Stop. I never said "stupid." Take a deep breath and think about the math. Nearly 1/2 of any population, must, by definition be below average (i.e., "mean") in intelligence (and height, weight, strength, etc). My post was actually intended as a lighthearted joke, and I'm sure you're kicking yourself for letting it slip past you, since as a/. reader, you very likely plot on the right slope of the curve. However, on a more serious note, the standard distribution ("Bell") curve is real, and has real consequences in the real world.
Your allusion to anti-virus software calls to mind a serious question that's been on my mind for some time. Since computer security software (anti-virus, anti-spyware, HIDS, NIDS, etc.) is relied upon by not only to protect consumers, but industry, government, and virtually every other institution of our society, how is it not considered Critical Infrastructure, subject to government monitoring, regulation, testing, or standards of conduct and performance? I'm curious, because installing such products seems to pose a real dilemma. They insert themselves often with the root level access, call home constantly, frequently inject code onto your system without operator visibility or intervention in various forms including updated "signature files," not to mention their own patch updates, and how can one assess what activity they allow, disallow, ignore, or accept since their code and algorithms are proprietary and trade secrets? Were I a well resourced adversary, might I not consider buying into (or infiltrating) a major institutional security software provider so that I could use it to spread my own root-kit? I may want my known performance to be otherwise impeccable, of course, to increase my market penetration, so that I could choose when and where to facilitate targeted malicious activity. I sure hope DHS, or somebody, is thinking about this.
So, let's examine the facts of the case: some shady characters operating a shady business request that you to accept their self-signed certificates as a exception to a security best-practice rules set because they don't want their identity information published to a reputable certificate authority.
The question is whether this is a good idea since the self signed certificate is a valid indicator of the identity of the site.
The answer is, sure! But, with the caveat that you are willing to accept the risk of dealing with the disreputable business whose identity you have validly ascertained.
So, let's plot that one on the old risk cube, shall we? Consequence: Cost to defend $1M law suite by infringed copyright plaintiff: ~$300/hour attorneys' fees at a very nominal 100 hours in meetings, filings, and court time = $30,000// Probability:.5
Go for it, genius!
..."the US has one of 'the Wild West'"...?
OK. First, this needs to be said: neither movies nor television should be considered as generally accurate reflections of real world conditions. Sorry. I realize that they often provide much of the world with their main impression of American life, but again, I caution against accepting the images that they portray as reality.
As an American who had lived for a number of years in Europe, long enough to have gained a reliable sense of conditions on the ground (and Asia as well), I can tell you that America has no less "civilized" a culture than any other place in the world that I am familiar with.
By the way, in Asia I never encountered any Kung Fu fights in the street either. Nope. Never did. I did see the remnants of a Mafia bombing in Sicily, but for the most part found that island as peaceful and civilized.
I'll say it again: movies and TV are not reality. If I have offended anyone's fragile European world view, I apologize, but sometimes truth may be uncomfortable.
Actually, you're absolutely right.
My main computer uses Ubuntu, but I recently purchased a Macbook Air for travel, and had file compatibility problems using the Mac version of OpenOffice (NeoOffice) handling some specific work files.
So I sprung for MS Office for Mac just for the odd case where I really need to open a docx document. I just opened Word for editing without thinking, and reflexively hit preview and submit in quick succession. I've learned a lesson. Sorry.
My point about knee-jerk anti-Americanism getting tiresome stands, however. I really am beginning to think that we need to go back to first principles and just look out for number one, period, which doesn't mean that you don't conduct yourself with good manners -- just that you don't entangle yourself with alliances and involve yourselves in other people's problems. Rule one is "no good deed goes unpunished."
You know, the more I read this hatred and contempt from our Euro-zone âoeallies,â the more Iâ(TM)m inclined to realize that George Washington had it absolutely right regarding âoeforeign entanglements.â OK, youâ(TM)ve convinced me...
"Progressive" = Liberal = Socialist. I have a close Marxist relative with whom I don't mind sharing a beer and a laugh or two on occasion. That doesn't mean I'd vote for him for anything more influential than dog-catcher. I also conduct a thorough sweep of my car floorboards after I give him a ride, lest there be any stray dope residue that might have fallen out of his raggedy-ass hippie jean pockets along the way. Gotta love 'em. Don't have to vote for 'em.
