Actually, I'm mch more closely aligned to something like Stateless Socialism (See Lysander Spooner or Benjamin Tucker) which in some circles is considered an Anarchist viewpoint.
I don't think life would be the same at all... in fact, I hope I never have to experience some post civilization existence. However, if I do, I think I have a better than average chance of survival, mostly because I have a rather country/backwoods upbringing. to quote a terrible country song "I can skin a buck, I can run a trot line".
But, I don't expect everyone to be able to do that... I just expect them to show some self-preservation... survival of the fittest and all that.
I am a fully functioning individual, my cells are not. I can think, prepare, plan and execute. I live in an area where Tornados are common. So I have a plan if there is ever a tornado, I have some water and canned food stocked. I have some sealed emergency medical supplies.
And, if I had to, I could live off the land indefinatley, for food, clothing, shelter and some (but not all) medical supplies. However, I don't expect everyone to be capable of that. I do expect everyone to have some sense of self-preservation and personal responsibility. I expect the government to help people recover from disaster and to save those that they can save. I think our government performed horrifically in this instance. However, that doesn't excuse the lack of preparation on the part of those who died. Perhaps some of them were prepared and unforseen events still left them dead... but in many of the cases, people had not planned at all.
Do you remember in school when they had "Fire Safety" classes and they would talk about having a plan if your house caught on fire? Stuff like an escape ladder, a known safe place to meet once out of the house, a smoke detector and a fire extinguisher. This is the level of self preservation I'm talking about. I don't expect the inhabitants of NOLA to grow beards and become Grizzly Adams. I do expect them to be able to save their own god damned hide in the event of a disaster that was a KNOWN MAJOR THREAT for as long as NOLA has existed.
When your life is in danger, the ONLY person that you KNOW will be there... is you. Everything else is a crap shoot.
I have enough money to live. Even when I didn't have money I offerend to help Grandma with the outhouse bit, but she's happy living as she always has. So is my great Aunt. Hell, it's not like cornshuck is a bad bed... just not exactly modern.
Indeed, customizations are possible... so blaming Websense for this mysterious blocking pattern (while it appearing somewhat custom in relation to my active experience with Websense) seems perhaps disingenious.
But, perhaps we're just tilting at windmills (perhaps windmills are really enchanted WMD's).
Odd, does Websense give the Marines some special set of sites to block? In our Websense build, blocking sites like Al Franken would block sites like Rush Limbaugh. Odd that the Websense filter for the Marines seems to be missing something, if the report is correct.
Ya know, I grew up in a small southeastern Ohio village (no stop lights 1500 people). There weren't jobs unless you wanted to work for a pottery. My parents had neither the money nor the inclination to send me to college... and yet, I didn't join the millitary. I read books, I learned how computers worked. I learned how networks worked and now I have a good job with a nice salary.
I'm not a republican by any means, but I do think that at least a portion of the responsibility for those that died during Katrina... lies with those that died in Katrina. People in the city knew that the levees were unlikely to hold against a big storm, the news had covered the issue many times, including a discussion of how bad the flooding would be. Yet, these people failed to accept the most basic act of self-preservation. How many of those that stayed and died had bothered to develop a plan? How many had stocked up on even the basics like water? People standing in line at the Dome were holding bags of clothes and televisions... why weren't they holding milk jugs of water and bags of food?
The federal, state and local authorities failed to support thei constituants and they should be held responsible for their failures... but, when it comes to life and death, the ultimate responsibility must lie with the individual. At any time, you may find yourself in a life-threatening situation. When that happens, there might be some local cops to help, or there might be national guard to help, or there might be FEMA... however, the only person that WILL be there, for sure... is you. If you can't rely on you, then how can you expect to rely on some government group? I mean, the government are the people that run the BMV, do you really want to stake your life on that level of incompetence.
As an aside, I think it also speaks to our failure as a civilization. Survival, for most species on this planet is instinctive. Survival for Americans, is a responsibility of the government. If some terrible disaster struck, how many Americans could survive without a grocery store? How many would starve? We live on a Continent that provides basic sustance throught the entire year. There is nowhere in North America where there isn't at least some type of food (with the exception of some small patches of desert). Yet, how many people would survive?
How many people live in areas where tornados, hurricanes, floods, earthquakes etc are all possible? How many of them actually spend even a few hours putting together a contingency plan? How many bother to store up even a gallon of water?
