Pex can carry hot water up to several hundred degrees with no problem; it will, however, degrade rapidly, becoming useless with 15-20 minutes of sunlight exposure.
People should live like animals in a pet store because you can't see a better way for them to live cheaply?
I'm a realist, not a cocaine-fueled Marxist who believes in a fantasy utopia. I know how to reach those utopias, and will inform you the moment it's possible to implement such things without destroying the world and inflicting widespread human suffering. My solutions are the best possible--I don't mean the best possible at cost, I mean the absolute best, considering human psychology, economic drivers, long-term planning on the order of thousands or millions of years (open-ended to beyond what can be projected recognizably), and so forth.
You can get houses where I live for $1000-$5000. Why don't you come buy a few of those?
Uber now claims to provide insurance based on local laws. They claimed about a year ago to provide a million dollars of insurance, but that was only in context of their United States operations. The information's always been spotty; it's become more consistently available, but less specific.
Uber used to have an explanation that all Uber drivers were granted $1,000,000 insurance by Uber, automatically, under a group policy negotiated by Uber. That was over a year ago; however, it was only applicable in the United States. Uber quoted different values or declined to comment in other countries. It was never marketing material; they mentioned casually it as an explanation of safety (risk control) in a long-winded company blog post on the topic.
Since then, Uber has officially stated that it supplies insurance, varying by local government regulations, by default. Multiple insurance companies have also extended insurance options for Uber and Lyft drivers, allowing the driver themselves to purchase insurance on their own--though with Uber providing insurance coverage by default, I don't see why this is relevant. There is more assertion that there *is* insurance, but less assertion on the specifics.
Yeah it sounds like taxi drivers are dangerous. If only there were some sort of ride share system providing reviews of taxis and passengers, as well as traceability so if you go missing we can question the last person you came into contact with, all including $1 million of insurance...
Bubble and market economics. A consequence of wealth economics, a theory I developed which even explains the nuances of supply-and-demand, and demonstrates why communism never worked--and when it will, in abstract terms. The concrete terms are "eliminate energy scarcity", and the abstract terms are "wealth expansion continues to put more money into people's hands, but their ability to buy new goods and services never gets leveraged because there aren't enough goods and services that they want and need for them to ever spend all of their money, and so removing their remaining capital is a non-operation, and so the eventual growth of wealth allows you to just dump the residual wealth onto the common man so he can have anything and everything his heart desires." It tells you we won't be there for a long time--potentially not ever.
Since we can't control these sorts of bubbles, I like to ignore them and fix fundamentals. That always smooths out the ripples.
The tapes also need to be in order, and you need the right software, architecture, etc. "Use the encryption key" is the least complicated part of the DR process.
American Red Cross is actually highly-efficient, but a peripheral blog called ProPublica has been twisting facts to smear them. It's all bullshit. They do things like take Red Cross's lessons learned (a document where they address everything that goes wrong with any response and plan out what actions to take to make those problems never happen again) and waving them around to show that Red Cross can't do anything right; or they claim that Red Cross pays for services from other economic suppliers (builders, distributors, etc.) and thus pays a lot more overhead because "those contractors have overhead, too".
ProPublica's last article was hyperbole, focusing on a $24 million project in Haiti where Red Cross originally was going to build houses, but instead built roads and repaired damaged schools and homes--that out of a $488 million budget with which they built hospitals, distributed food, provided cholera vaccinations (Cholera was killing thousands of people per week), trained the government in disaster response, and so forth.
I've examined Red Cross's management practices. Both from an organizational management standpoint and from an economic standpoint, the American Red Cross is a top-notch organization. They practice constant and continuous organizational process improvement: they look for things going wrong and aggressively document everything that impedes their function, and then invest a large share of their organization's overhead into ridding themselves of those problems. They also take full advantage of economic efficiency: rather than spend $100 million doing work they're not qualified for in an inefficient (and possibly dangerous) way, they'll pay a contractor $50 million--even though the contractor may absorb $20 million of that into overhead, it's still cheaper and more effective than any other option. They even push their process improvement practices outward: if the American Red Cross shows up at your locale, they're going to educate your local government on preparing for and responding to major disasters, so that the next one requires much less money and time for much better relief results.
