And if we're really lucky this kind of incident will help John Q Sixpack start thinking about securing his wireless...aw, who am I kidding, we'll have unicorns, flying pigs, and world peace before that happens.
I'd advise having an exit strategy in the works. Start interviewing because there is no better time to negotiate a new job than when you currently have one. You don't want to work for a company that is willing to "knowingly" take advantage of you. If you're comfortable with your management chain, bring this issue up to them.
Under no circumstances "threaten" to leave, or tell them that you've got a new job and want them to match salaries, etc. Get yourself an offer you like, and then start negotiating with your current employer. If you tell them you're looking at leaving or that you've got a new job offer, their motivation will only be to placate you until they can replace you. If you "work with them" on aligning your salary with your tasks you've got a better job at keeping a long-term relationship with them.
Otherwise, find a better job opportunity and take it.
"Between yourself and a few friends, you most likely have nearly all the equipment you would need to run your own business. What is a company providing for you that you can't provide for yourself? Certainly not security since they will downsize you or outsource your job at the drop of a hat. If you are providing your work environment, communications technology and transport then the company is providing sales, accounting and not much else. Include a salesman/accountant in that group of friends and you're good to go."
The company I work for started just that way less than 10 years ago. Many of my coworkers had their own companies and feel this one is a better choice. We have a good tight ship with professionals who are all focused on the same goal--we haven't gotten big enough for a life-sapping bureaucracy yet.
There are a few things that myself and some of my friends don't have that make me just as happy to work for an employer right now:
1. Business savvy--I am a techie geek. Getting a real business mind into the fold would be necessary, and to be honest I don't always get along with those sorts, so I don't count many as friends. 2. Health care. Until I can afford something more than major medical on my own, I will always work for somebody else. There's just no two ways about it. 3. Short-term pay security. I know that I will have a steady income from this employer until/unless some catastrophic event occurs (firing/bankruptcy/etc). I don't have the faith that I could match that on my own at this point.
I'm not arguing that your are wrong, I'm merely stating why I don't feel I'm in a position to actually do that.
I wish you luck with that. The president is really already there: salespeople often use their own cars for travel, many of us use our own cell-phones and home Internet connections for work, etc. Perhaps the company provides some sort of stipend for you to buy your own computer, maintain it, and replace it every X years. Or maybe not.
But you're right, the company won't be able to search it, won't be as interested in web filtering while you're at work, etc.
I don't want to comment on companies that I have personal knowledge of, NDA's and all that. There are two that I currently know of personally that are in process. (Sorry, I have to leave it there)
It is really just another evolutionary step from companies that have started going to thin-clients (Sun Ray, WYSE, etc.) just going the next step to a software only client.
I will say that I haven't seen all the kinks worked out yet.
I've started seeing companies go the route of getting rid of workstation computers. You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment. No data ever ends up on your computer, and only a couple of key ports are open to our virtual space. The virtual space can't get to the Internet, you don't have admin access, etc. You can do whatever you want on your own computer, but when you get a virus, crash the OS, bust a hard drive, it's your problem to contact your computer vendor and get it fixed. You get a day to get that resolved, or we start making you take your vacation days or get docked pay until you're back up and running.
May sound like crap, but there are potentially some real benefits to getting workstations off of IT's plate.
Sure, Apple is strong-arming everyone. But what are they doing that is illegal? The best way to fight this is to put the iPad/Pod/Phone/whatever down and back away slowly. Then go buy a Blackberry, Android Phone, IRiver PMP, Dell Mini 5, etc. Vote with your dollars, and don't develop apps for Apple.
Agreed. And, to be blunt, I'm sick and tired of flash all over my Internet. Flash cookies are a HORRIBLE idea. Menus on websites that are flash driven are ridiculous. And to be blunt, the vast majority of flash on the sites I frequent are the ads anyway. Especially when I'm on a low-bandwidth connection, why the hell do I want flash anyway?
I know, I know, without flash I can't watch a movie on the Internet anymore. So let's adopt HTML 5 standards and get on with it.
One of the beauties of finding a vulnerability and doing the reverse engineering is that, once it's been done once, you can create tools to take advantage of it. (Exhibit A: Metasploit) So the skill required to determine the vulnerabilities is quite high, while the skill to use them later is quite low.
