It will never get any iterations as long as the current iteration is declared perfect and no one is allowed to examine the code. That's the problem with electronic voting -- the people in charge of securing it consistently undermine its security by choosing black boxes over white boxes. For all we know, the tampering features already built into the device are only v0.1 quality and in a few iteration, elections will be able to be sold much more efficiently.
You don't have a right to use anyones software without permission.
You're entire argument rests on the idea that ownership of intellectual property isn't a highly controversial issue. Many people speak out against DRM because it is currently being used as a lever to take our culture out of the control of the people. Many products that every "house of the future" seems to have don't exist solely because none of the IP owners are willing to work together and the laws don't allow us or a third party to force them to. DVRs not tied to a content provider are almost dead. Video library system don't exist (at least not without circumventing DRM). The whole idea of recording something and bringing it to a friend's house to watch is almost dead. Whole home video distribution has taken huge steps backwards.
If casual piracy cannot be stopped without giving immense amounts of control to a small group of people, then I'm OK with not stopping it. Make those with the content and the technology figure out a way to make a living or withdraw from the market. If we start to lose content due to nobody making any money, then we can talk about toughening up the laws. It seems we are handing over power just to appease the fears of a few.
If the DMCA had never been passed and DRM was only an issue between the consumer and the company, then I'd have the attitude that anything Nintendo wants to do to protect themselves is their own business. However, now that circumventing DRM is a federal crime, I'm going to bitch about every single use of it.
I agree with your point, but I have an issue with with this:
Can you fly a F15? How about a F22? Can you even fly a Cessna? Then what makes you qualified to even judge these pilots?
Wall street "quants" have changed the financial game without knowing finance. Many pro sports scouts were never good enough to play professionally, but are the best in the world at judging talent that they don't have. There are a billion examples that your opinion that only a pilot can judge a pilot is dead wrong. Most people trot out this type of argument when they want to forcefully shut down an argument that they are going to lose, so it has a "smell" of weakness when used.
BTW, if your reasoning was solid, then who would decide the best course of treatment for patient with severe brain injuries? Would we have to ask the few gorillas that know sign language how to treat gorillas? Would children decide what gets taught in school?
Notice that it contains no sensitive information. I would guess that 90% of lost sensitive information that causes a panic contains either credit card numbers or social security numbers.
You write good code, encrypt it and run it in a VM (written by you on company time) that decrypts it by sending it to a decryption service your personal laptop. Then, when you are re-assigned you claim that your successor is too stupid to maintain your code and you will only give the unencrypted source code to the CEO of the company. You take this stance so rigidly that you are about to be terminated and legal has been called in for advice. Now you are legal fodder, and now this scenario is comparable to what Childs did.
His passive denial to reveal passwords was harmless on its own. However, before he refused to divulge the passwords, he set up all of the routers so it would be very difficult and expensive to regain control of them. He spent a lot of paid time doing this and the work did not benefit the network, only himself. It's like pushing the start button on a time bomb and then refusing to disarm it unless you get your way. It's blackmail at best, intentional damage at worst.
All of that planning is the difference between a dick and a criminal.
Remember, he shouldn't have been in this position. The passwords should have already been in the system, properly secured for the hypothetical "hit by a bus" or "fired with prejudice" scenarios. The fact that they weren't shows that he was predisposed to never give the passwords to anybody. The fact that he didn't give the passwords to the first person that he should have (his successor) was not the first straw, it was the last. If I were his boss, I would have fired him simply for not putting the passwords in the system.
He went out of his way to make sure that the city couldn't run their network without him. The city got mad and decided to make it blow up in his face. I'm glad it did. Of course the specific charges were trumped-up, but a few years in jail is too good for an admin that thinks the network is his and then goes on to essentially gain private control of it.
I work with a ton of morons who think they are the best admins that ever lived. If one of these fools got a god complex and hoarded network power, I'd be first in line to volunteer my time to undo his mess. I'd do it just so that the company could be in a position to fire his stupid ass. I hate working with people who live for the rush of lording over other people.
Just re-flash it and re-load the config with a new password. If the config isn't on file somewhere, than that's just another reason to fire his ass. Come to think of it, the only reason to not have a backup of the router configs is to hold your employer hostage. This is proof that he should have been thrown in jail, mainly because he spent months setting up the scenario where the city was dependant on him and only him for the health of their network.