Personal responsibility, seems to me, the most important thing that we as a nation have lost. Our society loves to find someone or something to take the blame (I was poor so I had to join the millitary. I was poor so I couldn't save my own ass.)
I was poor, my Grandma still uses an outhouse and I have a great Aunt that still sleeps on cornshuks and has a dirt floor. I have a job that makes money and I have learned how the hell to save my own ass. And still have time for 420;-)
I consider myself a sci-fi geek. I've watched sci-fi ever since I can remember. So I was intrigued when Serenity came out. I hadn't got to see Firefly and wanted to check out what the fuss was all about.
I was disappointed in the extreme. I would have considered it good sci-fi for the SciFi Channel... anything is better than Frankenfish, Manticore etc... but really, it didn't seem to me like very good Sci-Fi (at least the movie, I haven't seen the series). The dialogue was ok, the special effects were definately TV quality and the overall story just felt poorly put together.
Kidnappings could easily be handled by the State. There's no reason that federal officials would have to be involved. Serial Killers tend to stay in a particular area (with a few notable exceptions), again a job for the State.
The State can (and used to) handle pretty much everything that the feds do now... one should wonder when all the power starts flowing up the chain, away from the individual.
Actually, I think that some scientists did try this out... one was a student of Galileo's. However, he found that they did not land at the same time (Galileo, supposedly wasn't surprised since he had already figured out wind friction/viscosity.
Free Speech and Free expression is a personal right, protected by the federal government. It protects you from getting killed or tossed in jail by the government. It does not, in any way, protect you in your workplace. I find it astounding that so many Americans (regrettably they generally align themselves with Democrats), think that freedom of speech means that they have the right to say whatever, wherever and no one can do anything. That's not how it works. All it means is that the government isn't supposed to bother you, it says nothing about employers. Your employer has the freedom to hire and fire people, based on whatever criteria he/she decides (in many states). If you offend your coworkers, they have the freedom to fire you.
While they do 'fear a lawsuit', it rreally isn't that simple. At least in Ohio law, a female co-worker would have to report the "harassment". The company would have the chance to correct the problem. However, if they did not correct the problem and she was exposed to *gasp* porn again, then she could sue.
If someone is offended by the naked human body, I wonder how they bathe?
I remember when I was the rarely consulted "hacker" who sat in a lab and played, until there was an issue. Now I have so many projects, deadlines and critical assessments that I'm working 40+ hours and have no lab time.
Err, for home users, I would agree that Firewalls were less than necessary 10 years ago. However, corporations that didn't have firewalls 10 years ago were often a bastion for hackers. In 94 I had to help three companies clean up after messes left because they had only a router between them and the Internet, and used real IP addresses on the inside.
In your first two examples, I think that the security team was being entirely reasonable. Files should not be transmitted via email, tools like FTP/SFTP appear much more suited for such work. Using the right tools, often improves security. In the second instance, taking the system off of the network while building should fix the problem. I wouldn't be surprised if the third example had to do with SOX, since we had to do something similar here. All systems had to have a managed trail that could tell us which employees had access, when they accessed and what they accessed. On a number of older systems, we found lots of generic ID's that were being used by multiple employees. We didn't have the luxury of slowly fixing this issue. We were told by the auditors that it HAD to HAPPEN IMMEDIATELY, or we would fail complaince.
The password thing sounds bad. 8 characters is ok (though not really mush more secure these days), no repeating of old passwords is ok (again not great), but 30 days is very bad. 30 days to lead to two problems. 1) People write it down on sticky notes; B) People make easy to remember "MyFebPwd1" "MyMarchPwd1" etc.
It sounds like the person who made your password policy could do with a dose of accurate information about the usability of passwords. However, the other stuff seems reasonable to me.
*speaking for a moment as a Corporate Security Guy*
the less likely they will just trust you (the employee) to do your job and the more likely they will impose restrictions to insure you can't visit slashdot/fark/apple.com etc
You know, it wasn't too long ago that corporate employees had zero access to the Internet and email was, at best, intra-company. Yet, all of those people throughout the history of corporations in this country, were able to do their job without Fark, apple.com or Slashdot. When you are on Company time, the company has an interest in you working, not in you reading Slashdot. When we couple this with sites that may be infected with *insert latest browser bug*, we find ample reason to restrict access. In one area of our corporate network, (until last year), only a few employees were actually permitted to access the Internet at all.
