Apparently Lord Avebury neglected to point out that the reverse is also true. The only way to have evidence either way would be to audit the source code of IE against competing browsers. Since the industry has conspired to make this impossible, the only possible security rating for IE is NULL, as opposed to something quantifiable for open source competitors.
Well considering that almost every security vulnerability ever reported has developers as a root cause, not sure you can really claim they cause less harm. The harm just gets postponed until it is maximally expensive.
Even some large military networks provision developers with secondary accounts that have local admin rights. The machines on which those accounts are valid get walled off into a "community of interest" that is isolated from the production domain. You can't effectively debug on Windows without those rights. However, it's very important to know where those rights are required and not, and developers should do as much as possible without invoking them. The assumption of excessive privileges has always been a big hassle with Windows. Microsoft started trying to kill that off with XPSP2 and Vista, and they are still trying. Speaking of which, they used to have a white paper (NT4 based) about security in a development environment, does anyone still have a copy?
My initial thought was that this was insane -- Linux software should only be distributed as source and compiled on the target. Then I actually read the material and realized we were talking about distribution binary Linux installers. Since those pretty much have to be compiled before loading on the target, a multi-platform binary seems to make perfect sense in this context.
I don't buy the Wikipedia claim that Kaspersky "worked at a multi-discipline scientific research institute", unless you consider KGB's R&D organization to meet that criterion (well OK, it probably does). This appears to be a person dedicated to advancing a political agenda that does not permit dissent.
Oh it's even better: If any piece of the cloud is in one country, that country will try to apply its laws to the entire cloud. If a piece of the cloud isn't in that country, they'll apply their intelligence agencies instead.
Am I the only one that finds the statements "new to programming in C", "asked to extend an open source authentication module", and "testing has been done and it works as designed" to be utterly incompatible?
Come to think of it, "authentication module" should be incompatible with "C" in any context, to say nothing of "new to programming" and "authentication module".
Microsoft has leveraged its monopoly to shove Bing down the throats of anyone too ignorant or powerless to remove it, by making it the new "default" search engine for all things Microsoft, including Internet Explorer. This captures two classes of people: those that don't know any better, and those browsers held captive by corporate configuration lockdowns (in companies that don't bother to override the new default). Since my observations to date indicate that Bing sucks compared to Google (especially when searching Microsoft MSDN and TechNet!) these should be the only class of people using Bing, apart from deliberate experimentation.
Yahoo News : " On one end of the power-brick-shaped device are two USB connections, and on the other end sits a single 10/100 Ethernet port. Attach that side of the device to your network and you can hotswap any number of USB-based storage devices (be they hard drives or flash-based) to the two connectors on the other side." Apparently the product has an unfortunate conflict with an existing web hosting service. Product page here.
... netbook owners awoke this morning to discover that Chrome OS had mysteriously disappeared from their netbooks. These were netbooks that they had bought and paid for, and thought they owned. Apparently the publisher changed its mind about offering an operating system, and Google, whose business lives and dies by advertiser happiness, electronically deleted all instances of Chrome from people's netbooks and credited their accounts for the price ($0). Microsoft immediately raised the price of netbook client licenses...
Science precedes engineering, which is the attempt to apply the science. Attempts to reproduce fake science either won't work at all, will accomplish the reality of the faked discovery (which might or might not be exposed), or find out something completely new as a result of the fakery. So the good science happens in spite of the bad science, because the truth doesn't care if anyone believes it or not. Faking science for any reason other than personal survival is simply foolish, because you'll probably be found out in the end, your career obliterated, and any valid work discredited (which would be particularly harmful because of the required duplication of effort).
Lawyers. The government does not really recognize the concept of FOSS, only "COTS" and "GOTS". If the government didn't write it, then the lawyers insist on having a vendor to sue, even if that vendor can disclaim all liability, and/or limit remedies to "refund of purchase price". The number of government-operated facilities capable of GOTSifying FOSS is relatively limited, and doing so is not part of their mission. Finally, there is no political incentive to do this (quite the reverse, thanks to vendor lobbying).
There would seem to be a high probability that such a network is monitored by one or more IPS' that log and archive all outbound packets. If the time of infection can be established, then it should be possible to estimate the amount of exfiltrated data.
ROT13 is encoding, not encryption. You transform the information, but you don't conceal any of it.
Ziad El Bizri (OP cit.) apparently observes that if you encrypt the keywords individually, then you can submit encrypted keyword queries, and the server can search for them for you. This is great, but why would you want to? The object of a search server is for other people to be able to search the data (otherwise why index it on the server?) With the suggested scheme, only the data owner (or shared key holders) will be able to search the data.
