Forget programming. Sit down with him and make a few board and card games.
Too many game designers these days look at the technology and the graphics and the monetarization and all the other crap and forget that first and foremost, there needs to be a game.
When you limit yourself to the bare essentials, you see the game for what it is, and learn to make games by focussing on what makes a game.
Cable between the street and the house might have be redone.
Yes. But the cable doesn't connect to the street, that's just how we say it. It connects to that grey box on the corner, which means after the garden it runs underneath the street and/or sidewalk for typically a few hundred meters.
What is more, the cabling between the house and the street might be owned by the home owner.
Can't say for other countries, in my country almost never.
We could set up a junction box at the street that links into the home's network./quote
We not only could, this is what we do right now. But those boxes serve an entire block, not one house. Theoretically we could change the whole network layout and install such a box at the edge of every property and terminate there, but there are reasons why the system is the way it is, and changing it would require changes in the system, maybe even a partial redesign of the local loop.
Your experience has clearly made myopic and unable to think creatively about the issue.
Of course. If you disagree with someone, it must be that the someone is an idiot. It's not possible that maybe you are wrong.
There's no point having a discussion on this level. People who have arguments don't need to use personal insults.
Like you, I want the facts. I have seen no facts that implicate the DPRK over the people who claimed responsibility initially (GOP). Wired had an article on it two days ago when the first stories started to attempt to pin the hack on the DPRK which has been ignored by all US and UK media. Not only have all US media outlets jumped on the "it was those dirty North Koreans" bandwagon, but the BBC has become complicit in this as well.
I fairness, I was able to do some digging to find more information on the BBC that I could not in US media. Let me go through the evidence. and comment on each after that.
Before doing so, let me explain something critical. In order to teach hacking, a person has to have access to the internet. This is a huge dilemma for the DPRK who has to risk any Internet access with the knowledge that the person with access _WILL_ see information damaging to their loyalty to the DPRK. There are no computer cafe's in North Korea where guys can go learn to hack to make a couple extra bucks, in fact unless you have explicit Government approval you can not have a computer. Even if you are a "tourist" you must have permission and you will not be able to take your laptop wherever you wish.
This means that the only hacking that could come from the DPRK is Government sponsored, and the amount of hackers they have would be tiny. They don't have the money for "new" or unique equipment either, so any computer hardware they have is going to be 2nd hand junk that China no longer wants. What the Military has for hacking tools would be 2nd hand script kiddie tools or, provided by China.
Not only does an extraordinary claim require extraordinary proof, but in this case US Politicians have lied so often I don't trust a damn thing I'm told any longer. Our "media" follows the scripts they are handed just like the politicians, and I don't trust them either. So here is the claim summary.
First, the FBI says its analysis spotted distinct similarities between the type of malware used in the Sony Pictures hack and code used in an attack on South Korea last year.
So we turn to another, better clue: IP addresses - known to be part of "North Korean infrastructure" - formed part of the malware too. This suggests the attack may have been controlled by people who have acted for North Korea in the past.
That's it folks, that is all we have. The "Hacks" last year (actually since 2009) which were never tracked to the DPRK are the first reason they believe this hack was. Wow, that's quite a leap in logic. DarkSeoul is still anonymous and there is no evidence that links them to North Korea. Lots of claims that China is training and letting the DPRK use their resources, but no evidence that the group is even operating out of China. Finally we have IP addresses, which any Script kiddie knows to spoof with someone's IP address you hate! I'm positive that the FBI can not be that goddamn dumb, they have to realize IPs can be spoofed too!
Ok, time to get off my soap box...
No, not exaggerating, she codes, she sketches, she does a ton of stuff that should be done by people who specialise in it.
How about I prove you wrong in such an embarrassing way that you will have to eat your words? I have that account because at some point I bought Rogers Internet service, and email was part of what I was buying in the package. Eventually Rogers outsourced their email to Yahoo!, so I have an email account that is paid for and that I never imagined would be handled by Yahoo! I am actually a paying customer, you dumb shit.
You do have to cut them a little slack, here. If we were talking about a coal mining company or something and terabytes of data going out the door would be pretty unusual, and SEIM systems would be trained to flag that sort of thing.
This is Sony Pictures, though, terabytes probably go out the door all the time. I mean that might be less than a few hours of uncompressed video going to a contractor for post processing or something.
No my bigger question having done this kind of thing for a living now for some time is why would a basically purely IP organization not have effective controls in place, to know what kind of data is going out the door and to put a hard stop to it the moment something that should not be there is spotted.
