From what I've been reading, the fact that Boeing basically outsourced everything but final assembly of the plane to different contractors has come back to bite them. One of my IT specialties is integration work -- and I've worked on a lot of contracted software products that totally don't work when you get their individual parts back and mash them together.
I'm preaching to the choir, perhaps, but this is a very, very very important point: Don't EVER outsource your core competence! Every company has a core strength, their purpose for existing. It does change with time: IBM started out with office furniture and office equipment, slowly moving through adding machines, typewriters, through to early computers, though to today as a major IT consulation firm. But at every step of the way, IBM had a clear core competence that they guarded fiercely with NDAs and big research spending, that continues to this day.
They have not lost their core competence - if anything, IBM has strengthened it even as it has redefined what that core competence is.
Are you an executive? Remember this: Every company has their "mojo" - their "secret sauce" - the service that defines the value of the company. Find out what that is, and work like crazy to strengthen and preserve that core value. Outsource whatever you like so long as you don't outsource that core company value.
For example, a logging company may maintain a small power plant at its lumber mill, for various reasons. Generating power is likely *not* part of the core competency of the logging company, so if it can be done cheaper by a power company, it's probably a good idea. But the logging company had better not subcontract logging to other firms for the lowest bidding price, because this represents ths core value of the company, and by doing so, you become a dead-weight "middle man" that your customers will eventually want to eliminate. Your company loses its reason for existing.
If your company builds airplanes, then you had better focus on being able to build airplanes, and not source out building airplanes to other companies - else what value does your company really offer?
It's a bone-headedly simple concept, and for some reason, it doesn't seem to be well taught in business colleges.
Not necessarily a problem at all. If the user chooses Ubuntu, then synaptec, ( or apt-get, aptitude, etc.) will install an application successfully with something that works, transparently.
"IP loss" does not exist. At least not loss of copyright, patent, or trademark rights. If somebody infringes your IP, you sue them. I don't really see what the problem is, unless all of your IP is kept as a trade secret such that third party disclosure completely fucks you. Copyright your software, patent what's patentable, and stop being so damn paranoid. Do you think some company could actually start up, using your software and patented methods, and steal your customers, and you won't NOTICE? Are you just completely oblivious to your own market sector or something?
Spoken like somebody who's never owned any significantly important, private information.
Information leaks can devestate a business, and I'm not just talking credit cards. Let's say that you have AIDS, and somehow, that very private information leaks. Let's say that you are a private school, and you are teaching Nicholas Cage's kids, but under assumed names. What if one of the kids has some kind of mental problem, or is a hermaphrodite? You think that keeping this information free from the prying eyes of the Papparazzi isn't a very, very high priority?
You can build a very nice, successful business simply by making discretion your focus point, adhering to industry & security best practices, and promoting the h*** out of it! If you combine that with a premium technical service, like *nix system administration or mainframe maintenance, you're pretty much free to fill the blank checks they'll give you.
But if you do, don't ever, ever, ever let your security be compromised! I've said this many times: "My basic plan is to get into positions of trust, and then never, ever, ever, violate that trust".
Basic advice: Make sure your CONTRACT specifies what they can and can't do.
If they break the contract, they (and anyone they did it on behalf of, including if they sell the info to some competitor later) are in for a world of legal hurt.
Actually, they'd be in for the hurt specified on the contract. No more, no less. Usually, it's a matter of asking yourself if the damages allowed by the contract are worth the bother of persuing, and in most cases, it's not worth the time. The contract is not really about damages, but about establishing expectations of behavior.
I've seen outsourcing go both ways, and I say this as an outsourced software provider! Sure, we're pretty careful inhouse, everybody with access to data has a background check, signs and NDA, etc. and we perform to security best practices. Our hosting is top-notch, and off-site/off-network redundant for Disaster Recovery situations, with automated, historic backups performed to a 3rd location nightly.
Combined with quality, white-box equipment, and we offer excellent performance and uptime.
However, I've seen the opposite end of the spectrum - vendors who got paid big bux to do little more than plug in hardware and not dicker with it. In one case, security was a bit lax, and the entire computer network (servers, backup tapes, EVERYTHING!) was simply stolen. Gone. All of it.
My suggestions:
1) Demand a simple, clearly written operations statement: what do they do, and when?
2) Demand the ability to perform audits at any time. They will likely balk at this, and it's reasonable, but in that case, either offer to reimburse their expenses consumed in the audit, or demand that they provide some way to review their activity to ensure it's getting done.
Just remember this: when the cat's away, the mice will play. There are some people whose integrity is better than this, but such people are rare, and unlikely to be working as a lowly tech weenie swapping backup tapes.
How can you trust that a user hasn't used a privilege escalation to install a rootkit already? You can't trust apt-get, or yum, or anything.
How do you know that the CD image doesn't contain hacked software?
How do you know that the compiler hasn't been hacked in with a hidden precompiled message?
How do you know that the website with the MD5 summaries isn't a Man-In-The-Middle?
