It's scary that Sony would allow this to happen.
On the one hand, it's a trust issue. I'm must less likely to trust Sony's network at this point. They would have to proactively earn my trust back in various, public, audited ways.
On the other hand, what do you do when this happens to one of your accounts? The network isn't even back up yet. If the criminals have all of my information that Sony has, how can Sony guarantee that I'm a legitimate person, signing in and changing my password? Send me snail-mail with a one-time password? That's so costly and time-consuming.
I don't want to have to think about, or worry about, any of this security crap when I just want to play a game.
And this is why I think "cloud computing" is a bad idea. Putting all of your stuff out there, where someone could gain access to it? Scary!
I guess my problem is this: I realize it's capitalism, and we all have to spend money, regularly, to buy operating systems and applications. However, what happens when you (or, for example, Corporate America) gets into a situation where you like the stability and work-flow of a particular environment? I don't want to buy another computer yet, and upgrading can be almost just as expensive. Add to that the fact that if I upgrade from XP to 7, I then have to reinstall all of my applications and potentially lose all of my previous settings, plus not all applications run on 7, and there are many pieces of (rather expensive) hardware that don't have drivers for 7 yet - it's sickening. I have enough experience with computers that upgrades and reinstalls don't stress me out, but still...it's a capital investment of time and money, and there's no really compelling reason to move forward except corporate greed.
Yes, XP is 10 years old. We should celebrate the fact that Microsoft actually gets it right sometimes, and perhaps Microsoft could charge folks a fee for supporting and operating system that "just works." It's mature enough that it shouldn't need many bug fixes, just closing off security holes.
Having said that, if Linux did all the things I wanted it to do, I would gladly choose a winning distribution and sail it for the next 30 years. As it is, I use Linux all over the place, and love how easy it is to patch/update/upgrade. Speaking of 30 years...I have never heard of anyone successfully, happily upgrading Windows from an older version to a newer version without having niggling, persistent, long-term problems. Why can't Microsoft get it right?
The main thing to remember is that this is a government, or two, asking for this information - not another company.
I'd be FURIOUS if Blackberry opened any of my information up to a third-party without my consent, and I would expect all subscribers to feel the same way. But a government? They have the laws and the weapons. The only option would be to simply remove their product/service from the countries asking; which is lunacy.
Best to use your own encryption, if your privacy matters that much to you, and encrypt everything you send, so it's all equally important.
I used to have mild pain in my wrists when I'd type a lot...and I do type a lot. I always have an ergonomic keyboard and mouse, marked as my personal property, with the receipt taped to the bottom of the keyboard in case there's any question. However, not all workplaces suck. My current job has replaced my keyboard and mouse with an ergonomic unit of my choice whenever it needs it. I haven't had pain in my wrists for years, and I owe most of it to the keyboard and mouse, proper placement of my monitor/chair, and taking frequent breaks to stretch out.
But, yeah...it stinks when you have a crappy mouse/keyboard/computer and have no way of upgrading, replacing or fixing deficiencies. If your computer at work sucks that hard that you want to break it, perhaps it's time to search for a new job?
Storing permanent keys in memory is great for us, and bad for the companies that want to keep things hidden. I'd say "Please, keep doing that!" Well, I mean, both to the type of person who's willing to go through this process and reverse engineer things, and the companies that add lame security to their products. One might ask: "Why add the security in the first place?"
What I'd like to see is a well-defined and documented, open-source released method for "dumping ROMs." I'm sure it's out there on the Internet. While this is a great example of someone taking the time to rip something important (to them) out of a closed-system, it might be nice to actually document how he did it.
Open-source the world!
I've seen a few people here say something about how when secure web-sites become the norm, more people will break the encryption, so it doesn't make any sense to encrypt. That's a pretty silly argument against secure web-sites. If a specialist wants to get into my house, I'm going to have a hard time stopping them; but it doesn't stop me from putting a lock on my front door. Also, an open door might be construed as an open invitation to enter, whereas a locked door cannot be. If someone enters my house without my consent, I want evidence that they defeated my security. Also, most physical security (safes and vaults to name two examples) is rated in time. You never buy an impenetrable vault, you buy a vault that would take two hours to breach with the best, currently-available tools. Digital security should be viewed the same way, and it should be augmented with other features such as Intrusion Detection, and Intrusion Prevention countermeasures. As a greater number of web-sites are compelled to become more secure (HIPAA and SOX compliance), point-to-point encryption will be just one of the many required tools in the data owner's/manager's toolkit.
Having said that, it makes sense for all business to secure their web-sites if they are requiring users to create accounts (because sometimes people are still foolish enough to use the same or similar password in different locations), share private information, or make purchases using financial information such as credit cards or Pay Pal accounts. Of course, there should be a reasonable, well-known scale defining how much and what type of security is required based on the type of information stored. This should be audited regularly by the business ("has the information we are storing changed enough to change our security?" and "are we secure enough based on the data we are currently storing?") in addition to regular external audits to ensure that the minimum requirements are met.
