Yeah, but in Niagara Falls, NY the state gave a part of downtown to the Senecas because is was procedurally easier than legalizing gambling in NY. That's "skirting around various laws".
No they can't. They've reduced their streaming catalog by half over the past ten years due to licensing fees. They always knew this would happen, which is why they put so much money into original content. The likelihood of a specific movie you enjoyed in the past being currently available for streaming is very small.
You mean the same Netflix that currently has about 5000 titles available for streaming? That sounds like a lot less than "an archive of all old and new movies and shows".
Well... the most common definition of dairy seems to be "containing or made from milk". So, it seems that a place with a lot of coconut trees is technically a dairy farm and coconut milk is a dairy product, by recursive definition.
All the knock offs have a credibility problem. Amazon can just say "Netflix runs on our network and this is what we use". As for staff, Amazon will probably offer to do management for you for a third of your staff's salary. Stonewalling would only land them in the unemployment line.
80 percent of IT decision makers say they're ineffective because of someone else's choice, not theirs.
We had the technology to handle terabyte size databases twenty years ago. Data warehouses aren't new. Columnstores and NoSQL don't make data analysis any easier. So, I don't see "outdated tech" being a very good excuse for stupidity like "less than half (48 percent) of all business decisions are based on data". This looks like nothing other than a cheap ad for the company mentioned in the article.
The people who did the actual research disagree with your anally sourced information. Your second anecdote is not suffient evidence of the paper's inaccuracy.
Of course your example of a single non-rich person owning an iPhone completely disproves that "owning an iPhone is the number-one way to guess you're rich or not". I'm sure there are other 100% perfect ways to determine if someone is rich, thus relegating iPhone ownership to the place of a second-class indicator of rich-osity.
RFID door latches with solar power are not a bad idea. Have a key as a backup but most people can just use a card/phone for entry.
We would never issue keys because the use of a key leaves a hole in our audit trail. If employees are only issued RFID tags, the log is complete unless there were "system issues", which should be limited in duration and documented. If we issued keys, even if they were only issued for the purposed of backup, we would always have to second guess the entry logs.
I'm not saying everyone needs this. But, a lot do. The unreliability of batteries and WiFi are the reason these products are consumer/hobbiest only products and aren't often used in professional situations.
The main advantage of a wired connection is the lack of batteries and a consistent connection. Would you ever consider installing RFID door latches in an office that were dependent on batteries? How about a security camera that could be trivially disabled, from outside camera range, with a $10 signal jammer.
Spectrum (in a region where the infrastructure was recently obtained via acquisition of Time Warner), recently charged me for an install in a house that previously had cable. They never showed up for the install - the connection in the outside box was still not hooked up. However, I simply screwed the loose ends together and everything worked great.
Two lessons here: first, the Install is super easy and there is certainly no special skill or tools necessary. Second, they never planned on actually doing any work - they never even sent a technician to the house to verify that it was still hooked up.
I just moved from an excellent school district to a horrible one (no kids in school, so I'm OK with this), and my school taxes didn't go down much. The mega-consolidated urban district I'm in still takes thousands of dollars per household every year and manages to do little with it. I just looked it up - my old district is rated one of the top in the state and spends $17k per pupil, the new one ranks near the bottom and spends $18k per pupil.
So, this seems to be a good data point against the theory that rich people simply pay for better education. Also, the better of the two has mandatory bussing and still manages to keep expenses lower than the worse one.
I actually want less. One HDMI input is plenty. Life is better if you run all your sources through an AV receiver and real speakers. Even better, an up-converting receiver so the picture never flickers when changing sources.
Please don't ask for this. My typical horror story with CEC (the technology that does this): Watch something on AppleTV, TV switches over to the correct input... great. Switch back to cable box to watch something from my DVR. Four hours later, my TV spontaneously goes to static because the AppleTV went to sleep and the TV switched to it so that I could enjoy the new signal on HDMI2.
In other words, even that level of intelligence is often worse than nothing. Totally dumb TV for me. Besides, why do I want my TV manufacturer including $30 worth of functionality that I either already have or don't want.
Pinning is an alternative to certificate revocation. The fact that pinning does not suffer the same weaknesses makes none of the above statements about certificate revocation invalid. Actually, I even said this:
These professionals would rather check for fingerprint changes
... which is just a simplified explanation of pinning.
It means that ZDNet copied and pasted text from a barely readable article at RecordedFuture, and made no effort to figure out what the original author was trying to say. The RecordedFuture article was mostly of the "the sky is falling" type, with very little actual analysis, so figuring out what they were trying to say wouldn't have helped all that much anyways.
