Purchasing Bluray, and the increasingly Internet connected players with their evolving DRM, is an endorsement of their behavior financially and philosophically.
I simply cannot support that and must make the statement with my wallet that I am not willing to participate at any cost.
In other words.... Operational Security is for military operations. Last time I checked we lived in a free society in which our military is 100% separated from civilians. By that I mean that a Colonel armed with a gun can't walk around the streets and start ordering civilians to do anything, unlike some parts of the world.
Operational Security does not apply to law enforcement. Once you take away the tremendous bullshit of the War on Drugs, just how much "Operational Security" is really required on a day-to-day basis? I suspect a hell of lot less than anything that would justify it.
The public safety mission is harmed when you take away oversight and accountability. Radio signals in the clear is part of oversight and accountability. The public has every right to know response times, unit numbers, processes, practices, methodologies, etc. After all, they work for us.
Is the proper balance being struck here? Somehow I doubt it.
Now in situations in which a SWAT team is actually required I don't object to some Operational Security during that particular operation and full disclosure afterwards. Those situations are fairly rare when compared against all crime, once you exclude all the aforementioned bullshit of the drug war.
Law enforcement will never be able to justify to me why their actions cannot be 100% transparent.
Hardly. If the picture is bad, the picture is bad. You don't have to obsessive compulsive to not be satisfied with it.
YMMV. I have noticed the waterfall effect on every single Bluray release I have seen everywhere. You might not be picking it up. That is not on crappy hardware either. People I have watched it on had the higher end Bluray players with the latest TVs and HDMI connectors.
For the record the primary reason I not enjoying the "by far best home theater experience yet devised" is totalitarian DRM that completely removes all value and joy from the platform.
I stick with DVD and will be doing so till the next revolution comes around without DRM. Yes, I know, that DVD technically has CSS. That is hardly a roadblock though and I can still make 1:1 backups and preserve the originals. While piracy is a very easy option to me with significantly mitigated risks, I compensate copyright owners to a reasonable extent where possible.
If the next revolution comes around and it is still burdened with DRM and activation servers..... and DVD goes away...... I will just go 100% piracy and not look back. Not for one second will I spend money and not actually own something. That means no Sony products anywhere near me if I have the option, and that includes Bluray.
If I really had OCD, I could not watch DVD either or Netflix on my WDTV Live Plus. Even with excellent bandwidth the Netflix streaming can start picking artifacts very quickly when it downgrades in response to any bandwidth issues that arise.
My response was to the statement that digital had perfect video fidelity. It does not.
You're absolutely right that I am comparing the best analogue performance. The "holiness" comment is not required. Some people are willing to spend their own money on quality. I did not do it to be snobbish, I did it because the quality was unreal at the time.
As far as worst, I disagree. I encounter plenty of artifacts in nearly every digital title produced. Some people might be used to it. I never will be, and it is the same with overlays on TV shows and the like. I just pick it up the instant it is on the screen.
It's been at least 3 years since I have seen an LD played on my equipment and I don't even have it hooked up anymore. Those LDs are not going to last forever, and neither will the player.
So it's not like I am actually using VHS or anything. I stick with DVD because I won't support Bluray. I just think it is inexcusable and embarrassing to have the ability to make 1:1 digital copies from the master and to produce a master with shitty encoding.
For every great encoding you think you found, I could show 9 others with artifacts.
I don't give a shit about resolution when there are artifacts in high speed motion scenes. I'm not hard pressed to find this. Over half of the Bluray and HD experiences I have had were with artifacts. It's inexcusable to have it. The technology allows for you to greatly minimize artifacts. It's the complete fucking retards doing the encoding that ruin it. If you are going to put a product out there, that ironically is digital and allows for 1:1 copies of the master, and ask me for more than $20, you can be professional and encode it well.
Of course resolution is better. No doubt about it and it is not subjective. What I am saying is that I have the choice of watching analog video on VHS with its lower resolution, color bleeding, etc. or digital video on Bluray with its higher resolution and artifacts.
What we are really getting down to here is quality. Now that is subjective.
To that end, I was only pointing out, that to me, the quality issues with VHS and DVD/Bluray add up to the same thing. Which is why LD analog video was 90% of the resolution of DVD with none of the encoding artifacts. A well produced LD on Elite hardware is very good looking while still having the benefit of digital audio. They were even THX certified towards the end.
My response was mainly to the idea that digital was absolutely superior in terms of fidelity. It's not. Of course I would never go back to VHS. That's just stupid. LD looks awesome, but you can't get content anymore.
I'll tell you what is not subtle between digital and analog. Compression artifacts. Those actually bother me more since DVD, being digital and all, is supposed to have more "fidelity". In most cases DVDs are pretty okay. Where it gets downright ridiculous is Bluray that I have seen. Can those retards not encode properly? Even on the best set ups I have seen embarrassing artifacts on high speed motion scenes.
It should be nice, clean, and smooth. Anything else is a compromise, and to me similar to VHS in that respect.
Definition is one thing, but artifacts is like that one dropping of rat shit on an otherwise perfect New York Cheesecake.
I agree with you that it is pretty stupid to go back to VHS when there is an alternative, but analog video reached its peak with LD. That was quality on par with DVD every day of the week. LD had easily at least 90% of the definition of DVD and none of the drawbacks of VHS.
When I can get proper encodings of video I will agree with your statement about digital "fidelity".
properly done digital is superior to all those formats
That is very rare. In many ways I view the quality of DVDs and Blurays as equivalent to that of VHS tapes. It's Apples and Oranges really. With VHS you had degradation and quality issues inherent to the format. With digital, which is usually done poorly, even on high end Blurays, you have the "waterfall effect" where the blocks become noticeable in high speed movement in the scene, most noticeably on water falls.
