A large enterprise like the government can most definitely have this level of control over the proxy, internal CA and client standard operating environment.
This is actually rather trivial to setup. I can assure you it is used in practice.
Oh you can use your own browser. You just have to add the CA cert and make sure you use the proxy.pac file that a standard install would use. Some of the weirdo auth mechanism that some enterprises use can get in the way however.
The proxy terminates the https request and then creates a new https request going out. So yes you can tell if there is POST event. You can tell if it is a file. You may not be able to read the file as it may have separate encryption.
Never lie in a job interview. Maybe don't exactly answer a question directly but don't ever lie.
If you lie you will be found out. I have put a halt to a few interviews when clearly the person in front of me is telling a "I caught a fish this big" story.
If you are lying to me in an interview what are you going to do on the first deadline?
You can basically assume that some sort of copy violation is taking place. Whether it be systemic or that stupid intern you just hired. The larger the company the more likely a violation will have occurred. Most of the time people actually think they are not breaking any rules. Software vendors all have different copy rules.
Some for example state that you can X copies running at a time. This allows you to install the product everywhere but only run X number. While other are node locked meaning you can only have X numbers installed.
This simple alteration in licensing can be confusing. One could easily assume that as long as I only have X copies running and any piece of software I'm fine. When in reality you have committed a massive piece of software piracy.
So it may be happening with out the knowledge of management. Management wants to do the right thing but because of a silly error they are breaking the law. Now as a manager of a company potentially in this position would you higher a person knowing that they turn in corporations that violate licensing rules. In order to play it safe you higher someone equally skilled that does not cause legal headaches. Headaches that may or may not actually happen.
So a company that does NOT intentionally commit real acts would have a problem with this.
OK So these people may feel morally better. They probably are.
But when asked the question during an interview. "Why did you leave you last organization?" Answer "Oh I turned them in for a few thousand dollars."
That is a career limiting move.
Yah it's wrong but it's true.
Then there is the industry. Only coughing up $57,000 grand total. That's not even an IT persons full time salary for a year. The reward or even stigma of the reward is doing more damage to personal lives than the good of correcting the poor behavior of companies. I'm sure MS has paid more for a poster about piracy than it paid out to people doing the right thing.
OK I'm an out side observer and I decide to pop up 1000000 feet to look at this statement. So I can now see all parties involved.
What I see is you trying to protect this little patch of dirt in and effort to ensure a high local standard of living.
What I also see other patches of dirt with falling income levels and standards of living drop.
You see your apparent definition of ethical only involves those that you can see. AKA those that are on your patch of dirt. But ethical the definition doesn't include geographical boundaries.
So the real question is. Is the net impact of my work negative or positive for everyone. If I off shore the work will the world be a better place? That's a tough question to answer.
-----------
Instead of ethical maybe you meant patriotic. Patriotic would suit your statement better.
Android issues. - The left hand menu overlaps on screen covering content. The menu shouldn't even show on a mobile device. - The white space is way to excessive.
General - Land / Summary / Index page shows there are comments but not how many.
Coding And the dom is blown out. Renders very very slowly. Painful actually on a lot of systems.
The interference bit is pure BS. This has been debunked for a couple of decades now.
Attentive at take of and landing. Take off, people are still doing everything but being ready to sprint to the exit. Landing there are three things going on. The people planning the ultimate grab over head bag and bolt down to exit. The parents trying to calm the screaming kid. And the rest stare out the window. All of which have nothing to do with BRACE BRACE BRACE FIRE BALL.
Dimming the cabin lights for take off is simply a calming step to subconsciously tell people to settle down. It has nothing at all to do with escape or electrical consideration. Having a calm cabin removes a lot of stress points for cabin crew. For example calm people are less likely to decide to go to the can. It allows cabin crew to achieve the most they can in a short time frame. It also reduces the risk of people with flying fears from freaking out. If every one is settled the people on the edge will also likely be more inclined to be calmer. It has ZIP to due with quick exit.
As an aside. Any aircraft situation where the passengers and crew have time to plan for an event is almost always a long developing situation. Long as in several tens of minutes. Sudden take off and sudden landing events rarely have more than a few seconds warning if any.
