Realistically, the devices probably run whatever was reasonably current when the actual device was designed and tested. They're not *trying* to run old shit, they just don't want to re-certify every time they make a change to the system. Certification with the.gov is expensive and time consuming, which I know from first hand experience, and medical certification is even worse.
On this board, it is important to us that people take IT security reasonably seriously. To medical equipment makers, that's second fiddle to being able to make a device that works at its primary task which can then make it through certification and eventually make back the cash they dumped into designing it and pushing it through the process.
Someone like the FDA is going to have to force them to care about malware protection, mostly because it is the FDA that is making it such a pain in the ass to get this stuff certified to begin with. They're the long pole in the tent, so unless the FDA cares about it, everything else is less than important.
It's not the doc's fault that the company will not support something if you screw with it. I mean, sure, they can invalidate the warranty, and then who is going to fix it when it breaks?
I'm guessing you don't work with this stuff very often or you'd know that you don't screw with something that invalidates your warranty on equipment that costs millions to replace. The doctors don't have a plethora of products to choose from where they can simply pick one that is a little more expensive, but has malware protection.
The actual problem is that the manufacturers for these devices are not in any way incentivized for securing their devices against malware attacks. Their device only needs to do what it's primary function is because there's no other serious competition. You can't go buy this shit at Walmart, you know. You get to pick product #1 which isn't protected from malware or product #2 which isn't protected from malware either.
Outlaw encrypted connections. No more SSL, no more legal VPN services, no more standardized, general encryption for connections. If you see anything you can't inspect the packets for at the telco without decryption, you order telecoms to dump those packets into the bit bucket at the router.
Only exception: if you want to do business with someone securely, you have to register with them so you can receive the appropriate key which only works from your identity to their servers. That key is available to the government, and might even be already on file so they don't even need to ask the business for it. Maybe it is the government that issues your private key. Your packets have your ID number in the header, and the routing can only happen between your registered key and the IP address(es) of the merchant site.
Not likely to happen in the US, but a place like China could force it. They already force all sorts of registration. If it was a real program, they'd have to phase it in or their economy flounders, but I think China is moving in that direction. They just need to re-write some protocols and get a few more capabilities.
All you need to do is tell them you're very interested, but you have to take care of something and you'll be right back. Then you put the phone on mute and leave it there for about 10 minutes and go about your business. They'll stick around as long as they can because you said you'd get back to them, and it will run up their call time, absolutely screwing their turnover rate. If they haven't hung up after 10 minutes, just pick up the phone and hang up when you get back to it.
Enough people who do that, and you'll hurt them considerably by making them waste cycles. Even relatively small inefficiencies can add up in a bulk business like that if they are repeated. You're keeping longer them from making the next call, which could be that sucker who really does pay them.
Of course, with the new recordings they are making, that changes things because they can make more calls, but an open line still is a resource that they are using from their end.
Obviously, if you get them to waste the time of humans by going through their script, it is more expensive and more worth it (and more entertaining), but then you are committing your own, much more valuable time to that, so scam baiting probably isn't actually a big issue for them. Most people don't have the time to do that.
Take a shit job or starve? I don't have to like talking to them, but I don't want them dead just because they want to put food on the table. It's not like the people in that call center are the ones who are getting rich.
I will grant you, I don't really know who responds to that shit these days, so I am not sure how anyone actually still has a job in many of these call centers. I don't even pick up calls I don't recognize any more and the second it sounds like it isn't someone I would want to talk to, I hang up. And I don't consider myself to have been particularly harassed either.
It seems like there have been more recordings than actual telemarketers these days when I do actually take a call. And that is really odd, because you can't even use pressure tactics on people by using a recording. It makes me wonder if these kinds of calls are actually dying out, rather than becoming more prevalent. I'm probably deluding myself, but it does feel like they're really trying to cut costs by removing humans from the loop, even if the message is not as effective.
I still blame the manufacturers of those devices for that. Not everyone is a router expert or even understands the risks of that device, and the makers of home routers and wi-fi devices are marketing to those people. The manufacturers should know the risks and make it easy to both know that there is a password to change, and to ensure that it gets changed without a stupid amount of effort or domain knowledge.
