If you want to protect endpoints, you disabled USB and other external ports. There is no reason to have them enabled, as they just present an attack vector, so really the school allowed the attack and they should use it as a learning moment.
Explain the job you're leaving does crap work and your standards are higher, so you have to leave for moral and ethical reasons. Then ask if you can show Open Source code that you maintain on your own.
You always have your IT guys make one account on all servers, that can't be disabled, that reports it's alive every week (or day) and whose access certs are stored out of reach of the IT group. This way when you're going to fire the IT guys, you can always get in, change passwords, lock them out and protect yourself.
All of the servers I manage have this setup, where the owner of the server has a protected Cert kept off site, in their control and if they ever need access to the infrastructure, they can use it to login, sudo up and kick me out. No one has ever had to use it, but it is there just in case.
Why not assure the software is secure and bullet proof to start with? If Russia finds a bug or opening to exploit the US, it only shows the US didn't do it's job in reviewing and securing the software / infrastructure.
I use to work for a company, about a year ago, where no one had even the most basic concept of data security. During my time there I implemented MFA on all Servers, programmed in Data Encryption, Data Validation, Client Verification, DB Security and other such improvements. Well, I was showing the three other existing employees how the software worked and how the new infrastructure worked, they didn't like that it was now "hard" to log into the servers and that they would now have to use password and keys to access Data. They told me to revert to how it was before, as they knew better then I did, so I quit. They reverted all my changes and claim it's now more secure and better!
The software product they're developing, without a developer (they still don't have one), is an iSCSI based Desktop Protection System, but it's so riddled with holes and such a massive lack of security that they're committing fraud by selling what they have as a security solution.
Best:
The best security I've ever seen and been involved with developing had multilayer client authentication, certificate binding, transaction queue verification. It had a routine that went through the software and tweaked it's ports and accesses. Every piece of data was run through an AES-192-GCM based function that signed all the transactions and messages. The infrastructure this software was running on was just as impressive, ever server had at least 3FA+ turned on for logging in, active port based monitoring, which used MongoDB Clusters to validate logins, clients and pretty much everything you could imagine.
I use to work for a company, about a year ago, where no one had even the most basic concept of data security. During my time there I implemented MFA on all Servers, programmed in Data Encryption, Data Validation, Client Verification, DB Security and other such improvements. Well, I was showing the three other existing employees how the software worked and how the new infrastructure worked, they didn't like that it was now "hard" to log into the servers and that they would now have to use password and keys to access Data. They told me to revert to how it was before, as they knew better then I did, so I quit. The software product they're developing, without a developer (they still don't have one), is an iSCSI based Desktop Protection System, but it's so riddled with holes and such a massive lack of security that they're committing fraud by selling what they have as a security solution.
If you're dumb enough to browse questionable content openly and without the use a VPN or TOR Proxy, then it's really just punishment for not thinking before you act.
If your hot water is working in the Kitchener but not in the Bathroom, as far as coding is concerned, then you have an architecture problem or you're missed something that should be clear if the code was designed properly in the first place, as to notice the lack of a component feature. Assuming that hot water is important, you'd have some type of consumable service or interface that checks for the existence and functionality of the hot water system which can scope module to module and module to system.
If you design the code to the best ability possible and a change has to be made downstream later to accommodate scope creep or scope change, it shouldn't be a problem, providing the right steps were taken in the beginning to assure quality in the product throughout.
Whats wrong with Agile, is most of the people who use it, don't understand it.
Most people who program don't understand pointers, as evidence they're taken out, or not included, in most modern programming languages, but this doesn't mean there is something wrong with pointers, it just means programmers are idiots and don't understand them, so would you hold that over the concept?
Using something wrong or incorrectly doesn't mean there is something wrong, it just means people need to learn about the concept they want to use properly. My company uses Agile and we have no problem with it because before we started, we put together a 150+ page document outlining every single component, how it functions, how it has to behave, how it has to fail and everything you would need to know. Once you understand what you're trying to do, it's easy to draw up a functional project plan in something like Kanban or Scrum.
The people you're referring to who seem to never understand or use Agile correctly, don't demonstrate a problem with Agile, they simply show how little they understand Agile and in many ways development/programming in general.
Agile is all about documentation and consideration before work gets started. People generally misunderstand Agile development, because they think it's all about getting work done fast and sloppy when it's about understanding everything about the work and not wasting time on implementation, thanks to the documentation.
Before a single line of code hits the IDE, you plan out what you're trying to solve, the problems you have to deal with, and how the logic will have to act. Coding happens after the "hard" work has been done, once you have a good idea of what has to be done and how to do it.
If anyone thinks that a true software engineer just sits down, starts slamming on some keys and then says "Oh well, I wrote code, let's see how the throttle handles it", then they don't understand software development or software engineering.
History is the field of learning about stuff that happened in the past, because you're not smart enough to progress humanity into the future. Journalism is about misrepresenting facts to fit someones view point, for instance look at the Huffington Post, one of the biggest Misandristic publications on the planet, or look at the Globe and Mail, so liberalized that it can't even tell which way is up.
