He basically goes on to agree with most of Linus' points after a few back-and-forths. He was apparently trying to make certain error messages more uniform, which certain higher level pieces of software didn't appreciate.
Everyone preaches about the insider threat, even though less than 4% of all incidents come from insiders.. If you count by the number of breached records, insiders make up less than 1% of all breached records (though, arguably, they may be breaching records that are more valuable)
I'm willing to bet that there's a computer hooked up to a thingy hooked up to another thingy you don't want to go crash boom on a boat or port somewhere.
Is that computer hooked up to the internet? There's a good chance it is, but it's not like computer security ceases to be an issue when you disconnect from the internet.
If you can, try meeting with your users face to face. The more you can facilitate communication, the better. Relaying through email or ticket posts can be a slow and arduous process. If you can instead spend a few minutes IM'ing them, or talking to them on the phone, you may be able to make more progress.
There are two sides to this communication process. There is your users educating you about their needs and requirements and the problems they are facing with your software, and there is you educating the users on how to make better recommendations and bug reports.
Also, most of the stuff in here is just a bunch of despair and people saying "fuck it" to communicating with those who are less technical. It's always going to be a problem, and it will always be an impossible challenge if you look at it with the same attitude.
So, basically.. If one was to rewrite this in a way that isn't an intentional mind fuck:
Corporations hire young people, but don't know how to nurture someone to be useful to the corp when they get older.
A better way of doing things would be to try to keep your good talent around and murder your not so talented talent. Then mentor them so they can continue to develop and be useful when they're older.
Bit of a plug for some people I have met, but if you check out Duo Security, they have some neat stuff where you can avoid the whole adding a second password as two factor authentication. Instead, you're authenticating a login through your phone (can either be through their app, or a phone call from a nice robotic lady). They also offer methods similar to RSA's. I don't know off the top of my head if you can configure it to only allow certain types of two factor auth.
What about the new york times and bazillions of other news organizations? How does the type of organization you are determine the legality of ones actions?
They need pass no law to achieve that, an executive order would be enough.
I'm not sufficiently familiar with the current Russian legal system. Would no legislative action be needed to require all government employees and contractors to only communicate work details through government-approved systems?
The president has quite a lot of power in Russia, and can pass "directive" without any sort of legislative review, so long as it does not go against an existing law or the constitution.
The doctors office I work at still has paper records.. There are so many freaking errors that I end up finding while filing. For some reason checking the date of birth is just way too much of an exercise for people to both themselves with. I find records that get put in the wrong folder all the time because of this, as well as other filing errors, etc.
If we had fully digital records, this likely wouldn't be a problem. Of course, software can epic failz just hard as a human, but it tends to be more consistent when it decides to fail or not.
As far as security goes, it's a joke. Virus whack a mole is getting to be a daily task:D I don't think we should shy away from things like this just because of the security challenge. Security will improve eventually, and life will move on.
Yeah, so.. does this make sense? I'm not a tornado kind of guy..
"Given the reports of tornadoes and lack of physical evidence of trauma, the most likely scenario is that the birds were asphyxiated inside the low pressure area within a very small tight tornado vortex. Because of the high energy (and thus oxygen consumption) during flight, a flying bird can aspyhixiate in a much shorter time and at much higher pressures than would be required to kill a resting human being."
I haven't read anything ever so it's not like this is an informed post, but I think if they do Diaspora in a truly open way, usernames wouldn't matter. I'd like to see it done in a way that would some day allow me to integrate diaspora to share information and kitty cat pictures between facebook and other social networking sites. (ACLs, yeah? fancy ones with sparkles and extendability.)
Not everyone will want to give mark zuckerbug their diaspora username and picture, but I know I probably will, and people should have that choice IF it possible to do in a practical fashion. If we can move towards an open social networking protocol. Y'know call it something like, HTTPstalker or something. Just try to think more about security before hand and be ready to change the things that are a surprise and we'll be golden.
I dunno.. I think by the time we (hopefully..) get to the point in which the internet is safe for computer illiterate grandma, there might not be as much of a need for education beyond just how to use the computer and not sell your soul to Generic Messanger 285. I don't mean to say that education is not important and that we should ignore it, but I see the real 'solution' coming in the form of better written software (operating systems, etc) that encases less trusted software (education goes here).
If mainstream software moves more towards being better written, and the default settings for that software is sufficient enough to keep my not-quite-as-paranoid-as-me human brethren 'safe', I think I'd pretty happy, and impressed. There's always going to be software that can be tinkered with for those who want it, I just hope that service providers don't create a lasting norm of bending over and doing things "their way," because getting around their way will only get more difficult as information security progesses.
Slashdot Mirror
At first, anyways. If you check:
https://lkml.org/lkml/2012/12/24/125
He basically goes on to agree with most of Linus' points after a few back-and-forths. He was apparently trying to make certain error messages more uniform, which certain higher level pieces of software didn't appreciate.
Everyone preaches about the insider threat, even though less than 4% of all incidents come from insiders.. If you count by the number of breached records, insiders make up less than 1% of all breached records (though, arguably, they may be breaching records that are more valuable)
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
I recently bought a laptop from System76. I know they at least assemble their stuff in Americuh. And they support teh linux too, so thats cool.
