Yes. They should also be prohibited from reviewing Garage Band, CakeWalk, or any other music production software. After all, if a bunch of hippies can make "demo tapes" that rival professionally produced records in production quality, then bands might just start recording their own music, releasing it directly to fans via the internet, marking it themselves via social networks, and promoting their own concerts. Then what would all of the untalented people do to get their cut? What would the radio DJs do for money without their payola? WON'T SOMEONE THINK OF THE PARASITES?!
Or, say you're a student from out-of-state, and your phone has a way different area code. You call 911 from your phone and it just checks the origin number, then routes you to 911 in New Jersey when you're in Mass. having an emergency. Hopefully they have a different way of figuring it for cell phones than just the number?
I think the emphasis should be on the "some guy" aspect rather than the "Malaysia" aspect. The fact of the matter is, China and Russia aren't exactly hiding the fact that they have large populations of people who are basically dedicated to computer intrusion, espionage and intelligence gathering, many of whom receive partial or full government support, or are in fact government employees. While we have our own NSA, Russia and China seem to have lots of general citizens who are engaging in such activities for avowed nationalist purposes. I have a somewhat hard time believing that if I started hacking foreign governments and then went down the road here to share what information I may have gleaned that I'd be welcomed with open arms.
Malaysia isn't a country one generally hears about engaging in this type of activity. He could have been from Andora for all it matters, and the message would be the same: if one guy, no matter where he's from, without the support of his own government intelligence agencies, is able to obtain this type of information and access, then malicious state actors should have no trouble doing so. Also, the fact that his access to logistical information wasn't noticed until the course of what started out as a simple criminal investigation by the appropriate authorities (Secret Service being under the authority of the Treasury Department), that's kind of scary. It means that the Russians, Chinese, Iranians, or anyone else might also have had access to that same data and no one was apparently paying any attention, or there are unknown security flaws which were exploited and thus there were no IDS/IPS rules to catch the activity and raise any flags.
This dude is somewhat irrelevant compared to the wider implications of the non-credit-related activities, which are also pretty much straight up crime.
my father recently retired as an airline pilot. I could fly free, assuming there were seats available, until I graduated from college, so I went a lot of places. Every time I actually paid for a ticket on another airline, either for a school trip, or for work, I've been tagged for "additional screening," and that was before body scanners and TSA gropings.
I haven't been on an airplane in about 2 years though, and I don't know when I'll actually do it again. My new job I'm starting next Monday offered to fly me for my in-person interview and put me in a hotel the night before, but the 3 hour drive was less of a hassle than a 45 minute flight plus 4 hours of trying to get on the airplane, so I opted to just drive up the morning of my interview then stay with a friend after I was done.
When I go visit my grandparents in Florida, where they've lived since the 40s, I drive. I've flown a few times, but not in many years. It's kind of a hike from Virginia to Ft Lauderdale, but its easier than dealing with airlines, even when it was free. Flying sucks these days. Ticket prices are going up, perks are disappearing, etc. First class on a transatlantic flight is one thing, but my sister has decided that the next time she goes to Europe, she's going to take the QEII or something and do it old-school: steam across the atlantic and take trains around the continent. That's not exactly "let's go to Paris for dinner" convenient, though.
Maybe we'll see an upgrade in US rail infrastructure come out of this, which would be nice. They'll probably spoil that, too, though. Frankly, this is all a lot of bullshit, but I have no intention of subjecting myself to it if I can possibly avoid it.
If the airlines started making a stink and demanding compensation for lost revenue due to the TSA, then I think the government would be a little more apt to re-evaluate what constitutes "necessary" than if its just a bunch of peons. Hurting the airline to make them squeal is part of my plan.
I mean, these are average Americans we're talking about. Most of my countrymen and women are already distorted into something grotesque so that there isn't anything exciting or titillating about them. But seriously, though... if there were mass boycotts of the airlines for even a couple of days in protest over the scanners, I bet we'd see them removed right quick. Economics trump national security, after all. Plus, apparently economics are a national security issue in this post-cold war, post-columbine, post-9/11 world.
Fat people would cry/sweat Crisco which is a common shortning agent used in making high-fat content foods such as some cakes and cookies. It's a fat joke.
Maybe one of the new regulations that they mandate should be BGP route origin validation and proper response (filtering the announcement of the specific route in preference of a route with a valid origin bit)?
