All of the mobile fuel systems I've seen have a meter. It's calibrated yearly, usually. Fleets need that for accounting purposes. Only uncaliberated ones I've seen have been on farms, where the farmer owns all of the equipment and doesn't particularly care about fine detail of how much fuel goes in the tractor vs combine. 'Around 50 gallons' is good enough.
It'd be trivial to add a thermal printer an interface on the meter so you get a receipt.
In my opinion, anti-virus software has somewhat matured enough that most home users or small businesses, that remotely have a clue, use it. There's not a good analog for reading SIEM, event logs, etc. Solutions exist, but they tend to be cumbersome or expensive.
Even I pretty much just rely on snort's registered user ruleset, rather than the subscription. It would be a very nice spot for heuristic or AI to monitor. Call me paranoid, but I'd want it in addition to the generic static rulesets.
Close. All Social Security surplus funds MUST be used to buy Treasury bonds. Social Security Trusts (there's two of them) must use the extra cash to buy special (which means non-transferable) interest-bearing federal government securities. The Treasury takes the money from those sales, and puts it in general revenue.
Trust Fund obligations or liabilities are considered "intra-governmental" debt. So far, the US government has paid off every bond it has issued, more or less.
Er. Technically, there is already a trust fund for surpluses. However, by law, it is spent on non-transferable bonds from the Treasury. It contains no 'liquid' funds. That cash raised from selling the non-transferable bonds is then put into general revenue and spent. Whenever we reach the inversion point, the Treasury department will have to pull money out of general revenue to pay off those bonds.
If you ignore the accounting terms, the money is essentially spent and will have to be repaid from the US government's general revenue in the future. This is by law, so even if you abolish the wage cap, you'd essentially just be raising general taxes and not financing Social Security except on paper. It's inaccurate to say 'Social Security is broke' as Social Security must be cash flow neutral (all funds are either dispensed via benefits or be used to buy bonds), it is accurate to say all of the surplus funds have turned into future liabilities on future budgets.
I'm often shocked at how few people realize this. It's not inherently a bad thing (cheaper than borrowing from other sources, for example), so long as folks understand the money is being spent now and has to be repaid later.
Once upon a time, when I was doing network security, I got thrown out of IT and into export control. They gave me enough money that I didn't quit. Logic was it was technical, byzantine and required insane attention to detailed regulation that'd make Cthulu go insane. Hey, infosec is virtually the same parameters.
Short story long, generally the US has among the most byzantine and archaic export control regulation in use by first world countries, specifically ITAR. It's largely unchanged from the 1970's/1980's notion of 'high tech', so you get a lot of interesting stuff that ends up on the US munitions list. Europe in general doesn't have nearly the same level of export control, and gives a substantial advantage in the global defense contracting world.
That said, many Euro defense contractors have extremely tight relations with their export licensing agency. They dance to the tune very closely, which does actually reduce the amount of legislation or regulation. As a government entity, why bind yourself with written rulings when your customers will do exactly what you tell them? I can very well imagine, and would be shocked to see otherwise, that any Euro export related tech organization that did not have extremely tight relations with their export licensing agency would be punished at least this harshly. Expect a LOT of foot dragging. Not enough for this company to win in court, just enough to cause them to lose business or go bankrupt.
I get that they want to take their ball home and stop playing. Guessing that they're not happy that vendors didn't play nice to or with them. Nothing wrong with that position either. But they could offer the DB for others to download. Maybe someone could do a better fork, or find a better way to work with vendors.
Not remotely saying that some/most vendors do a crap job with security disclosures and patching in general. But some folks don't make it easy to get along with.
Most sane people agree that climate change is a thing. I certainly do. Ice core samples show it rather convincingly. I'm also mostly fine with our recent sample collection though I think the datasets aren't as good as some people believe. They rarely are for large scale projects, but still there's a natural bias towards thinking your collection methods are always better than they really are. Third party auditing to try to correct bias gets expensive and politics get involved as well.
On the other hand, there's legitimate issues. There's a very vocal component of climate change that are constant Apocalypse callers. You would be a good example. "Cries of the billions who will suffer." Folks have a hard time taking serious action based on this especially when we've been hearing "end of humanity within five years" for over a decade.