Beyond ease of exploitation, let's think about the possible uses. The goal of smart meters is two fold: providing both you and the utility real-time info about your electrical use. The second goal is to be able to control and adjust your use based on this info. This will incorporate the ability to shut down your AC for periods of time, as well as appliances like your refrigerator, washer, and dryer. (Seriously, this is the "end goal" of these things)
Having that data available is a problem. As a person with malicious intent, don't you think I can rather easily determine when you're home and when you're away based on your electrical usage? How about making assumptions about the juicy items you have in your home to rip off based on your electrical usage? (more engery used probably means more cool stuff to take, right?)
Having the ability to now affect your electrical usage is a problem too, right? If I can shut down your power remotely, can't I at least piss you off? Worst case, couldn't I possibly harm someone in your household? If I can manipulate the meter to claim that you're using more energy than you really are, could I cause you financial hardship?
So I think the ramifications here are pretty significant.
We each choose our own risk tolerances. I do tend to assume that what I don't have control over could potentially be harmful to me. That works for me. It doesn't necessarily work for you, and that is fine. My "bigger picture" comment refers to the correlation of data that is now so simple to do with the modern tools we have. Yes, in the past people could find out things about you, but the cost of doing so was prohibitively high unless there was significant motivation. The ease (and drop in cost) in doing these things have made it much easier to do. There are companies that specialize in this as it is, and I don't believe that they've yet started being able to mine the databases of places like Facebook and Google. It is this same ease which begins to take the argument of "nobody is interested in me" to zero as the cost of looking at you diminishes.
I would prefer to assume that data gathered about me could be used in future in a way that is detrimental. I don't want to have to explain to a future employer why I visited those hacking sites, or why I was researching depression treatments, or that my religion is wicca, etc. That should be my personal information and though there are privacy laws in place to prevent an employer (in the US) from considering these sorts of things in the employment process, but how am I to know or prove that in order to get recompense? Heaven forbid I ran for public office in 20 years--imagine that vetting process. Never-mind the entertaining pictures waiting to be mined on My Space or Facebook.
I want to be able to control who has access to my data. I have not shared my data with Google, or Apple, or Danger, but I can bet you money that people I know have put my contact info into these platforms, which has been uploaded into a database that I have no control over, and no agreement with the owners of. That, to me, indicates that I have become a product. I have not explicitly consented to this, and I have little choice in the matter. This is a slippery slope to me, and yes, I am very concerned about where it goes.
Again, we each get to make our personal choices. I have made, and advocated, mine and you have made and advocated yours. And anybody reading this gets to form their own opinion.
"or had any clear reason to believe that my privacy has been violated."
Absence of evidence is not evidence of absence. Your statement seems to be almost the corollary to statements like "If you don't have anything to hide what are you worried about?" I would also suggest that you're not looking at the bigger picture.
"I also happen to believe that anything I do online, by nature of the internet, is public, and accordingly I choose not to put most of the details of my life onto it."
What is preventing your friends from doing that for you? If I have an Android phone, and I have your contact info, along with perhaps your birth date, address, email, an ID picture of you, and some other interesting details in your contact, now I've given that data to Google, haven't I? What contract or understanding do you have with Google to govern how that data is being used and protected?
Absolutely! There's plenty of stupid to go around.
1. Where was the firewall admin to prevent external systems from connecting to these webservers over port 8080? 2. Why did the admins use insecure tools or insecure systems to allow their credentials to be sniffed? 3. Where was the IDS/IPS to notice the sudden change in traffic? 4. Where was the load balancer/reverse proxy to intecept this junk? 5. Where was the routine review of logs to notice the dynamic DNS updates from computers with (presumably) static DNS entries somewhere? 6. Where was the periodic pen/vulnerability test against these systems?
"but generally speaking you're not expecting attacks from inside your LAN"
Right, because a virus on my local network would never take advantage of that. Right, because more than 60% of data loss events are triggered by insiders. Right, because you personally know and trust every user on your LAN. Right, because nobody would connect an unapproved device, like their iPod, or personal PC, to the LAN.
If you're not expecting most of your attacks from inside your LAN then you're just fooling yourself.