Or at the very least, they should set a different initial password on each that isn't trivial to hack. Even if the user never changes it, there should be a reasonable possibility that the initial password will not be cracked before the device breaks. But that would require the manufacturers to think of that and have a process to do that, and they just want to stamp out software images that all have the same password on it and leave it up to people who don't know any better.
With a concerted effort, it could be considerably hampered. There are patterns of behavior which are currently allowed which the so-called Dark Net takes advantage of to make that environment convenient enough for a relatively wide user base. If you shut down some of those allowed capabilities, or severely restrict them, the Dark Net would be considerably reduced.
There's nothing that could stop some form of underground network from existing, even if you disallowed encryption and inspected all packets. But you can do things to curtail it enough that you'd restrict commerce in that manner to some very specific players.
You'll never shut down highly skilled denizens, such as organized crime communications, but that one guy who just wants to order some weed from a Dark Net e-store may not have be able to do that.
Gee. if only the FBI put as much work into making sure automatic weapons don't get into the hands of criminals as much as they worried about telephones getting into the hands of criminals.
What makes you think that they don't use the same amount of effort? It seems like they've had about the same level of actual success, which is to say, very limited success.
Doesn't matter. The order might be vacated, but the decision that allowed it is still on the books. The order is vacated because it was no longer desired to be enforced. That didn't change the premise under which the order was granted.
They withdrew their enforcement action of that one order. The order itself, never having been quashed, is thus considered to have stood, albeit it was never enforced. Only actual decisions are precedent, not cases that never made it to judgement.
There is still a decision on the books which gave them the order which would only be contradicted by another actual ruling, such as if they had had gone to judgement and lost on appeal. The fact that they decided not to continue to pursue enforcement doesn't mean they lost their case, and without a decision, there is no ruling to overturn the existing precedent.
That said, the precedent could just as easily be overturned by the next court to look at it, as it would have been by this court. So they're just stating that they are willing to try again because they weren't slapped down, it doesn't mean that they now have an ironclad case to challenge an appeal.
The case didn't complete the challenge, but at the same time, there was no ruling, so there is only one ruling at this time: the court order compelling Apple to cooperate.
So, they didn't actually win the war, but they do have a solid tactical victory under their belts that they could turn strategic under the right circumstances. They may have backed off their offensive this time, but they're still in possession of the battlefield and the territory behind it where they can launch an attack from in the future, at their leisure.
So, for some value of winning, they *have* won something, just not everything all at once.
(a) they never needed to get into the phone because it was already broken; or (b) they lied that they broke into it and are now still unable to get into the phone, but won't admit it.
Which pretty much requires them to be handing us a bold faced lie for no reason. The FBI could withdraw its request at any time without having to go to these lengths if they felt they would lose at the Supreme Court. And I don't see how public opinion or other corporations would be able to affect the Court appeal process. The appeals court judges and the justices are not, after all, elected. Presumably, the FBI would have opened the request weighing the chances of a Supreme Court appearance from the beginning.
I'm no fan of the government, but lying in this manner, while colluding with a third party corporation, and a foreign one at that, seems like it would be a huge risk when a much smaller lie would have sufficed. The FBI could have simply backed off and worked to let the matter drop without setting a negative precedent. Seems too convoluted.
Actually, I was referring to the person walking as paying attention to the phone, not the driver. I suppose that could be ambiguous in retrospect.
While I agree that most situations can be prevented by the driver being attentive, there are definitely situations where a pedestrian can come out of nowhere. I don't for a second believe that all pedestrians can be avoided simply by being attentive.
When you are on a road or a pedestrian on a public road/sidewalk there is always the expectation that both sides will be rational to some degree. I agree that most of the responsibility goes on a driver, for various reasons, but I just can't get behind throwing the book at a driver for having to deal with someone who is so oblivious to their own safety as to walk on a road while not watching what they are doing. And there are people like that out there.
That's why Sun was actually an investment worth making. They hope to make more off of lawsuits with Sun's IP than they paid for Sun.
Oracle's business model at this point is based off of extracting as much money out of existing customers and through lawsuits as possible. They reached the saturation point in the database market long ago.