Written IT policy for the CCISDA states that all administrative passwords must be stored in the "global password management database". See here page 34. Had he done this, the entire password conversation never would have been necessary. I'm guessing that his dismissal was related to his refusal to put the password in the database.
Resetting the passwords on a router that you have physical access to is trivial. This turned into a showdown. There was never any need to detain Childs and demand the passwords from him other than to avoid a physical visit and reboot of every router on the network. The city apparently decided to send a message that ex-employees will not be allowed to cost their former employer thousands of dollars because they wanted to act like children.
The only thing Childs could have accomplished was to force the city to do a little extra work, they were never at risk of not regaining control of the routers. He had to have known it, unless he was incompetent.
You make it sound like they are fighting a life and death battle every day. Police officer doesn't even rank in the top ten most dangerous professions. The whole "I have to treat them well because they might have my back someday" concept almost never happens. My friend's wife is a rookie cop only two months in, primarily working traffic duty, and has the attitude already. They teach it in the freakin' police academy. She certainly doesn't yet live in a world any different than I do other than the fact that she can screw with people with impunity.
Professions that you are more at risk of dying:
Logger
Fisherman
Pilot
Iron worker
Garbage Collector
Farmer
Roofer
Elecrician
Truck Driver
Taxi Driver
A cop is most likely to die on duty in a common traffic accident. Not pursuing a suspect, but just driving around. They don't write tickets to other cops or families of other cops simply so that they won't get tickets themselves. It is 100% pure abuse of power. The story made up to defend it is only to not appear like jerks and to get chicks.
The VM provides security, not visibility to the code. 99.99% of all people don't read the Javascript in their web applications, they let their browser deal with security issues.
Microsoft has a good strategy with.Net. Any code (yes binary) that is loaded from a URL not in the user's trusted sites list runs with pretty much zero permissions. It can display windows and communicate back to the site it came from, but nothing else.
I'm not getting FiOS any time soon, although the towns all around me are. My town won't allow Verizon to put in FiOS until they stop the practice of removing the copper when installing fiber. Verizon is using its monopoly power over the PUC to remove choice from consumers. My PUC won't stand for it, so we all get screwed. I certainly don't see that the PUC has any power over Verizon here.
Often times, things like this is the employer trying to get a senior level person while still paying them only a junior salary...
Getting you certified will not make you a senior level person. When I did corporate training, a lot of clients would specifically ask for a class to be customized so that a section was left out that is critical on the certification test. This way, they got trained employees that couldn't easily get certified without putting their own effort into it. Certification and training are not synonomous.
The whole attitude of "my boss got me these market-valuable certification and now he won't give me a huge raise" has always been interesting to me. You've got the certification, use the leverage. If you can't simply walk out and get a better job, then you aren't worth it and shouldn't get the raise. If you can simply walk out and get a better job, then do it.
Here's an interesting anecdote to show the lack of value of certifications -- At a previous job, a reseller, the company often needed to have minimum numbers of certified individuals on staff. If they were one short, I was the go-to guy to study and pass the certification. I had a ton of certs in things that I couldn't actually do. We had a relationship, I was valuable because I could do what the company needed done. When it came time to promote or to cut staff, everybody knew the "extras" that I brought to the company. A few years in, I was making more than most other people I worked with because I consistently got raises.
Maybe Amazon is trying to act as if they have no responsibility for the conduct of the users of their cloud. It's not unprecedented, if one user on a duscussion board is causing another grief, the board is not necessarily responsible for dealing with it. They also have to worry that if they take action quickly, then someone may falsely accuse a legitimate EC2 customer of hosting malware. They probably trust their paying customers first.
Pleading the fifth is kinda similar to "no comment". However, it reveals more about the question than the answer. You are supposed to invoke the fifth when someone asks you a question that is inappropriate, not when you want to hide your answer. By inappropriate I mean that asking someone a question that boils down to "did you do it" has no place in our legal system. These lines of questioning pose a logical dilemma: a "bad person" will lie and say they didn't do it, while a "good person" will tell the truth and say they didn't do it. The person who says they did it is either not a very good "bad person", or was confused about the question. Either way, the person's answer will provide no value. This makes it a free question that prosecutors can use to try to intimidate people. If you are being asked these questions, the person asking them is up to no good and you should refuse to answer whether you are innocent or guilty.
