It would be great if we could have an actual debate, on actual solutions, to actual problems.

Thing is though, on this and many other issues, the politicians/parties don't believe there's a problem, won't propose solutions, and try to shut down, derail, or otherwise prevent actual debate by distorting the issues.

I would love it if the debate were between Republicans proposing measures to actually increase real competition, versus Democrats proposing measures to prevent the various companies from screwing over their customers. A situation like that, where most of the politicians were actually advocating for what the average citizen wants/needs, would be pretty close to ideal, and the outcome would at least be a reasonably close solution.

At least the Democrats in this case are trying to suggest solutions. We need Republicans that recognize there's a problem and propose solutions, too.

DHS isn't very effective at cybersecurity - but not for the reasons he cites (something about stopped clocks being right twice a day comes to mind).

First, when it comes to 'cybersecurity', they have no actual authority. The best they can do is suggest and advise. I'm not saying they should have authority to make anyone fix vulnerabilities or whatever, I'm just pointing out that you can't really expect that they'll be effective at protecting X if the people in charge of X don't have to listen to a word they say. It's like saying, "here, defend these networks, but you have to ask them politely to tell you what their problems are, and when you point out the problems, they don't have to fix it if they don't want to." Again, that's not to say they should be granted intrusive authority, but we also shouldn't expect them to act as if they can.

Second is quality of talent. They're fighting an uphill battle in terms of personnel. They have to compete against both the private sector and other agencies in the government/national security business. Would you rather work for DHS or Google? For DHS or the NSA? Etc... Even if they hire people with lots of potential and train them up, those people will go find something better before long. There was an article a month or two back (I want to say it was in the Washington Post) that talked about exactly that problem - DHS couldn't keep anybody, because the best and brightest quickly jumped ship to go someplace better (either in pay, prestige, other compensation, or something on those lines).

The difference is that we don't as a society (generally) rely on astrology for anything of serious consequence. With polygraph tests though, they're used to screen for employment in critical defense and intelligence functions, and in legal proceedings. Even though it's not compulsory, the gross inaccuracy should rule them out for any serious consideration even when someone agrees to take it. Even 75% means a 1 in 4 failure rate, and regardless of how many of those are false positives vs false negatives, that's still way, way too high to be anywhere close to considered effective.

And yet, so many people have the erroneous impression (from Hollywood or elsewhere) that these devices are 100% effective.

75% of the time, it works all of the time!

Time and Price are tradeoffs. I'd certainly pay a certain amount to go faster, or to fly in better comfort, but that is highly dependent on exactly what the added cost is. My time is certainly valuable. I'll pay a few hundred bucks for a plane ticket to fly from New York to LA rather than take a multi-day bus ride, but when we're talking about flying to Tokyo, is an extra day of travel time worth a few thousand dollars? To most travellers, probably not.

Air travel used to be a luxury that only the rich enjoyed, and there the difference was vast enough to make it worthwhile. I don't know the numbers offhand, but the time difference between taking a train coast to coast and a flight in the 1930s was probably on the order of 4 to 5 to make a wild guess. Either way, it was significant enough to be desirable, and over time the price came down to where it was so much more advantageous that now air travel is the dominant mode for long distance travel. If supersonic modes of travel can reach that time to price differential, I think we might see them come into play, but certainly not at a 1 to 1. New York to Tokyo in 3-4 hours or less, instead of 16, at twice the price? New York to London in 1-2 hours? That might be a little more tempting.

They've already managed a vertical takeoff/vertical landing on the ground: www.youtube.com/watch?v=ZxKWh7kLDzw

Most likely this is a step towards general reusability from a cost perspective, as there are advantages to doing recovery on water (generally less problems if you somehow screw it up I would think).

If only Sanctions like this had been the response back then too, we'd all be a lot better off.

North Korea is one of, if not the most, horrible nations in the world. If anything, the sad thing is that we need to use this hack as an excuse for the sanctions, rather than the horrific treatment of their own citizens.

I'm not completely convinced either - specific attribution is hard. I won't hold my breath on all the evidence being released. In the end, as a computer security professional, the most important thing wasn't who was really behind it - it's what they did/how they did it, and how much of a risk my organization is at from them. Who it was is just a subset of that, and a somewhat less important one given the fungibility of tools. I digress however.

