at the VA they disable new USB devices on the computers as a security measure
Disabling USB ports is stupid.
A lot of crap gets spread on USB drives, so I'm not surprised if those are locked down.
if you remove your login card the computer locks
This prevents unauthorized people from accessing unattended computers. This is the same reason that the computer locks if you don't use it for 10-15 minutes.
Locking user sessions is basic security, and if you don't understand that then I'm not surprised if no one listens to your complaints.
so they bought a second card reader for EVERY computer at the VA so that the admin card can used when needed.. that's some fucked up waste
Smart card readers are around $20, so it's trivial compared to the cost of the computer (or even compared to the cost of other security measures).
One of the companies I worked for had smart card authentication, and they supplied multiple readers to support alternate credentials.
Yes, they could provide extra readers only to IT staffers. But they're more likely to get broken if people are carrying them around all day while they work. It is simpler and possibly cheaper in the long run to just have one sitting at each workstation, where it will generally be left alone until it is used. Smart card readers are cheap, but they are not particularly durable.
Then it was pointed out that using a CAC for login required a connection to validation servers.
Not continuously.
They could download the CRLs from each certificate authority once a day and distribute them to the authentication servers (Windows domain controllers, most likely).
There are tools to automate this process, and they can be scheduled for off hours and to retry in the event of a network outage.
Obviously, there are grounds for an exception where internet connectivity goes down for days at time, but even then you could configure the system to skip validation. (Skipping validation still means the user has a legitimate certificate---it just does not check to see if has been revoked since the time it was created.)
The domain admin should be capable of disabling validation in under five minutes. Users could also unplug the network cable and log in with cached credentials.
The only permanent exception might be submarines, where they are routinely expected to go without network connectivity for days at a time. Even then, they could just disable validation. It's not like the Chinese Unit 61398 guys are going to steal a sailor's CAC while his sub is underway.
So, basically, they could require smart card authentication in those places---if they have the forethought to provide proper training and permissions in advance.
Even without validation, smart cards are probably more secure than passwords. Especially if people write down or share passwords.
IT refused to accommodate her needing to access work somewhere other than where they deemed the correct place was
Those refusals were based on following the law.
Federal laws dictate what constitutes a public record and how they must be retained. Virtually all outbound communications would qualify as public records, and many internal office emails will qualify as well.
Federal laws also dictate how sensitive information is handled. This includes not only classified information, but also any electronic storage of personal information or information designated for official use only.
Sometimes IT may slack off and deny a request when they could meet the requirement with a bit of work.
In my experience, however, most requests are denied because there is a significant cost associated with delivering the service in a manner that complies with legal requirements. Occasionally, a request cannot be fulfilled legally at all. But mostly it is possible, just very expensive---and upper management decides not to allow it.
CAC is the US DoD implementation of smart cards, and any enterprise can deploy smart cards to its users.
Basically putting a Kerberos ticket on the card for single sign-on for a limited time.
That is not at all how smart cards work.
The card contains one or more certificates, and it will perform some pre-defined authentication operations using the private key if presented with the user's PIN.
Successful completion of these operations verifies the owner of the certificate is using the machine. The Subject Alternative Name field on the certificate is linked to the user's Active Directory account. Standard verification against OCSP or CRL is used to validate the certificate.
All machines store, send, and receive both Kerberos TGTs and service tickets the exact same way for smart card users as they do for password-based users. There would be huge compatibility issues if the machines needed to pass tickets through the smart card.
Putting Kerberos tickets on smart cards would be a logistical nightmare due to those issues, and it completely ignores the fact that Kerberos TGTs must expire periodically to mitigate offline attacks.
It's called Smart Card authentication, and it is vulnerable to most of the same attacks as password-based accounts on Windows domains because the underlying security protocol is the same.
If some random guy walks into the office, he won't be able to use passwords on stick-it notes to get into the systems. So yes, this is a small step in the right direction.
If we're talking about a network compromise, however, the value of Smart Cards is very low. Most attackers will still steal password hashes and Kerberos credentials from compromised systems, and even SmartCard-enabled accounts have password hashes under the hood in Active Directory.
If Joe SixPack doesn't have access to the credit card database, his account can;t be used to hack it.
It's never that simple.
An attacker will hack Joe's account because Joe was dumb enough to click a phishing email or download a trojan.
The attacker will own Joe's machine and wait for an account with admin privileges to log on. It could be the Help Desk guys installing patches, or it could be the application account for the enterprise configuration management application. It doesn't matter, as long as it has the privileges.
