Minor correction. The actual classification for that information is "Nuclear" not Top-Secret (TS) or even SAP/SAR (Special Access Program/Special Access Required). You can have a Nuclear clearance and have a much lower overall clearance, say Secret which covers things like encryption equipment, for instance.
And that's been a concern of mine since the supposed standardization process became the grail of vendors. Most everyone (actually ever vendor it seems) is mostly concerned with getting every feature into their hardware and software during the pre-draft stage rather than getting a standard and then building their widget(s). Frankly, if I designed and built things that way in, say, nuclear engineering (one of my disciplines), I'd be justly brought up on charges. Yet we allow that in devices that are being used day-in and day-out for, say, medicine. That doesn't even address security defects and bugs that inherently happen in rushed designs.
Which is what separates, in my not so humble opinion, software 'developers' from software engineers. Then again, if I fragged up and someone was hurt or died, or there was a large amount of damage, as a result of negligent software engineering on my part, I was going to a federal prison to be guarded by a bunch of pissed off Marines (who really don't want to be there in the first place!). "The prospect of being hanged in a fortnight concentrates the mind wonderfully."
I have been engineering formally verified code for almost four decades now, it's part of my mental toolkit here. Frankly, I'm surprised that not everyone does it but given the sheer amount of buggy crap out there, I suppose I really shouldn't be surprised.
We have all the functionality of a supercomputer sitting in more than a few machines as nVidia has so lovingly demonstrated with CUDA, Fermi and Tesla. Now we have the browser able to harness that hardware functionality via the DirectX and OpenGL API's. Should it be any surprise that given a new threat vector right into the heart of the machine with API's that are most definitely not designed with security in mind, that something bad can happen?
I'm just waiting for the hijack that takes over your graphics card and does SETI@Home or Folding@Home behind your back.
How did this score insightful? The last vestiges of "We, the People..." existed just prior to the Civil War, during which the right of Habeus Corpus was revoked (suspended, {snort}), the right of secession was abrogated (even Northern States reserved the right of secession in voting to approve the Constitution), Congressmen were stripped of office even after the war was over, and literally thousands of war crimes were committed. I'm former career military and I know exactly what constitutes a war crime. If we are going to delve into the historical record, at least get it right.
It should be no surprise that America saw the rise of the various Trusts during the post-Civil War period, to be followed by national corporations during and after WWI, and finally the rise of the multi-nationals during and after WWII. Each cycle only results in a further power-grab and aggrandizement. Should it be any surprise after 9/11 we saw even more examples. Patriot Act? Consolidation of the various police agencies into one (monolithic if they get their way) department? Monitoring of the so-called 'dangerous and violent groups'? I would have thought that TPTB would have learned their lesson from the '60's FBI but I would be wrong. Santayana said "[t]hose who do not remember the past are condemned to repeat it. " I say those who do not know the past are condemned to suffer worse.
BTW, I am most definitely not a Southerner but the record of history speaks for itself.
Only if you are un-American/pro-MKS;-). For me it means Nautical Mile (equivalent to 2000 yards) but I'm qualified as helmsman, quartermaster, and navigator of the watch including under-way refueling.
Actually, no more than an SSN is required. I just searched Google on my SSN and turned up some interesting information, such my full name and that it was in use in New Mexico at one time, as well as my current location. I've never been to New Mexico. That could explain some recent phone calls concerning credit cards and addresses that I never lived at.
Funny? Actually, perhaps real. Operators are functions that map the operands to a result. If the mapping changes over time, the mapping may be non-constant with constant operands. Something to ponder when you have time;-).
Sorry but that is most definitely not the way I work. Implementing a draft is absolutely stupid in my not so humble opinion. Should something change between the draft and the release you have a broken version out there somewhere, most likely a hell of a lot of somewheres since there are a lot of people, in the millions, who do not update their software when appropriate. Furthermore, I know from the perspective of a systems administrator*, deployment of a new version in any reasonable context is not going to take place until you've kicked the tires and tried to break whatever version is released.
