the guy lost power during a trans-atlantic sailing race. I'm a bit puzzled as to why that was a huge problem, but he does seem to be somewhat aware of the method. He also uses as his base hull, a former transatlantic racing sailing catamaran. I don't understand why people think that something other than sailing will be magically more efficient than, well, sailing... I would think they should have put a large vertical axis wind turbine near where the mast would be, it would likely provide a lot more power than the solar cells, and would be complementary. I say vertical axis because putting a large weight at the top of a tall tower has issues in a boat.

CASB - Cloud Access Security Brokers. but regardless of checklist items, I think the post is mostly addressing the wrong problem. Good practices in new deployments is good, but how often are deployments new?

As someone most involved in operations, I think you fail to appreciate how hard the basics are. Just try to keep ALL of a reasonably size organization's internet facing thingums patched. I haven't heard of a anyone being successful at that. Software and systems are thought of like consumer goods: you buy them, they have a natural life, and you repair for a while or replace before that gets too costly.

For internet facing services, it's more like fruit. You expect to put fresh fruit out there every week, because no-one is going to buy two month old watermelon. Acquire fresh fruit, qa them for damage, for ripeness, etc... and put them on the shelf, in a day or two. And a week later, you need new fruit.

That's the thing people aren't really grasping. When they contract out development, and they accept delivery from something. A week later, they either have support or it starts going bad and needs to be thrown out within a few months. You can't really buy software, or it's a really bad deal if you do, because a *perpetual license* is good for a week or two.

Patching is hard.

companies have a financial motivation to MITM their staff, because they might pay for the proxy's cost in saved bandwidth alone, and they could easily frame it as a compliance measure to avoid data exfiltration and that sort of thing. But doing that makes the entire network untrustworthy in many (most?) people's eyes.

The likely result: people use other channels with less surveillance because they don't trust the network. If I don't trust my employer's network, I'm going to Starbucks at the coffee break to do my banking (and my data exfiltration.) Employer loses employee productivity and visibility into traffic.

but that isn't the bad thing... If their web cache ever gets hacked... holy crap what kind of liability do you think there will be for intercepting EVERYONE's banking/medical/personal information, as well as ALL TRANSACTIONS of the company including all relevant secrets? The bad people can impersonate the corporation and/or any employee in any way whatever to whatever outside entity in a way that is undetectable to employees. And the company did it. The company made trust of their web cache, where I can't tell the difference between legit and compromised connections, a condition of employment. To me, if my employer puts in an MITM web-cache, and they get hacked, and someone drains my bank account, that company is liable.

I agree, they can't so don't use it for anything where such tampering is likely to be valuable. but satellite imagery, weather radar scans, public domain movies, if there is little value in tampering with it, and it is available from other sources anyways, then there is little harm. Also, you could have a secondary channel, which is SSL secured, and pass data checksums over that other channel, while keeping the data channel in the clear.

I've seen that implemented in one project.

yes... I want my bank impersonated by any random operator of a web cache. sounds peachy.

If you have a web site that has only public data and a very wide audience, then you want people downstream to be able to share downloading using proxy caches, which is good for everyone, the source servers and their networks, organizations where the data is popular save on bandwidth also. Labelling http as always bad is ... well villifying what in certain cases is the best option... well that sucks.

It's fine to prefer https when available, but there should be a way to say: this site really is intentionally https, and not have it flagged as having cooties.

If those cheap people are competent, then it should work out fine, and the sites should flourish. It sounds like they all died. why?

The thing about people in Jackboots is that they will be surveilled also. The key is always *who watches the watchers*, and I think the only solution is that everyone has the option of watching anyone. The guys with jackboots would be caught and punished. Besides, Jackboots are so 20th century. I expect something like Chinese social networking points style oppression in this century. The government will just assign you demerit points, and folks will be graded based on the company they keep, so you will get gradually ostracised by *right* thinking people. It will be awful, but it won't be sooo bad that people rise up en masse. Why get folks riled up?

I don't think saying *yeah people get stabbed a bit* will be an answer that will convince. There will always be those who believe in the perfectibility of man.

I wonder, if an AI was watching this guy's internet posts, could it have predicted the likely outcome, and been able to alert police, say, when he bought an airline ticket, to have them ask some questions? So is this an argument for big brother as a force for good? The alternative being we arm everyone to the teeth, and lose a couple of thousand a year to firearms accidents, and a likely increase in violent crime. Dunno, not liking my choices here.

not real thrilled with the choices, but given what it is... I think I prefer big brother... just sayin'

Begone then, leave the 'fucking orderly and boring' world then, move to Ethiopia or Afghanistan... lots of anarchy and excitement there.

in most countries criminals lie and accuse cops of all manner of misdeeds. Yeah, crooked happens, but anarchy and mob rule isn't the antidote, it's worse than the disease.

you're really sticking it to the man... that all powerful evil mastermind cop that had a 250k mortgage with his wife, he was really living high on the hog, all that privilege. Yeah... That guy's wife and their four kids DESERVED it! Vigilante B.S.

Cops aren't anonymous. Film the cop beating someone up, and he gets brought up on charges, and the law happens.

Well, that's not bile... that actually important speech, and if you speak up, you should be protected. There are whistleblower laws, Companies are often not free to punish people ( https://en.wikipedia.org/wiki/... ) legally, but if you remain anonymous, and they figure it out, they can find an excuse to fire you and get away scot-free. One of the things Snowden did was ensure that exchanges with journalists were gpg encrypted. That meant the source of the messages had the gpg key, because he didn't want someone else impersonating him. Now if you leak something *anonymously* and then someone impersonates you and leaks fake news that discredits you to the journalist, embarrasses them, or has them *meet* you and get ambushed... How far ahead are you?

If the scum can be anonymous, reprisals are cost-free. If you are wearing some updated version of google glass, and someone approaches you, they are videod, and id'd, and the database brings up the scum's real name, it raises the cost a bit.

but yeah... whistleblowers are good case for real anonymity, but that is a far narrower case, and it should be a special one, not the default that allows the casual cost-free reprisals we see today.

Threatening people is illegal, Swatting is illegal, and are usually done anonymously. It's way higher cost to do that if you must take responsibility for it. It should be far safer to speak up if others are held responsible for their speech.