When it comes to disaster relief, it doesn't get much better than ARC.
Tapes being shipped by truck are often lost. There is no physical security for back-ups when you're driving down the street and prone to lose a crate of tapes. Carefirst has done that a few times. It's infrequent but, unlike laptops, every single tape floating around out there on a truck in transit to Iron Mountain is carrying a massive database of sensitive information.
Look at the many, many instances of laptops being lost or stolen with sensitive databases on them, and the ones that get reported publicly are just a tiny fraction.
That's called the law of large numbers: every single person you'll ever meet in your life will have never come in contact with any other person who has come in contact with any other person who carries such data on a laptop; however, there are 7 billion people in the world, 2 billion in China, 300 million here in the US, more laptops than people in businesses, and "utility laptops" that float around with trucks instead of with users. Somewhere out there in that vast ocean covering 70% of the world's surface, there's 5 or 10 drops of water encasing an atom or three of plutonium. Plutonium is out there in the water.
The idea that a single counter-example invalidates a statement is flawed. It's like saying you make $3000/mo and so can afford a $1200 mortgage, but you once saw a house that had a $45,000/mo mortgage, and so only billionaires can afford to move out of their parents's basements. There are a few of those, they get a lot of attention, but they're oddities.
Ext4 encryption allows each user account -- or even various subdirectory, IIRC -- to have its own keys. So a hacker can only get access to the directories whose keys have been loaded into memory.
For the machine to be useful--to allow you to have access into a directory, to access a file, to fopen() something--you have to make the VFS layer do it. It's hard to get the kernel to fopen() and challenge the application or the user for a key (it can be done). Even if you could, think about the annoyance: your computer would require entry of a password 8000 times just to log into your desktop.
You're also ignoring implementations which use hardware-based keys (HSM or similar) with other access controls on key usage, potentially even including rate limiting.
In which case the kernel still accesses the key as part of the VFS layer, and you just fopen() the encrypted file and get unencrypted data.
Only if said malware can manage a privilege escalation attack
You mean like running as the same user that all other applications on the phone run as? You know, the user who has access to all the data on the phone? "Privilege Escalation" in this context means "run as the user", not "run as administrator". That happens if, say, you browse to a Web page that exploits a JavaScript engine bug to inject code, or install a trojaned application from the App store.
Laptops usually don't contain vast stores of data. Once in a while, you hear about a laptop with millions of medical records vanishing from a coffee shop; most of us have VPNs requiring our passwords, connecting remotely into applications which connect back to databases which carry tons of data. A laptop might, at the nominal worst, contain some cached information for one or two people, accessible by hours of work dredging through cache files--if that information doesn't stay entirely within memory during access, and thus essentially vanish when gone from the screen, much less unloaded (left on-chip, but unmapped, so you need admin memory dump and might get stomped over by memory defragmentation or allocation) or rebooted.
You don't RMA disks with such sensitive information that you need file-by-file encryption or whatnot; you shred the disks. Your OS reads data through an IO layer that decrypts it as it streams, storing it in memory as unencrypted data, which is then read by programs and integrated into memory structures; what if your OS writes program memory to unencyphered swap? Suddenly you have medical records, social security information, and credit card numbers in an unencrypted area of your hard disk.
People disassemble, degauss, and shred those disks in those contexts. Even with whole-disk encryption, there's an assumption that an attacker could bypass the encryption somehow.
What kind of thief breaks into your secure facility and steals your servers? Is this more likely than getting hacked into repeatedly?
Encryption is only good for data in transit. That often includes laptops and mobile devices, problem being even those are exposed whenever on. Theft is the most minor problem; it's just one that gets a lot of attention and a lot of questions asked.
Yes, but you see the point: the applications of encryption are small, mostly restricted to communication. Encrypting storage is crap. You can argue that moving physical equipment is "communication", because information moves from one place to another. This is ridiculous when moving from one rack to the rack 5 feet away; it's more pertinent when shipping backup tapes between buildings; and it makes some middling amount of sense when excessing hardware--you might throw out a whole, unwiped drive, which is communication to an unknown recipient.
