Maybe not everywhere, but there are clear examples of locations where beach front property no longer warrants the premium it once had, especially on storm-facing frontages.
There is a big difference between a $100 and a EU500 bill-- roughly a factor of four. $80-200 transactions in the US are fairly common, and it is not especially uncommon to have a nearly $100 transaction that must be made in cash. A banded stack of $100's is only $10,000. While 5-6 might make up the median income, it really isn't that much money.
I remember traveling with dreadlocks and the like, living on $15/day. I still had 4-5 $100 bills hidden away for when things went wrong. Doing it with $20's would be a total pain.
Oh well... A single 1-oz gold coin is fairly readily exchangeable for $1,200, making $1MM only weigh about 50 lbs.
1) Not true on iPhone in question. 2) If Apple didn't think the secure enclave could be abused in a similar way if they were complicit in an attempt, this issue would not be a big deal. 3) Apple was willing to cooperate on a sealed compliance basis; the FBI wants to set legal precedent by using this "easy" case to force Apple into service, and therefore every future company whenever it is needed.
There are actually some cases where OP is correct; a certifiable product may be less safe than a non-certifiable product given different design priorities.
That said, the same OP's issue is true of every trade organization or "independent" third party. Good luck getting ASHRAE, IEEE, GSM, or any other standards body information freely. If you want a certification, you are stuck paying for it, be it LEED, Uptime Institute, NCEES, or whatever. It was only recently that municipalities had to make building codes available freely online.
With the LTE phones that isn't the case anywhere I am aware of. Thre are many countries with incompatible 3G frequencies and standards, but that is a different issue.
The TLS implementations on our phones aren't that secure, made worse by the fact that we use TFTP server for configuration. Yes, adding in TLS isn't that hard, nor is switching to https configuration server, not really is 802.1x. There were some bugs in Asterisk that made this setup less reliable when we deployed our system, and the real issue there was working around everything to get the system working properly.
We are still small enough that these decisions were reasonable for a 5-7 year horizon, but we are starting to push that threshold as we get to the end of that range. If it wasn't a pain for troubleshooting, I would disable the web interface, and I might break down and do this soon.
Doesn't really matter; if you can sniff any traffic you can usually get the SIP authentication credentials. You can use SIPS instead, but it has issues. You can also use encryption just for the session management and keep the audio unencrypted, which will prevent spoofing credentials but not eavesdropping.
Once you have the information it is just a challenge of proxying the information out.
Pretty much. We looked at the cost and challenges for encrypting SIP communications on our local LAN, and it just wasn't worth the hassle. We will segregate the phones onto a separate VLAN, but the value is limited; SIP deployments really aren't focused on security yet.
We control the financial aspect by carrier-enforced rules which prevent toll calls. Much more effective. (We do have a way to make calling card calls through our Asterisk system that is sufficiently locked down and only has $100 or so at risk.)
Honest question... Why would you want a Wireless Router period today? Wired router plus access point(s) seems to work much better than the wireless router hidden away from an interference perspective.
I will admit to being pretty happy with my Asus routers, but between interference with other equipment, range limitations, and a few other issues, I am planning on moving my Mom to a Ubiquity edge router with two access points for her condo, and a similar arrangement for my home. (I have already separated the PicoCell and Sonos bridge from the router, and put the Asus router on a top shelf of the bookcase to make things almost work.
Well said. Also, a lot of the people doing this themselves don't want the network person involved-- they don't want to tell anyone else the password... you know, so it is secure. We are guilty of having one of the Costco Lorex Specials that is also likely vulnerable. I have meant to do a firewall black hole on these but haven't gotten around to it yet. I can see the firewall is blocking traffic from it already, but I don't have everything locked down yet...
Those pesky port 443 remote access keep-Alice's can be a pain to deal with.
When you need to replace a $Million machine because the system you have only works with XP, you have a very difficult starting point. When doctors demand remote access to these systems, things get nearly impossible very quickly.
You really need a system designed from the ground up around security rather than Medicare billing codes.
In California (not sure about the rest of the country), you cannot perform a background check on someone until their first day of work, and you can only discriminate based on offenses that would be relevant to the job. It isn't perfect, but it at least provides a fairly high barrier.
Not sure what kind of cubes you guys have, but for us (similar size space, 8x7' workstations), a single Ubiquity AC-Lite access point in the center of the office easily covers everything... with measurements taken on the floor in corners, and the access point on 5GHz only.
Of course we have three to be able to reduce power on each and improve throughput, but not for coverage.
Was walking in an old city I had never been to before with wife (she lived there many years), and she was perplexed when I said she was going the wrong way. How do you know she asks... Just look town: single stone path for local paths, two stones for local roads, three for major roads, four for arteries into the city core, and five for the main street.
