Having the passwords in the clear would not be a problem if their servers were not so stupidly vulnerable.
Stupidly vulnerable servers being the result of stupid admin/programmer.
Stupid admin/programmer being the result of management that does not understand computer security.
Etc, etc, etc.
There are always a thousand reasons NOT to correctly handle basic computer security. Time, money, resources, training, blah, blah, blah. And there always will be. Which is why this type of incident will play out over and over again.
If you're putting a server on the Internet and you have NOT solved the problem of hashing the passwords then there is a core problem that has not been addressed. Something is wrong with your business model or programmer or management or whatever.
Not fixing anything is cheaper then fixing it (in terms of immediate cash expense).
Yep. That's the core problem with computer security. It is always cheaper to not do anything (right up until you lose critical data to a cracker) as long as it runs "good enough".
Doesn't mean sticking with IE is the right decision, or a reasonable decision, or even that someone made a decision instead of ignoring the problem.
Even the decision to ignore the problem is a decision. Again, as long as it runs "good enough" there will be problems getting it changed.
But if they aren't going to and they want their software to stay static and unchanging, there are any number of solutions including: Go to "about:config" and change "app.update.auto" to false.
I don't like the all or nothing approach.
How about white lists instead? Recognize that there will be instances where X is not safe for use on the Internet but you still need X for your corporate apps.
So X is whitelisted only for specific apps / servers / IP ranges / whatever and blocked for everything else.
NoScript already does a pretty good job on most of that. But it needs more granularity.
What I was trying to say is that employees are people, and people are often unprofessional and discriminatory, and of course naturally get on better with others who share their values.
Of course they do. And they can do that all they want in their personal lives.
On the job though they're expected to behave professionally. And part of "professionally" means not bringing up issues such as religion or politics and so forth. Or being able to deal, professionally, with others who have differing views.
And when an employer is selecting for religion / politics / whatever then there is a problem.
Asking for your Facebook password is practically the same as asking forbidden interview questions.
What happens when the HR person looks at your page and sees that you're participating in the setup of inter-racial gay Jewish recognition events?
Do they really want the risk of having to defend themselves in court against charges of discrimination when you are not hired?
There is a reason that they avoid certain questions. Those questions can land them in court. Demanding access to your personal life can be the same as asking those questions. With the same results.
Yes, strictly you don't, but the smaller the company the more important it is to get someone who fits the office culture, and religous, poltical and even sexual orientation can have a massive impact.
You're wrong because most of that should not even come up at the office.
If it is an issue then the owner needs to be informed on the realities of operating in a multi-cultural nation.
If the government is going to spend hard earned tax dollars, they might as well buy from American companies who operate factories in America. Or does "Buy American" mean buying from companies who outsource jobs to China?
It's the second one.
The companies want bigger profits. So the companies outsource whatever they can, wherever they can. And our government decides that that supply chain is "good enough".
All the government has to do is require that the parts be made 100% in the USofA and there would be a huge change.
If you want to talk about children being killed, you should consider what "religious fanatics" fight against every day. Over 54 million children killed legally under US law since the 60s, in the name of choice.
Ignoring your choice of "children" in that statement...
The other side of that discussion is over 150 million women in the USofA who are not treated as slaves because some man wants them to birth children for him.
I'll take the rights of LIVING woman over the rights or a unborn child any day.
Those "religious fanatics" are fighting to take away the rights of those 150 million women.
I've seen the Green Dot ones and their fee structure is fucking ridiculous if you want to use it as just a re-loadable card instead of having your pay check deposited to it. Which kind of defeats the idea of "re-loadable".
The best I've found is Western Union's. And even that has a few hoops I have to go through to put cash on it.
Again, Europe has had this tech for years. If I want to lend someone 50 Euro I can do that electronically.
