The article that graph comes from indicates that is self-reported data from the companies which may not be consistent in what is considered R&D vs. marketing cost.
FIPS 140-2 is not all that it is cracked up to be these days. Older algorithms, embarrassing failures in certified products, and general distrust of NIST since the Dual EC PRNG catastrophe means that the only folks that should be using FIPS 140-2 are legally required to.
(Disclosure: I once took a hardware product through the FIPS process)
Tamper resistant/Tamper evident (and not being able to simply pop the hsm in your pocket while walking by) are important considerations around physical security.
These look great for home or SMB use, but wouldn't work in PCI-DSS or Classified environments.
Everything in the mid to small market commercial space, basically.
I've worked on several FIPS projects, and there's not a big demand for FIPS 140-2 unless the customer is handling government contracts and/or data. It's a good checkmark to have though.
For small businesses, Zenefits and other brokers offer almost exactly the same rates, which are the list rates of the insurance companies. The negotiation only comes in to play with larger companies (currently 50+ employees, next year it will be 100+, I think). For us, Zenefits seemed slightly more expensive, but it is hard to tell since they didn't give us good comparison data based on employee ages and coverage.
If you want to leverage the large company rates as a small company, you need to explore the PEO model, which Zenefits does not support, but ADP does (and several others).
I'm not really a big fan of ADP, but if Zenefits really did refuse to work with ADP to implement a real integration, I don't have much sympathy for Zenefits. They have enough funding they should be able to do things the right way now. I think Zenefits is trying to solve a real problem for small businesses, but we chose not to use them because the cost and the service level didn't make up for their nicer UI.
China doesn't have agreements with BT, AT&T etc which allow it to tap fibre in our countries at will. I'm sure they try some tapping, but they can't do it on the scale that GCHQ and the NSA have been outside China.
Sure, but they don't have the "home field advantage" that the NSA does, whereby much of the core internet infrastructure is housed in the US. I forget the exact number, but something like 70% of the world's internet traffic transits the US. (they mention this constantly in NSA-related articles)
Are they? That's a very complicated thing to pull off and China isn't known for having the most advanced Navy (e.g. they can't secure their own oil tankers in the Persian Gulf) and they only have a small number of submarines.
This is exactly why Australia is very leery of letting the Chinese telecom hardware manufacturer Huawei have any of the contracts for networking hardware on the nascent National Broadband Network -- they are suspected of having ties to the Chinese government / army: https://en.wikipedia.org/wiki/Huawei#Security_concerns
My sister in law works for Huawei in Kenya. Her job (so far) has largely involved ripping out Siemens made mobile-telephony infrastructure and replacing it with Huawei-made mobile-telephony infrastructure. Such are today's instruments of empire.
I would assume they use similar techniques within China and perhaps allied countries like North Korea and Cuba, but the US is performing wiretapping in at least the UK, Canada, Australia, and New Zealand. Also, how much non-Chinese Internet traffic passes through China?
Disregarding for a moment that a state can not be communist (one defining characteristic of communism being absence of state), only socialist, North Korea has long disassociated itself from communism. Since the 90s at least there has been a systematic removal of any mention of Marxism, communism and related terminology from the constitution, laws and official discourse.
Why on Earth are you comparing a suppressive regime to the a western democracy?
Of course the Chinese gov is able to do so without any repercussions. The difference should be that in a democracy you can't abuse your power without repercussions.
<i>"The difference should be that in a democracy you can't abuse your power without repercussions."</i>
Do you see the irony? Western governments are abusing their powers.. and they are getting away with it. Democracy means nothing if the government doesn't hold itself accountable.
Maybe it "should" but democracy and domestic popular opinion doesn't traditionally have a significant impact on US foreign policy. Except for big wars.
As much as the UK government would probably love being confused for the US government, at least the visit to the Guardian and detainment of Miranda were both done by the UK.
And given how the UK government loves nothing more than to be the lapdog of the US, I have no doubts it was done entirely voluntarily.
Eagerly even, as an opportunity to show off just how extra exceedingly loyal minions they are.
Frankly, I have little doubt that the UK government participates so eagerly that just occasionally some of their US counterparts must be a little bit embarrassed on their behalf over seeing their total lack of self respect in trying to impress.
When I last checked, in the US, it's actually not illegal for someone without a clearance to possess classified material. This is why newspapers can print unredacted classified documents and not immediately go to jail.
It is, however illegal for someone with a clearance to mishandle classified material. "Mishandling" includes "Permitting access to classified material to non-cleared personnel.". If you mishandle classified material you may be reprimanded, have your clearance revoked, be fined, or go to jail for a very long time.
