Conceptually: Each update has to be signed and encrypted. Each update includes updated revocation list signed by root CA.
If bios was legit, then it will have legit revocation list.
If bios was not legit, then it will have to a) include revocation list that has it identified as not legit b) include old list c) include forged list somehow signed by root CA. Old list would be the only problematic area, perhaps could be worked around by some third-party trusted time verification mechanism.
It takes more than that. You also have to compartmentalize your real and assumed identities so your friends and acquaintances who do not value your privacy do not link them for you.
I find facebook's "is this really X's real name" queries to your social contacts especially dangerous.
I am not sure about underlying physical law of these "braids", but can this effect be harnessed to produce energy? We do have technology to produce strong magnetic fields.
>>>Fingerprint scanners are vulnerable to replay attacks.
You are not doing it right if you are storing or transmitting your biometric data in the clear. If not - then you treat biometrics just like any cryptographic key and there are well-known measures you can take within your encryption algorithm against replay.
Isolated SCADA? When? If you refer to Iranian nuclear program, they weren't properly isolated. They just weren't connect to the internet so USB was used as a vector.
OS is a no-go here mostly due to liability concerns and approval process. Medical Devices cost so much not because they are complicated technology (some of them are) but because when they explode, maim someone and give your uncle cancer there is a manufacturer and insurance to go after. You can design OS that is 100 times better than industry standard and it still won't be used because of the above.
AV and OS vulnerabilities is not top security concern. Something like letting unauthenticated user copy entire patient database that for some reason was stored on the device is much bigger threat.
Protecting all terminals is not a very effective strategy for preventing large data breaches. While undeniably required step, it isn't firth thing you do, and it isn't most important thing you do.
For example: Not storing session data locally would be the first step in securing this mess. Preventing access to any kind of stored data without authentication would be second step.
Source? I couldn't find anything about it on DHS website.
All DHS hate aside, this is much needed change. We have FIPS and it made our crypto much stronger. We have other standards and procurement requirements (CC, PCI, etc) that made inroads on making sure vendors at least consider security. It is about time the same applied to medical devices.
Why DHS, NIAP or NIST would be more appropriate agency to handle this.
First, there are free alternatives out there, like Coursera, that offer the same thing.
Second, consumer sees value in credentials, not education. Kinds of people that tend to value knowledge are more than capable of gaining it on their own. Kinds of people that would pay for education are only interested in acquiring credentials.
While I worked in academia I dealt with both R and matlab. Matlab is more mature, but it isn't free. Most of the code that get passed to you by others is an unreadable amateur code written in matlab. Most other academics wouldn't know how to run anything but matlab. Some advanced stats cannot be easily done in R, unless you want to write it from scratch (good luck with that).
Overall - if you write your own code and don't expect to do anything else with it, R is fine. If you want to work with others, especially crusty non-CS PhDs - matlab is the only way to go.
Chernobyl wasn't a catastrophic failure, it was operating reactor well outside of the design parameters with all safety and auto-shut down procedures disabled.
What happened is that two tests - turbine vibrations and something else that had to do with cooling system were run concurrently, without considering implications. Safety system kicked in and proceeded to shut down whole thing. Junior techs that were on site decided they would chance disabling safety systems to try to keep reactor from going cold. Unfortunately whole system malfunctioned in "full open". Ironically, they did succeed at restarting reactor but now had no way to control it and watched whole thing melt over next couple hours. It wasn't sudden and wasn't catastrophic failure - in a sense that system didn't fail on its own.
Chernobyl reactor that blew up was one of 4 built with that design at that site. By modern standards it is considered unsafe, but even with that remaining 3 operated will into 2000s. I think one is still operational.
Not Chernobyl hysteria again. Different reactor design, plus in Chernobyl's case safety mechanisms and fallbacks were intentionally disabled in attempt to prevent safety shutdown. They succeeded in overriding safety shutdown and melted whole thing.
In case of Japanese disaster - yes, they had time to react.They probably had enough time to had it fly from US, had something like that was available.
It won't - not enough power from solar cell even if you convert 100% of your surface area in a perfect light. Napkin calculation tells me it would take 48 sunlight to recharge your typical smartphone battery in ideal circumstances.
Not to generalize or detract from the spirit of your message, but reading your post lead me to believe that the diagnosis may be accurate in your case.
Research shows that long-term even blind and quadriplegic people report average happiness. If we extrapolate these findings to your facebook predicament -it is likely that in the long run you will adapt to having your mother as the only facebook friend and will return to average happiness.
Do you think you could produce high-output crop yields without chemical fertilizers? I know nothing about farming, so this is honest question.
I think calculation for maximum energy output would be similar to electric panel efficiency - at this point fundamentals are the same, you are gathering and storing sunlight energy. Napkin calculation tells me that yes, hypothetically it should be possible to extract energy from this process.
Slashdot Mirror
Conceptually: Each update has to be signed and encrypted. Each update includes updated revocation list signed by root CA.
If bios was legit, then it will have legit revocation list.
If bios was not legit, then it will have to a) include revocation list that has it identified as not legit b) include old list c) include forged list somehow signed by root CA. Old list would be the only problematic area, perhaps could be worked around by some third-party trusted time verification mechanism.
>>>The problem with that is however that secure boot is broken as soon as a single OS maker/distro gets compromised.
Key revocation and revocation lists is well-understood concept in PKI. Are you saying similar approach won't be used here?
