Since they don't have to run expensive last-mile wiring through the streets to every individual residence, their costs should be significantly lower. In a competitive market, this translates to lower prices.
Given the practical/technical limitations, would I expect gigabit speeds with no contention from my neighbors? Of course not.
But the idea that cellular bandwidth is particularly scarce is no longer true. In most areas, an unlimited home subscription should be viable.
Hell, even the old-school ISPs were looking into using wireless for the last mile as a cost-saving measure. I don't know if they ever got the spectrum to try it, but wires are increasingly unnecessary for typical home/entertainment uses.
A lot of consumers' preferences for more whiz-bang first, and then more battery life would seem to indicate otherwise.
Not quite.
Most whiz-bang draws very little power. A good camera vs a cheap camera is scarcely noticeable. Fingerprint sensors, etc are in the same boat.
The primary consumer of power is the screen on most smartphones, and the only way to run longer is to include larger batteries.
New features and more powerful CPUs are not killing battery life---it's the combination of large screens and thin-and-light form factors.
I would gladly accept a slightly bulky device for double the battery life, but that was not an option. Now LG is finally doing it, but it's a mediocre device.
Call me crazy, but isn't the more logical solution to the issue of battery life to make the phone consume less power?
Google did quite a bit of tweaking to make Android more efficient, between 4.0-6.0 things got a lot better. But then they hit the wall---there is only so much the OS alone can offer.
I know people want their apps, but I'm not convinced that people want to carry around a laptop battery in their pocket.
Well, they have to make hard choices. Running apps takes power.
This is especially true for interactive apps, as the largest power draw on modern phones is the screen. About 2/3 of my power goes to the screen on a Nexus 6P, which is typical for 6-inch devices. This drops to maybe 50% for 5-inch devices. There is only so much the phone manufacturers and app developers can do when that much power is drawn by something they didn't create themselves.
Advances in battery and display technologies are the only places we can reasonably tap for better battery life at this point. Or else we just have to throw larger batteries at the problem.
Anything that requires signatures is vulnerable to forgery if the signer's certificate specifies SHA1.
An attacker could forge:
1. Software signatures - to slip malware into a software vendor's distribution channels.
2. SSL certificates - to MITM web connections to phish, steal data, or distribute malware.
3. Personal digital signatures - to fabricate documents, including emails, transaction, orders, etc that are normally trusted implicitly due to the signature
4. Subordinate CA certificates - to create trusted certificates which permit all of the above
The problem lies with #4. The real risk is not a one-off duplicate of John Doe's smart card. The real danger is the CAs signed with SHA1 who are still trusted by browsers, applications, and OSes around the world. If an attacker counterfeits one of their certificates, he can issue arbitrary certificates for any web site, any software publishers, or any user.
The only solution is to discontinue the use of SHA1 internally and to revoke trust for all CAs that still use SHA1. Better crypto has existed for a long time---the standard for SHA2 was finalized in 2001, well over a decade ago.
PowerShell is a very powerful tool, and it is built in. But that's not what you meant.
There are two ways to get it from the vendor. You pay in cash or labor.
Microsoft is happy to sell you SCOM, which is their network management dashboard (among other things). Very useful in a Windows-dominated environment, but there are better third-party options for shops with Linux and Mac systems.
Unless you're talking about the lowest tier of admins, scripting is part of the job. I cannot understand how people function without CLI literacy. The number of repetitive tasks would be mind-numbing.
I have no problem going to management saying "you can pay $XX thousand per year for operations management software, or I can spend a couple days writing and testing a script." I am perfectly happy offering a cheaper alternative that adds to my credibility and value. Always expand your expertise and share with your team if you have the chance.
Having no power to spend money, you dutifully route a request for a renewal to be paid for. It goes back and forth to accounting for a couple months asking for justifications for the (trivial) expense because no one will give the operations people a p-card or budget.
While it's usually bad to exaggerate, you don't need to.
The justification should mention that the entire corporate network will become unstable or unavailable if this procurement is not completed by the deadline, which should be at least a few days ahead of the actual expiration date.
Ideally, the IT management hierarchy will understand and push it through. If not, they should at least be capable of understanding the necessity when their experts start barking about the importance of such a minor purchase.