"It is a great failing in our industry that its viewed as a problem that "most don't think about security".
Rather, the problem is that we haven't constructed systems such that people don't have to think about security. The best security systems are so unobtrusive and unnoticable that people should not think about them."
Strictly speaking about IT security systems, I agree, security systems should be much more "automagic" then they are today. But if you're relying on an IT system for security you're already half way to screwed.
People (not users, people) are the start and end for security. It wasn't that long ago that people advised you to engrave your SSN on your valuable, like your bicycle, so you could get it back if lost or stolen. If I want service from my electric company, they ask for my SSN. We think nothing of tossing credit card applications into the trash whole. Heck, we still allow our mail to sit in an unsecured box a the end of the driveway. We people have so many insecure habits to unlearn. (Don't forget to post those pics from the vacation you're currently on at your publicly accessible Facebook account.)
We can't expect an IT solution to save us from ourselves.
...to remember when the advice was to put your SSN on your items so they could be returned to you if lost or stolen? Ah the good old days. (I have some 2nd hand power tools from my dad with his SSN on them. I figure that will be useful for paperwork later in life)
"Here's my model of the only possible internet. You pay for services, including downloading all content. That means paying the 10 euro/mo or whatever for rapidshare if you want to download free projects (unless they can get donated bandwidth from a university). Commercial projects can support their own bandwidth needs. If you want quality tech news, subscribe to Ars Technica - they're not going to just work for free."
While I have no doubt an equilibrium will be reached, the assumption that all Internet activity will be fee based seems to forget a number of different factors, the most important of which is the reality that my income is finite. I already make decisions on my Internet habits based on money--for instance I bought a cheap laptop and slapped a free OS on it instead of buying a Macintosh, and I have chosen not to pay for an account on either FARK or Slashdot as of yet.
So yes, in the near term I will not be visiting any Murdoch owned websites based on the fact that I will choose not to pay for them. I will be able to do this for free so long as other outlets with the same news/facts/data are available to me. This may include systems as antique as AM radio, which is the other part that seems to get forgotten on the Internet--it's not the only game in town, even as other forms of media are shrinking.
This kind of thinking is, well, disappointing. Yes, it would be "easier" for you the user to not need such a strong password. That would be one way of looking at it. I think it would be easier, too, if I didn't need to look both ways for pedestrians while backing out of my driveway every day. What are the chances that I'm going to hit a pedestrian? Pretty small, but I need to look for them anyway.
There are just some things that we all have to do, even if they are "hard." So may I suggest that instead of complaining that passwords are too hard to remember, perhaps you could try using a couple of tools.
1. Use something like password safe for all those "useless" passwords. You know, the ones for Yahoo, Google, Slashdot, etc.
2. Teach yourself an easy way to create complex passwords. Use the first letter of each word in a silly phrase like "Snoopy Prefers @nchovies 0n his 8rick Oven pizza." (SP@0h8Op) Or pick some other way of remembering these things.
3. Or, install a backup camera so you don't need to look around for those pedestrians.
"and publicly announcing this will help these gaps to stay unfiltered?"
It is in Iran's best interest to filter as little as possible. If you're a devout WoW player, they'd rather let you spend time on that, being oblivious and happy, than risk you being pissed off that you can't play. The most important thing for Iran's government to do is to try and make sure that no more people join the protests, and that those who have get discouraged by the hardship and return to their "comfortable" lives. They want people to return to "normal" even if it is just a sham because they can control the people that way. That requires people not paying attention to what the government is really doing, which requires giving people somewhere to "bury" their heads. The Internet is GREAT for that. I never found so many ways to waste my own time until I first opened that Mosaic browser one day...
What Iran's government has been doing with regard to filtering has been disturbingly effective. Yes, the protesters are getting together and communicating with each other, but there's no reliable sources of verifiable news. No reliable death count. No clear picture of what is happening. Citizen journalism is great, but it pales in comparison with what real news-gathering resources can do. So foreign governments are limited in their response, and that response is even more limited in the audience within Iran that can see it.
Don't discount the ability to keep information away from the militia men as well. The Iranian government is more dependent than ever on the blind faith of their security forces. They must be fed the party line, and be made to swallow it. You don't get that kind of obedience when those forces are allowed to think for themselves. So you deny them the ability to gather data to make up their own minds.
