I see a fair number of posts from people who rely on/. to learn about security flaws. That doesn't seem to be a sensible approach. It is pretty easy to follow a security list and keep an eye out for vulnerabilities affecting your system(s). I am a home user with a simple Web server in the basement. I subscribe to the CERT list. Others here mentioned Bugtraq. I catch quite a few alerts that I don't hear about in more general forums until after I see activity in my Snort logs. Even with a nightly update via yum some things need individual attention. Case in point, a flaw in a PHP application (Gallery) that falls outside of the packages covered by yum. You have to know about it to fix it -- and the bad guys know about immediately.
I don't know anything about Interior's problems with the Indian accounting systems, but I can assure you that the security scorecards for Federal systems are tough. OMB and the Hill have appropriately set a very high bar to push agencies to the limit. The intent is to make government systems a model for security best practices - they don't get marked "green" unless they jump through a lot of hoops. There are plenty of bright people on/. who could teach the Feds and anyone else a lot about secure systems. But there are also a whole lot of us who, truth be known, are running critical systems that couldn't come close to passing muster against the standards used to rate the Feds on security.
I also haven't seen any specifics about why the Judge is hammering DOI. I wouldn't be surprised if they are simply battling with the Judge over the oversight processes she wants to impose - granted that might be a dumb battle to fight.
It is really to bad to hear such negative things about UUNET. They are one of the early pioneers of the Internet providing the east coast Unix to Unix (UU) network of universities. Maybe their early academic roots of open, unfettered access kept them from seeing the need to clamp down in later days.
You can frequently find surplus Government jets and jet engines on GSA Auctions. There aren't any up right now, but you will find a few buses and boats and some nice jewelry. You never know where some of this stuff comes from - foreign gifts are sold without attribution to avoid state embarassment. A while back, we sold the Coast Guard Cutter Tamaroa featured in "The Perfect Storm."
The basic argument here is that insiders are dangerous. I think the rebuttal fairly argues that insiders are no more dangerous in an OS environment that a proprietary environment. Security is multi-layered for this very reason.
We spend a lot of time dealing with network vulnerabilities these days because they are ubiquitous and disruptive. But, back in the corporate and Government corridors, people with critical secrets are always most fearful of the enemy inside. The bottom line is that a rogue technologist is a dangerous threat as is any rogue insider. We should design critical systems with the assumption that the bad guys are all around us.
Have you looked into ASPs? Salesforce.com is serving enough small and mid-sized businesses now that Seibel (and I believe Oracle) are getting into the app service business. I don't know what is available for accounting, but I would expect you can get SAP with this model. I hope they are not all IE bound. If you don't have a lot of users, the costs (~$500-$1,000) per might not be much more than rolling your own. On the other hand, it is still a little scary to trust critical data to these outfits.
I built a six inch DOB with my daughter see photo at bottom of page but we were not confident going for a 12 to 18 incher because of the size, weight, and overall difficulty. This design looks different than any I saw when my daughter and I researched DOBs. The larger, circular secondary picks up a lot more light from the primary and the extreme angle reflects the light back down the structure to a lower eyepiece increasing the length of the light path without increasing the length of the scope. This is the "folding" that allows the scope to be much shorter and lighter than is the case with a standard model. I don't know anything about the silvering approach he mentions, but it sounds interesting. Grinding and silvering the primary is a big deal with mirrors 12 inches and up. 18 inches (his scope) is quite difficult.
I haven't read the article so I may be misleading you, but a comment above says that the guide recommends the opposite of what you concluded. You should store your CD's vertically, not horizontally. A supporting reply to the comment quotes a section of the guide that appears to support the "store em verticle" practice.
I don't know about that. I took some pictures
of Jupiter using a $15 Quickcam through a home made 6" telescope. The video frames are stacked using free software (possibly open source, but I only had the binary). I do not believe the software makes any attempt to alter the colors - it just aligns the frames, averages the exposure, and does some contrast and edge control. What you film is what you get. While my images are not large, and not detailed they certainly show the types of colors and banding we expect from media images. And Mars does have a distinct redish tinge in my photos.
It certainly would seem that the Privacy Act applies. To conform with the Act Treasury would need to publish prior notice in the Federal Register describing the records they were going to keep and how they would use them (including release of personal information to the public). The Act further requires that the agency post a privacy notice advising people submitting information about how the information will be used. Treasury appears to have posted the appropriate notice and then ignored it.
