You're not in IT are you? Nobody serious about cracking an iPhone taps the code in. They image the flash chips and run the code breaking in a script.
While that would give you lots of time to work on the encrypted drive contents, that's not to work for brute forcing the 4 digit pass code though. At least not that simply.
You might be able to break open the iphone and do some "rewiring" so as to be able to run against the unlock code using the iphone hardware, using your own custom software, but its going to be a lot more work than simply imaging the contents of the flash memory chips.
1) Why are you putting quotes around 'with my permission'... what you're describing is exactly with your permission.
Because the letter I authorized based on their description of the service, and the letter that was actually sent (details buried in fine print, or perhaps not disclosed at all?) bear very little resemblance.
For example, if I order flowers to be delivered to my grandmother, and there's a box that says "include courtesy call to coordinate delivery" and I tick it, with this vision of you calling dear grams and confirming she'd be home that afternoon to receive them in person.
But instead you use that courtesy call, yes to schedule a delivery but while on the phone upsell grandma on a more expensive courier if she wants them before next week, and then press her to pay a service fee to send me a thank you card too, then pumping her for the contact information of her friends for telemarketing calls... well... that's not exactly what I thought I was authorizing is it.
And that's closer to what amazon's service is. Its not a little... hey X bought a new bbq.... why don't get to gether and have a grill night! Have a great weekend from Amazon!"
Its more like "hey X bought a new bbq. Its so shiny, and has 3 burners, and stainless steel lining and 2 year warrnaty. Its got 5 stars on amazon... would you like to buy one now too?? Would you? Click here now!!"
2) How does the retailer have your grandma's postal address?
Don't know. Don't care. Maybe its a small enough town.
I suggested that *competent* criminals would use good encryption
Yeah, but what does that mean? "competent criminals". Does a criminal have to be both competent at their usual actual criminal enterprises AND have a cross disciplinary expertise in strong crypto alongside that; just to be counted as a "competent criminal"? Because if so, fine, but then the vast majority of criminals, even the really successful ones, aren't going to pass that bar. And it would be pretty misleading to call them "incompetent".
and it is a specious claim that an ability for law-enforcement to decrypt communications as needed would actually significantly increase the number of criminals that they would catch.
No argument there. I never suggested once that it would do that.
I believe that it IS automatically ineffective. The government has yet to [..]
I totally agree. But that's a difference nuance for "ineffective". I am saying it will effectively give them a backdoor into (most) criminals devices. I agree completely with you that having one won't necessarily directly help them stop any crimes.
At best it might make prosecution a bit easier, and cut the cost of surveillance down on a legitimate target. But the cost of actual working security isn't worth that.
Is it legit if you hand write a letter to your grandma about your purchase, but spam if you use a pre-printed letter that came in the box, and you fill in a few blanks before mailing it to grandma?
What if the retailer, at the time of sale, simply says "mind if we tell your grandma"? If the answer is "no", then she fills out the letter, including the blanks, and even mails it for you?
One difference that immediately springs to the forefront is that in the former scenarios *I* clearly mailed the letter. I filled out the form, I dropped it in the outgoing mail box.
In the latter the retailer sent it, at best, 'with my permission'.
Your third paragraph is really about a whole separate issue of backdoors; that it gives malicious entities a new attack point... the backdoor itself.
This is true and a good point to make; and I don't dispute it at all.
But it doesn't really address the fact that the backdoors really will affect the majority of criminals TOO which you glossed over implying that criminals would all be using good encryption. That simply wouldn't happen.
Two things: First, US law doesn't extend to other nations... so making encryption illegal here won't stop it from happening anywhere else.
So? A backdoored device is still backdoored even if its used where its not mandatory. And if enough important countries require them, then it'll affect the rest too. Because: economics.
Bank fraud and ransom are already illegal in the US... does that stop Russian hackers? Nope. Chinese hackers? Nope.
Relevance? I never argued that backdoors would reduce crime.
Second, go read up on Watergate,
Hold up!
