I'm straight out SAYING that when you legitimize corruption then ALL interactions with the government or other businesses in that country exhibit the characteristics that arialCo identified.
But a middle class of 50% of the population controling 40% of the wealth is a force to be reckoned with.
And totally irrelevant because, as mentioned before, the countries with the most corruption have the lowest standards of living.
There won't be a middle class there because the corruption prevents it from forming. It prevents the middle class from forming by transferring the money from projects that would facilitate the middle class forming into the pockets of those who already have the money and power.
Let's abstract it into a continuum with 0 in the middle.
Now, beating the crew is -5. Knowing how the sails work is +5.
So having both characteristics put you at 0. Essentially the same as someone who doesn't know anything, but doesn't abuse the crew.
Beating the crew and not knowing the sails gives you a -5. You can move up to 0 without any increase in knowledge just by removing that negative factor.
But that is just for that instance at that time. It does nothing to address the capabilities of that team when compared to another team with a fully competent captain.
Not to mention that the research was based at Google. They have a history of hiring smart people who are exceptionally qualified in the technology.
Or did they include things like the HR / Accounting / Sales managers and such?
Doing so will skew the results.
It takes a different skill set to manage a group of coders than it does to manage a group of accountants. Despite what is taught in the MBA classes.
But the same NEGATIVE characteristics have the same negative effect no matter what group you're managing.
I think this research is more about identifying the negative aspects. If you remove/reduce the negative aspects, then people will tend to lose the negative opinions.
Which, unfortunately, is rare enough in business that it will be seen as unusual.
I thought the same - doesn't McAfee's software suck?
Speaking as an admin who is stuck supporting McAfee's ePO for a few thousand workstations... yes, yes it does.
Unfortunately, all of the other vendors also suck.
And STILL McAfee doesn't have a bootable CD with their product on it.
And their "enterprise" distribution methodology sucks bandwidth (why send the ENTIRE 100MB+ file to each distribution point instead of just a diff file).
The key factor (imo) is whether are self-motivated enough to learn the college level material on your own.
I'd still recommend a degree. But only because it makes some of the future steps easier. But get the cheapest, fastest degree you can find. Any degree. You can improve it later.
20 years down the road, you have 19 years of experience in "IT" (13 years writing code professionally) and the people who went to college have 16 years experience in "IT" (16 years writing code professionally).
The difference will not be with the groups. It will be with the individuals who push themselves to learn more and to do more.
In cases I have been exposed to, it's not the admins that are dropping the ball, it is the people making the decisions about things they do not appreciate or understand.
Most of the cases I've seen, of that type, have been ego issues.
They are management and YOU do NOT tell THEM what to do.
It is YOUR job to protect the network given the constraints of their requirements. If you cannot do that, well, there's another guy looking for your job who says he can.
Basic security is easy. Very easy. It's just not convenient.
The problem is that people are lazy. Even if it is easy, they want it convenient for them.
And when it becomes convenient for them, it becomes convenient for the crackers.
The more convenient for your users, the more convenient for the crackers. It's linear. If your users can access your systems from anywhere in the world, so can the crackers.
Just waiting to see what kind of fines BP will have to pay to help clean up that mess.
And if you're going to say that they'll just pass the fines on to their customers... who cares? If their prices are higher than their competition then I'll shop at their competition.
Fascism begins when the efficiency of the Government becomes more important than the Rights of the People.
And it is always sold the same way.
They want to "protect" you from the "enemy". So you need to do your part and give up some rights (just for a little while) to make it easier to find the "enemy" hiding among you.
If you aren't supporting their team... that means you're a. supporting the "enemy's" team b. delusional / stupid c. secretly hate us and really are hoping the "enemy" wins
Almost every state is getting rid of teachers en mass and making teaching a less desirable field to get into. Where are these cyber soldiers coming from?
Considering that it's going to be a series of high school classes... it doesn't matter because this is nothing more than a photo op. Politicians showing that they're "doing something" about "the threat".
The problem is NOT that we don't have people who understand security.
The problem is that those people's BOSSES do not care about security until AFTER someone cracks their systems.
Protection requires 10% of ISP's to adopt a routing policy change. Let me know when that's done, ok?
