Many IP cameras already have a micro SD card slot and can record video to the SD card in addition to streaming it offsite. A quick search on Amazon found one that is IP67 rated and has temperature ratings from -40c to +60c for $86, Dahua IPC-HDBW4431R-ZS. Iâ(TM)ve used Dahua cameras before and their optics and image sensors are great but their network security is lousy. Keep them on an isolated VLAN and donâ(TM)t let them connect outbound to the Internet.
Having been on both sides, I can tell you why companies ask these questions -- they're looking for basic technical knowledge and competence. All too many times we've seen candidates who can talk a good fight and who can (given lots of time and access to Stack Overflow) write a program that succeeds using copy-paste. However, these are not the people we want to hire. Once we're past the basic knowledge and competence we can look at fit, people skills, etc., but I for one have been burned by new hires who bamboozled a non-technical manager.
The extent of the dangers... of ActiveX were not known at the time of this implementation
ActiveX in the browser has always been an absolutely horrendous idea from a security perspective. Everyone I know of who works in the computer security field thought that ActiveX in the browser was a security hole waiting to be exploited from the start. Choosing ActiveX as a basis for electronic payments was a Really Bad Idea. This was obvious even in 1996.
South Korea mandated the use of an ActiveX control for online payments in the 1990s, which has locked companies and banks there into a deprecated and dangerous technology. Only in the last couple of years has the government there started the process of getting rid of the damn POS system.
Someone please tell the Japanese government that what they are doing is a REALLY bad idea.
Folks, all of this is from numbers pulled out of some IDC analyst's rear end. Their estimates are no better than SWAG's. I should know, I've had to use their reports in a past life. Sometimes they're accurate, as companies will report otherwise confidential numbers so long as they can't be backed out of the reports. However, Apple doesn't play those games and in this case it's explicitly some analyst's best guess. Most analysts badly misunderstand Apple, and when you misunderstand the biggest player in the market your analysis is almost certain to be wrong.
Also, Garmin's growth was from a very low base. It's easy to grow by 300+% if you start from almost zero.
"It seems when you are sick and laying in a hospital bed and have trouble sleeping, the single LED shining in your eyes is an issue,"
A LED shining in your eyes is the LEAST of your worries when trying to get to sleep in a hospital.
Actually, it IS a big deal. Sleep is important to a patient's recovery, and a lack of good sleep can slow healing.
Patients in a hospital are constantly being disturbed at night due to vital signs checks, administration of medication, pain medication wearing off, etc. Sometimes the disturbance is not even for the patient but for the other patient in the same semi-private room. Falling asleep is difficult enough; getting back to sleep can be worse. Lots of strongly glowing and flashing LEDs and other indicators can make it darn near impossible, especially if the patient is already in pain and having to lie in an uncomfortable position.
Imagine you were trying to sleep in the middle of Times Square at night, with all of the lights and noise. That's what it's like. As IT professionals we can at least cut down on the lights and beeps, even if we can't do anything about the other disturbances.
That pretty much says it right there. The numbers in this survey can be given about zero credence. There is no sign of vetting of the responders (are they even really MD's?), no pretense at a representative sample, and no sign that there was any attempt at all to prevent ballot stuffing.
There were also no questions concerning Donald Trump's health, which makes me think that this group is partisan and has an axe to grind.
Editors, can we please not publish click-bait non-news like this? I'd like to downvote the whole damn story.
It doesn't matter if they're legal or not! We need to build a Dyson sphere to keep them out of our solar system, and the aliens are going to pay for the construction cost!
I am an economist. Economists have already extensively studied this kind of approach. It's called an Input/Output Model. Communist countries used it in their approach to central planning during the 1970's. It failed miserably for two reasons:
1) It assumes zero substitutability between inputs. E.g., to make a car you need exactly 1.35 tons of steel, 52.7 kg of rubber, 217 kg of glass, 1.73 KW of electricity, 29.4 hours of labor, etc. No other formula is possible, you can't use more energy and less labor, for instance. For reference, the production function is known as a Leontief production function. To be fair, adding any kind of substitutability between inputs results in a completely intractable problem. However, without substitutability this is a lousy way to actually model an economy.