About the only (minor) problem is to make sure CRL is up to date.
>>>Not only is most of a Lexus Toyota, Lexus is 100% Toyota
Can someone explain this with a car analogy?
It takes more than that. You also have to compartmentalize your real and assumed identities so your friends and acquaintances who do not value your privacy do not link them for you.
I find facebook's "is this really X's real name" queries to your social contacts especially dangerous.
>>>I deal with the goddamn customers! And if you don't like it, you can program goddamn login page yourself!
Finally, a reliable way to get your junk fondled without having to pay for it!
I am not sure about underlying physical law of these "braids", but can this effect be harnessed to produce energy? We do have technology to produce strong magnetic fields.
>>>Fingerprint scanners are vulnerable to replay attacks.
You are not doing it right if you are storing or transmitting your biometric data in the clear. If not - then you treat biometrics just like any cryptographic key and there are well-known measures you can take within your encryption algorithm against replay.
Isolated SCADA? When? If you refer to Iranian nuclear program, they weren't properly isolated. They just weren't connect to the internet so USB was used as a vector.
OS is a no-go here mostly due to liability concerns and approval process. Medical Devices cost so much not because they are complicated technology (some of them are) but because when they explode, maim someone and give your uncle cancer there is a manufacturer and insurance to go after. You can design OS that is 100 times better than industry standard and it still won't be used because of the above.
AV and OS vulnerabilities is not top security concern. Something like letting unauthenticated user copy entire patient database that for some reason was stored on the device is much bigger threat.
Protecting all terminals is not a very effective strategy for preventing large data breaches. While undeniably required step, it isn't firth thing you do, and it isn't most important thing you do.
For example: Not storing session data locally would be the first step in securing this mess. Preventing access to any kind of stored data without authentication would be second step.
Source? I couldn't find anything about it on DHS website.
All DHS hate aside, this is much needed change. We have FIPS and it made our crypto much stronger. We have other standards and procurement requirements (CC, PCI, etc) that made inroads on making sure vendors at least consider security. It is about time the same applied to medical devices.
Why DHS, NIAP or NIST would be more appropriate agency to handle this.
Few problems with paid courses approach.
First, there are free alternatives out there, like Coursera, that offer the same thing.
Second, consumer sees value in credentials, not education. Kinds of people that tend to value knowledge are more than capable of gaining it on their own. Kinds of people that would pay for education are only interested in acquiring credentials.
Dear Facebook Friend,
Naturally, you will be amply rewarded for your assistance by retaining a percentage of the funds transferred....
While I worked in academia I dealt with both R and matlab. Matlab is more mature, but it isn't free. Most of the code that get passed to you by others is an unreadable amateur code written in matlab. Most other academics wouldn't know how to run anything but matlab. Some advanced stats cannot be easily done in R, unless you want to write it from scratch (good luck with that).
Overall - if you write your own code and don't expect to do anything else with it, R is fine. If you want to work with others, especially crusty non-CS PhDs - matlab is the only way to go.
Matlab. If you planning to go into science (not CS, actual science) ability to code in Matlab will put you head above any of your peers.
Chernobyl wasn't a catastrophic failure, it was operating reactor well outside of the design parameters with all safety and auto-shut down procedures disabled.
What happened is that two tests - turbine vibrations and something else that had to do with cooling system were run concurrently, without considering implications. Safety system kicked in and proceeded to shut down whole thing. Junior techs that were on site decided they would chance disabling safety systems to try to keep reactor from going cold. Unfortunately whole system malfunctioned in "full open". Ironically, they did succeed at restarting reactor but now had no way to control it and watched whole thing melt over next couple hours. It wasn't sudden and wasn't catastrophic failure - in a sense that system didn't fail on its own.
Chernobyl reactor that blew up was one of 4 built with that design at that site. By modern standards it is considered unsafe, but even with that remaining 3 operated will into 2000s. I think one is still operational.
Not Chernobyl hysteria again. Different reactor design, plus in Chernobyl's case safety mechanisms and fallbacks were intentionally disabled in attempt to prevent safety shutdown. They succeeded in overriding safety shutdown and melted whole thing.
In case of Japanese disaster - yes, they had time to react.They probably had enough time to had it fly from US, had something like that was available.
It won't - not enough power from solar cell even if you convert 100% of your surface area in a perfect light. Napkin calculation tells me it would take 48 sunlight to recharge your typical smartphone battery in ideal circumstances.
Not to generalize or detract from the spirit of your message, but reading your post lead me to believe that the diagnosis may be accurate in your case.
Research shows that long-term even blind and quadriplegic people report average happiness. If we extrapolate these findings to your facebook predicament -it is likely that in the long run you will adapt to having your mother as the only facebook friend and will return to average happiness.
Clearly, the main problem was the post above you was that the poster was multi-tabbig his media.
Is IANAP a consequence of turning IANAL into IAAL?
Slashdot is my only bookmark and the only website I visit, and as a result it is the only type of media I consume and there is no reason to multitask.
Am I finally ready for happiness?
Do you think you could produce high-output crop yields without chemical fertilizers? I know nothing about farming, so this is honest question.
I think calculation for maximum energy output would be similar to electric panel efficiency - at this point fundamentals are the same, you are gathering and storing sunlight energy. Napkin calculation tells me that yes, hypothetically it should be possible to extract energy from this process.