So yes, Iran is not blocking all possible methods of communication, but they're effective enough that they still may pull this off.
Information is power, and the information required to make your own decisions is the ultimate expression of that power.
Exactly. As a culture we seem to be almost compulsively obsessed with having everything on the Internet. And let's not forget that the Internet was designed with several assumptions about the basic "good" nature of the people on it (scientists, university students, and the always trustworthy US military) that somehow we figured we should just open up to everyone. So go figure that it is ill-equipped to act as a truly secure system.
Absolutely. That, and the fraud risk. Who is responsible when my cell phone is stolen, cloned, etc. and somebody runs up a huge bill using it to pay for things? If my credit card is stolen, US law limits my responsibility to $50. If there are fraudulent charges, I can contest them with my credit card company and they and the retailer bear the liability to validate the charge. I'm sure that the cellular companies aren't too keen to take on these risks themselves, so they'll either try to find a partner (the credit card companies or banks) or they'll try to pass the liability all the way to the end user.
One thing that will completely prevent me from being interested in this form of payment is the level of risk I am assuming when I use it. Ask me why I don't use a debit card? Because there's a higher risk to my cash flow if somebody drains my checking account than if somebody hits my credit card limit.
This really seems more like a way for them to perform discovery without all that mucking about with the courts. Get the ISP to respond with "Yes, we've identified Mr. Smith of 123 Main Street based on the information you provided..." I'm curious to see their strategy here--do they try to bury the ISP's in this letter to get them to decide to take their own action against file sharing to get the RIAA off their backs?
To be blunt, this new "strategy" has to benefit them somehow. And there's only one benefit I can think of that they'd be after $$$$. So how does sending letters to the ISP's benefit them monetarily?
Slashdot Mirror
So by that analogy, if I get sick because of you I should be able to sue you for MY medical care...
So, let me get this straight: the government can force me to have auto insurance, but not health insurance? Well that sure makes sense.
And if we're really lucky this kind of incident will help John Q Sixpack start thinking about securing his wireless...aw, who am I kidding, we'll have unicorns, flying pigs, and world peace before that happens.
I'd advise having an exit strategy in the works. Start interviewing because there is no better time to negotiate a new job than when you currently have one. You don't want to work for a company that is willing to "knowingly" take advantage of you. If you're comfortable with your management chain, bring this issue up to them.
Under no circumstances "threaten" to leave, or tell them that you've got a new job and want them to match salaries, etc. Get yourself an offer you like, and then start negotiating with your current employer. If you tell them you're looking at leaving or that you've got a new job offer, their motivation will only be to placate you until they can replace you. If you "work with them" on aligning your salary with your tasks you've got a better job at keeping a long-term relationship with them.
Otherwise, find a better job opportunity and take it.
"Between yourself and a few friends, you most likely have nearly all the equipment you would need to run your own business. What is a company providing for you that you can't provide for yourself? Certainly not security since they will downsize you or outsource your job at the drop of a hat. If you are providing your work environment, communications technology and transport then the company is providing sales, accounting and not much else. Include a salesman/accountant in that group of friends and you're good to go."
The company I work for started just that way less than 10 years ago. Many of my coworkers had their own companies and feel this one is a better choice. We have a good tight ship with professionals who are all focused on the same goal--we haven't gotten big enough for a life-sapping bureaucracy yet.
There are a few things that myself and some of my friends don't have that make me just as happy to work for an employer right now:
1. Business savvy--I am a techie geek. Getting a real business mind into the fold would be necessary, and to be honest I don't always get along with those sorts, so I don't count many as friends.
2. Health care. Until I can afford something more than major medical on my own, I will always work for somebody else. There's just no two ways about it.
3. Short-term pay security. I know that I will have a steady income from this employer until/unless some catastrophic event occurs (firing/bankruptcy/etc). I don't have the faith that I could match that on my own at this point.
I'm not arguing that your are wrong, I'm merely stating why I don't feel I'm in a position to actually do that.
I wish you luck with that. The president is really already there: salespeople often use their own cars for travel, many of us use our own cell-phones and home Internet connections for work, etc. Perhaps the company provides some sort of stipend for you to buy your own computer, maintain it, and replace it every X years. Or maybe not.
