I was actually quite shocked when the Economist site went free. Beats me why - those were high-quality articles I was willing to pay for. As in, pay to access the site.
Huh? They still charge for complete access - they've had partial free access since I first got a print subscription however many years ago, similar to Consumer Report's site and the Wall Street Journal.
I cannot imagine that they actually decrypted the video. If it was encrypted it would have been FIPS-140-2 compliant. None of the approved ciphers on the FIPS-140-2 could be cracked in the four months since the twitter post.
That presumes the video wasn't encrypted on some legacy system that has been grandfathered in because updating it wasn't enough of a budgetary priority. Once up a time DES was good enough, but we can crack DES relatively easily nowadays. Someone else has suggested they grabbed it off an encrypted satellite feed. Just guessing here, but even a 15 year old bird would probably be stuck with DES as even 3DES wasn't a standard until ~1998.
Well, provided that "...Qubes supports secure copy-and-paste and file sharing between the AppVMs" I'll let it opened to your own imagination.
One narrowly defined point of access to the other VMs is orders of magnitude easier to secure than the way it works now. It's the security equivalent of putting all your eggs in one basket and then watching that basket really, really closely.
There's a big difference between HIPAA and the war on drugs, one is an enforceable regulation on a corporate activity the other is an unenforcable prohibition on a social activity.
Forest and trees dude, forest and trees.
The point being illustrated is that, "Just remember the vast majority of laws are there because someone abused something to the detriment of many. The law may not be perfect but having it is better than the alternative." is demonstrably false, drug laws being just one hugely blatant example where the law is NOT better than the alternative.
Just to indulge you though - HIPPA is not enforceable any more than most drug laws are, the amount of effort it would take for consistent enforcement of HIPPA is gynormous. Ask just about anyone who works in the medical field with more than a cursory understanding of HIPPA and they'll tell you that HIPPA violations are rampant. The primary reason so few are punished is because only rarely does a violation lead to harm and of those, so few can actually be traced back to the original violation.
I am not going to get into a debate on just how stupid the average person is.
Well, given that your entire rebuttal is based on that belief I guess you don't really have much to say. Just be aware that you are well on the path to authoritarianism with that belief system.
The succession of newer, higher capacity formats stretches way back before blu-ray. Personally, I think that the fact that, since CD-ROM, there's been a focus on allowing older media to play in newer devices is a good thing.
I agree. For most people, this is no different than the transition from CDs to DVDs, they are just trying to leverage the branding by sticking with the BD in the name.
What's worse - BD-XL with backwards compatible hardware or trying to read a 5.25" floppy disk on a 3.5" floppy drive?
(HP-UX horrible - nothing behave quite how it should. I'd be surprised if the thing really passed POSIX conformance without some money under the table.)
Lol. POSIX doesn't mean crap. POSIX was just a bunch of unix vendors who got together and wrote a 'standard' that was loose enough to cover all the idiosyncrasies of most their current implementations with a little hog-trading thrown in for some of the outliers.. In a way it was like RFCs - implementations were used as part of the process to define the final draft. But, the main difference is that a good RFC is purposely precise while most of POSIX is purposely vague.
The Republican party has been subverting the Constitution since it's inception.
Hell, the very idea of political parties is a subversion of the constitution - where loyalty to the party is more important than loyalty to the country.
Does this mean the end of Itanium? Will it be missed, or was it destined to be another DEC Alpha waiting for its last sunset?
Kinda funny to make that comparison since the Alpha was killed to enable the Itanium. (Long story involving HP making a deal with Intel to hand over the last of PA-RISC/Itanium processor development to Intel and DEC killing Alpha at the same time to clear out the market since HP was in the process of purchasing DEC/Compaq, although the acquisition was not yet public at the time of the cpucide).
But I doubt its the end of Itanium. Itanium models have things that even the latest Xeons don't in terms of RAS. Most customers don't care about the level of fault tolerance and reliability, but the ones who can't migrate to linux (or Windows) because they are dependent on features of more proprietary OSes like Tandem (now HP) NonStop do need Itanium, and their software is unlikely to be ported to x86 anytime soon (it took at roughly 4 years to get NonStop ported to Itanium to begin with).
