No, but the government has the responsibility to reach out to organizations that do know what they're doing, or are at least more likely to be impartial. If the government were to compel Exxon or Shell to work together and to provide some oversight, we wouldn't be at the mercy of BP. I don't trust BP, particularly because they keep insisting on flow rates that are dramatically lower than what's actually happening. They don't seem interested in allowing 3rd parties in to study the problem, either.
The top kill is what happens when the oil gets to the surface. These desperate (and failing) attempts to contain the spill should have inspired the government to take control of the situation earlier. It's clear that BP doesn't know what the hell they're doing.
I hope everyone who chanted "drill baby drill!" during the last election cycle is willing to go down to the gulf coast and help with the cleanup. What a mess!
This makes me wonder how many politicians who favor strong copyright enforcement and huge windfalls for the RIAA download music illegally? Or about how many have children that do. Would G.W. Bush have favored the industry in the same way if his daughters had been sued for copyright infringement? I'm not sure, but I find it difficult to believe that legislators don't download songs illegally and believe themselves to be immune.
Military spending has been increasing at an unsustainable rate for at least the last 30 years. If it continues to increase at this rate it will surely bankrupt us. Our heavy investment in the military (over other important things such as education) also suggests that our priorities are badly skewed and need to be realigned.
But from what I've seen there's no good answer. Management in small businesses (and in business in general) is usually not concerned with someone's computer security skills or credentials, unless they're hiring someone for an IT position. Even then, it's not uncommon for someone without basic skills to make the cut.
As an IT manager (or, the only IT manager) at a smallish (25 seat) company, I've been confounded by the fact that management doesn't seem to care about basic IT literacy. They're much more concerned with how qualified someone is to be an accountant, an admin or a lawyer (and I'm not picking on any of these professions -- just using a few examples).
Unfortunately most people who possess these skills (valuable non-IT-related skills) don't know much about computers -- and the older, more experienced (and thus more valuable) employees tend to know even less.
I once tried to get a basic IT related questionnaire added to our interview process for all employees. Management wasn't interested because they feared that it might disqualify an otherwise valuable employee. I've long since come to terms with the fact that at most companies, IT skills are only important for IT-related positions. Sure, they may make an applicant slightly more attractive, but it really has no influence over the hiring process.
But since you ask the question -- if it were a perfect world (at least, according to my definition), we wouldn't hire anyone for a desk job that couldn't type at least 40 wpm. We wouldn't hire anyone who couldn't explain the differences between a good and bad password. We wouldn't hire anyone anyone who thought thinks it's safe to give their password out to a stranger or to click on a link that they didn't trust.
But that's not the world we live in. Unfortunately, if my company were to stick to those guidelines we would have to downsize dramatically. We'd definitely stop growing.
The truth is that people who aren't involved in IT related work generally don't care about IT. And while I find it frustrating, I can't blame them. For most people, particularly older people, IT just doesn't make sense. Unless and until it does, good luck!
There will almost certainly be no class action lawsuit. The average consumer doesn't know about these kinds of exploits, and most certainly does not care. That also means that there will be no significant PR hit. If this were self correcting behavior we wouldn't be seeing stories at least once a month about a high-profile company shipping infected hardware to customers. The reason this kind of thing keeps happening is that the consequences you mention are incredibly minimal, if there are consequences at all.
Government intervention usually isn't needed in areas that the general public understands well. It is precisely because the public does not understand security risks that the government should be involved.
I'm personally getting fed up with companies that allow this to happen. If companies that distribute devices that come pre-loaded with malware were fined heavily for each instance, they'd likely hire a few good devs and QA people to ensure that this sort of thing doesn't happen again.
There's absolutely no excuse for this. If you contract out development or manufacturing and that leads to this kind of security risk, there's still no excuse. Unfortunately as of right now there are few if any consequences associated with this type of negligence -- which means that companies aren't going to do much to improve their security practices.
