Encryption isn't really an end all solution. Some things should of course always be encrypted by default, but not everything needs to or should be encrypted. For example, if I encrypted everything moving around on an internal network, my firewalls, IDS, and IPS would suddenly become much less useful. There aren't any and likely won't be any useful encryption methods that give you the diagnostic and security information you'll get from unencrypted traffic.
It's about finding a balance between what should be encrypted by default, what I shouldn't be able to do without encrypting everything, and what I should be left with to encrypt if I feel like what I'm doing is important enough to encrypt. I should HAVE to encrypt my online banking traffic, but if ALL of my email suddenly became encrypted without google being able open it up, I would start finding a lot more spam in my inbox.
I'm given the option to connect to gmail by https 100% of the time, which is nice, but I don't want to find that 80% of the email I get is from people who haven't been updating windows or the Norton antivirus that came with their computer they got from bestbuy.
I guess was more talking about ease of use for someone like me or (I'm assuming) the old lady who would basically be a command line n00b. I think that the command line is a lot more efficient, but it's no where near as intuitive as a GUI. You can always teach yourself things, but it's generally easier to teach yourself something visually if you don't have very much experience with it.
Not everyone is like this. We have someone (of the walking-slow old variety) at the doctors office i work at who has trouble with computers sometimes. However, she learned things in DOS & had a lot of trouble moving to the GUI. I think you could say learning and being comfortable with DOS would be easier once the learning process is over.
A GUI can be extremely inefficient, though more intuitive, depending on it's design. Dragging and dropping a file, though.. that's easier than using mv blahfile toblah
But I'm glad it says that these systems are targeted towards management. It sounds to me like a lot of the people running hospitals enjoy buying themselves fancy toys.
I work as a go-fer at a doctors office. There's two doctors there with roughly a dozen nurses. I wouldn't have a job if we didn't have the shit paper filing system we currently have. Several people who work there wouldn't have jobs if we didn't have the shit filing system we have there. It's a waste of my time that I could be spending at collage not doing homework. Is that a bad thing? No, I'm gana grow up to be a l33t computer hacker and get lots and lots of money. Those nurses that get fired when the office gets the electronic records keeping may go on to get licensed as hardcore full on RNs. There's plenty of room in the expanding healthcare system for more nurses. It's not going to kill jobs, but a system of server to server sharing (yeah, someone needs to find a way for this to work so doctor in california can find out about the STDs I got diagnosed with here in [place where the job market is bad]) mah patient info would eliminate errors when things are coded properly (I do get quite annoyed with myself when I find a file I put in the wrong place, but our file system has more room for error than you think it does. Files just take... a long time to find).
Also, we have an accountant who is going over all this stuff, so hopefully they read this article and not waste money on things the doctors really don't need. Like buying a sports car, a prius, and then a new battery prius to save the environment.. The doctors are currently in a legal battle of who has the biggest e-peen though, (50-50 share in the company, tee hee) so I really don't care that much about how things turn out at the office.
Also, I know all this stuff because I work for my mommy.
I think I'd trust my local bank. They're some really nice fellows and I think they'd do a very good job of handling my IT needs for the rest of forever.
I'm rooting for google. I don't think they're a perfect business at all. They're a big business, so that's never going to happen. I do like their essentially "free" business model of providing things for free and or as open source when it helps them, and not doing so when it doesn't help them.
Ads and crap will always be there, but I'm not too concerned. Even with the ads, Microsoft and Google now have more motivation to show innovation in their products. I don't think either one is very likely to topple the other's main source of income ANY time soon, but they're giving each other reasons to make the best products they can, so the customer will, in the end, win.
Currently, as most people here have probably already figured out, we're just starting to get our laws caught up to the new digital age. I'm currently taking a couple computer forensics classes, so I've heard my instructors go on a few rants about the current state of legislation in regard to digital evidence and cyber crime investigations. For instance, in Michigan, you don't even necessarily have to have any computer back round to be a certified computer forensics investigator. All Bob the computer-illiterate rape investigator would need to do is have a few year investigating those rape cases, be over 25, and a few years of experience investigating those rape cases.. or any other sort of crime.
