The U.S. Government fully understands the need for isolation and just how impossible it really it. There are niche companies out there that make systems that comply with specific DCID 6/3 requirements to make the system match a Protection Level. They use mandatory access control with Solaris 10 Containers, Trusted Solaris/Irix before that, and SELinux nowadays.

Here's their problem though. In order to be effective, an organisation must clearly know what must come in or out, network wise. It is difficult, technically speaking, and managing such an interface point is a speciality either run by expensive people or by cheap, clueless dimwits.

As Bruce Schneier has pointed out, liability laws need to be in place because the market will not apply the proper controls, if for nothing else, then for cost alone. Folks may complain about PCI or SOX compliance and how it doesn't really make things safer and I agree because it just forces compliance but doesn't make them want to be compliant. Companies that are able to equate vulnerability with a decrease in stock price will find themselves motivated to make it right. The fear of lawyers can be pretty good motivation to do the right thing.

Here's my recommendation. Provide an incentive for passing an inspection. Provide an incentive for the inspector. Then clearly set the rules of the competition. The incentives are not based upon a "failure to hijack," but upon an ability to control an intrusion. The inspector does not get incentive for penetration, he gets incentive for control after he's in. The integrators need to pride themselves in limiting the damage that can be done. If they keep the installation simple and easy to understand, then it's harder to find sneaky ways in.

Meanwhile, light one up and pass it over 'cause I'm not holding my breath.

Thanks for the thoughtful reply. I've read through the TRIPS link you graciously provided. There is some good reading in there. What I failed to find though was anything that supported your argument of mandatory enforcement. I'm sure it's in there, I just wasn't having very much luck.

What if the patent holder was required to take a more active role in their patents and the applicability to proposed standards, as governed by industry and government bodies (e.g. ANSI, MILSPEC)? If a call went out looking for patents related to a specific standard, they would be required to participate in the standards body within, say, 3 months of being notified. Failure to respond or to provide reasonable licensing terms (to the standards body) is a forfeit of the holder's right to prosecute those who implement the standard.

I've got this idea because it means that:

• Lawyers will be retained to provide continuous monitoring of the standards landscape
• It encourages patents to be licensed rather than sat on and thus impeding progress
• The sheer volume of patents would either be a boon for the legal industry or a discouragement from filing yet more patents
• Patents are encouraged to get organized into standards bodies

Awesome! I'm glad to know that I'm not alone in looking for effective ways to introduce a better balance into the ecosystem. Thanks for the excellent story.

Thanks for the detailed reply, tambo. You are quite right that I am not a lawyer and thus make simple, repeated mistakes in this area. You pointed out a confusing point I had and the more I stew on it, the more I'm convincing myself that this is a complete dead end. It's starting to feel like a Game Theory model is going to have to be built in order to make any significant improvements to the system.

I really like your observation that the first standard established becomes the de facto standard as it would be the only one with any real patent protection according to my plan. The process of even trying to develop the next generation technology would have to stand on the shoulders of the previous work, but since it wouldn't be part of a standard yet, the developers could be easily sued.

As for submarine patents, thanks for calling me out on that. It might have helped if I had run a Google on it before I posted that phrase.

Can you conceive of a plan, then, by which RAND can force non-members to at least identify their patents within a short, finite time span or forfeit most forms of redress? Ideally, a patent search would find relevant conflicts, but I'm starting to get the idea that more and more generic, broad patents are being issued with too much being left to interpretation.

I guess what I kind of want is patent owners to be required to be more involved in nearby issues like the involvement required for trademarks. I'm looking to change the balance of things since the issuing rules don't appear to be up for change any time soon in the U.S. And that's what everybody on Slashdot complains about the most.

Thanks again!

These termination fees don't apply just to the whole contract. If you add a family member in for the $9.99/mo, they get their own phone number (duh), which is effectively another contract. If that family member leaves before the end of the contract, they own the remaining balance on the termination fee. The primary holder on the account can also be hit for the remaining balance of the termination fee if they cancel early too.

So, if you subscribe your wife and/or girlfriend on to the plan 18 months into a 24 month plan, they charge you $9.99 a month. I don't remember if they charge a fee to set up the phone, but the cynical side of me says that they probably do. If your significant other dumps you in the 23rd month of the contract, they can prorate the termination fee any way they want. They may take their $175 prorated to remove (23-18=) 5 months and you owe the rest. Then, when that is done making you mad and you decide to leave a month early, they'll hit your side of the contract with the prorated termination fee too.

Oh. Did I forget to mention this: when your significant other left you in month 23 and you canceled her phone, you automatically signed yourself up for a different plan. So, if you go to leave at the end of month 24, they find a way to prorate the termination fee because you are leaving the new plan early.

This is insane, you say? Then go to a pay-as-you-go plan where the profits are really juicy. Go ahead. I dare you.

I'm just glad none of these fuzzballs got bailout money. Or at least I'm hoping they didn't.

There is a museum in Dayton, OH which is just about Dayton's only attraction. This is the National Museum of the United States Air Force. Some of their exhibits include:

• Rockets from satellites with cameras that used to drop their film back to Earth once fully exposed.
• The new (and now discontinued) F-22 Raptor
• A full-size B-2 bomber (engineering model with no engines, but everything else)
• Many planes formerly known as "Air Force One"
• Lots of experimental aircraft, including those from the famous Skunkworks project
• Frames from real atomic bombs

Admittedly, this may not be as electronics or computer nerd like we all assume you are, but if you are into any level of mechanical engineering or have been a pilot at any level, then you will surely appreciate this place, even if you only visit it once in your lifetime.

There are no parking or admission fees and they're open just about every day of the year, except for three major holidays.

• 2D map with status of all nodes or submaps, organized by network
• Application monitoring, with more advanced maps available for purchase (Oracle, JBoss, Cisco) for those things you already paid a lot of money for
• Performance monitoring via SNMP or other data sources using RRDtool internally which includes graphs linked to each other during zoom in/out or panning
• Nagios plugins already do some of the heavy lifting
• Built-in support for watching Windows servers (any metric accessible via WMI)
• Access control using at least LDAP and Active Directory
• Secondary data collectors for those networks which are too big for just one central source
• Highly customizable through Python
• It has so, so much more than pathetic commercial solutions like OpenView

Cons:

• You have to keep your eye on the back end database
• It still takes a long, long time to tune it to remove noise events
• If you don't know Python, it can be tough in a few places
• Proper support is not cheap

Opticks is developed in the U.S. and is also open source, uses the QT library and C++ and is certified for use under Windows and Solaris. It could be compiled for Linux and/or OSX by anyone determined enough to get it compiled. When I last examined the source code, it's build system was focused around Visual C++.

Opticks lists compatibility for reading SAR data and it would be interesting to see what it took to read from the mentioned sensors. It is fully capable of dealing with multiple image or motion typed analysis techniques and formats.

Opticks is available at https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fopticks.ballforge.net%2F and is released under the LGPL 2.1.