You need to sell the problem that your product fixes.
A direct assault on performance is a hard sell. You can be 10x better, but if a customer is happy with what they have, they aren't going to budge. A lot of big companies are adverse to change. VCs would know that too. Companies have big investments into the products that they have already installed. And they have a lot of inertia as well. They're not always looking to upgrade, especially if there is nothing that more "quality" or "speed" gets them in their existing product.
What you need to do is not seek to replace what they have, you need to show them that your product is what they are *missing*.
For instance, no one is going to drop their paid off economy car simply to pay for a new economy car with more horsepower.
They *will* buy your sports styled car with the same engine and basic specs as your econo-box if it looks good and gets them laid.
Both cars can get you to work, but only my sports car is more likely to get you dates.
Pick some markets and think about how your product fixes a problem that they have. Does your product make it possible to make factories more productive? Can you increase bookings per quarter by improving lead generation and qualification speed?
If you target a specific market or two, you can dig deep into what they need and ensure your product can do something for them that their existing data management software does not. Even if you do something as silly as have compatibility with some other software specific to that market, you have a wedge into a place where your older and slower competitors can't interfere. And once you are in there, the company will feel more comfortable moving to your superior product for all its data management needs.
Solve the problem, and if your software is not a completely brand new idea, then add something to it that gives you a wedge. Let your investors know that you have a wedge, and once that wedge is in there, you can drive adoption from within by dint of your superior offering.
Slashdot Mirror
It was much less expensive when it was done by hand, but it doesn't scale.
Realistically, the devices probably run whatever was reasonably current when the actual device was designed and tested. They're not *trying* to run old shit, they just don't want to re-certify every time they make a change to the system. Certification with the .gov is expensive and time consuming, which I know from first hand experience, and medical certification is even worse.
On this board, it is important to us that people take IT security reasonably seriously. To medical equipment makers, that's second fiddle to being able to make a device that works at its primary task which can then make it through certification and eventually make back the cash they dumped into designing it and pushing it through the process.
Someone like the FDA is going to have to force them to care about malware protection, mostly because it is the FDA that is making it such a pain in the ass to get this stuff certified to begin with. They're the long pole in the tent, so unless the FDA cares about it, everything else is less than important.
Why do you blame the doctors for that?
It's not the doc's fault that the company will not support something if you screw with it. I mean, sure, they can invalidate the warranty, and then who is going to fix it when it breaks?
I'm guessing you don't work with this stuff very often or you'd know that you don't screw with something that invalidates your warranty on equipment that costs millions to replace. The doctors don't have a plethora of products to choose from where they can simply pick one that is a little more expensive, but has malware protection.
The actual problem is that the manufacturers for these devices are not in any way incentivized for securing their devices against malware attacks. Their device only needs to do what it's primary function is because there's no other serious competition. You can't go buy this shit at Walmart, you know. You get to pick product #1 which isn't protected from malware or product #2 which isn't protected from malware either.
Outlaw encrypted connections. No more SSL, no more legal VPN services, no more standardized, general encryption for connections. If you see anything you can't inspect the packets for at the telco without decryption, you order telecoms to dump those packets into the bit bucket at the router.
Only exception: if you want to do business with someone securely, you have to register with them so you can receive the appropriate key which only works from your identity to their servers. That key is available to the government, and might even be already on file so they don't even need to ask the business for it. Maybe it is the government that issues your private key. Your packets have your ID number in the header, and the routing can only happen between your registered key and the IP address(es) of the merchant site.
Not likely to happen in the US, but a place like China could force it. They already force all sorts of registration. If it was a real program, they'd have to phase it in or their economy flounders, but I think China is moving in that direction. They just need to re-write some protocols and get a few more capabilities.
All you need to do is tell them you're very interested, but you have to take care of something and you'll be right back. Then you put the phone on mute and leave it there for about 10 minutes and go about your business. They'll stick around as long as they can because you said you'd get back to them, and it will run up their call time, absolutely screwing their turnover rate. If they haven't hung up after 10 minutes, just pick up the phone and hang up when you get back to it.