The other hand is that there's no good supplied solutions. I mean, concrete realistic options that have a full roadmap, reasonably accurate cost projections and acceptably accurate levels of risk and mitigation. If it costs $10B to fix 80% of the problem, but $10T to fix 99.99% of the problem, well... Maybe we should explore that 80% solution, as it's much more realistic to implement. Any solution that is too expensive or too restrictive simply won't be implemented, because human nature and common sense. Humans will simply not voluntarily remove 90% of earth's population or go back to living in yurts. I place myself in that bracket. I think it's an issue that is meaningful, if not overstated by some, that I'd be willing to pay if it could be mitigated in a meaningful but not ruinous process.
Think the chlorofluorocarbon (CFC) ban. We paid an economic price for less efficient or more expensive alternatives, but it did the job well enough. That's not strictly a climate change thing. I've seen plenty of projects were people were shocked that a business or government unit didn't want to spend tens of millions of dollars for vague promises with absolutely no numbers backing them up.
Until they can cure the motion sickness aspect, there's going to be a significant percent of the population that can't use the product.
VR has been around and useful for many decades. Pilots have used it, I've seen some engineering applications, etc. Just not for mainstream consumption. And we're still not there for whatever 'universal consumption' of VR turns out to be. For broad usage, you need a pretty powerful but not obscene desktop. Another five years should bring common desktops up to the level of power needed by today's VR headsets.
I'm firmly neutral on this tech. Maybe we'll get the Multiverse, maybe we'll get the next of 3D TVs where it goes virtually nowhere.
I don't disagree, but reality can be more complex than mere technical issues.
Encrypting the data with strong crypto is very good, but what happens if the password picked is trivial?
If a computer is hijacked with malware, it is possible to use a person's actual email utility and compromised passphrase.
Technology is always a good thing, but it is no substitute for competent, well trained employees.
Know of a couple companies getting hit by this very attack. Zero technical aspect, just straight social engineering. "Hey, it's (CEO), do me a favor and send me a zip of all the W2s. I need this right away" or similar. Usually with forged email headers, but sometimes with similar domain names. One used a capital i instead of an L, which was admittedly hard to spot for an average user. They wanted an ACH transfer, which was odd enough it immediately rung warning bells everywhere. Some folks catch it, some don't.
Talk with your finance and HR folks, schedule training. They're going after W2's for fraudulent tax returns. Places where I do security, we routinely register or blacklist lookalike domains, set up mail servers to be resistant to spoofing/manipulation, multi stage filtering, etc. Nothing will trump good training for the users.
If you have an event that can destroy a nuclear transport flask, you have significant other problems to worry about. It's actually quite fun to watch the videos of randomly selected flasks being torture tested by rocket assisted trains, burning pools of diesel fuel, impact tests on trucks, etc. Transport is probably the safest part of the nuclear fuel chain process.
I sincerely doubt anyone will trust a drone with nuclear weapons launch capacity. I certainly would not.
Granted, it's not my area of study, but I sincerely doubt subs are completely obsolete. The oceans don't have sonar nets everywhere, and it's not practical to lace the every ocean with them. Drones have even less coverage/duration. As you said, they're generally at chokepoints. And the US has plenty of ocean access without said chokepoints. I sincerely doubt they will become obsolete anytime within the next couple of decades.
Perhaps folks remembered that certain agencies not sharing information was a feature, not a bug.
I'd honestly prefer the NSA to NOT share all of its domestic surveillance take with every agency under the sun.
Trying to influence government officials with threats is a very good way to end up with prison sentences.
Sure, PETA is trying to outsourcing harassment of government officials by misleading information and probably omitting very pertinent information. If anything happens to them, I sincerely hope the responsible folks at PETA are charged as accessories. PETA may or may not have decent points. But the crazies in their leadership negate any possible positives.
My guess is for whatever reason, the judge did not want to rule against the NSA. So just used whatever barely coherent reason seemed remotely plausible.
As a federal judge, you're not going to ever get in trouble for protecting the NSA regardless of the gaping holes in your ruling.
