Blocking the ad is not the same thing as altering the ad; people who create things have a right to expect that somebody else can't alter it and tell people they're seeing what you intended.
Liability is the key issue. Unlike literally everything else you purchase, you don't own software, you obtain it under a license which typically indemnifies the manufacturer from liability. Allowing product liability suits against software developers for issuing hazardous products would dramatically alter the landscape.
To be clear: There is a lot of interest in forcing the supplement industry to document that their products are both safe and effective (like, you know, every other over the counter medication) but that's it.
So, physical security needs to accomplish, in chronological order, the following against the threat of a potential intrusion: 1) Deter. The area you are trying to protect should ideally scream "Try somewhere else." Steel doors, solid frames, deadbolts, restrictive window coverings (bars), visible tamper proof cameras, etc. There are also a number of devices available these days designed to make a home look occupied, Google "Fake TV" for a number of cheap products designed to make it appear as though a TV is running inside the house. 2) Delay. Given sufficient time and resources, any target can be penetrated eventually; your doors, windows, and locks don't have to hold out forever, just long enough for a potential thief to decide it's taking too long to get in. 3) Detect. Ideally you want some kind of alert if somebody gets in. I'm laying this out for you because the security system is largely associated with number three, meaning you're skipping the most important aspect of all, deterrence. Many if not most break-ins are literally break-ins; they're not subtle. The wooden back door is smashed in or hinge pins knocked out in a matter of seconds. The thieves spend five minutes tops inside searching for stuff that can be easily hauled away in a gym bag. Your detection setup is generally pretty worthless; it's highly unlikely that the cops will even bother looking at the images you captured, much less beat the bushes hunting for mooks who kicked in your door. So focus on making your place look too hard to get in to. Further, since if somebody does get in they're not going to spend a lot of effort searching your nooks and crannies, keep the stuff that has the most meaning for you / is expensive in a special hidey hole; you can build one yourself or purchase something you can set into the wall or floor. If you have a camera, precious objects, spare laptops, external hard drives, don't leave them lying on your desk; lock them up.
I've been using Mi Casa Verde (now Vera) for three years. Most of the stuff I use is Z Wave based but the Vera (appears / is) capable of integrating anything but bluetooth (at least on the models I've worked with). Very reliable. Very easy to set up. Easy to program and capable of significant complexity. http://getvera.com/
Iris recognition is the easiest and most reliable; the reason it's less popular is it was wildly overpriced until the patents on the technology expired a few years ago, but since then a number of players have entered the market and you can actually play with free software that will perform iris recognition via a Webcam, which might be all you need. Retinal scanning feels extremely invasive to users; you generally need people to put their forehead up against a rest and hold still and users typically won't accept it outside of an extremely sensitive environment. In contrast iris scans can be performed from several feet away, very quickly, and generally work through glasses and contacts. Iris recognition typically also works well with people who have a number of different diseases (like diabetes, which can dramatically affect retinal patterns over a very short timeframe) or conditions that affect the eye, unlike retinal scanning, including most of the common conditions that cause blindness (except cataracts). Fingerprint recognition has gotten a bad rap because in general use people don't want to have any false negatives, so operators tune the environment to be less sensitive, leading to lots of false positives (my fingerprints get read as your fingerprints). But it's true that prints can be affected by things like dehydration and the local environment; they can also be simulated if you're sufficiently motivated, but that's made infinitely more difficult if you combine your biometric with a PIN (though it can't be argued that prints are left lying around everywhere, so it's probably not the best biometric you could choose). In addition a surprisingly large number of people -- like maybe two percent -- simply do not have usable fingerprints; it's actually a diagnostic criteria for some medical conditions. (I have actually had a couple of jobs that dealt directly with use of biometrics as a form of authentication).
In general I think the other comments are on the money: Keypad and PIN sounds like the way to go. If you're trying to create something automated, then contactless cards / dongles are the other solution but as others have noted, this isn't bulletproof since without some other factor (something you know or something you are) it's possible for one person to use somebody else's device.