DHS is likely involved since they have a Federal mandate allowing them to operate in Civilian-space internally to the US, something NSA isn't really allowed to do for corporations (hence why similarly-skilled contractors were recommended to help with the incident response for Google re: China), but can do for government and military outfits. As I noted above, I strongly suspect that the DHS rules will be based on FIPS standards as well as slightly modified policy and technology guidelines from the IAD and CNSS. As long as they don't try to do this from scratch using a copy of 'Security+ For Dummies' as a guideline, then this might actually turn out alright.
This move doesn't necessitate a monoculture, it just depends on how they write the law and how those in charge of implementing it end up crafting regulations. As long as they're only enforcing standards and not a standard implementation, then its probably OK, as you stated in the second part of your post. For instance, if the regulation states that networks which have any convergence points with the public internet have, at all crossover points, IDS/IPS systems in place which meet a certain level of ability, then its up to the firm who owns the network to decide whether to go with a solution from Cisco, Juniper, Sourcefire, or another vendor, or to roll something home-grown as long as they can meet the requirements.
I'm sure most of the organizations which will be affected by this will already have most, if not all, the necessary security mechanisms in place. However, they may be out of date to some degree, not properly monitored, and some smaller organizations may be missing large swaths of helpful security infrastructure and best practices because it just hasn't "been an issue" for them in the past. This is probably a fairly direct result of the Stuxnet work/virus. Whether Federal mandates are actually going to help remains to be seen, but if they follow sane policy frameworks such as those outlined by the NSA IAD and the CNSS then this ought to be fine.
Since this is Slashdot, I'm sure at least a plurality will focus on the "private" in critical private network, as evidenced by the air quotes around 'Critical' in the lead line of the story, however when we're talking about power, water, and communications systems critical probably isn't strong enough a word to describe them, and their ability to operate is largely a result of government-enforced monopolies and government-enforced easements, so I wouldn't really call them 'private' either.
Also, what's the ratio of non-packt publishing to packt publishing books? This publisher seems to have come out of nowhere, push out a ton of second-rate crap, then try and stealth market via this sort of thing. I haven't really found anything buy them that's even been worth pirating, honestly.
Yeah, but on the downside, it means that asian chicks are going to start gaining weight and wanting to be "liberated" and stuff, so your sexy accent isn't really going to pay off.
Being laid off is a small thing, compared to region-wide ecological and economic disaster. A school or workplace incident would feel more approachable, I suspect: the perpetrator is familiar with the the target, the victims, etc. It's not storming a tower the size of a city block and rooting around for strangers in an unfamiliar setting while the SWAT team assembles outside preparing to take you out.
Of course, if you get a sufficiently sized group of co-nuts, then all of a sudden you have momentum and the force of history and blah blah blah. People from groups, from families to gangs to countries to tackle problems they instinctively know they can't take on by themselves. Apparently people down there don't see this as a big enough deal, or having a high enough payout, to form a group and try the violence route. Or maybe its because its the gulf coast and they aren't literate enough to be able to organize.
People feel powerless over big stuff and don't think that their lone action will have any effect. There are likely more consequences associated with such an action than rewards, and even fishermen can figure that one out.
From what I remember hearing about the case on NPR a few months ago, the officer claimed that he was going for the taser but pulled the pistol instead. Apparently they have the wire-based tasers which are more or less gun shaped as well.
As to the safety issue, most police departments in the US are currently issued weapons such as the Sig Saur P226, which doesn't actually have a manual safety. They are known as DA/SA for Double Action/Single Action, meaning that the weapon is carried with a round in the chamber and the first trigger pull requires over twice the force (in terms of pounds of pressure) as subsequent pulls. The first trigger pull cocks the weapon, bringing the 'hammer' back then releasing it to where the firing pin can strike the primer on the cartridge. The round is then ejected and the rammer brought back automatically so that the next pull can be shorter, and generally more accurate as a result.
Although, to anyone who understands that, it should seem even less plausible that the officer wouldn't have noticed a significantly more difficult trigger pull than what I believe the taser itself has. The weight of the weapon should also have been a tip-off.
However, back on topic, this "student activist" is still a jackass who has performed an unreasonable act and made reasonable people who might agree with his motives susceptible for being painted with the same brush. Ann Coulter may be a stone-cold bitch, but that's not excuse for being a dumb ass.