I am NOT for the government to have this capability, I'm simply explaining why giving it to them isn't as automatically "ineffective" as some people think. If the government has backdoors, it REALLY WILL let them into most criminals and terrorists phones (along with everyone elses). I'm definitely not saying that makes it a good thing, nor even that its justifiable, or even that it will make us safer. I don't think any of that.
. People keep saying "but warrants" and I keep saying... warrants must be read and obeyed by people... there isn't some technical interlock that ACTUALLY prevents a law enforcement tech from using the back door... just look to newly coined terms like "loveint" to better understand the fallacy of trusting regular people with such power.
The reason this is NOT actually a problem is that the majority of people (including the "really bad guys") suck at security. Period.
So they won't go ahead install and use strong security properly.
Especially when it becomes exceedingly hard. (Its not just by default on their phone, Its not even just an app in the app store.) So they have root their phones, and side-load stuff, and the stuff they choose to side load has to be selected, installed, configured, and USED properly to actually get them real security.
Yes, some SMALL portion will be sophisticated and do it all. But they can still catch most of what they want. And the small portion they can't monitor just painted a target on themselves; and they don't even have to be caught doing a crime now... just being caught using "rooted phones with illegal encryption software" will itself be a crime.
So while you gnash your teeth and say "it'll never work because then only criminals will have strong encryption" if you think about it a bit harder you'll realize that :
a) no, most of them won't. because most criminals, and most terrorists are just your usual run of the mill idiot, and not comic book super villains.
and b) the ones that are sophisticated enough on the IT side can be prosecuted for that by itself under such a regime; merely for possession of a device that isn't properly government back-doored.
.though it didn't have to "hear" the questions, getting them fed in scanned form whilst meat-based contestants had to be read them aloud.
1) The vast majority jeopardy clues are 'revealed' immediately; then the host reads them out. The modern show requires the contestants wait for the host to finish reading them before they can hit the button. (And they even have indicators on their consoles to indicate when they are allowed to answer. Earlier in the series contestants were able to buzz in while the clue was still being read, but that was removed to make it more viewer friendly.
2) 1) The Watson challenge had slightly modified rules. Watch the documentary. Or read about that specific match for more details.
A jury is relatively easily convinced that someone stole your credit card and used its chip for an unauthorized transaction. That same uneducated jury is also easily convinced (by the other party) that if the correct PIN was used, you must have been present/authorized the transaction
Please cite a case that actually went to a jury where the jury was so convinced. Seriously. Because otherwise its a neat theory but with no basis in reality. And it doesn't line up with anything I've seen or experienced. And I say this as someone not just as a consumer, but as IT for businesses with dozens of retail locations, so I see it from the vender side as well.
despite the fact that a 4 decimal digit PIN is astonishingly weak and easy to guess by any modern security standard, nevermind the possibility of an over-the-shoulder attack observing you entering it.
a) If you have a 4 digit pin, it should be pretty easy to convince this hypothetical jury that it could be easily lifted from you over the shoulder... hell you could demonstrate it in court.
b) Canada has chip and pin.. the maximum pin length here is 12 digits, which is well beyond the average human beings ability to memorize over the shoulder in one shot. EVERYWHERE in Canada is fine with 12 digit pins; and I've been using a 12 digit pin for over a decade. When travelling to Europe etc I change it to a shorter one still, because i don't know whether ATMs and terminals there support the longer ones, and I play it safe... but the point is chip and pin tech is not limited to 4, and Canada at least has it enabled to 12. No reason other countries can't follow suit, if they haven't already.
Search around, you'll find that chip+PIN transactions are de-facto elimination of consumer protections against fraud.
I did. I see arguments for both sides. But the overwhemingly clear picture to me is that fraud is reduced substantially; but yes there have been documented cases of fraud, where the victims are having a hard time getting refunds. But they seem predominantly alarmist (biased), and don't talk about signature fraud rates by comparison either. Not to mention customer perpeptrated fraud.
Meanwhile, the alternative the US uses, signatures, are increasingly available via digitized pen terminals; and the awkwardness to use and the resolution on those are so shit that a forgery of the average persons signature could not be detected. The only chance is if the theif writes out your whole name when you only use initials or some other mistake that grossly large.