If we had a nearly loss less compression algorithm, or better methods of dealing with such artifacts that would be nice, but for now it is not like digital is perfect fidelity.
If I had to choose I would go with my 300 pound Pioneer LaserDisc player. It was expensive as hell, and I did not have to flip the discs. The quality though was just shy of DVD and still analog video. That meant no artifacts and no degradation (well a heck of lot less without laser rot). It was a nicer looking picture to me.
Not to mention the audio was in many cases digital and the Elite players had optical connectors to your stereo system.
I know it may sound crazy, but it really pisses me off when I see a $20+ Bluray title, with super high resolution compared to the LD, and yet still have bullshit encoding artifacts in high speed motion scenes. LD did not have that.
One of the many reasons why I won't spend a dime on Bluray.
LD is too much of a pain in the ass though, not to mention new titles are not exactly being sold either. Never did see a burner or blank ones around either.....
The logical - evolutionary, if you will - next step is a political party whose leaders became infamous for demanding that Federal departments "stay on-message" when they were in the White House, for example, expanding that philosophy and using the aforementioned powers - whether Constitutional, blessed by Congress, or ignored by Congress - to silence those who criticize their actions.
That's not evolution. That's repeating history. Which is why it is so sad and frustrating when people cannot remember history and what happened with the FBI in the 60's and counter cultural movement. Hoover was fucking insane and the best example of somebody in government that is that last person you want in government.
It's even more important to remember the true history of our government because it is just made up of people. The people and their behavior is the same, the tools have evolved. It's a lot easier to create a file on you these days and harass the crap out of you when you don't "stay on message" as you put it.
For people who think that is a bit tin-foil-hattish, they can read in Hoover's own words how much he hated MLK. Judging those events now tells us something.
The Patriot Act allows you to walk into a data center and threaten the owners and operators with the loss of their freedoms if they don't immediately assume the proper position (bent over at the correct angle with their hands around their ankles for maximum insertion) and severe punishments for even talking about the incident.
Has a surprisingly similar series of events to gang rape in prisons.
So why go through all the hassle of intercepting when you can go straight to the source now with no resistance?
And at least the stick-figure displays aren't as offensive as the originals.
That's fine and all, but we both know the full resolution ones that could be used for biometrics will be stored. That's an invasion of privacy.
Plus, reducing it to stick figures is also offensive. I know that they could never get that third stick between my legs right, and god dammit, there are not just sticks. What about the "rocks" too?
Replying twice because I forgot about mentioning the alternative which is the whole ball groping deal.
Flying in the US I have that choice (when I absolutely must fly for business) and I choose the ball groping.
Seriously... is the guy going to draw a picture of my junk with crayons from memory? While I might find the situation distressing I feel better knowing that *he* had to touch my balls. Not just *my* balls, but every single other person who refuses those naked porno scanners. Looking at the big picture, I am not one forced to fondle dudes nuts for a living. Which is why I have never mentioned that I have an itch a little to the left.
So if Australia would give me the option of the ball groping, I might still decide to visit there. Always wanted to go.
I won't go through one of those "naked porno scanners" and not just for privacy reasons. It is still up in the air about the actual safety with some people saying that they are off by a whole order of magnitude.
There is absolutely no way I would subject a child to it. That's just sick.
Don't think I am alone in this. People I talk to that like to take vacations in different parts of the world make their decisions, in part, on totalitarian bullshit like this. I can't tell you how many friends and people from Europe just don't want the hassle of coming to the US (Land of the Free). I get asked to come over there.
Fuck England too. Not only is there the bullshit of getting through the airport, but I am not spending my money to be watched on camera my entire fucking vacation.
It make make us in the present feel better, but then we would be rewriting history.
It may not be a bad thing that Turing remains forever convicted for that "crime". Along with his outstanding contributions to his fellow man he will serve as a reminder of how we did things wrong, and how we can continue to evolve and grow into a more advanced society.
At first glance we might want to vilify the lords that refused and made that statement, but after further reflection, there might be some value in having him remain convicted for all time.
But the fact is that we all depend on companies every day and trust them with our personal info.
Very, very, true. I work for some of them. However.... it is worth noting that there are some pretty strong NDA's and SLA's in place that define exactly how we store the data, what we will do with that data internally, how we might use 3rd parties to provide service, our own backup policies etc.
Also, the companies I work for get paid by you. YOU ARE OUR CUSTOMER . With Facebook, YOU are the product, the advertisers are the customer.
Now it is not tremendously difficult to understand there is a huge difference between Facebook and other SaaS companies out there. So it is a bit disingenuous to draw that kind of comparison when offsite storage services don't have a vested interest in pouring over your data for marketing information to sell to the highest bidder.
It's not being paranoid when Facebook is going to be filing reports with the FCC soon on how they profited on violating your privacy.
there's a CEO (with an MBA of course) that loves to override my decisions when the whiny users complain that they "can't get their work done"
I don't get an override exactly, but when the company is unable to put certain policies in place due to financial constrictions or otherwise I just write a letter. Part of the well written contract, and that is best asset that anybody in IT can have. A very well defined relationship with the company is essential.
Some CTO's and IT people get too emotionally involved and treat the network and corporate assets like it is their personal property to be defended at all costs. I see it as a job, I do it to the best of my ability, give the most options and information to those needing to make decisions, and that's all there really is to it.
