The vulnerability used will be the easiest/first one that the attacker can find.
That sounds flippant but it is true. Most attackers won't even bother to map your network/systems. They'll just try whatever they have and use the first thing that works.
You do realize that making people change their passwords all the time simply leads to people using weaker passwords or writing them down, right?
As long as you keep them in your wallet then writing them down is fine.
You're MUCH more likely to be aware when someone steals your wallet than when someone steals your password. So keep your passwords in your wallet if you cannot remember them.
Similar for home systems. Keep them safe at home. Criminals breaking into your home to steal stuff are not USUALLY going to be looking for a piece of paper with your passwords on it.
This technology will be co-opted and otherwise downright available to the TLA government agencies.
If I were working for one of those agencies I'd save myself the stress and just keep the personal phone numbers of the CEO's at the phone companies on my speed dial.
When I wanted a phone "killed" I'd just call up the CEO of that phone company and have him have his people disable the phone plan for "non-payment" or whatever.
Plausible deniability and the hardware still works.
Ah yes, the other reason there are no good engineering managers: someone who is actually focused on managing their team well, rather than playing corporate-politics games in the higher echelons, might well get fired.
"Not a team player."
But which team and what game is never directly stated.
The "team" is not the people you manage. It is the other managers and the executives. You burn "worker bees" to protect the people on the real team.
And that is the game. Protect the careers of the managers and executives. That's why there are management meetings and executive retreats and golf games. So you will be able to bond with the people who will be protecting you and who will expect your protection in exchange.
I'm saying what I have seen to be true, but I can't imagine why anyone would go in to management to begin with in spite of some of the importance of the above statement.
Different personality types. Some people love code more. Other people love interacting with people more.
Also, the manager usually gets paid more than their most expensive person being managed.
So what would drive someone who loves code to trade time coding for time attending management retreats? Aside from the money? And the prestige of management retreats?
Change the way you look at management and workers. Managers are supposed to be management because they understand BOTH sides (management and code) and can translate the requirements of either side to the other.
Perhaps the worst fallacy is the kind of self-deception for which psychologist Uri Simonsohn of the University of Pennsylvania and his colleagues have popularized the term P-hacking; it is also known as data-dredging, snooping, fishing, significance-chasing and double-dipping. "P-hacking," says Simonsohn, "is trying multiple things until you get the desired result" - even unconsciously.
Just change it to a extra-special-search list, and let people fly but check them carefully.
Probably not going to happen.
Politicians are, usually, very risk averse. They do not want to be THE ONE to push for a change that results in another terrorist taking over an airplane. Even if the likelihood of that is practically non-existent.
They don't care who's on the list or even if the list is valid as long as: 1. They (and their families/friends) are not on the list. 2. They are not directly responsible for being "weak" on anything.
Actually the builder offers a guarantee that the wall will be built to industry standards.
And to the exact specifications that were provided to him, in writing, at the time he bid for the job.
Try getting a builder to build the wall "just a bit higher" or "just a bit wider" or "just put a window in that patch you've finished already". Not going to happen.
Which is why programming is not the same as construction.
Indeed nobody would hire a builder who's contract stated that they offered no guarantee.
And, likewise, no builder would bit for a job that didn't have EVERYTHING already specified and signed off by a certified architect.
In software it is not possible in practice for someone to write a non-trivial program without any bugs.
The first problem in software is defining what a "bug" is. It's not a feature request. It's not something that was left out of the requirements.
If the employer can provide the same level of documentation for the program that a builder will be provided with then software "bugs" become a lot rarer.
Grading on the curve assumes that all student cohorts are pretty similar, but that some courses/exams are easy and some are hard.
No it doesn't. It's trying to match non-random data-points to a random distribution curve. It says nothing about the difficulty of the exam.
Is it more difficult to roll a 3 on a d6 than it is to roll a 6? Of course not. It's random. But it is more difficult to roll 3d6 and get 18.
