Security is all about the Threat Model, and depending on that model, "don't worry about it" is a perfectly valid response.
Over all, I don't think he's got a "why bother" attitude, or else why would he be trying so hard to educate people on reasonable, effective security?
An interesting read from one of his essays:
Threat models
A good design starts with a threat model: what the system is designed to protect, from whom, and for how long. The threat model must take the entire system into account--not just the data to be protected, but the people who will use the system and how they will use it. What motivates the attackers? Must attacks be prevented, or can they just be detected? If the worst happens and one of the fundamental security assumptions of a system is broken, what kind of disaster recovery is possible? The answers to these questions can't be standardized; they're different for every system. Too often, designers don't take the time to build accurate threat models or analyze the real risks.
Threat models allow both product designers and consumers to determine what security measures they need. Does it makes sense to encrypt your hard drive if you don't put your files in a safe? How can someone inside the company defraud the commerce system? Are the audit logs good enough to convince a court of law? You can't design a secure system unless you understand what it has to be secure against.
System design
Design work is the mainstay of the science of cryptography, and it is very specialized. Cryptography blends several areas of mathematics: number theory, complexity theory, information theory, probability theory, abstract algebra, and formal analysis, among others. Few can do the science properly, and a little knowledge is a dangerous thing: inexperienced cryptographers almost always design flawed systems. Good cryptographers know that nothing substitutes for extensive peer review and years of analysis. Quality systems use published and well-understood algorithms and protocols; using unpublished or unproven elements in a design is risky at best.
Cryptographic system design is also an art. A designer must strike a balance between security and accessibility, anonymity and accountability, privacy and availability. Science alone cannot prove security; only experience, and the intuition born of experience, can help the cryptographer design secure systems and find flaws in existing designs.
Implementation
There is an enormous difference between a mathematical algorithm and its concrete implementation in hardware or software. Cryptographic system designs are fragile. Just because a protocol is logically secure doesn't mean it will stay secure when a designer starts defining message structures and passing bits around. Close isn't close enough; these systems must be implemented exactly, perfectly, or they will fail. A poorly designed user interface can make a hard-drive encryption program completely insecure. A false reliance on tamper-resistant hardware can render an electronic commerce system all but useless. Since these mistakes aren't apparent in testing, they end up in finished products. Many flaws in implementation cannot be studied in the scientific literature because they are not technically interesting. That's why they crop up in product after product. Under pressure from budgets and deadlines, implementers use bad random-number generators, don't check properly for error conditions, and leave secret information in swap files. The only way to learn how to prevent these flaws is to make and break systems, again and again.
Actually, in our case, we have a policy whereby all the computers we manage and do application development on stay at GMT, and the application does the business logic of calculating the end-user's time.
This is because 99% of the apps we write are at LEAST for a national, if not international user-base.
For instance, we did some work here for a bank in Canada, and dealing with some of the provinces that DON'T do DST, and one province that shall remaine nameless (Newfoundland gets picked on enough) that has a 1/2 hour time zone change, proved to be quite challenging, until we went GMT across the board.
I really don't see DST as being that big of a deal, personally.
That's not the case at all... you can actually override just about anything using Hibernate.
For instance, we use DB-specific tuning objects, as well as special type handlers (BLOB on Oracle, for instance) that allows us complete control of how the DB is dealt with.
I went to a local Vancouver camera shop's web site, and looked into pricing for a Sigma SD10. Found that they had a great deal on for the camera body, 2 lenses (wide angle and zoom), case, and really nice flash.
I went down and tried to buy the camera, but was quoted a HUGELY different price for it. I asked the guy to go to their website and tell me what it says, after which the clerk said someone made a mistake on the data input... turns out the price was only for the base, not including the 2 lenses and the flash.
As a result, the clerk called the owner/boss, who asked them if the lower price was actually on the site, and had a detailed description of what was included in that price, and when it was validated, he said "well, give that stuff to him at that price... and CHANGE THE WEBSITE. " The site was changed while I was still in the store paying for my camera.
So, at the end of the day, I saved over $1,500 due to their screwup. I kind of felt bad about it, and ended up buying more stuff than I would have (huge amounts of ram, rechargeable batteries, tripod, etc), but it was nice to see the guy live up to his on-line marketing.
I don't think it was feasible to test at full capacity before this flight, which, as others have mentioned, is pretty well the main test flight.
The problem is that when you have a fuel load that is designed to last 80+ hours, and weighs a LOT, you can't just take off with a full load and then land again in an hour or so. Even a lot of commercial airliners will stress their landing gear (and other "stuff") if they try to land with full tanks, never mind a ship like this that is basically a flying fuel tank.
It's got absolutely nothing to do with costs. It's all about revenue.