In the letter I just state my position, explain what is going on, what I believe the consequences could be, and ask them to sign it. I have had people ask me why, and even get a little upset, but I have just explained that it so in case something happens we can remember it and that I am not liable. I make it clear that I take orders from them, like any good soldier, but I am making sure that they are fully informed and the letter serves as record that I was not negligent by staying silent.
I had to learn the hard way early on that the costs of staying silent, or making it personal in any way, shape or form, was a massive mistake. Just be professional about it.
The most famous one is where I advised a client to get offsite backup and a secondary NAS RAID for real time backup of changed files. It was turned down. I had them sign the letter. About a year later the Enterprise RAID crapped with a busted drive and the headers were overwritten. Ended up costing about 90x the backup fees in immediate replacement and data retrieval costs and a couple thousand times more in lost productivity across the entire company.
I was the consult that they had on retainer to prevent it.... and I showed them the letter when they were going beserk. At that point it was kind of hard to be angry with me and I ended up spending the next 5 weeks getting their company back up and online.
Guess how fast they bought the backup solutions I recommended previously?:)
As a CTO now though, I rarely get into such a situation. With my experience, people skills, and management skills I have been fairly successful at explaining why my proposal is in the best interests for the company. It also helps to have options and solutions instead of just "no we can't do that".
The best answer is, "I am not sure how to do that, but let me think about it and find the best solution for you".
And it's people like you who spend so much goddamn time worrying about little "issues", that if given the power to do so by the company management, you'd drag the entire business down from accomplishing its actual goals all in the name of preventing these "issues."
And it's people like you who don't want to worry about any issues that even remotely have the perception of slowing you down until it costs the company HUGE. I really don't know who you deal with, but the attempt to protect company data is not a little "issue".
And when you introduce bureaucracy into every goddamn file copy operation, and require justification and paperwork for every stupid special situation that comes up, what kind of parasitic overhead does this introduce to the business as a whole?
That's insane. Where did you get that from my posts?
You describe a situation where I am like those aliens from Hitchhikers Guide to the Galaxy where you have to sign endless forms for every single possible action.
I never even alluded to that. You don't need to send exe's in file attachments or receive them. I have a different solution for you, that works all the time, and you don't have to ask every time to use it.
In other words, I.T. technicians play all the same political bullshit games that every other group does, while of course, usually also being the ones who cry loudest about what whatever those assholes over in H.R., management, etc are doing. (The victim mentality is popular here, due to the overabundance of beta-male types.) Your attitude is: "If you are kind to me and can eloquently explain your 'need', then I MAY be so kind as to grant you your humble request.....OR if you don't treat me with the respect I feel I *deserve*, I will make your life hell." This petty clannish behavior does nothing more than make you an obstacle, not a solution finder or problem solver. How does it feel to be directly dragging down the company bottom line?
No. My attitude is that mutual respect, cooperation, and communication are the foundation in which we can all solve our problems, get work done, and have a less stressful life.
You may it sound like I am a tyrant, when I am not. I am very approachable, patient, and when we are done talking I aim to leave you informed with a better understanding of the problem and the belief that I am going to provide you a tool to do what you want better than you though possible when we started.
It's hilarious just how much you have misjudged me.
I.T. is a liability, NOT an asset; always remember that. The real assets are a) the knowledgeable and skilled people directly involved in the company's main business, b) the capital i.e. the computer systems you are hired to maintain. Well, the computer is only valuable as long as it's facilitating the operator in accomplishing his job. Who cares how virus-free or clean and well maintained the computer is, if it adds 30% onto the company's labor overhead due to the silly restrictions and arbitrary bullshit the I.T. department has dreamed up? How big of a problem is a virus infestation compared to developers quitting in disgust due to your unwarranted and heavy handed intrusion upon their dignity and job description?
Why have some people made this as hard as peace in the Middle East?
IT is not a liability. We are a crucial asset.
Your position and argument is laughable at best. How big of a problem could an infestation be? Seriously!!?!?
There are practically no viruses out there anymore, but malware, trojans, etc.. It's funny how you think you are the only professionals in the company worth anything as if we could be replaced by Geek Squad.
As we speak, there are organized groups out there actively targeting the top businesses in the US. What would a breach cost your company? What would the loss of a huge number of customer records cost you? Trademark secrets? Des
With your attitude, you're right. You would not be working for my company.
Very simply that is because I am a very fair and reasonable CTO. When users (which includes you) get out of line and have no justifications for their actions that create liability for the company, when I provide efficient and workable alternatives, they get disciplinary action all the way up to being fired.
The reason why is that I am well respected by the people in my company from top to the bottom. I have always worked well with people to find solutions without endangering the company, or creating a hostile work environment between IT and the users.
You would not fit into our company. You cannot even give me:
1) A good reason why you need to send that type of data in email. 2) A cogent description of your needs for me to find a solution.
How can I begin to help when you refuse? You have no respect for my job, my responsibilities, or a willingness to participate in problem solving or conflict resolution.
And yes, my docs are confidential and none of you IT monkeys should be able to read them...
There is your first problem. Already there is no room for reasonable cooperation without mutual respect and understanding.
IT should be a 'business enabler'
WRONG, WRONG, AND WRONG.
I am not just "IT". I am the CTO.
Enabling you to do your job is only one part of my job, and not even the most important. I must prioritize my responsibilities. In order to keep the company safe and sound I have to reasonably find a balance between the use of a system and the security of a system. That is first and foremost. Figuring out how to make your life easier comes in second.
Do you really think there is a danger? Hackers targeting your company would simply send the latest 0-day, which your anti-virus wouldn't catch anyway.
Yes, Yes I do. Absolutely. Hackers would not just "send the latest 0-day". They will try social engineering, dropping flash drives in the parking lot, probing of Internet facing assets, email phishing attacks, etc.
