Ohh man, the memories around this book. Lets just say it was required reading for intel analysts at my base, and we found every way possible to reference it in our reports/briefings.
For example, the SA-6 was known as a "three sling jigger"
I thought the same, but then it made me wonder how many mines are built such that you are hauling ore down instead of up?
I don't know enough about mines, and googling "most common mine design" isn't cutting it. Could anyone weigh in with more insight? The only big mines I've seen look to be pits, like the Bingham Copper Mine near SLC.
I do remember reading something about ore trains in some Scandinavian country using regenerative braking to power nearby towns and its own trip back up.
The most frustrating place to be in these scenarios is the IT (especially security) department.
Go ask any security guy if they think their environment is secure. Very few of us will say yes. It frequently boils down to we ask for things, and there are budget/manpower/time limitations in getting them implemented.
So a breach occurs, execs say to IT staff "Why was this possible."
IT staff says "We requested back in <month> to fix this, and its working through the slow process"
Execs say "Why didn't you scream louder, identifying it as a critical issue"
IT: "There are 1000's of other issues, just like this one. The attackers just managed to exploit this one, instead of one of the others. We can't identify all issues as critical, because then nothing is critical."
Both parties stay frustrated thinking the other isn't doing their job right.
>I sorely hope the person you responded to manages not to feel too attacked and gives a frank and truthful answer on where their line is with respect to not wanting to profit off a corporate scandal.
Nope, never felt attacked. Takes a lot to get me riled.
I don't go seeking companies that break laws to enhance profits.
However, I did notice a long time ago, that constant publicity will have an effect on stock price. This is fairly common knowledge. Bad publicity and "public outrage" will frequently result in lower stock prices. So I take a look at their underlying business, see if its sound, then make a bet (buy shares) that the public will move on shortly.
Is that profiting on corporate scandal, or market (public sentiment) overreaction? Up to you to decide.
>If you don't mind, I guess like a sort of prelaunch feedback, what would it take for someone like you, willing to profit on bad corporate behavior, to instead become a leader for change?
I think it would take a few things, and I'll try my best to elaborate on why.
1. Ability to affect change.
I like to be successful, its one of my primary drivers in life. If I spend X hours working on some task, I want to see the results. Changing large swaths of people to do anything, is a challenge. So there exists this function of needing to wield enough influence over a large enough population that you influence corporate choices. Until you reach that critical mass, you are insignificant. A company by law exists to make money for shareholders, so expect them to ignore your small voice for a more profitable choice until your voice is large enough that ignoring you is no longer profitable. Same mindset applies to corporate fines. "We the ORG hereby fine your company $100k for this practice allowing you to profit $10MM" Cool... so we made $9.9MM we otherwise wouldn't have made. "So hit me with a fine. We can afford it." -Jaime Dimon.
Back to my original point, few people want to devote their working hours towards a problem they don't feel they can succeed at. You want me on your ship? Convince me my effort has a measurable effect. Make sure the effect is worth my effort.
2. Unified Direction
A centralized boycott platform sounds great in theory, but there are people that want to boycott everything, for every reason you can think of. I guess you'll have an upvote system or some filtering mechanism so the most popular ones get visibility/funding, but you will far eclipse the reasonable number of companies to protest. Everyone has different thresholds, but I doubt I would want to live a life where I'm boycotting your platforms entire top 10 list. Remember the Occupy Wall Street protests? Tons of headlines all over the place, even Presidential comments. Without looking it up, what were their goals?
3. Passion
I would have to care about the issue. Am I going to boycott YCombinator because their CEO built their house on an endangered sand flea population? No, I couldn't care less about the fleas. Would I boycott YCombinator if they decided my murder my family? Yup. Every issue falls somewhere on the scale of "does this matter to me." Its hard to become a leader for changes you don't care about. Some people are selfish, some aren't. Everyone decides for themselves.
4. Fads
This one is almost what I directly referenced in my original comment. Its popular to hate a company for a month, then something else pops up in the news and steals attention. How long do you expect to keep the boycott strong enough to matter? I don't want to be a leader hopping on the latest headlines every 4 months.
You solve those problems, and I would be the "leader for change." However, if you've solved those problems, you have no need for me.
I've used this to my advantage over the past few years, as soon as a "big corporate scandal" breaks the stock tends to fall. Check their financials, buy the stock if it looks good, then wait a few months for it to all blow over.
My most recent was Wells Fargo during their opening accounts scandal. Bought early Oct, Sold late Jan. 20.06% profit.