Companies, in my experience (10+ years), don't tend to simply throw money at the security team. Every project we run, must be connected to a Risk Assessment where we've examined the potential threats, the cost to the business if those threats happen and the cost of the fix (including the cost of less functionality). Only if the cost to fix it appears less than the "annual loss expectancy", does the project move forward. We began blocking sites, not because we wanted to keep people from Fark.com, but because it was the least expensive way to mitigate the risk of browser bourne infection and URL's that may be connected with viruses/trojans/spyware. Since we already have the tool, some filtering was put in place as a CYA (porn etc).
*corporate security hat off*
I think it sucks. I think that employees should be given the freedom to access whatever and that their performance should be the sole form of grading. If an employee spends 3 hours a day on Slashdot Fark and Apple... their productivity will reflect it. As for browser bourne problems... well if we didn't have a piece of garbage that was susceptible to thousands of viruses, hijacks etc. running on the desktop, we wouldn't need to block those sites.
*hat on*
I believe that many "security measures" are actually implemented more broadly than necessary because the side effects (lessened ability to use the internet, etc.) are mostly seen as good by the people who make decisions.
What do you base this belief on?
SOX, PCI, and a host of other pieces of federal legislation, audits and state laws have recently made the world of security a much tricker place. It may be that they appear broad to you, because you don't understand some of the requirements that security teams must deal with. We hear this argument often, from people in the corporation and people in IT. However, even here, we go through months of assessment, analysis, testing and verification before we implement anything. Everything we find is documented and presented up the chain (and across the various architecture/IT groups). If something is put in place, it's probably because its cheaper (and less risk for the company) than leaving the threat unmitigated.
*hat off*
Yes, sometimes security sucks. I understand that Joe Cubicle probably doesn't understand why X security policy is in place. However, I have found, in mosbunall cases, there is a strong business case for any restriction in place.
Citizens like you cause me to fear for the future of this nation. I do not disagree with your right to the above opinion, and I understand the point of view. It is however, one that I fervently hope does not prevail in any nation in which I reside.
Clearly we can't do that either since we're not sure we have the right guys.
And that, I think, would seem to be the point. We don't know that the guy we captured was a 'terrorist', or a jihadist, or an insurgent, or some Iraqi who got pissed at American boots tramping around his neighborhood, or *gasp* an innocent person.
In such a situation, I think shooting them without a trial seems foolish... by the same token, waterboarding them, humiliating them, in short, torturing them would seem equally foolish. The Insurgent would appear unlikely to know anything about attacks on America (which is the whole excuse for abuse), the pissed off Iraqi seems to be in the same boat (except he wouldn't even know anything about attacks in Iraq). A jihadist or terrorist might be able to tell us something, but we can't easily seperate them from the others.
When in doubt, it would appear best to simply act like civil, 21st century human beings. Sure, they may act like 8th century religious loonies... that doesn't mean we have to.
There seems to be a common theme in cop and detective stories... young hero that wants to use the latest technology to solve crimes and an old grizzled cop that says something like "In the end, you only solve crimes by hitting the pavement and asking questions".
It seems that the advice could apply in many areas. The Internet and its features may be great tools... but in the end, if you're trying to honestly research something, nothing beats cracking some books and reading, comprehending and putting it all together. Wikipedia should not be a critical resource for anyone but blog commenters, and then only because speed and words that sound authoritative seem more in demand than facts.
I doubt the economy would keep bad people from doing bad things. However, if all corporate executives were held to task for their intentional failures, we would likely see less of this sort of thing. The problem, in my opinion, isn't capitalism, it seems more like the current incarnation of capitalism that has spawned mega-corporations where the "bad people" can often hide behind the faceless 'entity'. We're doing better now than we were at the start of the 20th century, but we still have much we can improve upon, personal responsibility and liability are at the top of the list (IMO).
Slashdot Mirror
Actually, I'm mch more closely aligned to something like Stateless Socialism (See Lysander Spooner or Benjamin Tucker) which in some circles is considered an Anarchist viewpoint.