Instead of a cool "wallet" thing, how about a credit card that I can pre-load with cash so I don't have to carry my other credit cards / debit card in case my physical wallet is stolen? And so I can feel safer making on-line purchases with non-major sites. Just so that the most that can ever be stolen is whatever I have pre-loaded.
5) Re-fuel with fuel conveniently pre-manufactured by previous robotic missions (this is the only part not obvious to me how it would be done for whatever that's worth).
The same way as the other stuff.
Get it off Earth. Get it into orbit on Mars. When they need it on Mars, have it drop out of orbit.
That way you can also ship extras. Just in case something goes wrong. And spare parts.
Please do not do that. I have had to endure far too many of those. It is bad enough when it is your own department or field.
When it is a different department or field then ALL you are doing is pissing people off. They're just repeating YOUR words without the background to understand what they're saying. Like training a dog to "speak".
Audience participation happens IF it happens. Trying to "force" it negates any positives from it.
The current theory is that neutrinos do not travel faster than light. This experiment failed to invalidate that theory. Therefore, this experiment supports that theory.
In order for a "mystery" to exist the "faster than light" experiment has to be repeatable.
If there really was a shortage then wages would rise. Rising wages mean more people try to get into that field. We're still hearing about the "shortage" but wages aren't going up.
Instead, there are a lot of companies lobbying Congress for changes in the H-1B visa program to get more cheap engineers from overseas.
Slashdot Mirror
Having the passwords in the clear would not be a problem if their servers were not so stupidly vulnerable.
Stupidly vulnerable servers being the result of stupid admin/programmer.
Stupid admin/programmer being the result of management that does not understand computer security.
Etc, etc, etc.
There are always a thousand reasons NOT to correctly handle basic computer security. Time, money, resources, training, blah, blah, blah. And there always will be. Which is why this type of incident will play out over and over again.
If you're putting a server on the Internet and you have NOT solved the problem of hashing the passwords then there is a core problem that has not been addressed. Something is wrong with your business model or programmer or management or whatever.
So if I put coloured epoxy over the wires so they cannot be seen ...
The point is that the people claiming that this looks like "a handmade explosive device" do not know what "a handmade explosive device" looks like.
It just looks UNUSUAL so they panicked.
In general, the Republicans are anti-science and the Democrats are not anti-science.
But does that mean that every single person to the right of Obama is more anti-science than every single person to the left of Obama? No, it does not.
I'm with the FDA on this one. Why not post more information?
Yep. That's the core problem with computer security. It is always cheaper to not do anything (right up until you lose critical data to a cracker) as long as it runs "good enough".
Even the decision to ignore the problem is a decision. Again, as long as it runs "good enough" there will be problems getting it changed.
I don't like the all or nothing approach.
How about white lists instead? Recognize that there will be instances where X is not safe for use on the Internet but you still need X for your corporate apps.
So X is whitelisted only for specific apps / servers / IP ranges / whatever and blocked for everything else.
NoScript already does a pretty good job on most of that. But it needs more granularity.
Which is easier for the average corporation?
a. Fixing the crap code that they've accumulated over the years?
b. Sticking with IE because it allows them to run the crap code from a?
Mozilla may have chosen the moral course in this but they won't achieve anything except to further marginalize themselves in corporations.
Fixing code costs money. Sticking with IE is free.
Something like NoScript but with more granularity and that can be pushed to each workstation?
Sounds good. And 100% better than the course Mozilla did choose.
Instead of Mozilla just fucking DISABLING it, how about adding a huge blinky warning to it?
"Oh, wow. I should upgrade as soon as I get the opportunity."
vs
"Fuck, it broke!"
http://www.projectrho.com/rocket/enginelist.php#id--Ion
It's a great site which details (with lots of math) the various problems with space travel.
Imagine The Lord of the Rings where all the Hobbits had Brooklyn accents.
Other enough to be unusual but still understandable but evoking an entirely different genre (mafia crime drama).
Of course they do. And they can do that all they want in their personal lives.
On the job though they're expected to behave professionally.
