You can change your password, but you canâ(TM)t change your fingerprint.
Aside from all the low tech ways to defeat biometrics (gummy bears anyone?), the simple issue is if your biometric information gets compromised, youâ(TM)re toast.
While it is likely that Trump was being sarcastic and using this is a media grabbing tactic to go after HRC (I'm not a fan of either and not American - so my views aren't relevant.
This is, however, a historical precedent on why having the leader of a nation state make off the cuff remarks is dangerous to peace.
Consider way back in 1770 when Henry the II was getting annoyed at the Archbishop of Canterbury because he was doing things the king didn't really approve of, Henry uttered those infamous words, 'Who will rid me of this turbulent priest.' 4 knights overheard and long story short, one dead arch bishop.
The impact of this was huge - even by medieval standards.
Now imagine a modern day scenario where a president who has a well known temper, lashes out against those who 'oppose' him, and isn't known to staying on message.
So the bottom line is you are being paid to perform a certain function. That function is designed to add value to the organization you work for.
Over the years I've learned the importance of being able to translate from Geek to Suit. The best way to do this is:
1) understand that the organization strategy in how they want to use technology to grow the business 2) understand how your piece fits into this
When talking with the specific individuals:
1) understand how their role fits into the whole 2) understand what is important to their success 3) communicate in this context.
On the actual communication:
1) make sure your suggestions can align to the various strategies 2) focus the discussion on topics like 'reducing risk', 'improving customer experience,' or 'improving processes to reduce costs.'
Yes these are dorky business concepts, but ultimately the business is run by people who think in these terms. Learn their language and you'll find promotions, responsibility and heading your way. Execs are always on the hunt for people who 'get the big picture.' The best way to stand out from the herd is to do this.
Basically the 'suits' in your business are always looking for technical people who understand 'the big picture.' Once you have a good grasp on the overall strategy, you'll find that some of the asinine things that are going on make more sense and you'll be less frustrated.
I attended both this morning's keynote with the general and he also spoke at the blackhat executive summit.
This morning there were a few thousand people in the ballroom for his presentation. There were at most 2 vocal 'hecklers' - though really I think it was just one person. The heckling was met with very limited support, maybe a dozen or two people clapped. However, when the general countered the heckler(s), his comments were met with applause from most of the crowd.
For the record, I'm not commenting on either side of this debate. I am just arguing against the artistic license taken by the author of the story. As I said, I was there for both talks and the alleged tension and heckling was dramatically overstated.
IMHO, the biggest problem with democracy here in the US is the mistaken belief you have two choices.
While the solution would take 2-3 election cycles, two duopoly can be easily changed by encouraging people to vote for the party that actually represents their views. Sure they won't win, but consider what happened when Nader got a ton of votes back during the Bush / Gore election - either the big parties will change their approach (as happened then) or the US will evolve to a multy party system.
The challenge is convincing a society bent in instant gratification that this doesn't 'waste' your vote - rather it is a strategic long term investment.
If you're going to put things in a fire rated container, there are a few things to consider. Those containers are not "fire proof" by any means. Get one whose rating is reasonably high as they will buy you some time.
Most house fires are either a basic 'room and contents' or a much more involved fire where whole floors are exposed (and largely consumed) by flame.
When you put your fire rated container somewhere, consider that fire burns upwards, and the thermal difference from floor to ceiling is around 400 degrees F on average. Before you put the container in the basement corner, remember that firefighters use water to put out fires. Lots of water. 150-200GPM per handline and 1000-2000GPM for the big pipes on the ladder trucks. Most of the damage in a house fire is from water. You'll get us much as 6-12 inches of flooding per floor (until the firefighters cut holes in the floor to drain it so the floors don't collapse.
Also should the roof or ceiling collapse, the best places to have things are near the corners of the load bearing walls.
This is my long way of saying store your fire rated container on a solid hardwood (not particle board) or metal shelf, about knee height on a low floor near the corner by load bearing walls. This way in the event the whole house is a write off, you still have a reasonable chance of saving some of your data and personal effects.
My ex-gf is a high school language teacher (spanish and french). She has approximately 110 different student in various grades.
Technically, teachers are paid from around 7am(ish) to 330pm (ish). She spends a 2-3 extra hours _per day_ reviewing lesson plans, grading work and doing other admin stuff. She also spends several hundred dollars per year of her own money to purchase extra materials to enhance the quality of the lessons.
