So you're stating that if someone on the Moon were to fire some missiles at any target on the planet, missiles that would take a few days to reach the planet, nobody would be able to do anything about it? You're suggesting that a couple of days warning of an attack is insufficient to take any kind of precautions?
Stop putting words in his mouth -- he's obviously talking about moonsharks with lasers mounted on their heads....
With a big enough data set, then yeah, you'd have enough companies that did or didn't go out of business based on their security choices to make that meaningful. But that data set isn't that big, and the failure rate is too high.
True, and you'd also have to take into account the number of startups that didn't "start up" due to investing in physical security instead of putting that money into R&D.
If the government does it, then it should not be so wrong.
The reason we have a government is so that we can have strict controls on a small group of people who do what would otherwise be illegal. Somewhere along the line, we forgot about the strict controls, but that doesn't mean what they do should be suddenly legal.
This is the problem with security -- people tout how necessary these things are based on negative results. In other words, armed guards must be necessary because nobody has tried to rob the place at gunpoint.
It's just like all the paranoia around airport security -- because nobody has hijacked a plane, the TSA must be doing a good job, right?
To be fair, the same tautology is used in reverse -- physical security obviously isn't needed because nobody is ever caught by them.
What you really need is some logical tests and bet hedging. This is what went into seatbelt laws, whose results have been measurable, and have saved insurance companies a ton of money.
So... do startups with decent physical security on average make more of a profit than those without? This is the true measure of whether it's needed.
Of course, it's also like the bear metaphor -- if all the other startups have no physical security, getting some for yourself will mean that it'll be the OTHER guys who will get broken into.
Intellectual Property Crime Unit: London would be the worst crime drama ever. It would consist entirely of people sitting at desks, sending strongly worded emails.
No, that's the public-facing side. The show would primarily consist of intense politicking and arm-twisting from the likes of the BPI.
3 million plaintext numbers means that Adobe's PCI team rides the short PCI bus to work...
...or it means that the attackers did a memory dump, and that many numbers were in memory at that time. Unlikely, but possible. More likely that Adobe gets their PCI status revoked. Except that in this case, the data was encrypted. The attackers just hit a lot of systems and grabbed a lot of data. Sorting it out to make anything useful out of some of the DBs may be quite a bit of work.
However, they've got email addresses and source code. So they can forge emails from Adobe to their customers with links to trojanized "updates" without much difficulty.
The code could easily be identified and the source taken down. It might make its rounds on file sharing sites, but all it'll likely be good for is compiling yourself with little to no modifications to the code or for learning from (which would be its most valuable use).
No, I think we'll find its most valuable use will be in finding exploits and selling them on the black market. Not valuable to most people, but definitely to those who stole the data.
This shows the standard payment/accountability workflow. Usually the gateway and processor aren't the same; the gateway often stores card data, however.
In related news, it turns out Adobe will give you some sort of software if you give them a credit card number. What a crazy business model!
Not for long... their new business model is that they will let you have access to their cloud if you give them a credit card number, and keep paying them regularly.
Yeah; I was being a bit glib. But in this circumstance, I believe "no" is a legal (if not very pleasing to the government) answer, and they have to come back with something from the legislative branch. Obviously, the IRS can ask for your tax return and expect to get it.
The 1st and 4th amendments make what most other countries can do less easy.
While true, most other countries that depend upon the Internet for commerce have robust privacy laws that the US lacks.
So these privacy laws make what the US does less easy as well. That is to say, in both situations, the government has to work to weasel around established laws.
It's not a warrant. Email headers are not protected information under the law so all you need is a subpoena. Since they are disclosed to third parties there is no expectation of privacy under current law.
It's the same idea that the outside of the envelope that you give the postman is not protected. Nor is a list of phone numbers that you call.
I've been thinking about this. The idea with the original pen laws was that anyone could ask the people holding the information for it, and they could provide it, with no legal repercussions. The person who was the recipient (or sender) could not claim anything under freedom of speech or privacy laws.
HOWEVER, there is no law that I know of that requires me to divulge information to the government about someone else without a warrant. Sure, I'm protected if I decide to do it, but there's nothing compelling me to do it of my own free will.
