Closest thing I've seen to text steganography [1]. Probably more efficient (I tried to encode a 1.000 character message, and the encoded message ended up being 80.000 chars long - that's a long SPAM email) to encode your message in a picture though, although I can see use cases for when text only may be desireable.
I feel that we may be ignoring the psychological aspects of having a strong BATNA here. It's easy to say that you should just "ask for a better offer", but it is waay easier to actually do that when you know how much you are worth to another employer.
Some people may be able to pull off something like what you describe, but all research I've read on negotiating indicate that knowing your BATNA and having a strong one is key to achieving good negotiation results.
Yes, a big part of negotiation is knowing what you should do and how you should react despite your internal feelings about your situation. I know I've looked utterly disgusted at offers that were already making me giddy on the inside.
It's always nice to have multiple offers to choose from, but sometimes you're just not in that situation. When that happens you can still master your own psychology, keep your feelings to yourself, and negotiate with confidence.
Never name a range. Ask for 15, 20 or 25% more, based on what you want.
If someone comes to me asking for 15-20% more, I'm going to offer them something below the low end of the range. You're essentially giving away 5% for free.
Always name a range. Bound it on the low end by your minimum. Otherwise you're essentially removing their ability to give you n% for free.
In a few cases, I've seen offers come back right in the middle of the range, when I was expecting the bottom. Free money!
Ideally, have 2 offers that are aware of each other and name the range. They won't both come back with the bottom number. At least, not in this market. They've wasted a ton of time and need to hire someone, so they're going to make their offer count. Internal recruiters have performance-based metrics too, and while I'm sure getting a better deal on a hire looks good, failing to fill positions is not good.
A "report" not covering the greatest current use case for the currency - namely anonymously buying weed through the Internet tubes? Not saying it is a good thing, just that there's actual value creating going on. Right now.
Hi there. Actually, I did cover value of Bitcoin in use as a medium of exchange in footnote 2. Because there is no production in the bitcoin economy, or very little to be entirely accurate, the real exchange rate should basically be one. Why? Because most users of bitcoin live within very large production economies. Why would buyers pay more or sellers accept less, if they would be better of transacting in the domestic economy?
You might imagine a slight premium for bitcoins because they facilitate transactions that would be difficult in the domestic economies, such as money laundering or black market trade, but you could just as easily argue that the real exchange rate is less than one due to the relatively lower number of people to trade with, concerns regarding being hacked, and uncertainty regarding future government regulation of bitcoin. That's why I decided the most neutral approach would be to assume purchasing power parity across bitcoins. Admittedly, this assumption may not be great as speculation runs rampant and everyone runs for the exits, which would imply a heavy discount in the real exchange rate.
Moving money across borders is an use for Bitcoin as well. If you're living in Iran (or North Korea or Syria or Palestine) Bitcoin could very well solve your liquidity problem, in the same way the TOR network helps to solve a government-imposed-firewall issue.
Not to be a buzz killer, but didn't JSTOR provide free access [1] to over 1,200 journals to the public days before Aaron committed suicide? You've got to register to get access, but that Anon release seems noobish.
It should not be that way, though. Physical access should not equal compromise.
There's no good reason why this vulnerability still exists after 10 years except a failed design, laziness on the part of OS developers and that security professionals in general meet the problem with the above statement that "physical access equals compromise".
I think end users deserve (and expect) secure devices, even when physical access is lost. I realize that it's harder to protect a physical device, but it's not impossible.
Security ratings for those devices are measured in time. Basically, if you lose possession, it's just a matter of time. Digital security is both easier and harder, because all you're protecting there is information. If you wish for the information to be destroyed on tampering, then your job may be easier.
The only way for there to be hardening when physical access is lost is to have some form of layered defense in depth, the aim being giving the user enough time to send a command to wipe the device.
Over time, yes. Your statement about physical access == compromise is missing that crucial detail. There's no reason why someone should be able to access all your data just because they have physical access to your device for a short period.
If you really want to do the analogy thing, the DMA vulnerability would be the equivalent of a safe with a door where no key is needed in the back. It would not be a very good safe.
I don't think the specifics of the analogy is under discussion here, but rather that it's stupid and counter-productive to dismiss an obvious vulnerability because protecting against it is hard.
> Physical access == compromise even for devices that are as simple as a hollow metal box.
Only if it's unattended. You can't break a safe, without looking suspicious. You can't disassemble a PC, and take out its hard drive, and not attract a bit of attention.
Being able to root a system by attaching a dongle is a whole different story. It's like auto-play on USB all over again.
> Only if it's unattended. You can't break a safe, without looking suspicious. You can't disassemble a PC, and take out its hard drive, and not attract a bit of attention.
Yes, it goes both for a safe and a computer, so you're reinforcing my point about the equivalency of their security. Safes wouldn't be secure at all without the vigilance of bank employees, etc.
With a Firewire device to DMA the password, all you need is to hook up the device long enough to copy all of active memory. Certainly something that could happen at a hackerspace or at a conference. For the James Bond set, invent a device that you can set about 4 feet (1.3 meters) away on the table, and after it's done copying memory, the firewire cord unhooks itself and retracts back into the device.
Attaching a dongle seems very suspicions to me, unless it something like a library computer. A library computer shouldn't have any critical data in the first place making the point moot.
Physical access always has been much harder to protect against than anything else.
If someone is trusted to get access to the actual device then it's pretty much game over. Do you check the keyboard cables for key-capture hardware? Do you check for all the other nefarious devices? Do you check your OS has not been tampered with?
From BofA's guidelines on online privacy and security [1]:
"Protect your Online ID and Passcode. You should always guard your Online ID and Passcode from unauthorized use. If you share this information with someone, all transactions they initiate with the information are considered as authorized by you, even for transactions you did not intend for them to make."
Closest thing I've seen to text steganography [1]. Probably more efficient (I tried to encode a 1.000 character message, and the encoded message ended up being 80.000 chars long - that's a long SPAM email) to encode your message in a picture though, although I can see use cases for when text only may be desireable.
[1] http://en.wikipedia.org/wiki/Steganography