Chip and pin isn't perfect, and 4 digits is much to low a limit to set for an implementation. But rejecting chip and pin in favor of what's in place now? That's like arguing against seatbelts because they can trap you in a car (on fire, sinking,...)
Its true. That IS going to happen sometimes. But the net benefit to society is pretty well established.
Any subcategory you create to classify those two stories differently is phony.
The subcategory that separate them is:
one considers the raminfications of the technology on society as a key part of the story; as a key theme; that's hard sf.
one doesn't. the science fiction is just window dressing.
If you can replace planets with islands, star ships with boats, and light sabres with metal ones and tell the same story then its not hard sf.
The star trek episode where they've abstracted war to the point that the sims run, and people walk into suicide booths is hard SF. You can't remove the technology from that story. The de-personalisation of the conflict is a crucial point, the notion of a such a clean war and the extrapolation from the premise to the idea that such a war would never end, because it wasn't disruptive enough to the societies engaged in it... its not incidental to the plot -- its a primary theme.
Not all star trek is hard sf though; lots of it is no different than star wars. Not that star wars is bad. But hard sf and space fantasy are very different things.
If enough users enable Tor, Facebook will be able to map Tor circuits in real time,
This aspect sounds potentially bad enough that it would undermine tor for all users, not just facebook users.
If so, it seems like the tor network needs to blacklist connecting to facebook from exit nodes.
the operator of your local network won't know that you are visiting Facebook (unless your DNS is misconfigured)
Yeah, I can't see why this would even be a feature needed, unless to dodge facebook blocks while using the corporate network at work... and if so WTF... if the company is blocking facebook using tor to dodge it is grounds for dismissal...
Every single one of those exploits is mitigated by whitelisting the incoming ip blocks authorized to connect.
The ip block restriction, means the port 32764 is only vulnerable from the whitelisted ip address. Heartbleed/FREAK/etc doesn't work if you can't connect.
You are right of course, that unknown flaws in the device and security software do present an attack surface. But a few layers of real security are a reasonable defense. No security can't be broken, but even a wooden door with a residential lock is a huge obstacle relative to a literal hole in the wall.
We're talking about these systems being mostly completely wide open, protected by nothing more than a default password in too many cases, if that.
If we were dealing with systems that were secured; whitelisted ip blocks, knock and callback connection protocols, proper certificate security, etc. Sure they could still be vulnerable to flaws known or as yet unknown, and that'd be an important conversation too... but it would be a very different conversation.
A stock linksys router with one port forwarding to a SCADA system seems to be the bar right now. We need to raise that bar quite bit before we need to start worrying about firewall firmware flaws:(
But maybe you could possibly, at higher cost, make do with it not on the net. Maybe that should be considered.
It definitely should be considered. But for a lot of stuff, I think a properly setup VPN tunnelled over the internet to a monitoring station is pretty reasonable. Not perfect, and not for everything, but "for a lot of stuff".
I'd like to see the telcos step up and offer disjoint networks as a mainstream service. Where they'll dedicate a DSL line or whatever to a block of space that's only routable to a few other subnets all allocated to your own sites, and then let businesses (utilities, governments, etc) subscribe. So that you can connect remote locations fairly easily, without them being on the capital-I Internet at all. We used to do this sort of thing with dialup before the internet. We need to bring the concept back.
That they are connected to the internet makes perfect sense for a lot of reasons.
That they are connected to the internet and reachable directly, and publicly on the other hand is total spectacular fail.
They should be behind firewalls, that only allow connections in from authorized remote monitoring ip blocks, over encrypted connections presenting the right certificates.
But the usual; is to just do the minimum possible so that its functional. Security simply isn't even a consideration that goes into these things.
Just because you want to pay for it doesn't mean you can.
Whether you want to pay for it or not, you WILL. The price if not paid, results in crumbling infrastructure, and taken to extremes the eventual collapse of the society, mass death and starvation, etc, until balance is restored.
Is that your "plan"?