The main issue Obama seems to be going at is the interpretation of "in plain site." While I think it makes perfect sense that if you don't get a search warrant to look for pictures of naked children at my house, and you don't see child porn on any screens, then your search warrant sure as hell better include my computer before you snag my hard drive and start looking for my child porn stash.
However, if you make an image of someone's hard drive (you never work with the original), I don't see how everything on that image isn't in plain site, or what reasonable expectation of privacy that person would have. Though, with the way things work, if I'm looking at an image I've legitimately for evidence about a murder and see a folder called "evil child pr0nz", I pretty much need to get a warrant before looking at it, otherwise I'm risking getting that evidence thrown out. TFA states an example about how the government, while looking at the spreadsheet of how 10 players failed their drug test, also noticed that there 104 other people who failed their drug tests and then copied all that information. HOW is this not considered in plain site, because all they had to do was copy and paste the information of those 10 players??? Exactly what does the investigator have to see on a computer for it to be considered in plain site? A big flashing banner that says "LOOK IN '***!!C:\PR0NZ' FOR CHILD PRONZ!!***"??
The auditor talk was on the 30th of last month. His talk was pretty broad and mentioned stuff about chemical plants, water treatment facilities, and other infrastructure type stuff besides just the power grid. I was assuming at the time from the way he was raging (he started sounding angrier & angrier as he went on) that security was just as bad across these different areas, though from you guys it sounds like the power grid may be at a higher standard than other types of infrastructure.
uuh.. right.
I went to a conference done by a couple people from DHS, and they had some different opinions. One of them was an auditor with quite a bit of experience, and one of his main points was that in his entire time doing auditing for utilities/infrastructure, he had NEVER found a 100% isolated system. It's pretty much impossible to have a network where there is no way to get data from outside the network in. There's always either someone who takes home one of the company laptops, a USB port on something that shouldn't have a USB port, or an unmonitored modem sitting around.
The average patch time for these utilities is just under a year.. I don't see how that isn't vulnerable.
It also sounds an awfully lot like you and a bunch of other people here are trying to say that just because the protocols used for DCS/SCADA systems aren't as well known as others, that they're somehow secure.. You're basically making the "security through obscurity" argument, which we all know is false.
Also, it was mentioned that the average patch time for these places is just under a year, with some that hadn't even done any patches for nearly two years.
Maybe things are different where you work at, but this is pretty much what the auditor's experience was at the vast majority of the sites he visited.
I think we've moved from annoying professors who just sit there and read from a book to annoying professors who just sit there and read me a powerpoint. Either way, it makes a person feel like the teacher thinks we're incapable of reading the book/powerpoint.
I don't have a problem with people having powerpoints that cover the material well, but it's ridiculous when I end up just not going to class, studying some powerpoints for a couple days, and then get a 98% on my exam. There should be a reason for me to have paid the $100+ dollars on the book & go to the lectures..
Who is going to want to be the front car of the train, when they will obviously be responsible for any accidents?
The car in the front is a professional, probably government employed, driver.
Even if the car in front is a professional, they're still at a pretty big risk for people suing them if anything that driver does involves a car accident.
At least from the article, it sounds like they have just one server set up to do this..
I guess I shouldn't be surprised, especially given the things I've heard about other types of infrastructure but isn't one of those things that should really have some hard core built in redundancy? They should really have some backup servers that are ready for this sort of thing to happen and can take over when one of the systems fail.
It's really just an effort (a rather lazy one?) on their part to protect the image of their brand. They have a limited number of drivers they work with, so it makes it easier for them to create a better working more stable product.I'm not arguing that this is the right thing for them to do at all. I'd think it'd be great if anyone who wants to run OSX on their PC or netbook could do so without running into crap like this.
Microsoft, on the other hand, works to make their software assimilate every piece of hardware, so they aren't able to polish their drivers quite as much, even with their billions and billions of dollars.
Linux gets the shit end of this stick.
This is outrageous! What will we do if we can't go around the internet spewing ridiculous and inflammatory comments at the expense of others for our own amusement?!
I'm mildly sad to see SWG go this way, but I guess it's kind of like knowing that a loved one won't have to suffer through their cancer for much longer.
[insert statement about the good old days]
Slashdot Mirror
mod parent off topic.
