If not, it sounds like IT forgot to remind people of how to secure data, and instead were relying on people not copying things from their unsecured network.
Didn't you get the memo? IT is "legacy" now. It's all about empowering the end-users to develop their end-user creativity without the restrictions of the IT way.
If keeping un-encrypted documents on an un-managed device without a password helps that end-user be more "productive" then who are YOU to say no?
IT didn't forget to remind anyone. This is about taking IT out of the loop. Because IT is holding back the end-users and their iPads.
According to Robert Stephens, founder of the Geek Squad and CTO at electronics retailer Best Buy, the iPad is... it. You can customize and order a pizza from Papa John's right from your iPhone. IT no longer has the unique set of knowledge about what is possible. The user now knows what they want, and they can and will demand it from IT."
There is a HUGE difference between ordering a pizza and keeping confidential documents on your iPhone.
The best part is that the Best Buy CTO cannot identify his own advances. He has to reference a PIZZA VENDOR.
And that is a WEBSITE. What does that have to do with an iPhone? You could do the same thing with a desktop or a laptop.
Clevenger writes, adding that this will likely involve 'painful changes in the status quo of corporate IT,' including the need to 'shed our arrogance' to give the underlying technology a chance to succeed.
I don't think you understand what "underlying technology" means.
This isn't about the wireless standards that the phones adhere too. Or any of the other REAL technologies.
This is about security and accountability. Who is responsible for the data on your iPad when it is stolen? What is the process AFTER it is stolen?
So at this point the onus is on you to prove yourself innocent (civil court remember) and remember they've probably also used discovery to pull images of your servers and desktops.
How about changing "prove yourself innocent" to "provide evidence that the disgruntled former employee's testimony is less reliable than your testimony".
EVIDENCE. The courts are supposed to run on evidence. The BSA cannot provide any evidence UNTIL they have an audit. But the CAN provide a WITNESS who has been established as being in a position to directly observe the claimed violation(s).
The other part to remember about this is that the big software houses are COMPLICIT in this charade. This is not (you) against (the BSA).
This is (you) against (the BSA and member companies that have spent years working the legal system to advantage themselves in this area).
Check the old/. threads. How many times have you seen the claim that "if Linux had the same marketshare as Windows..."? Marketshare was identified as the deciding factor in what "mal-ware" was written.
This is why I teach one simple rule. Just say no. Do not use commerical software unless you have to, and pay for a real license if you do.
And DOCUMENT it. With the original receipt. And multiple copies of the original receipt.
Stored in different places.
The WORST part of this is that the software vendors are complicit in this. There is no way (outside of a volume license agreement) for you to register a license key with Microsoft so that there is no question that your company purchased it... on what date... from what approved vendor.
Microsoft does not track or register non-volume-license license keys. Even though doing so would be MUCH easier for them than the BSA bullshit is for their customers.
This is about proving that you have purchased the license to run the software that the EULA applies to from a vendor who was licensed to sell it.
And the BSA already has someone saying that you have not.
If you have not purchased that license, then whether you are compliant with the EULA is immaterial. It is "pirated". If you cannot demonstrate that you have purchased that license, when someone else is willing to claim that you have not, then you will probably lose in court.
Once you have demonstrated that you have legitimately purchased the license through a verifiable vendor, THEN the EULA comes into play. You can be in violation of the EULA even if you purchased the license (and can prove it).
It is complicated which is why you need a lawyer who has experience in this.
The BSA will be sure to send a lawyer. You'll need one who has experience in this.
And remember, it isn't just about the audit. You also have to prove (this is civil, not criminal) that all the software you're running is legit. Which means receipts from verifiable vendors.
Just because you have a license key does not mean that you have a "legit" copy (according to the BSA).
He's focusing on 419 scams. He wants an instant (or almost instant) way to shut down the accounts that the 419 scammers use.
Which means either an automated system (yeah, how'd you like your account killed because of something you posted on/. that someone took offense to) or A staff monitoring the abuse@ and postmaster@ accounts for the various email systems around the clock, every single day.