What do you mean by "that?" My belief that if people weren't mislead into trusting corporations that they would be less cooperative? Or that HIPPA is minimally effective? Or something else that you've projected on to my writings that I didn't say?
Just remember the vast majority of laws are there because someone abused something to the detriment of many. The law may not be perfect but having it is better than the alternative.
I don't agree that laws which are the equivalent of "doing something, anything, just do something!!" are better than encouraging people to think critically about their own risk exposure.
Certainly the case of "The War On Drugs" is a behemoth of a counter example to your claim - look at Portugal for example, 100% legalization since 2001, even meth and cocaine and the result? Less % of the Portuguese have used marijuana than % of Americans who have used cocaine and no incarceration bills versus 30%+ of US inmates serving time for non-violent drug offenses.
Yeah, free market all the way, baby -- I mean, look what getting rid of regulation did for our banking choices!
You seem to misunderstand my point. The current situation with respect to HIPAA is more akin to regulatory capture than it is to actual regulation. Same thing with the result of the CDO fiasco and follow-on failures in banking - if the banks had not so effectively captured their own regulatory agencies and the entire government beyond them, we probably wouldn't have seen so many people willing to 'risk' all that money in the first place, and we definitely would not have seen the massive bailout that followed.
The idea being here that bank industry's excessive risk taking was enabled by the acceptance of that risk by the government. Similarly, the risk taking that public does with their own private health information is enabled by their belief that the risk has being shouldered by the government via regulations. The big difference being that the banks are able to force the government to take on the consequences of that risk, we regular people are not.
Would you really rather go back to a time when the same companies didn't care?
I think I would because I would like to see the follow-on effects. I believe that most of HIPPA is smoke & mirrors, that violations are rampant and the requirements full of loopholes thus it gives a false sense of security to the public. I would rather the public be made acutely aware of the risks and that instead of just trusting that the law will protect the public, that we start relying on other mechanisms, like minimizing the data we give to health care companies and allow them to keep. It's a lot simpler to avoid disclosing data you don't have than it is to build up a wall of fallible procedures around the data instead.
their security programs are driven mainly by compliance, rather than protection (PDF).
Sadly, this seems to be the way of the world. Even the things you would expect to be high-security, like classified information, tends to get this sort of treatment. I like to call it "Checklist Security" because most of the people doing security work are more interested in checking off steps an official procedure to CYA themselves than to make sure that whatever they are trying to protect is actually secured.
The TSA is another classic example - no containers of liquid greater than 100ml on the plane because that's on the checklist, but indiscriminate dumping of hundreds of them into one big trash bucket next to 30+ people in line at the checkpoint is fine because that's not on the checklist.
You underestimate the power of the Dark Side........ of marketing!
*This message brought to you by The Empire... err, Apple.
Absolutely. At least one sitcom last week was nothing more than a 30-minute advertisement for the ipad - Modern Family. It was obviously shot well before the release of thing, yet they had at least one functioning unit for the show to "demo" to its audience so Apple clearly paid for what may be the biggest product placement yet (although the Avatar hype on an episode of Bones where the geeks get lucky with a smokin hot hippie chick while waiting in line to see the movie is probably a close second).
I sincerely hope that we can both minimize civilian (and "civilian") losses, and still win; I am unconvinced that we can.
The problem with your analysis is your definition of "win." It's a modern version of "win the battle, lose the war" approach. Failing to minimize civilian causalities will lose us the war, full stop. That's why there are so many new restrictions on combat, not out of some sort of dogooder ideal that's "compatible with the enemy's goals."
Canada has even more guns per capita and less homicide rate due to their strict enforcement of gun laws.
Oh really? If you ask Michael Moore, you know that anti-gun demon that conservatives love to vilify, he'll tell you it has nothing to do with Canadian gun laws - laws which weren't particularly strict until just a few years ago - he'll tell you it is mostly about fear, the canadian press isn't a bunch of fear-mongering idiots like the american press is. When people aren't scared witless of their neighbors and fellow humans, they tend to be less trigger-happy.