I just bought a Macbook Air as a second laptop. My first is a very capable System 76 Linux machine which will continue to happily serve as the desk-top replacement anchored to my desk at home. Regarding all of the oft repeated high profile criticisms of air, lack of DVD/CD on board, lack of Ethernet port, only one USB port, all true; but the thing is that excellent engineering always involves well considered trades for form, fit, and function. I bought the Macbook Air because I'm tired of lugging around a heavy laptop in a clumsy case that I can't wait to park in a corner as soon I get to where I'm going (then worry about). The screen and keyboard are ample, and the same size as other Macbooks. I bought the plug in DVD/CD drive so that I'll have one when I need it. The Ethernet dongle is tiny, light, and easy to carry. I'll probably also buy a USB hub for when I need that. Regarding "only 80GB" of hard drive, for me, a non-gamer, non-iTunes listener/buyer, and non-video aficionado, I found that when I switched to Linux (remember, OSX is Unix), that available disk space grew instantly simply from less OS and application bloat. Macbook Air is simply a sweet piece of engineering. I think Woz will be proven wrong on this one.
I agree that ISPs have legitimate cause to monitor for spam and other abuses of its terms of service agreement with the customer. That said, rather than focusing on "key phrases," which can be misleading in many cases, and perhaps lead to privacy abuses, I would suggest that ISPs focus instead on less intrusive traffic analysis methods. For example, there might very well be a legitimate (and private) context for using the "V" word in an email, referring to an evidently popular medication which is also a key word in lots of spam. However, validated traffic signatures (through an assumed "to be" process), such as, notionally, a home user account that sends regular bursts of large volumes of traffic to geographically dispersed recipients, may signal additional scrutiny. Such signature analysis which does not directly violate privacy might also serve to as "probable cause" for more intrusive and court ordered content screening for violations of law.
Think about the economics of building submarines "specializing" in cutting undersea cables. So how many missions do you think you'd get out of that investment? Wouldn't it be just a tad more cost effective to just, oh, say, bomb, sabotage, disable, stop paying the bills, request stop service, covertly monitor and exploit, or do a lot of other cheaper and more effective things on either side of where the cables terminate? Occam's Razor is why most conspiracy theories are looney tunes --and why most real conspiracies fail...at least the ones that are discovered.
Since you are, in essence, modeling your process, might I suggest that you use a Unified Modeling Language tool? You may find the sequence and activity diagramming very useful as well as state, and class diagrams. The upshot is that given sufficient completeness, accuracy and rigor, you might be able to reuse any resulting models for developing applications tools. If you are using Linux, I recommend a free tool called Umbrello. It's optimized for the KDE Gnu/Linux desktop, but works just as well for me under GNOME. See http://uml.sf.net/
Actually the first responder misunderstood. I said that Ubuntu 7.10 dumbs down their Firefox implementation so that it supports Javascript version 1.4 instead of Javascript 1.5, which both Epiphany and Firefox in-the-wild support. (Javascript does not equal Java -- is different!!!!!!!!!!!)
Yup. I do. I use a little known GNU/Linux distribution called Ubuntu 7.10 as my primary operating environment. It seems that for all of its goodness, otherwise, the Ubuntu version of Firefox is dumbed down from the version in the wild so that it doesn't support Javascript 1.5 (used to in early releases - one of those funny things). Since I need to access a certain University collaboration environment (WebTycho) which requires Javascript 1.5, I'm forced to install an additional browser which does. Opera works kind-of for my finicky site, but Epiphany renders and works in WebTycho perfectly...so there! (it's fast too!)
Perhaps it has more to do with a skewed condition relative to the West where the sciences are over-represented in Islamic Universities since anything to do with what we consider "Humanities" falls in the realm of the Mosque and rather than the University?
Here's another reason to ask people to log off, but not power down: to allow sysadmins to push updates, run scans, and perform other maintenance functions remotely during down time, when user productivity impact is least. At my work that's exactly what people are asked to do.
No problem. This only affects unskilled, uneducated, unexperienced, unproductive or just plain insecure workers. The rest would simply never work for an outfit with such an idiot management that tried to implement anything like this. What they'd be left with would be unproductive cowering zombies. Companies need good people. Good people are self motivated, and are demotivated by totalitarian tactics. Darwin sorts it out in the end...