While the concept is certainly sound - I don't believe that with the current workload that teachers face, it is feasible. They are already over worked.
And as for IT, typically there is 1 poor IT guy per school (in the wealthier districts).
I strongly recommend 'Midnight at the Well of the Souls' (and the subsequent series) by Jack L Chalker. The original set of books was pretty hard to find. It is by far my favourite sci-fi series.
It is often funny, sometimes sad but always thought provoking. It's a series of books that ultimately makes you think about Life, the Universe and Everything (except for the lack of restaurants, dolphins and floating couches).
From wikipedia:
Nathan Brazil is the captain of the interstellar freighter Stehekin. While transporting three passengers, Captain Brazil receives a distress call from an uninhabited planet and makes a detour to investigate. There, they find the remains of a research team murdered by the rogue scientist Elkinos Skander in order to conceal his discovery of how to control Markovian technology. While exploring the planet, they are inadvertently transported to the Well World, where they must track down Skander and his equally brilliant and insane pupil. In addition, they must deal with being changed into bizarre alien creatures.
I'm the security director for a mid sized global company. I'm the guy behind locking down the desktops. I won't reiterate the eloquent arguments my colleagues made about the tradeoffs between security / useability and costs.
I will say that we are in process of virtualizing our business applications such that all the users will need is web browser to do the work (a la mainframes). Our tests are showing that they are a) very receptive to using whatever they want for their systems and b) our costs will be lower. The idea is the keys to our kingdom (our IP, data, code etc) are locked up pretty tightly, and the user side of the network is more open. It's an approach that seems to be doing well.
Our users are using win, mac, linux (me) and various flavours of tablets. For the apps we have virtualized, it's going well.
Back in graduate school I made a proof of concept vending machine whose goal was to be able to vend beer within the local council's licensing laws.
It was a combination of the early smartcards (8k), biometrics and micropayments.
The idea is a person would register showing proof of age, have their thumb print scanned, and purchase electronic 'tokens' which were then loaded into the smartcard with the user's print. To buy a beer, the user would insert the card, validate the print - the server would then authorise beer dispension based on time/day (local licensing laws) and if the user had a token (a digital hash value).
We did a proof of concept, but my lasting regret is a) i never published and b) i didn't get sponsorship from Guinness.
Unfortunately, the reality of the situation is professors aren't hired for their teaching ability, or even their English as a First Language skills.
Profs are hired because of the potential for additional funding through research. Many pawn off the actual teaching to their life bonded serfs (PhD students).
When I was a grad student my prof (and a lot of others) saw the lectures as a distraction to their "real work" (research).
Furthermore, given that profs are 'evaluated' by their schools by the number of papers published (and in what journals) and the amount of funding they can bring in, there is little to no motivation to teach.
Thankfully, there are a few out there who love teaching, but the rest, it's a necessary evil.
I would prefer that software vendors be held accountable for their products. Every other industry is.
Though this is what former Cyber Security Czar Richard Clarke said at Blackhat in Vegas around 2003, and well... look what happened to his career after that.
I'm the IT security director for an international company (35+ countries). We have a variety of user / developer and security requirements.
We do not give our developers local admin on there workstations. However, we do give them VMs to develop on. This way, if they screw something up (which happens a LOT), they can go back a snapshot or two and fix things.
Incidentally, the test environments have very restricted security permissions - they have to be able to run on the federal desktop core configuration - so we encounter a lot bugs because developers insist on running their app with admin rights.
if we could train developers better, and have IT admins that understand both sides of the issues - things get better. It works pretty well for my company.
Yes, Jailbreaking violates the Digital Millennium Copyright Act, which is why they're asking the copyright office for an exemption.
On November 27, 2006 the U.S. Copyright office granted the following exception to the DMCA: 5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network. [ http://www.copyright.gov/1201/2006/ ]
Unfortunately, this exception (like all exceptions to the DMCA) only last for 3 years.
To date, there has been no extension granted, which means on November 28 2009, it will become illegal again.
I've been a techie my whole career - even have a DEFCON championship under my belt. But I've noticed that despite having actual technical street cred, the very senior management start to look at the old techies as expensive and 'past their prime.' With exception of a few companies that have 'fellowship' type of tracks for the tech folks, management is the best future.