So, common opinion is that someone pleading the fifth is guilty. The truth is that if someone pleads the fifth, and it holds up, then the person asking the questions should be looked at with skepticism. If the fifth ammendment defense is shot down, and the person is compelled to answer, then they might be hiding something.
The yellow is almost always too short when red light cameras are installed. The company that administers the system typically keeps 50 percent of the ticket revenue. They always recommend shortening the yellow light when they do a site survey. Research shows that making the yellow longer has more safety benefits than installing a camera does. Doing both might be even safer, but so few people run red lights when the yellow is sufficiently long that the red light companies refuse to install and operate a camera there.
So, install a camera and make a bundle of money, or lengthen the yellow light and save more lives but make no money. Guess which path most governments are choosing?
Also... If you are in a situation where you could have made the yellow, but you decided to stop for safety, there is a good chance that you will not only fail to completely stop by the time you get to the intersection, but the light will be red by the time you get there. Yep, some red light runners are actually safety conscious people that are erring on the side of "I'll stop because I don't want a ticket".
The only sure way to avoid the ticket is to avoid the intersection. I think it would be great if all of the traffic that used to go through a major intersection simply drove through the nearest heighborhood after cameras are installed.
Accepting and regulating online gambling would have the same effect. If the game is crooked, it's in big part because it has to operate on shadier Internet real-estate. Give a big casino an on-line presence, located in an area that is already familiar with regulating gambling, and it will become a fair game.
And I don't mean by the ordinary odds against you. I mean by the fact that the server you are interacting with has full information and control of every aspect of the game, and can thus modify the play of the game and the odds against you at will.
Modern slot machines fit this description, yet they are fair.
Fortunately nobody but you has proposed banning everything pleasurable. So far they are just banning (actually just RESTRICTING) a few things that are pleasurable to some people but cause severe problems for many of those people, and for society at large.
To be accurate, they haven't proposed restricting the ability for people to gamble. They've only proposed restricting gambling at venues that are competing with the casinos they are proposing to create. Since Internet casinos don't require physical presence and physical ones do, this proposal will most likely increase the number of gamblers in the state.
Slashdot Mirror
It will never get any iterations as long as the current iteration is declared perfect and no one is allowed to examine the code. That's the problem with electronic voting -- the people in charge of securing it consistently undermine its security by choosing black boxes over white boxes. For all we know, the tampering features already built into the device are only v0.1 quality and in a few iteration, elections will be able to be sold much more efficiently.
You don't have a right to use anyones software without permission.
You're entire argument rests on the idea that ownership of intellectual property isn't a highly controversial issue. Many people speak out against DRM because it is currently being used as a lever to take our culture out of the control of the people. Many products that every "house of the future" seems to have don't exist solely because none of the IP owners are willing to work together and the laws don't allow us or a third party to force them to. DVRs not tied to a content provider are almost dead. Video library system don't exist (at least not without circumventing DRM). The whole idea of recording something and bringing it to a friend's house to watch is almost dead. Whole home video distribution has taken huge steps backwards.
If casual piracy cannot be stopped without giving immense amounts of control to a small group of people, then I'm OK with not stopping it. Make those with the content and the technology figure out a way to make a living or withdraw from the market. If we start to lose content due to nobody making any money, then we can talk about toughening up the laws. It seems we are handing over power just to appease the fears of a few.
If the DMCA had never been passed and DRM was only an issue between the consumer and the company, then I'd have the attitude that anything Nintendo wants to do to protect themselves is their own business. However, now that circumventing DRM is a federal crime, I'm going to bitch about every single use of it.
Can you fly a F15? How about a F22? Can you even fly a Cessna? Then what makes you qualified to even judge these pilots?
Wall street "quants" have changed the financial game without knowing finance. Many pro sports scouts were never good enough to play professionally, but are the best in the world at judging talent that they don't have. There are a billion examples that your opinion that only a pilot can judge a pilot is dead wrong. Most people trot out this type of argument when they want to forcefully shut down an argument that they are going to lose, so it has a "smell" of weakness when used.
BTW, if your reasoning was solid, then who would decide the best course of treatment for patient with severe brain injuries? Would we have to ask the few gorillas that know sign language how to treat gorillas? Would children decide what gets taught in school?
Here is a regular expression for the most common types of credit card numbers:
^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$
Notice that it contains no sensitive information. I would guess that 90% of lost sensitive information that causes a panic contains either credit card numbers or social security numbers.