Sorry but I worked in the industry for many many years and quite frankly most of the "safety" procedures are purely a show. They are pacifiers to give the illusion of safety.
In airport security and safety procedures are even more farcical. But that is not the point of this thread.
Seriously this was painfully obvious that it was going to happen.
You shouldn't even be saying, "See I told you so!" You should be embarrassed if you did say it. The moment this document was authored it's non-public life expectancy half life could be measured in minutes and possibly hours.
Stewart Brand said something way back 40-50 years ago about "information strives to be free". ( Quote is possibly in error )
Talk about LAZY. This is a real simple matter to make sure these phones can only call a certain range of numbers. ( Problems, updates, configuration etc may all be at different numbers. )
But also are these not data only devices. Why the heck was voice even allowed?
These could all have been easily configured on the providers switch.
To make a hit you need a lot of things all at the same time and place to come together.
A developer is just one component. Other things you need. 1. LUCK 2. A decent idea 3. Drive, aka hard work 4. A plan ( ish ) 5. Timing
Mostly it all comes down to hard work. Given all the factors that might come to play if one lacks something then other aspects must adust accordingly. A developer / quality code are only 1 of many many factors. The code can actually suck if other factors pick up the slack.
I've been in IT for a few decades now. And the quality of the code has very little to do with a money making project. Remember you don't need a smash hit product to make money. I've seen some shocking code make money. I've seen near perfect code loose so much money it hurts.
Only someone who is arrogant believes that their talent is essential for success. People are replacable. The same is not so true for a solid team. A diverse set of talents in a single team can achieve some stunning stuff. A good team is very difficult to replace.
So in summary yes in some cases asking for "Just a developer" is a reasonable way to turn a profit. But to believe that only the developer can bring this project to completion is pure rubbish.
Can an electrician build an office tower? NO Can an office tower be built with out an electrician? NO Can a team of talented trades men build an office tower? YES
Java is far far from dead. If your are writing Enterprise grade web applications it will be in Java. Yes of course there will be some very notable exceptions.
It just looks like you spewed random scripting languages. With zippo understanding of how they fit into the eco-system of net aware application languages.
PHP is holding steady. Perl is dying. ( Waiting for v6 myself ) Python is the current cool kid. Ruby lost shiny mojo. Javascript is about to splinter. VB are you mad? It's a bad beer and a worse language.
Java is the server language. Now it's battling for the mobile space.
---
Now all that said. Do I like Java? Absolutely not. It's excessively verbose, far from elegant. If you can't code for it cleanly then toss and exception which has turned out to be the norm. It has spawned some of the worst frameworks / models / comms, ( SOAP / Portlets /.... ). It is a huge resource hog. It is SLOW.
A physics professor is not exclusively involved in physics research. At some point almost every professor will also be and educator. As an educator they will come into contact with personal information that is put into there trust.
There are no exceptions. As coming into contact with personal information is likely for most institutional workers.
-- Note this article was about personal information. Not state secrets. That is a completely different matter when it comes to information handling. Thus the topic of state secrets is out of scope here.
"Seriously though, why would you expect a professor to have credit card numbers or SSNs on a research computer? "
This is exactly the reason for the scan.
My home computer is not a institutional computer. It does not carry a burden of trust. Thus is not under the dual responsibility of institutional governance and private. It's the institutional scan that is being discussed. They, the institution has a responsibility to scan it's equipment.
I of course also carry a moral responsibility to make sure my personal equipment does not contain information that it should not.
So yes I would mind if someone decided to scan my personal equipment. It's not under their authority.
I'm 100% for this. Personal computers account for very little in data losses. It's these "work" machines that account for the majority of the major information losses around the world.
As long as people are dumb / lazy enough to keep documents in the clear on their machines there will be losses.
I would also go as far as to make certain quantities of types information on a machine illegal as well. For example: 1,000 SSN's, stored on a portable data device un-encrypted is a fine of $10,000. 100,000 SSN's stored on a portable data device un-encrypted is jail time.
Of course you need firewalls on PC's in an office. Jon seriously can't be this dumb.
People take laptops home where they are subject to untold abuses. Then then bring these festering things back in.