And if it takes an organization 100 days to procure things, then the staff should begin a critical procurement at least 120 days in advance. The alerts are useless if they do not allow time to respond.
OK, so you have written such scripts to notify you. Now the company decides they do not need you any more. Are you going to rewrite those scripts to notify someone else? Or even bother to mention to someone that they should do so?
Shouldn't be a problem.
1. The script and its purpose should be documented. Another admin should be able to update it as needed.
2. The output can be emailed or dumped to a file share. Virtually every mail servers supports lists, so the list (or the file share ACL) would just need to be updated.
In a lot of companies, certificate renewal becomes someone's job because they are in the right place at the right time to handle it and everyone else forgets that it even happens until something goes wrong.
First, this "problem" does nothing to change the fact that 2FA is far more secure than passwords.
Second, this is the result of poor management. Any process can become failure-prone in the face of poor management. You need some ITIL training (or equivalent).
It takes a lot of effort to become a well-run organization, but it is totally worth it.
Dealing with their absence has been a mess.
Entirely avoidable. But it requires discipline from the organization.
1. Poorly-defined processes.
2. Lack of documentation.
3. Lack of personnel depth (aka, cross-training---if you need redundant servers then you also need redundant skill sets)
4. Poor change control (his solo fixes should have been discussed and understood by management and the team)
"Someone is higher than me on the ladder! Let's break the ladder so we are all on the ground in the dirt."
If you believe the person higher on the ladder doesn't deserve his place---or hurt others to get up there---then knocking him down starts to look like fairness. Or justice.
If you're already on the ground or a half-step away from it, you won't even notice much of a change.
I'm nowhere near the bottom of the ladder, but I have been lower in the past. And I can easily imagine how things look as you go down.
As you end up with less and less to lose, dangerous bets lose their edge. Anything that has even a small chance of winning smells like hope. And that is what we comfortable people call desperation.
Requiring someone to remember to do an infrequent and short task at a point 1 or 2 years in the future
Bullshit.
I could write a PowerShell script in maybe 10 minutes that will list all of the computers in the domain, connect to them, and check for expiring certificates. I can get a reminder in advance---90 days, 30 days, a week, whatever I want. All I have to do is one thing: understand my job.
Alternatively, some tools (like Nessus, which is FOSS) have audits which automatically check for expiring certificates. They can be configured to email a report, and you can notified every day/week/month if you have expiring certs.
This is a stupid, incompetent failure. You can build or buy a tool to avoid this problem very easily. Compared to using passwords, the only reasonable complaint is that you require decent sys admins.
The HIPAA and SOX regulations only apply to systems that handle health care and accounting data, respectively.
The payment card industry has a complex set of security requirements (PCI DSS), but this is a private agreement between the parties. Any violations are handled by the private authority that audits their system. (The credit card companies basically force everyone to go along with it because they don't want to deal with massive fraud.)
Customer documents, customer billing information, business plans, etc have zero explicit security requirements under US law.
CRISPR (the invention) is a synthetic implementation of the CRISPR/Cas system immune system.
It is a method of customizing where genes are cut. Other methods are used to insert or modify DNA.
It is a tool, albeit a much better one than existed before. Thus, CRISPR could be best compared to replacing a hacksaw with a laser cutter. The general public has no need of such a tool, but we will most likely buy many things which this tool produces.
But having said that, CRISPR is a synthetic recreation/modification of a part of the immune system. It can slice and dice genes very precisely.
There is a lot of research into using CRISPR to cure cancers and prevent some genetic disorders. There are probably going to be a lot of things that use CRISPR in the near future.
It is a very powerful tool---possibly as historically significant as the steam engine. This is the tool that helps us reshape genes, after all.
Machines were niche products until we could power them with something besides people or farm animals. The ability to use them anywhere, refuel them immediately, and generate more power were all important. In a similar vein, CRISPR vastly expands our capacity for genetic engineering. It is almost impossible to predict what we will do with this newfound power.
If you cannot share memory between processes, you take a performance hit every time you need to share data. For some applications, this is a deal-breaker.
If you can share memory in anyway, that sharing mechanism can be broken somehow.
Here's tip: Just don't GLUE it. Just the space required for glue makes it thicker.
Wrong, wrong, wrong.