But you're right, the company won't be able to search it, won't be as interested in web filtering while you're at work, etc.
Here's a URL with a link to a December article about a few companies "dipping their toes in":
http://www.itbusinessedge.com/cm/community/features/articles/blog/employee-owned-computer-programs-diving-into-murky-waters/?cs=38238
I don't want to comment on companies that I have personal knowledge of, NDA's and all that. There are two that I currently know of personally that are in process. (Sorry, I have to leave it there)
It is really just another evolutionary step from companies that have started going to thin-clients (Sun Ray, WYSE, etc.) just going the next step to a software only client.
I will say that I haven't seen all the kinks worked out yet.
I've started seeing companies go the route of getting rid of workstation computers. You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment. No data ever ends up on your computer, and only a couple of key ports are open to our virtual space. The virtual space can't get to the Internet, you don't have admin access, etc. You can do whatever you want on your own computer, but when you get a virus, crash the OS, bust a hard drive, it's your problem to contact your computer vendor and get it fixed. You get a day to get that resolved, or we start making you take your vacation days or get docked pay until you're back up and running.
May sound like crap, but there are potentially some real benefits to getting workstations off of IT's plate.
Sure, Apple is strong-arming everyone. But what are they doing that is illegal? The best way to fight this is to put the iPad/Pod/Phone/whatever down and back away slowly. Then go buy a Blackberry, Android Phone, IRiver PMP, Dell Mini 5, etc. Vote with your dollars, and don't develop apps for Apple.
Agreed. And, to be blunt, I'm sick and tired of flash all over my Internet. Flash cookies are a HORRIBLE idea. Menus on websites that are flash driven are ridiculous. And to be blunt, the vast majority of flash on the sites I frequent are the ads anyway. Especially when I'm on a low-bandwidth connection, why the hell do I want flash anyway?
I know, I know, without flash I can't watch a movie on the Internet anymore. So let's adopt HTML 5 standards and get on with it.
One of the beauties of finding a vulnerability and doing the reverse engineering is that, once it's been done once, you can create tools to take advantage of it. (Exhibit A: Metasploit) So the skill required to determine the vulnerabilities is quite high, while the skill to use them later is quite low.
Beyond ease of exploitation, let's think about the possible uses. The goal of smart meters is two fold: providing both you and the utility real-time info about your electrical use. The second goal is to be able to control and adjust your use based on this info. This will incorporate the ability to shut down your AC for periods of time, as well as appliances like your refrigerator, washer, and dryer. (Seriously, this is the "end goal" of these things)
Having that data available is a problem. As a person with malicious intent, don't you think I can rather easily determine when you're home and when you're away based on your electrical usage? How about making assumptions about the juicy items you have in your home to rip off based on your electrical usage? (more engery used probably means more cool stuff to take, right?)
Having the ability to now affect your electrical usage is a problem too, right? If I can shut down your power remotely, can't I at least piss you off? Worst case, couldn't I possibly harm someone in your household? If I can manipulate the meter to claim that you're using more energy than you really are, could I cause you financial hardship?
So I think the ramifications here are pretty significant.
We each choose our own risk tolerances. I do tend to assume that what I don't have control over could potentially be harmful to me. That works for me. It doesn't necessarily work for you, and that is fine. My "bigger picture" comment refers to the correlation of data that is now so simple to do with the modern tools we have. Yes, in the past people could find out things about you, but the cost of doing so was prohibitively high unless there was significant motivation. The ease (and drop in cost) in doing these things have made it much easier to do. There are companies that specialize in this as it is, and I don't believe that they've yet started being able to mine the databases of places like Facebook and Google. It is this same ease which begins to take the argument of "nobody is interested in me" to zero as the cost of looking at you diminishes.
I would prefer to assume that data gathered about me could be used in future in a way that is detrimental. I don't want to have to explain to a future employer why I visited those hacking sites, or why I was researching depression treatments, or that my religion is wicca, etc. That should be my personal information and though there are privacy laws in place to prevent an employer (in the US) from considering these sorts of things in the employment process, but how am I to know or prove that in order to get recompense? Heaven forbid I ran for public office in 20 years--imagine that vetting process. Never-mind the entertaining pictures waiting to be mined on My Space or Facebook.