A few of the victims should pursue along these lines -- maybe a class action to give a lawyer a few bucks. I doubt the victims could claim much in the way of damages.
I think you are over estimating the cultural gap. " If European-Americans and Europeans were as actually simular in culture and outlook as they are in appearance then they would have not fought two giant wars with each other in thirty years."
It was the Europeans fighting each other. The Americans came in at the last minute to chose one: clean up the mess, make a few bucks, do the right thing. Culture didn't have much to do with it.
It doesn't really qualify as a 2003 book, but the movie is just coming out so why not... The book is strangely haunting. Much like Gabriel Garcia Marquez' One Hundred Years of Solitude. If the movie is half as good, it will be great.
Skimming the other posts, I would agree that the serious future is digital SLR. But if you just want to learn photography fundamentals the old fashioned way, you can find any number of good buys on Canon's , Nikon's and Minolta's on eBay. In your shoes, I would buy something with a few lenses and options for semi-automatic and full manual. My daughter was looking for a "real" camera to learn on and wanted to do some black and white darkroom work on the 30 year old stuff in our attic. We found a like new Canon AE1 with a few lenses and the origianl box for well under $200.
"(2) A few days or a week before the 9/11 attacks, he made the prediction that a terrorist attack would occur on American soil. At the time, this just sounded ridiculous. It sounded a lot less ridiculous when it happened almost immediately. Note: By his own admission he did not expect it to happen so quickly. This, by his theory, was because of the global downturn in social mood."
Yet recent reports show Bin Laden and company planning the 911 attacks in 1996, was before the mood change. The "remarkable" coincidence then is just that - a coincidence. What would be more consistent with the prediction would be a general increase in unconnected terrorist activities reflecting/responding to the general downturn in mood.
The item appears to be gone from eBay. I hope the eBay poster learned of the Slashdot interest and will tell us what happened. It is pretty easy to imagine....
DoHS is an aggregate of dozens of organizations all of whom had existing MS software. It was a no brainer for them to consolidate all of that into a master contract with better pricing and simplified tracking. They should do that to simplify things and save taxpayer money even if they ultimately move to alternative software.
That is correct, I found out through mishap. When I was a kid I built a Jacob's ladder out of brass curtain rods and a 20kv neon sign transformer. A Jacob's ladder is one of those Frankenstein movie devices where an arc of high voltage current travels up two diverging metal rods and then evaporates at the top - all with a lot of buzzing and crackling. My ladder worked great but you had to keep adjusting the angle of the rods so that the arc would travel up to near the top. At one point I opened the gap too much and the arc wouldn't start. Without thinking I squeezed the rods to bring them closer together -- ZAP 20kv!! It was shocking but not really any worse that a 110v house socket shock. The sign transformer was high voltage but could only deliver a small amperage. I assume the way it works is the transformer can actually only produce the rated voltage if the resistance is extremely high.
I concurred in the release under a modified BSD style license of a Java Application Monitor developed for the US General Services Administration by a Sybase software engineer. At the time we were not clear about whether Government owned software could be released uinder an open source license and never fully resolved the issue. It was not clear whether this software was fully "Government" software or whether the engineer or Sybase had IP interests in it. The engineer, with concurrence from me and Sybase, ultimately released it under the above described license because that seemed to be the best way to allow others to use it and not abuse it.
It is still not clear to me whether the Government really has the right to limit use of its code under any sort of license. As others have pointed out here, and as the NASA software release guidelines state, most non-classified Government software is viewed as being in public domain. It would seem that anyone could ask for and (eventually) get such code through a Freedom of Information Act request. They would then be free to do anything they wanted except copyright the material -- use it for themselves, publish it, sell it, modify it, whatever. Any restrictions on use of the code such as are imposed by OS licenses would seem incompatible with the public domain nature of the material. It is trully free to use or abuse. It may be that the Government needs legislation to limit use of its software with an open source license.
Any Government lawyers out there with an IP background?