At some point, you have to take a good look and decide that it's good enough. And the "compromise" position that you have to take with Linux is sooo much more secure than the Windows alternative. True, I don't know for *sure* that no local users have compromised the systems. But then, I never do, truthfully, anyway. But I do have some pretty strong assurances, and that's good enough for almost anyone.
As a former 365 Main customer, I can say that our move to Herakles Data in Sacramento went smoothly, and what a difference! Great, reliable service, redundant EVERYTHING (unlike 365 Main which gave me A network feed and A power strip) with a bigger rack and more power, and at a BETTER PRICE.
Seriously, it's dramatically different, night and day in just about every way.
When 365 Main had their power woes a couple years back, it was all lawyer-speak about validating any kind of claim, because we *were* promised 99.99% uptime in the contract, but we'd have to sue to get it. They didn't even bother to respond to our legal letters and issued only cryptic, terse public notices.
When Herakles data had a core Cisco router go "half dead" a few months back, (blown enough to cause problems, but not cause backup routers to step in) causing a few hours of downtime, they sent detailed analysis of what happened, and then they SENT US THE FORMS if we wished to file a claim. It was even partially filled out! (we didn't file, just because of the trust and goodwill this fostered)
I was originally impressed with 365Main because it *is* technically a nice facility, but in terms of service quality and price, Herakles (1.5 hours drive away!) has them beat hands down.
From what I can see, size matters. The impact of a security breach on the business is inversely proportional to the size of the business. Small companies, big deal. Big companies, Eh - whataya gonna do?
It is inevitable that people will do the destructive things that we do because the properties needed to survive as a small tribe are different than the properties needed to survive as a global megaspecies. The fact that we've done as well as we have is quite commendable. But if you think about it, you'll realize that no species would be 'ideal' to be a megaspecies because none would have evolved AS a megaspecies. All would have started out as a small number of organisms and grown from there.
But yes - the challenge isn't whether or not the sun burns us up, but whether or not we can face the challenges of our own doing.
Seriously - what is it about Twitter? It's a text message rebroadcast. (oh joy!) Why would we want to make up ridiculous services on Twitter?
Coming soon:
GCC compiler - twitter edition!
MS Word for Twitter!
Active Directory - Twitter edition!
How to publish ASCII porn through Twitter, LINE BY LINE!?!?!
Wikipedia was an interesting experiment - a broad-scale collaboration using a simple collaboration tool. Obviously it was a good idea. But in a few years, how many of these Twitter-isms are we going to remember as face-palms of buzzword idiocy?/Methinks society is due for a twitter-ectomy.
Article indicates the pacemaker doesn't have an IP address, and only connects via 402-405 MHz radio link.
As does the summary...
However, it's nearly inevitable that a later version of it and/or those of another pacemaker manufacturer will have its own IP.
Why? Because it'd be cool to do so?
Those with access to a large bot net could easily scan for pacemaker software and then target all or, more likely, a specific person(s) to remotely sabotage their pacemaker, possibly resulting in death...
Making a good reason NOT to do "the inevitable"... Adding something like an IP address to life-sensitive equipment isn't "inevitable" for the very reasons you claim. As a group, doctors aren't idiots, you know, nor are the programmers who write/create medical equipment.
Any medical technology is released very conservatively. How long has it been feasible to access information over IP? A decade? And yet, this is the first use of IP to transmit medical pacemaker MONITORING info. No amount of hacking, DDOS, or Pranknet stunts would result in this person dying since there's nothing in the system that would allow them to do so.
Just because you WANT an IP address (or something usable as such) in so many cases in no way makes it inevitable that every possible device will get one! I, for one, would specifically NOT want my pacemaker to have an IP address.
This even though I *would* like some kind of video display implanted into my brain as a "6th sense" so that I could hook up a backpack PC/browser thereto - notice that even in this case, I don't want any kind of direct access to my brain, but rather just a screen/kb equivalent that I can connect to a computer of my choosing...
In my household, convergence is complete and I'm not looking back...
I moved in February , and the first thing we did after getting power turned on was phones / Internet. 3 Mb DSL costs me 35 dollars/month, and is pretty much a necessity. I figured we'd get cable/satellite figured out... whenever.
It was only a day or so before we discovered online TV - mostly Hulu and Netflix, with some CastTV.com and a few websites. (PBS.org, for example)
While I was expecting that there'd be some freebie options online, I did not expect it to be actually a better experience than paid TV, yet, for me it is!
I don't ever catch 'the last half of a good show'. I see the show from beginning to end, any time, whenever I like.
I don't miss episodes of shows I'm watching. Typically the last month or so of episodes are available on demand @ Hulu. This is enough for me to catch things even when have a busy week or two.
I'm free to explore, without wait. I don't record something and wait a week before I find out it sucks, I find out in five minutes!
Quality is good (far better than NTSC, not quite full HD) and definitely watchable. I didnazt realize what a TV snob I% become untill I stayed at a hotel and couldn't just start the shows at the beginning when I found one I didn't like.
