars with no thought for safety on the road is a deliberate scare attempt by these "consumer" organizations.
Next, you'll be suggesting that they can't do this without a warrant!
Wait, there are warrants which a judge signed off on? oh, ok... wonder if maybe there is more to the story than CNN is letting on. You know, like probable cause related to a crime...
No, I'm saying that unless someone is actually harming someone else, we should just leave them alone and let them make whatever agreements they want with each other.
The Internet has been unregulated under the FCC for virtually it's entire existence. No massive harm has occurred as a result. Why do you think suddenly one is going to magically appear now?
So previous government regulations and spending in this area failed, therefore, we must put the government in charge of it all?
Your conclusion doesn't follow from your argument...
Consider that I'm also against taxpayers subsiding any ISPs. At least I'm logically consistent in my opposition to government involvement with running the Internet.
What you're missing is that some big companies are pushing the FCC to regulate the Internet in order to lock in their current market advantages and stifle innovation in the future from other companies which might compete with them. Google regulatory capture.
You realize the Internet has worked just fine this entire time without the FCC Net Neutrality rules, right? "Dumping" the new rules which mostly either barely or didn't take effect yet isn't going to conflict with anything which wasn't in conflict a year ago.
Sorry, the Internet as it exists today wasn't built by the government. NSFNET (from your link) isn't even a drop in the bucket. It maxed out at a T-3. Many private companies have multiple 100 GB cross-country links. The Internet primarily consists of privately owned autonomous networks. Sure, make the argument the government owned/built portions should be governed by the government, but don't think that means the private portions should be, which is what we're talking about.
When that right of way was granted, a price was paid and/or an agreement made.
You can't just go back and add arbitrary conditions to those agreements. There is a reason ex post facto laws are prohibitied under Article 1, Section 9, Clause 3 and Article 1 Section 10 of the Constitution.
So no, you (and the government) can't just go back and tyrannically "revoke" access under a previous agreement. Are you really arguing that President Trump should be a lifetime dictator? 'Cause that's where your philosophy leads...
Please go read some history that doesn't contain the propaganda based on the phrase "The people's history".
Debtors prison is by definition an artifact of government laws and regulations. It WAS a labor law. Indentured Servitude, ditto... Slavery, ended primarily by the countries which were more laissez faire and free market. Still exists in some places which aren't, so difficult to tie that to free markets without regulation. Child Labor was ended by private companies BEFORE a national law in the U.S. was passed about it. At the time, it only really still existed in farm labor and family businesses. Guess which two areas the law at the time exempted? Yep, farm labor and family businesses. Either time flows backwards for you, or else you have the causality exactly reversed. Laws/regulations didn't end child labor, child labor was ended by businesses and THEN it was made illegal.
As for suing companies for harms, under common law you can sue for all sorts of harms. The function of laws and regulation is typically to prevent companies from being sued, not to give a new right to sue. That's because the regulators are typically controlled by the established companies in the industry.
You mention 1984... ironically since that was the government controlling everything, especially communications/information channels like the Internet. Dude, you're the one advocating for that. Have you even read the book?
Slashdot Mirror
That's why you don't leave your keys in the lock.
It's also why you don't put the decryption keys in the same place as the data and you enforce what process/id has access to the encrypted data.
A real enterprise system for encryption at rest keeps the data encrypted even while running. The way to do this is you replace/add to the file system device drivers and any request for information from the encrypted file system must be from an authorized user id and process (i.e. even root can't have it, if properly configured) and then it decrypts it on the fly after the file system is read and passes it into the authorized application, which should also be designed to encrypt the data in flight anywhere, i.e. between process, across the network, etc...
If ideally configured, you would be making it possible for the data to be used on a specific system by a specific process, but you would be fencing things at a hardware enforced level so that no matter what, the data could never leave that system except in very specific small amounts via an authorized method.
Truecrypt isn't an example of encryption at rest, it's more like Pointsec, an application for full disk encryption, which is only part of the equation.
Because encryption at rest of any taxpayer identification data is a federal government requirement as part of a normal contracting process. So either Equifax does something different between their government-facing systems and their public ones (possible), or they are also in noncompliance of the contractual requirement.
In a large, security conscious organization, even one much, much larger than Equifax (like where I work, which probably has a few hundred or more Equifax sized financial operations), any security vulnerability like not encrypting restricted data at rest would be specifically risk accepted by the business and technical owners of the system, and then would be included in a report to the CEO and the Board highlighting the issue and requiring them to specifically sign off on it before it was allowed.
So yeah, it doesn't shock me that the CEO of Equifax (which doesn't appear to have much in the way of data security processes) doesn't know, but in a responsible organization, the CEO and the Board would not only know about something like that, they'd have explicitly signed off on taking the risk, because there isn't anyone else besides the shareholders who are going to be holding the bag when the risk turns into a reality. Wouldn't you want to know, if you were in that position of responsibility?