I want to be able to control who has access to my data. I have not shared my data with Google, or Apple, or Danger, but I can bet you money that people I know have put my contact info into these platforms, which has been uploaded into a database that I have no control over, and no agreement with the owners of. That, to me, indicates that I have become a product. I have not explicitly consented to this, and I have little choice in the matter. This is a slippery slope to me, and yes, I am very concerned about where it goes.
Again, we each get to make our personal choices. I have made, and advocated, mine and you have made and advocated yours. And anybody reading this gets to form their own opinion.
"or had any clear reason to believe that my privacy has been violated."
Absence of evidence is not evidence of absence. Your statement seems to be almost the corollary to statements like "If you don't have anything to hide what are you worried about?" I would also suggest that you're not looking at the bigger picture.
"I also happen to believe that anything I do online, by nature of the internet, is public, and accordingly I choose not to put most of the details of my life onto it."
What is preventing your friends from doing that for you? If I have an Android phone, and I have your contact info, along with perhaps your birth date, address, email, an ID picture of you, and some other interesting details in your contact, now I've given that data to Google, haven't I? What contract or understanding do you have with Google to govern how that data is being used and protected?
"So are these man in middle exploits fixed in the latest Ubuntu release ?"
No, they've just changed the name to "koala in the middle" exploits.
Absolutely! There's plenty of stupid to go around.
1. Where was the firewall admin to prevent external systems from connecting to these webservers over port 8080?
2. Why did the admins use insecure tools or insecure systems to allow their credentials to be sniffed?
3. Where was the IDS/IPS to notice the sudden change in traffic?
4. Where was the load balancer/reverse proxy to intecept this junk?
5. Where was the routine review of logs to notice the dynamic DNS updates from computers with (presumably) static DNS entries somewhere?
6. Where was the periodic pen/vulnerability test against these systems?
"but generally speaking you're not expecting attacks from inside your LAN"
Right, because a virus on my local network would never take advantage of that.
Right, because more than 60% of data loss events are triggered by insiders.
Right, because you personally know and trust every user on your LAN.
Right, because nobody would connect an unapproved device, like their iPod, or personal PC, to the LAN.
If you're not expecting most of your attacks from inside your LAN then you're just fooling yourself.
"It is a great failing in our industry that its viewed as a problem that "most don't think about security".
Rather, the problem is that we haven't constructed systems such that people don't have to think about security. The best security systems are so unobtrusive and unnoticable that people should not think about them."
Strictly speaking about IT security systems, I agree, security systems should be much more "automagic" then they are today. But if you're relying on an IT system for security you're already half way to screwed.
People (not users, people) are the start and end for security. It wasn't that long ago that people advised you to engrave your SSN on your valuable, like your bicycle, so you could get it back if lost or stolen. If I want service from my electric company, they ask for my SSN. We think nothing of tossing credit card applications into the trash whole. Heck, we still allow our mail to sit in an unsecured box a the end of the driveway. We people have so many insecure habits to unlearn. (Don't forget to post those pics from the vacation you're currently on at your publicly accessible Facebook account.)
We can't expect an IT solution to save us from ourselves.
...to remember when the advice was to put your SSN on your items so they could be returned to you if lost or stolen? Ah the good old days. (I have some 2nd hand power tools from my dad with his SSN on them. I figure that will be useful for paperwork later in life)
"Here's my model of the only possible internet. You pay for services, including downloading all content. That means paying the 10 euro/mo or whatever for rapidshare if you want to download free projects (unless they can get donated bandwidth from a university). Commercial projects can support their own bandwidth needs. If you want quality tech news, subscribe to Ars Technica - they're not going to just work for free."
While I have no doubt an equilibrium will be reached, the assumption that all Internet activity will be fee based seems to forget a number of different factors, the most important of which is the reality that my income is finite. I already make decisions on my Internet habits based on money--for instance I bought a cheap laptop and slapped a free OS on it instead of buying a Macintosh, and I have chosen not to pay for an account on either FARK or Slashdot as of yet.
