= = = I strongly suspect it's the most-widely-travelled wheeled vehicle on earth actually :) = = =

I believe Rolls Royce has some demo vehicles that have been on the road since the aughts (the 19-aughts that is, not the 20-aughts) and have visited more countries than all US Presidents combined ;-)

sPh

Right, because who needs to pass a law requiring a gun registry when we can just ask the NSA for a list on demand?

Oh, wait, maybe this is a BAD thing.

You gun nutjobs would probably be a lot more successful at making your case if you could string together at least 140 characters that make sense. Right now, people like you are actively keeping the phrase "gun nutjob" alive, and you're turning off people like me who actually support your position. I know it's asking a lot of someone with a room temperature IQ, but could you at least try to think before you click "post"?

Even the adherents of the basic principles themselves seem to stop short of explaining why they work. "Here, this is duplicate code. You should follow the DRY principle and get rid of it." "Why?" "Because it's a principle."

They should let the new kid do some sink-or-swim maintenance on code that doesn't follow the principles. You want to learn about DRY, try changing one branch of duplicated code without realizing there was a cut-and-paste copy elsewhere in the code base. Now you've gone from a solid bug to an intermittent bug, and your clients are still yelling at you. Thus beginneth the lesson.

They're certainly not "worth nothing." They're worth whatever a vulture capitalist is willing to fund, or whatever an IPO will bring in. Those people still have the ability to turn punching purple monkeys into a pile of quick cash. The few technologists who time their insider stock-option trades correctly will get rich, but almost everyone else will get pink slips and a hard slap of reality.

Everybody out there imagines they'll be the one who lucks into a lucrative stock market trade, just as every gold miner imagines he'll be the one to strike the motherlode. I wish them all luck, but that's all I'll give them. I'm still not dropping $0.99 on a fart app.

The private utility companies would likely be in the best position. They already have security teams, they have upgrade paths, and they have incentive.

The city run utilities would be in the worst position. They typically engage an engineering company for a project to oversee the installation of systems, and train a few city workers to do basic monitoring and maintenance. Twenty years later the city still "owns and operates" the system, but they do not have anyone who understands it. Even if they recognize the need to patch it, their skint budgets are determined years in advance by city council members who are under pressure to fix the potholes, keep the police on the streets, and rein in taxes and spending. There is no budget this year or the next for overhauling the water systems infrastructure. These systems are a long way from being patched.

It could easily take several years to fix every system that needs fixing, even amidst the panic a world-wide hacking spree would induce. During those years, unpatched infrastructure installations around the globe would be hacked, with very negative consequences.

Why should he hold back from publishing? You doubted three specific claims:

People already have carried out technological sabotage on various infrastructure elements. These are generally not publicized because there is negative value in making this information public -- creating panic without a solution is the desire of the attacker. Some information about these attacks is shared in industry appropriate discussions, but these are not public forums, and participants are invited only on a need-to-know basis. There are real attacks on automation systems today, and there are dedicated, well-funded organizations backing these attackers.

With the nature of automation, an attacker does not need to know that "Manhattan Pumping Station #12" at 127.0.0.1 has a login page susceptible to buffer overflow of exactly 1028 bytes. All they have to do is try a 1028 byte overflow on every SCADA system they find, and maybe a few dozen or a few thousand are similarly unprotected. Even if Manhattan's pumping station fixes their login problem, that doesn't help protect the water pumping systems in Peoria, Illinois, or Nome, Alaska. It's important to remember that a terrorist doesn't have to "call his shots" in advance in order to achieve his objectives of spreading fear or panic.

A honeypot is completely ineffective at determining the identity of an attacker. Sounding an alarm that an attacker is present simply means the attacker will disconnect, and move on to the next potential target. A honeypot is only useful for studying the moves of an attacker, and of potentially diverting them away from your own valuable systems. It can't catch them.

I'm actually not disagreeing with you that we need sunshine in order to fix the problems. The bigger problem is that we have a huge, non-centralized infrastructure that can't be fixed all at once. If Nome, Alaska's pumping station is vulnerable, Nome, Alaska is solely responsible for fixing it. There is nothing about owning such a system that means the owners are up to date on all security issues or patches needed. We may think they should be, but it's academic: they're not patched, they are vulnerable, and the cost of publishing the vulnerabilities could mean the destruction of critical infrastructure.

Industry, government, and law enforcement groups have been trying to solve this problem for quite a while, but they're simply not there yet.