Big record companies (at least in Canada, like EMI and Virgin) have invested quite heavily in developing physical production/reproduction facilities and distribution systems for CD's and DVD's.
When digital downloads are used, this whole revenue-generating avenue is bypassed, and it costs them money, instead of making them money.
The companies are, for the most part, "old school" thinkers, who didn't see this digital distribution thing coming, and didn't plan for it. As a result, they want to keep maximizing profits out of their existing distribution channels, as they are really the only high-margin revenue streams they have.
I remember reading some business case study that explained how McDonalds has purchased back most of it's privately owned stores, and how it's now impossible to purchase a new McDonalds franchise. All new stores are owned by McDonalds.
I would actually not mind Google ads on the bottom of Wikipedia pages if they're relevant. Let's say I'm reading about some scientific shit on there,...
Hmmm... not sure I'd want to buy some "scientific shit", but hey, each to their own.;)
I really don't think so, unless there are some extenuating circumstances that I'm not aware of.
It's also a marketing technique that has been used for years.
For instance, in the early 70's, Chevy and Ford used to provide some of the high-profile street racers in certain cities with tricked out "super cars" that would blow anything else off the road, all in order to get people to want to buy those products.
I don't see how this is "unethical" in the least.
Sure, I'm jealous as hell that I'm not one of the "special" people being targeted to receive anything, but I think you're taking things a little bit to an extreme.
So your entire post boils down to: "If they try to deceive you and succeed, it is your fault for getting duped, and not their fault for being lying scumbags."
Try and deceive you?!?!? They put a contract in front of you, and let you READ IT.
This thing called a contract has words and stuff in it that describes it.
If they don't understand it, and sign it, then THEY ARE STUPID. If they DO understand it and sign it, then THEY MADE THE BED THEY'RE GOING TO LIE IN, and I have no pity for them.
You better go drink the cool-aid, and check your tinfoil hat... it might be a little loose.
Why yes, I was there. Hanging out at the sound board, no less, for a number of the shows.
What was your role?
I assume you were playing as part of the "village" stages, and not the "B" or "A" stage acts. If that was the case, then the contract you entered into in order to play there stated that you forfeited all rights to any recordings made during those performances... whether they were audio, video, or stills.
That was in lieu of giving you some pretty major marketing and exposure to a shit-load of people on what was, at the time, one of the hottest tours of the decade.
If it wasn't your band, and you were a hired musician of a group, then your beef is with the band that hired you. Odds are you aren't entitled to receive any royalties of any kind if you're a contract/hourly musician, unless you negotiated differently.
And I find it interesting that you yourself labelled your work as "contract labor". Did you expect, or agree, or negotiate to get any mechanical or record royalties? If not, then why do you expect to get them? If so, then there would be any number of lawyers that would be willing to take on your case without any up front expenses.
Just out of curiosity, what was the name of the act? I'd be interested in checking out some of the details.
Also, if you're a "dues paying union member", (as am I), you should have the ability to leverage those resources to fight your case. That's part of the reason the union is there, or so they say.
All in all, sounds like you weren't that savvy about the situation you were in, and are now pissed over it.
Sorry to hear you feel like you got screwed over, but I seriously doubt that was the case.
I've been part of 3 original projects, one of which made it to a #2 single in, of all places, the Netherlands. (Don't ask me how!) Otherwise, we didn't get accepted, and looking/listening back, it was mostly crap at the time.
But I said "paying" gigs. Original stuff, no matter how good, doesn't pay the rent all that well when you're unknown and your local city doesn't have the infrastructure to support it.
The cover gigs paid REALLY well, especially for the 3 years we were the house band at a local bar. Never mind the $$$ for business conventions, weddings, etc. We even made HUGE money for playing 2 days at the Molson Indy.
So yeah, I'm a player. But you see, I'm a software developer who plays music in my spare time as a hobby, not a full-time musician.
I agree totally, and that should be part of the initial contract negotiations. A close friend of mine got signed, and I helped her get the initial contract in place, and ensured that she had that kind of stuff covered.
There was a LOT of "mutual consent and agreement on the spending of funds" language everywhere.
All in all it was very useful for her, as the label spent an extra $120,000 on Production, without authorization, and had to eat it themselves.
Once again, it's all about the contract and the negotiations of that contract.
Want a good one? Get (and spend the money) on a good lawyer with experience in the field. It'll be the best couple of thousand dollars you'll EVER spend for your career.
My point is that if they are presented with a shitty contract, it is THEIR OPTION to sign it or NOT.
I have 3 software companies right now, and am constantly approached by VC's who want to give us mediocre cash for controlling interest in them. Guess what? It's MY decision to do the deal or not, and if it's a bad deal, then I won't.