I guess its unfair competition that Unix/Linux started with a security model with prevented the rise of a virus problem so terrible that an industry was created around fixing issues that the os vendors/projects should have prevented. Man, I guess Cisco should sue the pfSense for allowing people to build security/gateway boxes every bit as capable as an ASA, only tens of thousands of dollars less.
If the EU "fixed" this situation, which perhaps one of the most sensible moves by Microsoft EVER, it will be really, really bad for all of us. That would be tantamount to saying you're not allowed to make a quality product because it is "unfair" to other companies that make money trying to work around your shoddy design.
This is absolutely nothing like the IE/Netscape browser wars. 15 years ago, a browser wasn't really considered necessary software and most people weren't on the web. The web wasn't a software platform in the same way it is today. But, yeah... whatever Microsoft does is bad and suspect and woe the humanity, think of the poor, suffering gnus!
Get over it. This is inevitable and beneficial. Most of those third-party security suites are so bloated and evil that they make the computer barely more usable than if it were infected by a virus. Frankly, I wouldn't be surprised to find out many of the antivirus companies make and release viruses themselves to help perpetuate a need for their product. I'm not just talking about Norton and McAffee either. Don't forget that Eugene Kaspersky is a former KGB major, but don't worry, you can totally trust him.
Well, I use a Mac for that sort of thing. I avoid it at all costs on Windows because it doesn't work particularly well off of a Mac. It seems to be perfectly well integrated into OS X though, and is quite snappy. However, it makes sense they'd put the effort into it.
Flash will suck the life out of a battery charge on my MacBook Pro, too, as well as every non-Apple laptop that I've owned recently, too. Interestingly, I don't have that issue if I watch a "raw" mp4 via the QuickTime plugin.
Slashdot Mirror
How do you propose making anything MANDATORY without doing just that?
Isn't congnitive dissonance an appropriate tool?
Yes. They should also be prohibited from reviewing Garage Band, CakeWalk, or any other music production software. After all, if a bunch of hippies can make "demo tapes" that rival professionally produced records in production quality, then bands might just start recording their own music, releasing it directly to fans via the internet, marking it themselves via social networks, and promoting their own concerts. Then what would all of the untalented people do to get their cut? What would the radio DJs do for money without their payola? WON'T SOMEONE THINK OF THE PARASITES?!
Or, say you're a student from out-of-state, and your phone has a way different area code. You call 911 from your phone and it just checks the origin number, then routes you to 911 in New Jersey when you're in Mass. having an emergency. Hopefully they have a different way of figuring it for cell phones than just the number?
Maybe they don't want to get lo-jacked by the phone and so leave it behind to be all covert and whatnot?
My dad somehow managed to butt dial 911 while at the gun range one day... that was a fun adventure.
slush funds in off-shore accounts which are replenished via under-the-table arms and narcotics deals? Or is that too 1980s to be relevant anymore?
I think the emphasis should be on the "some guy" aspect rather than the "Malaysia" aspect. The fact of the matter is, China and Russia aren't exactly hiding the fact that they have large populations of people who are basically dedicated to computer intrusion, espionage and intelligence gathering, many of whom receive partial or full government support, or are in fact government employees. While we have our own NSA, Russia and China seem to have lots of general citizens who are engaging in such activities for avowed nationalist purposes. I have a somewhat hard time believing that if I started hacking foreign governments and then went down the road here to share what information I may have gleaned that I'd be welcomed with open arms.
Malaysia isn't a country one generally hears about engaging in this type of activity. He could have been from Andora for all it matters, and the message would be the same: if one guy, no matter where he's from, without the support of his own government intelligence agencies, is able to obtain this type of information and access, then malicious state actors should have no trouble doing so. Also, the fact that his access to logistical information wasn't noticed until the course of what started out as a simple criminal investigation by the appropriate authorities (Secret Service being under the authority of the Treasury Department), that's kind of scary. It means that the Russians, Chinese, Iranians, or anyone else might also have had access to that same data and no one was apparently paying any attention, or there are unknown security flaws which were exploited and thus there were no IDS/IPS rules to catch the activity and raise any flags.
This dude is somewhat irrelevant compared to the wider implications of the non-credit-related activities, which are also pretty much straight up crime.
my father recently retired as an airline pilot. I could fly free, assuming there were seats available, until I graduated from college, so I went a lot of places. Every time I actually paid for a ticket on another airline, either for a school trip, or for work, I've been tagged for "additional screening," and that was before body scanners and TSA gropings.