The rest of us think that improving the efficiency of healthcare costs etc, can bring the cost down to what a country can afford, even without rapid population growth.
here is no infinite money
Nobody says there is. That's a separate problem though; and if we take what money we do have and use it efficiently we can do a lot more healthcare for a lot less money. Are we still going to have to make the hard call that grandma over 75 doesn't get $X million dollars of risky surgery to give her an extra 2 years if we're lucky... yes of course. But we can at least make her comfortable with the time she has.
It's a pyramid scheme. It will end.
It has already ended. And now we're racing headlong into the crunch. What's your solution? Yell I've got mine, and then put your head in the sand and hope the have-nots just go away and die quietly? That never happens.
Linux is just not very good for games. Windows has much better technology when it comes to computer graphics
Linux is weaker because its a *relatively* unpredictable platform to target by comparison to windows, and crucial driver performance optimizations lag behind, or simply aren't done by the vendors; due to the relative demand/marketshare and that fact that companies have limited resources..
this is why the xbox is based on windows technology
That's mostly because the xbox is made by microsoft.
and not free hand-me-down college project stuff.
PS4 Orbis is based on FreeBSD. (Remember what the B in BSD stands for? Hint... think 'names of colleges'.)
I agree with your overview of the politics but... this is off the rails:
If you vote republican and accept Medicare and social security you are a hypocrite.
How so?
Is one expected not to live in the country or use the services that one is paying for? I mean, if I vote against installing a sauna in my strata, but the majority vote carries it, am I now a hypocrite if I USE the sauna that gets built and that I am now helping to pay for?
Furthermore the connection between voting republican and medicare is pretty tenuous. There's lot of reasons to vote for a party, and its a complicated decision. There's lots of people who vote for republicans and simultaneously disagree with major parts of the republican platform. Perhaps they disagree with major parts of the democrat platform too, and that takes priority, or perhaps they despise the opposing candidate personally as a human being...
Yeah, and it's probably not going to be client side anytime soon.
A lot of the industry stuff isn't Linux. (iTunes is still used sometimes to work with phones; then there are tools like MCE (http://store.mce-sys.com/pages/mce-platform-system-requirements); and tools for the old feature phones the firmware updates etc were all windows applications (this has largely gone away, but not completely).
Both major networks around me (not AT&T) use iQmetrix for point of sale which is a cloud based database with a.net4 client. And... it appears so does a&t:
Damning evidence of what? That I was writing a book and something in real life happened that looks strikingly similar?
No... that you actually had a copy of *the* Word document the terrorist cell had circulated within its members prior to the attack. The one that said what to wear that day, the reminder to remain calm, how to react if the police stopped you, whatever and etc. A word for word document with a particular hash, that was searched for by the hash.
Unless the book you are writing is LITERALLY the blueprint document used by the terrorist cell to commit its attack your name isn't going to come up.
Several of the presentations were near identical to rough drafts
Even just the paragraphs being off, is going to make it a different document. Hell, if it was a Word document, even if two people created a blank document in the same version of word, typed the exact same things, and closed the file, they'd be different due to differing meta data that Word records by default. (Modification dates, username, etc.) The premise is to identify people who have the EXACT same file. As in person A sent it to person B,C,D,E via an email attachment or file sharing site.
Remember the context here is that the poster i was replying to was arguing that we relax the safety protocols to make medical trials riskier. Because getting drugs etc to market faster would be a net good.
You'd never argue that roofers shouldn't have to wear hard hats because it creates an expense that on a big project could instead be used to hire an additional roofer so the roof gets done faster.:)
Slashdot Mirror
You're not in IT are you? Nobody serious about cracking an iPhone taps the code in. They image the flash chips and run the code breaking in a script.
While that would give you lots of time to work on the encrypted drive contents, that's not to work for brute forcing the 4 digit pass code though. At least not that simply.
You might be able to break open the iphone and do some "rewiring" so as to be able to run against the unlock code using the iphone hardware, using your own custom software, but its going to be a lot more work than simply imaging the contents of the flash memory chips.
Maybe.