Buddy of mine worked against the apartheid government in South Africa. He was a priest, and saw it as a religious duty. Lost friends and loved ones, risked everything, etc.
He wanted to go before the TRC to get his story on the record. Off the record, certain folks let him know that he was free to testify to absolutely anything that the previous government did. If he testified against the ANC, CPSA/SACP and especially Umkhonto we Sizwe, he might end up with his head cut off or otherwise severely punished. He fled SA shortly after that.
TRC's may not be as fair or useful as you might believe. Unless it's run by an independent third party and held to a high standard, it's going to end up being whatever the sponsoring government wants.
Except you can have said lawyer disbarred if you can prove they violated client confidence for unethical purposes. Contact your state bar association (for the US).
There's a simple solution everyone is ignoring. Hire lawyers in competing countries. For example. US, Switzerland, Russia and China. Split the key, send a piece to all four. Good luck getting the legal systems of all four locations to concur.
Yes, there are banks and lawyers that specialize in key or software escrow, btw. It's getting more popular in Zurich.
Flat file ascii and LTO tapes. I guarantee there will be LTO compatible tape drives for the next century, easily.
QIC tape format is 42 years old, ditto Ascii at 42 years old. It is highly unlikely ascii will be entirely disappeared in 8 years. Amazon and Google found several QIC tape readers for under $200. Tape is specifically invented and used for very long term storage. LTO tape readers will be around for a very very long time, for retention purposes. While not multi millennia solution, it's good for at least a century or two.
Acid free archival paper will last 500-1000 years. Cotton rag paper could last longer. Both are storage dependent. Probably a better choice.
Nuclear weapons have a shelf period of about 20 years. After that, they need maintenance. Could be less, could be more, depends on the type.
More time that passes, less likely the detonation and more likely a malfunction.
So, at MOST, that's only a 50 year solution. Not a "few thousand".
Oddly, I have never heard a combat vet agreeing with that assessment. Never underestimate a lot of angry civilians with often homemade or virtually antique weapons. While it may (may, not certain) be possible to conquer such folks, it gets awfully expensive. Vietnam and Afghanistan are hardy examples. Saw examples of it in the Balkans. Hell, buddy of mine that spent time in Rwanda told me about mass combat with cheap PRC machetes.
It's nearly cliche to say "Weapons don't win wars, people do". But there is more than a bit of truth in it. If weapons solely determined wars, history would be a very different place. Hell, if that was the case, pro-Russian separatists in Ukraine would not be stomping the ever lovin' hell out of the Ukrainian forces. That's actually a pretty good example of cheap, simple hand weapons taking down tanks and helicopter gunships.
Nope, just a demo piece. Heck if I know. I only know of using laser sintered parts in aircraft rotors. I'm not a firearms manufacturing material specialist. I can whistle the tune for aerospace, however.
Not really. Go ahead and have an aneurysm when you read this.
It's legal to post 3D print files of firearms. That's fully legal and permitted under the First and Second Amendments.
It's illegal to export them internationally without State Department permission, due to The International Traffic in Arms Regulations (ITAR). Constitution grants the US government nearly unlimited control of the borders of the United States, and that include limits on goods going in or out of the country.
Source: I did export control in the aerospace industry. Plenty of 100% fully legal domestic stuff is illegal to send internationally without a permit. Fun example? L3 FLIR cameras made in Canada are illegal to transport back into Canada. Or notch a tailpipe to fit in a HMMWV, it becomes a defense article.
You do realize that there are basically schematics for virtually every firearm in history available? Around here, we have people that make historic weapons using historic tools (ie essentially blacksmith shops). You could easily build highly lethal firearms with a load of charcoal, some decent wood and a pile of iron. It doesn't require that much skill either.
Before you say "So What?", this is still done every day in the Khyber Pass. Weapons are made using extremely primitive means. It's actually unnerving that they can and do reverse engineer firearms from even just pictures, and then make their own knockoffs.
Any machine shop in America can easily surpass Khyber Pass' charcoal fires and hammers.
Slashdot Mirror
They're not exactly the highest professional or unbiased quasi news entity either.