ISPs could simply be looking for ways to find heavy bittorrent users, provide proof of the fact that they're using a lot of bandwidth to download copyrighted content, and to throttle them down or to block this traffic entirely.
ISPs have a strong incentive to reduce heavy bittorrent traffic on their networks so they don't have to upgrade as often. If they can delay these upgrades under the guise of supporting intellectual property rights, it's a win win for them. I'm not saying I support this kind of thing, but it makes business sense.
Energizer obviously isn't the first company to be hit with this sort of embarrassment, and it's surprising to me how resistant some of these companies are to learning and adopting good QA and security practices.
If corporations feel that they must outsource production of devices like these, they damn well better be prepared to do thorough in-house testing before they release malware to the public. I'll give them the benefit of the doubt that they were probably unaware of this trojan, but that makes them no less negligent.
This is very interesting. So technology expenses as a percentage dropped by a total of 12% between 2008 and 2009? That's a big drop -- anyone have any idea what would account for this?
I recently started using the Michel Thomas method to learn french and can attest that it's an incredibly efficient way to learn the language -- as long as I spend a couple hours a day practicing or listening to french radio (BBC Afrique is great for this). Early on dedication is really important -- skip a few days and you lose a lot.
In a word, no. I'd rather have a court determine who is or is not able to access the internet than an ISP or a copyright holder, but forced disconnection from the internet shouldn't be an option at all. If record companies or other copyright owners want to punish someone for illegally sharing content, there are civil remedies for that. They can sue for damages (and I mean actual damages, not ridiculously inflated damages).
This is not a great success. Instead, it appears to be the beginning of a failed policy. Let's hope that internet access is eventually considered to be a fundamental human right, because with our growing dependence on technology, it should be.
Greylisting just doesn't work in a business environment. When an e-mail is rejected with a "please try again later" response, it makes the recipient's company look bad at an organizational level. What's worse, senders may ignore these "try again" messages, or never see them at all. Greylisting doesn't work well in high volume business environments.
(Why do banks send emails at all? They should/only/ ever send emails to people that have opted in with a public key so they can be securely signed. Yes, that cuts out a lot of people, but seriously, the people that it cuts out will be better off for it.)
Damn fu*king straight! Why make it easy for people to opt into an insecure mode of communication when they don't understand the risks? It's bad business.
Might as well tell customers "tune in to FM 104.5 every day at 1 PM to hear your bank balance -- it's conveinent!"
The right to a speedy trial is a pipe dream in most states in the US. If a defendant files any motions whatsoever, all time spent up to and during the argument of those motions is not counted against the prosecution. If the prosecution asks to reschedule a hearing they are often given the benefit of the doubt, sometimes 2, 3, even 4 times. Cases that are won on speedy trial grounds, particularly cases involving felonies, are incredibly rare in the US. Speedy trial is technically a constitutional right, but in practice, it's next to worthless to a defendant.
There's also a constitutional right protecting us from excessive bail, but it doesn't look like the judge cares about that either, and even if bail was appealed, it would be held up on appeal.
This time it will be a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD.
Slack is great but overweight. I'd rather have a more minimal distribution, preferably something that fits on a a single CD. That said, it lives up to expectations -- everything plus the kitchen sink.
If you're really that paranoid why not store all of your super secret data on an encrypted volume and only mount it when you're using it. . .
Of course, if your network admin really wanted to he could probably sniff your password off the network or install a keystroke logger, but 99.99% of network admins out there wouldn't even attempt to do that. Not only is it unethical, but you probably don't have any data they really want anyway. It would probably just be a huge waste of time.
Slashdot Mirror
I'm not quite sure you get what I'm talking about. At a shell prompt, I'd rather be looking at "#" than "$".
But maybe you already knew that?