In this case, LavaBit declined to provide it of their own free will, so the FBI got a (sealed) warrant. To this point, everything seems in order. LavaBit then delayed complying with that warrant, at which point the FBI shouted "bad faith" and asked the court for a warrant that would sidestep the issue -- but what they asked for was protected under privacy and possibly freedom of speech. LavaBit found ANOTHER "bad faith" method of complying with the letter of the law while not breaking the others; the court deemed this unacceptable, and LavaBit shut down. The Court then went after the man who had been the owner of LavaBit. This is all still sealed. The man hired a lawyer, who then asked that the information be unsealed, as there is no reason for it to be sealed. The court agreed, and so the information was unsealed.
It is interesting though that refusing to comply with the original request resulted in tainting the court's perception and acting towards them agreeing to a court order that should never have been made. The court would have been within their rights to start issuing sanctions against LavaBit for not complying with the original order in a timely manner, but they chose not to.
The same MIT study written up by a different mag was posted here a couple months ago.
But it's well worth reading again because this is one of the best-conceived, statistically rigorous, and thoroughly researched studies of the decade, period.
Seems to me that they're more going after the computer gaming crowd with an extra console-like box than after the console crowd directly. Of course, MS has also done this to some degree in the past, so there will be some competition here. But it's more that the computer gamers can now build/buy their top-of-the-line SteamBox to do their gaming. We may discover that instead of impacting N/M/S, this impacts people who were about to buy a new gaming PC -- they'll keep the one that's still good enough for web browsing and photo editing, and get a steambox or the equivalent for the actual gaming.
So how long will it be before the Silk Road is back up and running under the management of the Dread Pirate Roberts? I presume he had a cabin boy prior to being arrested... or was that how he got nabbed?
Speaking of Windows sounds: Ever hear a person say "h", "t", "t", "p", "colon", "backslash", "backslash",... ?
Incorrect. Several commercials for large, well known US companies often did that in the late nineties.
These ads you speak of, they said "backslash" when they meant "slash"? That's what GP was getting at by "Windows sounds" -- because people who'd only used Windows rarely used forward-slash, and thus might not realize the difference, or how the "back" got in the name of "backslash". (cf. DOS, where forward-slash was commonly used for switches, or Macs/UNIX/etc. where forward-slash was used as a path separator.) Personally, I suspect it was less about Windows as such, and more about the class of users who have exactly zero interest in computers and only learned enough about Windows to meet minimum competence to keep their office job.
Then too, I think old versions of IE would "help" users who actually typed backslashes in their URLs by silently correcting them instead of displaying an error message, which no doubt contributed to their failure to learn...
Yes, I remember DOS/Windows users thinking everything was a backslash back in the day... back then, Macs used the colon as a file separator, and the forward and backslash were used as textual elements.
But back in the beginning it really mattered what you typed as your prefix, because people were entering http:///gopher://ftp://telnet://mailto:, and many other things into their web browser, which could handle all of them. Originally I thought Mosaic was great because it provided a single place to handle my URIs no matter what protocol I threw at it. So the backslash was just Windows-based silliness, but the http itself was required, as the world-wide-web was only one small part of the Internet landscape.
Fast forward to today where people use hashtags and @s to draw you in, the "failed" Q-codes, and most people just put the domain as a plaintext link, because the browser (everyone's Internet Starting Place) will default to http unless you provide another handler.
And yes, IE (and eventually Netscape too, IIRC) auto-converted backslashes to forward slashes. They did a number of other neat things too, like removing spaces found before the path separator and handling IP addresses written in octal (still works -- try it!).
... did upset a lot of Americans who thought they were traitors.
"A lot of" Americans did not know what to think about them untl our glorious media chimed in to point them in the Right direction.
Our Glorious Media chiming in by itself accomplishes the same nothing that the initial leak accomplished... shifting mass perception of a subject. However, unlike the media, Snowden didn't do much editorializing, but left it to individuals to draw their own conclusions.
If a tree falls in Tines Square, you'd better bet that it'll not only make a noise, but that noise will be heard by butterflies around the world. You'll always get people blaming the tree planters, searching for the cause of the tree falling, arguing that Times Square shouldn't have been there in the first place, etc. THAT's what doesn't matter.
The reaction to the leaks shows that to many influential people, the leaks DO matter.
Since Dancing With The Stars, he's been working at Fusion-IO Looks like he's been developing distributed flash-based storage solutions. Not much solder, but plenty of design.
Airport's fault. No one should be able to drive their car right onto the runway, no matter what GPS or voice in their heads is telling them. Fire whoever runs this airport because they're a moron for not putting a fence up
I think it's pretty reasonable to think that a MILE of warning signs that you might get hit by a freaking plane is enough deterant.