Besides, as it was pointed out, having a manager who actually understand what the techies are telling him/her is a great bonus. The language gap between geek and suit hasn't been crossed by many.
I would also recommend trying to take some basic leadership classes as well. The 'management' portion is pretty simple for a techie, it's the 'people' portion that always gets us. There is a lot one can learn about conflict resolution and leadership from these classes. Remember, most of us became geeks because we don't like dealing with people.
Now you can deal with the god damn customers so the engineers don't have to.
I too used the floopies back in 1995. I learned a lot of interesting thing... like you had to manually configure some addressing issues in 'shadow memory' in order to get my token ring card to work.
I used latex to write my thesis in vi (sorry emacs peoples).
yep, we had to type uphill both ways in those days. We fought each other with sticks to obtain extra carriage returns.
I come from poor white trash, but I worked hard - got a Ph.D. from a top English university (I grew up in Canada), and now I work in DC as an overpaid consultant. I drive a fully paid for BMW, am looking out my window at an awesome view of the Capitol Building as I type this.
Hard work does indeed pay off, but you also need to make smart long term decisions with it.
Regarding the nurse and teacher - they do what they do because they like it. I understand, I volunteer 700+ hours as a firefighter in one of the rural communities here.
Work hard, but find a balance - that's the key to success / happiness.
Slashdot Mirror
You can change your password, but you canâ(TM)t change your fingerprint.
Aside from all the low tech ways to defeat biometrics (gummy bears anyone?), the simple issue is if your biometric information gets compromised, youâ(TM)re toast.
While it is likely that Trump was being sarcastic and using this is a media grabbing tactic to go after HRC (I'm not a fan of either and not American - so my views aren't relevant.
This is, however, a historical precedent on why having the leader of a nation state make off the cuff remarks is dangerous to peace.
Consider way back in 1770 when Henry the II was getting annoyed at the Archbishop of Canterbury because he was doing things the king didn't really approve of, Henry uttered those infamous words, 'Who will rid me of this turbulent priest.' 4 knights overheard and long story short, one dead arch bishop.
The impact of this was huge - even by medieval standards.
Now imagine a modern day scenario where a president who has a well known temper, lashes out against those who 'oppose' him, and isn't known to staying on message.
Terrifying.
So the bottom line is you are being paid to perform a certain function. That function is designed to add value to the organization you work for.
Over the years I've learned the importance of being able to translate from Geek to Suit. The best way to do this is:
1) understand that the organization strategy in how they want to use technology to grow the business
2) understand how your piece fits into this
When talking with the specific individuals:
1) understand how their role fits into the whole
2) understand what is important to their success
3) communicate in this context.
On the actual communication:
1) make sure your suggestions can align to the various strategies
2) focus the discussion on topics like 'reducing risk', 'improving customer experience,' or 'improving processes to reduce costs.'
Yes these are dorky business concepts, but ultimately the business is run by people who think in these terms. Learn their language and you'll find promotions, responsibility and heading your way. Execs are always on the hunt for people who 'get the big picture.' The best way to stand out from the herd is to do this.
Basically the 'suits' in your business are always looking for technical people who understand 'the big picture.' Once you have a good grasp on the overall strategy, you'll find that some of the asinine things that are going on make more sense and you'll be less frustrated.
Remember,
I attended both this morning's keynote with the general and he also spoke at the blackhat executive summit.
This morning there were a few thousand people in the ballroom for his presentation. There were at most 2 vocal 'hecklers' - though really I think it was just one person. The heckling was met with very limited support, maybe a dozen or two people clapped. However, when the general countered the heckler(s), his comments were met with applause from most of the crowd.
For the record, I'm not commenting on either side of this debate. I am just arguing against the artistic license taken by the author of the story. As I said, I was there for both talks and the alleged tension and heckling was dramatically overstated.
IMHO, the biggest problem with democracy here in the US is the mistaken belief you have two choices.
While the solution would take 2-3 election cycles, two duopoly can be easily changed by encouraging people to vote for the party that actually represents their views. Sure they won't win, but consider what happened when Nader got a ton of votes back during the Bush / Gore election - either the big parties will change their approach (as happened then) or the US will evolve to a multy party system.
The challenge is convincing a society bent in instant gratification that this doesn't 'waste' your vote - rather it is a strategic long term investment.
If you're going to put things in a fire rated container, there are a few things to consider. Those containers are not "fire proof" by any means. Get one whose rating is reasonably high as they will buy you some time.