Each college offers its own coursework; there are hundreds of colleges certified as NSA centers of excellence; some of them are indeed excellent, and some of them are...not. The last time I checked out the Tulsa program, it emphasized teaching programming principles in java. Some programs have no coding requirements at all; they train you to be a policy specialist. Many, if not most, programs are very hard core in terms of technical requirements.
To reiterate: The Cyber Corps program can and is being used by undergraduates; it will take care of two years of your 4 year degree; if you've got the ability to get your undergrad degree in three years, you'd only have to pay for one year if you were in the Cyber Corps. And if you were to go into college with no debt and no significant obligations -- like a car payment -- you could probably make enough from your stipend and summer jobs to take care of that one year.
I am very sympathetic to your position; I was extremely poor as an undergrad, but I got great scholarships; federal grants took up most of the slack, with jobs and very small loans finishing up. But that was almost 40 years ago; it would be impossible to do that now. that's why programs like this are so important. I urge you to explore it if you're at all interested in infosec as a career.
Excellent argument. The government-employed medical doctors doing cutting edge research developing treatments no private sector company will touch because there's not enough profit in it: Clearly corrupt. Those firefighters who parachute in to disaster areas with nothing but a shovel and desire to save whoever they can: Obviously corrupt. People battling for meaningful financial reform against incredibly powerful opponents: Corruption incarnate. The only moral choice is to do nothing; anybody who says they're in government to try and do the right thing is obviously lying.
To recap: You do *not* have to work for the NSA (that article was awful). You do have to work for the government, but you only have to do that for two years (the amount of time you're in school under the program). A masters degree from Carnegie Mellon would cost you something like six figures. And after that all you have is a degree with no experience. Cyber Corps offers you a *free* degree *plus* a monthly stipend, *plus* a virtually guaranteed job, meaning in four years you have no debt, a solid degree and a real resume. I can't say enough good things about the program.
No, I am not a coder on any significant level. You should definitely check out a few schools. Tulsa is not much of a coding program, but they do teach you principles in java; Purdue has an interdisciplinary program that is heavy on programming theory but you can get out with little to no programming; Syracuse has a pure policy program where I think no coding is required at all.
Actually, a number of the members of my team are non-white, gay, or both, including some senior folks. We do however tend to avoid hiring the ignorant.
Your description is more accurate than mine; saying that the FBI engages in "spying" is probably a bit off. they do engage in covert surveillance and counter espionage within the United States.
Systems housing government data are required to meet certain minimum protective requirements, every system also needs to be certified as initially complying with those requirements by an independent third party (i.e., not the system owner), with a re-examination every three years. It's called "Certification and Accreditation." if you want to understand more about the requirements, look for a document called NIST 800-53. It's basically a penetration test.
In the United States, it's not that domestic spying is not allowed, it's that it's prohibited within specific agencies. The FBI does a lot of internal spying.
I would agree that active duty enlisted tend to be "redder" than average. Also, the time frame you're describing is quite interesting as sounds like it was just about the time that the NSA had been publicly identified as breaking the law and new restrictions were put into place (which is probably what the Chief was bellyaching about). But my experience post reform is that the vast majority of people at the NSA take the prohibition on domestic spying very seriously.
The Tulsa program recruits students from all over the United States. Each of the colleges certified by the NSA as a Center of Excellence has different strong points; some are very focused on coding, for example, other on forensics or policy. My experience with the program is that is a reasonable mix of liberals and conservatives.
The program offers four semesters of financial help; it was obviously aimed at the Masters level, but it can be applied to both undergraduate and even a PhD.
Using drugs is not an automatic disqualification. Committing a crime is not an automatic disqualification. Lying about it is an automatic disqualification.
Slashdot Mirror
Blocking the ad is not the same thing as altering the ad; people who create things have a right to expect that somebody else can't alter it and tell people they're seeing what you intended.
