Don't trivialize this by ignoring the true nature of the breach.

This is more like obtaining an exclusive unlisted client list detailing who exactly is doing business with a given organization. The phone book doesn't provide that connection - knowing names, addresses and phone numbers doesn't tell you which crucial and vulnerable businesses are associated with a household. Obtaining the same information from a business of interest is a different story entirely. Metadata is crucially important.

Well, that's hardly comforting. So even spending an ENORMOUS amount of money on IT and security can't prevent your system from being breached in a big and spectacular way? Then either that enormous amount of money was spent poorly, or that information should not have been exposed to the internet in the first place until it was properly secured. They were breached, in a big way. So their systems were exactly as weak as I think, enormous expenditure aside. I fail to see your point. "They tried REALLY hard" doesn't count for beans if they don't succeed.

I find this interesting because it shows both the usefullness but ultimate inadequacy of security through obscurity. Had the hackers been unable to obtain this information, the implication is that the breach would not have happened, or at least not happened as soon. Without the ability to create a road map, they would have had to take the less efficient approach of randomly guessing and probing with the hope that something worked. So keeping that list of applications and programs a secret has some value.

On the other hand, it underscores the importance of the point that people have been making about security through obscurity for decades: it's very weak security, and once that layer of the security onion is breached, there had better be stronger security layers underneath. Like patched and updated programs and web applications that close known vulnerabilities. I'm guessing that didn't happen, because the JP Morgan Chase management has probably acted like many other management teams I've had the "pleasure" of working with - they placed higher value on the secrecy than actually fixing stuff, because the former costs less, and it kind of works until it doesn't (and then that policy fails in a big way).

I sincerely hope that these breaches light a fire under the asses of lax management at these large companies and they realize that spending the time and resources to *really* secure their systems is worth it in the long run.

And then I laugh sadly, because that's wishful thinking.

Yep. I've done that too. And that's kind of the point. The benefit of the unlimited plan isn't about the constant baseline level of usage - it's more about when you need more data than normal. If you don't approach the capped limit, Verizon comes out ahead because you used "less" than your alotted limit (if you were capped). but when you exceed the capped limit under the new plans, you pay dearly, because you likely don't just go over a little bit, you go over a lot for the time when you are solely relying on that 4G data stream. And you probably really need it, so there isn't the option of just not using your 4G connection.

I personally find the concept of data caps problematic because unless you consistently exceed them, you can't really be considered to be "abusing" the network when your usage spikes on occasion.

So why the big focus on data caps? Probably because they know that data usage is only going to go up, so what used to be excessive data usage becomes the new normal. And then your risk of exceeding the data cap becomes even greater, and the framework is in place to catch you doing so in order to extract the requisite fees.

One thing I've never heard is the data caps being raised as a function of the average use across the entire customer base so that overages continue to represent spikes of excessive use rather than just evolving with the increase in streaming everything. As more people stream, the idea of what constitutes excessive use should increase.

Stupid analogy, that.

The second half of the commentary in the summary is a bit easier to digest. Yes, it all boils down to math. The key is, Verizon has probably calculated how the math will benefit them in the long run, and customers effectively can't, so the game is rigged from the start.

Let's give an example. Verizon bases their "limited" usage caps based on the average usage of their aggregate customer base (plus a little wiggle room, I guess). So on average, the data usage of a given customer won't go over the limit. However, the usage of a particular customer might exceed the cap at particular times. Travel/vacation time is a good time for this. You use more data while running the GPS-based turn-by-turn navigation while driving to your destination. Once there, you want some entertainment during the evenings, but you're not at home where you can use your home-based internet via wi-fi, so you stream some Netflix via 4G. Since your phone can output 1080p via HDMI, you use that cable you bought to plug into the HDMI port of the television at the place you are staying. Depending on the length of your stay, that's a significant spike in your data usage.

Under the unlimited plan, you either get throttled at some point (but now you don't) or you just don't notice the fact that you wandered above the average usage for the week or two you were traveling, because unlimited. Under capped, metered data plans, you are subject to overage fees based on a cap that has been fine tuned to be just above the threshold of "normal" usage, so your bill is higher. It may be only for those few weeks, so easy to absorb, but add that up across the entire customer base and Verizon has made more money than they would have with the unlimited data plans in place.

*That* is what it's all about. So unless you absolutely have to, you might as well stick to your grandfathered unlimited plan, because once you give it up, you will be fleeced, even if just a little bit.

Mod parent up. /. needs to support SSL yesterday.

True that. Can't argue with you, Mark[something].