And before you keep going on about physical security, remember that stupid is always going to find a way.
From TFA:
"They had to enter the airport property via a motion-activated gate, and afterwards there are many signs, lights and painted markings, first warning that aircraft may share the road and then that drivers should not be there at all.
"They needed to drive over a mile with all this before reaching the runway. But the drivers disregarded all that because they were following the directions given on their iPhones."
These aren't drunk frat boys pulling some shenaigans in the middle of the night. These are fully competent, licensed drivers who turned off their own brains and replaced them with iPhones. This is NOT the airport's fault. It's called personal responsibility.
I do wonder what would happen if Apple Maps told everyone to jump off a bridge....
Ummm, fixed "by" Wednesday means just that. If it's Wednesday, then it's supposed to be fixed. Fixed "on" Wednesday would give them until the EOD. By, in this context is synonymous with "before." So, if they said "It will be fixed before Wednesday," would you still say give them until the EOD?
i agree, if somebody said fixed before weds I would expect it to be done when I got to work weds morning. but if someone said fixed by weds, with no time specification, i wouldn't sweat the definition. seems overly harsh. just chillax! you must be a bear to work with.
I wonder... I presume Apple meant it'd be fixed by Wednesday Pacific Daylight Time -- as this is the BBC reporting, did they test in the 8 hour window before it was Wednesday in Fairbanks? Probably not, but it's worth asking.
Slashdot Mirror
So you're stating that if someone on the Moon were to fire some missiles at any target on the planet, missiles that would take a few days to reach the planet, nobody would be able to do anything about it? You're suggesting that a couple of days warning of an attack is insufficient to take any kind of precautions?
Stop putting words in his mouth -- he's obviously talking about moonsharks with lasers mounted on their heads....
With a big enough data set, then yeah, you'd have enough companies that did or didn't go out of business based on their security choices to make that meaningful. But that data set isn't that big, and the failure rate is too high.
True, and you'd also have to take into account the number of startups that didn't "start up" due to investing in physical security instead of putting that money into R&D.
If the government does it, then it should not be so wrong.
The reason we have a government is so that we can have strict controls on a small group of people who do what would otherwise be illegal. Somewhere along the line, we forgot about the strict controls, but that doesn't mean what they do should be suddenly legal.
Are security guards with guns really necessary?
This is the problem with security -- people tout how necessary these things are based on negative results. In other words, armed guards must be necessary because nobody has tried to rob the place at gunpoint.
It's just like all the paranoia around airport security -- because nobody has hijacked a plane, the TSA must be doing a good job, right?
To be fair, the same tautology is used in reverse -- physical security obviously isn't needed because nobody is ever caught by them.
What you really need is some logical tests and bet hedging. This is what went into seatbelt laws, whose results have been measurable, and have saved insurance companies a ton of money.
So... do startups with decent physical security on average make more of a profit than those without? This is the true measure of whether it's needed.
Of course, it's also like the bear metaphor -- if all the other startups have no physical security, getting some for yourself will mean that it'll be the OTHER guys who will get broken into.
The only thing that will save us from the massive dragnet of the NSA is apparently the incompetence of the NSA.
s/the NSA/Government Contractors/ -- it's the same thing that gave us Ed Snowden.
Intellectual Property Crime Unit: London would be the worst crime drama ever. It would consist entirely of people sitting at desks, sending strongly worded emails.
No, that's the public-facing side. The show would primarily consist of intense politicking and arm-twisting from the likes of the BPI.
3 million plaintext numbers means that Adobe's PCI team rides the short PCI bus to work...
...or it means that the attackers did a memory dump, and that many numbers were in memory at that time. Unlikely, but possible. More likely that Adobe gets their PCI status revoked. Except that in this case, the data was encrypted. The attackers just hit a lot of systems and grabbed a lot of data. Sorting it out to make anything useful out of some of the DBs may be quite a bit of work.
However, they've got email addresses and source code. So they can forge emails from Adobe to their customers with links to trojanized "updates" without much difficulty.
The code could easily be identified and the source taken down. It might make its rounds on file sharing sites, but all it'll likely be good for is compiling yourself with little to no modifications to the code or for learning from (which would be its most valuable use).
No, I think we'll find its most valuable use will be in finding exploits and selling them on the black market. Not valuable to most people, but definitely to those who stole the data.
http://img.docstoccdn.com/thumb/orig/72668443.png
http://www.java-samples.com/showtutorial.php?tutorialid=355
This shows the standard payment/accountability workflow. Usually the gateway and processor aren't the same; the gateway often stores card data, however.