And part of "professionally" means not bringing up issues such as religion or politics and so forth. Or being able to deal, professionally, with others who have differing views.
And when an employer is selecting for religion / politics / whatever then there is a problem.
Asking for your Facebook password is practically the same as asking forbidden interview questions.
What happens when the HR person looks at your page and sees that you're participating in the setup of inter-racial gay Jewish recognition events?
Do they really want the risk of having to defend themselves in court against charges of discrimination when you are not hired?
There is a reason that they avoid certain questions. Those questions can land them in court. Demanding access to your personal life can be the same as asking those questions. With the same results.
You're wrong because most of that should not even come up at the office.
If it is an issue then the owner needs to be informed on the realities of operating in a multi-cultural nation.
First off - scienceblog - light grey on white is NOT a good colour scheme for text.
Have you been to Reality lately? It's dog eat dog. Literally.
I don't think Reality has a "liberal bias". More like "liberals" are more willing to use science as a means of "validating" their positions.
While "conservatives" are more willing to use religion to "validate" their positions.
It's the second one.
The companies want bigger profits.
So the companies outsource whatever they can, wherever they can.
And our government decides that that supply chain is "good enough".
All the government has to do is require that the parts be made 100% in the USofA and there would be a huge change.
Bullshit. As is demonstrated by TFA.
You want it done right then you pay for it to be done right.
Finding someone who will do it cheaper and do it wrong is easy.
Duh!
Think of it more like "chat roulette".
Ignoring your choice of "children" in that statement ...
The other side of that discussion is over 150 million women in the USofA who are not treated as slaves because some man wants them to birth children for him.
I'll take the rights of LIVING woman over the rights or a unborn child any day.
Those "religious fanatics" are fighting to take away the rights of those 150 million women.
I've seen the Green Dot ones and their fee structure is fucking ridiculous if you want to use it as just a re-loadable card instead of having your pay check deposited to it. Which kind of defeats the idea of "re-loadable".
The best I've found is Western Union's. And even that has a few hoops I have to go through to put cash on it.
Again, Europe has had this tech for years. If I want to lend someone 50 Euro I can do that electronically.
Instead of a cool "wallet" thing, how about a credit card that I can pre-load with cash so I don't have to carry my other credit cards / debit card in case my physical wallet is stolen?
And so I can feel safer making on-line purchases with non-major sites.
Just so that the most that can ever be stolen is whatever I have pre-loaded.
You know, like Europe has had for years?
The same way as the other stuff.
Get it off Earth.
Get it into orbit on Mars.
When they need it on Mars, have it drop out of orbit.
That way you can also ship extras. Just in case something goes wrong. And spare parts.
Your circumstances are perfect for getting involved politically.
Start locally. Have you written a PAPER letter to your Congress critters yet? To your governor? To your state legislature?
If not, why not?
Have you volunteered for a political candidate?
Please do not do that. I have had to endure far too many of those. It is bad enough when it is your own department or field.
When it is a different department or field then ALL you are doing is pissing people off. They're just repeating YOUR words without the background to understand what they're saying. Like training a dog to "speak".
Audience participation happens IF it happens.
Trying to "force" it negates any positives from it.
The current theory is that neutrinos do not travel faster than light.
This experiment failed to invalidate that theory.
Therefore, this experiment supports that theory.
In order for a "mystery" to exist the "faster than light" experiment has to be repeatable.
If there really was a shortage then wages would rise.
Rising wages mean more people try to get into that field.
We're still hearing about the "shortage" but wages aren't going up.
Instead, there are a lot of companies lobbying Congress for changes in the H-1B visa program to get more cheap engineers from overseas.
It's about profits. Not a shortage of engineers.
In a large enough group, there are always "some people" (more than 1 person) who believes X.
Whether X is that they've been kidnapped by aliens or whatever. In a big enough group there will be "some people" who believe it.
So knock it off! If you cannot point to them, shut your mouth.