Since that admin account probably has access to all the workstations on the domain, the attacker now has admin rights to all workstations. Now he just needs to wait for a server or database admin to login somewhere so he can steal those credentials.
It is pretty trivial to escalate from standard user to sensitive administrator accounts as long as the intrusion is not detected immediately. The only way to make it even slightly difficult is to prohibit server admins from logging into workstations across the board.
All it takes is one lazy admin to leave it open. If one server admin account is compromised, the attacker can get onto his server(s). Since most organizations have at least one IT group or application account with access to all the servers, the attacker will be able to steal those credentials the next time they login.
So yes, Joe SixPack can easily lead to compromised web and database servers even though he has no access himself. It is mind-boggling easy to harvest credentials from compromised machines, and most APTs employ these techniques as a standard method.
which is why real him theater equipment uses digital audio inputs if it can instead of decoding surround from two-channel audio
That was good for a laugh.
Home theater equipment uses multichannel audio because it has multiple speakers to drive.
A stereo jack for headphones and CD audio is perfectly fine because CDs and headphones have only two speakers.
Also, you cannot "decode" surround sound from a two-channel source. You cannot "decode" additional channels that never existed in the original audio stream. You can simulate them with clever processing, but the use of the word "decode" clearly indicates you have no idea what you are talking about.
The difference is that all of those technologies were replaced because they could no longer perform the tasks that the users wanted to do.
The analog audio jack is capable of passing signals with far greater fidelity than the human ear can detect, so there is no inherent trend toward obsolescence as the surrounding technology advances.
If the recording and telecommunications industries also had input into a successor, I might buy into it. There are many use cases outside of smartphones, and it is hugely convenient to have one standard that works across the board, especially for something as ubiquitous as audio.
The clocks vary by 1-2% between the review and retail products. I can think of far more important issues to froth over on the internet.
The retail products even have an option to kick up to that performance level. Granted, it's not the default, but it's supported and very easy to change.
Manufacturers make far more outlandish claims by carefully selecting benchmarks, and no one even pays attention to that anymore.
Is it bullshit on some fundamental level? Yeah, maybe it's dishonest, and I'm not going to give corporations the benefit of the doubt when it comes to their motives. But it's barely a blip on the bullshit meter.
If the user didn't have the ability to adjust the clocks, then I could understand getting angry. At a 1-2% clock difference, it would still be a minor point. We can adjust the clocks though, so we get the same level of performance at home.
I'm in the market for a video card during this product cycle (waiting for Vega details), and this just doesn't matter enough to affect my decision at all.
Most people are perfectly willing to burn battery power on the things they want to do.
People buy computers---including premium features like battery life---to run what they want. Or they buy accessories after the fact like DC chargers and spare batteries.
At most, this article made me consider Opera as an alternative to Chrome, as it is equally functional and perhaps less demanding.
From a security standpoint, I am fine with almost anything that replaces Internet Explorer. But seriously, everyone who really wants battery life has already paid for it.
EITHER - tax deductions are a primary reduction in the tax owed, in which case you never owed those funds to the government in the first place.
So, hypothetically, the government could pass a law which imposes a lower tax rate on citizens who do not use drugs. Your tax burden and withholding would be based on which category you fall into.
Or it could impose a tax or penalty which is applied when certain conditions are met, e.g., missing or failing a drug test. Obamacare already does this for people who fail to maintain health care coverage, so this option is definitely possible and legal (it was upheld by the Supreme Court).
You owe less money if you do not use drugs, presumably justified by the belief that you will require fewer services from law enforcement and health care agencies.
or
- tax deductions are a credit from the government due to something you did that they want to encourage.
So, hypothetically, the could could pass a law which grants a tax credit to people who do not use drugs.
Eligibility for the credit is determined by showing up and passing drug tests as scheduled by the agency responsible for it.
Your expected tax burden is reduced by remaining clean.
---
So yeah, I can see this being implemented under either rubric. You made a distinction that is meaningless in any practical terms.
Conservatives want to see equality of opportunity - everyone starts the race at the same line.
It doesn't happen now, and it probably never will.
A child born to junkie parents will be behind his peers with good parents before he's an adult. Socioeconomic status plays a role too, but that child loses out regardless of where his parents sit on the totem pole. The parents could abuse prescription oxy after shopping around for doctors or buy pills from some scuzzy street dealer. He's not at the same starting line when he hits 18 either way, and there is no way to fix that.