Clearly it didn't take you 10000 hours to learn how to dash off a snarky rebuttal with no detail or supporting evidence.

Bravo to you sir - you are a Slashdot commentor! The sky's the limit for you!

I have a wife who is a board member for the local hospice, so I get to accompany her to a lot of functions. Many of the board members are approaching or have passed the age of 70 and still seem to be going strong. Note I said "board members" - those who are managing the entire affair (quite effectively from what I can gather), not those in need of care. Your friend may have experienced some selection bias because of his work. That doesn't mean his observations apply to everyone. In fact I'm sure they don't.

You lost me when you assigned an arbitrary number as your cutoff rather than defining the cutoff on reasonably definable measures of physical and mental health. I exercise, eat healthy, avoid smoking and drugs etc. because these activities provide *measurable* benefits to my health based on measurements made by my doctor. Not to mention that I feel better.

Does the fact that I do things that measurably improve my health and prolong my life as long as possible mean I am "obsessed"? Does "I don't smoke, overeat, take drugs or engage in dangerous life-threatening activities (extreme sports, for example)" mean I am obsessed? I find it completely rational, and my insurance company sure loves it because I'm a low risk according to their actuarial tables. Because science.

If I take your advice, I should just sit around and passively wait to die after reaching a certain age rather than doing things that measurably increase my ability to be "vibrant and engaged". Sorry, but no thanks. Save me a place when I get to the Pearly Gates - I might be a little late to the party. And when I get there, we're going to blow the roof off of that sucker.

Feh. Those things you mention (the original authors, the development team, the community, website and other resources) aren't guaranteed regardless of how badly one would like them to persist. The source and the freedom to do something with it are what the licence grants. Everything else is gravy. Without the source the virtual ecosystem is useless; with the source one person can continue the project, even if only for personal use. The virtual ecosystem can be recreated by anyone who wants badly enough to continue developing the software, just like it was the first time. So it is really just about the source.

I haven't read all of the posts since the original story hit the front page, so I may be touching on something that's already been discussed, but ...

I don't understand how this is different from people just being unaware of their surroundings. I have been to many places in the last 20 years where people will just stop right in the middle of the sidewalk/thoroughfare/pathway to have a conversation or family dispute. The concept of stepping to the side out of the way so that the other 1000 people who aren't having a family issue doesn't seem to occur to them. Cell phones? Just the latest distraction. Oblivious people are forever.

I'll second this - currently running OpenWRT flashed on to a TP-Link WDR-4300. It replaced a very old beige-box PC running IPCop and has been doing very well for the past year.

Not quite (though maybe that's more common now than a decade ago). If the work is already done, you can be sure it's being prepared for publication, since published work is even more valuable than grant money (because it gets you more, possibly bigger grants, plus tenure). What usually goes into a typical grant proposal are the obvious next steps following up on recently published work (used to illustrate why awarding the grant money is a good risk). Work that hasn't been done yet, but is likely to be successfully completed by a typical grad student. Then there are the more speculative "stretch goals" which are less certain, but probably the most fun if things work out. And by the time the next grant deadline rolls around, the scientist can describe how well that worked (to justify the next speculative leap) or how it didn't quite work out, but how this alternate theory ('based on what we have since learned') will likely yield good results (ie. the "new" obvious follow-on steps to the previous work).

Smart scientists generally have several somewhat boring but steady grants running (often funded by the government and possibly with eventual military applications) to keep the lights on, and use a little bit of that funding to support the more speculative, but more fun work.

Maybe long-term Kickstarter success will involve a similar strategy: get funding for less exciting but predictably do-able games that are turned out on schedule while diverting some time to work on getting a working prototype produced for the revolutionary game that was the real goal all along.

Nope. This is a varied community, so people here believe lots of things, but probably not as many believe this simplistic view as you think.

FLOSS applications have the *potential* to be more secure than proprietary/closed source. They also have the potential to become more secure over time if the community/contributors have more resources available to fix security problems than a proprietary vendor. Most importantly, FLOSS applications can be scanned by anyone for bugs and security problems, and fixed by anyone. Those activities are limited for proprietary code to those who have access to it and allowed (by privilege or managerial decree) to fix it or even publicise that there's a problem in the first place.

Depending on the situation (skillset of the development team, size of the team, interest in maintaining and fixing the code), this can either lead to a particular piece of FLOSS or proprietary code being more secure. *In general*, it seems that FLOSS code tends to be more secure because greater resources can be brought to bear, particularly over time as proprietary vendors stop supporting code for older products and move their teams on to something new (gotta keep paying the bills). In some cases that doesn't hold true and proprietary code is more secure.