This really isn't all that new. The U.S. Naval Postgraduate School has been sending their Infosec students to play Capture the Flag at Defcon for the last couple years as well as this year's Interz0ne conference. In fact, there was only one team (Anomaly - and they won ironically) that didn't have government personnel or contractors on their team.
Also, Immunix, a DARPA funded hardened Linux version has also been put under fire during CTF for the last couple year. (Their team placed a solid second both times).
The Feds have learned over the last couple years that they are behind the ball in terms of normal unclassified security training for their personnel. These conferences have been really good at given them some real world training that they normally don't get.
It's nice to see my tax dollars being put to a good use for a change. Plus it makes the "Spot the Fed" game MUCH easier.
Beyond a reasonable doubt only applies to criminal cases. this is a civil matter. the burden of proof extends only as far as 'the preponderonce of the evidence.' definition - " The level of proof required to prevail in most civil cases. The judge or jury must be persuaded that the facts are more probably one way (the plaintiff's way) than another (the defendant's). "
reasonable doubt, or even reason has little to do with civil court matters.
Which is why, with the non-tech jurors and judges, SCO's case will be won by whoever has the smoothest most personable laywers. The facts are irrelevant.
the microsoft book focuses almost solely on programming in MS based enviroments, such at.net. whereas the viega/messier book looks at coding practices and recipes in the generic view. they apply to both the MS world and the Open Source world.
i'd go with Viega/Messier. I have them both on my desk, and the cookbook is the one i use.
a) they could get a job mixing paint at home depot b) construction union workers would complain because they no longer need jackhammers c) milkshake machines suddenly become obsolete d) . . .
This is like the Bugblatter Beast of Traal- if you can't see the problem, then the problem doesn't exist. It's the whole security full disclosure vs. non-disclosure argument only in the 3d world.
The information is out there, it was found once. It can (and will) be found again. Fix the problem instead of burying it.
if congress were to provide legislation that ensure that tech companies have the same liability and accountability as most other industries - they would actually put some effort in prevention.
Consider that someone sues macdonalds successfully for the hot coffee they ordered burning them, yet if you use technology and get totally burned, it's your own fault.
I wonder what the comparative statistics would be for murderous/violent/"anti-social" behaviour from the other social groups? After all, it is unheard of that football players or wrestlers commit violent acts (no - they just beat on people with adult supervision). Wait what about thespians - don't they prefer pretending to be other peoples and thrive on the attention of others? How about the newspaper crew - wasn't the Russian Revolution started by intellectual writers? Or the conformist-wear-designer-clothing-and-do-anything- to-be-in-the-In-Crowd people? Surely they don't suffer from low self-esteem? Also, given the propensity of the Feds to want to restrict the use of encryption for personal use, and how they want to be able to automatically tap all online communications, maybe this is just a way for them to identify and catalogue those who might pose a threat to their Orwellians schemes? or am i just paranoid?
salary vs. hourly is a debate i've had with many people. I've done both, and i'm back to hourly. people choose salary for the following reason: 1) job security. - this is a load of bollocks really. full time employees (FTE) don't actually have more security than contractors. In the IT world, a company is either dying to acquire people, or get rid of them. If you're good at what you do when you contract, you'll stay. Also, money for contractors usually comes out of a different pot. So when layoff come around, you're generally ok - especially if you produce. 2) paid vacations - again this is crap. You work tons of unpaid overtime, and you take two weeks off paid vacation. Usually, you will have already worked more free hours than you get off. Also, as a contractor, the math works out something like this: salary - 80k year, 2 weeks vacation contractor - $80/hour - unpaid vacation. the contractor is likely to make around $160k (assuming a 2 thousand hour year). Hm.. i think he can afford a couple weeks unpaid. You also have to be with a company for a couple years in order to "earn" more vacation. As a contractor, you can take those days off that you want - just let your employer know in plenty of time. they don't seem to mind - they think "ooh - i don't have to pay him, take an extra day if you want!!" 3) benefits: company pays your medical/dental/401k there are many companies which the independant contractor can access to acquire benefits cheaply. There are also 401k plans as well... 4) taxes: this is where the FTE gets royally screwed. No additional tax writeoffs. the contractor (assuming they are incorporated) gets to divide his money up into company income, and salary - you can give yourself the smallest salary you can "live" on - and thereby pay smaller tax amounts. 5) raises - most large comanies will give you a small raise (2-8%) per year. Depending on the economy, you'll make less with inflation that you did the previous year. As a contractor, i usually raise my rate a few bucks after each large project - i have more experience and my skills are fresh - i'm worth more (at least that what i tell them). Also, most FTE's will have to join another company in order to see a decent raise. Sad, but true. also, the contractor can write off all the toys (that extra server you bought "just because", the occasional meal, petrol, car expenses, square footage in your home used for your office, your dsl line, etc...) basically, if you are a skilled it geek, smart with your money and have a decent work ethic - you will only be out of work when you want to be. And at 60-100 and hour, you can afford to take some pretty decent vacations.