Sanctions targeting officials in the North Korean government don't bother me one bit. They're ruling over one of the most brutal systems in the world, and about the only thing you could say in the defense of a given individual is that they're stuck in the system and don't want to get their entire extended family sent off to a gulag to die. I'm a little concerned that it might impinge on basic food aid (even if a lot of that is diverted to their military), but overall, if sanctions are all that's going to come of this, that's a lot better than other possible outcomes (See the whole "Iraq has WMD so we need to invade" debacle).

The best we can say at this point is "it's a valid theory", because that's all it is. Similar, the disgruntled insider theory is a valid theory. I have yet to see anything that would conclusively prove or disprove either. We can argue all day about which Security Firms/Experts or Government Agencies we trust on their views, but in the security world, attribution is hard. 100% positive attribution is almost impossible.

But let's put that aside for the moment. The important thing to look at, I think, isn't who they want you to think was responsible. It's what they want to sell you with that. In the US Government's case, well, if sanctions are all that's going to come of it (was there anything that wasn't already sanctioned on the most pariah state in the world?), well, that's far less worrisome than trying to use it as justification for bombing them.

If I remember correctly, Japanese has two readings for each character, one that's native and one that's derived from the Chinese pronunciation. Which one is used tends to depend on context and what other characters it's combined with in a word. Different characters can also have the exact same pronunciation, so in spoken language one has to rely on context to understand the meaning. Confusion based on misinterpreted kanji is a big source of humorous situations, both in the case of exact homophones and close ones.

As for Asian language in general, probably the most interesting case is for Korean, as they share the exact same situation as Japanese, having lots of words based on Chinese roots/characters, and a native script that's entirely phonetic. Unlike Japanese however, Korea ditched the common use of Chinese characters (hanja) entirely, and while they still see use in certain situations, it's not the same. In Japanese class we started learning Kanji right away, whereas in Korean class I only even heard about them from the teachers after I asked when noticing similar roots (Daigaku and Daehakgyo for instance), and was considered proficient without even being exposed to them. Modern Japanese could probably make a similar shift, as knowing the pictographical representation isn't necessary for knowing the intended meaning, but it's what they're used to, and there won't likely be any pressure to change anytime soon.

Romanized Chinese exists: http://en.wikipedia.org/wiki/Pinyin

Incidentally, it's useful not just for writing out Chinese names/terms for foreigners, but also for language standardization. One thing that's missed in all the discussion of "Chinese" is that historically "Chinese" has been a very broad swath of local dialects united by the writing system. Some of them are even so broadly different that they're mutually unintelligible. Various successive Chinese governments dating back to the Qing dynasty have been trying to standardize on Mandarin, which is what most of us in the West are familiar with, and what you'll get taught if you study "Chinese". Cantonese is probably the other dialect commonly known in the West, due to its significance in Hong Kong/Macau.

Languages are a funny thing really - they're living, changing things that are altered with common usage, and increased communication seems to only be accelerating that process. New words ranging from technical terms to slang to memes to acronyms to foreign loan words seem to be entering use all the time. At the same time, the regional boundaries that used to give rise to divergences in dialect are much broader, meaning that chatting with someone in Britain or Australia is as easy as chatting with someone in a bordering state. I expect that this will have the impact of 'standardizing' English (and similarly other languages within their major group), or at least keeping changes mainstream enough that everyone can still communicate with one another.

I suppose it really depends on the job you're all trying to do. If your work is very collaborative, analytical/consensus based, and has a lot of bouncing ideas back and forth, then a more open space might be best. If your work depends on you being able to concentrate on a task however, you need to be able to shut out distractions, and an "open" format is going to be a serious drag on your productivity.

Milton: I was told that I could play my radio at a reasonable volume...

Not speaking to your suggested control in particular, I do think that in general the non-technical/MBA world, especially the older ones, simply do not take network security seriously enough to properly evaluate the tradeoff in risks to dollar figures. They see it as a cost center (which it is), but do not properly appreciate just how bad things can get. It's our job as network security professionals to make the case for this, but it's not easy when a lot of them still seem to have a view of the computer as a magic box. This is even before we get to the problem that good security can be tough for large enterprises even when you can shovel truckloads of money at it government style.

I think that it's going to take a lot more breaches, and fired CEOs, before enough of it gets taken seriously.