Yes. In the course of a day, mains power where I used to live would range from 100V to 300V. You get the prolonged over voltages when a large load drops off, either a circuit breaker trip, or something more random. Modern voltage regulators prevent this, but legacy units will operate for a few minutes at 30-50% over voltage.
Even with modern voltage regulators, when the load is random they are often programmed pretty loosely. 3rd world load creates 3rd world grids.
Persistent over/under voltage was always my challenge traveling. A surge protective device doesn't do anything when power is running at 300V for a few seconds. The old MOVs, without proper fusing, would always pop and start smoking, which was a sign to trip the main breaker before everything got fried.
For truly sensitive electronics we always used commodity 12V chargers tied to a big battery bank with individual inverters for each piece of equipment. We might have had a custom filter to deal with ripple current off the chargers, too long ago to remember the details. The chargers lasted 2-3 months on average, but were easy to replace. Normal dual-conversion UPSs would barely last 3-4 months and were much harder to find and more expensive.
For today, I would have two laptop power supplies and an extra battery, and only charge from USB. The bigger USB power supplies are pretty robust, worth carrying extras.
Not always true. In a perfect world, modding helps manage and focus the discussion. Disagreeing is a valid mod when the statement being made is not contributing to the discussion. I generally go for overrated in these cases, since it doesn't impact karma; it serves a purpose.
I would argue that not posting anything when you don't really have something worthwhile to say is more valuable: moderate thyself first.
My hope for Slashdot: provide more content that fosters strong discussion in a variety of topics that are relevant to today's nerds. Try to keep editorial agendas to a minimum, and keep the useless kruft from being forced on everyone.
The thing is, when they have to upgrade, now a different direction could very well make sense. Virtualizing and Remote Desktop solutions come in high on that list.
Slashdot Mirror
Maybe not everywhere, but there are clear examples of locations where beach front property no longer warrants the premium it once had, especially on storm-facing frontages.
There is a big difference between a $100 and a EU500 bill-- roughly a factor of four. $80-200 transactions in the US are fairly common, and it is not especially uncommon to have a nearly $100 transaction that must be made in cash. A banded stack of $100's is only $10,000. While 5-6 might make up the median income, it really isn't that much money.
I remember traveling with dreadlocks and the like, living on $15/day. I still had 4-5 $100 bills hidden away for when things went wrong. Doing it with $20's would be a total pain.
Oh well... A single 1-oz gold coin is fairly readily exchangeable for $1,200, making $1MM only weigh about 50 lbs.
Honest question though-- can extended validation be spoofed by MITM?
Ultimately you have to trust someone-- if not the wifi then your VPN provider.
1) Not true on iPhone in question.
2) If Apple didn't think the secure enclave could be abused in a similar way if they were complicit in an attempt, this issue would not be a big deal.
3) Apple was willing to cooperate on a sealed compliance basis; the FBI wants to set legal precedent by using this "easy" case to force Apple into service, and therefore every future company whenever it is needed.
There are actually some cases where OP is correct; a certifiable product may be less safe than a non-certifiable product given different design priorities.
That said, the same OP's issue is true of every trade organization or "independent" third party. Good luck getting ASHRAE, IEEE, GSM, or any other standards body information freely. If you want a certification, you are stuck paying for it, be it LEED, Uptime Institute, NCEES, or whatever. It was only recently that municipalities had to make building codes available freely online.
With the LTE phones that isn't the case anywhere I am aware of. Thre are many countries with incompatible 3G frequencies and standards, but that is a different issue.
The TLS implementations on our phones aren't that secure, made worse by the fact that we use TFTP server for configuration. Yes, adding in TLS isn't that hard, nor is switching to https configuration server, not really is 802.1x. There were some bugs in Asterisk that made this setup less reliable when we deployed our system, and the real issue there was working around everything to get the system working properly.
We are still small enough that these decisions were reasonable for a 5-7 year horizon, but we are starting to push that threshold as we get to the end of that range. If it wasn't a pain for troubleshooting, I would disable the web interface, and I might break down and do this soon.
Doesn't really matter; if you can sniff any traffic you can usually get the SIP authentication credentials. You can use SIPS instead, but it has issues. You can also use encryption just for the session management and keep the audio unencrypted, which will prevent spoofing credentials but not eavesdropping.
Once you have the information it is just a challenge of proxying the information out.
Pretty much. We looked at the cost and challenges for encrypting SIP communications on our local LAN, and it just wasn't worth the hassle. We will segregate the phones onto a separate VLAN, but the value is limited; SIP deployments really aren't focused on security yet.