How can their 0-day get through if all email attachments are locked down to document file types only, and those are inspected and have certain functionality removed?
I don't care about little Hitlers in IT that talk about staff as 'The user has no basis or justification to'... WTF!
With respect, I get paid to decide the basis and justification for your actions.
Anything the user needs for business you should provide!
Wrong. Anything that the business needs, I need to find a reasonable solution that the user can work with while satisfying the primary needs for the business. Which is that reasonable balance between use and security I spoke of earlier. It's not Burger King, it's not what you want when you want it.
but instead of 'being reasonable' and blocking everything you should provide a solution to enable that user in secure file-sharing with people if there is a business need
I completely agree. Which is why I completely block email, especially on inbound, but have other means of secure document sharing between you and corporate clients. Which is important to note, I don't view the customers as your customers, but the company's customers.
In your case, which is not unusual, email is not the best and most secure method. A secured website that allows you to share very specific data with customers is best. We have vendors and service providers that have very strong data policies as well. They would never ever send a PDF via email. Secured PDFs are downloaded via a web portal with multiple user account credentials that I get to control via another management portal. I can then review all of it as part of my job.
I understand your need. My job is not fill your need the way you want. Why? Simply put, you ain't the CTO buddy. I am the CTO. When something goes wrong, it is my ass on the line, not specifically yours. If it is bad enough, like a huge data breach, your livelihood is affected along with countless others. That's a responsibility I would have to live with.
So that's why I carefully consider your needs. What is it you are trying to do? How can I make that the easiest way possible for you? How do I make it secure and satisfy our data security policies and the vendors? Multiple vendors? How do I make your life easier and more efficient?
At the end of day, believe or not, I exist to make your lives easier so you can be more productive, while also protecting the company to the best of my ability. It's not to be a dick and make your life hell for "funsies".
And yes, my docs are confidential and none of you IT monkeys should be able to read them...
If you were the IT guy at my company, I would complain to the CTO until I got an exception to your restriction. I don't care about your petty concerns when they get in the way of doing my job. Neither does anyone else.
Good fucking luck. I am the CTO.
Petty? Setting aside your childish attitude, your job does not come first. The company comes first. Without the company... you don't have a job.
You are part of the problem. Instead of trying to understand the "why" of a policy you actively undermine it with a blatant and flagrant attitude mixed with ignorance, shortsightedness, and selfishness.
As the CTO, I need to protect the integrity of the company. That means making sure that there exists policies, software, and infrastructure design to protect corporate assets. Part of corporate assets is data. Customers trust us with their medical records, insurance policies, financial information... I could go on.
Am I to tell a customer that we had 1,000,000 records leaked because you wanted to transfer around executable files and bitched and moaned along with a couple of other people till you got your way? Hardly sounds reasonable. In fact, it makes me look I just was not doing my job.
Funny how that works out huh? Everything I try to do to reasonably find a balance between use of the system and security of the system is seen as some sort of fascism by people like you and you actively bitch and moan to try to undermine it. Yet.... when something goes wrong.... well that's my fault. The particulars are not relevant, such as your behavior and participation, because I was just supposed to magically create a world where you have no restrictions and everything works in perfect safety.
Now instead of acting like a child, why don't you give me an actual reason why you need to send executables and protected, nested, compressed files around in email?
This whole conversation got started with you saying it was impossible to prevent data leakage and penetration, I then offered a reasonable response, at which point you said you would try to undermine it to your fullest extent. How much sense does that make?
Not allowing.exe files in emails drive you crazy? Especially when email was never truly designed for file transport in the first place?
Not allowing compressed file attachments that cannot be scanned drives you crazy?
Well tough cookies buddy. If you need to send files back and forth with a user on my network you can go through different channels, and whatever they are, you can bet that the file will be scanned and the user will not be allowed to install software. If you are trying to protect from being scanned or opened, you are already wrong to do so. The user has no basis or justification to need privacy (from the system) when exchanging information across email. Part of the data diode and behavioral analysis I mentioned.
None of what I said prevents normal file transfers needed in the course of business. Just executable files.
I hardly see how that is unreasonable.
If I wanted to go overboard and be unreasonable I would remove PDF attachments.
He has a point, and so does the other poster. Marriott cannot absolve themselves of all blame here and trumping up enormous costs is kind of way to shift the expense they should have already been paying to secure their systems. A million dollars is a little over board. I'm not blaming the victim here either, just saying that it is a little bullshit to pile all those costs on to the hacker afterwards.
As far as preventing trojans being sent to employees you could look at it preventing all file transfers over IM, removing all executable attachments on email, all attachments on email that cannot be decompressed, locking out USB drives from connecting, disabling auto-play, etc.
An intercepting proxy and whitelist can also be pretty effective when combined with anti-virus and anti-malware from the workstations.
Now if you mean mitigating damage once the trojan is installed, that is where document management, behavioral analysis, systems that employ data diode techniques, and limited access per employee and workstation can help.
Sure, you could attempt privilege escalation once on the machine, but if all the attacker can get is the user credentials, and the workstation itself cannot be used to obtain suitable credentials to compromise other workstations or servers on the network, then I would call that damage mitigation.
Of course, none of this is fool proof, but you seemed to indicate that it was not possible to prevent it at all.
Slashdot Mirror
Purchasing Bluray, and the increasingly Internet connected players with their evolving DRM, is an endorsement of their behavior financially and philosophically.
I simply cannot support that and must make the statement with my wallet that I am not willing to participate at any cost.