In my world you release a version that complies with documented, extent standards. Perhaps you may allow for a setting within the software to enable draft standard compliance but I'm even leery of that. Where I worked, it wasn't your job on the line, it was your freedom, benefits and if you screw up enough to get someone killed as a result of doing something , probably your life. Did that make me risk adverse? Nope. Just extremely intent on managing risk something that most people just don't get. [Bruce Schneier, et. al.]
[* - At one time, I was responsible for, administered, maintained, and repaired five mainframes, eighteen mini-computers, 575 desktop computers and I never got a real handle on how many laptops but well over two hundred that I had logged. This was in addition to my other duties. And yes being responsible for a laptop population whose absolute total membership I had no control for was not a situation that I was exactly (?!!!) comfortable with. More than a few computers were also TEMPEST certified to keep life even more interesting.]
Frankly, I find it highly unlikely that I'll ever become a successful target given my penchant for multiple layers, deep scanning, and extensive (signature and behavioral) monitoring (including honey pots) but given the shoddy state of affairs with software development these days, I have no faith that I'll forever be malware free. I've even found verified infections in software by Fortune 500 companies. Not good.
Speaking as, among many other things, a successful software engineer I don't know what to call the individuals turning out most of the garbage that masquerades as release (gold) software today. Code-jockeys? Amateurs? Whatever. What I created over a quarter century was defect free packages (and they were not small) 'cause I was betting my life every time. Military Justice ain't nice; your punishment was whatever a Court Marshal may direct including life at hard labor or death. As Samuel Johnson put it: "The prospect of being hanged in a fortnight concentrates the mind wonderfully." [Stepping of the Soapbox]
Using a bare-metal hypervisor does add a bit to the complexity of the software but as to the hardware, there's no additional complexity here. Even the iSCSI SAN is just another virtual appliance or custom deliverable (NexentaStor Community Edition is very suitable) and the underlying hardware can be bought at Egghead, Tiger Direct, or their competitors. There's nothing fancy here, just extreme care in component selection and a few tweaks to internal hardware registers when needed. If anything, the hypervisors here act as a reduced attack surface in many respects, are far easier to monitor, if you know what you are doing, and have the positive benefit that if a piece of malware or a determined crack is successful and successfully detected, restoration from a snapshot or golden image reduces the over all "cost" of such an attack.
About the only thing I have to do differently here is that I route the internal virtual network out one physical network connection and back in another one so I can attach my monitoring to something real. There is no way I can afford the virtual switches given a personally funded budget. My whole goal for the last decade has been to operate fairly safely in a hazardous environment and its getting very rough out there. The last time a piece of malware successfully attacked one of my machines was 1989, wasn't even on a PC (it was an Amiga) and occurred while I was insuring that the CompuServe Amiga libraries remained virus free.
"Just because your paranoid doesn't mean they aren't out to get you";-).
Actually I use all of the above save Safari. [Me and Apple related stuff don't get along. I can even crash current Macs just using them normally. Well, normally for me.] Each browser has its virtues and its warts. And in my setting, all of them usually run as a virtual appliance since all of them could, hell probably have, 0-days and currently unpublicized vulnerabilities. Fact of life, deal with it. Since I normally 'power-off' the VA rather than save it, any crack ain't going very far. I've been doing this since VMWare started releasing betas way back around the turn of the millenium. [Its why I virtualized my browsers and servers in the first place. Security and ease of recovery. Consolidation once computers became powerful enough was just a side benefit.]
Here IE is only used on Microsoft sites and in beta-testing. Otherwise, it's usually FF since I have it customized my way. A ton of security extensions, especially Reverse DNS, and my current favorite shadow theme. Opera is just sweet and doesn't get the attention it deserves.
A far more apt analogy! Those that don't work in large organizations, and I have worked in two of the largest on the planet, know about the legacy effect. SOA exists for a reason and that reason has everything to do with that legacy hangover.