I don't care about contracts; they're legal things which dictate how to do things. I care about threat models, which tells me what to write into contracts, and what unwritten actions to take so as to provide contractual guarantees. If the contracting organization tells me to encrypt disks but doesn't tell me to encrypt communications, I'm going to encrypt communications wherever possible: we've established their data's confidentiality is important, and my organization is competent enough to provide appropriate handling, as well as advice to the contracting organization about what other actions they should take to protect their data (e.g. we'll need them to prepare to receive encrypted data if we're communicating encrypted data to them).
You may be facing an unwinnable battle trying to avoid unnecessary and silly risk controls, but you should still use your full expertise to identify what risks are in play and what additional risk controls are necessary yet haven't been put into policy. These are the things you must bring up to your contracting organization: tell your client when you believe further action is needed to protect their data. You can't do that just by blindly accepting what's in the contract as "our security requirements for this project"; you need to know the effectiveness and non-effectiveness of each mitigation strategy to recognize what risks are identified and what additional risks have gone unaddressed.
I'm not sure what encryption is useful for. If my servers get hacked, they're able to read encrypted files. Malware on my Android device can read my encrypted files as soon as I get the phone properly booted. The laptop niche seems okay, except laptops get hacked just like desktops way more often than they get stolen and offlined.
Or even weirder: instead of micromanaging a candidate's positions based on what they think the public wants to hear, have the candidate state what they actually think, and let the public judge them (shock!) on their actual beliefs?
Not really workable. I have political positions which, while sound, can't be pressed until a campaign to inform the public has succeeded. Consent of the governed is more important than agreement with the governed. As such, actual campaigns must follow what the public wants, emphasizing those parts of my position, and modifying what the public believes by providing information campaigns.
Pex can carry hot water up to several hundred degrees with no problem; it will, however, degrade rapidly, becoming useless with 15-20 minutes of sunlight exposure.
People should live like animals in a pet store because you can't see a better way for them to live cheaply?
I'm a realist, not a cocaine-fueled Marxist who believes in a fantasy utopia. I know how to reach those utopias, and will inform you the moment it's possible to implement such things without destroying the world and inflicting widespread human suffering. My solutions are the best possible--I don't mean the best possible at cost, I mean the absolute best, considering human psychology, economic drivers, long-term planning on the order of thousands or millions of years (open-ended to beyond what can be projected recognizably), and so forth.
You can get houses where I live for $1000-$5000. Why don't you come buy a few of those?
Uber now claims to provide insurance based on local laws. They claimed about a year ago to provide a million dollars of insurance, but that was only in context of their United States operations. The information's always been spotty; it's become more consistently available, but less specific.
Uber used to have an explanation that all Uber drivers were granted $1,000,000 insurance by Uber, automatically, under a group policy negotiated by Uber. That was over a year ago; however, it was only applicable in the United States. Uber quoted different values or declined to comment in other countries. It was never marketing material; they mentioned casually it as an explanation of safety (risk control) in a long-winded company blog post on the topic.
Since then, Uber has officially stated that it supplies insurance, varying by local government regulations, by default. Multiple insurance companies have also extended insurance options for Uber and Lyft drivers, allowing the driver themselves to purchase insurance on their own--though with Uber providing insurance coverage by default, I don't see why this is relevant. There is more assertion that there *is* insurance, but less assertion on the specifics.
Uber drivers carry a million dollars of insurance. They have more insurance than most cabbies.
Yeah it sounds like taxi drivers are dangerous. If only there were some sort of ride share system providing reviews of taxis and passengers, as well as traceability so if you go missing we can question the last person you came into contact with, all including $1 million of insurance...
Bubble and market economics. A consequence of wealth economics, a theory I developed which even explains the nuances of supply-and-demand, and demonstrates why communism never worked--and when it will, in abstract terms. The concrete terms are "eliminate energy scarcity", and the abstract terms are "wealth expansion continues to put more money into people's hands, but their ability to buy new goods and services never gets leveraged because there aren't enough goods and services that they want and need for them to ever spend all of their money, and so removing their remaining capital is a non-operation, and so the eventual growth of wealth allows you to just dump the residual wealth onto the common man so he can have anything and everything his heart desires." It tells you we won't be there for a long time--potentially not ever.