I don't think life would be the same at all... in fact, I hope I never have to experience some post civilization existence. However, if I do, I think I have a better than average chance of survival, mostly because I have a rather country/backwoods upbringing. to quote a terrible country song "I can skin a buck, I can run a trot line".
But, I don't expect everyone to be able to do that... I just expect them to show some self-preservation... survival of the fittest and all that.
I am a fully functioning individual, my cells are not. I can think, prepare, plan and execute. I live in an area where Tornados are common. So I have a plan if there is ever a tornado, I have some water and canned food stocked. I have some sealed emergency medical supplies.
And, if I had to, I could live off the land indefinatley, for food, clothing, shelter and some (but not all) medical supplies. However, I don't expect everyone to be capable of that. I do expect everyone to have some sense of self-preservation and personal responsibility. I expect the government to help people recover from disaster and to save those that they can save. I think our government performed horrifically in this instance. However, that doesn't excuse the lack of preparation on the part of those who died. Perhaps some of them were prepared and unforseen events still left them dead... but in many of the cases, people had not planned at all.
Do you remember in school when they had "Fire Safety" classes and they would talk about having a plan if your house caught on fire? Stuff like an escape ladder, a known safe place to meet once out of the house, a smoke detector and a fire extinguisher. This is the level of self preservation I'm talking about. I don't expect the inhabitants of NOLA to grow beards and become Grizzly Adams. I do expect them to be able to save their own god damned hide in the event of a disaster that was a KNOWN MAJOR THREAT for as long as NOLA has existed.
When your life is in danger, the ONLY person that you KNOW will be there... is you. Everything else is a crap shoot.
I have enough money to live. Even when I didn't have money I offerend to help Grandma with the outhouse bit, but she's happy living as she always has. So is my great Aunt. Hell, it's not like cornshuck is a bad bed... just not exactly modern.
Indeed, customizations are possible... so blaming Websense for this mysterious blocking pattern (while it appearing somewhat custom in relation to my active experience with Websense) seems perhaps disingenious.
But, perhaps we're just tilting at windmills (perhaps windmills are really enchanted WMD's).
Odd, does Websense give the Marines some special set of sites to block? In our Websense build, blocking sites like Al Franken would block sites like Rush Limbaugh. Odd that the Websense filter for the Marines seems to be missing something, if the report is correct.
There would be a lot more dead people in Iraq if we just wanted to kill indiscriminately.
Indeed... By the way, just how many dead Iraqis have there been as a result of this war?
Well said. If I had mod points I'd give you an Insightful.
Ya know, I grew up in a small southeastern Ohio village (no stop lights 1500 people). There weren't jobs unless you wanted to work for a pottery. My parents had neither the money nor the inclination to send me to college... and yet, I didn't join the millitary. I read books, I learned how computers worked. I learned how networks worked and now I have a good job with a nice salary.
;-)
I'm not a republican by any means, but I do think that at least a portion of the responsibility for those that died during Katrina... lies with those that died in Katrina. People in the city knew that the levees were unlikely to hold against a big storm, the news had covered the issue many times, including a discussion of how bad the flooding would be. Yet, these people failed to accept the most basic act of self-preservation. How many of those that stayed and died had bothered to develop a plan? How many had stocked up on even the basics like water? People standing in line at the Dome were holding bags of clothes and televisions... why weren't they holding milk jugs of water and bags of food?
The federal, state and local authorities failed to support thei constituants and they should be held responsible for their failures... but, when it comes to life and death, the ultimate responsibility must lie with the individual. At any time, you may find yourself in a life-threatening situation. When that happens, there might be some local cops to help, or there might be national guard to help, or there might be FEMA... however, the only person that WILL be there, for sure... is you. If you can't rely on you, then how can you expect to rely on some government group? I mean, the government are the people that run the BMV, do you really want to stake your life on that level of incompetence.
As an aside, I think it also speaks to our failure as a civilization. Survival, for most species on this planet is instinctive. Survival for Americans, is a responsibility of the government. If some terrible disaster struck, how many Americans could survive without a grocery store? How many would starve? We live on a Continent that provides basic sustance throught the entire year. There is nowhere in North America where there isn't at least some type of food (with the exception of some small patches of desert). Yet, how many people would survive?
How many people live in areas where tornados, hurricanes, floods, earthquakes etc are all possible? How many of them actually spend even a few hours putting together a contingency plan? How many bother to store up even a gallon of water?