All of this, of course, introduces cost into the equation. A small business might not be able to afford a systems administrator to watch the logs, or even to be able to pay for the annual certificate fee, not to mention the dedicated static IP address required for proper certificate usage. This means that larger businesses (banks, insurance companies, large corporations, the military and government) will always have better security than your average smaller business. This means that you, the information originator, need to be conscious of where you share your information, and what you are sharing.
I think certificates should be free, or at least reasonably priced - free would be best - and that security not be tied to IP addresses, which are pretty limited in the IPv4 world.
So, yes, even though a lock won't keep out every intruder, it will keep out the majority of prying eyes. As information security needs continue to improve, so will the associated algorithms used to keep things moderately secure.
Of course, as important as it is to secure the line/connection itself, one should also be very concerned about the authenticity of the person connecting, in addition to the site being connected to. How do you know that you aren't being DNS poisoned or some other man-in-the-middle attack? Is this really your bank? Your insurance company? Your favorite on-line merchant? How do you know? Is the strength of the encryption algorithm really important if you're actually connecting to a thief masquerading as the desired site, intent on stealing your information?
So both of these key factors need to be made affordable (cheap or free), and available to all, not just large businesses with deep pockets and a Class C to throw around. That's when things get moderately more secure.
Yes, just what I need, another sensor to fail and make my car not start. However, this is just one more device/sensor to override and hack into submission. Drunk drivers have been overriding keys, buttons, switches and sensors ever since they were employed. What makes anyone think this will be different? I hear people talking about wearing gloves...I imagine the car won't start without some sort of baseline conductivity check - otherwise every drunk would wear gloves to bypass. If it checks every second, does that mean that it would check only once prior to starting the engine, and not check until the engine was turned off; or continuously check as you drove, and turn the car off if you suddenly show positive for alcohol? False positives are scary. Also, would it "report" you? Nice, a tattletale car.
This is how laws get passed: fear. Over 9,000 road traffic deaths could be saved, great. But how about the inconvenience to the other 254,000,000 (Wiki) registered drivers. I'm sorry, but that's like 0.004%. Law enforcement already has great programs for stopping drunk drivers and, hey, if someone gets a DUI, take away their license for a longer period of time, increase the fine, throw them in jail - I don't care. What I do care about, strongly, are my civil liberties. If I'm not a criminal, don't treat me like one.
This goes back to the whole enforced seatbelt thing. Why does it matter if I choose to wear a seatbelt or not? If I die, it's my own life. Why shouldn't it be my choice? I've heard of several friends getting into wrecks over the years where they were saved by not wearing their seatbelt. Officer on the scene said something like "if you had been wearing your seatbelt, you would have been crushed where you sat. Here, have a ticket for not wearing a seatbelt." Nice, right?
Now, having said that, I think this is a great idea to put into the cars of people who have proven themselves to be dangerous by getting behind the wheel of a car drunk. Retrofit it into every vehicle in their household, and if they're caught driving a vehicle without the device, revoke their driving privileges. But, again, I'm only talking about the idea of putting this into vehicles that are driven by people who have a history (once is enough for me) of DUI. When you drive drunk, you could easily kill a single innocent person, so I'm willing to limit someone who obviously can't control their impulses and make the adult decision to either drink, or drive, but not both.
I've been playing Fallout: New Vegas a lot recently, and it's directly because of the different paths I can take. In real life, my options are pretty clear-cut as far as theft and murder, as are the consequences when caught. In a video game, I always play through the first time as a "good" player: not stealing anything marked as owned, and not killing anyone until they "show red." It makes playing the game a little easier, knowing which characters you can kill with no repercussions and which will give you bad karma and standing.
In New Vegas, it's generally clear when I'm working for the good guys (NCR/democracy) and when I'm not (Legion/slavers). I play the game as good, by doing good things. If something bad happens, it's generally not because of any choices I've made, unless that's just the way the story goes.
While I do prefer the linear storyline concept, I also like the semi-randomness of an open-world. Yes, the choices I make should make a difference in the way the game reacts to me, but I don't think that one false move should cause me to restart my game, either. If I spent a few hours playing an evil character (killing good guys, not killing bad guys, stealing and looting) and something bad happens as a result, that's cool - Hollywood logic. I guess the problem occurs when a random event happens despite what you do (zero control) or counter to what you do (inverse control).
People have to keep reminding themselves that it's just a game, that game designers make choices to try and differentiate the game-play from all the other games out there, and sometimes they make decisions that don't fit your style or expectations of a good game. Having said that, I think there needs to be a full-blown sequel to both Red Dead Redemption and Borderlands. Those were fun games, but the narrative story was way too short with somewhat limited replay value for me. I did like the zombie pack for Borderlands, though....
Nearly every complex solution to a programming problem that I have looked at carefully has turned out to be wrong. -- Brent Welch