So, if Burton Group had any credibility in the past, they just squandered it by allowing this report to pass their QA. If they care to restore their reputation, they will fire the authors and retract the idiotic "analysis" paper that looks like it was written by High School Junior. Good gravy, people!
This is a huge point! Thank you! So, if DHS would perhaps consider funding, supporting, encouraging, sponsoring, etc., an Open Source project for a software assurance tool set, then such a product could be backed by rigorous peer review from the FLOSS community as well as academia to better ensure validity and continuous improvement. Perhaps Federally Funded Research and Development (FFRDC) Cennters such as Carnegie-Mellon's Software Engineering Institute (SEI) could even be funded for full time CM and repository hosting. Projects could use the FLOSS tool to recursively check code during development, and perhaps an "Underwriters Lab"-like organization could evolve to provide an independent rating based on standards which everyone, having access to the code, can fully assess for themselves. Hey, DHS! Something to think about!
He got off lightly in my judgment. Patient records these days have greater implications than just billing. More and more medical systems provide cross-database functionality with real health impacts, such as drug interaction, allergy alerts, diagnostics, etc. This idiot's acts may very well have had the potential for harming patients. Judge Bean says hang 'em high!
Although the headline is terribly misleading, when you actually RTFA, FOSS security implications are *very, very* positive, especially in contrast with the title's tone. Notworthy security implications include an enhanced ability to detect defects (compared with proprietary), relatively low defect rates found in most of the big projects mentioned, and their demonstrated responsiveness in fixing defects once identified. Jeez. One other observation -- all defects are not equal, and missing in the article is any perspective on the nature or severity of any defects found. Lacking this perspective, there is not much a reader can conclude, except FOSS security doesn't look too bad...
That would actually be a good thing, because an inevitable unfavorable ruling would contribute to patent case law to the detriment of the bad practice struck down. As a bonus, wouldn't that be ironic in the case of an MS victory against a predatory patent practice?
Slashdot Mirror
Stop. I never said "stupid." Take a deep breath and think about the math. Nearly 1/2 of any population, must, by definition be below average (i.e., "mean") in intelligence (and height, weight, strength, etc). My post was actually intended as a lighthearted joke, and I'm sure you're kicking yourself for letting it slip past you, since as a /. reader, you very likely plot on the right slope of the curve. However, on a more serious note, the standard distribution ("Bell") curve is real, and has real consequences in the real world.
Well, nearly half of the people in the world are of below average intelligence...
Your allusion to anti-virus software calls to mind a serious question that's been on my mind for some time. Since computer security software (anti-virus, anti-spyware, HIDS, NIDS, etc.) is relied upon by not only to protect consumers, but industry, government, and virtually every other institution of our society, how is it not considered Critical Infrastructure, subject to government monitoring, regulation, testing, or standards of conduct and performance? I'm curious, because installing such products seems to pose a real dilemma. They insert themselves often with the root level access, call home constantly, frequently inject code onto your system without operator visibility or intervention in various forms including updated "signature files," not to mention their own patch updates, and how can one assess what activity they allow, disallow, ignore, or accept since their code and algorithms are proprietary and trade secrets? Were I a well resourced adversary, might I not consider buying into (or infiltrating) a major institutional security software provider so that I could use it to spread my own root-kit? I may want my known performance to be otherwise impeccable, of course, to increase my market penetration, so that I could choose when and where to facilitate targeted malicious activity. I sure hope DHS, or somebody, is thinking about this.
So, let's examine the facts of the case: some shady characters operating a shady business request that you to accept their self-signed certificates as a exception to a security best-practice rules set because they don't want their identity information published to a reputable certificate authority. The question is whether this is a good idea since the self signed certificate is a valid indicator of the identity of the site. The answer is, sure! But, with the caveat that you are willing to accept the risk of dealing with the disreputable business whose identity you have validly ascertained. So, let's plot that one on the old risk cube, shall we? Consequence: Cost to defend $1M law suite by infringed copyright plaintiff: ~$300/hour attorneys' fees at a very nominal 100 hours in meetings, filings, and court time = $30,000 // Probability: .5
Go for it, genius!