Now, you could give that kid a series of small boosts to compensate for the unfair start. Catch him up a bit. It's not the same as giving him a healthy childhood---still, better late than never, right?
But no, those are "handouts" or "entitlement programs" or some other fat-government swear word.
At most, a few crazy people think wealth should be distributed equally. Your whole argument is a straw man unless you're only addressing those whackos.
Most people are arguing that we ought to do it a little bit to compensate a person for disadvantages that are not his fault. This goes to the fundamental question of fairness---just like it's a form of fairness for people to keep the rewards they've earned.
The real problem is that it's hard to tell exactly how big a setback is caused by particular circumstances. No event has the same impact on everyone, so it is impossible to come up with an objective mechanism for offsetting disadvantages.
Still, we understand a bit about how it all fits together, so we can create an institution that makes things a little better overall---even if it does not maintain perfect fairness.
Since one is customer, and the other is one of several ISPs, then what "regulation" is needed?
Someone has to run the fiber, maintain it, replace it, and decide who gets to use the free space in the conduit (because someone eventually will).
If the government doesn't own the fiber or the conduits, then it will have to regulate the companies that do.
Want a real life example? Look at utility poles.
My state has laws that force utility companies to share poles when there is space available on them. Most states have similar regulations. Why? Because they didn't want to share with anyone, and we don't want 10 poles on every block. There is occasional squabbling, but it works.
What are the chances that the industry will behave better with fiber or underground conduits? Not very good, I would say.
I personally don't care if a service is managed by a dicknosed bureaucrat or an assfaced CEO. My ideological preference is whatever actually works. They can figure out how to play nice with everyone and deliver what people want, or they can go to hell.
Heavily-regulated residential utilities seem to be both reliable and affordable, so I'll roll with that. I have no complaints about my electric, water, gas, or sewage. Only the minimally-regulated cable and internet industry seems to be jacked up---at least in the five states where I've lived. So I have no problem trying to make the cable/ISP industry more like the others. If that doesn't work, walk it back and try something else.
Space moved a tiny amount, yes, but at a distance of 1.3 billion light-years. It is so small because we are so far away.
Imagine saying light waves are useless because a distant galaxy is so dim that it is barely detectable. But when you account for the distance, you realize that there was some serious energy in that light, and the light traveled a vast distance without being concentrated or guided in any fashion.
Where would telecommunications be now, if we looked disdainfully at a dim galaxy and decided not to research lasers?
Gravity is the weakest of the fundamental forces, but it is the one to study if you want to manipulate space.
If gravity wave intensity follows the inverse square law, that would be a ripple in space of roughly 1500 meters at a distance of 1 light-year from the collision (for a local deflection of 1 photon's circumference).
Since the article indicates the detector is sensitive down to 1/1000 of a photon's circumference, it would indicate at least a 1.5-meter ripple at one light-year for the smallest detectable ripple. This would be at least a 10cm change on Earth if it happened in Alpha Centuari. Obviously, this number should be multiplied by the actual detected change, but unfortunately the article does not report it.
This translates to a ripple of ~196 km at a distance of one light-day, or 1.6 million km at 8 light-minutes (the distance from the Earth to the Sun).
I don't know what a 1.6 million km ripple in space would do to something within it, but I doubt I would like to experience it.
We've done amazing things with optics in the century or two after we figured out how light worked. Clever ways of generating it, filtering it, focusing it, etc.
Now that we know with certainty that gravitational waves exist, we can work on better observations and a better understanding of this force.
We won't have interstellar warp travel in the next decade---but looking back, we didn't build the first laser until 50 years after the first detection of photons. This is just one step on a long road.
You suck at math. Amazon shipped 1 billion packages in 2015. So you can estimate that it sends about that much a year (and probably more so by the end of 2016.)
24 incidents / 1,000,000,000 = 0.000000024
That's 7 zeroes to the left of the most significant digit, or 99.9999976% or 7 degrees of reliable testing.
I'm not defending Amazon. A lapse is a lapse, and good that the feds are suing them, which will make the company improve a track record that is already good.
And you suck at statistics.
Without knowing how many of those billion packages were examined, we can make no inference as to the frequency of their safety violations.
We would also need to know if those examinations were random samples or the result of incident investigations in order to account for possible selection bias. E.g., it looks really bad if 24 of 24 inspected packages were found to violate safety regulations---until you find out the sample consisted entirely of investigations into incidents reported by the airlines.