No, but the government has the responsibility to reach out to organizations that do know what they're doing, or are at least more likely to be impartial. If the government were to compel Exxon or Shell to work together and to provide some oversight, we wouldn't be at the mercy of BP. I don't trust BP, particularly because they keep insisting on flow rates that are dramatically lower than what's actually happening. They don't seem interested in allowing 3rd parties in to study the problem, either.
The top kill is what happens when the oil gets to the surface. These desperate (and failing) attempts to contain the spill should have inspired the government to take control of the situation earlier. It's clear that BP doesn't know what the hell they're doing.
I hope everyone who chanted "drill baby drill!" during the last election cycle is willing to go down to the gulf coast and help with the cleanup. What a mess!
How did this make the front page of slashdot? What a waste of space.
This makes me wonder how many politicians who favor strong copyright enforcement and huge windfalls for the RIAA download music illegally? Or about how many have children that do. Would G.W. Bush have favored the industry in the same way if his daughters had been sued for copyright infringement? I'm not sure, but I find it difficult to believe that legislators don't download songs illegally and believe themselves to be immune.
Military spending has been increasing at an unsustainable rate for at least the last 30 years. If it continues to increase at this rate it will surely bankrupt us. Our heavy investment in the military (over other important things such as education) also suggests that our priorities are badly skewed and need to be realigned.
You have a dedicated card for exotic video?
But from what I've seen there's no good answer. Management in small businesses (and in business in general) is usually not concerned with someone's computer security skills or credentials, unless they're hiring someone for an IT position. Even then, it's not uncommon for someone without basic skills to make the cut.
As an IT manager (or, the only IT manager) at a smallish (25 seat) company, I've been confounded by the fact that management doesn't seem to care about basic IT literacy. They're much more concerned with how qualified someone is to be an accountant, an admin or a lawyer (and I'm not picking on any of these professions -- just using a few examples).
Unfortunately most people who possess these skills (valuable non-IT-related skills) don't know much about computers -- and the older, more experienced (and thus more valuable) employees tend to know even less.
I once tried to get a basic IT related questionnaire added to our interview process for all employees. Management wasn't interested because they feared that it might disqualify an otherwise valuable employee. I've long since come to terms with the fact that at most companies, IT skills are only important for IT-related positions. Sure, they may make an applicant slightly more attractive, but it really has no influence over the hiring process.
But since you ask the question -- if it were a perfect world (at least, according to my definition), we wouldn't hire anyone for a desk job that couldn't type at least 40 wpm. We wouldn't hire anyone who couldn't explain the differences between a good and bad password. We wouldn't hire anyone anyone who thought thinks it's safe to give their password out to a stranger or to click on a link that they didn't trust.
But that's not the world we live in. Unfortunately, if my company were to stick to those guidelines we would have to downsize dramatically. We'd definitely stop growing.
The truth is that people who aren't involved in IT related work generally don't care about IT. And while I find it frustrating, I can't blame them. For most people, particularly older people, IT just doesn't make sense. Unless and until it does, good luck!
Protip: Using words or phrases like "protip" or "pro tip" makes you sound like a douche.
Why the hell is this scored "0"? Somebody, please, +1 informative?
How do they know it's not 2,000 or 10,000. Hell, earlier this week it was an "isolated incident."
There will almost certainly be no class action lawsuit. The average consumer doesn't know about these kinds of exploits, and most certainly does not care. That also means that there will be no significant PR hit. If this were self correcting behavior we wouldn't be seeing stories at least once a month about a high-profile company shipping infected hardware to customers. The reason this kind of thing keeps happening is that the consequences you mention are incredibly minimal, if there are consequences at all.
Government intervention usually isn't needed in areas that the general public understands well. It is precisely because the public does not understand security risks that the government should be involved.
I'm personally getting fed up with companies that allow this to happen. If companies that distribute devices that come pre-loaded with malware were fined heavily for each instance, they'd likely hire a few good devs and QA people to ensure that this sort of thing doesn't happen again.