You write good code, encrypt it and run it in a VM (written by you on company time) that decrypts it by sending it to a decryption service your personal laptop. Then, when you are re-assigned you claim that your successor is too stupid to maintain your code and you will only give the unencrypted source code to the CEO of the company. You take this stance so rigidly that you are about to be terminated and legal has been called in for advice. Now you are legal fodder, and now this scenario is comparable to what Childs did.
His passive denial to reveal passwords was harmless on its own. However, before he refused to divulge the passwords, he set up all of the routers so it would be very difficult and expensive to regain control of them. He spent a lot of paid time doing this and the work did not benefit the network, only himself. It's like pushing the start button on a time bomb and then refusing to disarm it unless you get your way. It's blackmail at best, intentional damage at worst.
All of that planning is the difference between a dick and a criminal.
Remember, he shouldn't have been in this position. The passwords should have already been in the system, properly secured for the hypothetical "hit by a bus" or "fired with prejudice" scenarios. The fact that they weren't shows that he was predisposed to never give the passwords to anybody. The fact that he didn't give the passwords to the first person that he should have (his successor) was not the first straw, it was the last. If I were his boss, I would have fired him simply for not putting the passwords in the system.
He went out of his way to make sure that the city couldn't run their network without him. The city got mad and decided to make it blow up in his face. I'm glad it did. Of course the specific charges were trumped-up, but a few years in jail is too good for an admin that thinks the network is his and then goes on to essentially gain private control of it.
I work with a ton of morons who think they are the best admins that ever lived. If one of these fools got a god complex and hoarded network power, I'd be first in line to volunteer my time to undo his mess. I'd do it just so that the company could be in a position to fire his stupid ass. I hate working with people who live for the rush of lording over other people.
Just re-flash it and re-load the config with a new password. If the config isn't on file somewhere, than that's just another reason to fire his ass. Come to think of it, the only reason to not have a backup of the router configs is to hold your employer hostage. This is proof that he should have been thrown in jail, mainly because he spent months setting up the scenario where the city was dependant on him and only him for the health of their network.
Written IT policy for the CCISDA states that all administrative passwords must be stored in the "global password management database". See here page 34. Had he done this, the entire password conversation never would have been necessary. I'm guessing that his dismissal was related to his refusal to put the password in the database.
Resetting the passwords on a router that you have physical access to is trivial. This turned into a showdown. There was never any need to detain Childs and demand the passwords from him other than to avoid a physical visit and reboot of every router on the network. The city apparently decided to send a message that ex-employees will not be allowed to cost their former employer thousands of dollars because they wanted to act like children.
The only thing Childs could have accomplished was to force the city to do a little extra work, they were never at risk of not regaining control of the routers. He had to have known it, unless he was incompetent.
Nope. Never talk to a cop. Ever.
http://www.youtube.com/watch?v=i8z7NC5sgik
You make it sound like they are fighting a life and death battle every day. Police officer doesn't even rank in the top ten most dangerous professions. The whole "I have to treat them well because they might have my back someday" concept almost never happens. My friend's wife is a rookie cop only two months in, primarily working traffic duty, and has the attitude already. They teach it in the freakin' police academy. She certainly doesn't yet live in a world any different than I do other than the fact that she can screw with people with impunity.
Professions that you are more at risk of dying:
Logger
Fisherman
Pilot
Iron worker
Garbage Collector
Farmer
Roofer
Elecrician
Truck Driver
Taxi Driver
A cop is most likely to die on duty in a common traffic accident. Not pursuing a suspect, but just driving around. They don't write tickets to other cops or families of other cops simply so that they won't get tickets themselves. It is 100% pure abuse of power. The story made up to defend it is only to not appear like jerks and to get chicks.
Both of those are whole applications, not components. It's more like anything that implements SOAP, or Microsoft's WCF.
The VM provides security, not visibility to the code. 99.99% of all people don't read the Javascript in their web applications, they let their browser deal with security issues.
.Net. Any code (yes binary) that is loaded from a URL not in the user's trusted sites list runs with pretty much zero permissions. It can display windows and communicate back to the site it came from, but nothing else.
Microsoft has a good strategy with
I'm not sure minimizing drag is the goal when you start your landing approach at Mach 22.
I'm not getting FiOS any time soon, although the towns all around me are. My town won't allow Verizon to put in FiOS until they stop the practice of removing the copper when installing fiber. Verizon is using its monopoly power over the PUC to remove choice from consumers. My PUC won't stand for it, so we all get screwed. I certainly don't see that the PUC has any power over Verizon here.
