Wikipedia says that 20-40 g's is a survivable amount.
Military pilots can sustain 9 g for a significant time, and are able to well, pilot the plane while doing so.
Also, if the craft gets 10-20 g's, then the passengers can be cushioned/amortised to lessen the shock to them - so the 10-20 G figure doesn't exclude this solution.
I believe that you've misunderstood - the 'attack' is simply to provide known employees (for whom, presumably, the attacker can deduce the internal usernames) a web-form to register for something (in this case, it was a job opportunity); and then bet on the fact that the password they'll use for this other thing would be the same password that they use in day to day operations. And it worked. It doesn't need a great accuracy to be useful - 10% chance of a match is easily good enough.
"Hardly worth" ??? For such artists, 14 years from their first album is long enough to grow from obscurity to superstardom, become stinking rich, stop making music, and then die of drug overdose. Heck, some of them could do that in a single year.
I am exaggerating a bit, but really, if an album is worth making at all, then it is worth making even if you can make money from it for a couple years. Can't (and don't) they make new albums during 14 years ? In fact, such rules would make a financial motivation for them to keep creating further artworks all the time - and that's a Good Thing(tm).
There is little press about the fact in English - it's not a major concern for neither USA or British news services. Read http://english.people.com.cn/200401/01/eng20040101 _131677.shtml for example - but in Russian press it tends to be discussed more widely. Some of these provinces have passed regulations to allow the chinese workers to move in more freely, as they have a lot of arable land that is not used at all after the collapse of USSR sovhoz system, and any additional production (==taxes) that they can get is desperately needed to fund their social services.
In your China-webshop situation, shipments can be easily taxed at the customs office when arriving in the USA. They are taxed this way when I (in Europe) order stuff from USA.
The rural chinese population in overpopulated provinces next to Russia are quite eager to move to sparsely populated Russian lands - there they can live off the agriculture in the same way they are used to, while getting much larger tracts of land to work on - and thus more income.
"They're also designed to shut down if the software is hacked by users trying to circumvent DRM features. But GPLv3 would prohibit TiVo's no-tamper setup."
Well then, great news, isn't it:) If I own the TiVo, then I should be able to try and modify it's software - and with GPL that *MUST* be allowed, too bad that they've found some workaround for the current version of GPL that goes against the whole concept of the user being free to use and modify the code.
It is so easy as right and wrong. It is not right for the sysadmin to decide any of these things, nor even to attempt to evaluate that - ask your direct supervisor, HE is responsible for your productivity and happiness.
Around here we have a simple policy that any privilege requests (unless a lot of money is involved) get through with e-mail approval from your manager. If the manager wants something for himself, then he has to get approval from his manager. It all works quite nice.
On the other hand, teachers (just as any other people) should be able to openly, publicly party, drink, have wild promiscuous sex, and do any other legal activities as soon as their workday has ended - and not have to fear about her job or degree.
The school and parents can decide the rules for behaving and dressing in the classroom, but it's not appropriate, (IANAL) not legal, and not moral for them to have any say whatsoever about what she does in her private life.
And her private life (that's supposed to be none of her employers business) includes things that she does openly, in public places, or on the internet, or on public TV, as long as they are allowed by law.
For me as a software developer, the essential freedom I want is to be able to use my code - and what it becomes after modifications - for my future needs. GPL allows that, as any forks will still be free. BSD does not allow that, as company X can add tinyfeature Y and forbid me to use that modification.
Abolishing copyright suits me just as well - if company X adds tinyfeature Y and publishes it, I still may do whatever I want with the resulting product - since they can't claim copyright as well.
Maybe instead of creating a new project/codebase for each task, it would be more efficient to create a frontend (based on the same Blender codebase) that simply cuts away from user interface the 90% of functions that are unrelated for that one task ?
Parent said "And I guarantee you that after three years they won't print as they should---just a fact."
If this is so, then the only problem is that not everyone is bringing these printers back as defective. There is no techical reason not to make devices that survive the warranty period in 95% cases, not 5%.
"Theres a hundred ways an account can get an email" - of course, and the honeypot construction is completely irrelevant to the case, as long as they have not submitted these adresses directly to the defendant (subscribed; entered business relationship, etc, etc)
According to the anti-spam laws they are suing for, that would be the only legal way for these e-mails to be used in advertising.
They only have to prove that it was the defendant who sent these e-mails - it is pretty clear that the sending was illegal.
Tasks to deploy to the live environment should 100% match the tasks to deploy to the acceptance test (or staging, or whatever) environment.
If you don't have a proper test environment, then the problem is in this fact, not in dividing Dev/IT responsibilities.
I work in banking as well, and here, the developers are not allowed ANY access to the production environment, period.
An end user is an officer of the bank that is trained and authorised to transfer real money to/from customer accounts. No IT-developer has the right to even view the customer account balances. Some from IT-production technically can look, but Internal security guys do try to log and audit the records that they look at, and viewing a politician's/musicstar's bank account is considered a fireable offence.