I think Wikipedia falls along the path that many potential buyers take. Wiki articles are usually very highly ranked by search engines, and tend to float near the top of results. When people start researching an upcoming purchase, many look at Wikipedia as a less-biased source of information. (Like you, I tend to think that people who read Wikipedia articles for such information are also somewhat more adept at spotting marketing materials, and are slightly less likely to be duped by them.)

These articles may not have specific products featured (although many do), but they can certainly steer the consumer in the direction that best aligns with their business, and that may or may not be in the best interests of the reader.

I think they have intelligent people. What they're looking for is some outside perspective.

When you've been staring at your own solution for years and years, it's good to have someone make you question it once in a while. They will no doubt get plenty of rookie and novice suggestions, the easy stuff they've long ago solved. They may even get some of the suggestions that took them a long time to understand and develop. What they're hoping for is something completely different. Maybe some grad student working on a new form of video compression will spot similarities that can be applied. Who knows?

Unfortunate when the thieves cut your hand off to get the phone though.

sPh

The Courts are supposed to weigh cases based on the facts and arguments presented, and not so much on their own personal experiences. As a matter of fact if a member of the court is too closely involved in a case, they're supposed to recuse themselves. Therefore one does not need to use email to listen to arguments involving email.

At least that's the theory. Of course personal experiences and biases do enter into their decision making, but the rulings are to be made on the case before the court.

Of course the function of the courts are completely distinct from the function of a trade negotiator. A negotiator who does not fully understand their topic needs to be surrounded by people who do, and they need to get well versed in it prior to negotiations. That could be what's happening here: I don't know anyone who could recite every TLA in use by every technology out there, so an unfamiliar acronym might need a bit of context.

Regardless, it sounds like the "U.S. Official" is a bit of a dolt.

Being one of the aforementioned Minneapolitans, I have to state that a Minnesota winter is not nearly as bad as an Arizona summer. In the winter, we just keep adding layers: long underwear, flannel shirts, a fleece pullover or sweater, a down jacket, a nylon shell. There's not a fixed limit. Sure, it takes a bit longer to go outside, but it's not all that uncomfortable. If you're dressed right, you can stay outside all day long, doing whatever you want (as long as it involves two feet of snow.) In Phoenix in July, however, there's a limit as to what you can take off when you go outside, and after that you're simply going to die from heatstroke after an hour or two.

It's still no excuse for inflicting Daylight Savings Time upon us. Given the headaches I've got today from this politically induced jet lag, I have to believe DST was invented by the people who sell aspirin.

Actually, it turns out that most people make most of their purchases during the day, and only a few 24 hour stores are profitable enough to keep the doors open all night.

About 20-25 years ago there was a local push to keeping stores open 24 hours. For a while it seemed every retailer and grocery store wanted to jump on the 24 hour bandwagon. The store operators thought that "because I already have staff in here resupplying the shelves and mopping floors from 10PM to 6AM, I should keep a register open so I can sell stuff, too."

That ended about 15 years ago. Most stores quietly took down the 24 hour signs and went back to shorter days. Why? It wasn't worth it. The vast majority of people proved they do NOT buy what they want 24 hours a day from every store in their neighborhoods, they shop for those products only during business hours. Yes, a few people stop in at the 24 hr convenience store, the 24 hr pharmacy, and the 24 hr grocery store. Of those, many are there primarily for "life's necessities", and choose the shop based on location. People will only shop the drug store at midnight for cold medicine if it's closer than the convenience store. But stores that sell hardware, electronics, clothing, etc., very few of them chose to remain open 24 hours locally. Why? Because there weren't enough customers to keep the cash registers open all night, and of the few customers they did get, a certain percentage were "problem customers" who were looking for a place to sober up. There certainly weren't enough paying customers to justify the extra security and managerial staff.

These days, even if more people than before are shopping for other goods at midnight, they are far more likely to shop online than they are to head to a brick store. There still isn't justification to keep the doors open overnight, unless you carry those necessities.

It's easy enough to check. Surf to any public https secured site, and check the certificate's chain of trust. If the self-signed cert at the top of the chain is the school's cert, they've been pwned.

= = = Bitcoin is regulated. It is regulated by the users and the protocol rather than a central authority than can be corrupted or one in which sociopaths naturally gravitate to. = = =

Yeah, as I noted that system ("regulated by the users") was tried from 1500-1880. It didn't work so well, for exactly the reasons now afflicting Bitcoin.

sPh

Interesting that this is drawing so much scrutiny because it is a business. Universities - including private universities - in large cities do this all the time. I can think of three large private schools in urban areas where the "campus police" are actually PD deputies and patrol the area around the campus as city police officers as well as patrolling the campus itself. No one complains because it is a traditional "school" doing this, even though some of the large private universities are pretty big money machines.

sPh