You're either a bit racist, amigo, or have no clue on how immigration works. The political party has less to do with "check your box here" and more to do with popular conservatives/Republicans telling everyone that, for example, all Mexicans are rapists. Boy, I'm sure a lot of hardworking 2-3 job holding legal Mexican-American citizens are sure to vote Republican hearing that stuff and seeing the cheers coming from its party's members. I'm not sure if you're racist, but you're certainly not intelligent.
Is there ANY private IT project where the LOWEST BIDDER (regardless of capability) completes a project on time, under budget, and exceeds/meets specifications? Fast, Cheap, Useful -- pick any 2.
I agree the idea behind the message, but I needed to be pedantic. The technology is more than adequate and continues to evolve. It's private company's investment into infrastructure as being the key issue. Line-based ISPs are NOT being forced to put the emphasis into infrastructure like they should be. Heck, Frontier Communications still pushes DSL as something to compete with cable. They just brought back FiOS plans on their website after basically hiding them for the last couple of years because their former CEO, Maggie Wilderotter, didn't seem to understand that Fiber > Copper. She's not the only CEO who thinks this. The customer base has been screaming for better service for decades and providers just keep refusing to invest. Until the government says "invest or die" or Google's antics spur some sort of mass national infrastructure upgrade, no amount of new technology will do anything if the infrastructure isn't there.
Do people still believe that Windows itself is uber insecure? Windows has mandatory access control, pushed UEFI, supports ASLR, DEP, and a host of other technologies, and they even virtualized their authentication system (LSA) to minimize the chance that you can gain control of the authentication system. I will agree that a host of drivers and software that runs on Windows is insecure, but the OS itself is every bit as secure as a standard Linux setup is. No it's not perfect and I'm sure there are philosophical security design decisions that someone will argue is the "wrong way". But the label "insecure as fuck" hasn't been applicable since Windows 7 came out.
Because if your company's purpose is to provide security for your customers then your integrity means more to your customers than your business relationships. Unfortunately in today's MBA driven business culture companies are too focused on the bottom line and not focused enough on good corporate citizenship.
You sound like a moron. He filed for bankruptcy. By federal law collection efforts have to stop during the proceedings. Collections companies do not trump the law.
You know what works better and easier? Pensions. I put amount of time into a company and maybe chip in $ amount of dollars. In return, regardless of market forces, I get retirement. It's contracted and I get it. There's no guess work and I could literally plan for my whole life to have an exact retirement package setup for when I retire. Instead it's a craps shoot up to about maybe 5 years from retirement when, if I'm doing well, I yank back investments into super stable, low return stocks and ride it out into retirement. Of course if we see another crash or two like this last one (and the student loan bubble is going to pop at some point) America will have a very hard time recovering.
We tried this once. It ended up badly. The heavy water thing was a legit accident. Commercial companies like BP had "accidents" caused by willful negligence and the worst they got was a slap on the hand. The problem with your theory of letting "the consumer" decide is that it's stupid. What if the consumers are, collectively, retarded and let it go on far too long? We're not a species capable of space travel in vast numbers. We have no backup for this planet and your theory is the IT equivalent of not letting backups and giving end users full administrator access to the entire network. This is the inherent problem with Free Market morons who have forgotten that the US used to have a Free Market and we started regulating the bejesus out of it because it couldn't stop hurting consumers.
Really? So I couldn't add lead to paint? I mean some magical force would literally stop me from doing so? Will Uncle Sam appear out of thin air and start beating the crap out of me if I try? I don't think so. I'd be sued/hauled to court on criminal charges...same thing as murder or if I violate a gun law. Laws do NOT prevent an action from occurring. That was the point I was trying to make while you're stuck on being a pedantic fuck about it.
Ah, yes. 401(K)s. I sure want to put my retirement in the hands of the same people who created a bubble market in the US and then bet against the value of the dollar in international exchanges right as they popped it. I feel MUCH safer leaving money in the hands of private sector morons who get to drive $1 million cars in NYC,
It depends on the union contract.Unionization doesn't automagically mean lazy employees abound. Most unions do have limits on what they can protect and many times they may not feel the political expense is worth fighting for a lazy employee. I've worked at a well organized union shop. You had to meet performanc metrics. If you couldn't over 2-3 rounds of metrics and it was determined you were actually putting effort into the job, they tried to get you in to a different department that maybe matched your skillset better. If you weren't trying, you got terminated the same as everyone else.