And what would this accomplish? It would save the gullible people from themselves. Maybe. As long as the scammers didn't target their emails with enough different reply_to addresses to bypass this.
I'm not getting a very good feeling for this guy's technical credentials.
They're outsourcing the IT department... which leaves them with no one in-house capable of verifying that the outsourcing service is competent or even following data-security processes.
Or to put it another way... how many scientists would the tobacco industry have to hire before you would start to believe that cigarette smoke was not a carcinogen?
Would you have to refute every single one of their "studies"?
And then have to refute the next "study" as well?
When someone is paid to find certain "findings" in a "scientific" fashion... the onus is on THAT person to demonstrate that they adhered to established "best practices" and rigid scientific methodology.
Seriously. Otherwise all you end up with is one set of paid "scientists" generating "studies" that other scientists have to take the time and effort to refute.
http://en.wikipedia.org/wiki/William_Shockley If so, the problem with that comparison is that Shockley seems to have been mis-represented by the media (another common/. complaint) that did not understand his statements.
Or maybe he really was a racist who wanted to find a biological reason for "inferiority" but never seemed to be able to.
Being religious does not make you a bad scientist.
And I did not say that it did. Gregor Mendel was a monk in a monastery.
Claiming that ID is a valid scientific theory *does* make you a bad scientist - and reduces your credibility across the board.
I wouldn't say "reduces". If a scientist cannot tell that an unfalsifiable claim is not science then he is not to be trusted with any other "scientific claims" he makes.
Certainly this new data should be examined, and I'm not saying Dr Spencer should be dismissed out-of-hand, but clearly he's not the sort of guy who's conclusions we should be taking on faith (pun not intended).
I'm saying that both should be done.
His "science" should be dismissed because he's demonstrated that he either does not understand it or is willing to sell his "professional" claims.
And there is nothing wrong with any data being reviewed by any scientist at any time.
The problem with dealing with fake science is that it is useless. The practitioners keep "moving the goal posts" and will mis-quote anyone who critiques their work.
The Intelligent Design "debate" is a great example of that.
Evolution is the basis for all modern medical and biological science.
For some "scientist" to claim that Intelligent Design is a science (hint: it cannot be falsified so it is not) does call into question all their other "scientific" claims.
And before anyone goes into "religious beliefs"... that's irrelevant. Even the Pope and the Catholic Church have accepted the evidence of evolution.
This sounds more like a Hollywood pitch (see, it's like The Diamond Age... crossed with Harry Potter... taking place during The Singularity... the geeks will LOVE it!) or a PR stunt.
It's all about the random references.
From TFA:
âoeAutocatalyzing Intelligence Symbiosis: what happens when artificial intelligence for intelligence amplification drives a 3dfx-like intelligence explosion.â
"3dfx-like". WTF.
And...
There are three different Mooresâ(TM) Laws of accelerating returns. There are three uncanny valleys that are being crossed.
I'm getting the feeling that they're just grabbing random phrases and stringing them together.
Rather, the government should update their requirements for "anti-virus" software to include:
1. A bootable CD/DVD that runs the anti-virus app in order to bypass the problems of the "virus" interfering with the clean-up.
2. Hashes (multiple hashes) of the KNOWN system files and their default locations and sizes.
3. As with 2 above, but also including as many applications as possible.
4. Of course the hashes would have to be easily updated after booting the CD/DVD. From a website and/or a local server (controlled by your IT department).
5. Related to 4 above, include the ability for the local IT department to add their own hashes and locations of the apps they've developed "in house".
At least this way the IT department SHOULD be able to tell what is NOT infected.
I know, you might be able to get a collision on a specific file with a specific hash. But it is extremely unlikely that you can get multiple collisions for different hashes on that file and still keep it to that same size AND have it do anything "dangerous".
Government specs it... the market provides it. And the regular users benefit from it.
When the systems were in your office, you had X number of points of failure.
And you had someone on site who's job it was to make sure that those systems were available to you.
So you're moving to the "cloud" to save money... by increasing the number of the points of failure.
So then you add additional systems to mitigate the problems that come with the "cloud". And you probably outsource the maintenance of those systems as well.