Since we can't control these sorts of bubbles, I like to ignore them and fix fundamentals. That always smooths out the ripples.
Housing prices would drop if interest rates would go back up to 14% where they belong. We'd all be better off.
Homeless people can't afford those houses. Maintenance, insurance, the very act of keeping them safe and functioning. All costly.
We need capsule apartments and a properly constructed citizen's dividend.
The tapes also need to be in order, and you need the right software, architecture, etc. "Use the encryption key" is the least complicated part of the DR process.
Look we have an editor constantly ranting about "fat" and "beets" as if nobody ever feeds him.
He's mad that a company hires cheaper workers instead of more expensive workers.
Unfortunately, NPR is a blind mouthpiece for ProPublica.
American Red Cross is actually highly-efficient, but a peripheral blog called ProPublica has been twisting facts to smear them. It's all bullshit. They do things like take Red Cross's lessons learned (a document where they address everything that goes wrong with any response and plan out what actions to take to make those problems never happen again) and waving them around to show that Red Cross can't do anything right; or they claim that Red Cross pays for services from other economic suppliers (builders, distributors, etc.) and thus pays a lot more overhead because "those contractors have overhead, too".
ProPublica's last article was hyperbole, focusing on a $24 million project in Haiti where Red Cross originally was going to build houses, but instead built roads and repaired damaged schools and homes--that out of a $488 million budget with which they built hospitals, distributed food, provided cholera vaccinations (Cholera was killing thousands of people per week), trained the government in disaster response, and so forth.
I've examined Red Cross's management practices. Both from an organizational management standpoint and from an economic standpoint, the American Red Cross is a top-notch organization. They practice constant and continuous organizational process improvement: they look for things going wrong and aggressively document everything that impedes their function, and then invest a large share of their organization's overhead into ridding themselves of those problems. They also take full advantage of economic efficiency: rather than spend $100 million doing work they're not qualified for in an inefficient (and possibly dangerous) way, they'll pay a contractor $50 million--even though the contractor may absorb $20 million of that into overhead, it's still cheaper and more effective than any other option. They even push their process improvement practices outward: if the American Red Cross shows up at your locale, they're going to educate your local government on preparing for and responding to major disasters, so that the next one requires much less money and time for much better relief results.
When it comes to disaster relief, it doesn't get much better than ARC.
Tapes being shipped by truck are often lost. There is no physical security for back-ups when you're driving down the street and prone to lose a crate of tapes. Carefirst has done that a few times. It's infrequent but, unlike laptops, every single tape floating around out there on a truck in transit to Iron Mountain is carrying a massive database of sensitive information.
Look at the many, many instances of laptops being lost or stolen with sensitive databases on them, and the ones that get reported publicly are just a tiny fraction.
That's called the law of large numbers: every single person you'll ever meet in your life will have never come in contact with any other person who has come in contact with any other person who carries such data on a laptop; however, there are 7 billion people in the world, 2 billion in China, 300 million here in the US, more laptops than people in businesses, and "utility laptops" that float around with trucks instead of with users. Somewhere out there in that vast ocean covering 70% of the world's surface, there's 5 or 10 drops of water encasing an atom or three of plutonium. Plutonium is out there in the water.
The idea that a single counter-example invalidates a statement is flawed. It's like saying you make $3000/mo and so can afford a $1200 mortgage, but you once saw a house that had a $45,000/mo mortgage, and so only billionaires can afford to move out of their parents's basements. There are a few of those, they get a lot of attention, but they're oddities.
Ext4 encryption allows each user account -- or even various subdirectory, IIRC -- to have its own keys. So a hacker can only get access to the directories whose keys have been loaded into memory.
For the machine to be useful--to allow you to have access into a directory, to access a file, to fopen() something--you have to make the VFS layer do it. It's hard to get the kernel to fopen() and challenge the application or the user for a key (it can be done). Even if you could, think about the annoyance: your computer would require entry of a password 8000 times just to log into your desktop.
You're also ignoring implementations which use hardware-based keys (HSM or similar) with other access controls on key usage, potentially even including rate limiting.
In which case the kernel still accesses the key as part of the VFS layer, and you just fopen() the encrypted file and get unencrypted data.