All of the mobile fuel systems I've seen have a meter. It's calibrated yearly, usually. Fleets need that for accounting purposes. Only uncaliberated ones I've seen have been on farms, where the farmer owns all of the equipment and doesn't particularly care about fine detail of how much fuel goes in the tractor vs combine. 'Around 50 gallons' is good enough.
It'd be trivial to add a thermal printer an interface on the meter so you get a receipt.
In my opinion, anti-virus software has somewhat matured enough that most home users or small businesses, that remotely have a clue, use it. There's not a good analog for reading SIEM, event logs, etc. Solutions exist, but they tend to be cumbersome or expensive.
Even I pretty much just rely on snort's registered user ruleset, rather than the subscription. It would be a very nice spot for heuristic or AI to monitor. Call me paranoid, but I'd want it in addition to the generic static rulesets.
Close. All Social Security surplus funds MUST be used to buy Treasury bonds. Social Security Trusts (there's two of them) must use the extra cash to buy special (which means non-transferable) interest-bearing federal government securities. The Treasury takes the money from those sales, and puts it in general revenue.
Trust Fund obligations or liabilities are considered "intra-governmental" debt. So far, the US government has paid off every bond it has issued, more or less.
Er. Technically, there is already a trust fund for surpluses. However, by law, it is spent on non-transferable bonds from the Treasury. It contains no 'liquid' funds. That cash raised from selling the non-transferable bonds is then put into general revenue and spent. Whenever we reach the inversion point, the Treasury department will have to pull money out of general revenue to pay off those bonds.
If you ignore the accounting terms, the money is essentially spent and will have to be repaid from the US government's general revenue in the future. This is by law, so even if you abolish the wage cap, you'd essentially just be raising general taxes and not financing Social Security except on paper. It's inaccurate to say 'Social Security is broke' as Social Security must be cash flow neutral (all funds are either dispensed via benefits or be used to buy bonds), it is accurate to say all of the surplus funds have turned into future liabilities on future budgets.
I'm often shocked at how few people realize this. It's not inherently a bad thing (cheaper than borrowing from other sources, for example), so long as folks understand the money is being spent now and has to be repaid later.
Once upon a time, when I was doing network security, I got thrown out of IT and into export control. They gave me enough money that I didn't quit. Logic was it was technical, byzantine and required insane attention to detailed regulation that'd make Cthulu go insane. Hey, infosec is virtually the same parameters.
Short story long, generally the US has among the most byzantine and archaic export control regulation in use by first world countries, specifically ITAR. It's largely unchanged from the 1970's/1980's notion of 'high tech', so you get a lot of interesting stuff that ends up on the US munitions list. Europe in general doesn't have nearly the same level of export control, and gives a substantial advantage in the global defense contracting world.
That said, many Euro defense contractors have extremely tight relations with their export licensing agency. They dance to the tune very closely, which does actually reduce the amount of legislation or regulation. As a government entity, why bind yourself with written rulings when your customers will do exactly what you tell them? I can very well imagine, and would be shocked to see otherwise, that any Euro export related tech organization that did not have extremely tight relations with their export licensing agency would be punished at least this harshly. Expect a LOT of foot dragging. Not enough for this company to win in court, just enough to cause them to lose business or go bankrupt.
I get that they want to take their ball home and stop playing. Guessing that they're not happy that vendors didn't play nice to or with them. Nothing wrong with that position either. But they could offer the DB for others to download. Maybe someone could do a better fork, or find a better way to work with vendors.
Not remotely saying that some/most vendors do a crap job with security disclosures and patching in general. But some folks don't make it easy to get along with.
Most sane people agree that climate change is a thing. I certainly do. Ice core samples show it rather convincingly. I'm also mostly fine with our recent sample collection though I think the datasets aren't as good as some people believe. They rarely are for large scale projects, but still there's a natural bias towards thinking your collection methods are always better than they really are. Third party auditing to try to correct bias gets expensive and politics get involved as well.
On the other hand, there's legitimate issues. There's a very vocal component of climate change that are constant Apocalypse callers. You would be a good example. "Cries of the billions who will suffer." Folks have a hard time taking serious action based on this especially when we've been hearing "end of humanity within five years" for over a decade.