Without comparable data for competitors, we can make no judgments on the effectiveness of their vetting process. You need to assess their output against either a written requirement or a set of baseline data. They failed the regulatory requirement repeatedly, so the only way they could claim to have a good process is by performing better than other companies operating under the same set of rules.
You say you want to have your FTP packets dropped so that your VoIP packets get through, but what you really mean is that you want my FTP packets to be dropped so that your VoIP packets get through. And that's not acceptable
Actually, it is the way things should work.
If FTP packets are dropped, they will be retransmitted. The file transfer will take longer, but it will still work unless the congestion is really, really bad.
Due to the nature of human auditory processing, however, you cannot just resend VoIP packets a half second later and expect everything to work. The typical use case implies a requirement for timely delivery.
A well-managed network should be able to route both VoIP and FTP in a way that prevents either protocol from affecting the network, in part because of QoS/DCSP rules.
But if things do slow down a bit, the VoIP users need their full 64 kbps a lot more than FTP users need an extra 64 kbps. FTP can slow down and speed up quite easily; VoIP can't.
If you kill it, it restart itself and gives no notification or choice when it updates.
Google didn't make it do that.
It does that because it's running as a system service, and services are restarted by default if they fail.
There are two very simple ways to "fix" it if you find it that worrisome.
The first is to open the management console (services.msc), scroll down to the Google Update service, double-click it, and change the startup option from automatic to disabled. It will no longer run at all. You could set it to manual, in which case it will only run if you go in and start it.
The other option is to change the failure response. It's on the second tab of the same dialogue box. There are options for first/second/subsequent failures. Change all of them from "restart to the service" to "take no action". If you do this, the updater will run when the system is started, but it will stay off when you turn it off.
This is basic OS functionality, not some Google conspiracy.
Part of the cost for many military procurements stems from the requirement that components and assembly either be completely domestic or, at most, are sourced from allied nations.
It is significantly harder for an adversary to taint your equipment if none of the parts have ever been within their territory.
Why does a damn 'web browser' require 2GB of memory?
If your browser uses a separate process for each tab, then you'll have 18 instances of process overhead when 18 tabs are open.
In Chrome, the rendering engine, plugins, and extensions each run in their own process as well. Some plugins are quite demanding.
In addition, there must be a fairly comprehensive framework for interprocess communication so plugins can function.
You trade significant RAM overhead and low/moderate CPU overhead for some security and reliability. The ability to have individual tabs/plugins hang or crash without affecting the others is probably the most practical benefit, as there always seems to be some web site with absolutely retarded scripting that ends up eating an entire CPU core.
If they don't do enough QA to catch a bricking bug, I can guarantee you they did not spend money developing a secure architecture either.
Automotive systems security is a joke. In some cars, it is literally nonexistent. Most of them didn't even use code signing the last time I checked.
On my vehicle in particular, anyone with physical access can plug into the ODBC connector and wipe the ECU. Not just reset---wipe. As in instabrick, call a tow truck.
And my car has Bluetooth integration so phones can play calls and music over the speakers, which means it may be exploitable from the outside. Everything is on an unsecured CAN bus. At this point, I'm really just hoping no one bothers exploiting a car with somewhat limited domestic sales.
In the modern world eye witnesses mean absolutely nothing.
That is a decision for the jury to make. I seriously doubt that every witness in the world has been tampered with, so it becomes a question of honesty and reliability.
People can be convinced of anything, including memory of experiences they never had.
That is difficult to pull off and requires a concerted effort. Even the experts cannot induce memories very well. Is there any evidence of such an effort in this case?
This is a consequence of abstracting so many aspects of the world behind multiple layers of virtual interfaces.
Meaningless psycho-babble. Mentally sound adults have very little trouble distinguishing between imaginary, physical, hypothetical, and virtual entities.
We consider people who have serious trouble with this to be either handicapped or insane.
I hate it when people dismiss something as "hearsay" just because it disagrees with their conclusions.
Especially when the statement is actually an allegation, an eyewitness account, or a forensic report. Or when they are perfectly willing to accept hearsay in favor of their conclusions.
Actually, virtually every time I see "hearsay" mentioned it is an attempt to dismiss something that is not actually hearsay. Maybe I just hate a lot of people.
Slashdot Mirror
at the VA they disable new USB devices on the computers as a security measure
Disabling USB ports is stupid.
A lot of crap gets spread on USB drives, so I'm not surprised if those are locked down.
if you remove your login card the computer locks
This prevents unauthorized people from accessing unattended computers. This is the same reason that the computer locks if you don't use it for 10-15 minutes.