Your way assumes that all courses are exactly as hard as each other, but makes no assumptions about the other students.
Why would it need to make any assumptions about other students? Whether I know X is not dependent upon whether you know X. Or even if you do not know X.
A. Take the top 10 coders in the Linux kernel. Now "grade" them on a curve (compared to each other).
B. Now take the 10 worst coders in the world. "Grade" them on a curve (compared to each other).
What does that tell you about the skill levels between the "average" 2.5 people in A and the "exceptional" 4.0 person in B? And THAT is why grading on a curve is a bad idea.
What makes you think A is really X's friend and not some random guy that bought what they thought was a new SIM and which turns out to be used one last owned by X?
PR-wise, it doesn't matter because we (USofA!) will still claim that we killed their #2 or #3 sub-commander.
But you do raise an interesting point. Could those SIM cards be sold/donated to the enemies of X? So we (USofA!) end up killing X's enemies for him?
Cut the speaker and display wires (no sound and no lights) and you now have a "homing beacon" for a drone attack that can be hidden just about anywhere.
Some have as many as 16 different SIM cards associated with their identity within the High Value Target system while other top Taliban leaders, knowing of the NSA's targeting method, have purposely and randomly distributed SIM cards among their units in order to elude their trackers.
So instead of killing X you kill X's friends A, B and C.
That doesn't sound like a good plan on their part.
I'd look for ways to communicate without SIM cards. Or to trash used SIM cards. They're cheap. Really cheap.
In what world do most employees except graphics designers and hair dressers end up with a "portfolio" of work they can show?
If you're a programmer then your portfolio is the Open Source projects that you've contributed to.
I've had employers take positive note of it 7 years after I graduated and I'm sure it still supports and gives credibility to my more recent work history.
You're confusing "degree" with "GPA". Having a degree is a positive achievement. But once you get your first job you will not have to explain why you have a 3.0 GPA instead of a 4.0.
The only reason employers look at grades is to judge who is elite and who are the median.
Let me change that a bit.
The only reason employers look at grades is because you are applying for your first job and you have not built a portfolio sufficient for the hiring process.
Once you have your first job no one cares about your grades.
We actually have a time-tested way of comparing students' performance to each other: grading on a curve.
That only works when MULTIPLE RANDOM items are compared. Such as rolling 3d6.
Since answering questions on a test should NOT be random there should not be any reason to attempt to force the scores into a curve.
When I was in college (early 2000s, major American public university), all science and math courses were graded on curves, with 10-15% of the class getting As.
I started college in 1983. The grades were based upon how many questions you answered correctly. It did not matter what other students answered. Why would it?
Some students complained that they were doing well and learning the material, but are only getting Bs because of superstars in the course. To that, I say tough, because in the real world, no one is going to hire you to do anything just because you are good enough if another candidate is around who will do a better job than you will.
By that logic, a "B" student in one class could be an "A" student in the same class with the same professor on the same material with the same answers... but in a different semester/quarter.
Which means that the smart students will learn to "game" the system.
Of course we can't really know for sure, but based on how many who studied French or German in the past and then went on to use it in a commercial capacity I doubt coding skills are any less valuable.
Look at the device that you used to type those words. Whether it was a desktop or laptop or tablet or smartphone or whatever it probably was not manufactured in France or Germany.
It was probably manufactured in China. Then shipped to wherever you are.
Now look around and see how many other items were manufactured in China. For different companies.
Do mechanics worry about everyone on the planet knowing how to fix their car?
Watch the Jeremy Paxman interview. It is hilarious. This isn't about mechanics telling other people to learn how their car works.
This is people who can't tell a piston from a pylon that OTHER people need to learn to be a mechanic.
The woman in that interview said that if she knew how to code then she could have saved money by doing her own graphics for her website (which she would also be building). Look up WordPress! HTML is "code" only in a very broad sense. And a year of learning JavaScript won't do much to teach you Apache/IIS administration.