Most house fires are either a basic 'room and contents' or a much more involved fire where whole floors are exposed (and largely consumed) by flame.
When you put your fire rated container somewhere, consider that fire burns upwards, and the thermal difference from floor to ceiling is around 400 degrees F on average. Before you put the container in the basement corner, remember that firefighters use water to put out fires. Lots of water. 150-200GPM per handline and 1000-2000GPM for the big pipes on the ladder trucks. Most of the damage in a house fire is from water. You'll get us much as 6-12 inches of flooding per floor (until the firefighters cut holes in the floor to drain it so the floors don't collapse.
Also should the roof or ceiling collapse, the best places to have things are near the corners of the load bearing walls.
This is my long way of saying store your fire rated container on a solid hardwood (not particle board) or metal shelf, about knee height on a low floor near the corner by load bearing walls. This way in the event the whole house is a write off, you still have a reasonable chance of saving some of your data and personal effects.
A couple points,
a) to date no dinosaur DNA has been found to have survived.
b) if you were to take some DNA from a mosquito trapped in Amber (a la JP) and clone it - you would just get a mosquito.
c) Jack Horner has an excellent TED talk that discusses this point nicely:
http://blog.ted.com/2011/06/07/building-a-dinosaur-from-a-chicken-jack-horner-on-ted/
“The Constitution guarantees due process, not judicial process,” said Attorney-General Eric Holder... ( http://www.theglobeandmail.com/news/world/holder-defends-obamas-view-of-due-process/article534036/ ) - granted this was in response to Obama's "Hit List" (i.e. the ability for the Executive Branch to execute American citizens who they deem to be a national threat without legal process).
However it pretty much shows the mindset you'll get on Pennsylvania Ave and the Robert Kennedy Building.
As long as there is a process - they feel they are within the constitution.
No wonder they named a Jr High School after this guy.
My ex-gf is a high school language teacher (spanish and french). She has approximately 110 different student in various grades.
Technically, teachers are paid from around 7am(ish) to 330pm (ish). She spends a 2-3 extra hours _per day_ reviewing lesson plans, grading work and doing other admin stuff. She also spends several hundred dollars per year of her own money to purchase extra materials to enhance the quality of the lessons.
While the concept is certainly sound - I don't believe that with the current workload that teachers face, it is feasible. They are already over worked.
And as for IT, typically there is 1 poor IT guy per school (in the wealthier districts).
Great idea, but who can implement it?
I strongly recommend 'Midnight at the Well of the Souls' (and the subsequent series) by Jack L Chalker. The original set of books was pretty hard to find. It is by far my favourite sci-fi series.
It is often funny, sometimes sad but always thought provoking. It's a series of books that ultimately makes you think about Life, the Universe and Everything (except for the lack of restaurants, dolphins and floating couches).
From wikipedia:
Nathan Brazil is the captain of the interstellar freighter Stehekin. While transporting three passengers, Captain Brazil receives a distress call from an uninhabited planet and makes a detour to investigate. There, they find the remains of a research team murdered by the rogue scientist Elkinos Skander in order to conceal his discovery of how to control Markovian technology. While exploring the planet, they are inadvertently transported to the Well World, where they must track down Skander and his equally brilliant and insane pupil. In addition, they must deal with being changed into bizarre alien creatures.
I'm the security director for a mid sized global company. I'm the guy behind locking down the desktops. I won't reiterate the eloquent arguments my colleagues made about the tradeoffs between security / useability and costs.
I will say that we are in process of virtualizing our business applications such that all the users will need is web browser to do the work (a la mainframes). Our tests are showing that they are a) very receptive to using whatever they want for their systems and b) our costs will be lower. The idea is the keys to our kingdom (our IP, data, code etc) are locked up pretty tightly, and the user side of the network is more open. It's an approach that seems to be doing well.
Our users are using win, mac, linux (me) and various flavours of tablets. For the apps we have virtualized, it's going well.
It is a good way to balance control and freedom.
Back in graduate school I made a proof of concept vending machine whose goal was to be able to vend beer within the local council's licensing laws.
It was a combination of the early smartcards (8k), biometrics and micropayments.
The idea is a person would register showing proof of age, have their thumb print scanned, and purchase electronic 'tokens' which were then loaded into the smartcard with the user's print. To buy a beer, the user would insert the card, validate the print - the server would then authorise beer dispension based on time/day (local licensing laws) and if the user had a token (a digital hash value).
