Small companies/small groups of developers have no idea how to implement and manage this, but think that it should be easy.
I've recently been approached by a group of developers to enable SSL on their internal sites. When I mentioned that this would take some time, the response was "why can't you just use LetsEncrypt?"
I replied that LE only works on external facing sites, not internal sites. The next response was "fine, why don't we make it all external facing?"
I'm still trying to explain that their CI server (Jenkins, with its history of remotely exploitable vulnerabilities), and their internal OAuth2 server should not be public facing.
Google is moving away from network-centric security and VPNs. See https://cloud.google.com/beyondcorp/ . The threat model is a bit different but you could also follow their approach and put an auth proxy in front of Jenkins and deploy it on the public Internet.
But yeah, don't expose Jenkins to the Internet directly. Last month I saw a Jenkins instance that was mining bitcoins. The worm had used one of Java's serialisation vuln to get in the box and install the miner.
Not at all, it means the proxy can be attacked over the Internet. Just like the VPN can be attacked over the Internet. Once you're past that it's the same story.
Specifically... LetsEncrypt, and most other CAs no longer issue certs for domains that are not legal ccTLDs or gTLDs.
Not so many years ago, Microsoft recommended that organisations used [companyname].local as their internal DNS zone[1], as .local will never be an external zone, so there would be no conflict. Then along came cloud integration and increased need for edge services, and .local no worked well as a solution. Servers needed certs with both the local domain and a new external domain in their certs which became a security nightmare. Then (about a year ago) CAs stopped issuing certs for domains that weren't sub-domains of proper TLDs, which all but killed the concept of these internal non-legal domains.
So, unless you are prepared to roll your own CA, AND instruct your internal (non MS-domain members) users how to manually install an untrusted cert, signing internal sites that do not have a legal domain name, is a complete non-starter.
---
[1] Now of course they recommend a sub-domain of your public domain name (site1.company.com), or a reserved public domain name that you don't use externally (site1-company.com). Which is all well and good, but what about the 100s of legacy kit you've got on the old name... ~sigh~
It is pretty easy to manage your own CA, make a Debian VM, install something like XCA and it is literally click a few buttons to generate and issue certificates and set up certificate authority root certificates.
For what it's worth, just because one party has a president in office, doesn't mean the other parties, businesses, and special interests stop trying to push their agendas.
What I know is that the Democratic Obama Justice Dept wrongly bowed to the special interests to weaken competition among domestic carriers (perhaps bowing to union interests which also want less competition so that they can get higher wages). It clearly was an anti-trust issue and yet they approved not one but two consolidations.
Consumers paid for these consolidations with higher fares and worse service.
In the Northeast US, you'll generally see the best performing districts have a lower amount spent per child than the underperforming districts.
The underperforming districts will have higher property taxes (as a result of the higher education cost). This generally leads to parents seeking to move to a different school district for financial and educational reasons.
In education, at least, more money does not equate to better students, but instead, more mismanagement.
This definitely needs a citation. It might not have significant correlation either way, but I cannot find a reference for the former (some cursory googling [0][1]).
Special education students are more expensive to educate than bright students.
You give a gifted student a $100 book and let them get after it.
You give a troubled behavior student with multiple LDs a full-time ed tech at $30k per year salary minimum, or whatever else is required, by federal law, to fulfill their IEPs.
Ugh, I didn't stop to consider the special education component (and its cost). That's my bad.
This reminds me of a similar theory in regards to affluent towns with low taxes that have minimal social programs, that "export" their elderly to nearby cities with higher taxes but have programs such as Paratransit and Meals-on-Wheels.
Arecibo! I remember them from my time around Park Slope. My personal go-to was Evelyn Car Service from Prospect Heights.
That said, even Manhattan has had phones for black cars. I've routinely called Dial 7, Carmel, and Skyline on different occasions on demand (primarily when it's raining, when it's really hard to get a yellow cab), and had no issues. I still do so when Uber surge pricing is ridiculous for my tastes.
In the LES where yellow cabs can be scarce, you had Allen Car Service and Delancey Car Service (who I'd call for airport runs).
The reliability of these car services was pretty good. They'd call you if they were delayed or were otherwise late. (Drastically different from San Francisco, where the taxis were pretty much a terrible crapshoot experience)
When Uber started to take off in NYC, some of the feedback I heard was "I get to look like a bigwig", when in reality, anyone can get a black car, and if you think it makes you look more important... it doesn't.
My point is, there's a lot of talk of "Uber was revolutionary" and "before Uber there was nothing!", when the sad truth is these folks never bothered to look?
I mean, anyone who's lived in NYC for some time can tell you the numbers for Carmel or Dial 7 in a heartbeat, and some may even be able to recite the jingles from their ads.
Uber was just yet another dispatch car service, but with an app.
My point is, there's a lot of talk of "Uber was revolutionary" and "before Uber there was nothing!", when the sad truth is these folks never bothered to look?
I mean, anyone who's lived in NYC for some time can tell you the numbers for Carmel or Dial 7 in a heartbeat, and some may even be able to recite the jingles from their ads.
I do think you're understating the importance of discoverability.
I lived in Morningside for three years. (This is in Manhattan, by Columbia University, for you non-New Yorkers.) I'd never heard of the car services you mentioned. Even though I could easily access yellow cabs, after a few awful cab rides to / from the airport, I would have been pretty eager to try out something different.