2) It assumes perfect information on the part of the central planner. While this is an oft-used simplification in economic models, it's a lousy reflection of reality. It's simply impossible for a central planner to gather and correlate sufficient information to make it work.
Yet another piece-of-crap opinion article written by someone who couldn't be bothered to do an hour's research on Wikipedia.
TFA is almost completely content-free. 4000 characters of wasted space. It looks like some financial writer was looking for clicks and is spouting the "Apple is doomed" meme again.
This is a second-order attack that only affects MDM clients, and then only if they've installed a rogue app AND the MDM is pre-provisioning with sensitive data. It's also already patched. It's easy to check the OS version on iOS devices tied to an MDM so that the IT department knows which ones need updates.
Nice catch on the security side, but not a real humdinger.
The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.
The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.
Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.
The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.
FFS, doesn't anyone do any research before posting stories? 60 seconds of research would turn up the Wikipedia entry on End-to-end audible voting systems. The problem of being able to verify that your vote is recorded as you intended without revealing the actual content of your vote has been solved by several teams. The ones that seem to have the best handle on things are Scantegrity, Pret-a-Voter, and Punchscan (the predecessor of Scantegrity) .
Using Bitcoin (which in fact has anti-anonymity properties) as an engine for voting is like attaching a tractor to a horse carriage. It may get you where you want to go, but it's nothing like a proper motor vehicle.
The evidence here is really, really weak. The connection is tenuous enough and the original pool of possible suspects via their methodology is large enough that I sure as heck wouldn't rule out a connection via random chance. Until we get better evidence, this isn't worth very much.
Norse Security says as much in The Fine Article:
Stammberger was careful to note that his company's findings are hardly conclusive, and may just add wrinkles to an already wrinkled picture of what happened at Sony Pictures. He said Norse employees will be briefing the FBI on Monday about their findings.
"They're the investigators," Stammberger said. "We're going to show them our data and where it points us. As far as whether it is proof that would stand up in a court of law? That's not our job to determine, it is theirs," he said of the FBI.
Geez how the press gets this sort of thing so wrong. It's not a tank, it's an Infantry Fighting Vehicle (IFV). It's lightly armored against small arms and small-bore auto-cannon rounds, not against ATGMs, tank main guns, or RPGs.
The weight at 34 tonnes is much less than that of any current front-line tank (according to Wikipedia the Challenger 2 is 62.5 tonnes, almost double the Scout SV). It is a lot heavier than most current IFV's (e.g., the German Marder at 28 tonnes or BMP-3 at 18.7 tonnes), but that may not be such a good thing. It makes strategic mobility more of a problem and ensures that the Scout SV can't swim across rivers by itself.
Some reporter just cut and pasted from the press release. Feh!
WWDC - https://developer.apple.com/ww... The granddaddy of them all, but next to impossible to get into these days. Mostly developer focused. May not be useful if you don't already have a deep knowledge base.
MacAdmins - http://macadmins.psu.edu/ The most education-focused of the conferences. Very knowledgeable presenters.
FWIW, I've been a presenter at MacTech Boot Camps, MacIT, and WWDC.
Slashdot Mirror
Many IP cameras already have a micro SD card slot and can record video to the SD card in addition to streaming it offsite. A quick search on Amazon found one that is IP67 rated and has temperature ratings from -40c to +60c for $86, Dahua IPC-HDBW4431R-ZS. Iâ(TM)ve used Dahua cameras before and their optics and image sensors are great but their network security is lousy. Keep them on an isolated VLAN and donâ(TM)t let them connect outbound to the Internet.
FFS, what on earth is this good for? Just fix the damn vulnerability in the kernel and be done with it.
Um, you know, this sounds an awful lot like OpenBSD...
Coming from someone who uses several flavors of Linux, OpenBSD, and FreeBSD on a regular basis.