The problem here is that "code" is being used as a synonym for "computer magic".
Learning more stuff usually does not hurt. Anyone who wants to learn to code should be encouraged to learn to code. Or to learn website administration. Or to learn graphic design. Or to learn to be a mechanic.
But, as Jeremy Paxman pointed out, is it better to put the focus on code or should money be spent getting people to learn Mandarin Chinese?
Is someone who does not know calculus unable to state the calculus might be beneficial to high school students?
Pretty much. Oh they can state that it "might be beneficial". But they cannot state HOW. Or WHY you should spend time learning calc instead of putting those same hours into learning German or another biology class or how to cook.
Is a parent who is illiterate not able to look on the work, see the value of reading and writing, and want that value for their kid.
That's different. You can be literate in English and illiterate in German. Whether it is an issue depends upon whether you can read the material where you live or not.
I would hate to live in the world that so many or/. readers seem to live, in which only people who know how to do something can do it, or where coding is a magic that must be protected from the masses.
No one is saying that people SHOULD NOT learn to code. If that is what they are interested in.
The question is whether there should be a push to get more people to take a pre-intro to programming so they can do... what?
I've used rsync to push and to pull so it is bi-directional.
The main difference between rsync and Unison is what happens when file X is altered at the local site AND at the remote site between a single sync interval.
With rsync, one of the altered files will be over-written by the alterations to that file at the other site.
Whether this is a problem or not depends upon your specific situation.
What applications, beyond simply the preservation and sharing of family data, (grandkids' photos, home videos, and more) would be good to leverage such a platform? Security Cameras? HTPC? VoIP? Home Automation?
FIRST, you decide on what functionality you want.
THEN you look at how to achieve that functionality within your budget.
I'd use rsync as the cheapest means of replicating data between multiple sites. But once you start adding additional functionality requirements that might change.
and wouldn't that be the purpose of ACL's and firewalls?
In general, yes. But the situation should not arise where you have to firewall a vendor's system because it should not be touching your production network in the first place. It's adding risk when it is not necessary.
what purpose does any of the hvac machines need on the financial side of the network? any traffic going between the two (in either direction!) should be blocked and send up red flags.
Yes, it should. You are correct.
But this doesn't have to be between the financial sub-net and the HVAC sub-net. The HVAC system only needs access to a machine that DOES have access to the financial network.
Or access to a machine that has access to a machine that has access to the financial network.
Or access to a machine that has access to a machine that has access to a machine that has......... the financial network.
It's easier just to keep it off the production network.
... but given how congested IDFs are and how expensive the staff is to continually maintain vlans and associated ports, I'm not surprised at all that this happened.
That's why they should have their own Internet connection coming in. They should NEVER touch the production network. There's just too much risk (as shown by Target).
I have gone through this exact same "logic" at places where I've worked. It's impossible to explain to some people that... while the person putting in X may be completely honest you are depending upon that person to have as good security practices as you have.
Except that that person does not have any idea of what network security is. Or computer security.
But it will make it easier if vendors X, Y and Z have remote access to their systems which are on the production network.
It will be more difficult if we have to pay an ISP for the cheapest line they have and colour-code it and label it and super-glue it so that they have access but it does not touch the production network. At least not without someone coming in and physically re-wiring it.
Slashdot Mirror
The vulnerability used will be the easiest/first one that the attacker can find.
That sounds flippant but it is true. Most attackers won't even bother to map your network/systems. They'll just try whatever they have and use the first thing that works.
As long as you keep them in your wallet then writing them down is fine.
You're MUCH more likely to be aware when someone steals your wallet than when someone steals your password. So keep your passwords in your wallet if you cannot remember them.
Similar for home systems. Keep them safe at home. Criminals breaking into your home to steal stuff are not USUALLY going to be looking for a piece of paper with your passwords on it.
As seems to be the case in Australia where they are already doing this.
http://www.sfgate.com/bayarea/nevius/article/An-easy-way-to-curb-smart-phone-thieves-2344797.php
No. I intentionally decided against the paranoid option.