Where they helped was when management came up with some idea on paper that didn't actually translate into real life. They helped out on negotiating salary raises that were some % points ABOVE inflation (most companies fail to meet inflation these days) and ensured that if you had a good reason then "mandatory" employment didn't apply to you. It was great and I did get terminated because I am not a great salesman and the only other openings were for sales.
Your argument is faulty. Everywhere is a murder free zone, yet murders still occur. Should we legalize murder on the basis that if I murder my murderer before he/she murders me then I'll be safer? Laws are not designed in and of themselves to prevent crime. They merely describe the crime and the results if you should commit it. This is so that I can look at you, as a judge, decide I don't like you, and then have you executed for jay walking while allowing my BFF to pay a $5 fine for raping your mother.
This assumes that the people with the guns respond, successfully. It also assumes that the gun holders are both trained to react appropriately and that they're willing to die to defend other people. Unfortunately there is evidence to suggest otherwise on both cases. Gun Free Zones statistically are not any safer than Gun Accepted Zones.
Well you could take the fight club approach and blow up their HQ offices while having a plane flying by raining down leaflets telling them why it got blown up. That would probably get their attention.
Software isn't food and it isn't alive. Forking is a terrible idea. Phone carriers would never let forks run on their networks, knowingly, for various reasons. Also forking Android doesn't mean the flaws would all suddenly go away. What if the flaw was in a base part of the code? Other flaws could be introduced as well. All you're doing is spreading the risk, not fixing the problem.
I suppose I was thinking of product developers (say, like Android) starting over "from scratch" without the Linux OS. I agree with the rest of your points.
> the actual cost to replace all that software would be much, much higher.
I'm not sure on that. There are the BSDs out there and Windows still does exist (may not run on every device sure, but there are other low cost/free/open source embedded OSes that would). The biggest cost would be driver development/market adoption. But if we take into consideration the cost that companies/individuals (paid at an average market rate) spent doing it for Linux, then it's probably not far off of the mark. And since Linux is open source and the specs are readily available, it wouldn't be too hard to write a compatibility layer (much like BSD has) to run the Linux apps. If you could achieve a compatibility layer the I'd imagine that the perceived value of Linux could drop significantly.
Wasn't it just in January when the Linux GHOST bug was found? If memory serves it impacted something like 15 or so years worth of Linux versions and allowed code execution. I think the better stance to take is that regardless of how open or closed the source code is, complex systems should never be considered secure. As seen by other flaws in open source systems (Heartbleed anyone?) the number of "eyes" checking the code doesn't really matter. The fact is that both closed source and open source software faults in that they don't get enough security auditing done. That's because it's insanely time consuming. The biggest difference between open sourced and closed source software is that generally closed source companies have more resources than open source source groups and thus should be expected to do security auditing once their software reaches a certain adoption rate.
Am I wrong in the belief that the focus of the audit was to find intentional backdoors or cryptographic weaknesses, not necessarily exploitable bugs in the software?
It's in the driver which operates at an elevated permission level. If there's a bug in the driver code which allows code execution (buffer overflow comes to mind) that code would be running with elevated privileges. Windows can't necessarily account for all potential flaws in software. Nor can any Kernel.
I believe w/ MS you get a full copy with your subscription that you keep regardless of the active subscription (if you pay annually). That's my understanding and I'm open to the very real possibility I could be wrong. I hate to say it, but SAAS is the future for any commerical/supported software.
If you add out the cost, it often times isn't any more expensive than an outright purchase of the full software (assuming you keep it upgraded with each new update).
Frankly it depends more on what you use the word processor for. If it's business and most of your clients use MS Office, then cough up the $100 a year and get Office 365 (includes an offline copy of Office). If it's for personal use you could arguably do alright (I've not had many problems with *.docx files) with LO. However, and I know this will get attacked, for $150 it's a one-time fee and you get the full copy of Office (or you could pay $100/year and get an always updated copy of it).
It's only failed because the NSA has taken over many of the end-points. Onion routing itself is not "broken" nor has it "failed". There are plenty areas of it that are very secure and very difficult to break. Some of the high profile cases were because of stupid mistakes that the site owners did (mixing email accounts/user IDs/other identifying information with external sources).