In other words.... Operational Security is for military operations. Last time I checked we lived in a free society in which our military is 100% separated from civilians. By that I mean that a Colonel armed with a gun can't walk around the streets and start ordering civilians to do anything, unlike some parts of the world.
Operational Security does not apply to law enforcement. Once you take away the tremendous bullshit of the War on Drugs, just how much "Operational Security" is really required on a day-to-day basis? I suspect a hell of lot less than anything that would justify it.
The public safety mission is harmed when you take away oversight and accountability. Radio signals in the clear is part of oversight and accountability. The public has every right to know response times, unit numbers, processes, practices, methodologies, etc. After all, they work for us.
Is the proper balance being struck here? Somehow I doubt it.
Now in situations in which a SWAT team is actually required I don't object to some Operational Security during that particular operation and full disclosure afterwards. Those situations are fairly rare when compared against all crime, once you exclude all the aforementioned bullshit of the drug war.
Law enforcement will never be able to justify to me why their actions cannot be 100% transparent.
who had welched on a deal or raped someone's dog
Man.... London must have had some ugly women or really horny dudes to have a dog raping problem that required vigilante justice to solve it.
He can't. The filter prevents it. I tried posting a picture of my penis here (in ASCII art) but it said to use fewer "junk" characters.
OCD-Type?
Hardly. If the picture is bad, the picture is bad. You don't have to obsessive compulsive to not be satisfied with it.
YMMV. I have noticed the waterfall effect on every single Bluray release I have seen everywhere. You might not be picking it up. That is not on crappy hardware either. People I have watched it on had the higher end Bluray players with the latest TVs and HDMI connectors.
For the record the primary reason I not enjoying the "by far best home theater experience yet devised" is totalitarian DRM that completely removes all value and joy from the platform.
I stick with DVD and will be doing so till the next revolution comes around without DRM. Yes, I know, that DVD technically has CSS. That is hardly a roadblock though and I can still make 1:1 backups and preserve the originals. While piracy is a very easy option to me with significantly mitigated risks, I compensate copyright owners to a reasonable extent where possible.
If the next revolution comes around and it is still burdened with DRM and activation servers..... and DVD goes away...... I will just go 100% piracy and not look back. Not for one second will I spend money and not actually own something. That means no Sony products anywhere near me if I have the option, and that includes Bluray.
If I really had OCD, I could not watch DVD either or Netflix on my WDTV Live Plus. Even with excellent bandwidth the Netflix streaming can start picking artifacts very quickly when it downgrades in response to any bandwidth issues that arise.
My response was to the statement that digital had perfect video fidelity. It does not.
You're absolutely right that I am comparing the best analogue performance. The "holiness" comment is not required. Some people are willing to spend their own money on quality. I did not do it to be snobbish, I did it because the quality was unreal at the time.
As far as worst, I disagree. I encounter plenty of artifacts in nearly every digital title produced. Some people might be used to it. I never will be, and it is the same with overlays on TV shows and the like. I just pick it up the instant it is on the screen.
It's been at least 3 years since I have seen an LD played on my equipment and I don't even have it hooked up anymore. Those LDs are not going to last forever, and neither will the player.
So it's not like I am actually using VHS or anything. I stick with DVD because I won't support Bluray. I just think it is inexcusable and embarrassing to have the ability to make 1:1 digital copies from the master and to produce a master with shitty encoding.
For every great encoding you think you found, I could show 9 others with artifacts.
You misunderstand.
I don't give a shit about resolution when there are artifacts in high speed motion scenes. I'm not hard pressed to find this. Over half of the Bluray and HD experiences I have had were with artifacts. It's inexcusable to have it. The technology allows for you to greatly minimize artifacts. It's the complete fucking retards doing the encoding that ruin it. If you are going to put a product out there, that ironically is digital and allows for 1:1 copies of the master, and ask me for more than $20, you can be professional and encode it well.
Of course resolution is better. No doubt about it and it is not subjective. What I am saying is that I have the choice of watching analog video on VHS with its lower resolution, color bleeding, etc. or digital video on Bluray with its higher resolution and artifacts.
What we are really getting down to here is quality. Now that is subjective.
To that end, I was only pointing out, that to me, the quality issues with VHS and DVD/Bluray add up to the same thing. Which is why LD analog video was 90% of the resolution of DVD with none of the encoding artifacts. A well produced LD on Elite hardware is very good looking while still having the benefit of digital audio. They were even THX certified towards the end.
My response was mainly to the idea that digital was absolutely superior in terms of fidelity. It's not. Of course I would never go back to VHS. That's just stupid. LD looks awesome, but you can't get content anymore.
So I stick with DVDs.
I'll tell you what is not subtle between digital and analog. Compression artifacts. Those actually bother me more since DVD, being digital and all, is supposed to have more "fidelity". In most cases DVDs are pretty okay. Where it gets downright ridiculous is Bluray that I have seen. Can those retards not encode properly? Even on the best set ups I have seen embarrassing artifacts on high speed motion scenes.
It should be nice, clean, and smooth. Anything else is a compromise, and to me similar to VHS in that respect.
Definition is one thing, but artifacts is like that one dropping of rat shit on an otherwise perfect New York Cheesecake.
I agree with you that it is pretty stupid to go back to VHS when there is an alternative, but analog video reached its peak with LD. That was quality on par with DVD every day of the week. LD had easily at least 90% of the definition of DVD and none of the drawbacks of VHS.
When I can get proper encodings of video I will agree with your statement about digital "fidelity".
properly done digital is superior to all those formats
That is very rare. In many ways I view the quality of DVDs and Blurays as equivalent to that of VHS tapes. It's Apples and Oranges really. With VHS you had degradation and quality issues inherent to the format. With digital, which is usually done poorly, even on high end Blurays, you have the "waterfall effect" where the blocks become noticeable in high speed movement in the scene, most noticeably on water falls.