So what you're saying is, if the people vote explicitly for legislative representatives to act a certain way while in charge, someone else (presumably you and/or your buddies?) should be able to just override their will and decide what you think is best anyway? There are some words to describe that as a political process, but I'm pretty sure they aren't the ones found in the U.S. Constitution...
They're just pointing out that the 99% benefit from the work of the top 1%, much the way Federal income taxes work in the United States, where the top 1% of income earners together pay more than the bottom 95% together do.
Yeah, they call this an Almanac once upon a time.
What you left out is that the individual deductions and credits being removed will be more than offset by a big increase in the standard deduction. The idea is for less people to have to itemize and for less picking specific winners using deductions and more everyone benefits. So in the end after offsetting the standard deduction and the removed deductions, according to every analysis, the middle class and poor end up with lower taxes.
If you look at standard economic analysis, corporations don't pay taxes. Consumers end up paying for the taxes (because the competing corporations are all forced by the tax payments to charge more), while the employees and stockholders lose some of the money they would have made (because higher prices from including the taxes results in lower purchase volume). That's why economists call corporate taxes some of the worst ideas with a big dead weight loss to the economy. At best, some economists will make a reducing tax avoidance argument for having a corporate income tax level similar to the personal income tax level. The current situation of corporate taxes being nominally higher than elsewhere is just economically stupid.
If electric cars are economically viable, then they don't need a tax credit to convince people to buy them. The angst is mostly about the fact that they aren't economically viable (and thus will mostly stop being purchased) and actually a waste of resources compared to purchasing the same vehicle in an IC configuration. Where that isn't true, they'll continue being purchased.
In the first episode, an outspoken Billionaire reality TV star wins the Presidency against the bitter wife of a former President who believes it's her turn next...
What evidence can you supply that these mandates are uniformly positive? Have you compared a no-mandate condition to the mandated condition?
You might be surprised to learn how many of the mandates you've mentioned have actually made things worse for most people over time.
Standards are important, but mandating them isn't the way to go. How about a mandate that all web browsers must support flash, back when that was the primary mechanism, ie. de facto standard, to ensure we have a shared standard? What could possibly go wrong? Who wouldn't want a browser with flash support? I mean, it'd be practically criminal if a browser developer didn't include flash as part of their standard offering, right? Besides, no one wants to use lync or fetch or wget, anyway.
The average age of cars on the road is about 12 years. So a dozen years is probably a good approximation for your usefulness measure of adoption, reaching about 50% penetration.
How much technological advancement has there been in related car autonomous technology since 2005? Yeah, a lot.
Again, this decision doesn't stop anyone, just doesn't throw them in prison or fine them if they don't do it the government prescribed way. Now, if the major car companies got together and decided to adopt an open standard for intercar communication and began outfitting cars with transmitter/sensors and software modifiable systems for controlling them, maybe in a dozen years we'd have something useful which could be updated retrospectively to be of some use with the latest technology. That's still iffy, but it has a much better chance of long term success. In the meantime, hey, you could presumably use the built in sensors to double as a police radar/laser speed detection tool so that people would willingly spend the extra few hundred dollars on it. :)
You'll note this decision doesn't prevent car manufacturers from implementing this or a similar system, it just doesn't throw people who build cars in jail if they decide their customers will want something different, like lower costs, or a different style of safety feature, or even a similar system which is more advanced later on.
When the government mandates something like this, it creates legal lock-in of that specific solution, preventing better things for customers from occurring. Imagine if every car built was required to implement the 802.11a standard at the time it became a standard, for example. Sure, it's easy with 20/20 hindsight to explain what a disaster that would've been, but at the time people would've been claiming the government needed to ensure every car used the same protocol. All a similar regulation really does is prevent alternate solutions, lower costs options and future different forms of innovation.
From the article:
No, no we don't. We don't just trust everything we read, and for good reason. Typically, the more you know about the subject of a news story, the more you realize how inaccurate it is. That also applies to the news stories you don't know a lot about, you just may not be the one who has the right background on it. I like hearing from the people who do.
No, we're not pining for the "good old days" when you only had to get the NY Times to preview a story for the three major TV network news teams and it became magically enshrined as the "truth" because no one ever got to see any other opinions.
The answer to bad speech is more speech to compete with it, not censoring speech in order to "control the narrative". Deciding to federate all the Internet media companies into a shared censorship regime because a few spammers purchased a rounding error's worth of advertising in order to promote their click farms is completely out of proportion. It's almost like someone was waiting for an excuse to propose the solution they've been wishing for, a return to the days when not anyone could just speak, when you had to get past the "gatekeepers" in order to communicate to the masses.
