One of the biggest differences between the two types of warfare is that attribution is non-trivial in cyber. So even if agreements were made between two or more countries, how can you verify that they are enforced if you can't determine who authored/deployed the illegal malware?

In traditional warfare, which often relies on kinetic weapons, its pretty straightforward to trace the trajectory of a weapon back to where it was deployed

Defense is more expensive and takes longer to develop because it is only as strong as the weakest link. You have to make sure the entire perimeter is secure by eliminating as many holes as you can.
On the offensive side, you only need to find one hole. As a consequence, offense is relatively cheap and the costs are typically associated with the initial R&D. After the initial R&D, cyber weapons can be replicated with virtually zero-cost.

Companies often times prefer younger developers because they are cheaper. It is as simple as that.
That older, incompetent developer was probably just as incompetent when he/she was in their 20's.

The technology was not there to do it yet. Almost always, peoples ideas for what can be possible are far ahead of what is currently possible.

That problem is already solved. It is called SRP With SRP, even if the attacker has full access to the host, they cannot reverse engineer the passphrase.

If you are determined to use drop box, use an open source software as 7zip that will encrypt and zip. Otherwise, stop using drop box and move on to something else. One of the consequences of using the magical cloud is that your are bound to somebody else's rules for how they manage your data. Also note that those rules are subject to change at any time, and you don't have any say in those changes (I guess the only option is to speak with your wallet and move to greener pastures).

Use Shamir's Secret Sharing . That way ordering doesn't matter. You just need the N secrets.

New ideas are usually adopted once the old people with the old ideas dies . Classic example is the theory of relativity. There were brilliant physicist of their time who went to their graves refuting Einstein's theory because they had invested too much of their time and effort in the status quo. Furthermore, acceptance of the theory of relativity would have meant their work was invalid.

If you want some relevant history and insight on the struggles and triumphs of software engineering, I highly suggest reading the Mythical Man-Month.

What was surprising to me was the fact that something written in the 60's about software development is still very relevant today.

The engineers who worked on the IBM System/360 OS discovered software engineering through pure trial and error.

One of the classic insights from the book that I've seen companies (i.e. Microsoft) violate over and over is Brooke's Law. Brooke's law states that "adding manpower to a late software project makes it later." It is incredible how we reinvent the wheel everyday instead of taking time learn the from the trials and mistakes of others.

Another surprising insight to me at the time was the following. Although the engineers were working on a very technical problem, the biggest challenges they had to overcome were social/people challenges.

Laymen terms: There is a small, but non-zero probability that an asteroid will collide into the earth and destroy civilization in the next 4 or 5 years

My thought: There is a non-zero probability of INSERT_UNLIKELY_EVENT happening in the next 4 or 5 years. Should we panic? Nah. That is called life... There are no guarantees. If we worried about unlikely events happening...we'd be in a state of paranoia, fear, and constant worry of the next catastrophe. Oh wait....wrong thread.

Traditional insurance that include life insurance and fire insurance work on a key premise. This premise is that they can get enough different types of clients that can not only distribute the risk, but also decouple the risk.

Take fire insurance for example. A fire that happens in say Miami, FL is most likely not going to increase the risk of a fire occurring in Seattle, WA. Therefore a fire insurance company can make sure that the clients they select are geographically distributed to distribute the risk AND minimize the risk correlation.

In contrast, Cyber Insurance is somewhat unique from typical insurance because there is an inherent correlated risk that you run into regardless of how and where you choose your clients. Most clients run the same OS (Windows) and use the same software and AV packages. Therefore, a data breach that occurs with one client can mean other clients can be at immediate risk to also have a data breach

So what can happen is that a cyber insurance company can end up needing to pay out more money than they collect because breaches can happen concurrently or consecutively.

Even with that method....you would have the same problem. This is because of how a "qualified" candidate will most likely be defined. The "qualified" candidates will be the ones that are the most adept at politicking (i.e. backstabbing) and marketing (i.e. look at all the amazing things I do for company Z) themselves.

So you'd have a random pool of people who were all scheming and calculating there way to the top.

I know this might be a bit more difficult, but It would be neat if you could distribute your files with random peers. Of course, the files stored with a random peer would be encrypted. It would be something similar to Buddybackup .

The advantage of synching and sharing with random peers is increased bandwidth and more redundancy in case one or more of your devices are not working or have limited network connectivity.

Correction: You are not just your biomarkers. The environment that a person grows up in can significantly impact the person they become in not so obvious ways. There has been research using identical twins that demonstrates this key point.

The environment that a person grows up in can significantly impact the person they become in not so obvious ways. There has been research using identical twins that demonstrates this key point.

I don't particularly like ads on cable tv or video game consoles, but from a business perspective it is the rational thing to do.

Imagine you are an executive at a company that makes a gadget that users interact with. The user pays for the gadget along with the interactive services that the gadget provides.

Lets also suppose that the gadget is very popular and has a large user base. Being a profit-seeking individual, you as an executive come up with the genius idea of integrating ads into the gadget.

You demonstrate that by introducing ads you can immediately impact the bottom line in a positive manner (at least in the short term). Since most businesses are short-term oriented, everyone is excited. Your genius idea is implemented and you get a bonus that is commensurate with the money your idea brings in.

All the executives line their pocket and live happily ever after. As far as the consumers who were buying your gadget, if they eventually stop buying/using your gadget, so what. You got yours (golden parachute opens).....The end.