Locking user sessions is basic security, and if you don't understand that then I'm not surprised if no one listens to your complaints.
so they bought a second card reader for EVERY computer at the VA so that the admin card can used when needed.. that's some fucked up waste
Smart card readers are around $20, so it's trivial compared to the cost of the computer (or even compared to the cost of other security measures).
One of the companies I worked for had smart card authentication, and they supplied multiple readers to support alternate credentials.
Yes, they could provide extra readers only to IT staffers. But they're more likely to get broken if people are carrying them around all day while they work. It is simpler and possibly cheaper in the long run to just have one sitting at each workstation, where it will generally be left alone until it is used. Smart card readers are cheap, but they are not particularly durable.
Then it was pointed out that using a CAC for login required a connection to validation servers.
Not continuously.
They could download the CRLs from each certificate authority once a day and distribute them to the authentication servers (Windows domain controllers, most likely).
There are tools to automate this process, and they can be scheduled for off hours and to retry in the event of a network outage.
Obviously, there are grounds for an exception where internet connectivity goes down for days at time, but even then you could configure the system to skip validation. (Skipping validation still means the user has a legitimate certificate---it just does not check to see if has been revoked since the time it was created.)
The domain admin should be capable of disabling validation in under five minutes. Users could also unplug the network cable and log in with cached credentials.
The only permanent exception might be submarines, where they are routinely expected to go without network connectivity for days at a time. Even then, they could just disable validation. It's not like the Chinese Unit 61398 guys are going to steal a sailor's CAC while his sub is underway.
So, basically, they could require smart card authentication in those places---if they have the forethought to provide proper training and permissions in advance.
Even without validation, smart cards are probably more secure than passwords. Especially if people write down or share passwords.
IT refused to accommodate her needing to access work somewhere other than where they deemed the correct place was
Those refusals were based on following the law.
Federal laws dictate what constitutes a public record and how they must be retained. Virtually all outbound communications would qualify as public records, and many internal office emails will qualify as well.
Federal laws also dictate how sensitive information is handled. This includes not only classified information, but also any electronic storage of personal information or information designated for official use only.
Sometimes IT may slack off and deny a request when they could meet the requirement with a bit of work.
In my experience, however, most requests are denied because there is a significant cost associated with delivering the service in a manner that complies with legal requirements. Occasionally, a request cannot be fulfilled legally at all. But mostly it is possible, just very expensive---and upper management decides not to allow it.
CAC is the US DoD implementation of smart cards, and any enterprise can deploy smart cards to its users.
Basically putting a Kerberos ticket on the card for single sign-on for a limited time.
That is not at all how smart cards work.
The card contains one or more certificates, and it will perform some pre-defined authentication operations using the private key if presented with the user's PIN.
Successful completion of these operations verifies the owner of the certificate is using the machine. The Subject Alternative Name field on the certificate is linked to the user's Active Directory account. Standard verification against OCSP or CRL is used to validate the certificate.
All machines store, send, and receive both Kerberos TGTs and service tickets the exact same way for smart card users as they do for password-based users. There would be huge compatibility issues if the machines needed to pass tickets through the smart card.
Putting Kerberos tickets on smart cards would be a logistical nightmare due to those issues, and it completely ignores the fact that Kerberos TGTs must expire periodically to mitigate offline attacks.
It's called Smart Card authentication, and it is vulnerable to most of the same attacks as password-based accounts on Windows domains because the underlying security protocol is the same.
If some random guy walks into the office, he won't be able to use passwords on stick-it notes to get into the systems. So yes, this is a small step in the right direction.
If we're talking about a network compromise, however, the value of Smart Cards is very low. Most attackers will still steal password hashes and Kerberos credentials from compromised systems, and even SmartCard-enabled accounts have password hashes under the hood in Active Directory.
If Joe SixPack doesn't have access to the credit card database, his account can;t be used to hack it.
It's never that simple.
An attacker will hack Joe's account because Joe was dumb enough to click a phishing email or download a trojan.
The attacker will own Joe's machine and wait for an account with admin privileges to log on. It could be the Help Desk guys installing patches, or it could be the application account for the enterprise configuration management application. It doesn't matter, as long as it has the privileges.
Since that admin account probably has access to all the workstations on the domain, the attacker now has admin rights to all workstations. Now he just needs to wait for a server or database admin to login somewhere so he can steal those credentials.