Convergence will happen. And it will happen when the Internet subsumes all 'TV' as you know it!
In any competetive environment, it's often to the advantage of a sitrong underdog to support open standards at the expense of a strong, closed competitor. Microsoft is all about compatibility in a field when they aren't top dog.
Russia is in a similar position - they are not a leader in Internet technology, unless you include their legendary mafia, where they excell. Why would they want to regulate when they stand to profit by bilking the wealthy Americans?
Perhaps even more than in America, the Russians have institutionalized corruption
- What do you normally do to make sure that your Linux system is clean? Is running apt-get upgrade regularly enough or is there more to it?
Remove any and all services that are accessible from the Internet. If you are using SSH, disable passwords altogether and use RSA keys, WITH PASSPHRASES, on a non-standard port.
- What articles or books would you recommend to a newbie in this area? I am fully willing to RTFM as such, but please at least give me at least some direction on what to search for.
Most books are weak, at best. They are either too specific to be useful (since they rarely cover your situation) or too general to be useful, unless you are looking at high-level theory.
Cover the basics:
1) Have you run ALL updates? Linux distros are pretty good.
2) Have you run a port scan from the wild internet? If you don't know what a service is, it shouldn't be visible.
3) Are you logged in as root? You only need to be root when setting up something.
4) Are you programming something? If so, unless you have a pretty good idea what you are doing, you should not make it open to the public.
- Any other general tips, advice or wisdom would you be willing to share?
1) Never run as root from anything but the command line, and then only sparingly.
2) Don't forget physical security. Most Linux systems can be pwn3d by just rebooting and writing a line or two at the grub prompt.
You hardly ever have time/resources to "do it properly" in a small business, unless what you're "doing right" is a core competency of the business. The trick is to convince the guy who signs the checks that it is business/mission critical (often non-trivial).
Sure you do! It's called OSX. Now, before you flame me into submission, understand that I'm writing this on my Fedora Core Linux laptop. I'm a command-line junkie extraordinaire, and don't feel comfortable until I have an xterm or three up on one or two virtual desktops while running dual-head.
But there's a very real, very useful, and very definite benefit to running on OSX - there really is not just nearly as much of a problem with viruses, worms, trojans, and other crapware. Really really for real and yes, it's for real.
Really.
You can argue about marketshare or Unix core or whatever, but it's true - Macs *are* more reliable and *do* have much less of a problem with viruses and such. Who cares why? And if you really must run something windows like, you can get Parallels/VMWare or boot camp. (I recommend the former unless you are a gamer) Even better, if you go the VM route, you can easily save your Windows VM image to an external disk every week or so, and if/when it gets infected, just recover from a backup and be up and running again in minutes instead of days!
I didn't appreciate OSX until I had to port our software over to it. It was painful at first, but in the process, I fell hard-core in love with OSX. Except for the dated Unix command line, it's everything that Fedora Core ever dreamed of.
As a developer, I can say that Google's product suite is unsettlingly dynamic. There's a new API every week or so, and no asssurance of futures. For example, I was all excited about using Google's JS extensions (with the ability to load/save data locally) but I've yet to see this working anywhere but Windows. Chrome is nice but Windows only, there's now (finally!) a Linux version, but it's so buggy that it often crashes X windows. And now they have their own O/S!? Two?! But which one should I use?
It's a mish-mash of poorly integrated pieces, and while they are doing some cool stuff, I need a bit more stability and completeness to do much with them. See, when I write software, the software becomes infrastructure for my clients. They use and depend on my software. I have hosting contracts for PHP apps I wrote 10 years ago, and the fact that the PHP guys have done so well at backwards compatibility means that I've transitioned from PHP 3 to 4 to 5 with so little porting that I didn't even charge the end users for the effort!
I can't spend weeks/months working on software with a platform that's 'cool' but won't be supported in a year or two!
Our legal system is based on the concept of choice; when you commit a crime, you are assumed to be making a conscious choice, and the fact of your doing it proves the choice that you made, and thus your guilt. The laws themselves read this way: part of the definition of a crime in California is that you must INTENTIONALLY perform the illegal act, but this is almost meaningless since it's assumed that you mean to do what you do.
However, it's my belief that ultimately, there is no real choice. We are a product of our biology, genetics, epi-genetics, and experiences.We make choices based on the combination of these factors, and if it were, in fact, possible to account for all the minute variables in these factors, our decisions could be predicted in virtually every case.
The more science news I read, the more firm this conclusion, and this is no exception. And the logic is real simple: if genetics didn't make us who we are, then dogs could talk and trade stocks. But they can't, because they are dogs, and they are dogs because of their genetics, epi-genetics, and biology. Their behavior as such a dog is modified by their experiences. (dogs that are beaten as puppies behave quite differently than those that are loved, even if neither trade stocks)
So, at what point do we decide that the "temporary insanity" defense breaks down completely? If I speed because of my sum biology + experience, then can't it be argued that I really don't have a choice in speeding? (and yes, I do tend towards "lead foot", if you know what I mean) It's not anytime soon, but it's there, and if current trends continue, that point *will* be reached.