It would seem to be just as easy to construct a trustworthy server and then encipher the query traffic, as has already been observed.
How is carrying around a one-time password device that can be stolen better than carrying around a thumb drive with a public key?
If your "one-time password device" has no PIN, and it is your only authenticator, then it isn't better (you're back to weak single-factor authentication). If it does have a PIN, and/or is combined with a password (both, I hope), then you now have strong two-factor authentication. Unless, of course, you wrote the PIN down and stored it on/with the device.
However, before you worry about this problem, makes sure you've killed all the LM authentication in your enterprise that's happily coughing up hashed passwords and usernames to anything and everything it talks to.
If Limewire 5 is an example of "the open source model of development, shifting decision-making power to the few developers with the deepest architectural understanding of, and closest interaction with, the code", then they can shovel it.
Point being, the concept of IP (perhaps using other words) is hardly of "recent origin". However, we have the right to work through our elected representatives to pass the kind of "IP" legislation that will best "promote the general welfare and secure the blessings of liberty to ourselves and our posterity", not just the posterity of inventors and artists.
Are you going to link your public profile to /.?
on
Linked In Or Out?
·
· Score: 0
Because if you are, your fears are well-founded. OTOH, my public pages on linkedin, facebook, etc. don't say "Thad Zurich" on them, and no, I'm not going to tell you what they do say.
Copying a file is not *necessarily* theft, but it *can* be theft, especially if you are not entitled to the file in the first place. That is not an issue here, since students are entitled to notes.
1. In its effort to ensure that your taxpayer dollars are conserved, the government rarely wastes money on esoteric concepts like "capacity planning".
2. In the effort to avoid Microsoft technology, the State Department apparently used an email system that allowed reply-all to massive distribution lists. Exchange Server allows use of such lists to be restricted.
3. The BCC field should have been the obvious and correct first line of defense. The fact that the BCC is normally suppressed by default is probably a factor. State would not have wasted money training personnel to use the BCC field (see #1, above).
4. Having done #3, the "reply-to" field should have been redirected to a bit bucket. Same as #3 and #1.
5. Threatening employees with adverse action for something you should have trained them to make impossible: priceless.
Slashdot Mirror
Apparently Lord Avebury neglected to point out that the reverse is also true. The only way to have evidence either way would be to audit the source code of IE against competing browsers. Since the industry has conspired to make this impossible, the only possible security rating for IE is NULL, as opposed to something quantifiable for open source competitors.
Well considering that almost every security vulnerability ever reported has developers as a root cause, not sure you can really claim they cause less harm. The harm just gets postponed until it is maximally expensive.
Even some large military networks provision developers with secondary accounts that have local admin rights. The machines on which those accounts are valid get walled off into a "community of interest" that is isolated from the production domain. You can't effectively debug on Windows without those rights. However, it's very important to know where those rights are required and not, and developers should do as much as possible without invoking them. The assumption of excessive privileges has always been a big hassle with Windows. Microsoft started trying to kill that off with XPSP2 and Vista, and they are still trying. Speaking of which, they used to have a white paper (NT4 based) about security in a development environment, does anyone still have a copy?
Funny that it doesn't seem to work on Bin Laden.
Do not clone Windows from drive images. Ever. You will never understand why things are broken down the road.
So what's Microsoft's alternative? Compete with themselves?
My initial thought was that this was insane -- Linux software should only be distributed as source and compiled on the target. Then I actually read the material and realized we were talking about distribution binary Linux installers. Since those pretty much have to be compiled before loading on the target, a multi-platform binary seems to make perfect sense in this context.
I think Carlin showed that the f-word (no not "free", the other one) is very close to this already.
I don't buy the Wikipedia claim that Kaspersky "worked at a multi-discipline scientific research institute", unless you consider KGB's R&D organization to meet that criterion (well OK, it probably does). This appears to be a person dedicated to advancing a political agenda that does not permit dissent.
Oh it's even better: If any piece of the cloud is in one country, that country will try to apply its laws to the entire cloud. If a piece of the cloud isn't in that country, they'll apply their intelligence agencies instead.
Am I the only one that finds the statements "new to programming in C", "asked to extend an open source authentication module", and "testing has been done and it works as designed" to be utterly incompatible? Come to think of it, "authentication module" should be incompatible with "C" in any context, to say nothing of "new to programming" and "authentication module".