Check out the GSA Auctions site. Lots of surplus Government property. It varies from literal junk, a la "Sandford and Sons," to valuable presidential gifts inluding jewelry and art. A few years ago, the Coast Guard cutter featured in the "Perfect Storm" was sold on GSAAuctions
...ask what you can do for your government, to paraphrase a well known Fed. The US Government is not a monolithic block of Poindexters committed to stealing our personal liberties. Only a few want that and they are often just implimenting misguided legislation from the boneheads you and I elect. There are many more policy makers and technologists within Government who believe in the openess and freedom designed into the Internet. But if we don't find simple, effective ways to authenticate and secure our communications when they need to be secure, the open nature of the Internet is in jeopardy. That is because there are those in the Government (and a heck of a lot more in some of your corporations) who will point to the insecurity of their particular communications as an indictment of the Net in general. And from that point of view comes the increasing call for building structural controls into the fiber of the network - including the monitoring and oversight many of us dread.
The contingents from GSA and DoD participating in the Liberty ALliance are among the good guys. They believe in an open Internet and in open standards. They released their Certificate Arbitrator Module (CAM) under an open source license. They want to see the Internet work for everyone so it isn't hijacked for a few.
CERT is still involved. They serve as the alert arm for FedCirc which is now part of Homeland Security. CERT has a secure alert service available to Government security staff that advises them of the impending public release of vulnerabilities like this - usually fairly short advance notice.
Here is Thisbe talking to "WALL" in Midsummer Night's Dream:
"My cherry lips have often kiss'd thy stones,
Thy stones with lime and hair knit up in thee."
Wow -- I didn't realise how out of touch with mainstream concerns I have gotten after decades of Federal employment with a top secret clearance. I assume most companies require credit checks for prospective managers who will be responsible for handling a substantial budget or for negotiating large dollar contracts. Employers don't want to entrust someone with horrendous, unexplained credit problems with the keys to the financial kingdom. On the other hand, even when hiring at this level, most companies that you would want to work for are open to explanations for financial difficulties (e.g., divorce. unemployment, etc). Just don't tell them you are a chronic gambler.
Hey, I resemble that remark -- excuse me, resent that remark. Remember, the movie "Office Space" portrayed.com, not.gov.
I have been a Federal employee for more years than I care to remember. Over those years I have exchanged lots "war" stories with peers across Government and the private sector. Our issues are more similar than not. The problems with Government are frequently about organizational size, not sector. In fact, I think my agency is more flexible and open than most similar sized private companies I have encountered. This applies to open source. I suspect you will find more use of open source in a typical agency than a typical corporation.
As for eGov, it is a huge challenge, not because government employees are so tight sphinctered, but because the challenge is, well --tough.
Slashdot Mirror
I see a fair number of posts from people who rely on /. to learn about security flaws. That doesn't seem to be a sensible approach. It is pretty easy to follow a security list and keep an eye out for vulnerabilities affecting your system(s). I am a home user with a simple Web server in the basement. I subscribe to the CERT list. Others here mentioned Bugtraq. I catch quite a few alerts that I don't hear about in more general forums until after I see activity in my Snort logs. Even with a nightly update via yum some things need individual attention. Case in point, a flaw in a PHP application (Gallery) that falls outside of the packages covered by yum. You have to know about it to fix it -- and the bad guys know about immediately.
Don
I don't know anything about Interior's problems with the Indian accounting systems, but I can assure you that the security scorecards for Federal systems are tough. OMB and the Hill have appropriately set a very high bar to push agencies to the limit. The intent is to make government systems a model for security best practices - they don't get marked "green" unless they jump through a lot of hoops. There are plenty of bright people on /. who could teach the Feds and anyone else a lot about secure systems. But there are also a whole lot of us who, truth be known, are running critical systems that couldn't come close to passing muster against the standards used to rate the Feds on security.
I also haven't seen any specifics about why the Judge is hammering DOI. I wouldn't be surprised if they are simply battling with the Judge over the oversight processes she wants to impose - granted that might be a dumb battle to fight.
It is really to bad to hear such negative things about UUNET. They are one of the early pioneers of the Internet providing the east coast Unix to Unix (UU) network of universities. Maybe their early academic roots of open, unfettered access kept them from seeing the need to clamp down in later days.
Don
You can frequently find surplus Government jets and jet engines on GSA Auctions. There aren't any up right now, but you will find a few buses and boats and some nice jewelry. You never know where some of this stuff comes from - foreign gifts are sold without attribution to avoid state embarassment. A while back, we sold the Coast Guard Cutter Tamaroa featured in "The Perfect Storm."
The basic argument here is that insiders are dangerous. I think the rebuttal fairly argues that insiders are no more dangerous in an OS environment that a proprietary environment. Security is multi-layered for this very reason.