Having been on both sides, I can tell you why companies ask these questions -- they're looking for basic technical knowledge and competence. All too many times we've seen candidates who can talk a good fight and who can (given lots of time and access to Stack Overflow) write a program that succeeds using copy-paste. However, these are not the people we want to hire. Once we're past the basic knowledge and competence we can look at fit, people skills, etc., but I for one have been burned by new hires who bamboozled a non-technical manager.
ActiveX in the browser has always been an absolutely horrendous idea from a security perspective. Everyone I know of who works in the computer security field thought that ActiveX in the browser was a security hole waiting to be exploited from the start. Choosing ActiveX as a basis for electronic payments was a Really Bad Idea. This was obvious even in 1996.
South Korea mandated the use of an ActiveX control for online payments in the 1990s, which has locked companies and banks there into a deprecated and dangerous technology. Only in the last couple of years has the government there started the process of getting rid of the damn POS system.
Someone please tell the Japanese government that what they are doing is a REALLY bad idea.
Folks, all of this is from numbers pulled out of some IDC analyst's rear end. Their estimates are no better than SWAG's. I should know, I've had to use their reports in a past life. Sometimes they're accurate, as companies will report otherwise confidential numbers so long as they can't be backed out of the reports. However, Apple doesn't play those games and in this case it's explicitly some analyst's best guess. Most analysts badly misunderstand Apple, and when you misunderstand the biggest player in the market your analysis is almost certain to be wrong.
Also, Garmin's growth was from a very low base. It's easy to grow by 300+% if you start from almost zero.
Actually, it IS a big deal. Sleep is important to a patient's recovery, and a lack of good sleep can slow healing.
Patients in a hospital are constantly being disturbed at night due to vital signs checks, administration of medication, pain medication wearing off, etc. Sometimes the disturbance is not even for the patient but for the other patient in the same semi-private room. Falling asleep is difficult enough; getting back to sleep can be worse. Lots of strongly glowing and flashing LEDs and other indicators can make it darn near impossible, especially if the patient is already in pain and having to lie in an uncomfortable position.
Imagine you were trying to sleep in the middle of Times Square at night, with all of the lights and noise. That's what it's like. As IT professionals we can at least cut down on the lights and beeps, even if we can't do anything about the other disturbances.
"...responding to an informal internet survey"
That pretty much says it right there. The numbers in this survey can be given about zero credence. There is no sign of vetting of the responders (are they even really MD's?), no pretense at a representative sample, and no sign that there was any attempt at all to prevent ballot stuffing.
There were also no questions concerning Donald Trump's health, which makes me think that this group is partisan and has an axe to grind.
Editors, can we please not publish click-bait non-news like this? I'd like to downvote the whole damn story.
It doesn't matter if they're legal or not! We need to build a Dyson sphere to keep them out of our solar system, and the aliens are going to pay for the construction cost!
1) Hostnames leak all the time. A client will make a DNS request and the name becomes known even if it is not resolvable on the public Internet.
2) If you really care that much, run an internal CA. Lots of ways to do it, most server OS's have built-in or easily available internal CA software.
Keeping a hostname out of the certificate log is pretty much pointless security by obscurity.
"The TSA's job is to make airline passengers feel safer and, not XXXXXXXXX actually make us safer..."
There, FTFY.
I am an economist. Economists have already extensively studied this kind of approach. It's called an Input/Output Model. Communist countries used it in their approach to central planning during the 1970's. It failed miserably for two reasons:
1) It assumes zero substitutability between inputs. E.g., to make a car you need exactly 1.35 tons of steel, 52.7 kg of rubber, 217 kg of glass, 1.73 KW of electricity, 29.4 hours of labor, etc. No other formula is possible, you can't use more energy and less labor, for instance. For reference, the production function is known as a Leontief production function. To be fair, adding any kind of substitutability between inputs results in a completely intractable problem. However, without substitutability this is a lousy way to actually model an economy.
2) It assumes perfect information on the part of the central planner. While this is an oft-used simplification in economic models, it's a lousy reflection of reality. It's simply impossible for a central planner to gather and correlate sufficient information to make it work.
Yet another piece-of-crap opinion article written by someone who couldn't be bothered to do an hour's research on Wikipedia.