I've had quite a lot of interaction (non-adversarial) with Chicago cops in that time.
What would you expect? You are directly helping them. The worst thing someone in your position is likely to witness is maybe some 'locker-room talk' about some crazy shit they got away with that no regular citizen could ever get away with. But that's only going to happen if the cop is blindly arrogant or if they think that you are "one of them." Otherwise, any cop with even half a brain is going to keep his mouth shut.
I'm not saying all cops are bad; I'm just saying your anecdote is, at best, no more convincing than the AC you responded to and probably somewhat less since he did find himself thrust into an adversarial interaction with the police union, although he didn't realize until afterward.
someone takes a copyright image and XORs it with random data taken from some publicly avalaible list of random numbers. If they host this image it's not violating any copyright. it's just a random piece of crap.
This premise is faulty. It is a derivative work - one with zero additional creative expression for that matter. Just because it isn't obviously a derivative work without the right context doesn't make it less so.
Sounds like they have a problem with immature police officers as well. Hopefully the officers got reprimanded for doing that.
I believe it has been reported that the reason they sent the photos out was as an cautionary example of why one should not text and drive at the same time, It isn't like they did it out of a sick sense of humor.
It would have been very easy to release the video tape, but it was not... WHY ?
Sure, that's pretty suspicious, but even if the sharp dressed man is CIA or something, no one has said that he escorted the guy past security checkpoints.
I was actually quite shocked when the Economist site went free. Beats me why - those were high-quality articles I was willing to pay for. As in, pay to access the site.
Huh? They still charge for complete access - they've had partial free access since I first got a print subscription however many years ago, similar to Consumer Report's site and the Wall Street Journal.
I cannot imagine that they actually decrypted the video. If it was encrypted it would have been FIPS-140-2 compliant. None of the approved ciphers on the FIPS-140-2 could be cracked in the four months since the twitter post.
That presumes the video wasn't encrypted on some legacy system that has been grandfathered in because updating it wasn't enough of a budgetary priority. Once up a time DES was good enough, but we can crack DES relatively easily nowadays. Someone else has suggested they grabbed it off an encrypted satellite feed. Just guessing here, but even a 15 year old bird would probably be stuck with DES as even 3DES wasn't a standard until ~1998.
Would the leak about how the leak happened be hosted on wikileaks, or do we need a WikiLeaksLeaks?
They would host it.
They hosted a leak of their own donor list.
Well, provided that "...Qubes supports secure copy-and-paste and file sharing between the AppVMs" I'll let it opened to your own imagination.
One narrowly defined point of access to the other VMs is orders of magnitude easier to secure than the way it works now. It's the security equivalent of putting all your eggs in one basket and then watching that basket really, really closely.
The government was forced its hand not directly because of how regulation was handled, but directly because of the size of the market participants.
Yeahhh, not so much. That's the line the public was sold on amidst the hysteria of the moment.
If you don't believe that regulatory capture was part of the process, just look at how many 'former' wall-street guys came in with Obama.
Not everybody is a programmer.
Everybody is a programmer, just not necessarily a computer programmer.
There's a big difference between HIPAA and the war on drugs, one is an enforceable regulation on a corporate activity the other is an unenforcable prohibition on a social activity.
Forest and trees dude, forest and trees.
The point being illustrated is that, "Just remember the vast majority of laws are there because someone abused something to the detriment of many. The law may not be perfect but having it is better than the alternative." is demonstrably false, drug laws being just one hugely blatant example where the law is NOT better than the alternative.
Just to indulge you though - HIPPA is not enforceable any more than most drug laws are, the amount of effort it would take for consistent enforcement of HIPPA is gynormous. Ask just about anyone who works in the medical field with more than a cursory understanding of HIPPA and they'll tell you that HIPPA violations are rampant. The primary reason so few are punished is because only rarely does a violation lead to harm and of those, so few can actually be traced back to the original violation.