Agreed. I'd love it if Facebook had open data APIs where you could get your own data and relationships on and off of it, but I don't want the government stepping in to force them to do it.
As for AIM, the latest news is that after 20 years, it's now shutting down completely. So how did that work out for them in the long run?
You apparently missed the point. I'll attempt to make it more explicit for you.
You claimed "killed, crippled, maimed, sickened, and exploited in the name of free market capitalism, greed, and the almighty profit."
I merely pointed out that the largest group doing those actions isn't part of "free market capitalism" and that to blame greed and profits of the companies for it is a bit much when the government makes just as much off of it.
These two facts are inconsistent with your thesis that these actions are _caused_ by free market capitalism. There is apparently another factor you aren't considering, as the actions occur in the absence of free market capitalist companies and also in the presence of extreme government regulation and profit off of them.
China National Tobacco Corporation, AKA the Chinese government itself, is "the world's largest manufacturer of tobacco products".
Explain to me again how tobacco companies have some special tie to free market capitalism, when the largest one in the world is 100% government owned? When in the U.S. governments make almost as much as the tobacco companies do from selling cigarettes. When a safer (but not perfect) alternative in vaping is being blocked by the FDA?
Your story about "free market capitalism" doesn't match the facts back in reality.
I know it's difficult on ./ to expect even the person writing the article summary to read the article, but here's what says:
Note the word "prove".
Also, the bill does:
So to suggest this is an effort which will just turn loose a bunch of driverless cars with no thought for safety on the road is a deliberate scare attempt by these "consumer" organizations.
Next, you'll be suggesting that they can't do this without a warrant!
Wait, there are warrants which a judge signed off on? oh, ok... wonder if maybe there is more to the story than CNN is letting on. You know, like probable cause related to a crime...
No, I'm saying that unless someone is actually harming someone else, we should just leave them alone and let them make whatever agreements they want with each other.
The Internet has been unregulated under the FCC for virtually it's entire existence. No massive harm has occurred as a result. Why do you think suddenly one is going to magically appear now?
Well, at least there's no bias or point of view apparent in the cited "report" nor the summary.
I guess this is still /., editorials (!news) for nerds...
I agree that an ISP must state clearly in their contract with you what you are contracting for.
Since that's already the law (and lawsuits about it have already won their point), you're all set to oppose more regulations.
So previous government regulations and spending in this area failed, therefore, we must put the government in charge of it all?
Your conclusion doesn't follow from your argument...
Consider that I'm also against taxpayers subsiding any ISPs. At least I'm logically consistent in my opposition to government involvement with running the Internet.
What you're missing is that some big companies are pushing the FCC to regulate the Internet in order to lock in their current market advantages and stifle innovation in the future from other companies which might compete with them. Google regulatory capture.
You realize the Internet has worked just fine this entire time without the FCC Net Neutrality rules, right? "Dumping" the new rules which mostly either barely or didn't take effect yet isn't going to conflict with anything which wasn't in conflict a year ago.
Sorry, the Internet as it exists today wasn't built by the government. NSFNET (from your link) isn't even a drop in the bucket. It maxed out at a T-3. Many private companies have multiple 100 GB cross-country links. The Internet primarily consists of privately owned autonomous networks. Sure, make the argument the government owned/built portions should be governed by the government, but don't think that means the private portions should be, which is what we're talking about.
When that right of way was granted, a price was paid and/or an agreement made.
You can't just go back and add arbitrary conditions to those agreements. There is a reason ex post facto laws are prohibitied under Article 1, Section 9, Clause 3 and Article 1 Section 10 of the Constitution.
So no, you (and the government) can't just go back and tyrannically "revoke" access under a previous agreement. Are you really arguing that President Trump should be a lifetime dictator? 'Cause that's where your philosophy leads...
Please go read some history that doesn't contain the propaganda based on the phrase "The people's history".
Debtors prison is by definition an artifact of government laws and regulations. It WAS a labor law.
Indentured Servitude, ditto...
Slavery, ended primarily by the countries which were more laissez faire and free market. Still exists in some places which aren't, so difficult to tie that to free markets without regulation.
Child Labor was ended by private companies BEFORE a national law in the U.S. was passed about it. At the time, it only really still existed in farm labor and family businesses. Guess which two areas the law at the time exempted? Yep, farm labor and family businesses. Either time flows backwards for you, or else you have the causality exactly reversed. Laws/regulations didn't end child labor, child labor was ended by businesses and THEN it was made illegal.
As for suing companies for harms, under common law you can sue for all sorts of harms. The function of laws and regulation is typically to prevent companies from being sued, not to give a new right to sue. That's because the regulators are typically controlled by the established companies in the industry.
You mention 1984... ironically since that was the government controlling everything, especially communications/information channels like the Internet. Dude, you're the one advocating for that. Have you even read the book?