If the battery is not glued, it must be fastened by some other means. Typically, this is a plastic mounting bay within the device.
My old Samsung Google phone has a removable battery.
A user-removable battery is even more of a challenge. There must be clearance for the battery to move freely (perhaps only a millimeter or two, but still a bit of space).
There must be a removable hatch to provide access---with either clips and/or a hinge to fasten it. These mechanisms invariably take up more space than glue.
As the body is now weaker due to the opening, thicker panels and stronger construction are necessary.
Unibody construction offers some size, weight, and cost benefits, but it is difficult to employ when key structural panels must have large holes for battery access.
I am not a fan of the "thinner/lighter at all costs" trend, but there are complex tradeoffs behind the design. These issues cannot be hand-waived away by an internet know-it-all.
Until you get big-boy projects that require coordination with other people.
What do you do then? Send an email and hope for a quick response? Sit at your desk like a good little doggie until the next project management meeting? Or maybe you go talk it over and get back to work.
The only reason a desk needs an occupancy sensor is for facilities efficiency---or as a crutch for poor hiring and management practices.
You'll be looking at MVNOs rather than major carriers. These companies resell access that they acquired at wholesale rates. In the US wireless market, the budget options are entirely via MVNOs rather than the major carriers.
MetroPCS is $30 (includes all fees) for unlimited voice/text and a small amount of data.
I believe only Total Wireless has a $25 talk/text offering, and they are a TracFone/Walmart joint venture---a very budget-focused endeavor. They have not been around long enough to have a meaningful track record.
It's hard to find anyone who offers unlimited talk/text without any data. There are, quite frankly, too few phones that have such basic functionality. You might as well ask why no one sells buggy whips anymore.
If you are willing to accept reasonably cheap service with caps on minutes/texts, then you have a variety of options---Ting, Straight Talk, Virgin Mobile, TracPhone, etc.
T-Mobile is much better now. With their new spectrum, they have excellent LTE coverage.
Just make sure that your phone supports LTE band 12, as that is their primary 4G spectrum. Newer phones should be fine, but the cutoff is around 2013/2014 for widespread support. E.g., the iPhone 5C doesn't have it.
Most people see lying as a bad thing regardless of who is being lied to---with some tolerance for truly exceptional circumstances.
To some people, there is a huge world of difference between "regular lying", which is fine, and bad lying---specifically "getting caught in a lie" or, even worse, "lying to me". These people always seem a bit scummy to everybody else.
Flynn's boss may have been fine with regular lying, but even scumbags don't like it when their subordinates lie to them or get caught.
I don't think the Model S is the fastest car on the street, so the same argument would apply to other performance vehicles, possibly all of them depending on where you draw the line for a car being "too fast".
Another car was driving the wrong way on the street? Sue him. It might actually work if you get a sympathetic jury.
Driver was 3X the legal alcohol limit? While I have sympathy for the father, there is no excuse. I have seen drunk driving warnings repeatedly since childhood, and I am sure the driver did too. She broke the law and gambled with her safety---and lost.
I feel like this is a ridiculous lawsuit brought about by an ambitious attorney pressuring a heartbroken parent.
Yes it is. The law requires records to be be preserved. They do not require records to be created.
This is incorrect.
Whether a particular document or message is a record is determined by its content and purpose.
Records are like copyright---it's born that way. A document or message is a record regardless of whether anyone has officially identified and cataloged it.
Creating a record on a volatile medium such as Confide is almost certainly illegal.
States are not allowed to enforce immigration laws. Arizona tried doing something and got slapped in federal court.
It's up to the citizens of each state how they treat people who entered or stayed improperly.
printed on the same paper with the same ink
We have a tiered system of government, and immigration laws are certainly not within the purview of the individual states. Your argument is deeply flawed.
Slashdot Mirror
for less cost of the regular landline cable?
Since they don't have to run expensive last-mile wiring through the streets to every individual residence, their costs should be significantly lower. In a competitive market, this translates to lower prices.
Given the practical/technical limitations, would I expect gigabit speeds with no contention from my neighbors? Of course not.
But the idea that cellular bandwidth is particularly scarce is no longer true. In most areas, an unlimited home subscription should be viable.