I am not going to get into a debate on just how stupid the average person is.
Well, given that your entire rebuttal is based on that belief I guess you don't really have much to say.
Just be aware that you are well on the path to authoritarianism with that belief system.
The succession of newer, higher capacity formats stretches way back before blu-ray. Personally, I think that the fact that, since CD-ROM, there's been a focus on allowing older media to play in newer devices is a good thing.
I agree. For most people, this is no different than the transition from CDs to DVDs, they are just trying to leverage the branding by sticking with the BD in the name.
What's worse - BD-XL with backwards compatible hardware or trying to read a 5.25" floppy disk on a 3.5" floppy drive?
(HP-UX horrible - nothing behave quite how it should. I'd be surprised if the thing really passed POSIX conformance without some money under the table.)
Lol. POSIX doesn't mean crap. POSIX was just a bunch of unix vendors who got together and wrote a 'standard' that was loose enough to cover all the idiosyncrasies of most their current implementations with a little hog-trading thrown in for some of the outliers.. In a way it was like RFCs - implementations were used as part of the process to define the final draft. But, the main difference is that a good RFC is purposely precise while most of POSIX is purposely vague.
The Republican party has been subverting the Constitution since it's inception.
Hell, the very idea of political parties is a subversion of the constitution - where loyalty to the party is more important than loyalty to the country.
Does this mean the end of Itanium? Will it be missed, or was it destined to be another DEC Alpha waiting for its last sunset?
Kinda funny to make that comparison since the Alpha was killed to enable the Itanium. (Long story involving HP making a deal with Intel to hand over the last of PA-RISC/Itanium processor development to Intel and DEC killing Alpha at the same time to clear out the market since HP was in the process of purchasing DEC/Compaq, although the acquisition was not yet public at the time of the cpucide).
But I doubt its the end of Itanium. Itanium models have things that even the latest Xeons don't in terms of RAS. Most customers don't care about the level of fault tolerance and reliability, but the ones who can't migrate to linux (or Windows) because they are dependent on features of more proprietary OSes like Tandem (now HP) NonStop do need Itanium, and their software is unlikely to be ported to x86 anytime soon (it took at roughly 4 years to get NonStop ported to Itanium to begin with).
Box-checking mostly deserves its bad reputation, but I feel so sorry for it that I'm moved to defend it a little.
I'm a big fan of checklists as a tool.
But in the security domain too often they are an end rather than a means.
And that is why your delusions is worse.
What do you mean by "that?" My belief that if people weren't mislead into trusting corporations that they would be less cooperative? Or that HIPPA is minimally effective? Or something else that you've projected on to my writings that I didn't say?
Just remember the vast majority of laws are there because someone abused something to the detriment of many. The law may not be perfect but having it is better than the alternative.
I don't agree that laws which are the equivalent of "doing something, anything, just do something!!" are better than encouraging people to think critically about their own risk exposure.
Certainly the case of "The War On Drugs" is a behemoth of a counter example to your claim - look at Portugal for example, 100% legalization since 2001, even meth and cocaine and the result? Less % of the Portuguese have used marijuana than % of Americans who have used cocaine and no incarceration bills versus 30%+ of US inmates serving time for non-violent drug offenses.
Yeah, free market all the way, baby -- I mean, look what getting rid of regulation did for our banking choices!
You seem to misunderstand my point. The current situation with respect to HIPAA is more akin to regulatory capture than it is to actual regulation. Same thing with the result of the CDO fiasco and follow-on failures in banking - if the banks had not so effectively captured their own regulatory agencies and the entire government beyond them, we probably wouldn't have seen so many people willing to 'risk' all that money in the first place, and we definitely would not have seen the massive bailout that followed.
The idea being here that bank industry's excessive risk taking was enabled by the acceptance of that risk by the government. Similarly, the risk taking that public does with their own private health information is enabled by their belief that the risk has being shouldered by the government via regulations. The big difference being that the banks are able to force the government to take on the consequences of that risk, we regular people are not.