In related news, it turns out Adobe will give you some sort of software if you give them a credit card number. What a crazy business model!
Not for long... their new business model is that they will let you have access to their cloud if you give them a credit card number, and keep paying them regularly.
Yeah; I was being a bit glib. But in this circumstance, I believe "no" is a legal (if not very pleasing to the government) answer, and they have to come back with something from the legislative branch. Obviously, the IRS can ask for your tax return and expect to get it.
The good think about the US is:
The 1st and 4th amendments make what most other countries can do less easy.
While true, most other countries that depend upon the Internet for commerce have robust privacy laws that the US lacks.
So these privacy laws make what the US does less easy as well. That is to say, in both situations, the government has to work to weasel around established laws.
It's not a warrant. Email headers are not protected information under the law so all you need is a subpoena. Since they are disclosed to third parties there is no expectation of privacy under current law.
It's the same idea that the outside of the envelope that you give the postman is not protected. Nor is a list of phone numbers that you call.
I've been thinking about this. The idea with the original pen laws was that anyone could ask the people holding the information for it, and they could provide it, with no legal repercussions. The person who was the recipient (or sender) could not claim anything under freedom of speech or privacy laws.
HOWEVER, there is no law that I know of that requires me to divulge information to the government about someone else without a warrant. Sure, I'm protected if I decide to do it, but there's nothing compelling me to do it of my own free will.
In this case, LavaBit declined to provide it of their own free will, so the FBI got a (sealed) warrant. To this point, everything seems in order. LavaBit then delayed complying with that warrant, at which point the FBI shouted "bad faith" and asked the court for a warrant that would sidestep the issue -- but what they asked for was protected under privacy and possibly freedom of speech. LavaBit found ANOTHER "bad faith" method of complying with the letter of the law while not breaking the others; the court deemed this unacceptable, and LavaBit shut down. The Court then went after the man who had been the owner of LavaBit. This is all still sealed. The man hired a lawyer, who then asked that the information be unsealed, as there is no reason for it to be sealed. The court agreed, and so the information was unsealed.
It is interesting though that refusing to comply with the original request resulted in tainting the court's perception and acting towards them agreeing to a court order that should never have been made. The court would have been within their rights to start issuing sanctions against LavaBit for not complying with the original order in a timely manner, but they chose not to.
The same MIT study written up by a different mag was posted here a couple months ago.
But it's well worth reading again because this is one of the best-conceived, statistically rigorous, and thoroughly researched studies of the decade, period.
I don't think that worked...
I disagree with girlintraining, just on principle. That will get me modded up.
This post has no useful content, so it will be modded down.
It is, however, very informative as to what kind of useless content it has, so it will be modded up.
None of this has anything to do with the hivemind effect the article's discussing, so I will be modded down.
The writing style, however, illustrates an indecisive caricature which some mod may find funny, so it will be modded up.
That's three up mods and only two down for an otherwise uninteresting post, so it will be considered overrated, and modded down.
I predict this post will be forgotten quickly and accomplish nothing... much like our Congress!
Political joke... it'll be modded up.
Truly, you have a dizzying intellect! Luckily, I've spent the last decade building up a resistance to Slashdot ramblings....
(Princess Bride reference yet again... what will happen?)
...and the Silk Road is only "mostly dead". I'm surprised nobody came up with that one in the past 11 hours.
Seems to me that they're more going after the computer gaming crowd with an extra console-like box than after the console crowd directly. Of course, MS has also done this to some degree in the past, so there will be some competition here. But it's more that the computer gamers can now build/buy their top-of-the-line SteamBox to do their gaming. We may discover that instead of impacting N/M/S, this impacts people who were about to buy a new gaming PC -- they'll keep the one that's still good enough for web browsing and photo editing, and get a steambox or the equivalent for the actual gaming.
So how long will it be before the Silk Road is back up and running under the management of the Dread Pirate Roberts? I presume he had a cabin boy prior to being arrested... or was that how he got nabbed?
PS: Anyone remember TWA flight 800? And then many years later we had 9/11. Is there something horrifically special about the American phone system?
I'll tell you about I-900, but it'll cost you....
Speaking of Windows sounds: Ever hear a person say "h", "t", "t", "p", "colon", "backslash", "backslash", ... ?
Incorrect. Several commercials for large, well known US companies often did that in the late nineties.