We spend a lot of time dealing with network vulnerabilities these days because they are ubiquitous and disruptive. But, back in the corporate and Government corridors, people with critical secrets are always most fearful of the enemy inside. The bottom line is that a rogue technologist is a dangerous threat as is any rogue insider. We should design critical systems with the assumption that the bad guys are all around us.
Have you looked into ASPs? Salesforce.com is serving enough small and mid-sized businesses now that Seibel (and I believe Oracle) are getting into the app service business. I don't know what is available for accounting, but I would expect you can get SAP with this model. I hope they are not all IE bound. If you don't have a lot of users, the costs (~$500-$1,000) per might not be much more than rolling your own. On the other hand, it is still a little scary to trust critical data to these outfits.
I built a six inch DOB with my daughter see photo at bottom of page but we were not confident going for a 12 to 18 incher because of the size, weight, and overall difficulty. This design looks different than any I saw when my daughter and I researched DOBs. The larger, circular secondary picks up a lot more light from the primary and the extreme angle reflects the light back down the structure to a lower eyepiece increasing the length of the light path without increasing the length of the scope. This is the "folding" that allows the scope to be much shorter and lighter than is the case with a standard model. I don't know anything about the silvering approach he mentions, but it sounds interesting. Grinding and silvering the primary is a big deal with mirrors 12 inches and up. 18 inches (his scope) is quite difficult.
I haven't read the article so I may be misleading you, but a comment above says that the guide recommends the opposite of what you concluded. You should store your CD's vertically, not horizontally. A supporting reply to the comment quotes a section of the guide that appears to support the "store em verticle" practice.
Don
Don Heffernan
It certainly would seem that the Privacy Act applies. To conform with the Act Treasury would need to publish prior notice in the Federal Register describing the records they were going to keep and how they would use them (including release of personal information to the public). The Act further requires that the agency post a privacy notice advising people submitting information about how the information will be used. Treasury appears to have posted the appropriate notice and then ignored it.
A few of the victims should pursue along these lines -- maybe a class action to give a lawyer a few bucks. I doubt the victims could claim much in the way of damages.
I think you are over estimating the cultural gap.
" If European-Americans and Europeans were as actually simular in culture and outlook as they are in appearance then they would have not fought two giant wars with each other in thirty years."
It was the Europeans fighting each other. The Americans came in at the last minute to chose one: clean up the mess, make a few bucks, do the right thing. Culture didn't have much to do with it.
It doesn't really qualify as a 2003 book, but the movie is just coming out so why not... The book is strangely haunting. Much like Gabriel Garcia Marquez' One Hundred Years of Solitude. If the movie is half as good, it will be great.
Don
Skimming the other posts, I would agree that the serious future is digital SLR. But if you just want to learn photography fundamentals the old fashioned way, you can find any number of good buys on Canon's , Nikon's and Minolta's on eBay. In your shoes, I would buy something with a few lenses and options for semi-automatic and full manual. My daughter was looking for a "real" camera to learn on and wanted to do some black and white darkroom work on the 30 year old stuff in our attic. We found a like new Canon AE1 with a few lenses and the origianl box for well under $200.
"(2) A few days or a week before the 9/11 attacks, he made the prediction that a terrorist attack would occur on American soil. At the time, this just sounded ridiculous. It sounded a lot less ridiculous when it happened almost immediately. Note: By his own admission he did not expect it to happen so quickly. This, by his theory, was because of the global downturn in social mood."
Yet recent reports show Bin Laden and company planning the 911 attacks in 1996, was before the mood change. The "remarkable" coincidence then is just that - a coincidence. What would be more consistent with the prediction would be a general increase in unconnected terrorist activities reflecting/responding to the general downturn in mood.
The item appears to be gone from eBay. I hope the eBay poster learned of the Slashdot interest and will tell us what happened. It is pretty easy to imagine....
If he uses the mv command has he copied the file from a legal perspective or simply "moved" it to some new volume?
DoHS is an aggregate of dozens of organizations all of whom had existing MS software. It was a no brainer for them to consolidate all of that into a master contract with better pricing and simplified tracking. They should do that to simplify things and save taxpayer money even if they ultimately move to alternative software.