I'll stop dumping on the liberal arts when the collective groups of study which make it up, stop being a representation of the people that are the least likely to help humanity.
STEM isn't about learning a single programming language or a single methodology, it's about getting the base and then expanding it. If you're a Computer Engineer or Embedded System Engineer, which I have a degree in both, and you don't know JavaScript, C, C#, MySQL, Maria, MongoDB, Ruby, PHP and a number of other programming languages then you're out of shape and will have a very hard time getting a job.
It's not what you learned 20 years ago that you base your career path on, it's about what you do with what you learned that will make your career path. If two people apply for a useful job, such as an Engineering Job, and one has a degree in Embedded Engineering and the other has an SJW degree in Gender Studies, who do you think is going to get the job and who do you think is going to end up on government assistance? Liberal Degrees are toilet paper, they're all about feel-good concepts, hugs, and crying, instead of real-world application and progression.
Increase the tuition costs of the Liberal Studies by several orders of magnitude and slash the cost of STEM tuition by orders of magnitude. Keep the grades and standards the same and in 5 years, see how many crybaby SJW Gender Studies Majors you see vs Computer Engineers.
Out of the four computers I use on a regular basis, three of them are on Ubuntu 17.04 Desktop and the other runs BlackArch, it's not the year of the Linux Desktop, Linux is the Desktop OS for everyone.
The reason they were able to get the good was the direct result of a bug in the website, and they were not responsible for the creation of the bug or what the bug could exploit, therefore, leaving the couple completely in the clear. The couple could easily explain that they figured the bug was a feature and because they had no hand in the original design of the website / infrastructure, they had no way to know or question its operation.
Of course and I use secure password management. There is no need for me to actively remember the passwords I use, as they get rotated out often and are different for every single service I use.
64 characters, symbols, letters, numbers, capitals and lower case. Change them at least once a month, never use the same password twice and use random generation as much as possible. If you can, you don't just use a password, use at least 2FA, if not MFA (I have servers with 4FA+ on them.
They should have to reach out for customer support first before allowing a blind refund. Customers are stupid and don't read directions, which shouldn't be the fault of the seller, it should be the fault of the customer. This is a major negative score.
Slashdot Mirror
If you want to protect endpoints, you disabled USB and other external ports. There is no reason to have them enabled, as they just present an attack vector, so really the school allowed the attack and they should use it as a learning moment.
Explain the job you're leaving does crap work and your standards are higher, so you have to leave for moral and ethical reasons. Then ask if you can show Open Source code that you maintain on your own.
You always have your IT guys make one account on all servers, that can't be disabled, that reports it's alive every week (or day) and whose access certs are stored out of reach of the IT group. This way when you're going to fire the IT guys, you can always get in, change passwords, lock them out and protect yourself.
All of the servers I manage have this setup, where the owner of the server has a protected Cert kept off site, in their control and if they ever need access to the infrastructure, they can use it to login, sudo up and kick me out. No one has ever had to use it, but it is there just in case.
Before you fire the guys in IT, change the passwords yourself and protect the network.
Why not assure the software is secure and bullet proof to start with? If Russia finds a bug or opening to exploit the US, it only shows the US didn't do it's job in reviewing and securing the software / infrastructure.
HA! I wish, but in reality no.
Worst:
I use to work for a company, about a year ago, where no one had even the most basic concept of data security. During my time there I implemented MFA on all Servers, programmed in Data Encryption, Data Validation, Client Verification, DB Security and other such improvements. Well, I was showing the three other existing employees how the software worked and how the new infrastructure worked, they didn't like that it was now "hard" to log into the servers and that they would now have to use password and keys to access Data. They told me to revert to how it was before, as they knew better then I did, so I quit. They reverted all my changes and claim it's now more secure and better!
The software product they're developing, without a developer (they still don't have one), is an iSCSI based Desktop Protection System, but it's so riddled with holes and such a massive lack of security that they're committing fraud by selling what they have as a security solution.
Best:
The best security I've ever seen and been involved with developing had multilayer client authentication, certificate binding, transaction queue verification. It had a routine that went through the software and tweaked it's ports and accesses. Every piece of data was run through an AES-192-GCM based function that signed all the transactions and messages. The infrastructure this software was running on was just as impressive, ever server had at least 3FA+ turned on for logging in, active port based monitoring, which used MongoDB Clusters to validate logins, clients and pretty much everything you could imagine.
Worst:
I use to work for a company, about a year ago, where no one had even the most basic concept of data security. During my time there I implemented MFA on all Servers, programmed in Data Encryption, Data Validation, Client Verification, DB Security and other such improvements. Well, I was showing the three other existing employees how the software worked and how the new infrastructure worked, they didn't like that it was now "hard" to log into the servers and that they would now have to use password and keys to access Data. They told me to revert to how it was before, as they knew better then I did, so I quit. The software product they're developing, without a developer (they still don't have one), is an iSCSI based Desktop Protection System, but it's so riddled with holes and such a massive lack of security that they're committing fraud by selling what they have as a security solution.