It is pretty trivial to escalate from standard user to sensitive administrator accounts as long as the intrusion is not detected immediately. The only way to make it even slightly difficult is to prohibit server admins from logging into workstations across the board.
All it takes is one lazy admin to leave it open. If one server admin account is compromised, the attacker can get onto his server(s). Since most organizations have at least one IT group or application account with access to all the servers, the attacker will be able to steal those credentials the next time they login.
So yes, Joe SixPack can easily lead to compromised web and database servers even though he has no access himself. It is mind-boggling easy to harvest credentials from compromised machines, and most APTs employ these techniques as a standard method.
which is why real him theater equipment uses digital audio inputs if it can instead of decoding surround from two-channel audio
That was good for a laugh.
Home theater equipment uses multichannel audio because it has multiple speakers to drive.
A stereo jack for headphones and CD audio is perfectly fine because CDs and headphones have only two speakers.
Also, you cannot "decode" surround sound from a two-channel source. You cannot "decode" additional channels that never existed in the original audio stream. You can simulate them with clever processing, but the use of the word "decode" clearly indicates you have no idea what you are talking about.
The difference is that all of those technologies were replaced because they could no longer perform the tasks that the users wanted to do.
The analog audio jack is capable of passing signals with far greater fidelity than the human ear can detect, so there is no inherent trend toward obsolescence as the surrounding technology advances.
If the recording and telecommunications industries also had input into a successor, I might buy into it. There are many use cases outside of smartphones, and it is hugely convenient to have one standard that works across the board, especially for something as ubiquitous as audio.
The clocks vary by 1-2% between the review and retail products. I can think of far more important issues to froth over on the internet.
The retail products even have an option to kick up to that performance level. Granted, it's not the default, but it's supported and very easy to change.
Manufacturers make far more outlandish claims by carefully selecting benchmarks, and no one even pays attention to that anymore.
Is it bullshit on some fundamental level? Yeah, maybe it's dishonest, and I'm not going to give corporations the benefit of the doubt when it comes to their motives. But it's barely a blip on the bullshit meter.
If the user didn't have the ability to adjust the clocks, then I could understand getting angry. At a 1-2% clock difference, it would still be a minor point. We can adjust the clocks though, so we get the same level of performance at home.
I'm in the market for a video card during this product cycle (waiting for Vega details), and this just doesn't matter enough to affect my decision at all.
Most people are perfectly willing to burn battery power on the things they want to do.
People buy computers---including premium features like battery life---to run what they want. Or they buy accessories after the fact like DC chargers and spare batteries.
At most, this article made me consider Opera as an alternative to Chrome, as it is equally functional and perhaps less demanding.
From a security standpoint, I am fine with almost anything that replaces Internet Explorer. But seriously, everyone who really wants battery life has already paid for it.
EITHER
- tax deductions are a primary reduction in the tax owed, in which case you never owed those funds to the government in the first place.
So, hypothetically, the government could pass a law which imposes a lower tax rate on citizens who do not use drugs. Your tax burden and withholding would be based on which category you fall into.
Or it could impose a tax or penalty which is applied when certain conditions are met, e.g., missing or failing a drug test. Obamacare already does this for people who fail to maintain health care coverage, so this option is definitely possible and legal (it was upheld by the Supreme Court).
You owe less money if you do not use drugs, presumably justified by the belief that you will require fewer services from law enforcement and health care agencies.
or
- tax deductions are a credit from the government due to something you did that they want to encourage.
So, hypothetically, the could could pass a law which grants a tax credit to people who do not use drugs.
Eligibility for the credit is determined by showing up and passing drug tests as scheduled by the agency responsible for it.
Your expected tax burden is reduced by remaining clean.
---
So yeah, I can see this being implemented under either rubric. You made a distinction that is meaningless in any practical terms.
Conservatives want to see equality of opportunity - everyone starts the race at the same line.
It doesn't happen now, and it probably never will.
A child born to junkie parents will be behind his peers with good parents before he's an adult. Socioeconomic status plays a role too, but that child loses out regardless of where his parents sit on the totem pole. The parents could abuse prescription oxy after shopping around for doctors or buy pills from some scuzzy street dealer. He's not at the same starting line when he hits 18 either way, and there is no way to fix that.
Now, you could give that kid a series of small boosts to compensate for the unfair start. Catch him up a bit. It's not the same as giving him a healthy childhood---still, better late than never, right?
But no, those are "handouts" or "entitlement programs" or some other fat-government swear word.
At most, a few crazy people think wealth should be distributed equally. Your whole argument is a straw man unless you're only addressing those whackos.