Would you really rather go back to a time when the same companies didn't care?
I think I would because I would like to see the follow-on effects. I believe that most of HIPPA is smoke & mirrors, that violations are rampant and the requirements full of loopholes thus it gives a false sense of security to the public. I would rather the public be made acutely aware of the risks and that instead of just trusting that the law will protect the public, that we start relying on other mechanisms, like minimizing the data we give to health care companies and allow them to keep. It's a lot simpler to avoid disclosing data you don't have than it is to build up a wall of fallible procedures around the data instead.
FWIW - PCI-DSS is a requirement of Visa, Mastercard, et al. Not the feds.
It is an acronym for "Payment Card Industry Data Security Standard."
their security programs are driven mainly by compliance, rather than protection (PDF).
Sadly, this seems to be the way of the world. Even the things you would expect to be high-security, like classified information, tends to get this sort of treatment. I like to call it "Checklist Security" because most of the people doing security work are more interested in checking off steps an official procedure to CYA themselves than to make sure that whatever they are trying to protect is actually secured.
The TSA is another classic example - no containers of liquid greater than 100ml on the plane because that's on the checklist, but indiscriminate dumping of hundreds of them into one big trash bucket next to 30+ people in line at the checkpoint is fine because that's not on the checklist.
You underestimate the power of the Dark Side ........ of marketing!
*This message brought to you by The Empire... err, Apple.
Absolutely. At least one sitcom last week was nothing more than a 30-minute advertisement for the ipad - Modern Family. It was obviously shot well before the release of thing, yet they had at least one functioning unit for the show to "demo" to its audience so Apple clearly paid for what may be the biggest product placement yet (although the Avatar hype on an episode of Bones where the geeks get lucky with a smokin hot hippie chick while waiting in line to see the movie is probably a close second).
I sincerely hope that we can both minimize civilian (and "civilian") losses, and still win; I am unconvinced that we can.
The problem with your analysis is your definition of "win." It's a modern version of "win the battle, lose the war" approach. Failing to minimize civilian causalities will lose us the war, full stop. That's why there are so many new restrictions on combat, not out of some sort of dogooder ideal that's "compatible with the enemy's goals."
Canada has even more guns per capita and less homicide rate due to their strict enforcement of gun laws.
Oh really? If you ask Michael Moore, you know that anti-gun demon that conservatives love to vilify, he'll tell you it has nothing to do with Canadian gun laws - laws which weren't particularly strict until just a few years ago - he'll tell you it is mostly about fear, the canadian press isn't a bunch of fear-mongering idiots like the american press is. When people aren't scared witless of their neighbors and fellow humans, they tend to be less trigger-happy.
I've had quite a lot of interaction (non-adversarial) with Chicago cops in that time.
What would you expect? You are directly helping them. The worst thing someone in your position is likely to witness is maybe some 'locker-room talk' about some crazy shit they got away with that no regular citizen could ever get away with. But that's only going to happen if the cop is blindly arrogant or if they think that you are "one of them." Otherwise, any cop with even half a brain is going to keep his mouth shut.
I'm not saying all cops are bad; I'm just saying your anecdote is, at best, no more convincing than the AC you responded to and probably somewhat less since he did find himself thrust into an adversarial interaction with the police union, although he didn't realize until afterward.
someone takes a copyright image and XORs it with random data taken from some publicly avalaible list of random numbers. If they host this image it's not violating any copyright. it's just a random piece of crap.
This premise is faulty. It is a derivative work - one with zero additional creative expression for that matter. Just because it isn't obviously a derivative work without the right context doesn't make it less so.
Sounds like they have a problem with immature police officers as well. Hopefully the officers got reprimanded for doing that.
I believe it has been reported that the reason they sent the photos out was as an cautionary example of why one should not text and drive at the same time,
It isn't like they did it out of a sick sense of humor.
It would have been very easy to release the video tape, but it was not... WHY ?
Sure, that's pretty suspicious, but even if the sharp dressed man is CIA or something, no one has said that he escorted the guy past security checkpoints.