And everything is fine until there is a problem. At which point you realize that all the people who you depend upon to keep your systems working only see you as another account. If your business fails, then they're out a portion of their income (until they replace the account with another one).
Force some fiscal responsibility, even if it is probably too late.
EVERYONE wants lower taxes and reduced spending and "fiscal responsibility".
The problem is that each person has a DIFFERENT idea of what the government should be spending money on (and what programs should be cut) and what should be taxed.
And that doesn't even factor in the ear-marks and riders and other pork that gets attached to garner votes.
Is that not a valid way of dealing with the problem? If you know you can't control your drinking, this seems like an effective way of mitigating the damage it causes.
How about changing the phrasing to such:
I drink alcohol to excess and when I am intoxicated I make dangerous decisions such as a. blah blah b. blah blah c. blah blah d. driving drunk
Getting rid of the car will make choice "d" more difficult to implement (but not impossible, you could borrow someone else's car before going out).
And you lose the benefits of owning your own transportation.
Without addressing any of the other secondary issues (a, b and c).
And without addressing the primary issue (drinking too much alcohol for your metabolism).
With all the available options, why is there even a discussion of "critical" systems being on the publicly available Internet?
They want a service that THEY do not have to pay for (or pay only a fraction of its cost). That way, their projects can get the "security" check box checked without paying the real cost.
Whereas the addressing always implied "one ipv6 for each of your devices"(almost like rfid for bluetooth devices, on the internet, all the time), they didn't figure out the firewalling ?
IPv6 has a section for private use.
FD00::/8
So the home router manufacturers could have the exact same configs as today (with IPv4) with IPv6. With all the same benefits and problems that we have today. And that people are familiar with. And familiarity is the important thing here.
Beyond that, it's just a matter of phrasing. The techs designing the home routers/firewalls know what the technology can do. The issue is phrasing that in a way that the home user can make an informed choice on what options they want to enable for which of their machines (connecting to which machines on the Internet).
2. Buy some decent letter writing materials. A physical letter carries a LOT more impact than an email.
3. Write the letters without profanity or insults. Include your contact information.
4. Send the letters to your Senators / Representatives.
5. Get your friends to write similar letters. The more letters they get, the more they will focus on this issue.
6. If an important vote is coming up, place a follow-up call to remind them how important this issue is.
The people most INVOLVED with the political process are the people who shape the political process. Corporations can pay people to devote time to influencing such decisions.
Slashdot Mirror
Didn't you get the memo? IT is "legacy" now. It's all about empowering the end-users to develop their end-user creativity without the restrictions of the IT way.
If keeping un-encrypted documents on an un-managed device without a password helps that end-user be more "productive" then who are YOU to say no?
IT didn't forget to remind anyone. This is about taking IT out of the loop. Because IT is holding back the end-users and their iPads.
From TFA:
There is a HUGE difference between ordering a pizza and keeping confidential documents on your iPhone.
The best part is that the Best Buy CTO cannot identify his own advances. He has to reference a PIZZA VENDOR.
And that is a WEBSITE. What does that have to do with an iPhone? You could do the same thing with a desktop or a laptop.
I don't think you understand what "underlying technology" means.
This isn't about the wireless standards that the phones adhere too.
Or any of the other REAL technologies.
This is about security and accountability.
Who is responsible for the data on your iPad when it is stolen?
What is the process AFTER it is stolen?
How about changing "prove yourself innocent" to "provide evidence that the disgruntled former employee's testimony is less reliable than your testimony".
EVIDENCE.
The courts are supposed to run on evidence.
The BSA cannot provide any evidence UNTIL they have an audit.
But the CAN provide a WITNESS who has been established as being in a position to directly observe the claimed violation(s).
The other part to remember about this is that the big software houses are COMPLICIT in this charade. This is not (you) against (the BSA).
This is (you) against (the BSA and member companies that have spent years working the legal system to advantage themselves in this area).
Check the old /. threads. ..."? Marketshare was identified as the deciding factor in what "mal-ware" was written.