We control the financial aspect by carrier-enforced rules which prevent toll calls. Much more effective. (We do have a way to make calling card calls through our Asterisk system that is sufficiently locked down and only has $100 or so at risk.)
Why wouldn't the back doors be in silicon?
Honest question... Why would you want a Wireless Router period today? Wired router plus access point(s) seems to work much better than the wireless router hidden away from an interference perspective.
I will admit to being pretty happy with my Asus routers, but between interference with other equipment, range limitations, and a few other issues, I am planning on moving my Mom to a Ubiquity edge router with two access points for her condo, and a similar arrangement for my home. (I have already separated the PicoCell and Sonos bridge from the router, and put the Asus router on a top shelf of the bookcase to make things almost work.
Unfortunately, that is only $8k per bed, or likely around $800/employee. Hell, it is really only two FTEs for the next 5 years...
A grossly flawed system is much more expensive to fix than that. Maybe they could afford a backup system that is resistant to bitlocker though...
Damn auto correct... Not Alice's... alives!!
Well said. Also, a lot of the people doing this themselves don't want the network person involved-- they don't want to tell anyone else the password... you know, so it is secure. We are guilty of having one of the Costco Lorex Specials that is also likely vulnerable. I have meant to do a firewall black hole on these but haven't gotten around to it yet. I can see the firewall is blocking traffic from it already, but I don't have everything locked down yet...
Those pesky port 443 remote access keep-Alice's can be a pain to deal with.
Just the network side could take weeks to validate. How do you check firmware on workstations? How do you check all of the connected devices?
It takes an insane amount of manpower, and logistically you might be better off just replacing everything.
I think one of the problems is the medical equipment vendors, but they haven't been squeezed enough yet to make their systems secure....
When you need to replace a $Million machine because the system you have only works with XP, you have a very difficult starting point. When doctors demand remote access to these systems, things get nearly impossible very quickly.
You really need a system designed from the ground up around security rather than Medicare billing codes.
In California (not sure about the rest of the country), you cannot perform a background check on someone until their first day of work, and you can only discriminate based on offenses that would be relevant to the job. It isn't perfect, but it at least provides a fairly high barrier.
Not sure what kind of cubes you guys have, but for us (similar size space, 8x7' workstations), a single Ubiquity AC-Lite access point in the center of the office easily covers everything... with measurements taken on the floor in corners, and the access point on 5GHz only.
Of course we have three to be able to reduce power on each and improve throughput, but not for coverage.
Was walking in an old city I had never been to before with wife (she lived there many years), and she was perplexed when I said she was going the wrong way. How do you know she asks... Just look town: single stone path for local paths, two stones for local roads, three for major roads, four for arteries into the city core, and five for the main street.
(Thanks, Mr. Klein-- 10th grade history!)
BeagleBone Black was similarly sold out for several months, it is the nature of the beast.
Yes. In the course of a day, mains power where I used to live would range from 100V to 300V. You get the prolonged over voltages when a large load drops off, either a circuit breaker trip, or something more random. Modern voltage regulators prevent this, but legacy units will operate for a few minutes at 30-50% over voltage.
Even with modern voltage regulators, when the load is random they are often programmed pretty loosely. 3rd world load creates 3rd world grids.
Persistent over/under voltage was always my challenge traveling. A surge protective device doesn't do anything when power is running at 300V for a few seconds. The old MOVs, without proper fusing, would always pop and start smoking, which was a sign to trip the main breaker before everything got fried.
For truly sensitive electronics we always used commodity 12V chargers tied to a big battery bank with individual inverters for each piece of equipment. We might have had a custom filter to deal with ripple current off the chargers, too long ago to remember the details. The chargers lasted 2-3 months on average, but were easy to replace. Normal dual-conversion UPSs would barely last 3-4 months and were much harder to find and more expensive.
For today, I would have two laptop power supplies and an extra battery, and only charge from USB. The bigger USB power supplies are pretty robust, worth carrying extras.
Not always true. In a perfect world, modding helps manage and focus the discussion. Disagreeing is a valid mod when the statement being made is not contributing to the discussion. I generally go for overrated in these cases, since it doesn't impact karma; it serves a purpose.
I would argue that not posting anything when you don't really have something worthwhile to say is more valuable: moderate thyself first.
My hope for Slashdot: provide more content that fosters strong discussion in a variety of topics that are relevant to today's nerds. Try to keep editorial agendas to a minimum, and keep the useless kruft from being forced on everyone.
The thing is, when they have to upgrade, now a different direction could very well make sense. Virtualizing and Remote Desktop solutions come in high on that list.
Critical mass. Now they can screw over the other manufacturers without repercussion. The others are trapped without Android.