I almost don't want to know. "Kickback" corruption spending is practiced by basically everyone in congress. Whenever an important bill comes up, everybody says they will vote against it unless there is language included to fund some boondoggle project from their major campaign contributors back home. So they all compromise and agree to add these little corruption amendments, then vote yes. They don't care about the main topic of the bill or their constituents. They just want their kickbacks.
If we have accountability, we will have a clear picture of a system which is rotten to the core. What help would it be to find a 100% corruption rate?
No responsible business (or government!) would use Google Apps. Would you want all your most important company data, as well as all of your customer's information, in the hands (and datacenter) of a search company?
I used to be a grammar nazi. Then I dated someone who spoke English as her second language (after French). Such an experience will thoroughly train you to suppress your nazi tendencies. Trust me.
You are both right. Skepticism is key to science (see: peer review, falsifiability requirements). So is the process you mentioned. Without both, science is worthless.
No Citrix XenServer? That is the most sophisticated of the free virtualization products. They should include it in the comparison. Especially since VMware ESXi doesn't work with, well, lots and lots of hardware.
This will be awful for technical books, because Google's search algorithm ignores special characters, like the dollar sign, and Google has no intention of fixing this.
I buy books from living authors I like, because I want them to keep writing. Dead authors? I use the library. I don't give a crap about supporting their whiny children's estate.
Secondly, it would be trivial for an attacker to put in compromised drivers in the system that reads out all the secure info and forwards it to his website where he can duplicate all the secure keys and such.
First of all, smartcard reader drivers exist for linux. The aren't complex devices.
Second, you have no idea how smartcards work. The private key never leaves the chip.
It is time for online financial institutions (brokerages and banks) to require real 2-factor authentication to log in to their sites. When I sign up for a bank account, I want them to mail me an ATM card with an embedded smartcard chip, along with a cheap USB smartcard reader. Alternatively, send a one-time-passphrase device like SecurID.
This may be a little expensive up front, but it would cut down on enough fraud that it might pay for itself.
And yet I spend lots of time cleaning up after developers who think they understand security; they even list their security skills on their resumes. They just keep getting it wrong.
If you want to produce secure web apps, you need to hire a security specialist to audit the application, and (ideally) assist with the design phase as well. Application security is an incredibly subtle thing in many ways. A developer who read a book on security will get security wrong. It's a topic that simply requires a specialist.
Perhaps because IDS is almost worthless? The days of single-packet exploits seem to be nearly at an end. The only really worthwhile detection method we are seeing today is digging through network and application logs, checking them against blacklist, grep -v'ing away known-good stuff, and looking for unusual stuff. This means a really, intelligent human is required, not a bunch of Snort signatures looking for packet attacks which haven't been used since 1997.
Of the $355 million, $36 million will be spent on improving sensor and surveillance systems that will protect the nation against potential biological attacks. Another $36 million will be spent on the development and installation of new long-range sensor systems that will be used by the U.S. Coast Guard.
That's not "cyber"security at all! Cybersecurity would be pushing for signed DNS architecture, IPv6, and a DDoS mitigation infrastructure. Sonar and radar systems are physical security, not cyber security.
Actually "busy" is a good excuse for a windows admin to be unaware of features added to linux in the past year. It's a damn good excuse.
I'm not sure if you actually work in IT; if you did, you would know it is physically impossible to keep up with every feature in every OS all the time. There's just a whole hell of a lot of software out there today--more than any one person could keep track of.
It's enough for you because you are a level zero geek. Those above you in the hierarchy of geekdom have many gadgets, and don't want to have to haul around multiple, incompatible chargers. They also want all their devices networked and using the full capabilities of technologies like bluetooth. To us, a music device which lacks stereo wireless audio is an absurdity.
If you have simple needs, and a simple device like an iPhone meets them, then more power to you. But don't assume those more savvy than yourself have only your simple needs.
The iPhone is inferior in lots of ways. It has NO stereo bluetooth support! It also lacks bluetooth IP networking for tethering to your laptop, and it doesn't use the standard USB mini-B cable.
The iPhone needs a lot of improvement before I would consider it.
Your observation about slashdot is true. But it is also true that this guy's comment was an example of the broken window fallacy. It's a textbook example, actually.
Bathrooms are not particularly germy places, actually. Doctors advise people to wash their hands in the bathroom because washing frequently is good for health, and that's when you are near a sink. Bathrooms are actually cleaned more frequently than door handles you touch all the time.
Slashdot Mirror
A motivated attacker can get into any private IT system. If all the world's data is in one place, there will be a heaping load of motivation.
If all the government's data is in Google's datacenter, it will be made available... to someone...