If we had a nearly loss less compression algorithm, or better methods of dealing with such artifacts that would be nice, but for now it is not like digital is perfect fidelity.
If I had to choose I would go with my 300 pound Pioneer LaserDisc player. It was expensive as hell, and I did not have to flip the discs. The quality though was just shy of DVD and still analog video. That meant no artifacts and no degradation (well a heck of lot less without laser rot). It was a nicer looking picture to me.
Not to mention the audio was in many cases digital and the Elite players had optical connectors to your stereo system.
I know it may sound crazy, but it really pisses me off when I see a $20+ Bluray title, with super high resolution compared to the LD, and yet still have bullshit encoding artifacts in high speed motion scenes. LD did not have that.
One of the many reasons why I won't spend a dime on Bluray.
LD is too much of a pain in the ass though, not to mention new titles are not exactly being sold either. Never did see a burner or blank ones around either.....
The logical - evolutionary, if you will - next step is a political party whose leaders became infamous for demanding that Federal departments "stay on-message" when they were in the White House, for example, expanding that philosophy and using the aforementioned powers - whether Constitutional, blessed by Congress, or ignored by Congress - to silence those who criticize their actions.
That's not evolution. That's repeating history. Which is why it is so sad and frustrating when people cannot remember history and what happened with the FBI in the 60's and counter cultural movement. Hoover was fucking insane and the best example of somebody in government that is that last person you want in government.
It's even more important to remember the true history of our government because it is just made up of people. The people and their behavior is the same, the tools have evolved. It's a lot easier to create a file on you these days and harass the crap out of you when you don't "stay on message" as you put it.
For people who think that is a bit tin-foil-hattish, they can read in Hoover's own words how much he hated MLK. Judging those events now tells us something.
The Patriot Act allows you to walk into a data center and threaten the owners and operators with the loss of their freedoms if they don't immediately assume the proper position (bent over at the correct angle with their hands around their ankles for maximum insertion) and severe punishments for even talking about the incident.
Has a surprisingly similar series of events to gang rape in prisons.
So why go through all the hassle of intercepting when you can go straight to the source now with no resistance?
And at least the stick-figure displays aren't as offensive as the originals.
That's fine and all, but we both know the full resolution ones that could be used for biometrics will be stored. That's an invasion of privacy.
Plus, reducing it to stick figures is also offensive. I know that they could never get that third stick between my legs right, and god dammit, there are not just sticks. What about the "rocks" too?
The whole thing is ridiculous.
Replying twice because I forgot about mentioning the alternative which is the whole ball groping deal.
Flying in the US I have that choice (when I absolutely must fly for business) and I choose the ball groping.
Seriously... is the guy going to draw a picture of my junk with crayons from memory? While I might find the situation distressing I feel better knowing that *he* had to touch my balls. Not just *my* balls, but every single other person who refuses those naked porno scanners. Looking at the big picture, I am not one forced to fondle dudes nuts for a living. Which is why I have never mentioned that I have an itch a little to the left.
So if Australia would give me the option of the ball groping, I might still decide to visit there. Always wanted to go.
They already are.
I won't go through one of those "naked porno scanners" and not just for privacy reasons. It is still up in the air about the actual safety with some people saying that they are off by a whole order of magnitude.
There is absolutely no way I would subject a child to it. That's just sick.
Don't think I am alone in this. People I talk to that like to take vacations in different parts of the world make their decisions, in part, on totalitarian bullshit like this. I can't tell you how many friends and people from Europe just don't want the hassle of coming to the US (Land of the Free). I get asked to come over there.
Fuck England too. Not only is there the bullshit of getting through the airport, but I am not spending my money to be watched on camera my entire fucking vacation.
Ditto. Although I am currently inside the US.... so .... yeah.
Why change the verdict at all?
It make make us in the present feel better, but then we would be rewriting history.
It may not be a bad thing that Turing remains forever convicted for that "crime". Along with his outstanding contributions to his fellow man he will serve as a reminder of how we did things wrong, and how we can continue to evolve and grow into a more advanced society.
At first glance we might want to vilify the lords that refused and made that statement, but after further reflection, there might be some value in having him remain convicted for all time.
Just an opposing point of view to consider.
But the fact is that we all depend on companies every day and trust them with our personal info.
Very, very, true. I work for some of them. However.... it is worth noting that there are some pretty strong NDA's and SLA's in place that define exactly how we store the data, what we will do with that data internally, how we might use 3rd parties to provide service, our own backup policies etc.
Also, the companies I work for get paid by you. YOU ARE OUR CUSTOMER . With Facebook, YOU are the product, the advertisers are the customer.
Now it is not tremendously difficult to understand there is a huge difference between Facebook and other SaaS companies out there. So it is a bit disingenuous to draw that kind of comparison when offsite storage services don't have a vested interest in pouring over your data for marketing information to sell to the highest bidder.
It's not being paranoid when Facebook is going to be filing reports with the FCC soon on how they profited on violating your privacy.
there's a CEO (with an MBA of course) that loves to override my decisions when the whiny users complain that they "can't get their work done"
I don't get an override exactly, but when the company is unable to put certain policies in place due to financial constrictions or otherwise I just write a letter. Part of the well written contract, and that is best asset that anybody in IT can have. A very well defined relationship with the company is essential.
Some CTO's and IT people get too emotionally involved and treat the network and corporate assets like it is their personal property to be defended at all costs. I see it as a job, I do it to the best of my ability, give the most options and information to those needing to make decisions, and that's all there really is to it.
