Building more towers is not always possible and when it is, it is frequently not feasible.

You left off "at that profit level".

If Sprint refuses to build out their infrastructure then that is their issue. In other words, they are attempting to artificially limit a resource in order to maintain their choke point in order to maximize profits.

I guarantee that if a competitor started moving into their market and offering services for less, Sprint would suddenly find it very "feasible" to build out their infrastructure.

And that would be accurate if we were actually talking about a limited resource for free.

But we aren't.

You left out the part where the profit margin is flexible. The consumer costs will only rise because Sprint wants to keep the profit as high as it was. Bandwidth is NOT a limited resource in this case.

My problem with tying it to sales and marketing is that now I will be inundated with sales calls and emails.

And then they will sell my contact info to anyone who will pay for it.

So I have to go through the effort of registering ANOTHER fake email address with GMail prior to filling out the form.

Fuck, just look at how stupid Dice is making /. now. That always happens when sales and marketing interfere with technology.

It's not about the tool specifically, of course you need to skill yourself in whatever applications your field is going to use.

My take on that is that people expect the schools to teach them what they need to get a job AND THEN STOP LEARNING ANYTHING ELSE.

But schools should really be teaching you how to LEARN NEW THINGS.

Then you choose what to learn and you learn it.

If the answer is no, you don't know how to code javascript, you know how to use libraries.

And starting that way is okay. Ending that way is not okay.

Unless you are in one of the highly competitive schools, you'll probably only "learn" the basics of one tool. Maybe two. The classes are designed for the average person/student. YOU have to put in the effort beyond school.

Which is what really annoys me with the recent spate of "how much X should you know" crap articles here.

Know how to learn more AND learn more. Both in a wider variety of tools and a deeper understanding of how those tools work.

School will, at best, teach you to be minimally competent. It's up to you to do better.

Well that's great.

As long as your local library exists.

And is accessible when you need it.

And close enough for you to get to.

And has a working computer available for you in the time frame you have.

No. That's not so great. That sucks.

Think those IoT providers will pay more than lip service to ensuring their devices are not easy prey? Won't happen.

Won't happen because it cannot happen. There will be some manufacturers who go out of business. Where's the updates then?

Not to mention the manufacturers dropping support for older models EVEN IF THEY STILL WORK. Gotta buy a new fridge because the old one isn't updated any more.

Even if they do put the minimal effort in being better than "easy prey", how many times have we seen secret backdoors suddenly becoming public knowledge?

So anyone working there with any common sense at all should be interviewing NOW!.

If you aren't interviewing then you should be updating your certifications and such.

This isn't some kind of "oops we made a mistake" error. Upper management wants to replace you with cheaper options. Get out on your terms instead of their terms.

On the other hand, this should also provide you with a list of the sites where you should be changing your password.

Hopefully everyone will manage to do that before any of the hashes are cracked (if the crackers managed to get both the algorithm and salt).

I have different concerns with that article.

"Security is not a property of a technical system," she noted in her talk at the Hack in the Box conference in Amsterdam. "Security is the set of activities that reduce the likelihood of a set of adversaries successfully frustrating the goals of a set of users."

No. "Security" does not exist. You can be MORE secure than X or you can be LESS secure than X but you cannot achieve "security".

For me, being MORE secure means that fewer people can successfully attack you (or that the attack requires more of them to work together).

Saitta realized that a lot of what we know in the security world can't be effectively used if someone in the real world is targeted by a determined adversary.

No. That is getting back to the MORE secure or LESS secure. If the attacker has to drop armed forces onto your office building then you are MORE secure than if they exploited a 0-day on your web site.

We shouldn't work on assumptions or go by intuition - we should set aside our egos, and consult with the end users - learn about their goals and adversaries.

I'd say that 99.9+% of them have no idea who their adversaries are. Other than "that asshole Bob" or "the Chinese".

In the case of high-risk users, usable security is a must.

Is there ever a case where unusable security is a must?

As she vividly put it: if you're on a rooftop, trying to get a connection and successfully send out an encrypted message because your life or freedom - or that of others - depends on it, and you know that there are snipers waiting to take a shot at you - there is simply zero room for using a tool as complex as PGP.

Choose the right tool for the job AND LEARN HOW TO USE IT PRIOR TO THE EMERGENCY.

And if her example is, literally, snipers on the rooftops then whomever did the computer security did a fucking great job. This is an example of a win, not a failure.

https://en.wikipedia.org/wiki/Valerie_Plame

If there is a political point to be made, yeah, I'd expect them to name every single one of them.

They'd have nothing to lose and everything to gain.

Let me quote part of that RFC for you.

By default, generate a set of addresses from the same (randomized) interface identifier, one address for each prefix for which a global address has been generated via stateless address autoconfiguration.

Parsing that shouldn't be a problem for anyone with a CCNA or equivalent experience. But there are going to be problems when the average user is trying to set up his home router.

Fat fingers. ...and I don't think we should design the internet with the most basic web surfing home user in mind.

But that is where the most problems will be.

IPv6 will support everyones needs. IPv4 supports only the most trivial.

It is not whether it will support X or not. It is how much expertise it takes to get such support configured AND maintain the same level of security available with IPv4.

With a current home router and IPv4 + "NAT" the average home user can handle everything they know about today. Without having to learn anything new.

The IPs I'm leaving in web server logs are also throw-away addresses - read up RFC-4961.

You may be referencing the wrong RFC. That is more about port numbers than different IP addresses. The IP address of your machine should still be showing up in /.'s logs.

Without NAT, you're still hitting the stateful firewall and default deny rule at the edge of my network... Most home routers should default to this sort of behaviour.

Either that breaks most of the functionality of IPv6 or it entails a lot more effort and expertise on the part of the home user.

None of this crap with forwarding port 80 to one box and then... Oh, I need another web server... Hmm. 8080? Other random / arbitrarily selected ports? That sucks! It's broken.

So your hypothetical home user has a single IP address and runs multiple web servers. And you feel that "Most home routers" should default to supporting that?

The difference is, I can open up as many ports as I need with no limitations.

While I can manage as many ports AS I NEED without problems. Even with more than a 1,000 users at a single site.

Which is why IPv6 has been so slow to be implemented. You either lose the benefits in order to get the same level of security you had with IPv4 or you lose that level of security for features that the average person is not demanding today.

My home subnet is 2610:1e8:800:101::/64. Go ahead and tell me how many machines are in there...

Somewhere between 0 and approximately 18,446,744,073,709,551.

But, as always, the issue isn't hiding and hoping that no one finds you. The issue is how do you protect your systems and networks from people who (in the worst case scenario) already know what your IP address is?

With NAT they are attacking a single firewall.

With having all of your systems directly accessible to the Internet, the crackers can attack any and all of them.

Getting your IP address can be as simple as putting up a web server with some stupid content and having /. link to it.

... are just ornamental and serve no other purpose?

You added the "and serve no other purpose" onto the original statement:

Nothing except the ornamental bits.

Everything you listed DOES serve another purpose.

BUT none of them affect the operation of the weapon. I spent 7 years in the Army and I can shoot a weapon with a carrying handle as effectively as one without a carrying handle.

If you perform enough miracles enough times when THEIR decisions have caused (predictable) problems they will start to believe that THEY are the ones performing miracles.

At which point the problems will pile on.

Be ready to leave before that point. If there are certifications, collect them and keep them current.

Try to interview at least once every quarter. Even if you do not intend to leave your job.