You shouldn't have been modded troll and I've been modding for years. Anyone who complains that any program doesn't fully support a draft standard is Loony-Toons. In a perfect world, the draft and the approved standards would be the same but as I've noticed over the last three decades, this world is a far piece from perfect. The only excuse for that mod is sheer anti-MS bias. Stupid.
As a (multi-disciplinary) systems engineer, I deal in reality and I'm nobodys fanboi but I know when the ideal meets the real that a train-wreck is about to happen. Maybe HTML 5 won't be a train-wreck but I definitely won't hold my breath until a perfectly compliant browser, especially without a massive dev team, is released. Been there, done that, burned the t-shirt and myself with it too many times.
I never said laptops used PCMCIA for graphics and asserted that it would be impossible to try. As for using PCIe, none of the ones around here do and I've worked on more the few of late. So... it's news to me. So noted and thanks!
'Cause the PCMCIA interface spec can't support the data transfer rates required. We'd need a newly engineered solution. Frankly I don't expect the notebook form factor, let alone netbooks, tablets and smartphones to continue in their current form factors. Research in materials science is yielding ever more interesting materials to work with to come up with more desirable form factors. I can somewhat see where it will end up but expect a rapid turnover in approaches for the next decade.
In the United States of America, the interception of communications (letters and then later electrical and electronic communications) between US citizens and foreigners predates the Constitution and has been practiced continually. Hell, Gen. Washington, later President Washington and the Continental Congress and later the US Congress authorized this. It has always been standard practice that the opening and copying of such communications is allowable by law. Only recently with the abuses by various police agencies has there supposedly been a curtailment in such activity. In all actuality, the Patriot act only extends past practice to all citizens rather than communications between citizens and foreigners.
Actually given the historical record, in all truth, TFA could be marked "Nothing new to see here, move along." Sad but true.
I'm glad I'm not the only one to notice this. The sheer volume of laws on the books at the federal level (18 USC for instance) practically insures non-compliance and as we all know (I see it on the bus nearly every day concerning selective service): Ignorance of the Law is No Excuse. Yeah, right. Frankly about the only one I know I'm in strict compliance is with the IRS codes but that's from exercising due diligence on my part. Of course, if we toss in state and local law, the task becomes absolutely impossible and I already know I'm in violation. Done any one here do any internet/mail order out of state lately? You too are probably in violation as well (US and only in most states).
Actually it was for that reason the UNHRC was replaced in 2006 with United Nations Human Rights Council although it is still subject to criticism about its makeup again.
One thing you have to understand about the UN is that for far too many nations the world over, the UN is that country's dumping ground for the political opposition (send them to the USA or Switzerland!), incompetent(get them far away!), or corrupt (unusual but it does happen). All too frequently. So it is no wonder that it is totally dysfunctional.
If you expect to have a functional organization that works within it's charter, you'll have to change that.
That and the IMF. International development was one of my three areas of study, econometrics being number one and international finance and investment being number three. [I figured if nothing else, I could become a factor since I knew and was extremely comfortable in Asia.] For my final paper I selected the Grameen Bank, barely known then although The Economist had recently run an article, as it was completely counter to the the involvement of any international agency and remarkably successful. Micro-loans work. So far as I can tell, nothing else does and I'm thoroughly wedded to what works. Must be my (born) engineering background;-).
I wouldn't necessarily say corrupt. More accurately they think they can join the NSA and other big (black) budget agencies. Perhaps they have some way to do it on the cheap but I find that highly unlikely. I'm not downplaying the caliber of their people, some of the best and brightest I've ever encountered in academics were trained in their schools. It's the cheap, i.e. low cost, aspect which is almost certainly not achievable.
While it doesn't play much in the US press, they really do have a significant problem with terrorists of one sort or another as does Pakistan. I can understand what they are trying to do (network mapping). I wish them luck. Who knows, we might learn something new from them. Not the first time.