It would be done within 24 hours of such an attack actually succeeding. More likely within an hour.
That's the core problem with all of these "disaster" scenarios.
They depend 100% on all-of-the-interested-parties doing nothing at all to resolve or mitigate the problem(s) during / after an attack.
There are lots of idiots out there who would not be able to fix their systems. But there are also a lot of smart people who know how to fix the problem but just haven't gotten management to buy off on it yet. That will change when there is a real problem.
First off, this "war" has yet to result in a single death of an otherwise healthy adult at home. So calling it a "war" is incorrect.
Secondly, from TFA:
Lynn claimed that spy agencies have gained accessed to weapons system designs and other military plans, source codes and intellectual property from businesses and universities.
Exactly as spies have done for the last 2,000+ years.
Schneierâ(TM)s fear is that we are on the verge of an IT arms race. âoeWe havenâ(TM)t seen offensive cyber weapons companies, but they are coming,â he said. âoeBig defence contractors are working on this â" you know they would be dumb not to.â
I'm going to disagree with Bruce on this one. At least until he further defines "offensive cyber weapons". Again, not a single, healthy adult has been killed at home because of any "cyber attack" by someone using a "cyber weapon".
The real problem is that so few organizations pay attention to basic security practices. Just look at HBGary.
The effort is part of a âoecomprehensive cyber strategy called Cyber 3.0,â he said.
Hey, it's even cooler than Web 2.0 'cause, you know, it's like 3.0.
Anyone got the spec's for "Cyber 2.7"?
The military is reaching out to commercial companies for the latest technologies and technical experts to safeguard the Pentagonâ(TM)s computer networks from attacks and espionage, Lynn said.
Here's an idea. You can have it for free.
How about you have a department of nothing but hackers who try to crack your systems. As they get through, they report what they did and you fix it? No 3.0 needed.
Lynn told the conference that he had met with Intel Corp. and Google Inc., and planned to meet with Microsoft Corp. âoeThey all think there is technology that can be deployed, both hardware and softwareâ that can adapt technologies to better defend against attacks.
Of course there is. The problem is whether that technology is just a band-aid for core problems in the systems.
You need to identify what can be done with the technology you have today.
That will tell you the flaws in that technology.
Which will tell you what you need to band-aid tomorrow UNTIL you can get the core problems FIXED.
What makes you think malware wouldn't be crafted to evade this just as malware is currently crafted to evade AV software?
More to the point, there isn't a single AV product available today that catches 100% of the mal-ware currently out there.
AV is a reactive process. First comes the mal-ware. Then comes the infections. Then comes the signature file. Then comes the download of the signature file. Then comes the protection.
Saying that an AV scan found nothing on your computer is really pretty meaningless.
Remember the Sony root kit fiasco? There was ONE anti-virus product that detected it.
The problem is that this isn't about "proving" that you're clean.
This is about proving that you have, in the past, purchased condoms (anti-virus).
And that you are currently wearing a condom (anti-virus is running).
NOT that you don't have a disease. Or that you have any symptoms. Or that anyone you've had sex with had a disease.
The BANKS are the ones that should be dealing with whether they can sanitize anything they receive from you (and anyone else) AND verify that it really is you initiating the transaction.
Sex is NOTHING like an on-line purchase. Try it and see.
Long before you become "grizzled", you learn time. You learn calendars. You think in UTC. All the jobs happen on UTC. With the correct leap years plotted out for the next thousand years.
That's because you ran into that problem during your development and you learned it and kept your code.
Slashdot Mirror
McAfee markets products to scan websites. At least use them on your own site!
If the scans didn't turn up the vulnerabilities ... well it looks like you have a problem with your products.
Analogies are useful for explaining complex concepts to people using concepts that they're already familiar with.
What's complex about Google's business?
YOU are the product. Google sells YOUR eyeballs to advertisers.
Google attracts YOUR eyeballs by offering YOU "free" services. "Free" in that you do not pay for them.
Just look at /. !!! You can use it for free. The owners sell ads. You can also pay for the service.
Fuck castles and moats and all the other analogies. The analogies are more complex than the concept they're supposed to be explaining.
First off, I'm not inferring anything.
I'm straight out SAYING that when you legitimize corruption then ALL interactions with the government or other businesses in that country exhibit the characteristics that arialCo identified.
