Wrong. There's nothing about Gmail that makes it incompatible with regulatory compliance. Furthermore, SOX and HIPAA regulations are not very specific about the technology solutions that need to be put in place. They just mandate that you have an effective infosec policy and (in the case of SOX) that you have a policy for retaining electronic correspondence. SOX doesn't even have a specific retention period...just that you include *all* correspondence and that your retention policy be reasonable. Google Apps + Postini gives you all the controls you need to achieve both the security and retention goals. So, Gmail?...Nope there's nothing wrong with that.
I read the description for this and I can't tell what it actually does. Smells like snakeoil to me, and the four "customer" reviews seem fake. They claim to make you "HIPAA, HITECH, GLBA, SOA compliant". HITECH is the same as HIPAA, and as for GLBA/SOX...anyone telling you that you need to specifically use technology "X" to be GLBA or SOX compliant is just blowing smoke up your ass since those are accounting regulations that only vaguely touch on IT requirements.
I'm guessing that this is just your run-of-the-mill encryption plugin that is being marketed toward hospitals and the like.
And in case it's not perfectly clear...yes, I do realize that you have to buy a lot of hardware to get these kinds of deals. I'm not suggesting that this scenario would apply to the NGO mentioned above. I'm just saying that for some companies, this is how it is.
Oh, and to clarify what I mean by "no-BS support"...It's when you can pick up the phone, get immediately connected to someone who already knows your first name, tell them that you have two stations with hardware problems, and hear them respond without hesitation, "No problem, we'll send you two replacement boxes first thing in the morning", all while your highly proficient in-house hardware guy is working on writing a screenplay or something.
Seriously...a company I worked for once got a 4-hour guarantee from Dell on server equipment, meaning that they would deliver fresh hardware to our datacenter within 4 hours of being notified of that one of the servers failed.
If you have someone in-house who is proficient with hardware, you are throwing away money.
Not necessarily. If you have a corporate account with Dell or HP and (here's the tricky part) you are able to promise them enough business, you can get amazingly good deals on hardware that can actually beat the pricing on systems you would have built from raw components...plus you get warranties and no-BS support. Corporate accounts like these are simply magical.
Also, I've seen networks where workstations were built one at a time, from components ordered individually from Newegg, and it ain't pretty.
In general, even if an NGO is funded by the government, that money is decided to be given to the NGO through whatever political process and the NGO is free to use it for their goals however they wish, without oversight of the government.
I did a bit more research on my own and found that while NGO's are not usually formed by governments, they do receive most of their funding from them. This can create conflicts of interest on some policy decisions, but no, it would not normally influence their day-to-day operations.
That being said, if the person writing your grant checks says that you need to go through a formal bidding process, then you'll probably do it even though they can't legally obligate you to.
*That* being said, the odds that the purse-string holder will actually make that request are probably pretty slim, and obviously didn't happen in the case of this particular NGO.
Hmmm...I think I just answered my own questions.:-D
Please explain to me why being in the "21st Century" is somehow an excuse to ignore legitimate privacy and security concerns.
Your "concerns" are FUD. See my previous posts. If you're asking what's different now...well, there's this new-fangled thing called the world wide web, not to mention ubiquitous high-speed WAN connections. A great combo if I say so myself.
Just to clarify...I'm using the term AAA in the general sense, and not necessarily referring to RADIUS, TACACS+ or any of the other technologies that directly implement IETF standards.
Wow...I'd love to hear you explain to an auditor how your systems are perfectly secure even though all your computers use local credentials. It's impossible to guarantee that you have met all the requirements of DSS Section 8 without some system of central account management, which typically implies central AAA. Cobbling together random tools and scripts to build such a system yourself just so you can keep using local credentials is insane.
the central auth server is a nasty single point of failure if you don't have competent IT support
So what? Buy two servers and hire a competent admin...it sounds like someone has already got the job so your point is moot.
You seriously risk bankrupting the company if the single server goes down at the wrong time and suddenly NOBODY can use any of the computers
This is completely false. Active Directory credentials, for instance, are cached on the local workstations. FYI, I have had AD servers go down without anyone noticing.
How do we know that magic pixie dust (clogging the heatsinks and causing computer failure) isn't the reason?