Slashdot Mirror
Minor correction. The actual classification for that information is "Nuclear" not Top-Secret (TS) or even SAP/SAR (Special Access Program/Special Access Required). You can have a Nuclear clearance and have a much lower overall clearance, say Secret which covers things like encryption equipment, for instance.
And that's been a concern of mine since the supposed standardization process became the grail of vendors. Most everyone (actually ever vendor it seems) is mostly concerned with getting every feature into their hardware and software during the pre-draft stage rather than getting a standard and then building their widget(s). Frankly, if I designed and built things that way in, say, nuclear engineering (one of my disciplines), I'd be justly brought up on charges. Yet we allow that in devices that are being used day-in and day-out for, say, medicine. That doesn't even address security defects and bugs that inherently happen in rushed designs.
Off-topic: Love the sig. Maybe it should be, occasionally, coded in EBCDIC ;-).
Which is what separates, in my not so humble opinion, software 'developers' from software engineers. Then again, if I fragged up and someone was hurt or died, or there was a large amount of damage, as a result of negligent software engineering on my part, I was going to a federal prison to be guarded by a bunch of pissed off Marines (who really don't want to be there in the first place!). "The prospect of being hanged in a fortnight concentrates the mind wonderfully."
I have been engineering formally verified code for almost four decades now, it's part of my mental toolkit here. Frankly, I'm surprised that not everyone does it but given the sheer amount of buggy crap out there, I suppose I really shouldn't be surprised.
We have all the functionality of a supercomputer sitting in more than a few machines as nVidia has so lovingly demonstrated with CUDA, Fermi and Tesla. Now we have the browser able to harness that hardware functionality via the DirectX and OpenGL API's. Should it be any surprise that given a new threat vector right into the heart of the machine with API's that are most definitely not designed with security in mind, that something bad can happen?
I'm just waiting for the hijack that takes over your graphics card and does SETI@Home or Folding@Home behind your back.
How did this score insightful? The last vestiges of "We, the People ..." existed just prior to the Civil War, during which the right of Habeus Corpus was revoked (suspended, {snort}), the right of secession was abrogated (even Northern States reserved the right of secession in voting to approve the Constitution), Congressmen were stripped of office even after the war was over, and literally thousands of war crimes were committed. I'm former career military and I know exactly what constitutes a war crime. If we are going to delve into the historical record, at least get it right.
It should be no surprise that America saw the rise of the various Trusts during the post-Civil War period, to be followed by national corporations during and after WWI, and finally the rise of the multi-nationals during and after WWII. Each cycle only results in a further power-grab and aggrandizement. Should it be any surprise after 9/11 we saw even more examples. Patriot Act? Consolidation of the various police agencies into one (monolithic if they get their way) department? Monitoring of the so-called 'dangerous and violent groups'? I would have thought that TPTB would have learned their lesson from the '60's FBI but I would be wrong. Santayana said "[t]hose who do not remember the past are condemned to repeat it. " I say those who do not know the past are condemned to suffer worse.
BTW, I am most definitely not a Southerner but the record of history speaks for itself.
Only if you are un-American/pro-MKS ;-). For me it means Nautical Mile (equivalent to 2000 yards) but I'm qualified as helmsman, quartermaster, and navigator of the watch including under-way refueling.
Actually, no more than an SSN is required. I just searched Google on my SSN and turned up some interesting information, such my full name and that it was in use in New Mexico at one time, as well as my current location. I've never been to New Mexico. That could explain some recent phone calls concerning credit cards and addresses that I never lived at.
Funny? Actually, perhaps real. Operators are functions that map the operands to a result. If the mapping changes over time, the mapping may be non-constant with constant operands. Something to ponder when you have time ;-).
Sorry but that is most definitely not the way I work. Implementing a draft is absolutely stupid in my not so humble opinion. Should something change between the draft and the release you have a broken version out there somewhere, most likely a hell of a lot of somewheres since there are a lot of people, in the millions, who do not update their software when appropriate. Furthermore, I know from the perspective of a systems administrator*, deployment of a new version in any reasonable context is not going to take place until you've kicked the tires and tried to break whatever version is released.