..."the US has one of 'the Wild West'"...? OK. First, this needs to be said: neither movies nor television should be considered as generally accurate reflections of real world conditions. Sorry. I realize that they often provide much of the world with their main impression of American life, but again, I caution against accepting the images that they portray as reality. As an American who had lived for a number of years in Europe, long enough to have gained a reliable sense of conditions on the ground (and Asia as well), I can tell you that America has no less "civilized" a culture than any other place in the world that I am familiar with. By the way, in Asia I never encountered any Kung Fu fights in the street either. Nope. Never did. I did see the remnants of a Mafia bombing in Sicily, but for the most part found that island as peaceful and civilized. I'll say it again: movies and TV are not reality. If I have offended anyone's fragile European world view, I apologize, but sometimes truth may be uncomfortable.
Another commie heard from...
Actually, you're absolutely right. My main computer uses Ubuntu, but I recently purchased a Macbook Air for travel, and had file compatibility problems using the Mac version of OpenOffice (NeoOffice) handling some specific work files. So I sprung for MS Office for Mac just for the odd case where I really need to open a docx document. I just opened Word for editing without thinking, and reflexively hit preview and submit in quick succession. I've learned a lesson. Sorry. My point about knee-jerk anti-Americanism getting tiresome stands, however. I really am beginning to think that we need to go back to first principles and just look out for number one, period, which doesn't mean that you don't conduct yourself with good manners -- just that you don't entangle yourself with alliances and involve yourselves in other people's problems. Rule one is "no good deed goes unpunished."
You know, the more I read this hatred and contempt from our Euro-zone âoeallies,â the more Iâ(TM)m inclined to realize that George Washington had it absolutely right regarding âoeforeign entanglements.â OK, youâ(TM)ve convinced me...
Freaking concur! Good on you CajunArson!
"Progressive" = Liberal = Socialist. I have a close Marxist relative with whom I don't mind sharing a beer and a laugh or two on occasion. That doesn't mean I'd vote for him for anything more influential than dog-catcher. I also conduct a thorough sweep of my car floorboards after I give him a ride, lest there be any stray dope residue that might have fallen out of his raggedy-ass hippie jean pockets along the way. Gotta love 'em. Don't have to vote for 'em.
I just bought a Macbook Air as a second laptop. My first is a very capable System 76 Linux machine which will continue to happily serve as the desk-top replacement anchored to my desk at home. Regarding all of the oft repeated high profile criticisms of air, lack of DVD/CD on board, lack of Ethernet port, only one USB port, all true; but the thing is that excellent engineering always involves well considered trades for form, fit, and function. I bought the Macbook Air because I'm tired of lugging around a heavy laptop in a clumsy case that I can't wait to park in a corner as soon I get to where I'm going (then worry about). The screen and keyboard are ample, and the same size as other Macbooks. I bought the plug in DVD/CD drive so that I'll have one when I need it. The Ethernet dongle is tiny, light, and easy to carry. I'll probably also buy a USB hub for when I need that. Regarding "only 80GB" of hard drive, for me, a non-gamer, non-iTunes listener/buyer, and non-video aficionado, I found that when I switched to Linux (remember, OSX is Unix), that available disk space grew instantly simply from less OS and application bloat. Macbook Air is simply a sweet piece of engineering. I think Woz will be proven wrong on this one.
I agree that ISPs have legitimate cause to monitor for spam and other abuses of its terms of service agreement with the customer. That said, rather than focusing on "key phrases," which can be misleading in many cases, and perhaps lead to privacy abuses, I would suggest that ISPs focus instead on less intrusive traffic analysis methods. For example, there might very well be a legitimate (and private) context for using the "V" word in an email, referring to an evidently popular medication which is also a key word in lots of spam. However, validated traffic signatures (through an assumed "to be" process), such as, notionally, a home user account that sends regular bursts of large volumes of traffic to geographically dispersed recipients, may signal additional scrutiny. Such signature analysis which does not directly violate privacy might also serve to as "probable cause" for more intrusive and court ordered content screening for violations of law.
Think about the economics of building submarines "specializing" in cutting undersea cables. So how many missions do you think you'd get out of that investment? Wouldn't it be just a tad more cost effective to just, oh, say, bomb, sabotage, disable, stop paying the bills, request stop service, covertly monitor and exploit, or do a lot of other cheaper and more effective things on either side of where the cables terminate? Occam's Razor is why most conspiracy theories are looney tunes --and why most real conspiracies fail...at least the ones that are discovered.
