We also have a (general, not universal) willingness to let the market squabble it out for an extended period of time, rather than give a good hard shove in the direction of some implementation. This tendency may be abetted by the fact that early adoption creates incumbents who have a vested interest in stalling as long as possible to milk their legacy investments and first-mover advantage, as in our wonderful market for ISPs.

With the payment card industry, you have a lot of people(all clambering to grab as much of the cut for themselves as they can, and shove as much of the risk onto others as they can) with competing agendas and a desire to have their pet proprietary system gain a foothold so they can extract tolls with it(eg. the incidents where some retailers with functioning NFC POS systems were deliberately disabling them because Apple Pay was a competitor to their 'CurrenC' system, and the ongoing spat between Google and the carrier-backed payment scheme formerly known as ISIS before that became a toxic brand). Nobody actually believes that "USA IS #1!!! Mag stripes RULE!"; but between everyone wanting to control the customer data and processing fees and banks, merchants, and payment processors fighting over risk allocation, it's a bit of a clusterfuck.

Compare to say, the DoD's CAC rollout: CACs still aren't what you'd call a joy to configure(especially on OSX, or in Citrix environments, or other oddball use cases); but the DoD decided that it wanted everyone using smartcards for cryptographic authentication, said that that was how it was going to be, and it was so (relatively) quickly and smoothly.

Opinions vary on how often we dodge a bullet, or get the benefit of something new and innovative, thanks to there being no mandate in place vs. how often we suffer pointless bullshit for an agonizingly long period of time(eg. the less-than-totally-compatible US cellular market); but the fact that we tend not to mandate an end to such fights all that often, or all that quickly, is simply a fact. Even when we do mandate something, it's often a de-facto 'national' mandate created because California, or another large state, demands something and it's cheaper to sell California-spec everywhere than it is to have two SKUs.

Depending on how motivated the thieves are, it may be more cost effective to have some shock-sensitive dye capsules embedded. Since they'd only be breached in the event of an attack(or really serious damage to the ATM from other sources) they could last the life of the machine and be entirely passive. If you were feeling particularly motivated, it would cost only a modest amount extra to get an ink with a unique tagging agent, per ATM, so that marked bills could be traced directly back to a specific attack.

If a lot of ATMs are being blown up, or attackers are unconcerned by dyed bills(maybe because of literal laundering, maybe there are people who don't care?), then active defensive measures are more likely to save enough hardware to be worth the cost. If not, a passive capsule or capsules fragile enough to break during an explosion are simple, low-maintenance, and a fair deterrent.

Pretty much all embedded devices smart enough to support TCP/IP, as well. I'm pretty sure that my router is currently the most 'IoT' device in my house, though also the least conceptually novel.

There are some honestly interesting, tricky, and (at least partially) novel problems in 'IoT'. Making devices that are networked, can talk to each other, and actually do something useful with that ability is a real challenge. Even more so if you want compatibility between multiple vendors, support for use cases the vendor didn't more or less build for you(ideally without requiring that the user be a software engineer), or some semblance of assurance that there aren't a zillion security and privacy issues, innumerable covert channels, and other disasters.

My apathy is mostly derived from the fact that most 'IoT' doesn't actually seem to be doing much of that. Plenty of stuff that lets you use the internet as a very long serial cable to connect to its config interface(which is fine, the internet is a great way, if secured, of very, very, cheaply connecting from arbitrary distance; but brutally non-novel), some walled-garden 'ecosystems' that support very limited interaction of devices between two vendors who have explicitly agreed to cooperate and updated their products to make that possible; but otherwise it's mostly the same old IP-capable firmwares that devices expensive enough to have the capability have used for at least something like two decades. Useful; but not terribly new, and often implemented so badly as to be a liability.

It's honestly a trifle disheartening. While arguably in need of some serious maintenance(especially the 'security' of the earlier versions), SNMP is arguably closer to an 'IoT' design(pretty much just add the ability for devices to advertise their MIBs to other devices on the network, rather than having the admin hunt them down and load them, and you are closer to being ready than most actual products are). That isn't really a flattering thing.

SNMP is quite useful; but it is a bit crufty and conceptually ancient. The fact that everyone's shiny, new, 'IoT' things, with their markedly-more-capable-and-way-cheaper embedded hardware typically can't advertise their capabilities and manipulate one another in some vaguely sane way at the same level as some seriously old hardware is not terribly impressive.