What purpose would it serve for the NSA to brick a bunch of phoneS at one time?
Other than making a very big, very public story? Which would get a LOT of airplay in the media.
If the NSA needs service cut in a specific area they can already do that.
If I were working for one of those agencies I'd save myself the stress and just keep the personal phone numbers of the CEO's at the phone companies on my speed dial.
When I wanted a phone "killed" I'd just call up the CEO of that phone company and have him have his people disable the phone plan for "non-payment" or whatever.
Plausible deniability and the hardware still works.
"Not a team player."
But which team and what game is never directly stated.
The "team" is not the people you manage. It is the other managers and the executives. You burn "worker bees" to protect the people on the real team.
And that is the game. Protect the careers of the managers and executives. That's why there are management meetings and executive retreats and golf games. So you will be able to bond with the people who will be protecting you and who will expect your protection in exchange.
Different personality types. Some people love code more. Other people love interacting with people more.
Also, the manager usually gets paid more than their most expensive person being managed.
So what would drive someone who loves code to trade time coding for time attending management retreats? Aside from the money? And the prestige of management retreats?
Change the way you look at management and workers. Managers are supposed to be management because they understand BOTH sides (management and code) and can translate the requirements of either side to the other.
A programmer is NOT the larval form of a manager.
From TFA:
Probably not going to happen.
Politicians are, usually, very risk averse. They do not want to be THE ONE to push for a change that results in another terrorist taking over an airplane. Even if the likelihood of that is practically non-existent.
They don't care who's on the list or even if the list is valid as long as:
1. They (and their families/friends) are not on the list.
2. They are not directly responsible for being "weak" on anything.
And to the exact specifications that were provided to him, in writing, at the time he bid for the job.
Try getting a builder to build the wall "just a bit higher" or "just a bit wider" or "just put a window in that patch you've finished already". Not going to happen.
Which is why programming is not the same as construction.
And, likewise, no builder would bit for a job that didn't have EVERYTHING already specified and signed off by a certified architect.
The first problem in software is defining what a "bug" is. It's not a feature request. It's not something that was left out of the requirements.
If the employer can provide the same level of documentation for the program that a builder will be provided with then software "bugs" become a lot rarer.
No it doesn't. It's trying to match non-random data-points to a random distribution curve. It says nothing about the difficulty of the exam.
Is it more difficult to roll a 3 on a d6 than it is to roll a 6? Of course not. It's random. But it is more difficult to roll 3d6 and get 18.
Why would it need to make any assumptions about other students? Whether I know X is not dependent upon whether you know X. Or even if you do not know X.
A. Take the top 10 coders in the Linux kernel. Now "grade" them on a curve (compared to each other).
B. Now take the 10 worst coders in the world. "Grade" them on a curve (compared to each other).
What does that tell you about the skill levels between the "average" 2.5 people in A and the "exceptional" 4.0 person in B? And THAT is why grading on a curve is a bad idea.
PR-wise, it doesn't matter because we (USofA!) will still claim that we killed their #2 or #3 sub-commander.
But you do raise an interesting point. Could those SIM cards be sold/donated to the enemies of X? So we (USofA!) end up killing X's enemies for him?
Cut the speaker and display wires (no sound and no lights) and you now have a "homing beacon" for a drone attack that can be hidden just about anywhere.
So instead of killing X you kill X's friends A, B and C.
That doesn't sound like a good plan on their part.
I'd look for ways to communicate without SIM cards. Or to trash used SIM cards. They're cheap. Really cheap.
If you're a programmer then your portfolio is the Open Source projects that you've contributed to.
You're confusing "degree" with "GPA". Having a degree is a positive achievement. But once you get your first job you will not have to explain why you have a 3.0 GPA instead of a 4.0.
Let me change that a bit.
The only reason employers look at grades is because you are applying for your first job and you have not built a portfolio sufficient for the hiring process.