That is correct, I found out through mishap. When I was a kid I built a Jacob's ladder out of brass curtain rods and a 20kv neon sign transformer. A Jacob's ladder is one of those Frankenstein movie devices where an arc of high voltage current travels up two diverging metal rods and then evaporates at the top - all with a lot of buzzing and crackling. My ladder worked great but you had to keep adjusting the angle of the rods so that the arc would travel up to near the top. At one point I opened the gap too much and the arc wouldn't start. Without thinking I squeezed the rods to bring them closer together -- ZAP 20kv!! It was shocking but not really any worse that a 110v house socket shock. The sign transformer was high voltage but could only deliver a small amperage. I assume the way it works is the transformer can actually only produce the rated voltage if the resistance is extremely high.
I concurred in the release under a modified BSD style license of a Java Application Monitor developed for the US General Services Administration by a Sybase software engineer. At the time we were not clear about whether Government owned software could be released uinder an open source license and never fully resolved the issue. It was not clear whether this software was fully "Government" software or whether the engineer or Sybase had IP interests in it. The engineer, with concurrence from me and Sybase, ultimately released it under the above described license because that seemed to be the best way to allow others to use it and not abuse it.
It is still not clear to me whether the Government really has the right to limit use of its code under any sort of license. As others have pointed out here, and as the NASA software release guidelines state, most non-classified Government software is viewed as being in public domain. It would seem that anyone could ask for and (eventually) get such code through a Freedom of Information Act request. They would then be free to do anything they wanted except copyright the material -- use it for themselves, publish it, sell it, modify it, whatever. Any restrictions on use of the code such as are imposed by OS licenses would seem incompatible with the public domain nature of the material. It is trully free to use or abuse. It may be that the Government needs legislation to limit use of its software with an open source license.
Any Government lawyers out there with an IP background?
Don Heffernan
Check out the GSA Auctions site. Lots of surplus Government property. It varies from literal junk, a la "Sandford and Sons," to valuable presidential gifts inluding jewelry and art. A few years ago, the Coast Guard cutter featured in the "Perfect Storm" was sold on GSAAuctions
-no signature is good enough
...ask what you can do for your government, to paraphrase a well known Fed. The US Government is not a monolithic block of Poindexters committed to stealing our personal liberties. Only a few want that and they are often just implimenting misguided legislation from the boneheads you and I elect. There are many more policy makers and technologists within Government who believe in the openess and freedom designed into the Internet. But if we don't find simple, effective ways to authenticate and secure our communications when they need to be secure, the open nature of the Internet is in jeopardy. That is because there are those in the Government (and a heck of a lot more in some of your corporations) who will point to the insecurity of their particular communications as an indictment of the Net in general. And from that point of view comes the increasing call for building structural controls into the fiber of the network - including the monitoring and oversight many of us dread.
The contingents from GSA and DoD participating in the Liberty ALliance are among the good guys. They believe in an open Internet and in open standards. They released their Certificate Arbitrator Module (CAM) under an open source license. They want to see the Internet work for everyone so it isn't hijacked for a few.
CERT is still involved. They serve as the alert arm for FedCirc which is now part of Homeland Security. CERT has a secure alert service available to Government security staff that advises them of the impending public release of vulnerabilities like this - usually fairly short advance notice.
The real thing wouldn't get through.
Here is Thisbe talking to "WALL" in Midsummer Night's Dream:
"My cherry lips have often kiss'd thy stones,
Thy stones with lime and hair knit up in thee."
Wow -- I didn't realise how out of touch with mainstream concerns I have gotten after decades of Federal employment with a top secret clearance. I assume most companies require credit checks for prospective managers who will be responsible for handling a substantial budget or for negotiating large dollar contracts. Employers don't want to entrust someone with horrendous, unexplained credit problems with the keys to the financial kingdom. On the other hand, even when hiring at this level, most companies that you would want to work for are open to explanations for financial difficulties (e.g., divorce. unemployment, etc). Just don't tell them you are a chronic gambler.
Hey, I resemble that remark -- excuse me, resent that remark. Remember, the movie "Office Space" portrayed .com, not .gov.
I have been a Federal employee for more years than I care to remember. Over those years I have exchanged lots "war" stories with peers across Government and the private sector. Our issues are more similar than not. The problems with Government are frequently about organizational size, not sector. In fact, I think my agency is more flexible and open than most similar sized private companies I have encountered. This applies to open source. I suspect you will find more use of open source in a typical agency than a typical corporation.
As for eGov, it is a huge challenge, not because government employees are so tight sphinctered, but because the challenge is, well --tough.