Most people are arguing that we ought to do it a little bit to compensate a person for disadvantages that are not his fault. This goes to the fundamental question of fairness---just like it's a form of fairness for people to keep the rewards they've earned.
The real problem is that it's hard to tell exactly how big a setback is caused by particular circumstances. No event has the same impact on everyone, so it is impossible to come up with an objective mechanism for offsetting disadvantages.
Still, we understand a bit about how it all fits together, so we can create an institution that makes things a little better overall---even if it does not maintain perfect fairness.
In his defense, if it's still popular today and older than the others on the list, it is probably the most widespread.
Popularity + time = widespread use
Since one is customer, and the other is one of several ISPs, then what "regulation" is needed?
Someone has to run the fiber, maintain it, replace it, and decide who gets to use the free space in the conduit (because someone eventually will).
If the government doesn't own the fiber or the conduits, then it will have to regulate the companies that do.
Want a real life example? Look at utility poles.
My state has laws that force utility companies to share poles when there is space available on them. Most states have similar regulations. Why? Because they didn't want to share with anyone, and we don't want 10 poles on every block. There is occasional squabbling, but it works.
What are the chances that the industry will behave better with fiber or underground conduits? Not very good, I would say.
I personally don't care if a service is managed by a dicknosed bureaucrat or an assfaced CEO. My ideological preference is whatever actually works. They can figure out how to play nice with everyone and deliver what people want, or they can go to hell.
Heavily-regulated residential utilities seem to be both reliable and affordable, so I'll roll with that. I have no complaints about my electric, water, gas, or sewage. Only the minimally-regulated cable and internet industry seems to be jacked up---at least in the five states where I've lived. So I have no problem trying to make the cable/ISP industry more like the others. If that doesn't work, walk it back and try something else.
And space itself moved by a proton fraction.
You must have a sense of scale.
Space moved a tiny amount, yes, but at a distance of 1.3 billion light-years. It is so small because we are so far away.
Imagine saying light waves are useless because a distant galaxy is so dim that it is barely detectable. But when you account for the distance, you realize that there was some serious energy in that light, and the light traveled a vast distance without being concentrated or guided in any fashion.
Where would telecommunications be now, if we looked disdainfully at a dim galaxy and decided not to research lasers?
Gravity is the weakest of the fundamental forces, but it is the one to study if you want to manipulate space.
If gravity wave intensity follows the inverse square law, that would be a ripple in space of roughly 1500 meters at a distance of 1 light-year from the collision (for a local deflection of 1 photon's circumference).
Since the article indicates the detector is sensitive down to 1/1000 of a photon's circumference, it would indicate at least a 1.5-meter ripple at one light-year for the smallest detectable ripple. This would be at least a 10cm change on Earth if it happened in Alpha Centuari. Obviously, this number should be multiplied by the actual detected change, but unfortunately the article does not report it.
This translates to a ripple of ~196 km at a distance of one light-day, or 1.6 million km at 8 light-minutes (the distance from the Earth to the Sun).
I don't know what a 1.6 million km ripple in space would do to something within it, but I doubt I would like to experience it.
We've done amazing things with optics in the century or two after we figured out how light worked. Clever ways of generating it, filtering it, focusing it, etc.
Now that we know with certainty that gravitational waves exist, we can work on better observations and a better understanding of this force.
We won't have interstellar warp travel in the next decade---but looking back, we didn't build the first laser until 50 years after the first detection of photons. This is just one step on a long road.
You suck at math. Amazon shipped 1 billion packages in 2015. So you can estimate that it sends about that much a year (and probably more so by the end of 2016.)
24 incidents / 1,000,000,000 = 0.000000024
That's 7 zeroes to the left of the most significant digit, or 99.9999976% or 7 degrees of reliable testing.
I'm not defending Amazon. A lapse is a lapse, and good that the feds are suing them, which will make the company improve a track record that is already good.
And you suck at statistics.
Without knowing how many of those billion packages were examined, we can make no inference as to the frequency of their safety violations.
We would also need to know if those examinations were random samples or the result of incident investigations in order to account for possible selection bias. E.g., it looks really bad if 24 of 24 inspected packages were found to violate safety regulations---until you find out the sample consisted entirely of investigations into incidents reported by the airlines.
Without comparable data for competitors, we can make no judgments on the effectiveness of their vetting process. You need to assess their output against either a written requirement or a set of baseline data. They failed the regulatory requirement repeatedly, so the only way they could claim to have a good process is by performing better than other companies operating under the same set of rules.