When/if the singularity happens, and our personnae can be loaded as a self-morphing program into a computer, can't it be clearly demonstrated that the program does exactly what its structure dictates? Are we going to find MS Word guilty of having Clippy pop up in annoying ways, or do we just accept that it's the way it's constructed and thus has no real choice in the matter?
We pretend that people have a choice, even as we accept that paedophiles will always be paedophiles, rapists will always be rapists, criminals will always have criminal tendencies, and that there is no true cure for any of these. Isn't that an admission that there is no choice, even if our very legal foundation is predicated upon its existence?
As they have explained it to me, anything you give to Google can be subpoenaed. Google is currently one of the most-frequently-served companies in the world, and Google gives full and enthusiastic cooperation with lawfully issued subpoenas.
The challenge is simple, and sweet:
1) Identify any law firm or privileged entity that uses Google docs.
2) Sue them, or perform some court action that would justify a subpoena.
3) Use the subpoena to retrieve all (or a significant number of) privileged docs from the priv entity.
It's a simple social engineering attack that might require the help of a cooperative law firm and some digging. Anybody listening?
Advertising is an (often feeble, granted) attempt at mind control, and therefore offensive by definition.
Hate to break it to ye, but advertising serves an extremely vital function of modern society.
When somebody creates a good or service, they need to somehow communicate the availability of this good or service to the prospective public, or the good/service provider and the consumers are both denied the chance to improve their life, which is the definition of what a sale is: two parties agreeing that they are better off trading goods and services for money than not - so they trade.
In *every* transaction, both transactions are under the impression that they have the "upper hand" - both sides stand to gain more by giving up their end of the bargain than keeping it.
Advertising shows two things:
1) The availability of the good or service itself, and
2) By spending lots of money on advertising, the validity of the company in question is verified to the end user.
Think about it: you wouldn't bank at a bank that advertised by spray-painting a bare 4x8 sheet of plywood. A professional, well-designed advertisement shows you, the prospective consumer, that the vendor has the resources it takes to earn your business, and are thus more likely to be able to handle your business.
Sucks, sometimes, and there are certainly abuses of this system. But, and the end of the day, advertising is a begrudged necessity. Sorry you find it offensive.
In fact, most companies interested in re-branding would be better served by going back to their roots and seeing what made them successful in the first place, not throwing it all away and trying to start from zero. (See aforementioned AT&T - how many telegraphs will you use today?)
But that's definitely *not* what Radio Shack would need to do. People just don't have a need so much for 5% 150k Ohm 1 watt resisters any more. And to underscore my point, Slashdot consists of a tech-centric crowd; how many people here know the resistor coloring codes to even know if they were looking at a 150k Ohm 1 watt resister with a 5% tolerance?
I know I couldn't.
So breadboards and circuit components (where Radio Shack got its name) simply doesn't apply except for the rarest cases. It's such a small niche that it's best (and probably ONLY) served anymore by the applicable niche web sites.
No, Radio Shack *needs* to re-invent themselves. Right now their name is pretty much synonymous with being a small, Circuit City - like place with high prices and low quality gear that sorta carries stuff you can't find elsewhere, like Cat5 network connectors. And we know what happened to Circuit City.
I'm not running Ext4, I'm running Ext3, having switched over the last of the Ext2 FSs to Ext3. Now, I've got to deal with not only EXT4, but BTRFS? What kind of changes does it bring that I would/should give a !@# about?
Ext2 worked well. EXT3 was basically EXT2 but with journalling. What does BTRFS give me over EXT4, or for that matter, EXT3?
I wonder if there are limits on the sizes of the passengers?
The FAA has determined that the "average" passenger weighs 170 lbs for the purposes of advertising how many "passengers" a plane can carry. Thus, a Cessna 172, with 4 seats, but with a fully fueled capacity of about 650 pounds. is a "3 passenger plane" when fully fueled. You can, of course, decide not to fill your tanks all the way, or you fly overloaded.
"Space, is big. Really big. You just won't believe how vastly hugely mindboggingly big it is. I mean you may think it's a long way down the road to the chemist, but that's just peanuts to space.
Slashdot Mirror
From what I've been reading, the fact that Boeing basically outsourced everything but final assembly of the plane to different contractors has come back to bite them. One of my IT specialties is integration work -- and I've worked on a lot of contracted software products that totally don't work when you get their individual parts back and mash them together.
I'm preaching to the choir, perhaps, but this is a very, very very important point: Don't EVER outsource your core competence! Every company has a core strength, their purpose for existing. It does change with time: IBM started out with office furniture and office equipment, slowly moving through adding machines, typewriters, through to early computers, though to today as a major IT consulation firm. But at every step of the way, IBM had a clear core competence that they guarded fiercely with NDAs and big research spending, that continues to this day.
They have not lost their core competence - if anything, IBM has strengthened it even as it has redefined what that core competence is.
Are you an executive? Remember this: Every company has their "mojo" - their "secret sauce" - the service that defines the value of the company. Find out what that is, and work like crazy to strengthen and preserve that core value. Outsource whatever you like so long as you don't outsource that core company value.
For example, a logging company may maintain a small power plant at its lumber mill, for various reasons. Generating power is likely *not* part of the core competency of the logging company, so if it can be done cheaper by a power company, it's probably a good idea. But the logging company had better not subcontract logging to other firms for the lowest bidding price, because this represents ths core value of the company, and by doing so, you become a dead-weight "middle man" that your customers will eventually want to eliminate. Your company loses its reason for existing.
If your company builds airplanes, then you had better focus on being able to build airplanes, and not source out building airplanes to other companies - else what value does your company really offer?
It's a bone-headedly simple concept, and for some reason, it doesn't seem to be well taught in business colleges.
Why?
Not necessarily a problem at all. If the user chooses Ubuntu, then synaptec, ( or apt-get, aptitude, etc.) will install an application successfully with something that works, transparently.
Like Adobe's Flash?
I didn't think so.
"IP loss" does not exist. At least not loss of copyright, patent, or trademark rights. If somebody infringes your IP, you sue them. I don't really see what the problem is, unless all of your IP is kept as a trade secret such that third party disclosure completely fucks you. Copyright your software, patent what's patentable, and stop being so damn paranoid. Do you think some company could actually start up, using your software and patented methods, and steal your customers, and you won't NOTICE? Are you just completely oblivious to your own market sector or something?
Spoken like somebody who's never owned any significantly important, private information.
Information leaks can devestate a business, and I'm not just talking credit cards. Let's say that you have AIDS, and somehow, that very private information leaks. Let's say that you are a private school, and you are teaching Nicholas Cage's kids, but under assumed names. What if one of the kids has some kind of mental problem, or is a hermaphrodite? You think that keeping this information free from the prying eyes of the Papparazzi isn't a very, very high priority?
You can build a very nice, successful business simply by making discretion your focus point, adhering to industry & security best practices, and promoting the h*** out of it! If you combine that with a premium technical service, like *nix system administration or mainframe maintenance, you're pretty much free to fill the blank checks they'll give you.
But if you do, don't ever, ever, ever let your security be compromised! I've said this many times: "My basic plan is to get into positions of trust, and then never, ever, ever, violate that trust".
Basic advice: Make sure your CONTRACT specifies what they can and can't do.
If they break the contract, they (and anyone they did it on behalf of, including if they sell the info to some competitor later) are in for a world of legal hurt.
Actually, they'd be in for the hurt specified on the contract. No more, no less. Usually, it's a matter of asking yourself if the damages allowed by the contract are worth the bother of persuing, and in most cases, it's not worth the time. The contract is not really about damages, but about establishing expectations of behavior.
I've seen outsourcing go both ways, and I say this as an outsourced software provider! Sure, we're pretty careful inhouse, everybody with access to data has a background check, signs and NDA, etc. and we perform to security best practices. Our hosting is top-notch, and off-site/off-network redundant for Disaster Recovery situations, with automated, historic backups performed to a 3rd location nightly.
Combined with quality, white-box equipment, and we offer excellent performance and uptime.
However, I've seen the opposite end of the spectrum - vendors who got paid big bux to do little more than plug in hardware and not dicker with it. In one case, security was a bit lax, and the entire computer network (servers, backup tapes, EVERYTHING!) was simply stolen. Gone. All of it.
My suggestions:
1) Demand a simple, clearly written operations statement: what do they do, and when?
2) Demand the ability to perform audits at any time. They will likely balk at this, and it's reasonable, but in that case, either offer to reimburse their expenses consumed in the audit, or demand that they provide some way to review their activity to ensure it's getting done.
Just remember this: when the cat's away, the mice will play. There are some people whose integrity is better than this, but such people are rare, and unlikely to be working as a lowly tech weenie swapping backup tapes.
How can you trust that a user hasn't used a privilege escalation to install a rootkit already? You can't trust apt-get, or yum, or anything.
How do you know that the CD image doesn't contain hacked software?
How do you know that the compiler hasn't been hacked in with a hidden precompiled message?
How do you know that the website with the MD5 summaries isn't a Man-In-The-Middle?
At some point, you have to take a good look and decide that it's good enough. And the "compromise" position that you have to take with Linux is sooo much more secure than the Windows alternative. True, I don't know for *sure* that no local users have compromised the systems. But then, I never do, truthfully, anyway. But I do have some pretty strong assurances, and that's good enough for almost anyone.
Within a few days, patches will be released to all the OSS vendors. Admins will be inconvenienced by a reboot.
In my case:
# yum -y update && shutdown -r now;
*Yawn*
As a former 365 Main customer, I can say that our move to Herakles Data in Sacramento went smoothly, and what a difference! Great, reliable service, redundant EVERYTHING (unlike 365 Main which gave me A network feed and A power strip) with a bigger rack and more power, and at a BETTER PRICE.
Seriously, it's dramatically different, night and day in just about every way.
When 365 Main had their power woes a couple years back, it was all lawyer-speak about validating any kind of claim, because we *were* promised 99.99% uptime in the contract, but we'd have to sue to get it. They didn't even bother to respond to our legal letters and issued only cryptic, terse public notices.
When Herakles data had a core Cisco router go "half dead" a few months back, (blown enough to cause problems, but not cause backup routers to step in) causing a few hours of downtime, they sent detailed analysis of what happened, and then they SENT US THE FORMS if we wished to file a claim. It was even partially filled out! (we didn't file, just because of the trust and goodwill this fostered)
I was originally impressed with 365Main because it *is* technically a nice facility, but in terms of service quality and price, Herakles (1.5 hours drive away!) has them beat hands down.
Get a REAL data center!
From what I can see, size matters. The impact of a security breach on the business is inversely proportional to the size of the business. Small companies, big deal. Big companies, Eh - whataya gonna do?
It is inevitable that people will do the destructive things that we do because the properties needed to survive as a small tribe are different than the properties needed to survive as a global megaspecies. The fact that we've done as well as we have is quite commendable. But if you think about it, you'll realize that no species would be 'ideal' to be a megaspecies because none would have evolved AS a megaspecies.
All would have started out as a small number of organisms and grown from there.
But yes - the challenge isn't whether or not the sun burns us up, but whether or not we can face the challenges of our own doing.
Seriously - what is it about Twitter? It's a text message rebroadcast. (oh joy!) Why would we want to make up ridiculous services on Twitter?
Coming soon:
GCC compiler - twitter edition!
MS Word for Twitter!
Active Directory - Twitter edition!
How to publish ASCII porn through Twitter, LINE BY LINE!?!?!
Wikipedia was an interesting experiment - a broad-scale collaboration using a simple collaboration tool. Obviously it was a good idea. But in a few years, how many of these Twitter-isms are we going to remember as face-palms of buzzword idiocy? /Methinks society is due for a twitter-ectomy.
Article indicates the pacemaker doesn't have an IP address, and only connects via 402-405 MHz radio link.
As does the summary...
However, it's nearly inevitable that a later version of it and/or those of another pacemaker manufacturer will have its own IP.
Why? Because it'd be cool to do so?
Those with access to a large bot net could easily scan for pacemaker software and then target all or, more likely, a specific person(s) to remotely sabotage their pacemaker, possibly resulting in death...
Making a good reason NOT to do "the inevitable"... Adding something like an IP address to life-sensitive equipment isn't "inevitable" for the very reasons you claim. As a group, doctors aren't idiots, you know, nor are the programmers who write/create medical equipment.
Any medical technology is released very conservatively. How long has it been feasible to access information over IP? A decade? And yet, this is the first use of IP to transmit medical pacemaker MONITORING info. No amount of hacking, DDOS, or Pranknet stunts would result in this person dying since there's nothing in the system that would allow them to do so.
Just because you WANT an IP address (or something usable as such) in so many cases in no way makes it inevitable that every possible device will get one! I, for one, would specifically NOT want my pacemaker to have an IP address.
This even though I *would* like some kind of video display implanted into my brain as a "6th sense" so that I could hook up a backpack PC/browser thereto - notice that even in this case, I don't want any kind of direct access to my brain, but rather just a screen/kb equivalent that I can connect to a computer of my choosing...
Technically, the difference between the two is very easy to define, at least among software people:
# sed -e s/"socio"/"psycho"/g
Wha...?
In my household, convergence is complete and I'm not looking back...
I moved in February , and the first thing we did after getting power turned on was phones / Internet. 3 Mb DSL costs me 35 dollars/month, and is pretty much a necessity. I figured we'd get cable/satellite figured out... whenever.
It was only a day or so before we discovered online TV - mostly Hulu and Netflix, with some CastTV.com and a few websites. (PBS.org, for example)
While I was expecting that there'd be some freebie options online, I did not expect it to be actually a better experience than paid TV, yet, for me it is!
I don't ever catch 'the last half of a good show'. I see the show from beginning to end, any time, whenever I like.
I don't miss episodes of shows I'm watching. Typically the last month or so of episodes are available on demand @ Hulu. This is enough for me to catch things even when have a busy week or two.
I'm free to explore, without wait. I don't record something and wait a week before I find out it sucks, I find out in five minutes!
Quality is good (far better than NTSC, not quite full HD) and definitely watchable. I didnazt realize what a TV snob I% become untill I stayed at a hotel and couldn't just start the shows at the beginning when I found one I didn't like.
Convergence will happen. And it will happen when the Internet subsumes all 'TV' as you know it!
In any competetive environment, it's often to the advantage of a sitrong underdog to support open standards at the expense of a strong, closed competitor. Microsoft is all about compatibility in a field when they aren't top dog.
Russia is in a similar position - they are not a leader in Internet technology, unless you include their legendary mafia, where they excell. Why would they want to regulate when they stand to profit by bilking the wealthy Americans?
Perhaps even more than in America, the Russians have institutionalized corruption
- What do you normally do to make sure that your Linux system is clean? Is running apt-get upgrade regularly enough or is there more to it?
Remove any and all services that are accessible from the Internet. If you are using SSH, disable passwords altogether and use RSA keys, WITH PASSPHRASES, on a non-standard port.
- What articles or books would you recommend to a newbie in this area? I am fully willing to RTFM as such, but please at least give me at least some direction on what to search for.
Most books are weak, at best. They are either too specific to be useful (since they rarely cover your situation) or too general to be useful, unless you are looking at high-level theory.
Cover the basics:
1) Have you run ALL updates? Linux distros are pretty good.
2) Have you run a port scan from the wild internet? If you don't know what a service is, it shouldn't be visible.
3) Are you logged in as root? You only need to be root when setting up something.
4) Are you programming something? If so, unless you have a pretty good idea what you are doing, you should not make it open to the public.
- Any other general tips, advice or wisdom would you be willing to share?
1) Never run as root from anything but the command line, and then only sparingly.
2) Don't forget physical security. Most Linux systems can be pwn3d by just rebooting and writing a line or two at the grub prompt.
You hardly ever have time/resources to "do it properly" in a small business, unless what you're "doing right" is a core competency of the business. The trick is to convince the guy who signs the checks that it is business/mission critical (often non-trivial).
Sure you do! It's called OSX. Now, before you flame me into submission, understand that I'm writing this on my Fedora Core Linux laptop. I'm a command-line junkie extraordinaire, and don't feel comfortable until I have an xterm or three up on one or two virtual desktops while running dual-head.
But there's a very real, very useful, and very definite benefit to running on OSX - there really is not just nearly as much of a problem with viruses, worms, trojans, and other crapware. Really really for real and yes, it's for real.
Really.
You can argue about marketshare or Unix core or whatever, but it's true - Macs *are* more reliable and *do* have much less of a problem with viruses and such. Who cares why? And if you really must run something windows like, you can get Parallels/VMWare or boot camp. (I recommend the former unless you are a gamer) Even better, if you go the VM route, you can easily save your Windows VM image to an external disk every week or so, and if/when it gets infected, just recover from a backup and be up and running again in minutes instead of days!
I didn't appreciate OSX until I had to port our software over to it. It was painful at first, but in the process, I fell hard-core in love with OSX. Except for the dated Unix command line, it's everything that Fedora Core ever dreamed of.
As a developer, I can say that Google's product suite is unsettlingly dynamic. There's a new API every week or so, and no asssurance of futures. For example, I was all excited about using Google's JS extensions (with the ability to load/save data locally) but I've yet to see this working anywhere but Windows. Chrome is nice but Windows only, there's now (finally!) a Linux version, but it's so buggy that it often crashes X windows. And now they have their own O/S!? Two?! But which one should I use?
It's a mish-mash of poorly integrated pieces, and while they are doing some cool stuff, I need a bit more stability and completeness to do much with them. See, when I write software, the software becomes infrastructure for my clients. They use and depend on my software. I have hosting contracts for PHP apps I wrote 10 years ago, and the fact that the PHP guys have done so well at backwards compatibility means that I've transitioned from PHP 3 to 4 to 5 with so little porting that I didn't even charge the end users for the effort!
I can't spend weeks/months working on software with a platform that's 'cool' but won't be supported in a year or two!
BEGIN RANT
Our legal system is based on the concept of choice; when you commit a crime, you are assumed to be making a conscious choice, and the fact of your doing it proves the choice that you made, and thus your guilt. The laws themselves read this way: part of the definition of a crime in California is that you must INTENTIONALLY perform the illegal act, but this is almost meaningless since it's assumed that you mean to do what you do.
However, it's my belief that ultimately, there is no real choice. We are a product of our biology, genetics, epi-genetics, and experiences.We make choices based on the combination of these factors, and if it were, in fact, possible to account for all the minute variables in these factors, our decisions could be predicted in virtually every case.
The more science news I read, the more firm this conclusion, and this is no exception. And the logic is real simple: if genetics didn't make us who we are, then dogs could talk and trade stocks. But they can't, because they are dogs, and they are dogs because of their genetics, epi-genetics, and biology. Their behavior as such a dog is modified by their experiences. (dogs that are beaten as puppies behave quite differently than those that are loved, even if neither trade stocks)
So, at what point do we decide that the "temporary insanity" defense breaks down completely? If I speed because of my sum biology + experience, then can't it be argued that I really don't have a choice in speeding? (and yes, I do tend towards "lead foot", if you know what I mean) It's not anytime soon, but it's there, and if current trends continue, that point *will* be reached.
When/if the singularity happens, and our personnae can be loaded as a self-morphing program into a computer, can't it be clearly demonstrated that the program does exactly what its structure dictates? Are we going to find MS Word guilty of having Clippy pop up in annoying ways, or do we just accept that it's the way it's constructed and thus has no real choice in the matter?
We pretend that people have a choice, even as we accept that paedophiles will always be paedophiles, rapists will always be rapists, criminals will always have criminal tendencies, and that there is no true cure for any of these. Isn't that an admission that there is no choice, even if our very legal foundation is predicated upon its existence?
END RANT.
As they have explained it to me, anything you give to Google can be subpoenaed. Google is currently one of the most-frequently-served companies in the world, and Google gives full and enthusiastic cooperation with lawfully issued subpoenas.
The challenge is simple, and sweet:
1) Identify any law firm or privileged entity that uses Google docs.
2) Sue them, or perform some court action that would justify a subpoena.
3) Use the subpoena to retrieve all (or a significant number of) privileged docs from the priv entity.
It's a simple social engineering attack that might require the help of a cooperative law firm and some digging. Anybody listening?
Advertising is an (often feeble, granted) attempt at mind control, and therefore offensive by definition.
Hate to break it to ye, but advertising serves an extremely vital function of modern society.
When somebody creates a good or service, they need to somehow communicate the availability of this good or service to the prospective public, or the good/service provider and the consumers are both denied the chance to improve their life, which is the definition of what a sale is: two parties agreeing that they are better off trading goods and services for money than not - so they trade.
In *every* transaction, both transactions are under the impression that they have the "upper hand" - both sides stand to gain more by giving up their end of the bargain than keeping it.
Advertising shows two things:
1) The availability of the good or service itself, and
2) By spending lots of money on advertising, the validity of the company in question is verified to the end user.
Think about it: you wouldn't bank at a bank that advertised by spray-painting a bare 4x8 sheet of plywood. A professional, well-designed advertisement shows you, the prospective consumer, that the vendor has the resources it takes to earn your business, and are thus more likely to be able to handle your business.
Sucks, sometimes, and there are certainly abuses of this system. But, and the end of the day, advertising is a begrudged necessity. Sorry you find it offensive.
In fact, most companies interested in re-branding would be better served by going back to their roots and seeing what made them successful in the first place, not throwing it all away and trying to start from zero. (See aforementioned AT&T - how many telegraphs will you use today?)
But that's definitely *not* what Radio Shack would need to do. People just don't have a need so much for 5% 150k Ohm 1 watt resisters any more. And to underscore my point, Slashdot consists of a tech-centric crowd; how many people here know the resistor coloring codes to even know if they were looking at a 150k Ohm 1 watt resister with a 5% tolerance?
I know I couldn't.
So breadboards and circuit components (where Radio Shack got its name) simply doesn't apply except for the rarest cases. It's such a small niche that it's best (and probably ONLY) served anymore by the applicable niche web sites.
No, Radio Shack *needs* to re-invent themselves. Right now their name is pretty much synonymous with being a small, Circuit City - like place with high prices and low quality gear that sorta carries stuff you can't find elsewhere, like Cat5 network connectors. And we know what happened to Circuit City.
It has a better range, a quicker full charge, a potential 5 minute battery swap, and the "S" is for SEXY.
Yeah, but when you see "E-Vehicle", are you thinking "Electric" or "Expensive"? Sorry, but I could buy a nice private plane for what a Tesla costs...
I'm not running Ext4, I'm running Ext3, having switched over the last of the Ext2 FSs to Ext3. Now, I've got to deal with not only EXT4, but BTRFS? What kind of changes does it bring that I would/should give a !@# about?
Ext2 worked well. EXT3 was basically EXT2 but with journalling. What does BTRFS give me over EXT4, or for that matter, EXT3?
Sorry, just having trouble giving a damn....
I wonder if there are limits on the sizes of the passengers?
The FAA has determined that the "average" passenger weighs 170 lbs for the purposes of advertising how many "passengers" a plane can carry. Thus, a Cessna 172, with 4 seats, but with a fully fueled capacity of about 650 pounds. is a "3 passenger plane" when fully fueled. You can, of course, decide not to fill your tanks all the way, or you fly overloaded.
I agree with another poster, however... 1.5 million dollars is hardly worth getting out of bed for when talking aircraft. I'm going to guess, however, that if it actually IS done, that it will be some variation of a Rutan Long-EZ, since they are widely known/touted as "the plane" for high-efficiency experimental-class aircraft. That, and they look vaguely like the off-spring of the Starship Enterprise and an X-Wing fighter.
"Space, is big. Really big. You just won't believe how vastly hugely mindboggingly big it is. I mean you may think it's a long way down the road to the chemist, but that's just peanuts to space.
-Hitch-hiker's Guide to the Galaxy