U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor'
Security firms are right when they claim that the US infrastructure is vulnerable. Xecco Trading using Chinese developers who wrote the code that connected both to the ACH transfer network as well as the trading exchanges. Bang, $4B USD under management worth of stock dumped and the funds transferred out. Titron was thrilled when a Chinese firm offered to replace their 3 chip zigbee + meter management + crypto cheap with an all-in-one, manufactured and delivered for pennies for their smart meters.
But the response is worse. U.S. Gov't is being influenced to award contracts to the firms that can boast 300 or more "Top Secret" cleared engineers ... i.e. M.D., etc. And their ability to deliver functional software is a joke. Further, these contracts are written for version 1.0. Want version 1.1 (with bug fixes?), U.S. has to pay the SAME PRICE as the 1.0. Indefinitely.
But there are some trying to rectify this. Get involved people. IARPA is a nice place to start, NSA does give grants for good tech, the DOD is not blinded to the ambitions of the big firms, and CyberCON is going on, right now, that will direct these budgets.
You can get involved!
Windows 8: Do I Really Need a Single OS?
The long and short of it, as I see it, is that Apple convinced the market and industry to accept a monopolistic approach to providing OS, hardware, and software distribution (ITunes store). Microsoft is following.
Regardless of whether or not you like Apple or Microsoft, Windows 8 (and in many ways Windows Server 2012) is an ENORMOUS leap forward.
Microsoft developers are LEGION. Enterprises want low cost PCs and servers and developers who can drop customized apps in a matter of days. It's why MS Access won't die (no matter how much I wish it would). It's why a Windows 8 (WinRT) $400 tablet may just take off (I know of a certain big box store that dropped a 400K unit order for Ipads on the off chance they can equip their distribution chain with a platform that their army of .NET engineers can delivery software for and their IT team can control tightly).
I've spent months on Windows 8, and Server 2012. There are a lot of mistakes. But if you focus on the expectations of those mid twenties and younger, the new UX is paradigm MUCH more comfortable for them ... touch everything, fingers on the screen (when not in their mouth).
(and the core of the tech is soooooo much better from a security perspective. Okay, well not that much better, but a step forward).
Fathers Pass Along More Mutations As They Age
I live in a very upscale and rather posh part of California. There is an abnormally high rate of children born with disabilities including M.S. and Down Syndrome. The one obvious correlation is the shockingly obvious tie between the age of the fathers and the children with disabilities. As is the case with many upscale neighborhoods, there is a significant number of men in their 50s and 60s fathering children with women in their late 20s and early 30s.
Though I often voted for something more amusing, such as correlating the genetically influenced disabilities to the permanent impact of sexually transmitted diseases, if only so that Jenny McCartney's child would attest to her having some horrible disease like Syphillis as an offset to her horribly damaging anti-vaccination efforts.
Microsoft Killed the Start Menu Because No One Uses It
Microsoft ... it's been a hell of a road. I started programming on my Commodore 64 long ago using the Microsoft Licensed Basic language and compiler. When I left college out of need, Visual Basic 3 provided a landing spot from which I launched my 15+ year long career. I've spent countless hours on my Windows PCs. But the "helper" features of Office 2010 that drive me insane, the lack of commitment to nearly every product / technology you've launched over the preceding decade, and now this abysmal and seizure inducing crap that is the Windows 8 "wtf" bar has pushed me over the edge. My computers gain more power, which you squander on pointless features and stupid glossy crap. Ubuntu or Mint ... here I come.
Is Off-Shoring a National Security Threat?
As principal architect behind an online trading firm, I brought it to the attention of a contact with the NSA that code inspected only by Chinese national managers and developed by a Chinese development organization at abnormally low rates was being connected directly into the US trading infrastructure with direct access to more than $2B in assets under management and nearly unrestricted buying power.
As a consultant and principal architect at a smart grid meter manufacturing company, I shared with my NSA contact that the core chipset handling crypto resolution, wireless uplink, and zigbee for both residential and commercial meters was being designed and manufactured in China with little US oversight.
Regardless of whether you are speaking of department of defense or other public sector technology projects or private sector technology projects which tie to critical strategic infrastructure, security is and has been compromised by outsourcing.
Further, even the most base logic demonstrates that it is futile to expect your enemies to provide for your security. We've compromised our independence and autonomy, lost the competitive edge in any meaningful way, and seem to be under the mistaken impression that China is anything other than an opportunistic hegemony.