In my workplace, the usual doctrine is that the transfer to UAT environment is also done only by the production team - in that way it ensures that 1) the installation instructions are clear and complete (or the tests would fail) and 2) you always transfer to live the exact same thing that was tested (instead of something with a 'tiny bugfix' added)
An analog TV channel takes up much more space in the spectrum than multiple channels of digital TV - the whole idea is to compress the TV band so that the spectrum can be used (sold) for other purposes; and no, you can't really transmit analog TV over a channel that has something else transmitted through it.
Actually, it might be not "several calculations" but even "several thousand calculations" - if your lookup table isn't in the cache, then it's not so fast anymore.
"I'd think the nmain problem was that the guy was let into the building and his activities not questioned. " Well, that's complete bullshit. By getting into the building all he gained was the access level of unpriviledged employee (temp worker or a vendor's consultant, for example). However, the main security problem was that such unpriviledged employees can sniff passwords and do real damage - and, since, most real attacks are performed by insiders, the fact that someone can "become" an insider is pretty useless. Any security issues should presume that the attacker has average-level employee access already - to prevent attacks such as this article, insider attacks, or someone bribing the insider to do something.
Bank security systems especially are (or attempt to, or should) be designed in such a way to prevent the employees from stealing money - and if you can accomplish that, then you already have prevented the posing-as-copier-service-guy attacks.
Such plan was considered in the very beginning, because even when the war was in process, the Kurds already had secured/liberated much of their territory - however, this was considered politically impossible because Turkey - NATO main ally in the region, from whose bases the war logistics were supplied - is completely opposed to an independent Kurd country. And so USA won't do this even now (although the Kurd movement rightfully can feel betrayed by this).
Exactly, the market will provide some solution. Do look at the situation in Somalia (at least a year ago, before the islamists started returning order to the country), with the gunmen-for-hire as a major part of any business, especially anything somehow involving transportation through countryside. I still would prefer a low quality law-order of a corrupt government than such anarcho-capitalism.
Slashdot Mirror
Well, http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.g ov/19980223621_1998381731.pdf (a link from wikipedia entry on G-force) says that untrained humans are able to stand 17 g's for a prolonged time without any harm. With some cushioning/dampening/special suits passengers should survive 20 g's easily, since research like http://csel.eng.ohio-state.edu/voshell/gforce.pdf says that 40 g's are reasonable for rapid deceleration.
Wikipedia says that 20-40 g's is a survivable amount.
Military pilots can sustain 9 g for a significant time, and are able to well, pilot the plane while doing so.
Also, if the craft gets 10-20 g's, then the passengers can be cushioned/amortised to lessen the shock to them - so the 10-20 G figure doesn't exclude this solution.
I believe that you've misunderstood - the 'attack' is simply to provide known employees (for whom, presumably, the attacker can deduce the internal usernames) a web-form to register for something (in this case, it was a job opportunity); and then bet on the fact that the password they'll use for this other thing would be the same password that they use in day to day operations. And it worked. It doesn't need a great accuracy to be useful - 10% chance of a match is easily good enough.
"Hardly worth" ???
For such artists, 14 years from their first album is long enough to grow from obscurity to superstardom, become stinking rich, stop making music, and then die of drug overdose. Heck, some of them could do that in a single year.
I am exaggerating a bit, but really, if an album is worth making at all, then it is worth making even if you can make money from it for a couple years. Can't (and don't) they make new albums during 14 years ? In fact, such rules would make a financial motivation for them to keep creating further artworks all the time - and that's a Good Thing(tm).
There is little press about the fact in English - it's not a major concern for neither USA or British news services. Read http://english.people.com.cn/200401/01/eng20040101 _131677.shtml for example - but in Russian press it tends to be discussed more widely. Some of these provinces have passed regulations to allow the chinese workers to move in more freely, as they have a lot of arable land that is not used at all after the collapse of USSR sovhoz system, and any additional production (==taxes) that they can get is desperately needed to fund their social services.
In your China-webshop situation, shipments can be easily taxed at the customs office when arriving in the USA. They are taxed this way when I (in Europe) order stuff from USA.
The rural chinese population in overpopulated provinces next to Russia are quite eager to move to sparsely populated Russian lands - there they can live off the agriculture in the same way they are used to, while getting much larger tracts of land to work on - and thus more income.
"They're also designed to shut down if the software is hacked by users trying to circumvent DRM features. But GPLv3 would prohibit TiVo's no-tamper setup."
:) If I own the TiVo, then I should be able to try and modify it's software - and with GPL that *MUST* be allowed, too bad that they've found some workaround for the current version of GPL that goes against the whole concept of the user being free to use and modify the code.
Well then, great news, isn't it
It is so easy as right and wrong. It is not right for the sysadmin to decide any of these things, nor even to attempt to evaluate that - ask your direct supervisor, HE is responsible for your productivity and happiness.