I'm willing to bet that there's a computer hooked up to a thingy hooked up to another thingy you don't want to go crash boom on a boat or port somewhere.
Is that computer hooked up to the internet? There's a good chance it is, but it's not like computer security ceases to be an issue when you disconnect from the internet.
If you can, try meeting with your users face to face. The more you can facilitate communication, the better. Relaying through email or ticket posts can be a slow and arduous process. If you can instead spend a few minutes IM'ing them, or talking to them on the phone, you may be able to make more progress.
There are two sides to this communication process. There is your users educating you about their needs and requirements and the problems they are facing with your software, and there is you educating the users on how to make better recommendations and bug reports.
Also, most of the stuff in here is just a bunch of despair and people saying "fuck it" to communicating with those who are less technical. It's always going to be a problem, and it will always be an impossible challenge if you look at it with the same attitude.
Yeah, they don't do any of that.
So, basically.. If one was to rewrite this in a way that isn't an intentional mind fuck:
Corporations hire young people, but don't know how to nurture someone to be useful to the corp when they get older.
A better way of doing things would be to try to keep your good talent around and murder your not so talented talent. Then mentor them so they can continue to develop and be useful when they're older.
NOW WAS THAT SO COMPLICATED?
North-East-Goat-Fried-Farmer-Baked-Interesting-Babble-Manti?
Bit of a plug for some people I have met, but if you check out Duo Security, they have some neat stuff where you can avoid the whole adding a second password as two factor authentication. Instead, you're authenticating a login through your phone (can either be through their app, or a phone call from a nice robotic lady). They also offer methods similar to RSA's. I don't know off the top of my head if you can configure it to only allow certain types of two factor auth.
But that would require them to like.. UPDATE IT. That's expecting way too much.
For other SOHO network devices with proprietary firmware, I imagine it's much worse.
You'll need to unplug the router and plug it back in first.
"Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?"
See: www.twitter.com/lulzsec
I'll bite.
What about the new york times and bazillions of other news organizations? How does the type of organization you are determine the legality of ones actions?
I guess what we should learn from this is to put your failover in separate regions, not separate availability zones?
They need pass no law to achieve that, an executive order would be enough.
I'm not sufficiently familiar with the current Russian legal system. Would no legislative action be needed to require all government employees and contractors to only communicate work details through government-approved systems?
The president has quite a lot of power in Russia, and can pass "directive" without any sort of legislative review, so long as it does not go against an existing law or the constitution.
The MAN
Well, you said more people data, so I just assumed :p
An algorithm isn't going to give him access to any more information.
The doctors office I work at still has paper records.. There are so many freaking errors that I end up finding while filing. For some reason checking the date of birth is just way too much of an exercise for people to both themselves with. I find records that get put in the wrong folder all the time because of this, as well as other filing errors, etc.
If we had fully digital records, this likely wouldn't be a problem. Of course, software can epic failz just hard as a human, but it tends to be more consistent when it decides to fail or not.
As far as security goes, it's a joke. Virus whack a mole is getting to be a daily task :D I don't think we should shy away from things like this just because of the security challenge. Security will improve eventually, and life will move on.
Yeah, so.. does this make sense? I'm not a tornado kind of guy..
"Given the reports of tornadoes and lack of physical evidence of trauma, the most likely scenario is that the birds were asphyxiated inside the low pressure area within a very small tight tornado vortex. Because of the high energy (and thus oxygen consumption) during flight, a flying bird can aspyhixiate in a much shorter time and at much higher pressures than would be required to kill a resting human being."
I haven't read anything ever so it's not like this is an informed post, but I think if they do Diaspora in a truly open way, usernames wouldn't matter. I'd like to see it done in a way that would some day allow me to integrate diaspora to share information and kitty cat pictures between facebook and other social networking sites. (ACLs, yeah? fancy ones with sparkles and extendability.)
Not everyone will want to give mark zuckerbug their diaspora username and picture, but I know I probably will, and people should have that choice IF it possible to do in a practical fashion. If we can move towards an open social networking protocol. Y'know call it something like, HTTPstalker or something. Just try to think more about security before hand and be ready to change the things that are a surprise and we'll be golden.
I dunno.. I think by the time we (hopefully..) get to the point in which the internet is safe for computer illiterate grandma, there might not be as much of a need for education beyond just how to use the computer and not sell your soul to Generic Messanger 285. I don't mean to say that education is not important and that we should ignore it, but I see the real 'solution' coming in the form of better written software (operating systems, etc) that encases less trusted software (education goes here).
If mainstream software moves more towards being better written, and the default settings for that software is sufficient enough to keep my not-quite-as-paranoid-as-me human brethren 'safe', I think I'd pretty happy, and impressed. There's always going to be software that can be tinkered with for those who want it, I just hope that service providers don't create a lasting norm of bending over and doing things "their way," because getting around their way will only get more difficult as information security progesses.
My account hasn't been getting any mod points lately :(
Your post should be getting plenty either way, imo.
didn't mean to imply that you would crack the encryption :P
I'd smash it with a hammer.