Slashdot Mirror
You're either a bit racist, amigo, or have no clue on how immigration works. The political party has less to do with "check your box here" and more to do with popular conservatives/Republicans telling everyone that, for example, all Mexicans are rapists. Boy, I'm sure a lot of hardworking 2-3 job holding legal Mexican-American citizens are sure to vote Republican hearing that stuff and seeing the cheers coming from its party's members. I'm not sure if you're racist, but you're certainly not intelligent.
Is there ANY private IT project where the LOWEST BIDDER (regardless of capability) completes a project on time, under budget, and exceeds/meets specifications? Fast, Cheap, Useful -- pick any 2.
I agree the idea behind the message, but I needed to be pedantic. The technology is more than adequate and continues to evolve. It's private company's investment into infrastructure as being the key issue. Line-based ISPs are NOT being forced to put the emphasis into infrastructure like they should be. Heck, Frontier Communications still pushes DSL as something to compete with cable. They just brought back FiOS plans on their website after basically hiding them for the last couple of years because their former CEO, Maggie Wilderotter, didn't seem to understand that Fiber > Copper. She's not the only CEO who thinks this. The customer base has been screaming for better service for decades and providers just keep refusing to invest. Until the government says "invest or die" or Google's antics spur some sort of mass national infrastructure upgrade, no amount of new technology will do anything if the infrastructure isn't there.
Tl;Dr: This is a layer 1 issue
Do people still believe that Windows itself is uber insecure? Windows has mandatory access control, pushed UEFI, supports ASLR, DEP, and a host of other technologies, and they even virtualized their authentication system (LSA) to minimize the chance that you can gain control of the authentication system. I will agree that a host of drivers and software that runs on Windows is insecure, but the OS itself is every bit as secure as a standard Linux setup is. No it's not perfect and I'm sure there are philosophical security design decisions that someone will argue is the "wrong way". But the label "insecure as fuck" hasn't been applicable since Windows 7 came out.
Because if your company's purpose is to provide security for your customers then your integrity means more to your customers than your business relationships. Unfortunately in today's MBA driven business culture companies are too focused on the bottom line and not focused enough on good corporate citizenship.
You sound like a moron. He filed for bankruptcy. By federal law collection efforts have to stop during the proceedings. Collections companies do not trump the law.
What does Apple have to do with this? Are you that much of an Apple freak?
You know what works better and easier? Pensions. I put amount of time into a company and maybe chip in $ amount of dollars. In return, regardless of market forces, I get retirement. It's contracted and I get it. There's no guess work and I could literally plan for my whole life to have an exact retirement package setup for when I retire. Instead it's a craps shoot up to about maybe 5 years from retirement when, if I'm doing well, I yank back investments into super stable, low return stocks and ride it out into retirement. Of course if we see another crash or two like this last one (and the student loan bubble is going to pop at some point) America will have a very hard time recovering.
We tried this once. It ended up badly. The heavy water thing was a legit accident. Commercial companies like BP had "accidents" caused by willful negligence and the worst they got was a slap on the hand. The problem with your theory of letting "the consumer" decide is that it's stupid. What if the consumers are, collectively, retarded and let it go on far too long? We're not a species capable of space travel in vast numbers. We have no backup for this planet and your theory is the IT equivalent of not letting backups and giving end users full administrator access to the entire network. This is the inherent problem with Free Market morons who have forgotten that the US used to have a Free Market and we started regulating the bejesus out of it because it couldn't stop hurting consumers.
Really? So I couldn't add lead to paint? I mean some magical force would literally stop me from doing so? Will Uncle Sam appear out of thin air and start beating the crap out of me if I try? I don't think so. I'd be sued/hauled to court on criminal charges...same thing as murder or if I violate a gun law. Laws do NOT prevent an action from occurring. That was the point I was trying to make while you're stuck on being a pedantic fuck about it.
Ah, yes. 401(K)s. I sure want to put my retirement in the hands of the same people who created a bubble market in the US and then bet against the value of the dollar in international exchanges right as they popped it. I feel MUCH safer leaving money in the hands of private sector morons who get to drive $1 million cars in NYC,
It depends on the union contract.Unionization doesn't automagically mean lazy employees abound. Most unions do have limits on what they can protect and many times they may not feel the political expense is worth fighting for a lazy employee. I've worked at a well organized union shop. You had to meet performanc metrics. If you couldn't over 2-3 rounds of metrics and it was determined you were actually putting effort into the job, they tried to get you in to a different department that maybe matched your skillset better. If you weren't trying, you got terminated the same as everyone else.