In the letter I just state my position, explain what is going on, what I believe the consequences could be, and ask them to sign it. I have had people ask me why, and even get a little upset, but I have just explained that it so in case something happens we can remember it and that I am not liable. I make it clear that I take orders from them, like any good soldier, but I am making sure that they are fully informed and the letter serves as record that I was not negligent by staying silent.
I had to learn the hard way early on that the costs of staying silent, or making it personal in any way, shape or form, was a massive mistake. Just be professional about it.
The most famous one is where I advised a client to get offsite backup and a secondary NAS RAID for real time backup of changed files. It was turned down. I had them sign the letter. About a year later the Enterprise RAID crapped with a busted drive and the headers were overwritten. Ended up costing about 90x the backup fees in immediate replacement and data retrieval costs and a couple thousand times more in lost productivity across the entire company.
I was the consult that they had on retainer to prevent it.... and I showed them the letter when they were going beserk. At that point it was kind of hard to be angry with me and I ended up spending the next 5 weeks getting their company back up and online.
Guess how fast they bought the backup solutions I recommended previously? :)
As a CTO now though, I rarely get into such a situation. With my experience, people skills, and management skills I have been fairly successful at explaining why my proposal is in the best interests for the company. It also helps to have options and solutions instead of just "no we can't do that".
The best answer is, "I am not sure how to do that, but let me think about it and find the best solution for you".
And it's people like you who spend so much goddamn time worrying about little "issues", that if given the power to do so by the company management, you'd drag the entire business down from accomplishing its actual goals all in the name of preventing these "issues."
And it's people like you who don't want to worry about any issues that even remotely have the perception of slowing you down until it costs the company HUGE. I really don't know who you deal with, but the attempt to protect company data is not a little "issue".
And when you introduce bureaucracy into every goddamn file copy operation, and require justification and paperwork for every stupid special situation that comes up, what kind of parasitic overhead does this introduce to the business as a whole?
That's insane. Where did you get that from my posts?
You describe a situation where I am like those aliens from Hitchhikers Guide to the Galaxy where you have to sign endless forms for every single possible action.
I never even alluded to that. You don't need to send exe's in file attachments or receive them. I have a different solution for you, that works all the time, and you don't have to ask every time to use it.
In other words, I.T. technicians play all the same political bullshit games that every other group does, while of course, usually also being the ones who cry loudest about what whatever those assholes over in H.R., management, etc are doing. (The victim mentality is popular here, due to the overabundance of beta-male types.) Your attitude is: "If you are kind to me and can eloquently explain your 'need', then I MAY be so kind as to grant you your humble request.....OR if you don't treat me with the respect I feel I *deserve*, I will make your life hell." This petty clannish behavior does nothing more than make you an obstacle, not a solution finder or problem solver. How does it feel to be directly dragging down the company bottom line?
No. My attitude is that mutual respect, cooperation, and communication are the foundation in which we can all solve our problems, get work done, and have a less stressful life.
You may it sound like I am a tyrant, when I am not. I am very approachable, patient, and when we are done talking I aim to leave you informed with a better understanding of the problem and the belief that I am going to provide you a tool to do what you want better than you though possible when we started.
It's hilarious just how much you have misjudged me.
I.T. is a liability, NOT an asset; always remember that. The real assets are a) the knowledgeable and skilled people directly involved in the company's main business, b) the capital i.e. the computer systems you are hired to maintain. Well, the computer is only valuable as long as it's facilitating the operator in accomplishing his job. Who cares how virus-free or clean and well maintained the computer is, if it adds 30% onto the company's labor overhead due to the silly restrictions and arbitrary bullshit the I.T. department has dreamed up? How big of a problem is a virus infestation compared to developers quitting in disgust due to your unwarranted and heavy handed intrusion upon their dignity and job description?
Why have some people made this as hard as peace in the Middle East?
IT is not a liability. We are a crucial asset.
Your position and argument is laughable at best. How big of a problem could an infestation be? Seriously!!?!?
There are practically no viruses out there anymore, but malware, trojans, etc.. It's funny how you think you are the only professionals in the company worth anything as if we could be replaced by Geek Squad.
As we speak, there are organized groups out there actively targeting the top businesses in the US. What would a breach cost your company? What would the loss of a huge number of customer records cost you? Trademark secrets? Des
I had a memory error. I pulled up Johnny Quest in my head instead.
With your attitude, you're right. You would not be working for my company.
Very simply that is because I am a very fair and reasonable CTO. When users (which includes you) get out of line and have no justifications for their actions that create liability for the company, when I provide efficient and workable alternatives, they get disciplinary action all the way up to being fired.
The reason why is that I am well respected by the people in my company from top to the bottom. I have always worked well with people to find solutions without endangering the company, or creating a hostile work environment between IT and the users.
You would not fit into our company. You cannot even give me:
1) A good reason why you need to send that type of data in email.
2) A cogent description of your needs for me to find a solution.
How can I begin to help when you refuse? You have no respect for my job, my responsibilities, or a willingness to participate in problem solving or conflict resolution.
You are the weakest link. Good bye.
And yes, my docs are confidential and none of you IT monkeys should be able to read them ...
There is your first problem. Already there is no room for reasonable cooperation without mutual respect and understanding.
IT should be a 'business enabler'
WRONG, WRONG, AND WRONG.
I am not just "IT". I am the CTO.
Enabling you to do your job is only one part of my job, and not even the most important. I must prioritize my responsibilities. In order to keep the company safe and sound I have to reasonably find a balance between the use of a system and the security of a system. That is first and foremost. Figuring out how to make your life easier comes in second.