How many times have you seen the claim that "if Linux had the same marketshare as Windows
Now this seems to contradict those claims.
And DOCUMENT it. With the original receipt. And multiple copies of the original receipt.
Stored in different places.
The WORST part of this is that the software vendors are complicit in this. There is no way (outside of a volume license agreement) for you to register a license key with Microsoft so that there is no question that your company purchased it ... on what date ... from what approved vendor.
Microsoft does not track or register non-volume-license license keys. Even though doing so would be MUCH easier for them than the BSA bullshit is for their customers.
This is about proving that you have purchased the license to run the software that the EULA applies to from a vendor who was licensed to sell it.
And the BSA already has someone saying that you have not.
If you have not purchased that license, then whether you are compliant with the EULA is immaterial. It is "pirated".
If you cannot demonstrate that you have purchased that license, when someone else is willing to claim that you have not, then you will probably lose in court.
Once you have demonstrated that you have legitimately purchased the license through a verifiable vendor, THEN the EULA comes into play. You can be in violation of the EULA even if you purchased the license (and can prove it).
It is complicated which is why you need a lawyer who has experience in this.
The BSA will be sure to send a lawyer.
You'll need one who has experience in this.
And remember, it isn't just about the audit. You also have to prove (this is civil, not criminal) that all the software you're running is legit. Which means receipts from verifiable vendors.
Just because you have a license key does not mean that you have a "legit" copy (according to the BSA).
He's focusing on 419 scams. He wants an instant (or almost instant) way to shut down the accounts that the 419 scammers use.
Which means either an automated system (yeah, how'd you like your account killed because of something you posted on /. that someone took offense to)
or
A staff monitoring the abuse@ and postmaster@ accounts for the various email systems around the clock, every single day.
And what would this accomplish?
It would save the gullible people from themselves. Maybe. As long as the scammers didn't target their emails with enough different reply_to addresses to bypass this.
I'm not getting a very good feeling for this guy's technical credentials.
They're outsourcing the IT department ... which leaves them with no one in-house capable of verifying that the outsourcing service is competent or even following data-security processes.
Great. Now every ISP has to store information that Congress should be focusing on NOT storing.
Wasn't this "new" Congress supposed to be against "unfunded mandates" from D.C.?
Who is going to be checking compliance for this?
Just another government requirement that small businesses have to pay to follow.
Or to put it another way ... how many scientists would the tobacco industry have to hire before you would start to believe that cigarette smoke was not a carcinogen?
Would you have to refute every single one of their "studies"?
And then have to refute the next "study" as well?
When someone is paid to find certain "findings" in a "scientific" fashion ... the onus is on THAT person to demonstrate that they adhered to established "best practices" and rigid scientific methodology.
Seriously. Otherwise all you end up with is one set of paid "scientists" generating "studies" that other scientists have to take the time and effort to refute.
http://en.wikipedia.org/wiki/William_Shockley /. complaint) that did not understand his statements.
If so, the problem with that comparison is that Shockley seems to have been mis-represented by the media (another common
Or maybe he really was a racist who wanted to find a biological reason for "inferiority" but never seemed to be able to.
And I did not say that it did.
Gregor Mendel was a monk in a monastery.
I wouldn't say "reduces".
If a scientist cannot tell that an unfalsifiable claim is not science then he is not to be trusted with any other "scientific claims" he makes.
I'm saying that both should be done.
His "science" should be dismissed because he's demonstrated that he either does not understand it or is willing to sell his "professional" claims.
And there is nothing wrong with any data being reviewed by any scientist at any time.
The problem with dealing with fake science is that it is useless. The practitioners keep "moving the goal posts" and will mis-quote anyone who critiques their work.
The Intelligent Design "debate" is a great example of that.
Evolution is the basis for all modern medical and biological science.
For some "scientist" to claim that Intelligent Design is a science (hint: it cannot be falsified so it is not) does call into question all their other "scientific" claims.
And before anyone goes into "religious beliefs" ... that's irrelevant. Even the Pope and the Catholic Church have accepted the evidence of evolution.