In my world you release a version that complies with documented, extent standards. Perhaps you may allow for a setting within the software to enable draft standard compliance but I'm even leery of that. Where I worked, it wasn't your job on the line, it was your freedom, benefits and if you screw up enough to get someone killed as a result of doing something , probably your life. Did that make me risk adverse? Nope. Just extremely intent on managing risk something that most people just don't get. [Bruce Schneier, et. al.]
[* - At one time, I was responsible for, administered, maintained, and repaired five mainframes, eighteen mini-computers, 575 desktop computers and I never got a real handle on how many laptops but well over two hundred that I had logged. This was in addition to my other duties. And yes being responsible for a laptop population whose absolute total membership I had no control for was not a situation that I was exactly (?!!!) comfortable with. More than a few computers were also TEMPEST certified to keep life even more interesting.]
"I wouldn't bet my life on it."
Frankly, I find it highly unlikely that I'll ever become a successful target given my penchant for multiple layers, deep scanning, and extensive (signature and behavioral) monitoring (including honey pots) but given the shoddy state of affairs with software development these days, I have no faith that I'll forever be malware free. I've even found verified infections in software by Fortune 500 companies. Not good.
;-).
Speaking as, among many other things, a successful software engineer I don't know what to call the individuals turning out most of the garbage that masquerades as release (gold) software today. Code-jockeys? Amateurs? Whatever. What I created over a quarter century was defect free packages (and they were not small) 'cause I was betting my life every time. Military Justice ain't nice; your punishment was whatever a Court Marshal may direct including life at hard labor or death. As Samuel Johnson put it: "The prospect of being hanged in a fortnight concentrates the mind wonderfully." [Stepping of the Soapbox]
Using a bare-metal hypervisor does add a bit to the complexity of the software but as to the hardware, there's no additional complexity here. Even the iSCSI SAN is just another virtual appliance or custom deliverable (NexentaStor Community Edition is very suitable) and the underlying hardware can be bought at Egghead, Tiger Direct, or their competitors. There's nothing fancy here, just extreme care in component selection and a few tweaks to internal hardware registers when needed. If anything, the hypervisors here act as a reduced attack surface in many respects, are far easier to monitor, if you know what you are doing, and have the positive benefit that if a piece of malware or a determined crack is successful and successfully detected, restoration from a snapshot or golden image reduces the over all "cost" of such an attack.
About the only thing I have to do differently here is that I route the internal virtual network out one physical network connection and back in another one so I can attach my monitoring to something real. There is no way I can afford the virtual switches given a personally funded budget. My whole goal for the last decade has been to operate fairly safely in a hazardous environment and its getting very rough out there. The last time a piece of malware successfully attacked one of my machines was 1989, wasn't even on a PC (it was an Amiga) and occurred while I was insuring that the CompuServe Amiga libraries remained virus free.
"Just because your paranoid doesn't mean they aren't out to get you"
Actually I use all of the above save Safari. [Me and Apple related stuff don't get along. I can even crash current Macs just using them normally. Well, normally for me.] Each browser has its virtues and its warts. And in my setting, all of them usually run as a virtual appliance since all of them could, hell probably have, 0-days and currently unpublicized vulnerabilities. Fact of life, deal with it. Since I normally 'power-off' the VA rather than save it, any crack ain't going very far. I've been doing this since VMWare started releasing betas way back around the turn of the millenium. [Its why I virtualized my browsers and servers in the first place. Security and ease of recovery. Consolidation once computers became powerful enough was just a side benefit.]
Here IE is only used on Microsoft sites and in beta-testing. Otherwise, it's usually FF since I have it customized my way. A ton of security extensions, especially Reverse DNS, and my current favorite shadow theme. Opera is just sweet and doesn't get the attention it deserves.
Just my $.02
A far more apt analogy! Those that don't work in large organizations, and I have worked in two of the largest on the planet, know about the legacy effect. SOA exists for a reason and that reason has everything to do with that legacy hangover.