I haven't been on an airplane in about 2 years though, and I don't know when I'll actually do it again. My new job I'm starting next Monday offered to fly me for my in-person interview and put me in a hotel the night before, but the 3 hour drive was less of a hassle than a 45 minute flight plus 4 hours of trying to get on the airplane, so I opted to just drive up the morning of my interview then stay with a friend after I was done.
When I go visit my grandparents in Florida, where they've lived since the 40s, I drive. I've flown a few times, but not in many years. It's kind of a hike from Virginia to Ft Lauderdale, but its easier than dealing with airlines, even when it was free. Flying sucks these days. Ticket prices are going up, perks are disappearing, etc. First class on a transatlantic flight is one thing, but my sister has decided that the next time she goes to Europe, she's going to take the QEII or something and do it old-school: steam across the atlantic and take trains around the continent. That's not exactly "let's go to Paris for dinner" convenient, though.
Maybe we'll see an upgrade in US rail infrastructure come out of this, which would be nice. They'll probably spoil that, too, though. Frankly, this is all a lot of bullshit, but I have no intention of subjecting myself to it if I can possibly avoid it.
If the airlines started making a stink and demanding compensation for lost revenue due to the TSA, then I think the government would be a little more apt to re-evaluate what constitutes "necessary" than if its just a bunch of peons. Hurting the airline to make them squeal is part of my plan.
I mean, these are average Americans we're talking about. Most of my countrymen and women are already distorted into something grotesque so that there isn't anything exciting or titillating about them. But seriously, though... if there were mass boycotts of the airlines for even a couple of days in protest over the scanners, I bet we'd see them removed right quick. Economics trump national security, after all. Plus, apparently economics are a national security issue in this post-cold war, post-columbine, post-9/11 world.
Fat people would cry/sweat Crisco which is a common shortning agent used in making high-fat content foods such as some cakes and cookies. It's a fat joke.
Cowboy Neal also cries fewer Crisco tears into his Golden Grams in public than Glen Beck does. That's another (pretty big) difference.
Maybe one of the new regulations that they mandate should be BGP route origin validation and proper response (filtering the announcement of the specific route in preference of a route with a valid origin bit)?
DHS is likely involved since they have a Federal mandate allowing them to operate in Civilian-space internally to the US, something NSA isn't really allowed to do for corporations (hence why similarly-skilled contractors were recommended to help with the incident response for Google re: China), but can do for government and military outfits. As I noted above, I strongly suspect that the DHS rules will be based on FIPS standards as well as slightly modified policy and technology guidelines from the IAD and CNSS. As long as they don't try to do this from scratch using a copy of 'Security+ For Dummies' as a guideline, then this might actually turn out alright.
This move doesn't necessitate a monoculture, it just depends on how they write the law and how those in charge of implementing it end up crafting regulations. As long as they're only enforcing standards and not a standard implementation, then its probably OK, as you stated in the second part of your post. For instance, if the regulation states that networks which have any convergence points with the public internet have, at all crossover points, IDS/IPS systems in place which meet a certain level of ability, then its up to the firm who owns the network to decide whether to go with a solution from Cisco, Juniper, Sourcefire, or another vendor, or to roll something home-grown as long as they can meet the requirements.
I'm sure most of the organizations which will be affected by this will already have most, if not all, the necessary security mechanisms in place. However, they may be out of date to some degree, not properly monitored, and some smaller organizations may be missing large swaths of helpful security infrastructure and best practices because it just hasn't "been an issue" for them in the past. This is probably a fairly direct result of the Stuxnet work/virus. Whether Federal mandates are actually going to help remains to be seen, but if they follow sane policy frameworks such as those outlined by the NSA IAD and the CNSS then this ought to be fine.
Since this is Slashdot, I'm sure at least a plurality will focus on the "private" in critical private network, as evidenced by the air quotes around 'Critical' in the lead line of the story, however when we're talking about power, water, and communications systems critical probably isn't strong enough a word to describe them, and their ability to operate is largely a result of government-enforced monopolies and government-enforced easements, so I wouldn't really call them 'private' either.