Liability is the key issue. Unlike literally everything else you purchase, you don't own software, you obtain it under a license which typically indemnifies the manufacturer from liability. Allowing product liability suits against software developers for issuing hazardous products would dramatically alter the landscape.
To be clear: There is a lot of interest in forcing the supplement industry to document that their products are both safe and effective (like, you know, every other over the counter medication) but that's it.
Uh, no. The claim is anybody was trying to force consumers to get a prescription to purchase supplements is bogus. http://www.snopes.com/politics...
So, physical security needs to accomplish, in chronological order, the following against the threat of a potential intrusion: 1) Deter. The area you are trying to protect should ideally scream "Try somewhere else." Steel doors, solid frames, deadbolts, restrictive window coverings (bars), visible tamper proof cameras, etc. There are also a number of devices available these days designed to make a home look occupied, Google "Fake TV" for a number of cheap products designed to make it appear as though a TV is running inside the house. 2) Delay. Given sufficient time and resources, any target can be penetrated eventually; your doors, windows, and locks don't have to hold out forever, just long enough for a potential thief to decide it's taking too long to get in. 3) Detect. Ideally you want some kind of alert if somebody gets in. I'm laying this out for you because the security system is largely associated with number three, meaning you're skipping the most important aspect of all, deterrence. Many if not most break-ins are literally break-ins; they're not subtle. The wooden back door is smashed in or hinge pins knocked out in a matter of seconds. The thieves spend five minutes tops inside searching for stuff that can be easily hauled away in a gym bag. Your detection setup is generally pretty worthless; it's highly unlikely that the cops will even bother looking at the images you captured, much less beat the bushes hunting for mooks who kicked in your door. So focus on making your place look too hard to get in to. Further, since if somebody does get in they're not going to spend a lot of effort searching your nooks and crannies, keep the stuff that has the most meaning for you / is expensive in a special hidey hole; you can build one yourself or purchase something you can set into the wall or floor. If you have a camera, precious objects, spare laptops, external hard drives, don't leave them lying on your desk; lock them up.
I've been using Mi Casa Verde (now Vera) for three years. Most of the stuff I use is Z Wave based but the Vera (appears / is) capable of integrating anything but bluetooth (at least on the models I've worked with). Very reliable. Very easy to set up. Easy to program and capable of significant complexity. http://getvera.com/
Iris recognition is the easiest and most reliable; the reason it's less popular is it was wildly overpriced until the patents on the technology expired a few years ago, but since then a number of players have entered the market and you can actually play with free software that will perform iris recognition via a Webcam, which might be all you need. Retinal scanning feels extremely invasive to users; you generally need people to put their forehead up against a rest and hold still and users typically won't accept it outside of an extremely sensitive environment. In contrast iris scans can be performed from several feet away, very quickly, and generally work through glasses and contacts. Iris recognition typically also works well with people who have a number of different diseases (like diabetes, which can dramatically affect retinal patterns over a very short timeframe) or conditions that affect the eye, unlike retinal scanning, including most of the common conditions that cause blindness (except cataracts). Fingerprint recognition has gotten a bad rap because in general use people don't want to have any false negatives, so operators tune the environment to be less sensitive, leading to lots of false positives (my fingerprints get read as your fingerprints). But it's true that prints can be affected by things like dehydration and the local environment; they can also be simulated if you're sufficiently motivated, but that's made infinitely more difficult if you combine your biometric with a PIN (though it can't be argued that prints are left lying around everywhere, so it's probably not the best biometric you could choose). In addition a surprisingly large number of people -- like maybe two percent -- simply do not have usable fingerprints; it's actually a diagnostic criteria for some medical conditions. (I have actually had a couple of jobs that dealt directly with use of biometrics as a form of authentication).
In general I think the other comments are on the money: Keypad and PIN sounds like the way to go. If you're trying to create something automated, then contactless cards / dongles are the other solution but as others have noted, this isn't bulletproof since without some other factor (something you know or something you are) it's possible for one person to use somebody else's device.
