They certainly haven't given up on crypto. They are still the COMSEC authority. They are still experts at cracking crypto either directly or more cheaply by covert methods, for example putting out elliptical encryption methods that they "might" have the root coefficients for. You think NSA didn't get a few backdoors into MS products or bully them into getting a copy of their signing keys? Another published examples was buying off the French company that made the crypto gear used by a certain middle-east country, who then built in a weakness into the encryption. To me that's thinking smarter instead of relying on brute forcing the increasingly difficult encryption schemes.
Regardless of the intent and drawbacks to OpenDNS, it is still a valid notion to black-hole the lookups for known malicious addresses. Monitoring for lookups to these addresses is also a godd idea as it's an indicator of a problem.
Of course. Because any climate scientist who isn't in agreement suddenly finds he has no govt funding, and loses credibility in his field. That's how most research grants work. If your final results don't support the underlying theory that the sponsor wants proved, then that sponsor doesn't use you the next time. Same deal for "independent" pharmaceutical research.
It's undeniable that the climate is changing. It has been for as long as we've kept records, and archeological evidence suggests even bigger swings in the past. What is debatable is how large of a role humans are playing in it.
Patent nonsense (Cripes I'd be rich if I could get a patent for it. Image the royalties!) Somone on hackaday.com posted the pictures and actual chips used in a Zenith brand converter. The 4 chips used can be bought wholesale in quantities of 100 for about $2 per set. The complexity is really no different than a cheap $10 video card or a cheap wireless card. In fact, the bandwidth is actually much lower. Certainly if you're producing a millions of a particular model, economy of scale kicks in. I don't see a $40 price difference between TVs with both NTSC and ATSC tuners and ones that a few years ago only handled NTSC. I recently saw an article that stated the $49 Colby was selling for $19 (US equivalent) in mainland China.
Glad you had good experiences with DTV. Reception tests is rural areas have been dismal. A large portion of folks are too far away to get decent reception, despite the fact that is should take less transmit power for a station to cover the same area. Multipath is still a big problem with DTV. Go google the tons of articles about that.
Personal preferences obviously matter since you so arrogantly posted yours. I was alluding to the fact that a certain portion of the population is simply going to stop watching broadcast TV. For the record I can't get PBS now and most of the semi-education stuff you referenced. DTV won't change that.
First, the coupons were not handled well. I submitted for two online, never got them in the mail, and now it won't let me apply for them again as they expired. Lots of other folks around me said the same thing.
Second, these mass-produced crappy converter boxes should not cost $40. They're all made in China and would normally retail for around $9 each. So the bribe money that the Govt is giving its citizens to convert is simply flowing out the door to China. Yeah, the govt is making a profit by selling the spectrum but its also money down the toilet by buying low quality converters from China. Figure 250 million converters at $30 profit each is about 7.5 billion.
BTW, most folks don't realize those converter boxes are not going to give you any better quality or hi-def. In fact they're more likely to give you worse reception or just none at all.
Personally, I don't plan to convert as there is nothing worth watching on the TV anyway. I do netflix, get my news online, and can't stand the soap-operaish series on TV.
Okay, but what happens when the cargo is much more valuable than the lifter? You certainly do want 100% reliability. Just ask any of the companies putting billion dollar comsats in orbit. Honestly, humans are the least valuable commodity you want to stick into space.
NASA is already over budget. It seems perfectly reasonable to ask the agency to prioritize and put price tags on their various projects. Otherwise there is no way to even look at their budget and make rational budget allocations, either bigger or smaller.
No. What happened was that users discovered a quirk in the system and used it to calculate more complex geometries than it was designed for. When said users called the manufacturer, they were told NOT to use it that way since it had never been tested or proofed out. The shortcut (really a bug) was never intentionally programmed in, appeared to work correctly however it badly miscalculated the appropriate dosage. This was user error plain and simple.
Already happened for Subs as well. When it came time to design the new Seawolf class, there was nobody left who knew anything about designing subs. The budget for Seawolf was seriously overrun as they spent most of the money just reconstituting the capability and Congress killed the funding after 3 new subs. The follow-on Virginia class is about 1/5 the cost per boat because the new capability was already in place.