Often times, things like this is the employer trying to get a senior level person while still paying them only a junior salary...
Getting you certified will not make you a senior level person. When I did corporate training, a lot of clients would specifically ask for a class to be customized so that a section was left out that is critical on the certification test. This way, they got trained employees that couldn't easily get certified without putting their own effort into it. Certification and training are not synonomous.
The whole attitude of "my boss got me these market-valuable certification and now he won't give me a huge raise" has always been interesting to me. You've got the certification, use the leverage. If you can't simply walk out and get a better job, then you aren't worth it and shouldn't get the raise. If you can simply walk out and get a better job, then do it.
Here's an interesting anecdote to show the lack of value of certifications -- At a previous job, a reseller, the company often needed to have minimum numbers of certified individuals on staff. If they were one short, I was the go-to guy to study and pass the certification. I had a ton of certs in things that I couldn't actually do. We had a relationship, I was valuable because I could do what the company needed done. When it came time to promote or to cut staff, everybody knew the "extras" that I brought to the company. A few years in, I was making more than most other people I worked with because I consistently got raises.
Maybe Amazon is trying to act as if they have no responsibility for the conduct of the users of their cloud. It's not unprecedented, if one user on a duscussion board is causing another grief, the board is not necessarily responsible for dealing with it. They also have to worry that if they take action quickly, then someone may falsely accuse a legitimate EC2 customer of hosting malware. They probably trust their paying customers first.
Pleading the fifth is kinda similar to "no comment". However, it reveals more about the question than the answer. You are supposed to invoke the fifth when someone asks you a question that is inappropriate, not when you want to hide your answer. By inappropriate I mean that asking someone a question that boils down to "did you do it" has no place in our legal system. These lines of questioning pose a logical dilemma: a "bad person" will lie and say they didn't do it, while a "good person" will tell the truth and say they didn't do it. The person who says they did it is either not a very good "bad person", or was confused about the question. Either way, the person's answer will provide no value. This makes it a free question that prosecutors can use to try to intimidate people. If you are being asked these questions, the person asking them is up to no good and you should refuse to answer whether you are innocent or guilty.
So, common opinion is that someone pleading the fifth is guilty. The truth is that if someone pleads the fifth, and it holds up, then the person asking the questions should be looked at with skepticism. If the fifth ammendment defense is shot down, and the person is compelled to answer, then they might be hiding something.
http://blog.motorists.org/6-cities-that-were-caught-shortening-yellow-light-times-for-profit/
http://arstechnica.com/gadgets/news/2008/04/red-light-camera-monkey-business-may-be-a-national-trend.ars
http://online.wsj.com/article/SB123975737976619187.html
The yellow is almost always too short when red light cameras are installed. The company that administers the system typically keeps 50 percent of the ticket revenue. They always recommend shortening the yellow light when they do a site survey. Research shows that making the yellow longer has more safety benefits than installing a camera does. Doing both might be even safer, but so few people run red lights when the yellow is sufficiently long that the red light companies refuse to install and operate a camera there.
So, install a camera and make a bundle of money, or lengthen the yellow light and save more lives but make no money. Guess which path most governments are choosing?
Also... If you are in a situation where you could have made the yellow, but you decided to stop for safety, there is a good chance that you will not only fail to completely stop by the time you get to the intersection, but the light will be red by the time you get there. Yep, some red light runners are actually safety conscious people that are erring on the side of "I'll stop because I don't want a ticket".
The only sure way to avoid the ticket is to avoid the intersection. I think it would be great if all of the traffic that used to go through a major intersection simply drove through the nearest heighborhood after cameras are installed.
And I don't mean by the ordinary odds against you. I mean by the fact that the server you are interacting with has full information and control of every aspect of the game, and can thus modify the play of the game and the odds against you at will.
Modern slot machines fit this description, yet they are fair.
Fortunately nobody but you has proposed banning everything pleasurable. So far they are just banning (actually just RESTRICTING) a few things that are pleasurable to some people but cause severe problems for many of those people, and for society at large.
To be accurate, they haven't proposed restricting the ability for people to gamble. They've only proposed restricting gambling at venues that are competing with the casinos they are proposing to create. Since Internet casinos don't require physical presence and physical ones do, this proposal will most likely increase the number of gamblers in the state.