We did a proof of concept, but my lasting regret is a) i never published and b) i didn't get sponsorship from Guinness.
A mixed blessing I suspect.
Unfortunately, the reality of the situation is professors aren't hired for their teaching ability, or even their English as a First Language skills.
Profs are hired because of the potential for additional funding through research. Many pawn off the actual teaching to their life bonded serfs (PhD students).
When I was a grad student my prof (and a lot of others) saw the lectures as a distraction to their "real work" (research).
Furthermore, given that profs are 'evaluated' by their schools by the number of papers published (and in what journals) and the amount of funding they can bring in, there is little to no motivation to teach.
Thankfully, there are a few out there who love teaching, but the rest, it's a necessary evil.
I would prefer that software vendors be held accountable for their products. Every other industry is.
Though this is what former Cyber Security Czar Richard Clarke said at Blackhat in Vegas around 2003, and well... look what happened to his career after that.
I'm the IT security director for an international company (35+ countries). We have a variety of user / developer and security requirements.
We do not give our developers local admin on there workstations. However, we do give them VMs to develop on. This way, if they screw something up (which happens a LOT), they can go back a snapshot or two and fix things.
Incidentally, the test environments have very restricted security permissions - they have to be able to run on the federal desktop core configuration - so we encounter a lot bugs because developers insist on running their app with admin rights.
if we could train developers better, and have IT admins that understand both sides of the issues - things get better. It works pretty well for my company.
Actually, FreeBSD DOES run on some microwaves. There is a list of compatible hardware.
It is the OS of choice for odd appliances.
Yes, Jailbreaking violates the Digital Millennium Copyright Act, which is why they're asking the copyright office for an exemption.
On November 27, 2006 the U.S. Copyright office granted the following exception to the DMCA:
5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network. [ http://www.copyright.gov/1201/2006/ ]
Unfortunately, this exception (like all exceptions to the DMCA) only last for 3 years.
To date, there has been no extension granted, which means on November 28 2009, it will become illegal again.
I too am 39 and just made this same decision.
I've been a techie my whole career - even have a DEFCON championship under my belt. But I've noticed that despite having actual technical street cred, the very senior management start to look at the old techies as expensive and 'past their prime.' With exception of a few companies that have 'fellowship' type of tracks for the tech folks, management is the best future.
Besides, as it was pointed out, having a manager who actually understand what the techies are telling him/her is a great bonus. The language gap between geek and suit hasn't been crossed by many.
I would also recommend trying to take some basic leadership classes as well. The 'management' portion is pretty simple for a techie, it's the 'people' portion that always gets us. There is a lot one can learn about conflict resolution and leadership from these classes. Remember, most of us became geeks because we don't like dealing with people.
Now you can deal with the god damn customers so the engineers don't have to.
"Do you know string theory?"
"No, I'm a frayed knot."
This post does illustrate the classic right vs. wrong approach to the office.
The young tech guy feels he is right because he knows technology.
The boss feels his is right because he is... well.. the boss.
Guess who wins?
Arguing with your boss is like arguing with a woman. Even if you win, you still lose.
I too used the floopies back in 1995. I learned a lot of interesting thing... like you had to manually configure some addressing issues in 'shadow memory' in order to get my token ring card to work.
I used latex to write my thesis in vi (sorry emacs peoples).
yep, we had to type uphill both ways in those days. We fought each other with sticks to obtain extra carriage returns.
I received a Ph.D. from Cambridge University in computer science a number of years ago...
I haven't made less than 6 figures USD since graduation (granted part of that was the dot com days). Nonetheless, it worked very well from me.
Offline and offsite storage (i.e. iron mountain) is a simple (though sometimes costly) way of doing things.
it'll solve this problem quite easily.
I come from poor white trash, but I worked hard - got a Ph.D. from a top English university (I grew up in Canada), and now I work in DC as an overpaid consultant. I drive a fully paid for BMW, am looking out my window at an awesome view of the Capitol Building as I type this.
Hard work does indeed pay off, but you also need to make smart long term decisions with it.
Regarding the nurse and teacher - they do what they do because they like it. I understand, I volunteer 700+ hours as a firefighter in one of the rural communities here.
Work hard, but find a balance - that's the key to success / happiness.