You shouldn't have been modded troll and I've been modding for years. Anyone who complains that any program doesn't fully support a draft standard is Loony-Toons. In a perfect world, the draft and the approved standards would be the same but as I've noticed over the last three decades, this world is a far piece from perfect. The only excuse for that mod is sheer anti-MS bias. Stupid.
As a (multi-disciplinary) systems engineer, I deal in reality and I'm nobodys fanboi but I know when the ideal meets the real that a train-wreck is about to happen. Maybe HTML 5 won't be a train-wreck but I definitely won't hold my breath until a perfectly compliant browser, especially without a massive dev team, is released. Been there, done that, burned the t-shirt and myself with it too many times.
I never said laptops used PCMCIA for graphics and asserted that it would be impossible to try. As for using PCIe, none of the ones around here do and I've worked on more the few of late. So... it's news to me. So noted and thanks!
'Cause the PCMCIA interface spec can't support the data transfer rates required. We'd need a newly engineered solution. Frankly I don't expect the notebook form factor, let alone netbooks, tablets and smartphones to continue in their current form factors. Research in materials science is yielding ever more interesting materials to work with to come up with more desirable form factors. I can somewhat see where it will end up but expect a rapid turnover in approaches for the next decade.
He (?) did a nice job of it too.
In the United States of America, the interception of communications (letters and then later electrical and electronic communications) between US citizens and foreigners predates the Constitution and has been practiced continually. Hell, Gen. Washington, later President Washington and the Continental Congress and later the US Congress authorized this. It has always been standard practice that the opening and copying of such communications is allowable by law. Only recently with the abuses by various police agencies has there supposedly been a curtailment in such activity. In all actuality, the Patriot act only extends past practice to all citizens rather than communications between citizens and foreigners.
Actually given the historical record, in all truth, TFA could be marked "Nothing new to see here, move along." Sad but true.
I'm glad I'm not the only one to notice this. The sheer volume of laws on the books at the federal level (18 USC for instance) practically insures non-compliance and as we all know (I see it on the bus nearly every day concerning selective service): Ignorance of the Law is No Excuse. Yeah, right. Frankly about the only one I know I'm in strict compliance is with the IRS codes but that's from exercising due diligence on my part. Of course, if we toss in state and local law, the task becomes absolutely impossible and I already know I'm in violation. Done any one here do any internet/mail order out of state lately? You too are probably in violation as well (US and only in most states).
Actually it was for that reason the UNHRC was replaced in 2006 with United Nations Human Rights Council although it is still subject to criticism about its makeup again.
One thing you have to understand about the UN is that for far too many nations the world over, the UN is that country's dumping ground for the political opposition (send them to the USA or Switzerland!), incompetent(get them far away!), or corrupt (unusual but it does happen). All too frequently. So it is no wonder that it is totally dysfunctional.
If you expect to have a functional organization that works within it's charter, you'll have to change that.
I'm surprised you stuck with this as many times as you did.
That and the IMF. International development was one of my three areas of study, econometrics being number one and international finance and investment being number three. [I figured if nothing else, I could become a factor since I knew and was extremely comfortable in Asia.] For my final paper I selected the Grameen Bank, barely known then although The Economist had recently run an article, as it was completely counter to the the involvement of any international agency and remarkably successful. Micro-loans work. So far as I can tell, nothing else does and I'm thoroughly wedded to what works. Must be my (born) engineering background ;-).
I wouldn't necessarily say corrupt. More accurately they think they can join the NSA and other big (black) budget agencies. Perhaps they have some way to do it on the cheap but I find that highly unlikely. I'm not downplaying the caliber of their people, some of the best and brightest I've ever encountered in academics were trained in their schools. It's the cheap, i.e. low cost, aspect which is almost certainly not achievable.
While it doesn't play much in the US press, they really do have a significant problem with terrorists of one sort or another as does Pakistan. I can understand what they are trying to do (network mapping). I wish them luck. Who knows, we might learn something new from them. Not the first time.