1) Why are you putting quotes around 'with my permission' ... what you're describing is exactly with your permission.
Because the letter I authorized based on their description of the service, and the letter that was actually sent (details buried in fine print, or perhaps not disclosed at all?) bear very little resemblance.
For example, if I order flowers to be delivered to my grandmother, and there's a box that says "include courtesy call to coordinate delivery" and I tick it, with this vision of you calling dear grams and confirming she'd be home that afternoon to receive them in person.
But instead you use that courtesy call, yes to schedule a delivery but while on the phone upsell grandma on a more expensive courier if she wants them before next week, and then press her to pay a service fee to send me a thank you card too, then pumping her for the contact information of her friends for telemarketing calls... well... that's not exactly what I thought I was authorizing is it.
And that's closer to what amazon's service is. Its not a little... hey X bought a new bbq.... why don't get to gether and have a grill night! Have a great weekend from Amazon!"
Its more like "hey X bought a new bbq. Its so shiny, and has 3 burners, and stainless steel lining and 2 year warrnaty. Its got 5 stars on amazon... would you like to buy one now too?? Would you? Click here now!!"
2) How does the retailer have your grandma's postal address?
Don't know. Don't care. Maybe its a small enough town.
I suggested that *competent* criminals would use good encryption
Yeah, but what does that mean? "competent criminals". Does a criminal have to be both competent at their usual actual criminal enterprises AND have a cross disciplinary expertise in strong crypto alongside that; just to be counted as a "competent criminal"? Because if so, fine, but then the vast majority of criminals, even the really successful ones, aren't going to pass that bar. And it would be pretty misleading to call them "incompetent".
and it is a specious claim that an ability for law-enforcement to decrypt communications as needed would actually significantly increase the number of criminals that they would catch.
No argument there. I never suggested once that it would do that.
I believe that it IS automatically ineffective. The government has yet to [..]
I totally agree. But that's a difference nuance for "ineffective". I am saying it will effectively give them a backdoor into (most) criminals devices. I agree completely with you that having one won't necessarily directly help them stop any crimes.
At best it might make prosecution a bit easier, and cut the cost of surveillance down on a legitimate target. But the cost of actual working security isn't worth that.
I'm not sure why people would want this (amazon) feature anyway.
"I just bought a Sony X950B on Amazon!"
Heh, I've already seen it "ruin" Christmas gifts for a few people. Not due to the email spam, but the recently purchased items stuff etc.
God forbid a whole household use the same tablets or laptops.
Is it legit if you hand write a letter to your grandma about your purchase, but spam if you use a pre-printed letter that came in the box, and you fill in a few blanks before mailing it to grandma?
What if the retailer, at the time of sale, simply says "mind if we tell your grandma"? If the answer is "no", then she fills out the letter, including the blanks, and even mails it for you?
One difference that immediately springs to the forefront is that in the former scenarios *I* clearly mailed the letter. I filled out the form, I dropped it in the outgoing mail box.
In the latter the retailer sent it, at best, 'with my permission'.
Your third paragraph is really about a whole separate issue of backdoors; that it gives malicious entities a new attack point... the backdoor itself.
This is true and a good point to make; and I don't dispute it at all.
But it doesn't really address the fact that the backdoors really will affect the majority of criminals TOO which you glossed over implying that criminals would all be using good encryption. That simply wouldn't happen.
Two things: First, US law doesn't extend to other nations... so making encryption illegal here won't stop it from happening anywhere else.
So? A backdoored device is still backdoored even if its used where its not mandatory. And if enough important countries require them, then it'll affect the rest too. Because: economics.
Bank fraud and ransom are already illegal in the US... does that stop Russian hackers? Nope. Chinese hackers? Nope.
Relevance? I never argued that backdoors would reduce crime.
Second, go read up on Watergate,
Hold up!
I am NOT for the government to have this capability, I'm simply explaining why giving it to them isn't as automatically "ineffective" as some people think. If the government has backdoors, it REALLY WILL let them into most criminals and terrorists phones (along with everyone elses). I'm definitely not saying that makes it a good thing, nor even that its justifiable, or even that it will make us safer. I don't think any of that.