Microsoft has leveraged its monopoly to shove Bing down the throats of anyone too ignorant or powerless to remove it, by making it the new "default" search engine for all things Microsoft, including Internet Explorer. This captures two classes of people: those that don't know any better, and those browsers held captive by corporate configuration lockdowns (in companies that don't bother to override the new default). Since my observations to date indicate that Bing sucks compared to Google (especially when searching Microsoft MSDN and TechNet!) these should be the only class of people using Bing, apart from deliberate experimentation.
... this could be the Next Big Thing, or a fart in the wind...
Yahoo News : " On one end of the power-brick-shaped device are two USB connections, and on the other end sits a single 10/100 Ethernet port. Attach that side of the device to your network and you can hotswap any number of USB-based storage devices (be they hard drives or flash-based) to the two connectors on the other side." Apparently the product has an unfortunate conflict with an existing web hosting service. Product page here.
... netbook owners awoke this morning to discover that Chrome OS had mysteriously disappeared from their netbooks. These were netbooks that they had bought and paid for, and thought they owned. Apparently the publisher changed its mind about offering an operating system, and Google, whose business lives and dies by advertiser happiness, electronically deleted all instances of Chrome from people's netbooks and credited their accounts for the price ($0). Microsoft immediately raised the price of netbook client licenses...
Science precedes engineering, which is the attempt to apply the science. Attempts to reproduce fake science either won't work at all, will accomplish the reality of the faked discovery (which might or might not be exposed), or find out something completely new as a result of the fakery. So the good science happens in spite of the bad science, because the truth doesn't care if anyone believes it or not. Faking science for any reason other than personal survival is simply foolish, because you'll probably be found out in the end, your career obliterated, and any valid work discredited (which would be particularly harmful because of the required duplication of effort).
Lawyers. The government does not really recognize the concept of FOSS, only "COTS" and "GOTS". If the government didn't write it, then the lawyers insist on having a vendor to sue, even if that vendor can disclaim all liability, and/or limit remedies to "refund of purchase price". The number of government-operated facilities capable of GOTSifying FOSS is relatively limited, and doing so is not part of their mission. Finally, there is no political incentive to do this (quite the reverse, thanks to vendor lobbying).
There would seem to be a high probability that such a network is monitored by one or more IPS' that log and archive all outbound packets. If the time of infection can be established, then it should be possible to estimate the amount of exfiltrated data.
ROT13 is encoding, not encryption. You transform the information, but you don't conceal any of it. Ziad El Bizri (OP cit.) apparently observes that if you encrypt the keywords individually, then you can submit encrypted keyword queries, and the server can search for them for you. This is great, but why would you want to? The object of a search server is for other people to be able to search the data (otherwise why index it on the server?) With the suggested scheme, only the data owner (or shared key holders) will be able to search the data. It would seem to be just as easy to construct a trustworthy server and then encipher the query traffic, as has already been observed.
How is carrying around a one-time password device that can be stolen better than carrying around a thumb drive with a public key?
If your "one-time password device" has no PIN, and it is your only authenticator, then it isn't better (you're back to weak single-factor authentication). If it does have a PIN, and/or is combined with a password (both, I hope), then you now have strong two-factor authentication. Unless, of course, you wrote the PIN down and stored it on/with the device.
However, before you worry about this problem, makes sure you've killed all the LM authentication in your enterprise that's happily coughing up hashed passwords and usernames to anything and everything it talks to.
If Limewire 5 is an example of "the open source model of development, shifting decision-making power to the few developers with the deepest architectural understanding of, and closest interaction with, the code", then they can shovel it.
Point being, the concept of IP (perhaps using other words) is hardly of "recent origin". However, we have the right to work through our elected representatives to pass the kind of "IP" legislation that will best "promote the general welfare and secure the blessings of liberty to ourselves and our posterity", not just the posterity of inventors and artists.
Because if you are, your fears are well-founded. OTOH, my public pages on linkedin, facebook, etc. don't say "Thad Zurich" on them, and no, I'm not going to tell you what they do say.
Copying a file is not *necessarily* theft, but it *can* be theft, especially if you are not entitled to the file in the first place. That is not an issue here, since students are entitled to notes.
1. In its effort to ensure that your taxpayer dollars are conserved, the government rarely wastes money on esoteric concepts like "capacity planning". 2. In the effort to avoid Microsoft technology, the State Department apparently used an email system that allowed reply-all to massive distribution lists. Exchange Server allows use of such lists to be restricted. 3. The BCC field should have been the obvious and correct first line of defense. The fact that the BCC is normally suppressed by default is probably a factor. State would not have wasted money training personnel to use the BCC field (see #1, above). 4. Having done #3, the "reply-to" field should have been redirected to a bit bucket. Same as #3 and #1. 5. Threatening employees with adverse action for something you should have trained them to make impossible: priceless.