The other hand is that there's no good supplied solutions. I mean, concrete realistic options that have a full roadmap, reasonably accurate cost projections and acceptably accurate levels of risk and mitigation. If it costs $10B to fix 80% of the problem, but $10T to fix 99.99% of the problem, well... Maybe we should explore that 80% solution, as it's much more realistic to implement. Any solution that is too expensive or too restrictive simply won't be implemented, because human nature and common sense. Humans will simply not voluntarily remove 90% of earth's population or go back to living in yurts. I place myself in that bracket. I think it's an issue that is meaningful, if not overstated by some, that I'd be willing to pay if it could be mitigated in a meaningful but not ruinous process.
Think the chlorofluorocarbon (CFC) ban. We paid an economic price for less efficient or more expensive alternatives, but it did the job well enough. That's not strictly a climate change thing. I've seen plenty of projects were people were shocked that a business or government unit didn't want to spend tens of millions of dollars for vague promises with absolutely no numbers backing them up.
Until they can cure the motion sickness aspect, there's going to be a significant percent of the population that can't use the product.
VR has been around and useful for many decades. Pilots have used it, I've seen some engineering applications, etc. Just not for mainstream consumption. And we're still not there for whatever 'universal consumption' of VR turns out to be. For broad usage, you need a pretty powerful but not obscene desktop. Another five years should bring common desktops up to the level of power needed by today's VR headsets.
I'm firmly neutral on this tech. Maybe we'll get the Multiverse, maybe we'll get the next of 3D TVs where it goes virtually nowhere.
I don't disagree, but reality can be more complex than mere technical issues.
Encrypting the data with strong crypto is very good, but what happens if the password picked is trivial?
If a computer is hijacked with malware, it is possible to use a person's actual email utility and compromised passphrase.
Technology is always a good thing, but it is no substitute for competent, well trained employees.
Know of a couple companies getting hit by this very attack. Zero technical aspect, just straight social engineering. "Hey, it's (CEO), do me a favor and send me a zip of all the W2s. I need this right away" or similar. Usually with forged email headers, but sometimes with similar domain names. One used a capital i instead of an L, which was admittedly hard to spot for an average user. They wanted an ACH transfer, which was odd enough it immediately rung warning bells everywhere. Some folks catch it, some don't.
Talk with your finance and HR folks, schedule training. They're going after W2's for fraudulent tax returns. Places where I do security, we routinely register or blacklist lookalike domains, set up mail servers to be resistant to spoofing/manipulation, multi stage filtering, etc. Nothing will trump good training for the users.
https://www.youtube.com/watch?...
If you have an event that can destroy a nuclear transport flask, you have significant other problems to worry about. It's actually quite fun to watch the videos of randomly selected flasks being torture tested by rocket assisted trains, burning pools of diesel fuel, impact tests on trucks, etc. Transport is probably the safest part of the nuclear fuel chain process.
I sincerely doubt anyone will trust a drone with nuclear weapons launch capacity. I certainly would not.
Granted, it's not my area of study, but I sincerely doubt subs are completely obsolete. The oceans don't have sonar nets everywhere, and it's not practical to lace the every ocean with them. Drones have even less coverage/duration. As you said, they're generally at chokepoints. And the US has plenty of ocean access without said chokepoints. I sincerely doubt they will become obsolete anytime within the next couple of decades.
Perhaps folks remembered that certain agencies not sharing information was a feature, not a bug. I'd honestly prefer the NSA to NOT share all of its domestic surveillance take with every agency under the sun.
Trying to influence government officials with threats is a very good way to end up with prison sentences.
Sure, PETA is trying to outsourcing harassment of government officials by misleading information and probably omitting very pertinent information. If anything happens to them, I sincerely hope the responsible folks at PETA are charged as accessories. PETA may or may not have decent points. But the crazies in their leadership negate any possible positives.
Harassing a federal judge. Yeah, no way that'd go badly.
My guess is for whatever reason, the judge did not want to rule against the NSA. So just used whatever barely coherent reason seemed remotely plausible.