. People keep saying "but warrants" and I keep saying... warrants must be read and obeyed by people... there isn't some technical interlock that ACTUALLY prevents a law enforcement tech from using the back door... just look to newly coined terms like "loveint" to better understand the fallacy of trusting regular people with such power.
Agreed.
The problem with this of course [...]
The reason this is NOT actually a problem is that the majority of people (including the "really bad guys") suck at security. Period.
So they won't go ahead install and use strong security properly.
Especially when it becomes exceedingly hard. (Its not just by default on their phone, Its not even just an app in the app store.) So they have root their phones, and side-load stuff, and the stuff they choose to side load has to be selected, installed, configured, and USED properly to actually get them real security.
Yes, some SMALL portion will be sophisticated and do it all. But they can still catch most of what they want. And the small portion they can't monitor just painted a target on themselves; and they don't even have to be caught doing a crime now... just being caught using "rooted phones with illegal encryption software" will itself be a crime.
So while you gnash your teeth and say "it'll never work because then only criminals will have strong encryption" if you think about it a bit harder you'll realize that :
a) no, most of them won't. because most criminals, and most terrorists are just your usual run of the mill idiot, and not comic book super villains.
and b) the ones that are sophisticated enough on the IT side can be prosecuted for that by itself under such a regime; merely for possession of a device that isn't properly government back-doored.
.though it didn't have to "hear" the questions, getting them fed in scanned form whilst meat-based contestants had to be read them aloud.
1) The vast majority jeopardy clues are 'revealed' immediately; then the host reads them out. The modern show requires the contestants wait for the host to finish reading them before they can hit the button. (And they even have indicators on their consoles to indicate when they are allowed to answer. Earlier in the series contestants were able to buzz in while the clue was still being read, but that was removed to make it more viewer friendly.
2) 1) The Watson challenge had slightly modified rules. Watch the documentary. Or read about that specific match for more details.
A jury is relatively easily convinced that someone stole your credit card and used its chip for an unauthorized transaction. That same uneducated jury is also easily convinced (by the other party) that if the correct PIN was used, you must have been present/authorized the transaction
Please cite a case that actually went to a jury where the jury was so convinced. Seriously. Because otherwise its a neat theory but with no basis in reality. And it doesn't line up with anything I've seen or experienced. And I say this as someone not just as a consumer, but as IT for businesses with dozens of retail locations, so I see it from the vender side as well.
despite the fact that a 4 decimal digit PIN is astonishingly weak and easy to guess by any modern security standard, nevermind the possibility of an over-the-shoulder attack observing you entering it.
a) If you have a 4 digit pin, it should be pretty easy to convince this hypothetical jury that it could be easily lifted from you over the shoulder... hell you could demonstrate it in court.
b) Canada has chip and pin.. the maximum pin length here is 12 digits, which is well beyond the average human beings ability to memorize over the shoulder in one shot. EVERYWHERE in Canada is fine with 12 digit pins; and I've been using a 12 digit pin for over a decade. When travelling to Europe etc I change it to a shorter one still, because i don't know whether ATMs and terminals there support the longer ones, and I play it safe... but the point is chip and pin tech is not limited to 4, and Canada at least has it enabled to 12. No reason other countries can't follow suit, if they haven't already.
Search around, you'll find that chip+PIN transactions are de-facto elimination of consumer protections against fraud.
I did. I see arguments for both sides. But the overwhemingly clear picture to me is that fraud is reduced substantially; but yes there have been documented cases of fraud, where the victims are having a hard time getting refunds. But they seem predominantly alarmist (biased), and don't talk about signature fraud rates by comparison either. Not to mention customer perpeptrated fraud.
Meanwhile, the alternative the US uses, signatures, are increasingly available via digitized pen terminals; and the awkwardness to use and the resolution on those are so shit that a forgery of the average persons signature could not be detected. The only chance is if the theif writes out your whole name when you only use initials or some other mistake that grossly large.