These ads you speak of, they said "backslash" when they meant "slash"? That's what GP was getting at by "Windows sounds" -- because people who'd only used Windows rarely used forward-slash, and thus might not realize the difference, or how the "back" got in the name of "backslash". (cf. DOS, where forward-slash was commonly used for switches, or Macs/UNIX/etc. where forward-slash was used as a path separator.) Personally, I suspect it was less about Windows as such, and more about the class of users who have exactly zero interest in computers and only learned enough about Windows to meet minimum competence to keep their office job.
Then too, I think old versions of IE would "help" users who actually typed backslashes in their URLs by silently correcting them instead of displaying an error message, which no doubt contributed to their failure to learn...
Yes, I remember DOS/Windows users thinking everything was a backslash back in the day... back then, Macs used the colon as a file separator, and the forward and backslash were used as textual elements.
But back in the beginning it really mattered what you typed as your prefix, because people were entering http:/// gopher:// ftp:// telnet:// mailto:, and many other things into their web browser, which could handle all of them. Originally I thought Mosaic was great because it provided a single place to handle my URIs no matter what protocol I threw at it. So the backslash was just Windows-based silliness, but the http itself was required, as the world-wide-web was only one small part of the Internet landscape.
Fast forward to today where people use hashtags and @s to draw you in, the "failed" Q-codes, and most people just put the domain as a plaintext link, because the browser (everyone's Internet Starting Place) will default to http unless you provide another handler.
And yes, IE (and eventually Netscape too, IIRC) auto-converted backslashes to forward slashes. They did a number of other neat things too, like removing spaces found before the path separator and handling IP addresses written in octal (still works -- try it!).
... did upset a lot of Americans who thought they were traitors.
"A lot of" Americans did not know what to think about them untl our glorious media chimed in to point them in the Right direction.
Our Glorious Media chiming in by itself accomplishes the same nothing that the initial leak accomplished... shifting mass perception of a subject. However, unlike the media, Snowden didn't do much editorializing, but left it to individuals to draw their own conclusions.
If a tree falls in Tines Square, you'd better bet that it'll not only make a noise, but that noise will be heard by butterflies around the world. You'll always get people blaming the tree planters, searching for the cause of the tree falling, arguing that Times Square shouldn't have been there in the first place, etc. THAT's what doesn't matter.
The reaction to the leaks shows that to many influential people, the leaks DO matter.
http://www.biography.com/people/steve-wozniak-9537334
Since Dancing With The Stars, he's been working at Fusion-IO
Looks like he's been developing distributed flash-based storage solutions. Not much solder, but plenty of design.
I still remember him for the universal remote....
I think we should start by ensuring the rights of human beings before anything else. Once we've done that, we'll look at AI rights.
But your solution is the antithesis to the OP's question....
Airport's fault. No one should be able to drive their car right onto the runway, no matter what GPS or voice in their heads is telling them. Fire whoever runs this airport because they're a moron for not putting a fence up
I think it's pretty reasonable to think that a MILE of warning signs that you might get hit by a freaking plane is enough deterant.
And before you keep going on about physical security, remember that stupid is always going to find a way.
From TFA:
"They had to enter the airport property via a motion-activated gate, and afterwards there are many signs, lights and painted markings, first warning that aircraft may share the road and then that drivers should not be there at all.
"They needed to drive over a mile with all this before reaching the runway. But the drivers disregarded all that because they were following the directions given on their iPhones."
These aren't drunk frat boys pulling some shenaigans in the middle of the night. These are fully competent, licensed drivers who turned off their own brains and replaced them with iPhones. This is NOT the airport's fault. It's called personal responsibility.
I do wonder what would happen if Apple Maps told everyone to jump off a bridge....
Ummm, fixed "by" Wednesday means just that. If it's Wednesday, then it's supposed to be fixed. Fixed "on" Wednesday would give them until the EOD. By, in this context is synonymous with "before." So, if they said "It will be fixed before Wednesday," would you still say give them until the EOD?
i agree, if somebody said fixed before weds I would expect it to be done when I got to work weds morning. but if someone said fixed by weds, with no time specification, i wouldn't sweat the definition. seems overly harsh. just chillax! you must be a bear to work with.
I wonder... I presume Apple meant it'd be fixed by Wednesday Pacific Daylight Time -- as this is the BBC reporting, did they test in the 8 hour window before it was Wednesday in Fairbanks? Probably not, but it's worth asking.