Do you really think there is a danger? Hackers targeting your company would simply send the latest 0-day, which your anti-virus wouldn't catch anyway.
Yes, Yes I do. Absolutely. Hackers would not just "send the latest 0-day". They will try social engineering, dropping flash drives in the parking lot, probing of Internet facing assets, email phishing attacks, etc.
How can their 0-day get through if all email attachments are locked down to document file types only, and those are inspected and have certain functionality removed?
I don't care about little Hitlers in IT that talk about staff as 'The user has no basis or justification to' ... WTF!
With respect, I get paid to decide the basis and justification for your actions.
Anything the user needs for business you should provide!
Wrong. Anything that the business needs, I need to find a reasonable solution that the user can work with while satisfying the primary needs for the business. Which is that reasonable balance between use and security I spoke of earlier. It's not Burger King, it's not what you want when you want it.
but instead of 'being reasonable' and blocking everything you should provide a solution to enable that user in secure file-sharing with people if there is a business need
I completely agree. Which is why I completely block email, especially on inbound, but have other means of secure document sharing between you and corporate clients. Which is important to note, I don't view the customers as your customers, but the company's customers.
In your case, which is not unusual, email is not the best and most secure method. A secured website that allows you to share very specific data with customers is best. We have vendors and service providers that have very strong data policies as well. They would never ever send a PDF via email. Secured PDFs are downloaded via a web portal with multiple user account credentials that I get to control via another management portal. I can then review all of it as part of my job.
I understand your need. My job is not fill your need the way you want. Why? Simply put, you ain't the CTO buddy. I am the CTO. When something goes wrong, it is my ass on the line, not specifically yours. If it is bad enough, like a huge data breach, your livelihood is affected along with countless others. That's a responsibility I would have to live with.
So that's why I carefully consider your needs. What is it you are trying to do? How can I make that the easiest way possible for you? How do I make it secure and satisfy our data security policies and the vendors? Multiple vendors? How do I make your life easier and more efficient?
At the end of day, believe or not, I exist to make your lives easier so you can be more productive, while also protecting the company to the best of my ability. It's not to be a dick and make your life hell for "funsies".
And yes, my docs are confidential and none of you IT monkeys should be able to read them ...
I'm going to touch on this twice beca
If you were the IT guy at my company, I would complain to the CTO until I got an exception to your restriction. I don't care about your petty concerns when they get in the way of doing my job. Neither does anyone else.
Good fucking luck. I am the CTO.
Petty? Setting aside your childish attitude, your job does not come first. The company comes first. Without the company... you don't have a job.
You are part of the problem. Instead of trying to understand the "why" of a policy you actively undermine it with a blatant and flagrant attitude mixed with ignorance, shortsightedness, and selfishness.
As the CTO, I need to protect the integrity of the company. That means making sure that there exists policies, software, and infrastructure design to protect corporate assets. Part of corporate assets is data. Customers trust us with their medical records, insurance policies, financial information... I could go on.
Am I to tell a customer that we had 1,000,000 records leaked because you wanted to transfer around executable files and bitched and moaned along with a couple of other people till you got your way? Hardly sounds reasonable. In fact, it makes me look I just was not doing my job.
Funny how that works out huh? Everything I try to do to reasonably find a balance between use of the system and security of the system is seen as some sort of fascism by people like you and you actively bitch and moan to try to undermine it. Yet.... when something goes wrong.... well that's my fault. The particulars are not relevant, such as your behavior and participation, because I was just supposed to magically create a world where you have no restrictions and everything works in perfect safety.
Now instead of acting like a child, why don't you give me an actual reason why you need to send executables and protected, nested, compressed files around in email?
This whole conversation got started with you saying it was impossible to prevent data leakage and penetration, I then offered a reasonable response, at which point you said you would try to undermine it to your fullest extent. How much sense does that make?
Seriously?
Not allowing .exe files in emails drive you crazy? Especially when email was never truly designed for file transport in the first place?
Not allowing compressed file attachments that cannot be scanned drives you crazy?
Well tough cookies buddy. If you need to send files back and forth with a user on my network you can go through different channels, and whatever they are, you can bet that the file will be scanned and the user will not be allowed to install software. If you are trying to protect from being scanned or opened, you are already wrong to do so. The user has no basis or justification to need privacy (from the system) when exchanging information across email. Part of the data diode and behavioral analysis I mentioned.
None of what I said prevents normal file transfers needed in the course of business. Just executable files.
I hardly see how that is unreasonable.
If I wanted to go overboard and be unreasonable I would remove PDF attachments.
He has a point, and so does the other poster. Marriott cannot absolve themselves of all blame here and trumping up enormous costs is kind of way to shift the expense they should have already been paying to secure their systems. A million dollars is a little over board. I'm not blaming the victim here either, just saying that it is a little bullshit to pile all those costs on to the hacker afterwards.
As far as preventing trojans being sent to employees you could look at it preventing all file transfers over IM, removing all executable attachments on email, all attachments on email that cannot be decompressed, locking out USB drives from connecting, disabling auto-play, etc.
An intercepting proxy and whitelist can also be pretty effective when combined with anti-virus and anti-malware from the workstations.
Now if you mean mitigating damage once the trojan is installed, that is where document management, behavioral analysis, systems that employ data diode techniques, and limited access per employee and workstation can help.
Sure, you could attempt privilege escalation once on the machine, but if all the attacker can get is the user credentials, and the workstation itself cannot be used to obtain suitable credentials to compromise other workstations or servers on the network, then I would call that damage mitigation.
Of course, none of this is fool proof, but you seemed to indicate that it was not possible to prevent it at all.