Personal responsibility, seems to me, the most important thing that we as a nation have lost. Our society loves to find someone or something to take the blame (I was poor so I had to join the millitary. I was poor so I couldn't save my own ass.)
I was poor, my Grandma still uses an outhouse and I have a great Aunt that still sleeps on cornshuks and has a dirt floor. I have a job that makes money and I have learned how the hell to save my own ass. And still have time for 420
I consider myself a sci-fi geek. I've watched sci-fi ever since I can remember. So I was intrigued when Serenity came out. I hadn't got to see Firefly and wanted to check out what the fuss was all about.
I was disappointed in the extreme. I would have considered it good sci-fi for the SciFi Channel... anything is better than Frankenfish, Manticore etc... but really, it didn't seem to me like very good Sci-Fi (at least the movie, I haven't seen the series). The dialogue was ok, the special effects were definately TV quality and the overall story just felt poorly put together.
Alas.
Don't give them any more ideas!!
Wow, I hope your real world doesn't spread to my stste. :(
Kidnappings could easily be handled by the State. There's no reason that federal officials would have to be involved. Serial Killers tend to stay in a particular area (with a few notable exceptions), again a job for the State.
The State can (and used to) handle pretty much everything that the feds do now... one should wonder when all the power starts flowing up the chain, away from the individual.
Well, thats only because they overfiched the microfisheries...
Actually, I think that some scientists did try this out... one was a student of Galileo's. However, he found that they did not land at the same time (Galileo, supposedly wasn't surprised since he had already figured out wind friction/viscosity.
Free Speech and Free expression is a personal right, protected by the federal government. It protects you from getting killed or tossed in jail by the government. It does not, in any way, protect you in your workplace. I find it astounding that so many Americans (regrettably they generally align themselves with Democrats), think that freedom of speech means that they have the right to say whatever, wherever and no one can do anything. That's not how it works. All it means is that the government isn't supposed to bother you, it says nothing about employers. Your employer has the freedom to hire and fire people, based on whatever criteria he/she decides (in many states). If you offend your coworkers, they have the freedom to fire you.
No company owes you a job.
While they do 'fear a lawsuit', it rreally isn't that simple. At least in Ohio law, a female co-worker would have to report the "harassment". The company would have the chance to correct the problem. However, if they did not correct the problem and she was exposed to *gasp* porn again, then she could sue.
If someone is offended by the naked human body, I wonder how they bathe?
Preach it Brother.
I remember when I was the rarely consulted "hacker" who sat in a lab and played, until there was an issue. Now I have so many projects, deadlines and critical assessments that I'm working 40+ hours and have no lab time.
Err, for home users, I would agree that Firewalls were less than necessary 10 years ago. However, corporations that didn't have firewalls 10 years ago were often a bastion for hackers. In 94 I had to help three companies clean up after messes left because they had only a router between them and the Internet, and used real IP addresses on the inside.
In your first two examples, I think that the security team was being entirely reasonable. Files should not be transmitted via email, tools like FTP/SFTP appear much more suited for such work. Using the right tools, often improves security. In the second instance, taking the system off of the network while building should fix the problem. I wouldn't be surprised if the third example had to do with SOX, since we had to do something similar here. All systems had to have a managed trail that could tell us which employees had access, when they accessed and what they accessed. On a number of older systems, we found lots of generic ID's that were being used by multiple employees. We didn't have the luxury of slowly fixing this issue. We were told by the auditors that it HAD to HAPPEN IMMEDIATELY, or we would fail complaince.
The password thing sounds bad. 8 characters is ok (though not really mush more secure these days), no repeating of old passwords is ok (again not great), but 30 days is very bad. 30 days to lead to two problems. 1) People write it down on sticky notes; B) People make easy to remember "MyFebPwd1" "MyMarchPwd1" etc.
It sounds like the person who made your password policy could do with a dose of accurate information about the usability of passwords. However, the other stuff seems reasonable to me.