And totally irrelevant because, as mentioned before, the countries with the most corruption have the lowest standards of living.
There won't be a middle class there because the corruption prevents it from forming. It prevents the middle class from forming by transferring the money from projects that would facilitate the middle class forming into the pockets of those who already have the money and power.
Once corruption is legitimized, those conditions become the norm.
Look at all the countries with the lowest standard of living. You'll see that their governments are based upon bribes and favors.
The money is transfered from public works to private individuals and the entire country suffers.
I wasn't in the Navy. I was in the Army. Same basis, different implementation.
The problem in the corporate world is primarily semantic.
Everyone wants to be called a "leader". Even when the situation requires a competent clerk.
1. Leaders will lead you into new fields.
2. Managers will make manage the people, equipment and time to achieve the goals of the leader (or the manager above them).
3. Clerks process the paperwork needed to acquire the people and equipment requested by the managers.
4. And then you have the individuals (aka "the talent").
A task that requires a competent clerk will be a complete mess when handled by a competent leader with a deficiency in clerk skills.
On the other hand, an extremely capable clerk can perform almost as well as a competent manager.
Too often, corporations claim "leardership" by trying to "manage" through emphasizing paperwork (clerk skills) and records.
Let's abstract it into a continuum with 0 in the middle.
Now, beating the crew is -5.
Knowing how the sails work is +5.
So having both characteristics put you at 0. Essentially the same as someone who doesn't know anything, but doesn't abuse the crew.
Beating the crew and not knowing the sails gives you a -5. You can move up to 0 without any increase in knowledge just by removing that negative factor.
But that is just for that instance at that time.
It does nothing to address the capabilities of that team when compared to another team with a fully competent captain.
Not to mention that the research was based at Google. They have a history of hiring smart people who are exceptionally qualified in the technology.
Or did they include things like the HR / Accounting / Sales managers and such?
Doing so will skew the results.
It takes a different skill set to manage a group of coders than it does to manage a group of accountants. Despite what is taught in the MBA classes.
But the same NEGATIVE characteristics have the same negative effect no matter what group you're managing.
I think this research is more about identifying the negative aspects. If you remove/reduce the negative aspects, then people will tend to lose the negative opinions.
Which, unfortunately, is rare enough in business that it will be seen as unusual.
Since there are only around 300 million people in the USofA ... and none of them can drive more than 1 car at a time ...
All we'd need to do to completely eliminate the carbon footprint of our cars is to ...
Replace 300 bulbs.
Or 100 people replace 3 bulbs each.
I think your time scales are out of sync.
AppRemover may help you. It can remove a LOT of the anti-virus disasters out there. Even if you don't have the "admin" password for Symantec.
You can find it via Google.
Speaking as an admin who is stuck supporting McAfee's ePO for a few thousand workstations ... yes, yes it does.
Unfortunately, all of the other vendors also suck.
And STILL McAfee doesn't have a bootable CD with their product on it.
And their "enterprise" distribution methodology sucks bandwidth (why send the ENTIRE 100MB+ file to each distribution point instead of just a diff file).
The key factor (imo) is whether are self-motivated enough to learn the college level material on your own.
I'd still recommend a degree. But only because it makes some of the future steps easier. But get the cheapest, fastest degree you can find. Any degree. You can improve it later.
20 years down the road, you have 19 years of experience in "IT" (13 years writing code professionally) and the people who went to college have 16 years experience in "IT" (16 years writing code professionally).
The difference will not be with the groups. It will be with the individuals who push themselves to learn more and to do more.
Most of the cases I've seen, of that type, have been ego issues.
They are management and YOU do NOT tell THEM what to do.
It is YOUR job to protect the network given the constraints of their requirements. If you cannot do that, well, there's another guy looking for your job who says he can.
Basic security is easy. Very easy. It's just not convenient.
The problem is that people are lazy. Even if it is easy, they want it convenient for them.
And when it becomes convenient for them, it becomes convenient for the crackers.
The more convenient for your users, the more convenient for the crackers. It's linear. If your users can access your systems from anywhere in the world, so can the crackers.
As seen with the HBGary crack.
Just waiting to see what kind of fines BP will have to pay to help clean up that mess.