DR planning (or really any type of IT planning) necessitates that you try to anticipate problems before they occur. Some of the questions on my list may be outlandish, but they deserve to be asked in the planning process since any one of them could be a real concern. Your sarcasm is ill-placed.
Contrary to owned infrastructure, you can't control the security of a shared hosting provider.
That's usually a good thing. In-house IT staff sometimes cut corners on security either due to laziness, ignorance or some combination of both. IT services companies tend to be much more strict about information security since that's the core of their business.
It boils down to a matter of trust. And would you actually trust a guy who askes questions like this to create (and maintain!) better security than a shared hoster with a compoter security team twice the size of his complete company?
This statement contradicts your previous ones. I honestly can't tell if you are agreeing or disagreeing with me.
That's a pretty recent version of the definition. If you prefer I use the term "snooping", fine.
Actually, I prefer you use the terms "espionage" or "data theft" since that is what you are implying.
it is now known that significant personal and business information can be inferred from mining. It isn't as impersonal as just a few statistics might imply.
Indeed, it is possible to de-anonymize certain data, but for that to be of any consequence, the data must be *distributed* to another party who would do so. I'm not aware of any alleged cases of Google distributing Google Apps data to third-parties (except as ordered by subpoena). If you have evidence of this, please post it.
And how do we know this? From information leaks that have in fact happened, and from statements by Google themselves. [...] There has been a great deal of writing about this in the last few years.
Citation please...and remember, we are talking about data stored in paid, corporate Google Apps accounts, not issues with Google Buzz, StreetView or some experimental Google Labs project. Google has a policy of temporarily holding back experimental apps and features from their corporate customers so that they have time to evaluate them for stability and security.
I realize that there was reportedly an issue that would prevent some privileges from being fully revoked in Google Docs after certain documents had already been shared (kinda like how actual files work), but this security issue was resolved quickly and responsibly. IIRC, there was also some controversy over how Gmail used SSL. All sorts of apps suffer from bugs and security holes, but compared to the security track record of, say, Microsoft...theirs is pretty darn good.
And if you want evidence that Google is not always 100% honest about what it does, look here [bit.ly].
I have read this article, and I even agreed that this is a case of biasing search results. However, the contention being made there is that Google could use this result-biasing to engage in anti-competetive practices with other companies, not that they are doing anything to harm their own customers. To outright call them liars is not really fair since its debatable whether or not one would consider these enhanced search boxes to be "search results". In the context of Google's own definition of a "search result", they are telling the truth.
No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on.
This is a completely ridiculous statement. I have not worked for a company in the last 20 years, large or small, that did not have such a policy. Where did you come up with this idea?
Well, I have not worked in IT for nearly that long, so maybe something has changed since then. Nevertheless, nowadays, companies outsource. My ideas about security policies come from reading them, and I have yet to see one that forbids outsourcing of hosting services. Also, I am intimately familiar with the PCI DSS, which permits outsourcing as long as the vendor in question is also PCI compliant. The general consensus is that if you can be PCI compliant, then you are already compliant with almost every other security standard there is...some notable exceptions being regulations that govern big telecom companies and military contractors.
In fact, there are some standards that a small business can't hope to be compliant with without sending their data off to a third-party! Consider services like Postini, which are used to enforce email retention and filtering policies. BTW, Postini is owned by Google and a lightweight subscription is included with your Google Apps purchase.
While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in t
I suppose you're right in that I shouldn't lecture people about what they ought to find funny. I was just frustrated that some people would interpret my comment as hate-speech rather than simply being a bad joke.
Ironically, at the time of this writing, my original comment has received just one "-1 Troll" mod, followed by three "+1 Funny" mods. I'm not quite sure what to make of that...*ugh* I really just want this thread to be over.
Actually, I think they are referring primarily to plastics that get thrown in the trash. "Feedstock" is just a generic term for the raw material that goes into any type of factory. Since your laptop's outer shell is probably made of plastic, it could theoretically be used in this process. Busted laptops are e-waste (i.e. hazardous material), hence the special regulations that govern the disposal and recycling thereof. Considering this, I doubt that they could be used as raw feedstock for the fuel-creation process. However, after a bit of dismantling, the plastic bits could be separated from the rest and fed into this factory.
Nevertheless, I agree that randomly claiming that 1 laptop == 1 quart of diesel fuel is just plain silly...
Now your laptop can turn into a quart of diesel fuel to power your trip to the dump.