Once you have your first job no one cares about your grades.
That only works when MULTIPLE RANDOM items are compared. Such as rolling 3d6.
Since answering questions on a test should NOT be random there should not be any reason to attempt to force the scores into a curve.
I started college in 1983. The grades were based upon how many questions you answered correctly. It did not matter what other students answered. Why would it?
By that logic, a "B" student in one class could be an "A" student in the same class with the same professor on the same material with the same answers ... but in a different semester/quarter.
Which means that the smart students will learn to "game" the system.
Look at the device that you used to type those words. Whether it was a desktop or laptop or tablet or smartphone or whatever it probably was not manufactured in France or Germany.
It was probably manufactured in China. Then shipped to wherever you are.
Now look around and see how many other items were manufactured in China. For different companies.
Watch the Jeremy Paxman interview. It is hilarious. This isn't about mechanics telling other people to learn how their car works.
This is people who can't tell a piston from a pylon that OTHER people need to learn to be a mechanic.
The woman in that interview said that if she knew how to code then she could have saved money by doing her own graphics for her website (which she would also be building). Look up WordPress! HTML is "code" only in a very broad sense. And a year of learning JavaScript won't do much to teach you Apache/IIS administration.
The problem here is that "code" is being used as a synonym for "computer magic".
Learning more stuff usually does not hurt. Anyone who wants to learn to code should be encouraged to learn to code. Or to learn website administration. Or to learn graphic design. Or to learn to be a mechanic.
But, as Jeremy Paxman pointed out, is it better to put the focus on code or should money be spent getting people to learn Mandarin Chinese?
Pretty much. Oh they can state that it "might be beneficial". But they cannot state HOW. Or WHY you should spend time learning calc instead of putting those same hours into learning German or another biology class or how to cook.
That's different. You can be literate in English and illiterate in German. Whether it is an issue depends upon whether you can read the material where you live or not.
No one is saying that people SHOULD NOT learn to code. If that is what they are interested in.
The question is whether there should be a push to get more people to take a pre-intro to programming so they can do ... what?
I've used rsync to push and to pull so it is bi-directional.
The main difference between rsync and Unison is what happens when file X is altered at the local site AND at the remote site between a single sync interval.
With rsync, one of the altered files will be over-written by the alterations to that file at the other site.
Whether this is a problem or not depends upon your specific situation.
FIRST, you decide on what functionality you want.
THEN you look at how to achieve that functionality within your budget.
I'd use rsync as the cheapest means of replicating data between multiple sites. But once you start adding additional functionality requirements that might change.
You aren't.
But this isn't about free content.
This is about an agreement to restrict who can broadcast the material and how they're using that restriction to deny that material to people.
So the first question should be "why aren't more media companies able to broadcast an event such as the Olympics".
In general, yes. But the situation should not arise where you have to firewall a vendor's system because it should not be touching your production network in the first place. It's adding risk when it is not necessary.
Yes, it should. You are correct.
But this doesn't have to be between the financial sub-net and the HVAC sub-net. The HVAC system only needs access to a machine that DOES have access to the financial network.
Or access to a machine that has access to a machine that has access to the financial network.
Or access to a machine that has access to a machine that has access to a machine that has ......... the financial network.
It's easier just to keep it off the production network.
That's why they should have their own Internet connection coming in. They should NEVER touch the production network. There's just too much risk (as shown by Target).
I have gone through this exact same "logic" at places where I've worked. It's impossible to explain to some people that ... while the person putting in X may be completely honest you are depending upon that person to have as good security practices as you have.
Except that that person does not have any idea of what network security is. Or computer security.
But it will make it easier if vendors X, Y and Z have remote access to their systems which are on the production network.
It will be more difficult if we have to pay an ISP for the cheapest line they have and colour-code it and label it and super-glue it so that they have access but it does not touch the production network. At least not without someone coming in and physically re-wiring it.