Since you are, in essence, modeling your process, might I suggest that you use a Unified Modeling Language tool? You may find the sequence and activity diagramming very useful as well as state, and class diagrams. The upshot is that given sufficient completeness, accuracy and rigor, you might be able to reuse any resulting models for developing applications tools. If you are using Linux, I recommend a free tool called Umbrello. It's optimized for the KDE Gnu/Linux desktop, but works just as well for me under GNOME. See http://uml.sf.net/
Actually the first responder misunderstood. I said that Ubuntu 7.10 dumbs down their Firefox implementation so that it supports Javascript version 1.4 instead of Javascript 1.5, which both Epiphany and Firefox in-the-wild support. (Javascript does not equal Java -- is different!!!!!!!!!!!)
Yup. I do. I use a little known GNU/Linux distribution called Ubuntu 7.10 as my primary operating environment. It seems that for all of its goodness, otherwise, the Ubuntu version of Firefox is dumbed down from the version in the wild so that it doesn't support Javascript 1.5 (used to in early releases - one of those funny things). Since I need to access a certain University collaboration environment (WebTycho) which requires Javascript 1.5, I'm forced to install an additional browser which does. Opera works kind-of for my finicky site, but Epiphany renders and works in WebTycho perfectly...so there! (it's fast too!)
Perhaps it has more to do with a skewed condition relative to the West where the sciences are over-represented in Islamic Universities since anything to do with what we consider "Humanities" falls in the realm of the Mosque and rather than the University?
I say I have fewer flaws than comperable husbands; however, my wife doesn't agree.
Here's another reason to ask people to log off, but not power down: to allow sysadmins to push updates, run scans, and perform other maintenance functions remotely during down time, when user productivity impact is least. At my work that's exactly what people are asked to do.
No problem. This only affects unskilled, uneducated, unexperienced, unproductive or just plain insecure workers. The rest would simply never work for an outfit with such an idiot management that tried to implement anything like this. What they'd be left with would be unproductive cowering zombies. Companies need good people. Good people are self motivated, and are demotivated by totalitarian tactics. Darwin sorts it out in the end...
So, if Burton Group had any credibility in the past, they just squandered it by allowing this report to pass their QA. If they care to restore their reputation, they will fire the authors and retract the idiotic "analysis" paper that looks like it was written by High School Junior. Good gravy, people!
This is a huge point! Thank you! So, if DHS would perhaps consider funding, supporting, encouraging, sponsoring, etc., an Open Source project for a software assurance tool set, then such a product could be backed by rigorous peer review from the FLOSS community as well as academia to better ensure validity and continuous improvement. Perhaps Federally Funded Research and Development (FFRDC) Cennters such as Carnegie-Mellon's Software Engineering Institute (SEI) could even be funded for full time CM and repository hosting. Projects could use the FLOSS tool to recursively check code during development, and perhaps an "Underwriters Lab"-like organization could evolve to provide an independent rating based on standards which everyone, having access to the code, can fully assess for themselves. Hey, DHS! Something to think about!
He got off lightly in my judgment. Patient records these days have greater implications than just billing. More and more medical systems provide cross-database functionality with real health impacts, such as drug interaction, allergy alerts, diagnostics, etc. This idiot's acts may very well have had the potential for harming patients. Judge Bean says hang 'em high!
Although the headline is terribly misleading, when you actually RTFA, FOSS security implications are *very, very* positive, especially in contrast with the title's tone. Notworthy security implications include an enhanced ability to detect defects (compared with proprietary), relatively low defect rates found in most of the big projects mentioned, and their demonstrated responsiveness in fixing defects once identified. Jeez. One other observation -- all defects are not equal, and missing in the article is any perspective on the nature or severity of any defects found. Lacking this perspective, there is not much a reader can conclude, except FOSS security doesn't look too bad...
That would actually be a good thing, because an inevitable unfavorable ruling would contribute to patent case law to the detriment of the bad practice struck down. As a bonus, wouldn't that be ironic in the case of an MS victory against a predatory patent practice?