There's absolutely no excuse for this. If you contract out development or manufacturing and that leads to this kind of security risk, there's still no excuse. Unfortunately as of right now there are few if any consequences associated with this type of negligence -- which means that companies aren't going to do much to improve their security practices.
ISPs could simply be looking for ways to find heavy bittorrent users, provide proof of the fact that they're using a lot of bandwidth to download copyrighted content, and to throttle them down or to block this traffic entirely.
ISPs have a strong incentive to reduce heavy bittorrent traffic on their networks so they don't have to upgrade as often. If they can delay these upgrades under the guise of supporting intellectual property rights, it's a win win for them. I'm not saying I support this kind of thing, but it makes business sense.
Energizer obviously isn't the first company to be hit with this sort of embarrassment, and it's surprising to me how resistant some of these companies are to learning and adopting good QA and security practices.
If corporations feel that they must outsource production of devices like these, they damn well better be prepared to do thorough in-house testing before they release malware to the public. I'll give them the benefit of the doubt that they were probably unaware of this trojan, but that makes them no less negligent.
Mod parent up!
This is very interesting. So technology expenses as a percentage dropped by a total of 12% between 2008 and 2009? That's a big drop -- anyone have any idea what would account for this?
Guerrilla News Network
I recently started using the Michel Thomas method to learn french and can attest that it's an incredibly efficient way to learn the language -- as long as I spend a couple hours a day practicing or listening to french radio (BBC Afrique is great for this). Early on dedication is really important -- skip a few days and you lose a lot.
In a word, no. I'd rather have a court determine who is or is not able to access the internet than an ISP or a copyright holder, but forced disconnection from the internet shouldn't be an option at all. If record companies or other copyright owners want to punish someone for illegally sharing content, there are civil remedies for that. They can sue for damages (and I mean actual damages, not ridiculously inflated damages).
This is not a great success. Instead, it appears to be the beginning of a failed policy. Let's hope that internet access is eventually considered to be a fundamental human right, because with our growing dependence on technology, it should be.
Ummm, unfortunately . . . no.
Greylisting just doesn't work in a business environment. When an e-mail is rejected with a "please try again later" response, it makes the recipient's company look bad at an organizational level. What's worse, senders may ignore these "try again" messages, or never see them at all. Greylisting doesn't work well in high volume business environments.
(Why do banks send emails at all? They should /only/ ever send emails to people that have opted in with a public key so they can be securely signed. Yes, that cuts out a lot of people, but seriously, the people that it cuts out will be better off for it.)
Damn fu*king straight! Why make it easy for people to opt into an insecure mode of communication when they don't understand the risks? It's bad business. Might as well tell customers "tune in to FM 104.5 every day at 1 PM to hear your bank balance -- it's conveinent!"
The right to a speedy trial is a pipe dream in most states in the US. If a defendant files any motions whatsoever, all time spent up to and during the argument of those motions is not counted against the prosecution. If the prosecution asks to reschedule a hearing they are often given the benefit of the doubt, sometimes 2, 3, even 4 times. Cases that are won on speedy trial grounds, particularly cases involving felonies, are incredibly rare in the US. Speedy trial is technically a constitutional right, but in practice, it's next to worthless to a defendant.
There's also a constitutional right protecting us from excessive bail, but it doesn't look like the judge cares about that either, and even if bail was appealed, it would be held up on appeal.
This time it will be a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD.
Slack is great but overweight. I'd rather have a more minimal distribution, preferably something that fits on a a single CD. That said, it lives up to expectations -- everything plus the kitchen sink.
The pirate bay will soon be very legal. . . and very dead.
If you're really that paranoid why not store all of your super secret data on an encrypted volume and only mount it when you're using it. . .
Of course, if your network admin really wanted to he could probably sniff your password off the network or install a keystroke logger, but 99.99% of network admins out there wouldn't even attempt to do that. Not only is it unethical, but you probably don't have any data they really want anyway. It would probably just be a huge waste of time.