At the end of the day, what they were saying was that anti-malware software often uses a scoring system and code that's signed with a legitimate certificate starts off with a higher score than unsigned or improperly signed code, and therefore gets through some defenses. Pretty much everyone already knew this. They also said that issuers of signing certificates have profit pressure to lower the bar on validation. This is also not new and the primary reason that some security people see centralized certificate authorities as a "bad idea".
The quote you reference is an incomplete analysis. MacOS and Windows both have a simple protection mechanism built in for software downloaded from the Internet: they ask an "Are you sure" question if the executable is not signed by a trusted source. This was never designed to stop all malware and does a good job of filtering much of it. If a computer has more sophisticated anti-malware installed, it will do more analysis and might block malware even if it's signed. They both described the feature incompletely and failed to mention that the behavior is actually a pretty good deterrent that either causes malware writer to choose a different deployment avenue, or significantly raises their cost.
The purpose is to allow for a mechanism to recover from CA compromise, discovered protocol weakness, or private key compromise. If implemented properly, it would serve these purposes well. Unfortunately, the implementation of Certificate Revocation List checking has historically favored ease of access over security. It wasn't until a few years ago that some major web browsers checked for revocation at all.
There are many reasons for this failure. Some security professional don't like the whole idea of the CA hierarchy and therefore don't put a lot of value in checking revocation status. These professionals would rather check for fingerprint changes and implement some sort of consensus-based mechanism to decide whether to trust a new cert. Some non-security minded folk think that checking for revocation only helps in very rare instances and hurts in the much more common cases of temporary unavailability of the CRL while also hurting performance - mostly in added connection latency.
Think about this: a browser goes to an https site, gets a cert during the handshake and decides to check if the cert is revoked. The browser reads the CRL URL from the cert, and goes to download it. The CRL URL is almost certainly https, so it gets a cert when making that connection (unless the CRL is at the same domain as the content). This process repeats until there is a loop or until one of the CRLs is already in memory. Worst case, the CRL is on one of the sites that we are checking for revocation. In the event of a private key compromise, the bad actor can simply man-in-the-middle both the content and the CRL check. Presto, revocation check defeated. Absent this worst-case scenario, all of these checks are serialized, at least doubling the time it takes to connect.
The same way that big fish have a higher mercury content than little fish. If an organism consumes mercury laden air/water, it collects in their bodies. With fish, that collection time is their lifespan. With the arctic, it remains trapped even after the organism dies due to the preservative effect of the cold.
Read his comments with a huge grain of salt. Either he is so ignorant of crypto that he thinks that raising the number of iterations is genius rather than normal practice, or he is intentionally making outlandish statements that are calculated to sway public opinion. It seems obvious that it's the latter, and it will probably work.
MoviePass issues you a debit card. You use the debit card to buy a ticket. They can't refuse the card without violating their agreement with MasterCard. In my area, not one theatre has an arrangement for direct electronic payment with MoviePass, so I always use it as a debit card.
Assuming those were ruled to be protected speech... that would only protect the speaker from being prevented from (or punished for) saying them. An individual is still responsible for their actions. Protected speech can run afoul of contract law, civil law (such as libel), copyright law, or any number of other obligations. Your garage door example would be simple negligence and the entry code example would probably be both a violation of an employment contract and federal law.
Additionally, you're totally missing the point with the DVD thing from Netflix. 10 years ago, the "best" model for distribution was snail mail and now it's streaming. That's didn't happen because someone changed their business model, it happened because we made a lot of advancements in Internet speeds and reliability of delivery via the Internet.
Actually, licensing really is the bottleneck to innovation here. Netflix by mail is still a vastly superior service if you are more interested in movies than TV. Also, you can get pretty close to your Comcast monthly cap worth of movies in the mail, so tech really hasn't progressed much for a lot of people.
Although it's tempting to think this is the answer, I run across the same difficulty in problem specification when I'm writing software for myself. If the problem were simply user specifications, then IDEs would stand alone as shining examples of development projects. In reality, they are just as hard to write and just as likely to contain bugs as any other software. So, the problem can only be that problem specification is ligitimately hard. That's why no new-fangled programming paradigm will ever make it any better.
But that's not really true. I've written code for problems that I intimately understand. Anyone that's written code for coders has. The real problem is that most problems are really hard to fully specify. As soon as you start to code it, you begin to realize how hard. But, the problem isn't expressing it in code - the same problem will exist no matter what representation you try to give it.