Chip and pin isn't perfect, and 4 digits is much to low a limit to set for an implementation. But rejecting chip and pin in favor of what's in place now? That's like arguing against seatbelts because they can trap you in a car (on fire, sinking, ...)
Its true. That IS going to happen sometimes. But the net benefit to society is pretty well established.
Any subcategory you create to classify those two stories differently is phony.
The subcategory that separate them is:
one considers the raminfications of the technology on society as a key part of the story; as a key theme; that's hard sf.
one doesn't. the science fiction is just window dressing.
If you can replace planets with islands, star ships with boats, and light sabres with metal ones and tell the same story then its not hard sf.
The star trek episode where they've abstracted war to the point that the sims run, and people walk into suicide booths is hard SF. You can't remove the technology from that story. The de-personalisation of the conflict is a crucial point, the notion of a such a clean war and the extrapolation from the premise to the idea that such a war would never end, because it wasn't disruptive enough to the societies engaged in it... its not incidental to the plot -- its a primary theme.
Not all star trek is hard sf though; lots of it is no different than star wars. Not that star wars is bad. But hard sf and space fantasy are very different things.
If enough users enable Tor, Facebook will be able to map Tor circuits in real time,
This aspect sounds potentially bad enough that it would undermine tor for all users, not just facebook users.
If so, it seems like the tor network needs to blacklist connecting to facebook from exit nodes.
the operator of your local network won't know that you are visiting Facebook (unless your DNS is misconfigured)
Yeah, I can't see why this would even be a feature needed, unless to dodge facebook blocks while using the corporate network at work... and if so WTF... if the company is blocking facebook using tor to dodge it is grounds for dismissal...
Ugh... a pentium 4 is a space heater. :)
Every single one of those exploits is mitigated by whitelisting the incoming ip blocks authorized to connect.
The ip block restriction, means the port 32764 is only vulnerable from the whitelisted ip address. Heartbleed/FREAK/etc doesn't work if you can't connect.
You are right of course, that unknown flaws in the device and security software do present an attack surface. But a few layers of real security are a reasonable defense. No security can't be broken, but even a wooden door with a residential lock is a huge obstacle relative to a literal hole in the wall.
We're talking about these systems being mostly completely wide open, protected by nothing more than a default password in too many cases, if that.
If we were dealing with systems that were secured; whitelisted ip blocks, knock and callback connection protocols, proper certificate security, etc. Sure they could still be vulnerable to flaws known or as yet unknown, and that'd be an important conversation too... but it would be a very different conversation.
A stock linksys router with one port forwarding to a SCADA system seems to be the bar right now. We need to raise that bar quite bit before we need to start worrying about firewall firmware flaws :(
But maybe you could possibly, at higher cost, make do with it not on the net. Maybe that should be considered.
It definitely should be considered. But for a lot of stuff, I think a properly setup VPN tunnelled over the internet to a monitoring station is pretty reasonable. Not perfect, and not for everything, but "for a lot of stuff".
I'd like to see the telcos step up and offer disjoint networks as a mainstream service. Where they'll dedicate a DSL line or whatever to a block of space that's only routable to a few other subnets all allocated to your own sites, and then let businesses (utilities, governments, etc) subscribe. So that you can connect remote locations fairly easily, without them being on the capital-I Internet at all. We used to do this sort of thing with dialup before the internet. We need to bring the concept back.
That they are connected to the internet makes perfect sense for a lot of reasons.
That they are connected to the internet and reachable directly, and publicly on the other hand is total spectacular fail.
They should be behind firewalls, that only allow connections in from authorized remote monitoring ip blocks, over encrypted connections presenting the right certificates.
But the usual; is to just do the minimum possible so that its functional. Security simply isn't even a consideration that goes into these things.
Just because you want to pay for it doesn't mean you can.
Whether you want to pay for it or not, you WILL. The price if not paid, results in crumbling infrastructure, and taken to extremes the eventual collapse of the society, mass death and starvation, etc, until balance is restored.
Is that your "plan"?