Yeah, the expired cert is an administrative/management issue. As far as Firefox not having the DOD root certs installed by default, you might consider that a good thing if you're not located in the US. I find it irritating that MS will install root certs for almost non-existent CAs and yet not install the DOD root certs.
Actually I trust the DOD root certs a hell of a lot more than I trust the commercial CAs. It pisses me off that Microsoft keeps adding new ones to your trusted list via automatic updates without asking.
The roles of network defense and network offense are somewhat separate, although they need the same vulnerability information. DISA is supposed to be the defense side of it, but you also have JTF-GNO as the joint force for the DOD branches. NSA has the expertise in the offensive side. As you pointed out though, there are still several agencies claiming to be the experts and vying for funding. Even worse, for the end user in the military all of these agencies have some authority and sometimes conflict in policies and requirements.
Okay, maybe a bad example on the obese dietician. How about getting a fashion advisor who can't seem to dress themselves very well? I call BS on politics being a reason why the Army doesn't have that many experts. The Army generally does not many network security experts, simply because military service isn't all that attractive to those who would specialize it that area. There are some DOD civilians with a fair amount of expertise, and the rest seem to be contractors. The military guys are all management types dealing with the policy enforcement and paperwork aspects. At least thats my experience dealing network security within DOD.
1. According to the Joint Task Force for Global Network Operations (JTF-GNO) assesments, the Army networks are the most hacked and least secure of all the military branches. Why is the Army pitching itself as experts in an area that they are obviously having problems with? Would you go to an obese dietician for advice on loosing weight?
2. Is your groups focus on actively attacking and penetrating enemy networks, or the defense of our own? The enormous financial and tactical loses associated with the ongoing penetrations of our networks is likely more important than being able to penetrate into the enemies network.
3. Most of the network security expertise in the Army is contracted out. Is the Army doing anything to bring expertise in-house?
So you're saying most home users don't want to learn how to properly setup a firewall, and like having a setup where the software can punch its own holes and/or port forwarding. I can certainly see the user friendly aspect. It sounds great until you find out that uPNP conflicts happen when two PCs are convinced they need a specific port forwarded to them all the time (btdt with a few clients). The current uPNP implementations are still not very well done as evidenced by the Billion routers blowing up when the Windows uPNP client changed. Better routers have dynamic port forwarding which works pretty well. As for "consumer grade" routers - you definitely get what you pay for.
Billion makes crappy knock-off routers, that were crashing or not working long before XP SP3 was released. Perhaps XPSP3 does do something different with uPNP, but that's not where the blame needs to be assigned. As an aside, uPNP is a crappy idea. Do you really want your OS and any programs (malware included) to have the ability to change your external firewall?
And don't ever tell a judge they "don't have the authority".
Even if you're probably right? Just reading his letter, he certainly has enough dirt on the judge and knowledge of the legal loopholes that he just might snake through this.
So, because I use PHP, I go and tell everyone that the page I'm serving up is application/xhtml+xml.
I'm not sure I understand this. Isn't PHP a server-side scripting that's transparent to the client? So text/html would seem appropriate unless you really do have client-side scripting.
I'm laughing because these developers so loved their precious Firefox that they wrote a gui that won't work with anything else, and breaks if it's not on the exact firefox version and chrome version they wrote it for. They get pissed when I point out that version has known security holes and they have to at least upgrade to the latest version (breaking their code). The exact same complaint people had with IE. Yes IE7 broke a bunch of webpages, but it still worked with more webpages than firefox.
Slashdot Mirror
They certainly haven't given up on crypto. They are still the COMSEC authority. They are still experts at cracking crypto either directly or more cheaply by covert methods, for example putting out elliptical encryption methods that they "might" have the root coefficients for. You think NSA didn't get a few backdoors into MS products or bully them into getting a copy of their signing keys? Another published examples was buying off the French company that made the crypto gear used by a certain middle-east country, who then built in a weakness into the encryption. To me that's thinking smarter instead of relying on brute forcing the increasingly difficult encryption schemes.
Regardless of the intent and drawbacks to OpenDNS, it is still a valid notion to black-hole the lookups for known malicious addresses. Monitoring for lookups to these addresses is also a godd idea as it's an indicator of a problem.