Hell, even the old-school ISPs were looking into using wireless for the last mile as a cost-saving measure. I don't know if they ever got the spectrum to try it, but wires are increasingly unnecessary for typical home/entertainment uses.
A lot of consumers' preferences for more whiz-bang first, and then more battery life would seem to indicate otherwise.
Not quite.
Most whiz-bang draws very little power. A good camera vs a cheap camera is scarcely noticeable. Fingerprint sensors, etc are in the same boat.
The primary consumer of power is the screen on most smartphones, and the only way to run longer is to include larger batteries.
New features and more powerful CPUs are not killing battery life---it's the combination of large screens and thin-and-light form factors.
I would gladly accept a slightly bulky device for double the battery life, but that was not an option. Now LG is finally doing it, but it's a mediocre device.
Call me crazy, but isn't the more logical solution to the issue of battery life to make the phone consume less power?
Google did quite a bit of tweaking to make Android more efficient, between 4.0-6.0 things got a lot better. But then they hit the wall---there is only so much the OS alone can offer.
I know people want their apps, but I'm not convinced that people want to carry around a laptop battery in their pocket.
Well, they have to make hard choices. Running apps takes power.
This is especially true for interactive apps, as the largest power draw on modern phones is the screen. About 2/3 of my power goes to the screen on a Nexus 6P, which is typical for 6-inch devices. This drops to maybe 50% for 5-inch devices. There is only so much the phone manufacturers and app developers can do when that much power is drawn by something they didn't create themselves.
Advances in battery and display technologies are the only places we can reasonably tap for better battery life at this point. Or else we just have to throw larger batteries at the problem.
Not a lot you can do?
Anything that requires signatures is vulnerable to forgery if the signer's certificate specifies SHA1.
An attacker could forge:
1. Software signatures - to slip malware into a software vendor's distribution channels.
2. SSL certificates - to MITM web connections to phish, steal data, or distribute malware.
3. Personal digital signatures - to fabricate documents, including emails, transaction, orders, etc that are normally trusted implicitly due to the signature
4. Subordinate CA certificates - to create trusted certificates which permit all of the above
The problem lies with #4. The real risk is not a one-off duplicate of John Doe's smart card. The real danger is the CAs signed with SHA1 who are still trusted by browsers, applications, and OSes around the world. If an attacker counterfeits one of their certificates, he can issue arbitrary certificates for any web site, any software publishers, or any user.
The only solution is to discontinue the use of SHA1 internally and to revoke trust for all CAs that still use SHA1. Better crypto has existed for a long time---the standard for SHA2 was finalized in 2001, well over a decade ago.
Why aren't these tools built in, though?
PowerShell is a very powerful tool, and it is built in. But that's not what you meant.
There are two ways to get it from the vendor. You pay in cash or labor.
Microsoft is happy to sell you SCOM, which is their network management dashboard (among other things). Very useful in a Windows-dominated environment, but there are better third-party options for shops with Linux and Mac systems.
Unless you're talking about the lowest tier of admins, scripting is part of the job. I cannot understand how people function without CLI literacy. The number of repetitive tasks would be mind-numbing.
I have no problem going to management saying "you can pay $XX thousand per year for operations management software, or I can spend a couple days writing and testing a script." I am perfectly happy offering a cheaper alternative that adds to my credibility and value. Always expand your expertise and share with your team if you have the chance.
Having no power to spend money, you dutifully route a request for a renewal to be paid for. It goes back and forth to accounting for a couple months asking for justifications for the (trivial) expense because no one will give the operations people a p-card or budget.
While it's usually bad to exaggerate, you don't need to.
The justification should mention that the entire corporate network will become unstable or unavailable if this procurement is not completed by the deadline, which should be at least a few days ahead of the actual expiration date.
Ideally, the IT management hierarchy will understand and push it through. If not, they should at least be capable of understanding the necessity when their experts start barking about the importance of such a minor purchase.
And if it takes an organization 100 days to procure things, then the staff should begin a critical procurement at least 120 days in advance. The alerts are useless if they do not allow time to respond.
OK, so you have written such scripts to notify you. Now the company decides they do not need you any more. Are you going to rewrite those scripts to notify someone else? Or even bother to mention to someone that they should do so?
Shouldn't be a problem.