My point is, maybe I was ignorant, lazy, should have asked around, whatever. Clearly you are a savvier New Yorker than I was. But Uber/Lyft makes the process of getting a reliable, enjoyable experience way easier as a newb, or tourist, or lazy person who doesn't bother to find a Real New Yorker, or whatever. That would have provided real value to me.
The other thing that's discounted here is how people treat their products they've purchased.
I'm not saying that's the sole cause, but it surely doesn't help when filters aren't cleaned, things aren't replaced at their regular intervals, and other standard maintenance isn't done.
I'm comfortable with buying a used car given the maintenance paperwork and/or maintenance-related receipts are provided. But that's about it.
I'll probably never buy any used household appliance related to hygiene or food consumption -- washing machines, dishwashers, or even a microwave.
Point of order: The non-filter cleaned item is the longest lived.
Also, do you guys even dishwasher? You clean them by using a wash pack like this[1]. You don't need to physically remove the filter save for a blockage as you just wash it in place.
So yeah, I exaggerated, what a dastardly scallywag!
The Northeast Corridor[1], where the DC-NYC route that was previously mentioned is part of, is owned primarily by Amtrak -- so they get priority on the rails and can run as often (and as fast) as they please. However, they share the rails with other passenger rail lines so both entities cooperate on scheduling and maintenance.
Not to mention that there are sections that are designated as high speed sections, consist of 4 tracks (1 local and 1 express track in each direction), and is electrified. Plus, there are regional transportation agencies (and Amtrak) that operate locomotives capable of 150mph+.
Yes, I know this speed pales in comparison to Europe, but as far as I'm aware, it's still faster than any other rail system in the US.
That's why when Northeast US people rave about Amtrak service (between Boston and DC), and everyone else doesn't, both sides think the other side is crazy due to a myopic view.
What suffers in the Northeast is delivery of freight, so almost all of it needs to go by truck, which contributes to traffic congestion, and drives even more people to mass transit for long distances (which makes it easier to make a convincing case for expanding passenger rail operations). Or to relocate to more densely-populated cities that have rail access.
One interesting by-product of this, is diesel engines are banned in New York City rail tunnels, so the only way to get freight from New Jersey into New York city, is via a 140-mile detour known as the the Selkirk Hurdle[2].
In other parts of the US, the rails are owned by freight companies (BNSF, CSX, etc), so their customers' cargo gets priority, and Amtrak suffers because they don't automatically win the "battle" like they do in the Northeast.
Additionally, in these areas, due to the lack of electrification, Amtrak has to rely on an aging fleet of diesel locomotives[3] that break down often, and when they do, everything gets backed up. Couple this with the fact that the only section of Amtrak's network that's profitable is the Northeast Corridor and there's less incentive to throw good money after bad, and also leads to politicians calling for the defunding or even eradication of Amtrak.
Correct. Regulatory arbitrage is about finding and taking advantage of loopholes, and shifting business activities to other business units (or even locations) where while those actions are technically legal, they're very, very borderline.
Then you generally couple regulatory arbitrage with money spent on lawyers and lobbying to monitor the existing loopholes, in order to make sure they don't disappear.
What Uber/Lyft are doing is more equivalent to poker: a combination of betting (a large enough war chest to pay lawyers and fines) and bluffing (using marketing campaigns to garner public interest and shame/scare the establishment).
When the stakes get too high (e.g. ride sharing laws in Austin, TX), they fold.
> I agree it should be optional to just live in an uninsured and unsellable shed if you want. The buyer or insurance company can make the inspection, should they want to.
But then go on to say:
> Should a publicly funded fire department put out the recurring fires in your house due to your homebuilt fireplace and diy electric wiring?
You can't have your cake and eat it too: allow reckless behavior, disregard neighbors' lives and property, and have a reasonable life and property loss prevention policy?
The purpose of your publicly funded fire department is to extinguish fires before they spread to nearby properties and cause even more loss.
The efficiency at which your city/town/village/county/etc's fire department performs this, is something everyone's insurance company pays very, very close attention to when building the elements and costs of policies that'll serve your neighborhood.
Your choices (albeit simplifying it a bit), are:
a) staff up on building inspectors and fire inspectors and spend on office space
-or-
b) staff up on fire fighters and spend on real estate acquiring parcels of land, building firehouses upon said parcels, acquiring more fire-fighting apparatus, and contribute additional funds to the state's firefighting training academy and your fire fighter's pensions and life insurance policies
To me, this (inspections vs. emergency response) is the very definition of proactive vs. reactive.
I've seen where through general abuse and repeated, early dismissal of bug reports, people are extremely reluctant to call anything an emergency ... even actual emergencies.
Small companies/small groups of developers have no idea how to implement and manage this, but think that it should be easy.
I've recently been approached by a group of developers to enable SSL on their internal sites. When I mentioned that this would take some time, the response was "why can't you just use LetsEncrypt?"
I replied that LE only works on external facing sites, not internal sites. The next response was "fine, why don't we make it all external facing?"
I'm still trying to explain that their CI server (Jenkins, with its history of remotely exploitable vulnerabilities), and their internal OAuth2 server should not be public facing.