The soon and quicker an intrustion is halted that better. All ports of entry must be gauarded. It's actually easier to deal with issues if they are. And yes it can be somewhat painful to maintain but is a cost that must be factored in. I want my corp machine well guarded against the other managements filth vomiting machines, unholy USB sticks and unsecured private wireless routers.
Jon I wouldn't want to be in your shoes when someone actually follows this advice in order to save money and sinks their company. Jon this is bad advice you give. You are putting companies at risk. You should feel ashamed.
You time would have been beter spent writing something about how we can protect our smart phones and tablets from bring down the corp network.
Twitter and You tube haven't had massive data losses to the levels that facebook is known for and they have not adjusted "privacy" settings specifically to expose details like facebook has.
Almost weekly but at worst monthly facebook has a public loss of information whether self induced or via defect and thus exploit.
With the non-stop assault on facebook by every hacker on the planet I have to ask one simple question.
Why do people put every single tidbit of info possible into the info section of their profile?
It's going to get grabbed at some point. No matter how careful you are. Either Facebook is going to change the privacy controls again, opening up another flood gate or a hack is going to allow total access to data.
I regrettably accept the fact that social networking is here to stay. No matter how satanic some of you think it is, it is now a fixture in our lives. But as in the real world I at least use some degree of caution while I use it. Do I have perfect protection. Of course not. No one does. You can get mugged in a police station these days. So no protection is perfect. But good lord some people are just begging to get electronically raped.
For example real time geo updates to your current location + putting in your address into the info tab and having no privacy settings.
This parent post is just a simple example of a breach.
Slashdot Mirror
You got it in 1. :)
A large enterprise like the government can most definitely have this level of control over the proxy, internal CA and client standard operating environment.
This is actually rather trivial to setup. I can assure you it is used in practice.
Oh you can use your own browser. You just have to add the CA cert and make sure you use the proxy.pac file that a standard install would use. Some of the weirdo auth mechanism that some enterprises use can get in the way however.
It is 100% possible and it is done ever day.
The proxy terminates the https request and then creates a new https request going out. So yes you can tell if there is POST event. You can tell if it is a file. You may not be able to read the file as it may have separate encryption.
I don't have to mention how much of nothing this solves.
The real issue is non-IT people making IT decisions.
Never lie in a job interview. Maybe don't exactly answer a question directly but don't ever lie.
If you lie you will be found out. I have put a halt to a few interviews when clearly the person in front of me is telling a "I caught a fish this big" story.
If you are lying to me in an interview what are you going to do on the first deadline?
You can basically assume that some sort of copy violation is taking place. Whether it be systemic or that stupid intern you just hired. The larger the company the more likely a violation will have occurred. Most of the time people actually think they are not breaking any rules. Software vendors all have different copy rules.
Some for example state that you can X copies running at a time. This allows you to install the product everywhere but only run X number. While other are node locked meaning you can only have X numbers installed.
This simple alteration in licensing can be confusing. One could easily assume that as long as I only have X copies running and any piece of software I'm fine. When in reality you have committed a massive piece of software piracy.
So it may be happening with out the knowledge of management. Management wants to do the right thing but because of a silly error they are breaking the law. Now as a manager of a company potentially in this position would you higher a person knowing that they turn in corporations that violate licensing rules. In order to play it safe you higher someone equally skilled that does not cause legal headaches. Headaches that may or may not actually happen.
So a company that does NOT intentionally commit real acts would have a problem with this.
This is called the real world.
OK So these people may feel morally better. They probably are.
But when asked the question during an interview. "Why did you leave you last organization?" Answer "Oh I turned them in for a few thousand dollars."
That is a career limiting move.
Yah it's wrong but it's true.
Then there is the industry. Only coughing up $57,000 grand total. That's not even an IT persons full time salary for a year. The reward or even stigma of the reward is doing more damage to personal lives than the good of correcting the poor behavior of companies. I'm sure MS has paid more for a poster about piracy than it paid out to people doing the right thing.
It just makes me shake my head.
Well I guess that service is history.
Subscription / Paywall models have been tried for 10 years now. They pretty much fail.
It was nice knowing you Last.FM
OK I'm an out side observer and I decide to pop up 1000000 feet to look at this statement. So I can now see all parties involved.