*speaking for a moment as a Corporate Security Guy*
the less likely they will just trust you (the employee) to do your job and the more likely they will impose restrictions to insure you can't visit slashdot/fark/apple.com etc
You know, it wasn't too long ago that corporate employees had zero access to the Internet and email was, at best, intra-company. Yet, all of those people throughout the history of corporations in this country, were able to do their job without Fark, apple.com or Slashdot. When you are on Company time, the company has an interest in you working, not in you reading Slashdot. When we couple this with sites that may be infected with *insert latest browser bug*, we find ample reason to restrict access. In one area of our corporate network, (until last year), only a few employees were actually permitted to access the Internet at all.
Companies, in my experience (10+ years), don't tend to simply throw money at the security team. Every project we run, must be connected to a Risk Assessment where we've examined the potential threats, the cost to the business if those threats happen and the cost of the fix (including the cost of less functionality). Only if the cost to fix it appears less than the "annual loss expectancy", does the project move forward. We began blocking sites, not because we wanted to keep people from Fark.com, but because it was the least expensive way to mitigate the risk of browser bourne infection and URL's that may be connected with viruses/trojans/spyware. Since we already have the tool, some filtering was put in place as a CYA (porn etc).
*corporate security hat off*
I think it sucks. I think that employees should be given the freedom to access whatever and that their performance should be the sole form of grading. If an employee spends 3 hours a day on Slashdot Fark and Apple... their productivity will reflect it. As for browser bourne problems... well if we didn't have a piece of garbage that was susceptible to thousands of viruses, hijacks etc. running on the desktop, we wouldn't need to block those sites.
*hat on*
I believe that many "security measures" are actually implemented more broadly than necessary because the side effects (lessened ability to use the internet, etc.) are mostly seen as good by the people who make decisions.
What do you base this belief on?
SOX, PCI, and a host of other pieces of federal legislation, audits and state laws have recently made the world of security a much tricker place. It may be that they appear broad to you, because you don't understand some of the requirements that security teams must deal with. We hear this argument often, from people in the corporation and people in IT. However, even here, we go through months of assessment, analysis, testing and verification before we implement anything. Everything we find is documented and presented up the chain (and across the various architecture/IT groups). If something is put in place, it's probably because its cheaper (and less risk for the company) than leaving the threat unmitigated.
*hat off*
Yes, sometimes security sucks. I understand that Joe Cubicle probably doesn't understand why X security policy is in place. However, I have found, in mosbunall cases, there is a strong business case for any restriction in place.
YMMV
Clyde
Citizens like you cause me to fear for the future of this nation. I do not disagree with your right to the above opinion, and I understand the point of view. It is however, one that I fervently hope does not prevail in any nation in which I reside.
Clearly we can't do that either since we're not sure we have the right guys.
And that, I think, would seem to be the point. We don't know that the guy we captured was a 'terrorist', or a jihadist, or an insurgent, or some Iraqi who got pissed at American boots tramping around his neighborhood, or *gasp* an innocent person.
In such a situation, I think shooting them without a trial seems foolish... by the same token, waterboarding them, humiliating them, in short, torturing them would seem equally foolish. The Insurgent would appear unlikely to know anything about attacks on America (which is the whole excuse for abuse), the pissed off Iraqi seems to be in the same boat (except he wouldn't even know anything about attacks in Iraq). A jihadist or terrorist might be able to tell us something, but we can't easily seperate them from the others.
When in doubt, it would appear best to simply act like civil, 21st century human beings. Sure, they may act like 8th century religious loonies... that doesn't mean we have to.
There seems to be a common theme in cop and detective stories... young hero that wants to use the latest technology to solve crimes and an old grizzled cop that says something like "In the end, you only solve crimes by hitting the pavement and asking questions".
It seems that the advice could apply in many areas. The Internet and its features may be great tools... but in the end, if you're trying to honestly research something, nothing beats cracking some books and reading, comprehending and putting it all together. Wikipedia should not be a critical resource for anyone but blog commenters, and then only because speed and words that sound authoritative seem more in demand than facts.
How did you know about the ALIENS?!
*puts on the tinfoil hat and hides*
I doubt the economy would keep bad people from doing bad things. However, if all corporate executives were held to task for their intentional failures, we would likely see less of this sort of thing. The problem, in my opinion, isn't capitalism, it seems more like the current incarnation of capitalism that has spawned mega-corporations where the "bad people" can often hide behind the faceless 'entity'. We're doing better now than we were at the start of the 20th century, but we still have much we can improve upon, personal responsibility and liability are at the top of the list (IMO).