Even if the actual implementation is some XML-soup-and-'cloud'-bullshit horror, conceptual parity or superiority would be nice to see.

Because a drone can autonomously delivery a brick of C4 to within a meter of where you want it to go on your first try. And you can be miles away while it does that. "Miles away" is also handy if you're using it to deliver an aerosoled nerve agent or some bio-nasty substance over, say, a presidential press conference in the Rose Garden, or a speech on the steps of the Capital.

No, this is them annoying some of their customers (people who want to fly illegally in the DC no-fly zone) in an attempt to preempt knee-jerk over compensating by federal authorities. The feds would rather just ban the devices entirely, period.

In the Washington DC area, flights of any kind are and have been for many years very severely controlled. The DC Flight Restriction Zone (the "DC FRZ") is a 30-mile-wide circle in side of which it is illegal to fly any sort of remote control device of any kind at any altitude. So, yes, it sucks to be in the suburbs, seemingly a long way away from the sensitive downtown areas that include the White House, the Capital, Reagan Airport, the CIA campus, and all of those other high-profile places and people ... but, too bad! Federal offense with stiff fines and possible jail time if you're caught. That includes kids with $20 bought-it-at-the-mall 6" pink plastic helicopters playing around in their back yard. Yes, it's ridiculous. On the other hand, it's a rare week when a trio of big helicopters doing runs like the one between the White House and Camp David don't go thundering over the tree tops of suburban Maryland. You can hear them coming quite a ways out, and if you were prepared, you could easily have a modest quadcopter or more substantial hexa up to over 1000' feet and be at the same altitiude as (or above) Marine One by the time it and its decoy siblings flew directly over your house on the way to a routine presidential golf outing. That's the sort of thing that has had the DoD, Secret Service, HSA, and FAA all uptight. Mind you, a person flying a more or less radar-invisible foam and plastic RC plane could have done that many years ago, too.

And so we have a 700 square mile area where flying a 3-pound DJI quadcopter is very, very illegal, and has been for years. That DJI is updating their GPS-aware flight control firmware to make it impossible to fly their devices in that area is a sign that they don't want their products to be simply banned outright. We are not at the sweet spot of rational rules and implementation on this one, not even close. And of course someone with true mal intent isn't going to be bothered by the rules or the firmware limitations anyway.

I suspect that the mania will be tempered by the fact that it will be fairly easy to classify all sorts of projects, that you were already doing, as "IoT" if you wish to seem super cutting edge and so on without actually making any changes.

There's a vague sort of notion about what "IoT" is supposed to be, cobbled together from some mixture of analogies to SCADA and industrial control systems and science fiction; but it is broad and ill formed enough that all sorts of things that can connect to a network in some way, and any and all software associated with them, can be covered without stretching the truth too hard.

Plus, until the various squabbling factions decide how to actually make the 'things' interact usefully with each other(the current preference seems to be 'appoint either Google or Apple as Feudal Oligarch', with 'don't even bother, everything you buy will have its own terrible app!' as the runner up), the 'internet' bit is really just being used as a convenient remote access to the control panel(and for monetizing users, of course), which is much less hairy and challenging than actual interactions among things in some conveniently configurable and/or emergent-without-being-pathological way.

Any guesses about how many existing 'embedded system that connects to the internet in some fashion' projects were dubbed 'internet of things' in order to bring this new buzzphrase to prominence?

Yeah, yeah, I know, at some point the scale and pervasiveness of embedded connectivity may reach a point where it is different in kind, not just degree, from past use; but I submit that we aren't there yet by a nontrivial margin. For the moment, "IOT" seems to mean 'has a terrible smartphone app' or 'last model, you connected to the serial port to configure the system; when we revised the hardware it turned out that adding ethernet would be cheap and lots of customers wanted it, so we added it.'

I agree that an update to 802.11 would be nice, unauthenticated management frames are a potentially nasty issue; but the rest of the argument is nuts.

All sorts of crimes can be committed by means of a speech act(indeed, many crimes are hard to commit without some means of communicating, fraud, extortion, ransoming hostages, etc.); but that doesn't give them constitutional protection, any more than the argument that your god demands blood sacrifice would provide protection against murder charges.

This is classic Locke stuff: a restriction aimed at restraining speech is illegitimate and illegal; but that does not imply that the mere use of speech to commit a given act necessarily covers that act under the protections given to speech. Same with religions. Restrictions targeted at a given exercise of religion are unacceptable; but this does not protect someone who breaks a law established for suitable unrelated reasons.