There were so many headlines calling for boycotts of Wells, and to teach them a lesson with your wallet. In the long run people just don't give a damn.
For every one person saying: "Uber is evil, don't use them" There are ten saying "Meh, its cheap and convenient."
Capable of writing the code, yes I agree there are others out there more than capable. But part of what makes stuxnet and others of its kind limited to Govt. sponsored is the amount of funding required to do the research to write the code. Very few malware developers are going to go purchase a Siemens nuclear refining centrifuge (plus controlling equipment) so they may reverse engineer it and figure out how to break it. Someone had to buy one, then realize if you stop it suddenly enough times it will break.
So you want to enact sweeping legislation that covers an entire industry because you feel that the CEO of a single company has a poor attitude and you want to spite him?
I'm at a loss for how naive and petty that viewpoint is, and how drastic the unintended consequences could be. But hey, you stuck it to the man, good job!
Spot on.
I think the most interesting thing in the article was (paraphrasing): You can write up a report on a conversation you have with a Pakistan official, and it becomes classified. Are you then expected to no longer discuss the same topic on your next meeting, because the report you wrote has a classification on it?
To me this whole SNAFU boils down to the two FBI agents assigned to the case not doing due diligence in their investigation.
Imagine you are a news outlet. You make money by creating articles that entice people to view your website. You make money to pay your expenses by having advertisements on your website.
DDoS = No Website. No Website = no users viewing ads. No users viewing ads = No income.
Yes, that typically resolves quickly. Depending on your hosting agreement, you may have to pay for all the excess bandwidth that the DDoS bots used.
Now imagine if you are a bank, users want to be able to access their accounts/funds/etc. How long would you remain with your bank if you frequently couldn't access your information because they were being DDoS'd.
Don't worry about his comment. He has no idea what he is claiming. These recent attacks are labeled record breaking because they actually are. This one at 620Gbps and the recent ~1Tbps against OVH are the biggest in history, and still 5x less than what he claims.
Of course we will get there sooner than any of us in infosec want, but he is almost an order of magnitude off of what realistic threats look like.
But what you're arguing isn't reality. Show me a source article where someone has compromised a backbone router, and then used it for DDoS. This is almost exactly what I was addressing when I said "Unless you use the power of the NSA to target a single pipe." Even in a hypothetical scenario where you have gotten your hands on one: How long do you think companies are going to let their half million dollar router be consumed for a DDoS before they take notice?
I think its pretty obvious you don't understand how internet traffic really flows, when you think "all I have to do is compromise 600 pc's with a Gb connection and I can launch a 600Gbps DDoS."
I'm going to call shenanigans. Do a quick google for the largest DDoS attacks on record, and this is one of them if not the largest. Pulling from places like Arbor, and their yearly reports, the largest previously seen were ~500Gbps. I seriously doubt you and "a few thousand" machines can magically be 8-10x stronger than the largest attacks on record.
I would love to see some sources that ANYONE can get close to that number. Short of the NSA bringing its full power to target a specific pipe, I don't think we're there yet.
Their Navy will be closer than you think. Take a look at the rate they are building ships. Their destroyer squadrons (Luyang II and III are amazing ships) have been rapidly growing, as well as their replinishment ships, subs, frigates, and smaller boats. These DDGs and supply ships are the foundations of a CSG. You're right they only have one carrier at the moment, and its only used for training. But this is their modus operandi: Buy something already built, reverse engineer it, tailor to our needs, mass produce. They have 30 years to manufacture 10 more carriers (and associated ships) to reach the power project with the current US Navy. If they continue at their current rate, they will easily reach that.
I don't know where you're getting the notion that the Chinese navy doesn't compare to Japan, because its stronger/larger in every measurable way. Are you accounting for the 30+ ships the Chinese navy has been building every year recently? I would agree with that statement six years ago.
You are absolutely correct: The most interesting question is can they sustain their current output. Will the party hold up?
You're in for a rude awakening if you think "China is not going to touch US in military terms during my life time"
Most people believe that the US will always have the better fighter planes, the better missiles, or the better tanks. In reality, we are about to be parity. They will be stronger in some aspects, we will be stronger in others.
If you don't believe me, go check out the Chinese J-20, J-31 aircraft. Their DF-41 ICBM. The Type-99 tank.
They have been catching, and fast. They already have some systems that are better than ours. They also have twice as many soldiers/sailors/airmen/marines.