Slashdot Mirror
This really isn't all that new. The U.S. Naval Postgraduate School has been
sending their Infosec students to play Capture the Flag at Defcon for the last couple years as well as
this year's Interz0ne conference. In
fact, there was only one team (Anomaly - and they won ironically) that didn't
have government personnel or contractors on their team.
Also, Immunix, a DARPA funded hardened Linux version has also
been put under fire during CTF for the last couple year. (Their team placed a
solid second both times).
The Feds have learned over the last couple years that they
are behind the ball in terms of normal unclassified security training for their
personnel. These conferences have been really good at given them some real
world training that they normally don't get.
It's nice to see my tax dollars being put to a good use for
a change. Plus it makes the "Spot
the Fed" game MUCH easier.
Beyond a reasonable doubt only applies to criminal cases. this is a civil matter. the burden of proof extends only as far as 'the preponderonce of the evidence.' definition - " The level of proof required to prevail in most civil cases. The judge or jury must be persuaded that the facts are more probably one way (the plaintiff's way) than another (the defendant's). "
reasonable doubt, or even reason has little to do with civil court matters.
Which is why, with the non-tech jurors and judges, SCO's case will be won by whoever has the smoothest most personable laywers. The facts are irrelevant.
the microsoft book focuses almost solely on programming in MS based enviroments, such at .net. whereas the viega/messier book looks at coding practices and recipes in the generic view. they apply to both the MS world and the Open Source world.
i'd go with Viega/Messier. I have them both on my desk, and the cookbook is the one i use.
...imagine giving it to a person with Parkinsons?
a) they could get a job mixing paint at home depot
b) construction union workers would complain because they no longer need jackhammers
c) milkshake machines suddenly become obsolete
d) . . .
that you can't buy stock in SCO's Attorney. let's face it - they're the only ones making any money.
This is like the Bugblatter Beast of Traal- if you can't see the problem, then the problem doesn't exist. It's the whole security full disclosure vs. non-disclosure argument only in the 3d world.
The information is out there, it was found once. It can (and will) be found again. Fix the problem instead of burying it.
if congress were to provide legislation that ensure that tech companies have the same liability and accountability as most other industries - they would actually put some effort in prevention.
Consider that someone sues macdonalds successfully for the hot coffee they ordered burning them, yet if you use technology and get totally burned, it's your own fault.
something is awry in the legal system
I wonder what the comparative statistics would be for murderous/violent/"anti-social" behaviour from the other social groups? After all, it is unheard of that football players or wrestlers commit violent acts (no - they just beat on people with adult supervision). Wait what about thespians - don't they prefer pretending to be other peoples and thrive on the attention of others? How about the newspaper crew - wasn't the Russian Revolution started by intellectual writers? Or the conformist-wear-designer-clothing-and-do-anything- to-be-in-the-In-Crowd people? Surely they don't suffer from low self-esteem? Also, given the propensity of the Feds to want to restrict the use of encryption for personal use, and how they want to be able to automatically tap all online communications, maybe this is just a way for them to identify and catalogue those who might pose a threat to their Orwellians schemes? or am i just paranoid?
salary vs. hourly is a debate i've had with many people. I've done both, and i'm back to hourly. people choose salary for the following reason: 1) job security. - this is a load of bollocks really. full time employees (FTE) don't actually have more security than contractors. In the IT world, a company is either dying to acquire people, or get rid of them. If you're good at what you do when you contract, you'll stay. Also, money for contractors usually comes out of a different pot. So when layoff come around, you're generally ok - especially if you produce. 2) paid vacations - again this is crap. You work tons of unpaid overtime, and you take two weeks off paid vacation. Usually, you will have already worked more free hours than you get off. Also, as a contractor, the math works out something like this: salary - 80k year, 2 weeks vacation contractor - $80/hour - unpaid vacation. the contractor is likely to make around $160k (assuming a 2 thousand hour year). Hm.. i think he can afford a couple weeks unpaid. You also have to be with a company for a couple years in order to "earn" more vacation. As a contractor, you can take those days off that you want - just let your employer know in plenty of time. they don't seem to mind - they think "ooh - i don't have to pay him, take an extra day if you want!!" 3) benefits: company pays your medical/dental/401k there are many companies which the independant contractor can access to acquire benefits cheaply. There are also 401k plans as well... 4) taxes: this is where the FTE gets royally screwed. No additional tax writeoffs. the contractor (assuming they are incorporated) gets to divide his money up into company income, and salary - you can give yourself the smallest salary you can "live" on - and thereby pay smaller tax amounts. 5) raises - most large comanies will give you a small raise (2-8%) per year. Depending on the economy, you'll make less with inflation that you did the previous year. As a contractor, i usually raise my rate a few bucks after each large project - i have more experience and my skills are fresh - i'm worth more (at least that what i tell them). Also, most FTE's will have to join another company in order to see a decent raise. Sad, but true. also, the contractor can write off all the toys (that extra server you bought "just because", the occasional meal, petrol, car expenses, square footage in your home used for your office, your dsl line, etc...) basically, if you are a skilled it geek, smart with your money and have a decent work ethic - you will only be out of work when you want to be. And at 60-100 and hour, you can afford to take some pretty decent vacations.