Where they helped was when management came up with some idea on paper that didn't actually translate into real life. They helped out on negotiating salary raises that were some % points ABOVE inflation (most companies fail to meet inflation these days) and ensured that if you had a good reason then "mandatory" employment didn't apply to you. It was great and I did get terminated because I am not a great salesman and the only other openings were for sales.
Your argument is faulty. Everywhere is a murder free zone, yet murders still occur. Should we legalize murder on the basis that if I murder my murderer before he/she murders me then I'll be safer? Laws are not designed in and of themselves to prevent crime. They merely describe the crime and the results if you should commit it. This is so that I can look at you, as a judge, decide I don't like you, and then have you executed for jay walking while allowing my BFF to pay a $5 fine for raping your mother.
This assumes that the people with the guns respond, successfully. It also assumes that the gun holders are both trained to react appropriately and that they're willing to die to defend other people. Unfortunately there is evidence to suggest otherwise on both cases. Gun Free Zones statistically are not any safer than Gun Accepted Zones.
Well you could take the fight club approach and blow up their HQ offices while having a plane flying by raining down leaflets telling them why it got blown up. That would probably get their attention.
Software isn't food and it isn't alive. Forking is a terrible idea. Phone carriers would never let forks run on their networks, knowingly, for various reasons. Also forking Android doesn't mean the flaws would all suddenly go away. What if the flaw was in a base part of the code? Other flaws could be introduced as well. All you're doing is spreading the risk, not fixing the problem.
I suppose I was thinking of product developers (say, like Android) starting over "from scratch" without the Linux OS. I agree with the rest of your points.
> the actual cost to replace all that software would be much, much higher.
I'm not sure on that. There are the BSDs out there and Windows still does exist (may not run on every device sure, but there are other low cost/free/open source embedded OSes that would). The biggest cost would be driver development/market adoption. But if we take into consideration the cost that companies/individuals (paid at an average market rate) spent doing it for Linux, then it's probably not far off of the mark. And since Linux is open source and the specs are readily available, it wouldn't be too hard to write a compatibility layer (much like BSD has) to run the Linux apps. If you could achieve a compatibility layer the I'd imagine that the perceived value of Linux could drop significantly.
Wasn't it just in January when the Linux GHOST bug was found? If memory serves it impacted something like 15 or so years worth of Linux versions and allowed code execution. I think the better stance to take is that regardless of how open or closed the source code is, complex systems should never be considered secure. As seen by other flaws in open source systems (Heartbleed anyone?) the number of "eyes" checking the code doesn't really matter. The fact is that both closed source and open source software faults in that they don't get enough security auditing done. That's because it's insanely time consuming. The biggest difference between open sourced and closed source software is that generally closed source companies have more resources than open source source groups and thus should be expected to do security auditing once their software reaches a certain adoption rate.
Am I wrong in the belief that the focus of the audit was to find intentional backdoors or cryptographic weaknesses, not necessarily exploitable bugs in the software?
It's in the driver which operates at an elevated permission level. If there's a bug in the driver code which allows code execution (buffer overflow comes to mind) that code would be running with elevated privileges. Windows can't necessarily account for all potential flaws in software. Nor can any Kernel.
I believe w/ MS you get a full copy with your subscription that you keep regardless of the active subscription (if you pay annually). That's my understanding and I'm open to the very real possibility I could be wrong. I hate to say it, but SAAS is the future for any commerical/supported software.
If you add out the cost, it often times isn't any more expensive than an outright purchase of the full software (assuming you keep it upgraded with each new update).
Frankly it depends more on what you use the word processor for. If it's business and most of your clients use MS Office, then cough up the $100 a year and get Office 365 (includes an offline copy of Office). If it's for personal use you could arguably do alright (I've not had many problems with *.docx files) with LO. However, and I know this will get attacked, for $150 it's a one-time fee and you get the full copy of Office (or you could pay $100/year and get an always updated copy of it).
It's only failed because the NSA has taken over many of the end-points. Onion routing itself is not "broken" nor has it "failed". There are plenty areas of it that are very secure and very difficult to break. Some of the high profile cases were because of stupid mistakes that the site owners did (mixing email accounts/user IDs/other identifying information with external sources).