So yes, in the near term I will not be visiting any Murdoch owned websites based on the fact that I will choose not to pay for them. I will be able to do this for free so long as other outlets with the same news/facts/data are available to me. This may include systems as antique as AM radio, which is the other part that seems to get forgotten on the Internet--it's not the only game in town, even as other forms of media are shrinking.
This kind of thinking is, well, disappointing. Yes, it would be "easier" for you the user to not need such a strong password. That would be one way of looking at it. I think it would be easier, too, if I didn't need to look both ways for pedestrians while backing out of my driveway every day. What are the chances that I'm going to hit a pedestrian? Pretty small, but I need to look for them anyway.
There are just some things that we all have to do, even if they are "hard." So may I suggest that instead of complaining that passwords are too hard to remember, perhaps you could try using a couple of tools.
1. Use something like password safe for all those "useless" passwords. You know, the ones for Yahoo, Google, Slashdot, etc.
2. Teach yourself an easy way to create complex passwords. Use the first letter of each word in a silly phrase like "Snoopy Prefers @nchovies 0n his 8rick Oven pizza." (SP@0h8Op) Or pick some other way of remembering these things.
3. Or, install a backup camera so you don't need to look around for those pedestrians.
Just my 2 cents.
"and publicly announcing this will help these gaps to stay unfiltered?"
It is in Iran's best interest to filter as little as possible. If you're a devout WoW player, they'd rather let you spend time on that, being oblivious and happy, than risk you being pissed off that you can't play. The most important thing for Iran's government to do is to try and make sure that no more people join the protests, and that those who have get discouraged by the hardship and return to their "comfortable" lives. They want people to return to "normal" even if it is just a sham because they can control the people that way. That requires people not paying attention to what the government is really doing, which requires giving people somewhere to "bury" their heads. The Internet is GREAT for that. I never found so many ways to waste my own time until I first opened that Mosaic browser one day...
What Iran's government has been doing with regard to filtering has been disturbingly effective. Yes, the protesters are getting together and communicating with each other, but there's no reliable sources of verifiable news. No reliable death count. No clear picture of what is happening. Citizen journalism is great, but it pales in comparison with what real news-gathering resources can do. So foreign governments are limited in their response, and that response is even more limited in the audience within Iran that can see it.
Don't discount the ability to keep information away from the militia men as well. The Iranian government is more dependent than ever on the blind faith of their security forces. They must be fed the party line, and be made to swallow it. You don't get that kind of obedience when those forces are allowed to think for themselves. So you deny them the ability to gather data to make up their own minds.
So yes, Iran is not blocking all possible methods of communication, but they're effective enough that they still may pull this off.
Information is power, and the information required to make your own decisions is the ultimate expression of that power.
Exactly. As a culture we seem to be almost compulsively obsessed with having everything on the Internet. And let's not forget that the Internet was designed with several assumptions about the basic "good" nature of the people on it (scientists, university students, and the always trustworthy US military) that somehow we figured we should just open up to everyone. So go figure that it is ill-equipped to act as a truly secure system.
Absolutely. That, and the fraud risk. Who is responsible when my cell phone is stolen, cloned, etc. and somebody runs up a huge bill using it to pay for things? If my credit card is stolen, US law limits my responsibility to $50. If there are fraudulent charges, I can contest them with my credit card company and they and the retailer bear the liability to validate the charge. I'm sure that the cellular companies aren't too keen to take on these risks themselves, so they'll either try to find a partner (the credit card companies or banks) or they'll try to pass the liability all the way to the end user.
One thing that will completely prevent me from being interested in this form of payment is the level of risk I am assuming when I use it. Ask me why I don't use a debit card? Because there's a higher risk to my cash flow if somebody drains my checking account than if somebody hits my credit card limit.
Isn't it Ballmer? I thought he just generally took over when the "big guys" stepped down...
This really seems more like a way for them to perform discovery without all that mucking about with the courts. Get the ISP to respond with "Yes, we've identified Mr. Smith of 123 Main Street based on the information you provided..." I'm curious to see their strategy here--do they try to bury the ISP's in this letter to get them to decide to take their own action against file sharing to get the RIAA off their backs?
To be blunt, this new "strategy" has to benefit them somehow. And there's only one benefit I can think of that they'd be after $$$$. So how does sending letters to the ISP's benefit them monetarily?