As a federal judge, you're not going to ever get in trouble for protecting the NSA regardless of the gaping holes in your ruling.
Buddy of mine worked against the apartheid government in South Africa. He was a priest, and saw it as a religious duty. Lost friends and loved ones, risked everything, etc.
He wanted to go before the TRC to get his story on the record. Off the record, certain folks let him know that he was free to testify to absolutely anything that the previous government did. If he testified against the ANC, CPSA/SACP and especially Umkhonto we Sizwe, he might end up with his head cut off or otherwise severely punished. He fled SA shortly after that.
TRC's may not be as fair or useful as you might believe. Unless it's run by an independent third party and held to a high standard, it's going to end up being whatever the sponsoring government wants.
Except you can have said lawyer disbarred if you can prove they violated client confidence for unethical purposes. Contact your state bar association (for the US).
There's a simple solution everyone is ignoring. Hire lawyers in competing countries. For example. US, Switzerland, Russia and China. Split the key, send a piece to all four. Good luck getting the legal systems of all four locations to concur.
Yes, there are banks and lawyers that specialize in key or software escrow, btw. It's getting more popular in Zurich.
Flat file ascii and LTO tapes. I guarantee there will be LTO compatible tape drives for the next century, easily.
QIC tape format is 42 years old, ditto Ascii at 42 years old. It is highly unlikely ascii will be entirely disappeared in 8 years. Amazon and Google found several QIC tape readers for under $200. Tape is specifically invented and used for very long term storage. LTO tape readers will be around for a very very long time, for retention purposes. While not multi millennia solution, it's good for at least a century or two.
Acid free archival paper will last 500-1000 years. Cotton rag paper could last longer. Both are storage dependent. Probably a better choice.
Nuclear weapons have a shelf period of about 20 years. After that, they need maintenance. Could be less, could be more, depends on the type.
More time that passes, less likely the detonation and more likely a malfunction.
So, at MOST, that's only a 50 year solution. Not a "few thousand".
Oddly, I have never heard a combat vet agreeing with that assessment. Never underestimate a lot of angry civilians with often homemade or virtually antique weapons. While it may (may, not certain) be possible to conquer such folks, it gets awfully expensive. Vietnam and Afghanistan are hardy examples. Saw examples of it in the Balkans. Hell, buddy of mine that spent time in Rwanda told me about mass combat with cheap PRC machetes.
It's nearly cliche to say "Weapons don't win wars, people do". But there is more than a bit of truth in it. If weapons solely determined wars, history would be a very different place. Hell, if that was the case, pro-Russian separatists in Ukraine would not be stomping the ever lovin' hell out of the Ukrainian forces. That's actually a pretty good example of cheap, simple hand weapons taking down tanks and helicopter gunships.
Nope, just a demo piece. Heck if I know. I only know of using laser sintered parts in aircraft rotors. I'm not a firearms manufacturing material specialist. I can whistle the tune for aerospace, however.
http://www.solidconcepts.com/n...
Not really. Go ahead and have an aneurysm when you read this.
It's legal to post 3D print files of firearms. That's fully legal and permitted under the First and Second Amendments.
It's illegal to export them internationally without State Department permission, due to The International Traffic in Arms Regulations (ITAR). Constitution grants the US government nearly unlimited control of the borders of the United States, and that include limits on goods going in or out of the country.
Source: I did export control in the aerospace industry. Plenty of 100% fully legal domestic stuff is illegal to send internationally without a permit. Fun example? L3 FLIR cameras made in Canada are illegal to transport back into Canada. Or notch a tailpipe to fit in a HMMWV, it becomes a defense article.
You do realize that there are basically schematics for virtually every firearm in history available? Around here, we have people that make historic weapons using historic tools (ie essentially blacksmith shops). You could easily build highly lethal firearms with a load of charcoal, some decent wood and a pile of iron. It doesn't require that much skill either.
Before you say "So What?", this is still done every day in the Khyber Pass. Weapons are made using extremely primitive means. It's actually unnerving that they can and do reverse engineer firearms from even just pictures, and then make their own knockoffs.
Any machine shop in America can easily surpass Khyber Pass' charcoal fires and hammers.