And if you're going to say that they'll just pass the fines on to their customers ... who cares? If their prices are higher than their competition then I'll shop at their competition.
DRM is ONLY a factor for your LEGITIMATE customers.
And, eventually, that DRM will be out-dated and your LEGITIMATE customers will no longer have access to material that they LEGITIMATELY paid for.
I have CD's that I purchased 20+ years ago that still work.
How many of you can play content from a DRM limited product from 10 years ago?
Fascism begins when the efficiency of the Government becomes more important than the Rights of the People.
And it is always sold the same way.
They want to "protect" you from the "enemy".
So you need to do your part and give up some rights (just for a little while) to make it easier to find the "enemy" hiding among you.
If you aren't supporting their team ... that means you're
a. supporting the "enemy's" team
b. delusional / stupid
c. secretly hate us and really are hoping the "enemy" wins
Considering that it's going to be a series of high school classes ... it doesn't matter because this is nothing more than a photo op. Politicians showing that they're "doing something" about "the threat".
The problem is NOT that we don't have people who understand security.
The problem is that those people's BOSSES do not care about security until AFTER someone cracks their systems.
It would be done within 24 hours of such an attack actually succeeding. More likely within an hour.
That's the core problem with all of these "disaster" scenarios.
They depend 100% on all-of-the-interested-parties doing nothing at all to resolve or mitigate the problem(s) during / after an attack.
There are lots of idiots out there who would not be able to fix their systems. But there are also a lot of smart people who know how to fix the problem but just haven't gotten management to buy off on it yet. That will change when there is a real problem.
First off, this "war" has yet to result in a single death of an otherwise healthy adult at home. So calling it a "war" is incorrect.
Secondly, from TFA:
Exactly as spies have done for the last 2,000+ years.
I'm going to disagree with Bruce on this one. At least until he further defines "offensive cyber weapons". Again, not a single, healthy adult has been killed at home because of any "cyber attack" by someone using a "cyber weapon".
The real problem is that so few organizations pay attention to basic security practices. Just look at HBGary.
From TFA:
Hey, it's even cooler than Web 2.0 'cause, you know, it's like 3.0.
Anyone got the spec's for "Cyber 2.7"?
Here's an idea. You can have it for free.
How about you have a department of nothing but hackers who try to crack your systems. As they get through, they report what they did and you fix it? No 3.0 needed.
Of course there is. The problem is whether that technology is just a band-aid for core problems in the systems.
You need to identify what can be done with the technology you have today.
That will tell you the flaws in that technology.
Which will tell you what you need to band-aid tomorrow UNTIL you can get the core problems FIXED.
More to the point, there isn't a single AV product available today that catches 100% of the mal-ware currently out there.
AV is a reactive process.
First comes the mal-ware.
Then comes the infections.
Then comes the signature file.
Then comes the download of the signature file.
Then comes the protection.
Saying that an AV scan found nothing on your computer is really pretty meaningless.
Remember the Sony root kit fiasco? There was ONE anti-virus product that detected it.
ONE!
And it wasn't McAfee or Norton.
You cannot store an OS "improperly". It doesn't catch germs just by normal decay.
Microsoft's decisions have placed "user friendly" above "security" for years.
That is a problem.
The problem is that this isn't about "proving" that you're clean.
This is about proving that you have, in the past, purchased condoms (anti-virus).
And that you are currently wearing a condom (anti-virus is running).
NOT that you don't have a disease.
Or that you have any symptoms.
Or that anyone you've had sex with had a disease.
The BANKS are the ones that should be dealing with whether they can sanitize anything they receive from you (and anyone else) AND verify that it really is you initiating the transaction.
Sex is NOTHING like an on-line purchase. Try it and see.
Long before you become "grizzled", you learn time. You learn calendars. You think in UTC. All the jobs happen on UTC. With the correct leap years plotted out for the next thousand years.
That's because you ran into that problem during your development and you learned it and kept your code.
Maybe I read it wrong, but wasn't the GP's post about having unsecured guests onto the internal, secured wifi?
Having unsecured guests on an unsecured, external wifi network is easy.
Allowing someone in parking log to access your internal network from his unsecured machine ... that's a problem.
Just ask Target about it.