What I see is you trying to protect this little patch of dirt in and effort to ensure a high local standard of living.
What I also see other patches of dirt with falling income levels and standards of living drop.
You see your apparent definition of ethical only involves those that you can see. AKA those that are on your patch of dirt. But ethical the definition doesn't include geographical boundaries.
So the real question is. Is the net impact of my work negative or positive for everyone. If I off shore the work will the world be a better place? That's a tough question to answer.
-----------
Instead of ethical maybe you meant patriotic. Patriotic would suit your statement better.
I can't speak of other mobile phones.
Android issues.
- The left hand menu overlaps on screen covering content. The menu shouldn't even show on a mobile device.
- The white space is way to excessive.
General
- Land / Summary / Index page shows there are comments but not how many.
Coding
And the dom is blown out. Renders very very slowly. Painful actually on a lot of systems.
You make a very good point regarding cosmic rays.
I would be much much more worried about a cosmic ray flipping a bit in on of the flight control computers.
You do realize you are spouting nonsense?
The interference bit is pure BS. This has been debunked for a couple of decades now.
Attentive at take of and landing. Take off, people are still doing everything but being ready to sprint to the exit. Landing there are three things going on. The people planning the ultimate grab over head bag and bolt down to exit. The parents trying to calm the screaming kid. And the rest stare out the window. All of which have nothing to do with BRACE BRACE BRACE FIRE BALL.
Dimming the cabin lights for take off is simply a calming step to subconsciously tell people to settle down. It has nothing at all to do with escape or electrical consideration. Having a calm cabin removes a lot of stress points for cabin crew. For example calm people are less likely to decide to go to the can. It allows cabin crew to achieve the most they can in a short time frame. It also reduces the risk of people with flying fears from freaking out. If every one is settled the people on the edge will also likely be more inclined to be calmer. It has ZIP to due with quick exit.
As an aside. Any aircraft situation where the passengers and crew have time to plan for an event is almost always a long developing situation. Long as in several tens of minutes. Sudden take off and sudden landing events rarely have more than a few seconds warning if any.
Sorry but I worked in the industry for many many years and quite frankly most of the "safety" procedures are purely a show. They are pacifiers to give the illusion of safety.
In airport security and safety procedures are even more farcical. But that is not the point of this thread.
This can only be a joke.
Propritary extensions to the spec run amok. Sorry what spec that just leaves propritary extensions.
The only thing left common across the board is flash. Was the a major point of html5 to remove the need for plugins like flash?
I'm stupified by this annoucement.
Seriously this was painfully obvious that it was going to happen.
You shouldn't even be saying, "See I told you so!" You should be embarrassed if you did say it. The moment this document was authored it's non-public life expectancy half life could be measured in minutes and possibly hours.
Stewart Brand said something way back 40-50 years ago about "information strives to be free". ( Quote is possibly in error )
Sorry that does not fit into the project plan.
Exactly. I completely agree.
Talk about LAZY. This is a real simple matter to make sure these phones can only call a certain range of numbers. ( Problems, updates, configuration etc may all be at different numbers. )
But also are these not data only devices. Why the heck was voice even allowed?
These could all have been easily configured on the providers switch.
To make a hit you need a lot of things all at the same time and place to come together.
A developer is just one component.
Other things you need.
1. LUCK
2. A decent idea
3. Drive, aka hard work
4. A plan ( ish )
5. Timing
Mostly it all comes down to hard work. Given all the factors that might come to play if one lacks something then other aspects must adust accordingly. A developer / quality code are only 1 of many many factors. The code can actually suck if other factors pick up the slack.
I've been in IT for a few decades now. And the quality of the code has very little to do with a money making project. Remember you don't need a smash hit product to make money. I've seen some shocking code make money. I've seen near perfect code loose so much money it hurts.
Only someone who is arrogant believes that their talent is essential for success. People are replacable. The same is not so true for a solid team. A diverse set of talents in a single team can achieve some stunning stuff. A good team is very difficult to replace.
So in summary yes in some cases asking for "Just a developer" is a reasonable way to turn a profit. But to believe that only the developer can bring this project to completion is pure rubbish.
Can an electrician build an office tower? NO
Can an office tower be built with out an electrician? NO
Can a team of talented trades men build an office tower? YES
OK I bit on the troll.