You say you want to have your FTP packets dropped so that your VoIP packets get through, but what you really mean is that you want my FTP packets to be dropped so that your VoIP packets get through. And that's not acceptable
Actually, it is the way things should work.
If FTP packets are dropped, they will be retransmitted. The file transfer will take longer, but it will still work unless the congestion is really, really bad.
Due to the nature of human auditory processing, however, you cannot just resend VoIP packets a half second later and expect everything to work. The typical use case implies a requirement for timely delivery.
A well-managed network should be able to route both VoIP and FTP in a way that prevents either protocol from affecting the network, in part because of QoS/DCSP rules.
But if things do slow down a bit, the VoIP users need their full 64 kbps a lot more than FTP users need an extra 64 kbps. FTP can slow down and speed up quite easily; VoIP can't.
If you kill it, it restart itself and gives no notification or choice when it updates.
Google didn't make it do that.
It does that because it's running as a system service, and services are restarted by default if they fail.
There are two very simple ways to "fix" it if you find it that worrisome.
The first is to open the management console (services.msc), scroll down to the Google Update service, double-click it, and change the startup option from automatic to disabled. It will no longer run at all. You could set it to manual, in which case it will only run if you go in and start it.
The other option is to change the failure response. It's on the second tab of the same dialogue box. There are options for first/second/subsequent failures. Change all of them from "restart to the service" to "take no action". If you do this, the updater will run when the system is started, but it will stay off when you turn it off.
This is basic OS functionality, not some Google conspiracy.
Part of the cost for many military procurements stems from the requirement that components and assembly either be completely domestic or, at most, are sourced from allied nations.
It is significantly harder for an adversary to taint your equipment if none of the parts have ever been within their territory.
Why does a damn 'web browser' require 2GB of memory?
If your browser uses a separate process for each tab, then you'll have 18 instances of process overhead when 18 tabs are open.
In Chrome, the rendering engine, plugins, and extensions each run in their own process as well. Some plugins are quite demanding.
In addition, there must be a fairly comprehensive framework for interprocess communication so plugins can function.
You trade significant RAM overhead and low/moderate CPU overhead for some security and reliability. The ability to have individual tabs/plugins hang or crash without affecting the others is probably the most practical benefit, as there always seems to be some web site with absolutely retarded scripting that ends up eating an entire CPU core.
That should say ODB port. Guess the muscle memory is too strong.
If they don't do enough QA to catch a bricking bug, I can guarantee you they did not spend money developing a secure architecture either.
Automotive systems security is a joke. In some cars, it is literally nonexistent. Most of them didn't even use code signing the last time I checked.
On my vehicle in particular, anyone with physical access can plug into the ODBC connector and wipe the ECU. Not just reset---wipe. As in instabrick, call a tow truck.
And my car has Bluetooth integration so phones can play calls and music over the speakers, which means it may be exploitable from the outside. Everything is on an unsecured CAN bus. At this point, I'm really just hoping no one bothers exploiting a car with somewhat limited domestic sales.
Most manufacturers run all devices on a shared communications bus.
An attack that applies to the infotainment system can reach the ECU, traction control, etc fairly easily.
Autonomous cars are even scarier in this light because the terrain sensors and navigation unit will be exposed.
I would hope they fix this before selling fully autonomous vehicles, but we have already gone decades with inertia winning over security.
In the modern world eye witnesses mean absolutely nothing.
That is a decision for the jury to make. I seriously doubt that every witness in the world has been tampered with, so it becomes a question of honesty and reliability.
People can be convinced of anything, including memory of experiences they never had.
That is difficult to pull off and requires a concerted effort. Even the experts cannot induce memories very well. Is there any evidence of such an effort in this case?
This is a consequence of abstracting so many aspects of the world behind multiple layers of virtual interfaces.
Meaningless psycho-babble. Mentally sound adults have very little trouble distinguishing between imaginary, physical, hypothetical, and virtual entities.
We consider people who have serious trouble with this to be either handicapped or insane.
I wish I had mod points.
I hate it when people dismiss something as "hearsay" just because it disagrees with their conclusions.
Especially when the statement is actually an allegation, an eyewitness account, or a forensic report. Or when they are perfectly willing to accept hearsay in favor of their conclusions.
Actually, virtually every time I see "hearsay" mentioned it is an attempt to dismiss something that is not actually hearsay. Maybe I just hate a lot of people.