It's also illegal to traffic it across international borders, which is why what foreign spies do is prosecutable. Which is the exact thing they were doing.
Good point, but the Greenwald-Snowden case is a little different. We all know the identities of the informants. The issue with the harassment of Miranda has nothing to do with espionage, it's just heavy handed.
In the case of the Chinese hackers, they were spying on reporters to discover their sources.
What they appeared to be looking for were the names of people who might have provided information to Mr. Barboza.
AFAIK we don't have evidence of similar US spying for the purpose of blackmail, harassment, etc. because my concern is whether the NSA might use its sources for those ends.
The destruction of the Guardian's laptops was about ensuring they didn't get stolen by someone else - if you read the story at the time, the spooks actually wanted the Guardian to hand the laptops over but Guardian refused and destruction was a mutually agreed way out.
Miranda's detainment, confiscation of the memory sticks etc was to be expected - as far as the UK Government is concerned he's carry stolen state secrets.
What I don't really understand is why he flew through London carrying them, I believe Madrid has more routes to South American - I wonder if he was routed so he would be picked up for massive publicity.
They weren't actually. Google lied about that. It came out later that the real reason for the Chinese hacking gmail was to see which accounts had "lawful intercept" on them so they would know if their own spies had their cover blown. If the US knew about their spies, it was assumed that they would see the US sniffing the spies gmail accounts.
Huh? There's nothing in the Post's information that would preclude both from having happened, so it's would be a stretch to call it a lie even from that article. But in fact, the original blog post[1] talks about multiple goals of the main attack, including listing the targeted attack that the GP is probably referencing as independent from the attack that "resulted in the theft of intellectual property from Google". I think it's you that's confusing incidents.
> Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
edit: ah, and the GP wasn't even talking about the gmail accounts.
The point being made isn't that they would send sensitive data using gmail, it's that if they were compromised the NSA would most likely be reading the emails, and hacking Google would theoretically let the Chinese know if cover was blown if they could see evidence of the NSA listening in.
Of course, that means the joke's on them, because the NSA was listening to everyone...
how would you know whether NSA was listening in (for example by tapping google's links between datacenters) or not even if you successfully hack into Google's infrastructure? Not finding evidence of eavesdropping doesn't exclude that eavesdropping happened, so if that was the only purpose to hack Google, it doesn't seem worth the effort.
On the other hand if you want to read people's mail, then hacking into the provider is certainly an option.
I'm not sure I necessarily buy that explanation either, but I don't know enough of the facts of this particular story to know where it falls down or is supported.
On the other hand, we don't really know what the Chinese knew, or thought they knew, about Google and how it functioned WRT government surveillance. If they had reason to believe that Google would be cooperating with authorities and would have infrastructure in place to monitor email accounts that they could look for and identify if it was monitoring the accounts they were looking for, then this explanation makes a bit more sense.
Because they have hundreds of their employees doing shifts of skript kiddie hacking over the open Internet. That is why "people assume the Chinese government is not able to use similar techniques."
I think it is fair for people who make an enduring product to be compensated for that over their lifetime. I don't think your 20 year old burgers are still in demand, so no royalties are needed. If I wrote software to power a website (or an app) that is still in use 20 years later and people are still willing to pay to access it? Sounds reasonable to me.
ESPN is the most expensive cable channel. They charge the provider roughly $4/month if it is part of a main package, or $20/month if it is part of an upgrade.
One would think if this gets a decent adoption rate that they could/should offer such channels a more lucrative deal than what current providers offer. This all depends, of course, on how they can make money off this and how much.
According to The Verge: "There's a basic version with network channels and some basic cable, on up to the movie channels like HBO." So it looks like you can get HBO...
Yep, looks like they haven't been able to secure deals with the big providers - Disney (ESPN, ABC Family), Fox (FX, Fox Sports Net), or Time Warner (CNN, TNT). I imagine this will change over time.
I think your chances of succeeding in your startup increase tremendously if you've taken a couple of years to work at another startup, see what is required to make it work, and see what problems you want to avoid, before starting your own. I also think, for CMU in particular, students have less exposure to the Silicon Valley startup culture than Stanford students. Hopefully that is better now than when I went, but being naive about the business side of things can have some pretty negative consequences when you try to start your own thing.
Of course, if you really have an idea you are passionate about you should go out there and make it happen. But maybe find some other more experienced CMU folks to give you some advice while you do it :)
Well of course CMU students have less exposure to the Silicon Valley startup culture than Stanford students. One is right down the road, the other is on the opposite side of the country.