1. The script and its purpose should be documented. Another admin should be able to update it as needed.
2. The output can be emailed or dumped to a file share. Virtually every mail servers supports lists, so the list (or the file share ACL) would just need to be updated.
In a lot of companies, certificate renewal becomes someone's job because they are in the right place at the right time to handle it and everyone else forgets that it even happens until something goes wrong.
First, this "problem" does nothing to change the fact that 2FA is far more secure than passwords.
Second, this is the result of poor management. Any process can become failure-prone in the face of poor management. You need some ITIL training (or equivalent).
It takes a lot of effort to become a well-run organization, but it is totally worth it.
Dealing with their absence has been a mess.
Entirely avoidable. But it requires discipline from the organization.
1. Poorly-defined processes.
2. Lack of documentation.
3. Lack of personnel depth (aka, cross-training---if you need redundant servers then you also need redundant skill sets)
4. Poor change control (his solo fixes should have been discussed and understood by management and the team)
"Someone is higher than me on the ladder! Let's break the ladder so we are all on the ground in the dirt."
If you believe the person higher on the ladder doesn't deserve his place---or hurt others to get up there---then knocking him down starts to look like fairness. Or justice.
If you're already on the ground or a half-step away from it, you won't even notice much of a change.
I'm nowhere near the bottom of the ladder, but I have been lower in the past. And I can easily imagine how things look as you go down.
As you end up with less and less to lose, dangerous bets lose their edge. Anything that has even a small chance of winning smells like hope. And that is what we comfortable people call desperation.
Requiring someone to remember to do an infrequent and short task at a point 1 or 2 years in the future
Bullshit.
I could write a PowerShell script in maybe 10 minutes that will list all of the computers in the domain, connect to them, and check for expiring certificates. I can get a reminder in advance---90 days, 30 days, a week, whatever I want. All I have to do is one thing: understand my job.
Alternatively, some tools (like Nessus, which is FOSS) have audits which automatically check for expiring certificates. They can be configured to email a report, and you can notified every day/week/month if you have expiring certs.
This is a stupid, incompetent failure. You can build or buy a tool to avoid this problem very easily. Compared to using passwords, the only reasonable complaint is that you require decent sys admins.
The HIPAA and SOX regulations only apply to systems that handle health care and accounting data, respectively.
The payment card industry has a complex set of security requirements (PCI DSS), but this is a private agreement between the parties. Any violations are handled by the private authority that audits their system. (The credit card companies basically force everyone to go along with it because they don't want to deal with massive fraud.)
Customer documents, customer billing information, business plans, etc have zero explicit security requirements under US law.
The board is still in charge. And below, there is a top level of management.
They eliminated one middle man between the top managers and the board. Big deal.
In America, that is one seriously overpaid middle man, however, so we need to do it more than they do.
There are public and private streaming options. He was recording to a public stream.
The article even says he noticed it was public after 30 minutes and left it that way.
I have every desire for legal privacy protections, but this guy basically waived them all. And then had the audacity to file a lawsuit.
CRISPR (the invention) is a synthetic implementation of the CRISPR/Cas system immune system.
It is a method of customizing where genes are cut. Other methods are used to insert or modify DNA.
It is a tool, albeit a much better one than existed before. Thus, CRISPR could be best compared to replacing a hacksaw with a laser cutter. The general public has no need of such a tool, but we will most likely buy many things which this tool produces.
Patent law doesn't require physical products.
But having said that, CRISPR is a synthetic recreation/modification of a part of the immune system. It can slice and dice genes very precisely.
There is a lot of research into using CRISPR to cure cancers and prevent some genetic disorders. There are probably going to be a lot of things that use CRISPR in the near future.
It is a very powerful tool---possibly as historically significant as the steam engine. This is the tool that helps us reshape genes, after all.
Machines were niche products until we could power them with something besides people or farm animals. The ability to use them anywhere, refuel them immediately, and generate more power were all important. In a similar vein, CRISPR vastly expands our capacity for genetic engineering. It is almost impossible to predict what we will do with this newfound power.
If you cannot share memory between processes, you take a performance hit every time you need to share data. For some applications, this is a deal-breaker.
If you can share memory in anyway, that sharing mechanism can be broken somehow.
Pick your poison.