There's also the (only partially related) matter that 'radio interference' need not always imply "really loud white noise or other stochastic garbage at the appropriate frequency". That's often the easiest way, and for relatively primitive radio systems that have very few features to exploit it may be the best one; but if RF emissions specifically tailored to cause a radio system to fail aren't 'radio interference', what exactly is? Higher level attacks offer substantial advantages in power requirements, precision targeting, resistance to noise-mitigation mechanisms, and so on; but just because they aren't pure noise doesn't make them not interference.

That seems like a fairly slim bit of legal weasel-wording given that nowhere is "your airspace" in the slices of spectrum that wifi uses. I would certainly agree that 'containment' should only be performed in 'your airspace'; but there is no such space.

In private buildings that don't offer guest services or otherwise accommodate outsiders, you can certainly disconnect anything you don't approve of from the wired LAN, and ask anyone operating a hotspot to leave or be removed for trespassing; but the notion that you enjoy preferential rights to that spectrum by virtue of owning the building is simply unsupported.

The fact is, we have no need for building this tall. If the Arab world didn't have more money from oil than they know what to do with, they'd never spend the money on such a project in the first place.

Many of our current skyscrapers have problems with unoccupied rooms/floors, as it is. You can try to recoup money on tourism - but that only makes so much sense. The higher the building, the more you've got invested in heating and cooling, electricity, maintenance, etc. etc. -- just to get the same tourist dollars the "other guy" used to get with his tall building that USED to be the "tallest one" before you beat him.

Carbon fiber technology is worth pursuing, so sure - this has some engineering and scientific interest. But realistically, no ... We've got plenty of space on this planet for people without resorting to these measures.

I happen to be one of the people who admires many of Jobs' business decisions and ideas. But he was also known to "overshoot" reality at times, with expectations that went beyond what was reasonable.

I think he was desperately looking for solutions for a "post PC" world, where people would give up traditional computers, in exchange for a superior device. (After all, in the sci-fi "Star Trek" universe, nobody was carrying around a laptop computer, right? The computer was just built in to the environment so you could speak commands to it.)

I really like my iPad, especially since I started taking the train to and from work each day in a 1 hour long commute. It's the ideal device to read the news on, check email, waste time on Facebook, play a casual game or two on, etc. But it's really just a convenience item in the modern world. It's never been anything much more than a big version of Apple's smartphone, without the cellular voice call features.

Indeed they can. Unfortunately they decided to let the people responsible for ACPI actually follow through on that, and then decided that it would make a good bootloader.

What I find most baffling about the whole affair is how something that one would ordinarily think of as a fairly overtly malicious exploit, spoofing the appropriate management frames to break a network you don't have authenticated access to the configuration interface for, became a 'respectable' tool for 'management', even included out of the box in fancy commercial products from vendors with risk averse legal teams and so on.

This seems like the place where somebody who has been dealing with enterprise wireless gear long enough to have observed the change might be found. Did this 'feature' cross over from what was initially a proof of concept by a security researcher? Was it recognized as a possibility before the standards had even been hammered out and was available from day one? Do we know what vendor adopted it first? Were there any who specifically didn't offer it for legal, rather than technical, reasons?

At this point, it is certainly the case that at least some wireless management consoles adopt a very...possessive...tone, detecting 'rogue' APs, despite those APs being no more or less legitimate than any others, in terms of spectrum use, and offering 'containment' or various similarly clinical euphemisms for dealing with them. How, historically, did it come to be that this nasty DoS trick went all legitimate, even as generalized hacker hysteria can get you a stiff dose of CFAA charges for almost anything that involves a CLI and confuses the DA?

I'd love to have my hands on all the versions of various vendors' wireless management and administration packages, to see how this feature evolved over time. I can certainly see its appeal; but I find it hard to believe that nobody had serious doubts about its legality from time to time.

Less likely. The FCC is pretty clearly within their powers in saying that you aren't allowed to intentionally interfere with other people's Part 15 devices by using your own to generate disruptive RF.

There is no obvious coverage for forbidding the sale of devices having a Part 15 radio component; but lacking a software configuration for providing network access to other devices with that device. They might be able to shove it into the conditions of a spectrum auction, and make it binding on the buyer; but it's more of an FTC problem.