...and what makes this guy think my car runs on diesel anyway?;-)
Easy or not, central auth is absolutely, 100% essential in this case (as in most others). Let's consider the facts:
* NGO * 20+ Employees * It's an explicit requirement from TFA
Not having central auth in this case could be disastrous...
What if they ever want to expand beyond 20 employees? (Nevermind that 20 is more than enough to justify central auth) What if they ever need to be PCI compliant? What if they already need to be compliant with government security policies?...or compliant with security policies of private-sector affiliates? How do we know that poor security isn't the reason they are scrapping their old network? What if they actually do care about "simpler administration", as the GP puts it? What if they need to apply for business continuity insurance?
...this list could go on and on. Everything else the GP says makes sense, but frankly, I'm floored by the fact that he doesn't think central authentication is necessary in this case.
While we're on the subject of bidding, I have to ask; Doesn't the fact that this company is an NGO imply that they receive government funding? And aren't organizations that receive government funding required to go through a formal bidding process?...you know, one that involves issuing RFP's and writing up detailed proposals before you actually receive the green light?
How exactly did this guy already get the job without submitting a proposal or statement of work with details about what he's going to do? And, more importantly, how do I get in touch with this company? Are they still hiring contractors? If so, I've got a fantastic ERP system I'd like to sell them. Sure, it only exists in paper-napkin form right now, and I'll need half the money up-front, but trust me...it's the only solution on the market that will fit their needs.
Well, all I have to say is that if this bastard has polled a well-established base of computer experts for advice, then he should at least share what those results were with us here at slashdot.
Ooooh, yes! I can hardly wait for the new headline a few weeks from now which will read:
Technology: NGO Sysadmin Sets Up 20-Workstation Network Using Reliable yet Low-Cost Components Posted by timothy from the who-fucking-cares dept.
...and I will then relish in seeing posts such as, "Why the fuck did this make it to the front page?" get modded to +5 Insightful. Ahh, good times.;-)
As for the rest, I agree (at least in spirit) with the GP that buying from well-established vendors is usually the way to go.
Exceptions to this arise when your company is either very large or is very IT-focused. In these cases, it may make more sense to use home-grown products, or those that could otherwise be supported internally.
you only need 1 good server for all your internal needs
for serving web pages OUTWARD, to the public, you should have a separate server
Is it just me, or shouldn't you have at least 2 servers for each of these purposes? I've been taught that there's value to be had in redundancy, and although redundant internal components are fine and dandy, nothing beats having another box to fail over to in the event of system failure or maintenance.
As for the rest, I agree (at least in spirit) with the GP that buying from well-established vendors is usually the way to go.
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software. [...]we know they actually do mine data.
How do we know this?...and which data?...and why does it matter? Obviously, Google tracks web search queries and monitors ad performance, but you seem to suggest that they are engaging in corporate espionage. Note that, even if they were doing this, it could not be considered data mining since data mining, by definition, is about the discovery patterns and trends, not specific facts.
Are you perhaps concerned about Google's AdSense reading your email in order to display relevant ads? You know, you can turn off all ads with a paid Apps account.
S3? Cool. Let's just put the video about our upcoming IPO on somebody else's servers, where others can have access to it.
First of all, corporate executives often pay a lot of money to make sure that their IPO publicity materials are seen by as many people as possible, so this was a horrible example.
More to the point, your argument seems to invalidate all forms of shared hosting by labelling them as unsecure, which is obviously absurd. No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on. Nor do they require that your employees have direct access to said hardware. Most of them rightfully include language that restricts physical access by your employees.
While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in this statement is just plain FUD.
That's not what I meant. This is just another case of self-deprecating humor that/. completely fails to understand. You see...the joke is that I'm a nerd who has never had sex (not actually true), and doesn't understand what the word "fucking" means. Sure, it's offtopic, but I don't care. Screw you fuckers for judging me.
Slashdot Mirror
Wrong. There's nothing about Gmail that makes it incompatible with regulatory compliance. Furthermore, SOX and HIPAA regulations are not very specific about the technology solutions that need to be put in place. They just mandate that you have an effective infosec policy and (in the case of SOX) that you have a policy for retaining electronic correspondence. SOX doesn't even have a specific retention period...just that you include *all* correspondence and that your retention policy be reasonable. Google Apps + Postini gives you all the controls you need to achieve both the security and retention goals. So, Gmail?...Nope there's nothing wrong with that.