Slashdot Mirror
Yeah, but in Niagara Falls, NY the state gave a part of downtown to the Senecas because is was procedurally easier than legalizing gambling in NY. That's "skirting around various laws".
No they can't. They've reduced their streaming catalog by half over the past ten years due to licensing fees. They always knew this would happen, which is why they put so much money into original content. The likelihood of a specific movie you enjoyed in the past being currently available for streaming is very small.
You mean the same Netflix that currently has about 5000 titles available for streaming? That sounds like a lot less than "an archive of all old and new movies and shows".
Well... the most common definition of dairy seems to be "containing or made from milk". So, it seems that a place with a lot of coconut trees is technically a dairy farm and coconut milk is a dairy product, by recursive definition.
All the knock offs have a credibility problem. Amazon can just say "Netflix runs on our network and this is what we use". As for staff, Amazon will probably offer to do management for you for a third of your staff's salary. Stonewalling would only land them in the unemployment line.
80 percent of IT decision makers say they're ineffective because of someone else's choice, not theirs.
We had the technology to handle terabyte size databases twenty years ago. Data warehouses aren't new. Columnstores and NoSQL don't make data analysis any easier. So, I don't see "outdated tech" being a very good excuse for stupidity like "less than half (48 percent) of all business decisions are based on data". This looks like nothing other than a cheap ad for the company mentioned in the article.
The people who did the actual research disagree with your anally sourced information. Your second anecdote is not suffient evidence of the paper's inaccuracy.
Of course your example of a single non-rich person owning an iPhone completely disproves that "owning an iPhone is the number-one way to guess you're rich or not". I'm sure there are other 100% perfect ways to determine if someone is rich, thus relegating iPhone ownership to the place of a second-class indicator of rich-osity.
RFID door latches with solar power are not a bad idea. Have a key as a backup but most people can just use a card/phone for entry.
We would never issue keys because the use of a key leaves a hole in our audit trail. If employees are only issued RFID tags, the log is complete unless there were "system issues", which should be limited in duration and documented. If we issued keys, even if they were only issued for the purposed of backup, we would always have to second guess the entry logs.
I'm not saying everyone needs this. But, a lot do. The unreliability of batteries and WiFi are the reason these products are consumer/hobbiest only products and aren't often used in professional situations.
The main advantage of a wired connection is the lack of batteries and a consistent connection. Would you ever consider installing RFID door latches in an office that were dependent on batteries? How about a security camera that could be trivially disabled, from outside camera range, with a $10 signal jammer.
Spectrum (in a region where the infrastructure was recently obtained via acquisition of Time Warner), recently charged me for an install in a house that previously had cable. They never showed up for the install - the connection in the outside box was still not hooked up. However, I simply screwed the loose ends together and everything worked great.
Two lessons here: first, the Install is super easy and there is certainly no special skill or tools necessary. Second, they never planned on actually doing any work - they never even sent a technician to the house to verify that it was still hooked up.
I just moved from an excellent school district to a horrible one (no kids in school, so I'm OK with this), and my school taxes didn't go down much. The mega-consolidated urban district I'm in still takes thousands of dollars per household every year and manages to do little with it. I just looked it up - my old district is rated one of the top in the state and spends $17k per pupil, the new one ranks near the bottom and spends $18k per pupil.
So, this seems to be a good data point against the theory that rich people simply pay for better education. Also, the better of the two has mandatory bussing and still manages to keep expenses lower than the worse one.
I actually want less. One HDMI input is plenty. Life is better if you run all your sources through an AV receiver and real speakers. Even better, an up-converting receiver so the picture never flickers when changing sources.
Please don't ask for this. My typical horror story with CEC (the technology that does this): Watch something on AppleTV, TV switches over to the correct input... great. Switch back to cable box to watch something from my DVR. Four hours later, my TV spontaneously goes to static because the AppleTV went to sleep and the TV switched to it so that I could enjoy the new signal on HDMI2.
In other words, even that level of intelligence is often worse than nothing. Totally dumb TV for me. Besides, why do I want my TV manufacturer including $30 worth of functionality that I either already have or don't want.
These professionals would rather check for fingerprint changes
... which is just a simplified explanation of pinning.
It means that ZDNet copied and pasted text from a barely readable article at RecordedFuture, and made no effort to figure out what the original author was trying to say. The RecordedFuture article was mostly of the "the sky is falling" type, with very little actual analysis, so figuring out what they were trying to say wouldn't have helped all that much anyways.