(P.S. - The market made its choice long ago.)
Except you can't scale solar production up or down to handle fluctuations in demand. Or produce solar at night. Or control the weather.
But aside from that, sure.
Solar will always be a second-rate option for utilities until storage becomes cheap and plentiful.
Here's tip: Just don't GLUE it.
Just the space required for glue makes it thicker.
Wrong, wrong, wrong.
If the battery is not glued, it must be fastened by some other means. Typically, this is a plastic mounting bay within the device.
My old Samsung Google phone has a removable battery.
A user-removable battery is even more of a challenge. There must be clearance for the battery to move freely (perhaps only a millimeter or two, but still a bit of space).
There must be a removable hatch to provide access---with either clips and/or a hinge to fasten it. These mechanisms invariably take up more space than glue.
As the body is now weaker due to the opening, thicker panels and stronger construction are necessary.
Unibody construction offers some size, weight, and cost benefits, but it is difficult to employ when key structural panels must have large holes for battery access.
I am not a fan of the "thinner/lighter at all costs" trend, but there are complex tradeoffs behind the design. These issues cannot be hand-waived away by an internet know-it-all.
Until you get big-boy projects that require coordination with other people.
What do you do then? Send an email and hope for a quick response? Sit at your desk like a good little doggie until the next project management meeting? Or maybe you go talk it over and get back to work.
The only reason a desk needs an occupancy sensor is for facilities efficiency---or as a crutch for poor hiring and management practices.
You'll be looking at MVNOs rather than major carriers. These companies resell access that they acquired at wholesale rates. In the US wireless market, the budget options are entirely via MVNOs rather than the major carriers.
MetroPCS is $30 (includes all fees) for unlimited voice/text and a small amount of data.
I believe only Total Wireless has a $25 talk/text offering, and they are a TracFone/Walmart joint venture---a very budget-focused endeavor. They have not been around long enough to have a meaningful track record.
It's hard to find anyone who offers unlimited talk/text without any data. There are, quite frankly, too few phones that have such basic functionality. You might as well ask why no one sells buggy whips anymore.
If you are willing to accept reasonably cheap service with caps on minutes/texts, then you have a variety of options---Ting, Straight Talk, Virgin Mobile, TracPhone, etc.
T-Mobile is much better now. With their new spectrum, they have excellent LTE coverage.
Just make sure that your phone supports LTE band 12, as that is their primary 4G spectrum. Newer phones should be fine, but the cutoff is around 2013/2014 for widespread support. E.g., the iPhone 5C doesn't have it.
If CEOs and companies make public announcements on Twitter, then the answer is obviously yes.
Most people see lying as a bad thing regardless of who is being lied to---with some tolerance for truly exceptional circumstances.
To some people, there is a huge world of difference between "regular lying", which is fine, and bad lying---specifically "getting caught in a lie" or, even worse, "lying to me". These people always seem a bit scummy to everybody else.
Flynn's boss may have been fine with regular lying, but even scumbags don't like it when their subordinates lie to them or get caught.
I don't think the Model S is the fastest car on the street, so the same argument would apply to other performance vehicles, possibly all of them depending on where you draw the line for a car being "too fast".
Another car was driving the wrong way on the street? Sue him. It might actually work if you get a sympathetic jury.
Driver was 3X the legal alcohol limit? While I have sympathy for the father, there is no excuse. I have seen drunk driving warnings repeatedly since childhood, and I am sure the driver did too. She broke the law and gambled with her safety---and lost.
I feel like this is a ridiculous lawsuit brought about by an ambitious attorney pressuring a heartbroken parent.
Yes it is. The law requires records to be be preserved. They do not require records to be created.
This is incorrect.
Whether a particular document or message is a record is determined by its content and purpose.
Records are like copyright---it's born that way. A document or message is a record regardless of whether anyone has officially identified and cataloged it.
Creating a record on a volatile medium such as Confide is almost certainly illegal.
illegal unlicensed people in NYC
States are not allowed to enforce immigration laws. Arizona tried doing something and got slapped in federal court.
It's up to the citizens of each state how they treat people who entered or stayed improperly.
printed on the same paper with the same ink
We have a tiered system of government, and immigration laws are certainly not within the purview of the individual states. Your argument is deeply flawed.