I almost don't want to know. "Kickback" corruption spending is practiced by basically everyone in congress. Whenever an important bill comes up, everybody says they will vote against it unless there is language included to fund some boondoggle project from their major campaign contributors back home. So they all compromise and agree to add these little corruption amendments, then vote yes. They don't care about the main topic of the bill or their constituents. They just want their kickbacks.
If we have accountability, we will have a clear picture of a system which is rotten to the core. What help would it be to find a 100% corruption rate?
No responsible business (or government!) would use Google Apps. Would you want all your most important company data, as well as all of your customer's information, in the hands (and datacenter) of a search company?
Not anymore. I bought a game in a big box retailer, only to find that it would not install without being activated on Steam.
To top it off, Steam's activation server was down all evening.
So Steam's DRM will keep you even from playing games you purchase in stores on disc.
I used to be a grammar nazi. Then I dated someone who spoke English as her second language (after French). Such an experience will thoroughly train you to suppress your nazi tendencies. Trust me.
You are both right. Skepticism is key to science (see: peer review, falsifiability requirements). So is the process you mentioned. Without both, science is worthless.
No Citrix XenServer? That is the most sophisticated of the free virtualization products. They should include it in the comparison. Especially since VMware ESXi doesn't work with, well, lots and lots of hardware.
This will be awful for technical books, because Google's search algorithm ignores special characters, like the dollar sign, and Google has no intention of fixing this.
I buy books from living authors I like, because I want them to keep writing. Dead authors? I use the library. I don't give a crap about supporting their whiny children's estate.
I think it is biased against oil lamps. People "did things in the evening" long before electric lights. And they didn't have to crank anything.
First of all, smartcard reader drivers exist for linux. The aren't complex devices.
Second, you have no idea how smartcards work. The private key never leaves the chip.
It is time for online financial institutions (brokerages and banks) to require real 2-factor authentication to log in to their sites. When I sign up for a bank account, I want them to mail me an ATM card with an embedded smartcard chip, along with a cheap USB smartcard reader. Alternatively, send a one-time-passphrase device like SecurID.
This may be a little expensive up front, but it would cut down on enough fraud that it might pay for itself.
No, I have a job. And forensics to clean up after the hack bills at a much higher rate than the preventative measures do, actually.
And yet I spend lots of time cleaning up after developers who think they understand security; they even list their security skills on their resumes. They just keep getting it wrong.
If you want to produce secure web apps, you need to hire a security specialist to audit the application, and (ideally) assist with the design phase as well. Application security is an incredibly subtle thing in many ways. A developer who read a book on security will get security wrong. It's a topic that simply requires a specialist.
Perhaps because IDS is almost worthless? The days of single-packet exploits seem to be nearly at an end. The only really worthwhile detection method we are seeing today is digging through network and application logs, checking them against blacklist, grep -v'ing away known-good stuff, and looking for unusual stuff. This means a really, intelligent human is required, not a bunch of Snort signatures looking for packet attacks which haven't been used since 1997.
That's not "cyber"security at all! Cybersecurity would be pushing for signed DNS architecture, IPv6, and a DDoS mitigation infrastructure. Sonar and radar systems are physical security, not cyber security.
Actually "busy" is a good excuse for a windows admin to be unaware of features added to linux in the past year. It's a damn good excuse.
I'm not sure if you actually work in IT; if you did, you would know it is physically impossible to keep up with every feature in every OS all the time. There's just a whole hell of a lot of software out there today--more than any one person could keep track of.
The certificate services are improved if you run a PKI. The feature is now called "Active Directory Certificate Services".
You confusing "gimmicks" and useful, practical features. All the examples I give are useful and practical, Mr. Coward.
Better a child than a Coward.
It's enough for you because you are a level zero geek. Those above you in the hierarchy of geekdom have many gadgets, and don't want to have to haul around multiple, incompatible chargers. They also want all their devices networked and using the full capabilities of technologies like bluetooth. To us, a music device which lacks stereo wireless audio is an absurdity.
If you have simple needs, and a simple device like an iPhone meets them, then more power to you. But don't assume those more savvy than yourself have only your simple needs.
The iPhone is inferior in lots of ways. It has NO stereo bluetooth support! It also lacks bluetooth IP networking for tethering to your laptop, and it doesn't use the standard USB mini-B cable.
The iPhone needs a lot of improvement before I would consider it.
Your observation about slashdot is true. But it is also true that this guy's comment was an example of the broken window fallacy. It's a textbook example, actually.
Bathrooms are not particularly germy places, actually. Doctors advise people to wash their hands in the bathroom because washing frequently is good for health, and that's when you are near a sink. Bathrooms are actually cleaned more frequently than door handles you touch all the time.