"Scientists who study climate are in agreement. "
Of course. Because any climate scientist who isn't in agreement suddenly finds he has no govt funding, and loses credibility in his field. That's how most research grants work. If your final results don't support the underlying theory that the sponsor wants proved, then that sponsor doesn't use you the next time. Same deal for "independent" pharmaceutical research.
It's undeniable that the climate is changing. It has been for as long as we've kept records, and archeological evidence suggests even bigger swings in the past. What is debatable is how large of a role humans are playing in it.
Just for grins, I requested a quote for 1,000 units at http://desay.manufacturer.globalsources.com/si/6008802303043/pdtl/ATSC-receiver/1008647542/SD-ATSC-Converter.htm. The response? For that "low" quantity, they were $23.48 US each. I wonder what 100,000 would cost me?
A few references for the broadcast coverage problems.
http://www.centris.com/pages/viewnews.aspx?newsID=34&SiteID=9
http://www.msnbc.msn.com/id/26858298/
http://arstechnica.com/old/content/2008/11/fcc-oks-digital-workaround-for-dtv-signal-range-problems.ars
Patent nonsense (Cripes I'd be rich if I could get a patent for it. Image the royalties!) Somone on hackaday.com posted the pictures and actual chips used in a Zenith brand converter. The 4 chips used can be bought wholesale in quantities of 100 for about $2 per set. The complexity is really no different than a cheap $10 video card or a cheap wireless card. In fact, the bandwidth is actually much lower. Certainly if you're producing a millions of a particular model, economy of scale kicks in. I don't see a $40 price difference between TVs with both NTSC and ATSC tuners and ones that a few years ago only handled NTSC. I recently saw an article that stated the $49 Colby was selling for $19 (US equivalent) in mainland China.
Glad you had good experiences with DTV. Reception tests is rural areas have been dismal. A large portion of folks are too far away to get decent reception, despite the fact that is should take less transmit power for a station to cover the same area. Multipath is still a big problem with DTV. Go google the tons of articles about that.
Personal preferences obviously matter since you so arrogantly posted yours. I was alluding to the fact that a certain portion of the population is simply going to stop watching broadcast TV. For the record I can't get PBS now and most of the semi-education stuff you referenced. DTV won't change that.
First, the coupons were not handled well. I submitted for two online, never got them in the mail, and now it won't let me apply for them again as they expired. Lots of other folks around me said the same thing. Second, these mass-produced crappy converter boxes should not cost $40. They're all made in China and would normally retail for around $9 each. So the bribe money that the Govt is giving its citizens to convert is simply flowing out the door to China. Yeah, the govt is making a profit by selling the spectrum but its also money down the toilet by buying low quality converters from China. Figure 250 million converters at $30 profit each is about 7.5 billion. BTW, most folks don't realize those converter boxes are not going to give you any better quality or hi-def. In fact they're more likely to give you worse reception or just none at all. Personally, I don't plan to convert as there is nothing worth watching on the TV anyway. I do netflix, get my news online, and can't stand the soap-operaish series on TV.
Okay, but what happens when the cargo is much more valuable than the lifter? You certainly do want 100% reliability. Just ask any of the companies putting billion dollar comsats in orbit. Honestly, humans are the least valuable commodity you want to stick into space.
NASA is already over budget. It seems perfectly reasonable to ask the agency to prioritize and put price tags on their various projects. Otherwise there is no way to even look at their budget and make rational budget allocations, either bigger or smaller.
No. What happened was that users discovered a quirk in the system and used it to calculate more complex geometries than it was designed for. When said users called the manufacturer, they were told NOT to use it that way since it had never been tested or proofed out. The shortcut (really a bug) was never intentionally programmed in, appeared to work correctly however it badly miscalculated the appropriate dosage. This was user error plain and simple.
I doubt it was intentional, but certainly Al Gore wants Global Warming to be true since fear mongering about it makes him money.
Already happened for Subs as well. When it came time to design the new Seawolf class, there was nobody left who knew anything about designing subs. The budget for Seawolf was seriously overrun as they spent most of the money just reconstituting the capability and Congress killed the funding after 3 new subs. The follow-on Virginia class is about 1/5 the cost per boat because the new capability was already in place.