Enough people who do that, and you'll hurt them considerably by making them waste cycles. Even relatively small inefficiencies can add up in a bulk business like that if they are repeated. You're keeping longer them from making the next call, which could be that sucker who really does pay them.
Of course, with the new recordings they are making, that changes things because they can make more calls, but an open line still is a resource that they are using from their end.
Obviously, if you get them to waste the time of humans by going through their script, it is more expensive and more worth it (and more entertaining), but then you are committing your own, much more valuable time to that, so scam baiting probably isn't actually a big issue for them. Most people don't have the time to do that.
Take a shit job or starve? I don't have to like talking to them, but I don't want them dead just because they want to put food on the table. It's not like the people in that call center are the ones who are getting rich.
I will grant you, I don't really know who responds to that shit these days, so I am not sure how anyone actually still has a job in many of these call centers. I don't even pick up calls I don't recognize any more and the second it sounds like it isn't someone I would want to talk to, I hang up. And I don't consider myself to have been particularly harassed either.
It seems like there have been more recordings than actual telemarketers these days when I do actually take a call. And that is really odd, because you can't even use pressure tactics on people by using a recording. It makes me wonder if these kinds of calls are actually dying out, rather than becoming more prevalent. I'm probably deluding myself, but it does feel like they're really trying to cut costs by removing humans from the loop, even if the message is not as effective.
I still blame the manufacturers of those devices for that. Not everyone is a router expert or even understands the risks of that device, and the makers of home routers and wi-fi devices are marketing to those people. The manufacturers should know the risks and make it easy to both know that there is a password to change, and to ensure that it gets changed without a stupid amount of effort or domain knowledge.
Or at the very least, they should set a different initial password on each that isn't trivial to hack. Even if the user never changes it, there should be a reasonable possibility that the initial password will not be cracked before the device breaks. But that would require the manufacturers to think of that and have a process to do that, and they just want to stamp out software images that all have the same password on it and leave it up to people who don't know any better.
With a concerted effort, it could be considerably hampered. There are patterns of behavior which are currently allowed which the so-called Dark Net takes advantage of to make that environment convenient enough for a relatively wide user base. If you shut down some of those allowed capabilities, or severely restrict them, the Dark Net would be considerably reduced.
There's nothing that could stop some form of underground network from existing, even if you disallowed encryption and inspected all packets. But you can do things to curtail it enough that you'd restrict commerce in that manner to some very specific players.
You'll never shut down highly skilled denizens, such as organized crime communications, but that one guy who just wants to order some weed from a Dark Net e-store may not have be able to do that.
Gee. if only the FBI put as much work into making sure automatic weapons don't get into the hands of criminals as much as they worried about telephones getting into the hands of criminals.
What makes you think that they don't use the same amount of effort? It seems like they've had about the same level of actual success, which is to say, very limited success.
Doesn't matter. The order might be vacated, but the decision that allowed it is still on the books. The order is vacated because it was no longer desired to be enforced. That didn't change the premise under which the order was granted.
You wouldn't. Which is why they outlaw all phones that don't comply and make it so that non-compliant phones can't access the network.
They withdrew their enforcement action of that one order. The order itself, never having been quashed, is thus considered to have stood, albeit it was never enforced. Only actual decisions are precedent, not cases that never made it to judgement.
There is still a decision on the books which gave them the order which would only be contradicted by another actual ruling, such as if they had had gone to judgement and lost on appeal. The fact that they decided not to continue to pursue enforcement doesn't mean they lost their case, and without a decision, there is no ruling to overturn the existing precedent.
That said, the precedent could just as easily be overturned by the next court to look at it, as it would have been by this court. So they're just stating that they are willing to try again because they weren't slapped down, it doesn't mean that they now have an ironclad case to challenge an appeal.
The case didn't complete the challenge, but at the same time, there was no ruling, so there is only one ruling at this time: the court order compelling Apple to cooperate.
So, they didn't actually win the war, but they do have a solid tactical victory under their belts that they could turn strategic under the right circumstances. They may have backed off their offensive this time, but they're still in possession of the battlefield and the territory behind it where they can launch an attack from in the future, at their leisure.