I read the description for this and I can't tell what it actually does. Smells like snakeoil to me, and the four "customer" reviews seem fake. They claim to make you "HIPAA, HITECH, GLBA, SOA compliant". HITECH is the same as HIPAA, and as for GLBA/SOX...anyone telling you that you need to specifically use technology "X" to be GLBA or SOX compliant is just blowing smoke up your ass since those are accounting regulations that only vaguely touch on IT requirements.
I'm guessing that this is just your run-of-the-mill encryption plugin that is being marketed toward hospitals and the like.
And in case it's not perfectly clear...yes, I do realize that you have to buy a lot of hardware to get these kinds of deals. I'm not suggesting that this scenario would apply to the NGO mentioned above. I'm just saying that for some companies, this is how it is.
Oh, and to clarify what I mean by "no-BS support"...It's when you can pick up the phone, get immediately connected to someone who already knows your first name, tell them that you have two stations with hardware problems, and hear them respond without hesitation, "No problem, we'll send you two replacement boxes first thing in the morning", all while your highly proficient in-house hardware guy is working on writing a screenplay or something.
Seriously...a company I worked for once got a 4-hour guarantee from Dell on server equipment, meaning that they would deliver fresh hardware to our datacenter within 4 hours of being notified of that one of the servers failed.
If you have someone in-house who is proficient with hardware, you are throwing away money.
Not necessarily. If you have a corporate account with Dell or HP and (here's the tricky part) you are able to promise them enough business, you can get amazingly good deals on hardware that can actually beat the pricing on systems you would have built from raw components...plus you get warranties and no-BS support. Corporate accounts like these are simply magical.
Also, I've seen networks where workstations were built one at a time, from components ordered individually from Newegg, and it ain't pretty.
So to recap...
Doesn't the fact that this company is an NGO imply that they receive government funding?
Typically, yes.
And aren't organizations that receive government funding required to go through a formal bidding process?
Not in the case of NGO's, no.
How exactly did this guy already get the job without submitting a proposal?
Probably because no one bothered asking them to put out an RFP.
...next time I'll JFGI.
In general, even if an NGO is funded by the government, that money is decided to be given to the NGO through whatever political process and the NGO is free to use it for their goals however they wish, without oversight of the government.
I did a bit more research on my own and found that while NGO's are not usually formed by governments, they do receive most of their funding from them. This can create conflicts of interest on some policy decisions, but no, it would not normally influence their day-to-day operations.
That being said, if the person writing your grant checks says that you need to go through a formal bidding process, then you'll probably do it even though they can't legally obligate you to.
*That* being said, the odds that the purse-string holder will actually make that request are probably pretty slim, and obviously didn't happen in the case of this particular NGO.
Hmmm...I think I just answered my own questions. :-D
Please explain to me why being in the "21st Century" is somehow an excuse to ignore legitimate privacy and security concerns.
Your "concerns" are FUD. See my previous posts. If you're asking what's different now...well, there's this new-fangled thing called the world wide web, not to mention ubiquitous high-speed WAN connections. A great combo if I say so myself.
Just to clarify...I'm using the term AAA in the general sense, and not necessarily referring to RADIUS, TACACS+ or any of the other technologies that directly implement IETF standards.
PCI-DSS doesn't require central authentication
Wow...I'd love to hear you explain to an auditor how your systems are perfectly secure even though all your computers use local credentials. It's impossible to guarantee that you have met all the requirements of DSS Section 8 without some system of central account management, which typically implies central AAA. Cobbling together random tools and scripts to build such a system yourself just so you can keep using local credentials is insane.
the central auth server is a nasty single point of failure if you don't have competent IT support
So what? Buy two servers and hire a competent admin...it sounds like someone has already got the job so your point is moot.
You seriously risk bankrupting the company if the single server goes down at the wrong time and suddenly NOBODY can use any of the computers
This is completely false. Active Directory credentials, for instance, are cached on the local workstations. FYI, I have had AD servers go down without anyone noticing.
How do we know that magic pixie dust (clogging the heatsinks and causing computer failure) isn't the reason?