Except your scenario doesn't quite work. The man-in-the-middle would need the banks private key to complete the SSL handshake. http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame2.doc_5.1/ss7aumst18.htm
Yeah, the expired cert is an administrative/management issue. As far as Firefox not having the DOD root certs installed by default, you might consider that a good thing if you're not located in the US. I find it irritating that MS will install root certs for almost non-existent CAs and yet not install the DOD root certs.
Actually I trust the DOD root certs a hell of a lot more than I trust the commercial CAs. It pisses me off that Microsoft keeps adding new ones to your trusted list via automatic updates without asking.
The roles of network defense and network offense are somewhat separate, although they need the same vulnerability information. DISA is supposed to be the defense side of it, but you also have JTF-GNO as the joint force for the DOD branches. NSA has the expertise in the offensive side. As you pointed out though, there are still several agencies claiming to be the experts and vying for funding. Even worse, for the end user in the military all of these agencies have some authority and sometimes conflict in policies and requirements.
Okay, maybe a bad example on the obese dietician. How about getting a fashion advisor who can't seem to dress themselves very well? I call BS on politics being a reason why the Army doesn't have that many experts. The Army generally does not many network security experts, simply because military service isn't all that attractive to those who would specialize it that area. There are some DOD civilians with a fair amount of expertise, and the rest seem to be contractors. The military guys are all management types dealing with the policy enforcement and paperwork aspects. At least thats my experience dealing network security within DOD.
1. According to the Joint Task Force for Global Network Operations (JTF-GNO) assesments, the Army networks are the most hacked and least secure of all the military branches. Why is the Army pitching itself as experts in an area that they are obviously having problems with? Would you go to an obese dietician for advice on loosing weight?
2. Is your groups focus on actively attacking and penetrating enemy networks, or the defense of our own? The enormous financial and tactical loses associated with the ongoing penetrations of our networks is likely more important than being able to penetrate into the enemies network.
3. Most of the network security expertise in the Army is contracted out. Is the Army doing anything to bring expertise in-house?
It's a little scary when that "odd app" includes visiting a webpage with a malicious flash script.
http://www.gnucitizen.org/blog/flash-upnp-attack-faq/
http://blogs.techrepublic.com.com/tech-news/?p=1902
So you're saying most home users don't want to learn how to properly setup a firewall, and like having a setup where the software can punch its own holes and/or port forwarding. I can certainly see the user friendly aspect. It sounds great until you find out that uPNP conflicts happen when two PCs are convinced they need a specific port forwarded to them all the time (btdt with a few clients). The current uPNP implementations are still not very well done as evidenced by the Billion routers blowing up when the Windows uPNP client changed. Better routers have dynamic port forwarding which works pretty well. As for "consumer grade" routers - you definitely get what you pay for.
Billion makes crappy knock-off routers, that were crashing or not working long before XP SP3 was released. Perhaps XPSP3 does do something different with uPNP, but that's not where the blame needs to be assigned. As an aside, uPNP is a crappy idea. Do you really want your OS and any programs (malware included) to have the ability to change your external firewall?
And don't ever tell a judge they "don't have the authority".
Even if you're probably right? Just reading his letter, he certainly has enough dirt on the judge and knowledge of the legal loopholes that he just might snake through this.
From the article
I think that honor belongs to Microsoft Bob http://en.wikipedia.org/wiki/Microsoft_Bob
So, because I use PHP, I go and tell everyone that the page I'm serving up is application/xhtml+xml. I'm not sure I understand this. Isn't PHP a server-side scripting that's transparent to the client? So text/html would seem appropriate unless you really do have client-side scripting.
I'm laughing because these developers so loved their precious Firefox that they wrote a gui that won't work with anything else, and breaks if it's not on the exact firefox version and chrome version they wrote it for. They get pissed when I point out that version has known security holes and they have to at least upgrade to the latest version (breaking their code). The exact same complaint people had with IE. Yes IE7 broke a bunch of webpages, but it still worked with more webpages than firefox.