This sounds more like a Hollywood pitch (see, it's like The Diamond Age ... crossed with Harry Potter ... taking place during The Singularity ... the geeks will LOVE it!) or a PR stunt.
It's all about the random references.
From TFA:
"3dfx-like". WTF.
And ...
I'm getting the feeling that they're just grabbing random phrases and stringing them together.
But not in providing the "solution".
Rather, the government should update their requirements for "anti-virus" software to include:
1. A bootable CD/DVD that runs the anti-virus app in order to bypass the problems of the "virus" interfering with the clean-up.
2. Hashes (multiple hashes) of the KNOWN system files and their default locations and sizes.
3. As with 2 above, but also including as many applications as possible.
4. Of course the hashes would have to be easily updated after booting the CD/DVD. From a website and/or a local server (controlled by your IT department).
5. Related to 4 above, include the ability for the local IT department to add their own hashes and locations of the apps they've developed "in house".
At least this way the IT department SHOULD be able to tell what is NOT infected.
I know, you might be able to get a collision on a specific file with a specific hash. But it is extremely unlikely that you can get multiple collisions for different hashes on that file and still keep it to that same size AND have it do anything "dangerous".
Government specs it ... the market provides it.
And the regular users benefit from it.
When the systems were in your office, you had X number of points of failure.
And you had someone on site who's job it was to make sure that those systems were available to you.
So you're moving to the "cloud" to save money ... by increasing the number of the points of failure.
So then you add additional systems to mitigate the problems that come with the "cloud". And you probably outsource the maintenance of those systems as well.
And everything is fine until there is a problem. At which point you realize that all the people who you depend upon to keep your systems working only see you as another account. If your business fails, then they're out a portion of their income (until they replace the account with another one).
The problem with the "cloud" is that you put your complete trust in
a. the cloud provider
b. the telco that connects you to the cloud
As anyone who has ever had to deal with outside vendors knows, they have no real commitment to your business. You are a single account.
When your business cannot connect to the systems, it is a crisis for your business.
For them, it is another day in the office.
EVERYONE wants lower taxes and reduced spending and "fiscal responsibility".
The problem is that each person has a DIFFERENT idea of what the government should be spending money on (and what programs should be cut) and what should be taxed.
And that doesn't even factor in the ear-marks and riders and other pork that gets attached to garner votes.
How about changing the phrasing to such:
I drink alcohol to excess
and when I am intoxicated I make dangerous decisions
such as
a. blah blah
b. blah blah
c. blah blah
d. driving drunk
Getting rid of the car will make choice "d" more difficult to implement (but not impossible, you could borrow someone else's car before going out).
And you lose the benefits of owning your own transportation.
Without addressing any of the other secondary issues (a, b and c).
And without addressing the primary issue (drinking too much alcohol for your metabolism).
With all the available options, why is there even a discussion of "critical" systems being on the publicly available Internet?
They want a service that THEY do not have to pay for (or pay only a fraction of its cost). That way, their projects can get the "security" check box checked without paying the real cost.
IPv6 has a section for private use.
FD00::/8
So the home router manufacturers could have the exact same configs as today (with IPv4) with IPv6. With all the same benefits and problems that we have today. And that people are familiar with. And familiarity is the important thing here.
Beyond that, it's just a matter of phrasing. The techs designing the home routers/firewalls know what the technology can do. The issue is phrasing that in a way that the home user can make an informed choice on what options they want to enable for which of their machines (connecting to which machines on the Internet).
Yeah, yeah. So it was parody week. It still counts!
http://xkcd.com/144/
1. Find who your Senators / Representatives are.
2. Buy some decent letter writing materials. A physical letter carries a LOT more impact than an email.
3. Write the letters without profanity or insults. Include your contact information.
4. Send the letters to your Senators / Representatives.
5. Get your friends to write similar letters. The more letters they get, the more they will focus on this issue.
6. If an important vote is coming up, place a follow-up call to remind them how important this issue is.
The people most INVOLVED with the political process are the people who shape the political process. Corporations can pay people to devote time to influencing such decisions.