So, for some value of winning, they *have* won something, just not everything all at once.
Yes, but a Jew turned neo-Nazi seems like a very special kind of stupid.
Just saying.
I'm shocked! Shocked, I tell you!
If only there was some gambling in that browser, it would be so much better.
The implication you're making is that:
(a) they never needed to get into the phone because it was already broken; or
(b) they lied that they broke into it and are now still unable to get into the phone, but won't admit it.
Which pretty much requires them to be handing us a bold faced lie for no reason. The FBI could withdraw its request at any time without having to go to these lengths if they felt they would lose at the Supreme Court. And I don't see how public opinion or other corporations would be able to affect the Court appeal process. The appeals court judges and the justices are not, after all, elected. Presumably, the FBI would have opened the request weighing the chances of a Supreme Court appearance from the beginning.
I'm no fan of the government, but lying in this manner, while colluding with a third party corporation, and a foreign one at that, seems like it would be a huge risk when a much smaller lie would have sufficed. The FBI could have simply backed off and worked to let the matter drop without setting a negative precedent. Seems too convoluted.
I would have to work far too hard to distract her from her headphones and phone to get her attention to even try and ask.
Actually, I was referring to the person walking as paying attention to the phone, not the driver. I suppose that could be ambiguous in retrospect.
While I agree that most situations can be prevented by the driver being attentive, there are definitely situations where a pedestrian can come out of nowhere. I don't for a second believe that all pedestrians can be avoided simply by being attentive.
When you are on a road or a pedestrian on a public road/sidewalk there is always the expectation that both sides will be rational to some degree. I agree that most of the responsibility goes on a driver, for various reasons, but I just can't get behind throwing the book at a driver for having to deal with someone who is so oblivious to their own safety as to walk on a road while not watching what they are doing. And there are people like that out there.
What am I supposed to be skeptical of?
Their statement that they broke the phone and don't need the court order anymore? Why would they bother lying about that?
Oracle may or may not go out of business someday, but don't confuse them with SCO.
SCO was run by idiots and may have been a puppet of Microsoft. Larry may be an asshole, but Oracle is in a competely different league than SCO.
Keep your money and or give it to the poor. Google has lawyers on retainer for this.
If you want to show support, then by all means, send them a nice letter.
Did you expect them to state that they were going to be an IP troll in a public document?
That's kind of a Pyrrhic victory.
Yeah, Apple didn't have to help them.
But that's because Apple's phones were not secure.
That's why Sun was actually an investment worth making. They hope to make more off of lawsuits with Sun's IP than they paid for Sun.
Oracle's business model at this point is based off of extracting as much money out of existing customers and through lawsuits as possible. They reached the saturation point in the database market long ago.
You need to sell the problem that your product fixes.
A direct assault on performance is a hard sell. You can be 10x better, but if a customer is happy with what they have, they aren't going to budge. A lot of big companies are adverse to change. VCs would know that too. Companies have big investments into the products that they have already installed. And they have a lot of inertia as well. They're not always looking to upgrade, especially if there is nothing that more "quality" or "speed" gets them in their existing product.
What you need to do is not seek to replace what they have, you need to show them that your product is what they are *missing*.
For instance, no one is going to drop their paid off economy car simply to pay for a new economy car with more horsepower.
They *will* buy your sports styled car with the same engine and basic specs as your econo-box if it looks good and gets them laid.
Both cars can get you to work, but only my sports car is more likely to get you dates.
Pick some markets and think about how your product fixes a problem that they have. Does your product make it possible to make factories more productive? Can you increase bookings per quarter by improving lead generation and qualification speed?
If you target a specific market or two, you can dig deep into what they need and ensure your product can do something for them that their existing data management software does not. Even if you do something as silly as have compatibility with some other software specific to that market, you have a wedge into a place where your older and slower competitors can't interfere. And once you are in there, the company will feel more comfortable moving to your superior product for all its data management needs.
Solve the problem, and if your software is not a completely brand new idea, then add something to it that gives you a wedge. Let your investors know that you have a wedge, and once that wedge is in there, you can drive adoption from within by dint of your superior offering.