The security of any nation which allows for lowest cost bidders using external third parties for development, implementation, or administration without regulation, inspection, or validation will be compromised.
Ask Slashdot: Trustworthy Proxy Services?
Just a note, I tried to do the same to bypass an overzealous IT policy using an IronKey (which includes free lifetime proxy with their key). It seemed rather slow and I did note that their proxies are in Canada, which prevents the US of Pandora. On the plus side, I can place bets in the UK.
Is Your Electricity Meter Spying On You?
I'm not wrong about broadcasting groups nor am I wrong about addressing. Most smart meters are not yet running IPv6, but rather another addressing schema allowing for broadcasting by groups and sub groups. IPv6 is coming, but it's not the standard at the moment. Additionally, broadcasting is handled, cryptographically, by using signed packets (but not necessarily encrypted). Targeted one to one communication between the data collection or meter data management system is the option of last resort. Perhaps not for the smaller installation, but the tech I worked on was focusing on the 1MM to 5MM meter range.
SEE ANSI C12.22 / C12.19
Do you really believe a meter, with a manufacturing cost under $100 per unit would support hardware AES256? The ones I dealt with did not.
Is Your Electricity Meter Spying On You?
I've worked for a firm that collects this data. The technology, as it's exists now, is incapable of the level of analysis described. The data is flow is massive and only summation for billing is viable. Even then, "sanitization" of data is common practices.
While protective legislation and guidance is encouraged before it goes too far, there are far greater violations including IP address mapping between logins on identifying solutions (gmail, yahoo mail) and apparent "anonymous" sites. Flash Persisted Objects being one aspect, IP + browser fingerprinting, and collaboration between marketing organizations and online retailers are bigger risks.
The part that sucks is we can't opt out of smart metering.
Security is quite solid but if I had any advice to the PUCs it would be to mandate truck roles for power turn off / turn down. The current broadcast model on smart meters combined with the potential to brute force the master key for broadcasting means someone with a bit of knowledge and desire could inject into the meshed network a flag to shut down broad swaths of power consumers, which in turn could lead to a surge back into the grid causing other catastrophic outages.
Minnesota School Issues iPad 2 To Every Student
99% probability the law of unintended consquences end up with most being lost or stolen within the first year.
I live in one of the best public school districts (by ratings) in the US, my kids are above average across the board, and they have a love of learning ... but school sucks so badly they have lost all enthusiasm and I spend my off hours building a lab and teaching them what they are lacking. Of course I live in CA where text books are bought based upon how pro-union they are and the teachers are working for retirement first.
Why the hell can we gets unionize, push forward an aggressive agenda of using our technology for the betterment of our society, starting with future generations. Afraid of a Frank Herbert future?
The Technology Party in US Gov't anyone? or maybe the "Not Drunk, Stupid, or Insane" party?
Expensify CEO On 'Why We Won't Hire .NET Developers'
95% of technology startups are really just service organizations with the false belief that they need to invent knew technology to be successful. Sadly, most of these firms will high low level "engineers" to build essentially a website with application like features. Those engineers, working with a focus on either 1) recoding something they did previously but so horribly they were fired for it 2) select technologies and solutions which will improve their marketability at the expense or producing a usable site 3) solve scaling/performance technical issues their employer may never see, 4) ignore massive quantity of quality third party open source projects / solutions / toolkits / services because they only see the coding effort and wholly ignore operations/testing/code maintenance.
Although my education was in C on Unix, I find developing marketable, scalable, significant products on Microsoft .NET, when accounting for the cost of engineering, operations, licensing, maintenance (on shore and off) favors .NET when the organization / staff is primarily Microsoft centric. (Duh).
We used to say ... it's faster to go from 0 to 60 with Microsoft, but if you want to get to 100, you need to be on *nix. I still believe it's true. But that said, 95% of the shops out there won't ever need to go 60 mph ...
Interviewing Experienced IT People?
Asking age centric questions in an interview is a sure fire way to get your company sued.
Ask someone compentant in your HR group or legal arm about what is permissible when interviewing.
In my experience, experience isn't always valuable. Work ethic and ability (and willingness) to learn regardless of age are key factors for success.
Low-Bandwidth, Truly Remote Management?
I would look to running all Windows systems inside a more stable platform like vmware.
In general we found VNC to be much lighter than RDP, perhaps a model using it could be possible?
Find a way to invert your management such that you can introduce jobs and / or reporting that can detect and execute maintenance tasks for you with the ability to inject a request for an action to be taken.
There are so many better remote telemetry / command / control options than RDP.