Also, what's the ratio of non-packt publishing to packt publishing books? This publisher seems to have come out of nowhere, push out a ton of second-rate crap, then try and stealth market via this sort of thing. I haven't really found anything buy them that's even been worth pirating, honestly.
Yeah, but on the downside, it means that asian chicks are going to start gaining weight and wanting to be "liberated" and stuff, so your sexy accent isn't really going to pay off.
Being laid off is a small thing, compared to region-wide ecological and economic disaster. A school or workplace incident would feel more approachable, I suspect: the perpetrator is familiar with the the target, the victims, etc. It's not storming a tower the size of a city block and rooting around for strangers in an unfamiliar setting while the SWAT team assembles outside preparing to take you out.
Of course, if you get a sufficiently sized group of co-nuts, then all of a sudden you have momentum and the force of history and blah blah blah. People from groups, from families to gangs to countries to tackle problems they instinctively know they can't take on by themselves. Apparently people down there don't see this as a big enough deal, or having a high enough payout, to form a group and try the violence route. Or maybe its because its the gulf coast and they aren't literate enough to be able to organize.
People feel powerless over big stuff and don't think that their lone action will have any effect. There are likely more consequences associated with such an action than rewards, and even fishermen can figure that one out.
Software doesn't have to accept input from the user to be susceptible to viruses. It may help to have an input buffer in order to overflow it, though.
You really don't seem to have much of an argument yourself.
From what I remember hearing about the case on NPR a few months ago, the officer claimed that he was going for the taser but pulled the pistol instead. Apparently they have the wire-based tasers which are more or less gun shaped as well.
As to the safety issue, most police departments in the US are currently issued weapons such as the Sig Saur P226, which doesn't actually have a manual safety. They are known as DA/SA for Double Action/Single Action, meaning that the weapon is carried with a round in the chamber and the first trigger pull requires over twice the force (in terms of pounds of pressure) as subsequent pulls. The first trigger pull cocks the weapon, bringing the 'hammer' back then releasing it to where the firing pin can strike the primer on the cartridge. The round is then ejected and the rammer brought back automatically so that the next pull can be shorter, and generally more accurate as a result.
Although, to anyone who understands that, it should seem even less plausible that the officer wouldn't have noticed a significantly more difficult trigger pull than what I believe the taser itself has. The weight of the weapon should also have been a tip-off.
However, back on topic, this "student activist" is still a jackass who has performed an unreasonable act and made reasonable people who might agree with his motives susceptible for being painted with the same brush. Ann Coulter may be a stone-cold bitch, but that's not excuse for being a dumb ass.
Death is biology. F=MA is generally involved in causing said death, though, be there a cause which is not considered "natural".
I guess its unfair competition that Unix/Linux started with a security model with prevented the rise of a virus problem so terrible that an industry was created around fixing issues that the os vendors/projects should have prevented. Man, I guess Cisco should sue the pfSense for allowing people to build security/gateway boxes every bit as capable as an ASA, only tens of thousands of dollars less.
If the EU "fixed" this situation, which perhaps one of the most sensible moves by Microsoft EVER, it will be really, really bad for all of us. That would be tantamount to saying you're not allowed to make a quality product because it is "unfair" to other companies that make money trying to work around your shoddy design.
This is absolutely nothing like the IE/Netscape browser wars. 15 years ago, a browser wasn't really considered necessary software and most people weren't on the web. The web wasn't a software platform in the same way it is today. But, yeah... whatever Microsoft does is bad and suspect and woe the humanity, think of the poor, suffering gnus!
Get over it. This is inevitable and beneficial. Most of those third-party security suites are so bloated and evil that they make the computer barely more usable than if it were infected by a virus. Frankly, I wouldn't be surprised to find out many of the antivirus companies make and release viruses themselves to help perpetuate a need for their product. I'm not just talking about Norton and McAffee either. Don't forget that Eugene Kaspersky is a former KGB major, but don't worry, you can totally trust him.
Well, I use a Mac for that sort of thing. I avoid it at all costs on Windows because it doesn't work particularly well off of a Mac. It seems to be perfectly well integrated into OS X though, and is quite snappy. However, it makes sense they'd put the effort into it.
Flash will suck the life out of a battery charge on my MacBook Pro, too, as well as every non-Apple laptop that I've owned recently, too. Interestingly, I don't have that issue if I watch a "raw" mp4 via the QuickTime plugin.