Around here we have a simple policy that any privilege requests (unless a lot of money is involved) get through with e-mail approval from your manager. If the manager wants something for himself, then he has to get approval from his manager. It all works quite nice.
On the other hand, teachers (just as any other people) should be able to openly, publicly party, drink, have wild promiscuous sex, and do any other legal activities as soon as their workday has ended - and not have to fear about her job or degree.
The school and parents can decide the rules for behaving and dressing in the classroom, but it's not appropriate, (IANAL) not legal, and not moral for them to have any say whatsoever about what she does in her private life.
And her private life (that's supposed to be none of her employers business) includes things that she does openly, in public places, or on the internet, or on public TV, as long as they are allowed by law.
Not true.
For me as a software developer, the essential freedom I want is to be able to use my code - and what it becomes after modifications - for my future needs.
GPL allows that, as any forks will still be free.
BSD does not allow that, as company X can add tinyfeature Y and forbid me to use that modification.
Abolishing copyright suits me just as well - if company X adds tinyfeature Y and publishes it, I still may do whatever I want with the resulting product - since they can't claim copyright as well.
Maybe instead of creating a new project/codebase for each task, it would be more efficient to create a frontend (based on the same Blender codebase) that simply cuts away from user interface the 90% of functions that are unrelated for that one task ?
Yeah, but the soldier can be persecuted if his family runs a blog about him.
Parent said "And I guarantee you that after three years they won't print as they should---just a fact."
If this is so, then the only problem is that not everyone is bringing these printers back as defective. There is no techical reason not to make devices that survive the warranty period in 95% cases, not 5%.
"Theres a hundred ways an account can get an email" - of course, and the honeypot construction is completely irrelevant to the case, as long as they have not submitted these adresses directly to the defendant (subscribed; entered business relationship, etc, etc)
According to the anti-spam laws they are suing for, that would be the only legal way for these e-mails to be used in advertising.
They only have to prove that it was the defendant who sent these e-mails - it is pretty clear that the sending was illegal.
Try looking at Ableton Live's interface (they have a demo available on their site) - it pretty much does things in the way you are describing them.
Tasks to deploy to the live environment should 100% match the tasks to deploy to the acceptance test (or staging, or whatever) environment.
If you don't have a proper test environment, then the problem is in this fact, not in dividing Dev/IT responsibilities.
I work in banking as well, and here, the developers are not allowed ANY access to the production environment, period.
An end user is an officer of the bank that is trained and authorised to transfer real money to/from customer accounts. No IT-developer has the right to even view the customer account balances. Some from IT-production technically can look, but Internal security guys do try to log and audit the records that they look at, and viewing a politician's/musicstar's bank account is considered a fireable offence.
In my workplace, the usual doctrine is that the transfer to UAT environment is also done only by the production team - in that way it ensures that 1) the installation instructions are clear and complete (or the tests would fail) and 2) you always transfer to live the exact same thing that was tested (instead of something with a 'tiny bugfix' added)
An analog TV channel takes up much more space in the spectrum than multiple channels of digital TV - the whole idea is to compress the TV band so that the spectrum can be used (sold) for other purposes; and no, you can't really transmit analog TV over a channel that has something else transmitted through it.
Actually, it might be not "several calculations" but even "several thousand calculations" - if your lookup table isn't in the cache, then it's not so fast anymore.
"I'd think the nmain problem was that the guy was let into the building and his activities not questioned. "
Well, that's complete bullshit.
By getting into the building all he gained was the access level of unpriviledged employee (temp worker or a vendor's consultant, for example).
However, the main security problem was that such unpriviledged employees can sniff passwords and do real damage - and, since, most real attacks are performed by insiders, the fact that someone can "become" an insider is pretty useless. Any security issues should presume that the attacker has average-level employee access already - to prevent attacks such as this article, insider attacks, or someone bribing the insider to do something.
Bank security systems especially are (or attempt to, or should) be designed in such a way to prevent the employees from stealing money - and if you can accomplish that, then you already have prevented the posing-as-copier-service-guy attacks.
I had a few flights a month ago in Europe (Denmark and Poland), and at these airports the ID was required at boarding as well.
Such plan was considered in the very beginning, because even when the war was in process, the Kurds already had secured/liberated much of their territory - however, this was considered politically impossible because Turkey - NATO main ally in the region, from whose bases the war logistics were supplied - is completely opposed to an independent Kurd country. And so USA won't do this even now (although the Kurd movement rightfully can feel betrayed by this).
Exactly, the market will provide some solution.
Do look at the situation in Somalia (at least a year ago, before the islamists started returning order to the country), with the gunmen-for-hire as a major part of any business, especially anything somehow involving transportation through countryside.
I still would prefer a low quality law-order of a corrupt government than such anarcho-capitalism.