Best:
If you're dumb enough to browse questionable content openly and without the use a VPN or TOR Proxy, then it's really just punishment for not thinking before you act.
If your hot water is working in the Kitchener but not in the Bathroom, as far as coding is concerned, then you have an architecture problem or you're missed something that should be clear if the code was designed properly in the first place, as to notice the lack of a component feature. Assuming that hot water is important, you'd have some type of consumable service or interface that checks for the existence and functionality of the hot water system which can scope module to module and module to system.
If you design the code to the best ability possible and a change has to be made downstream later to accommodate scope creep or scope change, it shouldn't be a problem, providing the right steps were taken in the beginning to assure quality in the product throughout.
Fair, but you still need to put the initial work in. At no point does Agile tell you to "Never document, and instead make sure to work blind."
Whats wrong with Agile, is most of the people who use it, don't understand it.
Most people who program don't understand pointers, as evidence they're taken out, or not included, in most modern programming languages, but this doesn't mean there is something wrong with pointers, it just means programmers are idiots and don't understand them, so would you hold that over the concept?
Using something wrong or incorrectly doesn't mean there is something wrong, it just means people need to learn about the concept they want to use properly. My company uses Agile and we have no problem with it because before we started, we put together a 150+ page document outlining every single component, how it functions, how it has to behave, how it has to fail and everything you would need to know. Once you understand what you're trying to do, it's easy to draw up a functional project plan in something like Kanban or Scrum.
The people you're referring to who seem to never understand or use Agile correctly, don't demonstrate a problem with Agile, they simply show how little they understand Agile and in many ways development/programming in general.
Agile is all about documentation and consideration before work gets started. People generally misunderstand Agile development, because they think it's all about getting work done fast and sloppy when it's about understanding everything about the work and not wasting time on implementation, thanks to the documentation.
Before a single line of code hits the IDE, you plan out what you're trying to solve, the problems you have to deal with, and how the logic will have to act. Coding happens after the "hard" work has been done, once you have a good idea of what has to be done and how to do it.
If anyone thinks that a true software engineer just sits down, starts slamming on some keys and then says "Oh well, I wrote code, let's see how the throttle handles it", then they don't understand software development or software engineering.
It doesn't work.
History is the field of learning about stuff that happened in the past, because you're not smart enough to progress humanity into the future. Journalism is about misrepresenting facts to fit someones view point, for instance look at the Huffington Post, one of the biggest Misandristic publications on the planet, or look at the Globe and Mail, so liberalized that it can't even tell which way is up.
I'll stop dumping on the liberal arts when the collective groups of study which make it up, stop being a representation of the people that are the least likely to help humanity.
Keep the grades and standards the same.
STEM isn't about learning a single programming language or a single methodology, it's about getting the base and then expanding it. If you're a Computer Engineer or Embedded System Engineer, which I have a degree in both, and you don't know JavaScript, C, C#, MySQL, Maria, MongoDB, Ruby, PHP and a number of other programming languages then you're out of shape and will have a very hard time getting a job.
It's not what you learned 20 years ago that you base your career path on, it's about what you do with what you learned that will make your career path. If two people apply for a useful job, such as an Engineering Job, and one has a degree in Embedded Engineering and the other has an SJW degree in Gender Studies, who do you think is going to get the job and who do you think is going to end up on government assistance? Liberal Degrees are toilet paper, they're all about feel-good concepts, hugs, and crying, instead of real-world application and progression.
Increase the tuition costs of the Liberal Studies by several orders of magnitude and slash the cost of STEM tuition by orders of magnitude. Keep the grades and standards the same and in 5 years, see how many crybaby SJW Gender Studies Majors you see vs Computer Engineers.
Out of the four computers I use on a regular basis, three of them are on Ubuntu 17.04 Desktop and the other runs BlackArch, it's not the year of the Linux Desktop, Linux is the Desktop OS for everyone.
This is why you need a good Firewall, so you prevent your TV from being reachable via the internet.
The reason they were able to get the good was the direct result of a bug in the website, and they were not responsible for the creation of the bug or what the bug could exploit, therefore, leaving the couple completely in the clear. The couple could easily explain that they figured the bug was a feature and because they had no hand in the original design of the website / infrastructure, they had no way to know or question its operation.
Of course and I use secure password management. There is no need for me to actively remember the passwords I use, as they get rotated out often and are different for every single service I use.
64 characters, symbols, letters, numbers, capitals and lower case. Change them at least once a month, never use the same password twice and use random generation as much as possible. If you can, you don't just use a password, use at least 2FA, if not MFA (I have servers with 4FA+ on them.
They should have to reach out for customer support first before allowing a blind refund. Customers are stupid and don't read directions, which shouldn't be the fault of the seller, it should be the fault of the customer. This is a major negative score.
I would buy a proper AP, I really love the stuff from https://www.ubnt.com/unifi/uni...