DR planning (or really any type of IT planning) necessitates that you try to anticipate problems before they occur. Some of the questions on my list may be outlandish, but they deserve to be asked in the planning process since any one of them could be a real concern. Your sarcasm is ill-placed.
Contrary to owned infrastructure, you can't control the security of a shared hosting provider.
That's usually a good thing. In-house IT staff sometimes cut corners on security either due to laziness, ignorance or some combination of both. IT services companies tend to be much more strict about information security since that's the core of their business.
It boils down to a matter of trust. And would you actually trust a guy who askes questions like this to create (and maintain!) better security than a shared hoster with a compoter security team twice the size of his complete company?
This statement contradicts your previous ones. I honestly can't tell if you are agreeing or disagreeing with me.
If you want to call that "irrational" policy, then be my guest.
I do, because it is. Your security policy that was written in 1990 needs to be updated for the 21st century.
That's a pretty recent version of the definition. If you prefer I use the term "snooping", fine.
Actually, I prefer you use the terms "espionage" or "data theft" since that is what you are implying.
it is now known that significant personal and business information can be inferred from mining. It isn't as impersonal as just a few statistics might imply.
Indeed, it is possible to de-anonymize certain data, but for that to be of any consequence, the data must be *distributed* to another party who would do so. I'm not aware of any alleged cases of Google distributing Google Apps data to third-parties (except as ordered by subpoena). If you have evidence of this, please post it.
And how do we know this? From information leaks that have in fact happened, and from statements by Google themselves. [...] There has been a great deal of writing about this in the last few years.
Citation please...and remember, we are talking about data stored in paid, corporate Google Apps accounts, not issues with Google Buzz, StreetView or some experimental Google Labs project. Google has a policy of temporarily holding back experimental apps and features from their corporate customers so that they have time to evaluate them for stability and security.
I realize that there was reportedly an issue that would prevent some privileges from being fully revoked in Google Docs after certain documents had already been shared (kinda like how actual files work), but this security issue was resolved quickly and responsibly. IIRC, there was also some controversy over how Gmail used SSL. All sorts of apps suffer from bugs and security holes, but compared to the security track record of, say, Microsoft...theirs is pretty darn good.
And if you want evidence that Google is not always 100% honest about what it does, look here [bit.ly].
I have read this article, and I even agreed that this is a case of biasing search results. However, the contention being made there is that Google could use this result-biasing to engage in anti-competetive practices with other companies, not that they are doing anything to harm their own customers. To outright call them liars is not really fair since its debatable whether or not one would consider these enhanced search boxes to be "search results". In the context of Google's own definition of a "search result", they are telling the truth.
No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on.
This is a completely ridiculous statement. I have not worked for a company in the last 20 years, large or small, that did not have such a policy. Where did you come up with this idea?
Well, I have not worked in IT for nearly that long, so maybe something has changed since then. Nevertheless, nowadays, companies outsource. My ideas about security policies come from reading them, and I have yet to see one that forbids outsourcing of hosting services. Also, I am intimately familiar with the PCI DSS, which permits outsourcing as long as the vendor in question is also PCI compliant. The general consensus is that if you can be PCI compliant, then you are already compliant with almost every other security standard there is...some notable exceptions being regulations that govern big telecom companies and military contractors.
In fact, there are some standards that a small business can't hope to be compliant with without sending their data off to a third-party! Consider services like Postini, which are used to enforce email retention and filtering policies. BTW, Postini is owned by Google and a lightweight subscription is included with your Google Apps purchase.
While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in t
I suppose you're right in that I shouldn't lecture people about what they ought to find funny. I was just frustrated that some people would interpret my comment as hate-speech rather than simply being a bad joke.
Ironically, at the time of this writing, my original comment has received just one "-1 Troll" mod, followed by three "+1 Funny" mods. I'm not quite sure what to make of that...*ugh* I really just want this thread to be over.
Actually, I think they are referring primarily to plastics that get thrown in the trash. "Feedstock" is just a generic term for the raw material that goes into any type of factory. Since your laptop's outer shell is probably made of plastic, it could theoretically be used in this process. Busted laptops are e-waste (i.e. hazardous material), hence the special regulations that govern the disposal and recycling thereof. Considering this, I doubt that they could be used as raw feedstock for the fuel-creation process. However, after a bit of dismantling, the plastic bits could be separated from the rest and fed into this factory.