Only if said malware can manage a privilege escalation attack
You mean like running as the same user that all other applications on the phone run as? You know, the user who has access to all the data on the phone? "Privilege Escalation" in this context means "run as the user", not "run as administrator". That happens if, say, you browse to a Web page that exploits a JavaScript engine bug to inject code, or install a trojaned application from the App store.
Laptops usually don't contain vast stores of data. Once in a while, you hear about a laptop with millions of medical records vanishing from a coffee shop; most of us have VPNs requiring our passwords, connecting remotely into applications which connect back to databases which carry tons of data. A laptop might, at the nominal worst, contain some cached information for one or two people, accessible by hours of work dredging through cache files--if that information doesn't stay entirely within memory during access, and thus essentially vanish when gone from the screen, much less unloaded (left on-chip, but unmapped, so you need admin memory dump and might get stomped over by memory defragmentation or allocation) or rebooted.
You're obviously not from this planet.
You'll never find a candidate who isn't dangerous if his position can't be influenced.
You don't RMA disks with such sensitive information that you need file-by-file encryption or whatnot; you shred the disks. Your OS reads data through an IO layer that decrypts it as it streams, storing it in memory as unencrypted data, which is then read by programs and integrated into memory structures; what if your OS writes program memory to unencyphered swap? Suddenly you have medical records, social security information, and credit card numbers in an unencrypted area of your hard disk.
People disassemble, degauss, and shred those disks in those contexts. Even with whole-disk encryption, there's an assumption that an attacker could bypass the encryption somehow.
What kind of thief breaks into your secure facility and steals your servers? Is this more likely than getting hacked into repeatedly?
Encryption is only good for data in transit. That often includes laptops and mobile devices, problem being even those are exposed whenever on. Theft is the most minor problem; it's just one that gets a lot of attention and a lot of questions asked.
Yes, but you see the point: the applications of encryption are small, mostly restricted to communication. Encrypting storage is crap. You can argue that moving physical equipment is "communication", because information moves from one place to another. This is ridiculous when moving from one rack to the rack 5 feet away; it's more pertinent when shipping backup tapes between buildings; and it makes some middling amount of sense when excessing hardware--you might throw out a whole, unwiped drive, which is communication to an unknown recipient.
I don't care about contracts; they're legal things which dictate how to do things. I care about threat models, which tells me what to write into contracts, and what unwritten actions to take so as to provide contractual guarantees. If the contracting organization tells me to encrypt disks but doesn't tell me to encrypt communications, I'm going to encrypt communications wherever possible: we've established their data's confidentiality is important, and my organization is competent enough to provide appropriate handling, as well as advice to the contracting organization about what other actions they should take to protect their data (e.g. we'll need them to prepare to receive encrypted data if we're communicating encrypted data to them).
You may be facing an unwinnable battle trying to avoid unnecessary and silly risk controls, but you should still use your full expertise to identify what risks are in play and what additional risk controls are necessary yet haven't been put into policy. These are the things you must bring up to your contracting organization: tell your client when you believe further action is needed to protect their data. You can't do that just by blindly accepting what's in the contract as "our security requirements for this project"; you need to know the effectiveness and non-effectiveness of each mitigation strategy to recognize what risks are identified and what additional risks have gone unaddressed.
I'm not sure what encryption is useful for. If my servers get hacked, they're able to read encrypted files. Malware on my Android device can read my encrypted files as soon as I get the phone properly booted. The laptop niche seems okay, except laptops get hacked just like desktops way more often than they get stolen and offlined.
Valve has like 10,000 games on Steam. 3,000 of them run on Linux.
Or even weirder: instead of micromanaging a candidate's positions based on what they think the public wants to hear, have the candidate state what they actually think, and let the public judge them (shock!) on their actual beliefs?
Not really workable. I have political positions which, while sound, can't be pressed until a campaign to inform the public has succeeded. Consent of the governed is more important than agreement with the governed. As such, actual campaigns must follow what the public wants, emphasizing those parts of my position, and modifying what the public believes by providing information campaigns.
So CryEngine on Linux means a lot of Valve games will become Linux+SteamOS games overnight?
I'm going to start doing that to get cheaper gasoline!