This has been noted in lots of other articles.
http://fivethirtyeight.com/fea...
https://www.washingtonpost.com...
http://www.bloomberg.com/news/...
http://www.heritage.org/resear...
Fact is that the total number of manufacturing jobs worldwide has been declining for years.
--Paul
TFA is almost completely content-free. 4000 characters of wasted space. It looks like some financial writer was looking for clicks and is spouting the "Apple is doomed" meme again.
Theo de Raadt, is that you?
Linked here to be self-referential:
http://science.slashdot.org/st...
https://www.washingtonpost.com...
Bottom line, some people are stupid enough that they need to be reminded to breathe on a regular basis.
--Paul
This is a second-order attack that only affects MDM clients, and then only if they've installed a rogue app AND the MDM is pre-provisioning with sensitive data. It's also already patched. It's easy to check the OS version on iOS devices tied to an MDM so that the IT department knows which ones need updates.
Nice catch on the security side, but not a real humdinger.
--Paul
The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.
The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.
Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.
The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.
--Paul
You didn't say what platform, but this has been an on-going emphasis for both Apple and Microsoft for a long time.
For OS X and iOS, see
http://www.apple.com/accessibi...
http://www.apple.com/accessibi...
For Windows, see
http://www.microsoft.com/enabl...
Hope this helps.
--Paul
FFS, doesn't anyone do any research before posting stories? 60 seconds of research would turn up the Wikipedia entry on End-to-end audible voting systems. The problem of being able to verify that your vote is recorded as you intended without revealing the actual content of your vote has been solved by several teams. The ones that seem to have the best handle on things are Scantegrity, Pret-a-Voter, and Punchscan (the predecessor of Scantegrity) .
Using Bitcoin (which in fact has anti-anonymity properties) as an engine for voting is like attaching a tractor to a horse carriage. It may get you where you want to go, but it's nothing like a proper motor vehicle.
--Paul
Folks,
The evidence here is really, really weak. The connection is tenuous enough and the original pool of possible suspects via their methodology is large enough that I sure as heck wouldn't rule out a connection via random chance. Until we get better evidence, this isn't worth very much.
Norse Security says as much in The Fine Article:
--Paul
Geez how the press gets this sort of thing so wrong. It's not a tank, it's an Infantry Fighting Vehicle (IFV). It's lightly armored against small arms and small-bore auto-cannon rounds, not against ATGMs, tank main guns, or RPGs.
https://en.wikipedia.org/wiki/...
The weight at 34 tonnes is much less than that of any current front-line tank (according to Wikipedia the Challenger 2 is 62.5 tonnes, almost double the Scout SV). It is a lot heavier than most current IFV's (e.g., the German Marder at 28 tonnes or BMP-3 at 18.7 tonnes), but that may not be such a good thing. It makes strategic mobility more of a problem and ensures that the Scout SV can't swim across rivers by itself.
Some reporter just cut and pasted from the press release. Feh!
--Paul
Folks,
My son took the course last year as a senior in high school via iTunesU.
https://itunes.apple.com/us/co...
It's also available on EdX.
https://www.edx.org/course/har...
Heck, I took it way back thirty-odd years ago. :-)
Also, here's a link to the original article in the Harvard Crimson:
http://www.thecrimson.com/arti...
--Paul
In chronological order looking forward:
MacTech Boot Camps - http://www.mactech.com/bootcam...
Small, local, inexpensive. Check to see if there's one close to you.
MacTech Conference - http://www.mactech.com/confere...
Larger, both sysadmin and developer tracks
MacIT - http://www.macitconf.com/
Larger, multiple tracks and levels of knowledge
WWDC - https://developer.apple.com/ww...
The granddaddy of them all, but next to impossible to get into these days. Mostly developer focused. May not be useful if you don't already have a deep knowledge base.
MacAdmins - http://macadmins.psu.edu/
The most education-focused of the conferences. Very knowledgeable presenters.
FWIW, I've been a presenter at MacTech Boot Camps, MacIT, and WWDC.
--Paul