facepalm. You are going to put all of a businesses more sensitive/proprietary data in the blockchain. Why? Also, blockchain is the least performant database in the world. When ERP requires most performant database. Why??!!
1. We are not going to put all business data to open world. We use permissioned blockchain technology, which means that it will only be accessible to a very small circle of people.
2. I think waiting 1 millisecond more, but being sure that your data is protected is better than just having quick responses. It's all a matter of implementation, you can make even the fastest database the slowest by making one mistake in the code.
My only concern with projects like Odoo is that open source ERP seems to die off fairly regularly. How robust of a project do you think Odoo is? We'd like to be able to run it for a long while...
As described I'm fairly new to odoo myself. Although I believe it has been going for over 10 years and is currently at version 11. So as far as opensource solutions go, this seems like a solid choice.
Also, I believe the cooperation that maintains the project also offers a paid enterprise version that offers mainly a more complete accounting module and handles the migration to any future versions.
I think what he's pushing for is the ability to present any defense that he likes. Under certain statutes, you cannot raise a public interest defense. I believe the Espionage Act is one such statute. You cannot present a defense that is irrelevant to the commission of the crime, and under the Espionage Act it is the release of the information, regardless of intent, that is the crime. See here:
http://dissenter.firedoglake.com/2013/08/09/obama-falsely-su...
Venue shopping would obviously help him (ie Silicon Valley vs Arlington, Virginia). However, I think what he's pushing for is to be able to raise the illegality of the programs the government was hiding from the public (and lying about before Congress). It is not at all clear that this type of evidence would be allowed, and is pretty important for how a jury would construe his actions.
The Obama Administration has already ramped up CFAA prosecutions. Adding Civil Forfeiture laws would only further incentivize law enforcement to pursue these cases.
Exactly. It incorporates by reference statutes from an era where it was actually a huge hurdle to install a listening device. Now every piece of technology is essentially a listening device, amongst many other things.
In addition, it waters down the statute from "intent to defraud" to "willfulness".
Oh by the way, they also want to take all your stuff, regardless of if you're convicted.
The problem is it undermines trust in American technology products in general. If the Snowden revelations were that the United States was bugging Iran, Libya and North Korea and monitoring all their communications, that would be one thing. However, we know now that EVERYONE is under surveillance. Therefore, how do we know they aren't doing this to everyone as well?
Fair enough - although with this set of revelations at least it's been credited at least to mail interdictions. I was responding in a limited matter to this project, this is an example of what I'm personally fine with them doing. Other people may very well have more trouble mentally compartmentalizing the broad range of activities that the NSA (and other digital espionage agencies within the US government) are up to. Many of which are clearly unconstitutional and should be (and appear to, in some cases) now being scaled back.
In any case, to answer the specific question, we can be pretty sure that our we're not infected with official US government 0day malware by the practical considerations - they go to pretty considerable lengths to keep the spread limited (per the reporting) because once Kaspersky or any other researcher gets their hands on it the utility of the toolsets goes away or becomes highly limited.
This malware isn't needed to infect every individual machine. This is just another tool in the long list of tools that the NSA has. Compromise the CA's and a few other key infrastructure machines, and now all our communications are laid as bare as plaintext. The fact that I'm not interesting enough for the NSA to target me individually does not mean that my communications are secure.
CAs are not magic decryption boxes. If you compromise a CA, you can generate a false certificate, but this certificate is non-repudiable: it is a sequence of bytes which you must present to the system you are attacking, and which is conclusive, independently-verifiable evidence that the CA has been compromised. While the NSA almost certainly could do something like this, they would run a very high risk of detection every time they did it.
Pretty much everyone is going to carry on plugging in US-sourced media just as they did before, and be happy and unconcerned about it.
To borrow from James Mickens [1] the vast majority of people's thread modelling falls into the 'NOT-MOSSAD' category. People with a 'MOSSAD' threat model should not have been inserting arbitrary removable media into their secure computers in the first place, so their habits don't need to change. Although obviously some people either incorrectly assessed their threats, and need to upgrade them, or were careless and need to be more careful...
Based on the article, are we to presume that this only affects tech in hostile countries? Or are they doing this to US-based equipment as well?
Seems like this will backfire spectacularly when foreign countries and companies stop buying American made tech for fear of these hardware backdoors. Spectacularly irresponsible.
According to the report, the malware was delivered to researchers in dozens of countries, including the UK, India, Mexico, Switzerland, France, and the US itself.