Java is far far from dead. If your are writing Enterprise grade web applications it will be in Java. Yes of course there will be some very notable exceptions.
It just looks like you spewed random scripting languages. With zippo understanding of how they fit into the eco-system of net aware application languages.
PHP is holding steady.
Perl is dying. ( Waiting for v6 myself )
Python is the current cool kid.
Ruby lost shiny mojo.
Javascript is about to splinter.
VB are you mad? It's a bad beer and a worse language.
Java is the server language. Now it's battling for the mobile space.
---
Now all that said. Do I like Java? Absolutely not. It's excessively verbose, far from elegant. If you can't code for it cleanly then toss and exception which has turned out to be the norm. It has spawned some of the worst frameworks / models / comms, ( SOAP / Portlets / .... ). It is a huge resource hog. It is SLOW.
A physics professor is not exclusively involved in physics research. At some point almost every professor will also be and educator. As an educator they will come into contact with personal information that is put into there trust.
There are no exceptions. As coming into contact with personal information is likely for most institutional workers.
-- Note this article was about personal information. Not state secrets. That is a completely different matter when it comes to information handling. Thus the topic of state secrets is out of scope here.
You make the point for me.
"Seriously though, why would you expect a professor to have credit card numbers or SSNs on a research computer? "
This is exactly the reason for the scan.
My home computer is not a institutional computer. It does not carry a burden of trust. Thus is not under the dual responsibility of institutional governance and private. It's the institutional scan that is being discussed. They, the institution has a responsibility to scan it's equipment.
I of course also carry a moral responsibility to make sure my personal equipment does not contain information that it should not.
So yes I would mind if someone decided to scan my personal equipment. It's not under their authority.
Above got marked a troll?
It was not. It was an honest opinion.
It absolutely includes profs.
It's the people who believe they are above these rules that usually end up spilling personal data.
I've taught at a university. I can tell you right now I would definitely audit profs machines.
And to be honest to bad if they are annoyed. Suck it up as they say.
I'm 100% for this. Personal computers account for very little in data losses. It's these "work" machines that account for the majority of the major information losses around the world.
As long as people are dumb / lazy enough to keep documents in the clear on their machines there will be losses.
I would also go as far as to make certain quantities of types information on a machine illegal as well. For example: 1,000 SSN's, stored on a portable data device un-encrypted is a fine of $10,000. 100,000 SSN's stored on a portable data device un-encrypted is jail time.
Of course you need firewalls on PC's in an office. Jon seriously can't be this dumb.
People take laptops home where they are subject to untold abuses. Then then bring these festering things back in.
The soon and quicker an intrustion is halted that better. All ports of entry must be gauarded. It's actually easier to deal with issues if they are. And yes it can be somewhat painful to maintain but is a cost that must be factored in. I want my corp machine well guarded against the other managements filth vomiting machines, unholy USB sticks and unsecured private wireless routers.
Jon I wouldn't want to be in your shoes when someone actually follows this advice in order to save money and sinks their company. Jon this is bad advice you give. You are putting companies at risk. You should feel ashamed.
You time would have been beter spent writing something about how we can protect our smart phones and tablets from bring down the corp network.
Simple answer.
Twitter and You tube haven't had massive data losses to the levels that facebook is known for and they have not adjusted "privacy" settings specifically to expose details like facebook has.
Almost weekly but at worst monthly facebook has a public loss of information whether self induced or via defect and thus exploit.
With the non-stop assault on facebook by every hacker on the planet I have to ask one simple question.
Why do people put every single tidbit of info possible into the info section of their profile?
It's going to get grabbed at some point. No matter how careful you are. Either Facebook is going to change the privacy controls again, opening up another flood gate or a hack is going to allow total access to data.
I regrettably accept the fact that social networking is here to stay. No matter how satanic some of you think it is, it is now a fixture in our lives. But as in the real world I at least use some degree of caution while I use it. Do I have perfect protection. Of course not. No one does. You can get mugged in a police station these days. So no protection is perfect. But good lord some people are just begging to get electronically raped.
For example real time geo updates to your current location + putting in your address into the info tab and having no privacy settings.
This parent post is just a simple example of a breach.