At the end of the day, what they were saying was that anti-malware software often uses a scoring system and code that's signed with a legitimate certificate starts off with a higher score than unsigned or improperly signed code, and therefore gets through some defenses. Pretty much everyone already knew this. They also said that issuers of signing certificates have profit pressure to lower the bar on validation. This is also not new and the primary reason that some security people see centralized certificate authorities as a "bad idea".
The quote you reference is an incomplete analysis. MacOS and Windows both have a simple protection mechanism built in for software downloaded from the Internet: they ask an "Are you sure" question if the executable is not signed by a trusted source. This was never designed to stop all malware and does a good job of filtering much of it. If a computer has more sophisticated anti-malware installed, it will do more analysis and might block malware even if it's signed. They both described the feature incompletely and failed to mention that the behavior is actually a pretty good deterrent that either causes malware writer to choose a different deployment avenue, or significantly raises their cost.
The purpose is to allow for a mechanism to recover from CA compromise, discovered protocol weakness, or private key compromise. If implemented properly, it would serve these purposes well. Unfortunately, the implementation of Certificate Revocation List checking has historically favored ease of access over security. It wasn't until a few years ago that some major web browsers checked for revocation at all.
There are many reasons for this failure. Some security professional don't like the whole idea of the CA hierarchy and therefore don't put a lot of value in checking revocation status. These professionals would rather check for fingerprint changes and implement some sort of consensus-based mechanism to decide whether to trust a new cert. Some non-security minded folk think that checking for revocation only helps in very rare instances and hurts in the much more common cases of temporary unavailability of the CRL while also hurting performance - mostly in added connection latency.
Think about this: a browser goes to an https site, gets a cert during the handshake and decides to check if the cert is revoked. The browser reads the CRL URL from the cert, and goes to download it. The CRL URL is almost certainly https, so it gets a cert when making that connection (unless the CRL is at the same domain as the content). This process repeats until there is a loop or until one of the CRLs is already in memory. Worst case, the CRL is on one of the sites that we are checking for revocation. In the event of a private key compromise, the bad actor can simply man-in-the-middle both the content and the CRL check. Presto, revocation check defeated. Absent this worst-case scenario, all of these checks are serialized, at least doubling the time it takes to connect.
The same way that big fish have a higher mercury content than little fish. If an organism consumes mercury laden air/water, it collects in their bodies. With fish, that collection time is their lifespan. With the arctic, it remains trapped even after the organism dies due to the preservative effect of the cold.
Read his comments with a huge grain of salt. Either he is so ignorant of crypto that he thinks that raising the number of iterations is genius rather than normal practice, or he is intentionally making outlandish statements that are calculated to sway public opinion. It seems obvious that it's the latter, and it will probably work.
MoviePass issues you a debit card. You use the debit card to buy a ticket. They can't refuse the card without violating their agreement with MasterCard. In my area, not one theatre has an arrangement for direct electronic payment with MoviePass, so I always use it as a debit card.
Assuming those were ruled to be protected speech... that would only protect the speaker from being prevented from (or punished for) saying them. An individual is still responsible for their actions. Protected speech can run afoul of contract law, civil law (such as libel), copyright law, or any number of other obligations. Your garage door example would be simple negligence and the entry code example would probably be both a violation of an employment contract and federal law.
Additionally, you're totally missing the point with the DVD thing from Netflix. 10 years ago, the "best" model for distribution was snail mail and now it's streaming. That's didn't happen because someone changed their business model, it happened because we made a lot of advancements in Internet speeds and reliability of delivery via the Internet.
Actually, licensing really is the bottleneck to innovation here. Netflix by mail is still a vastly superior service if you are more interested in movies than TV. Also, you can get pretty close to your Comcast monthly cap worth of movies in the mail, so tech really hasn't progressed much for a lot of people.
My corporate card that I use for work has a PIN. It's credit only, but, sometimes (usually at major retailers) it asks me for a PIN.
Although it's tempting to think this is the answer, I run across the same difficulty in problem specification when I'm writing software for myself. If the problem were simply user specifications, then IDEs would stand alone as shining examples of development projects. In reality, they are just as hard to write and just as likely to contain bugs as any other software. So, the problem can only be that problem specification is ligitimately hard. That's why no new-fangled programming paradigm will ever make it any better.
But that's not really true. I've written code for problems that I intimately understand. Anyone that's written code for coders has. The real problem is that most problems are really hard to fully specify. As soon as you start to code it, you begin to realize how hard. But, the problem isn't expressing it in code - the same problem will exist no matter what representation you try to give it.