The rest of us think that improving the efficiency of healthcare costs etc, can bring the cost down to what a country can afford, even without rapid population growth.
here is no infinite money
Nobody says there is. That's a separate problem though; and if we take what money we do have and use it efficiently we can do a lot more healthcare for a lot less money. Are we still going to have to make the hard call that grandma over 75 doesn't get $X million dollars of risky surgery to give her an extra 2 years if we're lucky ... yes of course. But we can at least make her comfortable with the time she has.
It's a pyramid scheme. It will end.
It has already ended. And now we're racing headlong into the crunch. What's your solution? Yell I've got mine, and then put your head in the sand and hope the have-nots just go away and die quietly? That never happens.
Linux is just not very good for games. Windows has much better technology when it comes to computer graphics
Linux is weaker because its a *relatively* unpredictable platform to target by comparison to windows, and crucial driver performance optimizations lag behind, or simply aren't done by the vendors; due to the relative demand/marketshare and that fact that companies have limited resources..
this is why the xbox is based on windows technology
That's mostly because the xbox is made by microsoft.
and not free hand-me-down college project stuff.
PS4 Orbis is based on FreeBSD. (Remember what the B in BSD stands for? Hint... think 'names of colleges'.)
Troll grade: FAIL
We care, and read to catch up. We already know bases exist maybe just not where or its name.
So it should be called an "obscure base" or a "little known base" not a "secret base". This is not a secret base.
Yeah, I'd presumed it wasn't. I was mostly taking a shot at the click bait headline.
I agree with your overview of the politics but... this is off the rails:
If you vote republican and accept Medicare and social security you are a hypocrite.
How so?
Is one expected not to live in the country or use the services that one is paying for? I mean, if I vote against installing a sauna in my strata, but the majority vote carries it, am I now a hypocrite if I USE the sauna that gets built and that I am now helping to pay for?
Furthermore the connection between voting republican and medicare is pretty tenuous. There's lot of reasons to vote for a party, and its a complicated decision. There's lots of people who vote for republicans and simultaneously disagree with major parts of the republican platform. Perhaps they disagree with major parts of the democrat platform too, and that takes priority, or perhaps they despise the opposing candidate personally as a human being...
"Chabelley Airfield is less than 10 miles from the capital of the small African nation of Djibouti"
So much for the secret base
Yeah, and it's probably not going to be client side anytime soon.
A lot of the industry stuff isn't Linux. (iTunes is still used sometimes to work with phones; then there are tools like MCE (http://store.mce-sys.com/pages/mce-platform-system-requirements); and tools for the old feature phones the firmware updates etc were all windows applications (this has largely gone away, but not completely).
Both major networks around me (not AT&T) use iQmetrix for point of sale which is a cloud based database with a .net4 client. And ... it appears so does a&t:
http://summit.iqmetrix.com/spe...
"This session will go over the specifics of exactly how RQ needs to be set up for AT&T dealers."
Damning evidence of what? That I was writing a book and something in real life happened that looks strikingly similar?
No... that you actually had a copy of *the* Word document the terrorist cell had circulated within its members prior to the attack. The one that said what to wear that day, the reminder to remain calm, how to react if the police stopped you, whatever and etc. A word for word document with a particular hash, that was searched for by the hash.
Unless the book you are writing is LITERALLY the blueprint document used by the terrorist cell to commit its attack your name isn't going to come up.
Several of the presentations were near identical to rough drafts
Even just the paragraphs being off, is going to make it a different document. Hell, if it was a Word document, even if two people created a blank document in the same version of word, typed the exact same things, and closed the file, they'd be different due to differing meta data that Word records by default. (Modification dates, username, etc.) The premise is to identify people who have the EXACT same file. As in person A sent it to person B,C,D,E via an email attachment or file sharing site.
I do not agree. Many jobs are risky.
Yes, but we make them as safe as possible.
Remember the context here is that the poster i was replying to was arguing that we relax the safety protocols to make medical trials riskier. Because getting drugs etc to market faster would be a net good.
You'd never argue that roofers shouldn't have to wear hard hats because it creates an expense that on a big project could instead be used to hire an additional roofer so the roof gets done faster. :)