Each college offers its own coursework; there are hundreds of colleges certified as NSA centers of excellence; some of them are indeed excellent, and some of them are...not. The last time I checked out the Tulsa program, it emphasized teaching programming principles in java. Some programs have no coding requirements at all; they train you to be a policy specialist. Many, if not most, programs are very hard core in terms of technical requirements.
To reiterate: The Cyber Corps program can and is being used by undergraduates; it will take care of two years of your 4 year degree; if you've got the ability to get your undergrad degree in three years, you'd only have to pay for one year if you were in the Cyber Corps. And if you were to go into college with no debt and no significant obligations -- like a car payment -- you could probably make enough from your stipend and summer jobs to take care of that one year.
I am very sympathetic to your position; I was extremely poor as an undergrad, but I got great scholarships; federal grants took up most of the slack, with jobs and very small loans finishing up. But that was almost 40 years ago; it would be impossible to do that now. that's why programs like this are so important. I urge you to explore it if you're at all interested in infosec as a career.
Excellent argument. The government-employed medical doctors doing cutting edge research developing treatments no private sector company will touch because there's not enough profit in it: Clearly corrupt. Those firefighters who parachute in to disaster areas with nothing but a shovel and desire to save whoever they can: Obviously corrupt. People battling for meaningful financial reform against incredibly powerful opponents: Corruption incarnate. The only moral choice is to do nothing; anybody who says they're in government to try and do the right thing is obviously lying.
Yes, I was quite hesitant but most of the people in my program were older; this was a second career for many of us.
To recap: You do *not* have to work for the NSA (that article was awful). You do have to work for the government, but you only have to do that for two years (the amount of time you're in school under the program). A masters degree from Carnegie Mellon would cost you something like six figures. And after that all you have is a degree with no experience. Cyber Corps offers you a *free* degree *plus* a monthly stipend, *plus* a virtually guaranteed job, meaning in four years you have no debt, a solid degree and a real resume. I can't say enough good things about the program.
No, I am not a coder on any significant level. You should definitely check out a few schools. Tulsa is not much of a coding program, but they do teach you principles in java; Purdue has an interdisciplinary program that is heavy on programming theory but you can get out with little to no programming; Syracuse has a pure policy program where I think no coding is required at all.
You mean we're not?
Actually, a number of the members of my team are non-white, gay, or both, including some senior folks. We do however tend to avoid hiring the ignorant.
Your description is more accurate than mine; saying that the FBI engages in "spying" is probably a bit off. they do engage in covert surveillance and counter espionage within the United States.
Systems housing government data are required to meet certain minimum protective requirements, every system also needs to be certified as initially complying with those requirements by an independent third party (i.e., not the system owner), with a re-examination every three years. It's called "Certification and Accreditation." if you want to understand more about the requirements, look for a document called NIST 800-53. It's basically a penetration test.
In the United States, it's not that domestic spying is not allowed, it's that it's prohibited within specific agencies. The FBI does a lot of internal spying.
The key word there would be "automatic."
Actually, you can apply the two years to an undergrad degree and a lot of people do that.
I would agree that active duty enlisted tend to be "redder" than average. Also, the time frame you're describing is quite interesting as sounds like it was just about the time that the NSA had been publicly identified as breaking the law and new restrictions were put into place (which is probably what the Chief was bellyaching about). But my experience post reform is that the vast majority of people at the NSA take the prohibition on domestic spying very seriously.
The Tulsa program recruits students from all over the United States. Each of the colleges certified by the NSA as a Center of Excellence has different strong points; some are very focused on coding, for example, other on forensics or policy. My experience with the program is that is a reasonable mix of liberals and conservatives.
The program offers four semesters of financial help; it was obviously aimed at the Masters level, but it can be applied to both undergraduate and even a PhD.
Using drugs is not an automatic disqualification. Committing a crime is not an automatic disqualification. Lying about it is an automatic disqualification.
The Cyber Corps is not a high school program; it's a college program. Here's a link to the NSA certified centers of excellence: http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml