I'm sure this "burnout" isn't confined to journalism. Virtually everybody I know who is shackled to a deskjob with an email account faces the same problem.
I tried to tell them that shackles and handcuffs have a direct correlation to carpel tunnel in our office, but some smart ass at the board meeting made note that correlation does not equal causation, making the argument that perhaps people prone to carpel tunnel are the ones who line up for jobs that require shackling. I was, however able to convince them to take off the shackles by demonstrating an electric shock collar regularly used to keep dogs in the owners yard can be just as effective.
if someone deserves fortune because they worked hard, doesn't that suggest that the lazy and ignorant deserve misfortune?
I suppose thats your implication. If someone deserves fortune because they work hard - that does not mean that someone who doesn't work hard doesn't also deserve fortune. Hate to be pedantic, but something being true does not mean the opposite is true. (Being good with my right hand does not mean being bad with my left, as there are people who are ambidextrous)
I'm here in Canada - and I've tested the waters on controversial legal issues with computers - and I've considered going into the definately illegal waters just to see what would happen with the law.
There was a case a long while back where a high schooler in Montreal or somewhere in the East Coast of the United States (I heard the story second hand from someone so I'm sketchy on the details) where he basically set up a botnet, and then to test it out he had it perform a DOS attack while he was at school, I think he ended up taking down CNN.com or Yahoo for a bit or something.
Anyways, they hauled him off to juvee or some low security prison for a few years, and when he got out he was hired almost immediately for a security specialist job. (I believe at one of the websites he took down)
I'd try it myself but I'm too old to go to Juvee...
"Fortunately, our spam traps were receiving these messages early, providing our engineers with advanced warning, which allowed us to write manual filters and escalate to our anti-virus partners quickly"
So - basically, it was being filtered to junk or spam, as most javascript enriched emails do.
"we are fighting JS attacks" is normal and common when you deal with a web service. All email clients (from Yahoo, to Hotmail to Gmail and byond) disable javascript by default. Only if you are misconfigured would you be at risk. But Google basicly now can filter out those emails based on their underlying code - so that if you WANT to run Javascript in your email, you won't be hit by this attack.
Why can't you enforce strong passwords AND rotate them? I don't see why they are exclusive. (A password written down on a post-it isn't much of a security threat if you don't know the username. Albeit, not hard to figure out, but it will deter most people)
We don't think of rotating passwords as a solution to the problem - we think of it as a countermeasure that will buy us time when issues arise. We could be complete hard asses about sharing passwords, no doubt. However, we're going through some growing pains right now and we don't have the staff to deal with all the smaller issues that come up. What are we going to do to reprimand password sharing? Reduce their share folder size? As IT we just police, but its up to the individual managers to dole out the sentences for bad behavior and some managers honestly don't care.
We haven't been able to combat the password writing down with OR without rotation - people still print them off, or write them on stickies, post them to the wall, and all that. We have not been able to combat that problem in any sense, so why not rotate it around?
A redirect from My Documents to a network drive would cause some unnecessary strain on the backbone of our network - we don't want them sharing EVERY possible file, and we don't want to have to upload to our server everytime they press CTRL+S.
Rotating the passwords gives us the time we need that when attacks come up - we can address them properly. It doesn't stop them from happening, but it makes dealing with them easier. And we simply haven't found a solution that stops the problem from occuring.
Their account is what we call "Disabled" - Password changed, we don't let that account login, but we keep the email inbox accessible so that we can forward any new incoming mail from clients and easily sort through them if need be, that sort of thing.
The problem is never with the person's account who got terminated, its a shared password issue.
You know that'll cause a lot of un-needed traffic, right? We don't want all our computers all having shared drives communicating with each other so they pop up on everyone's computer anytime they log in.
I've found that chopping off certain parts of my full name are easy to remember as well, though I suppose those might be easier to guess than a simple non-dictionary word.
James Tiberius Kirk would be something like ameski or jamtibirk
and like you said - its very easy to simply add or replace the more complex symbols.
People who argue that changing passwords frequently* is a waste of time has not had to deal with the security issue of people sharing their passwords on a regular basis. On the odd occaison, the Receptionists will share passwords so they can log in on each other's computers and access each others files. As an IT team we've done our best to abstract that concept by allowing anyone to log onto any computer in the network so long as they have an account, and mapping network drives automatically based on your permissions, but suffice to say some people just don't understand that. Someone will still only save to "My Documents" or C: drive, because thats what they do at home. Anyways, if someone gets terminated, and they remember the passwords, they pose a security risk. We had this issue come up last summer where a manager knew a few people's passwords, and after being fired, was using the webmail client to snoop on emails.
I haven't been working in this side of IT for more than 2 years and I can already see the benefit of ever-changing passwords.
*I suppose that depends how frequently you are talking
I have a feeling a lot of this whole "outpacing" business is that hardcovers are simply more expensive, and some people are not willing to shell out when a softcover is available.
Publishers have started to make less softcover books and more hardcover so that when you want the latest book in a series, all that ends up available at bookstores is the hardcovers, all the softcovers sell out too quickly. They make that much more in mark up.
So - if an eBook (not the reader itself) is more affordable than a hardcover, I wouldn't be surprised if they started outselling.
If your company requires mobile access to email, then should the company not be providing them with the hardware to perform this task?
Ideally, yes - but when you work for a small to medium sized company that's too cheap to shell out - you get this "Oh, you can just use YOUR phone" mentality from upper management. That way they save money, the sales team only needs 1 phone on them at all times, and they get to snoop through emails whenever things go sour. Everyone is happy but the IT team who feels dirty for having to be involved.
It also won't serve you content if you don't have internet access - something a CD would - but thats all apples and oranges anyways. It's still DRM, just some people like different kinds of DRM.
Slashdot Mirror
I'm sure this "burnout" isn't confined to journalism. Virtually everybody I know who is shackled to a deskjob with an email account faces the same problem.
I tried to tell them that shackles and handcuffs have a direct correlation to carpel tunnel in our office, but some smart ass at the board meeting made note that correlation does not equal causation, making the argument that perhaps people prone to carpel tunnel are the ones who line up for jobs that require shackling.
I was, however able to convince them to take off the shackles by demonstrating an electric shock collar regularly used to keep dogs in the owners yard can be just as effective.
if someone deserves fortune because they worked hard, doesn't that suggest that the lazy and ignorant deserve misfortune?
I suppose thats your implication. If someone deserves fortune because they work hard - that does not mean that someone who doesn't work hard doesn't also deserve fortune. Hate to be pedantic, but something being true does not mean the opposite is true. (Being good with my right hand does not mean being bad with my left, as there are people who are ambidextrous)
Well, Tron Legacy is coming out soon, that might make it cool again.
I'm here in Canada - and I've tested the waters on controversial legal issues with computers - and I've considered going into the definately illegal waters just to see what would happen with the law.
There was a case a long while back where a high schooler in Montreal or somewhere in the East Coast of the United States (I heard the story second hand from someone so I'm sketchy on the details) where he basically set up a botnet, and then to test it out he had it perform a DOS attack while he was at school, I think he ended up taking down CNN.com or Yahoo for a bit or something.
Anyways, they hauled him off to juvee or some low security prison for a few years, and when he got out he was hired almost immediately for a security specialist job. (I believe at one of the websites he took down)
I'd try it myself but I'm too old to go to Juvee...
It IS nice being able to check your work email from anywhere in the world though.
"Fortunately, our spam traps were receiving these messages early, providing our engineers with advanced warning, which allowed us to write manual filters and escalate to our anti-virus partners quickly"
So - basically, it was being filtered to junk or spam, as most javascript enriched emails do.
"we are fighting JS attacks" is normal and common when you deal with a web service. All email clients (from Yahoo, to Hotmail to Gmail and byond) disable javascript by default. Only if you are misconfigured would you be at risk. But Google basicly now can filter out those emails based on their underlying code - so that if you WANT to run Javascript in your email, you won't be hit by this attack.
You have to open an email to access the javascript.
And if I do not necessarily want Javascript to run on a page I explicitly go to? What are my options? Disable Javascript of course!
Luckily for most people - Javascript is defaultly* disabled in most email clients, so the only reason this would be a threat is if its misconfigured.
*I think I just made that word up. I love english, you can form new words and people will still understand your message.
1) We do that already. This is not the issue at all.
2) Then they won't know how to keep their documents seperated from each other.
Probably the same people who thought it would be a good idea to allow javascript to run in a browser.
Heyoooooo
Why can't you enforce strong passwords AND rotate them? I don't see why they are exclusive. (A password written down on a post-it isn't much of a security threat if you don't know the username. Albeit, not hard to figure out, but it will deter most people)
This story is aimed at people who already use NoScript, so thats why they don't feel bad about layering them in there.
Your friend isn't going to send you javascript
You clearly don't hang out with my group of friends.
We don't think of rotating passwords as a solution to the problem - we think of it as a countermeasure that will buy us time when issues arise. We could be complete hard asses about sharing passwords, no doubt. However, we're going through some growing pains right now and we don't have the staff to deal with all the smaller issues that come up. What are we going to do to reprimand password sharing? Reduce their share folder size? As IT we just police, but its up to the individual managers to dole out the sentences for bad behavior and some managers honestly don't care.
We haven't been able to combat the password writing down with OR without rotation - people still print them off, or write them on stickies, post them to the wall, and all that. We have not been able to combat that problem in any sense, so why not rotate it around?
A redirect from My Documents to a network drive would cause some unnecessary strain on the backbone of our network - we don't want them sharing EVERY possible file, and we don't want to have to upload to our server everytime they press CTRL+S.
Rotating the passwords gives us the time we need that when attacks come up - we can address them properly. It doesn't stop them from happening, but it makes dealing with them easier. And we simply haven't found a solution that stops the problem from occuring.
Their account is what we call "Disabled" - Password changed, we don't let that account login, but we keep the email inbox accessible so that we can forward any new incoming mail from clients and easily sort through them if need be, that sort of thing.
The problem is never with the person's account who got terminated, its a shared password issue.
You know that'll cause a lot of un-needed traffic, right? We don't want all our computers all having shared drives communicating with each other so they pop up on everyone's computer anytime they log in.
I've found that chopping off certain parts of my full name are easy to remember as well, though I suppose those might be easier to guess than a simple non-dictionary word.
James Tiberius Kirk would be something like ameski or jamtibirk
and like you said - its very easy to simply add or replace the more complex symbols.
People who argue that changing passwords frequently* is a waste of time has not had to deal with the security issue of people sharing their passwords on a regular basis. On the odd occaison, the Receptionists will share passwords so they can log in on each other's computers and access each others files. As an IT team we've done our best to abstract that concept by allowing anyone to log onto any computer in the network so long as they have an account, and mapping network drives automatically based on your permissions, but suffice to say some people just don't understand that. Someone will still only save to "My Documents" or C: drive, because thats what they do at home. Anyways, if someone gets terminated, and they remember the passwords, they pose a security risk. We had this issue come up last summer where a manager knew a few people's passwords, and after being fired, was using the webmail client to snoop on emails.
I haven't been working in this side of IT for more than 2 years and I can already see the benefit of ever-changing passwords.
*I suppose that depends how frequently you are talking
How much does the average eBooks cost for you?
I have a feeling a lot of this whole "outpacing" business is that hardcovers are simply more expensive, and some people are not willing to shell out when a softcover is available.
Publishers have started to make less softcover books and more hardcover so that when you want the latest book in a series, all that ends up available at bookstores is the hardcovers, all the softcovers sell out too quickly. They make that much more in mark up.
So - if an eBook (not the reader itself) is more affordable than a hardcover, I wouldn't be surprised if they started outselling.
It's also statistically shown that more people read paper books faster than ebooks.
If your company requires mobile access to email, then should the company not be providing them with the hardware to perform this task?
Ideally, yes - but when you work for a small to medium sized company that's too cheap to shell out - you get this "Oh, you can just use YOUR phone" mentality from upper management. That way they save money, the sales team only needs 1 phone on them at all times, and they get to snoop through emails whenever things go sour. Everyone is happy but the IT team who feels dirty for having to be involved.
not reading the posts you are responding too is just too far.
Psh, I don't even read the posts I quote. Were you talking about puppies or something up there?
It also won't serve you content if you don't have internet access - something a CD would - but thats all apples and oranges anyways. It's still DRM, just some people like different kinds of DRM.
Well L4D was a co-op blast fest. Except in that game it was zombies and not aliens.
You know, the same thing could have happened in Canada, or Europe, or South America, Or Australia, or... anywhere really.
Perhaps you are confused by thinking the US is somehow completely different from the rest of the world in that regard.
How is a Black Eye not visible? That was my point exactly.