If I _DID_ do one of the deals, and started to bitch and complain about it later about how I got screwed, then I fully expect my friends to smack me upside the head and tell me to "shut the fuck up".
Personally, I pay for music to support the artist in their efforts.
If they are part of the "big label" scene, then the sale usually helps to pay off their debt to the label. Sure, the **AA or label gets a huge percentage of the cash, but that's the deal the artist signed.
I also prefer to help the local artist who takes that $10 for the CD and buys new strings for his guitar, or puts it toward producing more CD's, etc.
Slashdot Mirror
Yeah, I know it's expensive, but I'd be willing to pay that for each individually delivered episode.
I wonder how they'd classify straight to DVD, direct sale episodes?
I know I like it enough to spend $20 per episode delivered weekly/monthly.
Not quite movie, not quite TV...
Over all, I don't think he's got a "why bother" attitude, or else why would he be trying so hard to educate people on reasonable, effective security?
An interesting read from one of his essays:
And then the 5lbs block of Cocaine shows up, and you're screwed. :P
Actually, in our case, we have a policy whereby all the computers we manage and do application development on stay at GMT, and the application does the business logic of calculating the end-user's time.
This is because 99% of the apps we write are at LEAST for a national, if not international user-base.
For instance, we did some work here for a bank in Canada, and dealing with some of the provinces that DON'T do DST, and one province that shall remaine nameless (Newfoundland gets picked on enough) that has a 1/2 hour time zone change, proved to be quite challenging, until we went GMT across the board.
I really don't see DST as being that big of a deal, personally.
That's not the case at all... you can actually override just about anything using Hibernate.
For instance, we use DB-specific tuning objects, as well as special type handlers (BLOB on Oracle, for instance) that allows us complete control of how the DB is dealt with.
I'm surprised that /.ers are just now hearing about it.
Yeah... I would have thought it wouldn't be heard about until sometime late next week... twice.
Does this mean that they could now be considered responsible for the content that is passed over their network?
For instance, if someone were to send a bunch of sick kiddie-porn crap using AIM, does that mean that they can be held accountable for it?
Probably not, but they should be.
I went to a local Vancouver camera shop's web site, and looked into pricing for a Sigma SD10. Found that they had a great deal on for the camera body, 2 lenses (wide angle and zoom), case, and really nice flash.
I went down and tried to buy the camera, but was quoted a HUGELY different price for it. I asked the guy to go to their website and tell me what it says, after which the clerk said someone made a mistake on the data input... turns out the price was only for the base, not including the 2 lenses and the flash.
As a result, the clerk called the owner/boss, who asked them if the lower price was actually on the site, and had a detailed description of what was included in that price, and when it was validated, he said "well, give that stuff to him at that price... and CHANGE THE WEBSITE. " The site was changed while I was still in the store paying for my camera.
So, at the end of the day, I saved over $1,500 due to their screwup. I kind of felt bad about it, and ended up buying more stuff than I would have (huge amounts of ram, rechargeable batteries, tripod, etc), but it was nice to see the guy live up to his on-line marketing.
I don't think it was feasible to test at full capacity before this flight, which, as others have mentioned, is pretty well the main test flight.
The problem is that when you have a fuel load that is designed to last 80+ hours, and weighs a LOT, you can't just take off with a full load and then land again in an hour or so. Even a lot of commercial airliners will stress their landing gear (and other "stuff") if they try to land with full tanks, never mind a ship like this that is basically a flying fuel tank.
It's got absolutely nothing to do with costs. It's all about revenue.
Big record companies (at least in Canada, like EMI and Virgin) have invested quite heavily in developing physical production/reproduction facilities and distribution systems for CD's and DVD's.
When digital downloads are used, this whole revenue-generating avenue is bypassed, and it costs them money, instead of making them money.
The companies are, for the most part, "old school" thinkers, who didn't see this digital distribution thing coming, and didn't plan for it. As a result, they want to keep maximizing profits out of their existing distribution channels, as they are really the only high-margin revenue streams they have.
Are you fucking kidding me? Does nobody in Editorland ever read the site to see what's been posted before?
The only answer I can think of that makes sense is that the Editors know it's a button that gets us going, so they push it when they're bored.
This is getting rediculous.
Also, what has this got to do with "Your Rights Online"?
I remember reading some business case study that explained how McDonalds has purchased back most of it's privately owned stores, and how it's now impossible to purchase a new McDonalds franchise. All new stores are owned by McDonalds.
look closer... advertised was "or", while some people were mistakenly calling "er".
I would actually not mind Google ads on the bottom of Wikipedia pages if they're relevant. Let's say I'm reading about some scientific shit on there, ...
;)
Hmmm... not sure I'd want to buy some "scientific shit", but hey, each to their own.
-3 for not understanding basic economics
However, what about the Vegas company that purchased the "goods"? Are any legal proceedings taking place against them?