Nevertheless, I agree that randomly claiming that 1 laptop == 1 quart of diesel fuel is just plain silly...
Now your laptop can turn into a quart of diesel fuel to power your trip to the dump.
...and what makes this guy think my car runs on diesel anyway? ;-)
Easy or not, central auth is absolutely, 100% essential in this case (as in most others). Let's consider the facts:
* NGO
* 20+ Employees
* It's an explicit requirement from TFA
Not having central auth in this case could be disastrous...
What if they ever want to expand beyond 20 employees? (Nevermind that 20 is more than enough to justify central auth)
What if they ever need to be PCI compliant?
What if they already need to be compliant with government security policies?...or compliant with security policies of private-sector affiliates?
How do we know that poor security isn't the reason they are scrapping their old network?
What if they actually do care about "simpler administration", as the GP puts it?
What if they need to apply for business continuity insurance?
I applaud your effort, and your empathy to this poor bastard, but you ignored some of the requirements...
I probably wouldn't bother with central authentication unless there's a reason, just do it per computer.
FTFA: "We need a server for authentication and user management."
Also have someone else host all your servers unless a file server is needed.
FTFA: "we would like to have our web server in house"
Don't bid for jobs you can't do.
While we're on the subject of bidding, I have to ask; Doesn't the fact that this company is an NGO imply that they receive government funding? And aren't organizations that receive government funding required to go through a formal bidding process?...you know, one that involves issuing RFP's and writing up detailed proposals before you actually receive the green light?
How exactly did this guy already get the job without submitting a proposal or statement of work with details about what he's going to do? And, more importantly, how do I get in touch with this company? Are they still hiring contractors? If so, I've got a fantastic ERP system I'd like to sell them. Sure, it only exists in paper-napkin form right now, and I'll need half the money up-front, but trust me...it's the only solution on the market that will fit their needs.
Well, all I have to say is that if this bastard has polled a well-established base of computer experts for advice, then he should at least share what those results were with us here at slashdot.
Ooooh, yes! I can hardly wait for the new headline a few weeks from now which will read:
As for the rest, I agree (at least in spirit) with the GP that buying from well-established vendors is usually the way to go.
Exceptions to this arise when your company is either very large or is very IT-focused. In these cases, it may make more sense to use home-grown products, or those that could otherwise be supported internally.
you only need 1 good server for all your internal needs
for serving web pages OUTWARD, to the public, you should have a separate server
Is it just me, or shouldn't you have at least 2 servers for each of these purposes? I've been taught that there's value to be had in redundancy, and although redundant internal components are fine and dandy, nothing beats having another box to fail over to in the event of system failure or maintenance.
As for the rest, I agree (at least in spirit) with the GP that buying from well-established vendors is usually the way to go.
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software. [...]we know they actually do mine data.
How do we know this?...and which data?...and why does it matter? Obviously, Google tracks web search queries and monitors ad performance, but you seem to suggest that they are engaging in corporate espionage. Note that, even if they were doing this, it could not be considered data mining since data mining, by definition, is about the discovery patterns and trends, not specific facts.
Are you perhaps concerned about Google's AdSense reading your email in order to display relevant ads? You know, you can turn off all ads with a paid Apps account.
S3? Cool. Let's just put the video about our upcoming IPO on somebody else's servers, where others can have access to it.
First of all, corporate executives often pay a lot of money to make sure that their IPO publicity materials are seen by as many people as possible, so this was a horrible example.
More to the point, your argument seems to invalidate all forms of shared hosting by labelling them as unsecure, which is obviously absurd. No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on. Nor do they require that your employees have direct access to said hardware. Most of them rightfully include language that restricts physical access by your employees.
While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in this statement is just plain FUD.
"Fucking" is not an adjective. Neither is the word "crazy" when used in this particular context. They are both intensifiers.
Yes, I'm a grammar Nazi, and, yes, this thread has just been Godwinned. :D
How are you going to put electronic money in her garter?
Actually, some of the higher-end establishments, such as Scores in NY, issue their own currency, which IIRC you can pay for with a credit card.
That's not what I meant. This is just another case of self-deprecating humor that /. completely fails to understand. You see...the joke is that I'm a nerd who has never had sex (not actually true), and doesn't understand what the word "fucking" means. Sure, it's offtopic, but I don't care. Screw you fuckers for judging me.