Encryption isn't really an end all solution. Some things should of course always be encrypted by default, but not everything needs to or should be encrypted. For example, if I encrypted everything moving around on an internal network, my firewalls, IDS, and IPS would suddenly become much less useful. There aren't any and likely won't be any useful encryption methods that give you the diagnostic and security information you'll get from unencrypted traffic.
It's about finding a balance between what should be encrypted by default, what I shouldn't be able to do without encrypting everything, and what I should be left with to encrypt if I feel like what I'm doing is important enough to encrypt. I should HAVE to encrypt my online banking traffic, but if ALL of my email suddenly became encrypted without google being able open it up, I would start finding a lot more spam in my inbox.
I'm given the option to connect to gmail by https 100% of the time, which is nice, but I don't want to find that 80% of the email I get is from people who haven't been updating windows or the Norton antivirus that came with their computer they got from bestbuy.
I guess was more talking about ease of use for someone like me or (I'm assuming) the old lady who would basically be a command line n00b. I think that the command line is a lot more efficient, but it's no where near as intuitive as a GUI. You can always teach yourself things, but it's generally easier to teach yourself something visually if you don't have very much experience with it.
Not everyone is like this. We have someone (of the walking-slow old variety) at the doctors office i work at who has trouble with computers sometimes. However, she learned things in DOS & had a lot of trouble moving to the GUI. I think you could say learning and being comfortable with DOS would be easier once the learning process is over.
A GUI can be extremely inefficient, though more intuitive, depending on it's design. Dragging and dropping a file, though.. that's easier than using mv blahfile toblah
I had to wait several minutes to be able to respond to your comment.
they save money on time, not paper
But I'm glad it says that these systems are targeted towards management. It sounds to me like a lot of the people running hospitals enjoy buying themselves fancy toys.
I work as a go-fer at a doctors office. There's two doctors there with roughly a dozen nurses. I wouldn't have a job if we didn't have the shit paper filing system we currently have. Several people who work there wouldn't have jobs if we didn't have the shit filing system we have there. It's a waste of my time that I could be spending at collage not doing homework. Is that a bad thing? No, I'm gana grow up to be a l33t computer hacker and get lots and lots of money. Those nurses that get fired when the office gets the electronic records keeping may go on to get licensed as hardcore full on RNs. There's plenty of room in the expanding healthcare system for more nurses. It's not going to kill jobs, but a system of server to server sharing (yeah, someone needs to find a way for this to work so doctor in california can find out about the STDs I got diagnosed with here in [place where the job market is bad]) mah patient info would eliminate errors when things are coded properly (I do get quite annoyed with myself when I find a file I put in the wrong place, but our file system has more room for error than you think it does. Files just take... a long time to find).
Also, we have an accountant who is going over all this stuff, so hopefully they read this article and not waste money on things the doctors really don't need. Like buying a sports car, a prius, and then a new battery prius to save the environment.. The doctors are currently in a legal battle of who has the biggest e-peen though, (50-50 share in the company, tee hee) so I really don't care that much about how things turn out at the office.
Also, I know all this stuff because I work for my mommy.
I think I'd trust my local bank. They're some really nice fellows and I think they'd do a very good job of handling my IT needs for the rest of forever.
I'm rooting for google. I don't think they're a perfect business at all. They're a big business, so that's never going to happen. I do like their essentially "free" business model of providing things for free and or as open source when it helps them, and not doing so when it doesn't help them.
Ads and crap will always be there, but I'm not too concerned. Even with the ads, Microsoft and Google now have more motivation to show innovation in their products. I don't think either one is very likely to topple the other's main source of income ANY time soon, but they're giving each other reasons to make the best products they can, so the customer will, in the end, win.
Currently, as most people here have probably already figured out, we're just starting to get our laws caught up to the new digital age. I'm currently taking a couple computer forensics classes, so I've heard my instructors go on a few rants about the current state of legislation in regard to digital evidence and cyber crime investigations. For instance, in Michigan, you don't even necessarily have to have any computer back round to be a certified computer forensics investigator. All Bob the computer-illiterate rape investigator would need to do is have a few year investigating those rape cases, be over 25, and a few years of experience investigating those rape cases.. or any other sort of crime.
The main issue Obama seems to be going at is the interpretation of "in plain site." While I think it makes perfect sense that if you don't get a search warrant to look for pictures of naked children at my house, and you don't see child porn on any screens, then your search warrant sure as hell better include my computer before you snag my hard drive and start looking for my child porn stash.