Ok you can't maybe do that with the aforementioned video data, but you certainly can watch for byte patterns that look like address, SS numbers, e-mails in usually great quantity etc on the wire.
You certainly do not allow anything encrypted to go out unless you MITM it. Could an attacker do something like slap some mpeg headers on top a big encrypted data stream? probably, but they'd have to know to do it.
If my entire world was IP like Sony Pictures id probably take it a few steps further make sure my firewall devices knew the common container formats for various media types and continued to make sure sync bytes and frame markers occur where they ought to, anytime more than a hanful of megabytes of something I can't recognize flowed it would alert and some form the CERT team would pick up the phone a call whoever it was associated with that source IP. No attribution shut it down, no explanation shut it down.
The hardware and software to do this is commercially available, more or less off the shelf and has been for at least five or seven years now.
There is no safe solution for nuclear waste, and until we have something it can't be the _only_ replacement for coal. Arguing "only nuclear" when viable alternative sources are able to supplement the system to reduce the dangers of waste exist is pretty foolish in my opinion.
Consider where your 40 years of advocacy has gone so far with such a limited view, and expect that to continue. In other words, my opinion is not unique.
No hack would ever result in that kind of control
Disagree.
Lets face it the reality is lots and lots of BIG companies use things like Active Directory. Lots of this BIG companies might even have only a tiny handful of Enterprise Admins, who may even be very good at what they do. Chances are they have centralized and integrated the authentication against AD. Its not uncommon for Network infrastructure administrative interfaces to use an authentication gateway like say NPS (RAIDUS for AD).
So if you could get that Enterprise Admin access, well it might be a house cards from there. Given the recently published MS14-068 it might not even be that hard: https://www.trustedsec.com/dec...
So if you can get your foot in the door, however you do it just grabbing some tools off git hub and few blogs can get you near total ownage without having to do much of anything in the way of exploit development on your own. Consider this vuln was an off cycle patch put out in November, think there ~4 weeks on there are some big orgs that have lead times to get Windows patches applied to DCs longer than that? I would bet so, think an org like Sony stands a chance against a vuln like that when its an unpublished zero day? So get any access to the network at all, brute force one password for basically any user account crack a hash sniffed off the wire etc, and boom your a member of any windows groups you want!
Frankly I would not be surprised given the timing if MS14-068 was involved in the breach and I would not be surprised to hear of other major compromises thru leveraging it.
I did not give them a back door either. I you can check the thumbprints of the certs are not changing or not trust any third party CA's if that what YOU want to do under my scheme. For most folks that won't be practical, we will want to be able to call people and organizations we have never been in a position with to safely exchange keys; so just like on the web we will have to trust some third parties.
By making it easy to exchange certs directly with people you do meet in person you remove the CA chain from that point on and encourage the system in a way third parties can't compromise unless the cryptography is eventually broken. Nobody not a LEA or anyone else than has the capability to MITM calls between your devices from that point, provided they don't hack your phone somehow and change your settings modify your cert store etc.
My acceptable compromise isn't really with the LEAs but more with reality. You can't very well use a third parties network without them being able to identify the end points, TOR even if it was untraceable and its not would not be practical for a wireless voice network. My proposal has the benefit of being possible to implement with out replacing the existing cellular and telephone network infrastructure. You just need handsets that no how to negotiate with each other. In that sense its plausable that it could actually get off the ground because as we all know expecting AT&T or VZW to do anything ever without first bending over for the spooks is a non starter.
So AC and Mods who marked my post flamebate for some reason let me ask you?
[1] Do you have a better technical solution?
[2] Does your solution work without requiring the carriers to spend billions radically altering/upgrading their infrastructure
[3] Can your proposal somehow conceal which endpoints calls are between?
[4] Can your proposal somehow conceal the duration of the call, beyond padding it out for some additional period?
[5] Can your solution easily inter-operate on with existing endpoints?
Not at all? Why would it?
I think it's great that we work to fix things that we understand and have clear, quantifiable paths forward.
My objection to "climate change" isn't what you seem to believe.
My objection is that it seems to have sucked all the air out of the room for the public to pursue real, tangible, projects that can materially improve life - mostly for the billions on this planet that live in squalor.
But hey, you keep paying indulgences for your sins, er, I mean 'carbon credits' (and that $ goes where, exactly, once it's done salving your conscience?) to make yourself feel like you're "doing something".
If you want to put yourself on the map, publish your own map.