Well, according to TFA, "yes".
Unethical?
I really don't think so, unless there are some extenuating circumstances that I'm not aware of.
It's also a marketing technique that has been used for years.
For instance, in the early 70's, Chevy and Ford used to provide some of the high-profile street racers in certain cities with tricked out "super cars" that would blow anything else off the road, all in order to get people to want to buy those products.
I don't see how this is "unethical" in the least.
Sure, I'm jealous as hell that I'm not one of the "special" people being targeted to receive anything, but I think you're taking things a little bit to an extreme.
So your entire post boils down to: "If they try to deceive you and succeed, it is your fault for getting duped, and not their fault for being lying scumbags."
Try and deceive you?!?!? They put a contract in front of you, and let you READ IT.
This thing called a contract has words and stuff in it that describes it.
If they don't understand it, and sign it, then THEY ARE STUPID. If they DO understand it and sign it, then THEY MADE THE BED THEY'RE GOING TO LIE IN, and I have no pity for them.
You better go drink the cool-aid, and check your tinfoil hat... it might be a little loose.
Why yes, I was there. Hanging out at the sound board, no less, for a number of the shows.
What was your role?
I assume you were playing as part of the "village" stages, and not the "B" or "A" stage acts. If that was the case, then the contract you entered into in order to play there stated that you forfeited all rights to any recordings made during those performances... whether they were audio, video, or stills.
That was in lieu of giving you some pretty major marketing and exposure to a shit-load of people on what was, at the time, one of the hottest tours of the decade.
If it wasn't your band, and you were a hired musician of a group, then your beef is with the band that hired you. Odds are you aren't entitled to receive any royalties of any kind if you're a contract/hourly musician, unless you negotiated differently.
And I find it interesting that you yourself labelled your work as "contract labor". Did you expect, or agree, or negotiate to get any mechanical or record royalties? If not, then why do you expect to get them? If so, then there would be any number of lawyers that would be willing to take on your case without any up front expenses.
Just out of curiosity, what was the name of the act? I'd be interested in checking out some of the details.
Also, if you're a "dues paying union member", (as am I), you should have the ability to leverage those resources to fight your case. That's part of the reason the union is there, or so they say.
All in all, sounds like you weren't that savvy about the situation you were in, and are now pissed over it.
Sorry to hear you feel like you got screwed over, but I seriously doubt that was the case.
One is not mutually exclusive of the other.
:P
I've been part of 3 original projects, one of which made it to a #2 single in, of all places, the Netherlands. (Don't ask me how!) Otherwise, we didn't get accepted, and looking/listening back, it was mostly crap at the time.
But I said "paying" gigs. Original stuff, no matter how good, doesn't pay the rent all that well when you're unknown and your local city doesn't have the infrastructure to support it.
The cover gigs paid REALLY well, especially for the 3 years we were the house band at a local bar. Never mind the $$$ for business conventions, weddings, etc. We even made HUGE money for playing 2 days at the Molson Indy.
So yeah, I'm a player. But you see, I'm a software developer who plays music in my spare time as a hobby, not a full-time musician.
So, well, BLOW ME.
only to have their dreams and wallet shattered by manipulation, deception, greed and indifference
That's pretty funny, as it's their OWN dreams of fame and fortune (greed) that lead them down that path.
"If you're going to swim with the sharks..."
Thanks for playing though.
I agree totally, and that should be part of the initial contract negotiations. A close friend of mine got signed, and I helped her get the initial contract in place, and ensured that she had that kind of stuff covered.
There was a LOT of "mutual consent and agreement on the spending of funds" language everywhere.
All in all it was very useful for her, as the label spent an extra $120,000 on Production, without authorization, and had to eat it themselves.
Once again, it's all about the contract and the negotiations of that contract.
Want a good one? Get (and spend the money) on a good lawyer with experience in the field. It'll be the best couple of thousand dollars you'll EVER spend for your career.
Huh?
My point is that if they are presented with a shitty contract, it is THEIR OPTION to sign it or NOT.
I have 3 software companies right now, and am constantly approached by VC's who want to give us mediocre cash for controlling interest in them. Guess what? It's MY decision to do the deal or not, and if it's a bad deal, then I won't.
If I _DID_ do one of the deals, and started to bitch and complain about it later about how I got screwed, then I fully expect my friends to smack me upside the head and tell me to "shut the fuck up".
Personally, I pay for music to support the artist in their efforts.
If they are part of the "big label" scene, then the sale usually helps to pay off their debt to the label. Sure, the **AA or label gets a huge percentage of the cash, but that's the deal the artist signed.
I also prefer to help the local artist who takes that $10 for the CD and buys new strings for his guitar, or puts it toward producing more CD's, etc.