However, if you make an image of someone's hard drive (you never work with the original), I don't see how everything on that image isn't in plain site, or what reasonable expectation of privacy that person would have. Though, with the way things work, if I'm looking at an image I've legitimately for evidence about a murder and see a folder called "evil child pr0nz", I pretty much need to get a warrant before looking at it, otherwise I'm risking getting that evidence thrown out. TFA states an example about how the government, while looking at the spreadsheet of how 10 players failed their drug test, also noticed that there 104 other people who failed their drug tests and then copied all that information. HOW is this not considered in plain site, because all they had to do was copy and paste the information of those 10 players??? Exactly what does the investigator have to see on a computer for it to be considered in plain site? A big flashing banner that says "LOOK IN '***!!C:\PR0NZ' FOR CHILD PRONZ!!***"??
I'm getting it as well.. :(
I'M TELLING!!!
The auditor talk was on the 30th of last month. His talk was pretty broad and mentioned stuff about chemical plants, water treatment facilities, and other infrastructure type stuff besides just the power grid. I was assuming at the time from the way he was raging (he started sounding angrier & angrier as he went on) that security was just as bad across these different areas, though from you guys it sounds like the power grid may be at a higher standard than other types of infrastructure.
uuuh.. yes it is!
uuh.. right. I went to a conference done by a couple people from DHS, and they had some different opinions. One of them was an auditor with quite a bit of experience, and one of his main points was that in his entire time doing auditing for utilities/infrastructure, he had NEVER found a 100% isolated system. It's pretty much impossible to have a network where there is no way to get data from outside the network in. There's always either someone who takes home one of the company laptops, a USB port on something that shouldn't have a USB port, or an unmonitored modem sitting around. The average patch time for these utilities is just under a year.. I don't see how that isn't vulnerable. It also sounds an awfully lot like you and a bunch of other people here are trying to say that just because the protocols used for DCS/SCADA systems aren't as well known as others, that they're somehow secure.. You're basically making the "security through obscurity" argument, which we all know is false. Also, it was mentioned that the average patch time for these places is just under a year, with some that hadn't even done any patches for nearly two years. Maybe things are different where you work at, but this is pretty much what the auditor's experience was at the vast majority of the sites he visited.
Don't you mean, "Go Go Go Google Language!"
I think we've moved from annoying professors who just sit there and read from a book to annoying professors who just sit there and read me a powerpoint. Either way, it makes a person feel like the teacher thinks we're incapable of reading the book/powerpoint. I don't have a problem with people having powerpoints that cover the material well, but it's ridiculous when I end up just not going to class, studying some powerpoints for a couple days, and then get a 98% on my exam. There should be a reason for me to have paid the $100+ dollars on the book & go to the lectures..
*fail*
Who is going to want to be the front car of the train, when they will obviously be responsible for any accidents?
The car in the front is a professional, probably government employed, driver.
Even if the car in front is a professional, they're still at a pretty big risk for people suing them if anything that driver does involves a car accident.
Sounds to me like they're trying to protect themselves from extremely high amounts of heavy metals present in the environment.
At least from the article, it sounds like they have just one server set up to do this.. I guess I shouldn't be surprised, especially given the things I've heard about other types of infrastructure but isn't one of those things that should really have some hard core built in redundancy? They should really have some backup servers that are ready for this sort of thing to happen and can take over when one of the systems fail.
It's really just an effort (a rather lazy one?) on their part to protect the image of their brand. They have a limited number of drivers they work with, so it makes it easier for them to create a better working more stable product.I'm not arguing that this is the right thing for them to do at all. I'd think it'd be great if anyone who wants to run OSX on their PC or netbook could do so without running into crap like this. Microsoft, on the other hand, works to make their software assimilate every piece of hardware, so they aren't able to polish their drivers quite as much, even with their billions and billions of dollars. Linux gets the shit end of this stick.
This is outrageous! What will we do if we can't go around the internet spewing ridiculous and inflammatory comments at the expense of others for our own amusement?!
I'm mildly sad to see SWG go this way, but I guess it's kind of like knowing that a loved one won't have to suffer through their cancer for much longer. [insert statement about the good old days]
How DARE you insult Mr. Rogers!!