Actually, RMS is more a John The Baptist than a saint - railing against the establishment, morally pure, living in the desert eating naught but locusts and honey and using over the top, fire and brimstone sermons to try and draw the masses towards salvation. And abso-fucking-loutley batshit crazy.
He is however, necessary if we are to make it to the promised land.;-)
Granted. Social engineering is a major cause of the problem. Whats the solution? Us.
We, as professional and responsible administrators, need to do whatever we can to prevent "the clueless luser" from getting hit by malware. It's a study in risk management, nothing more, nothing less.
That's why we admin types rail against Microsoft's seeming lack of proper OS design - it's way too easy to get nailed unless you go to a lot of trouble and expense to keep the Windows OS useable and secure at the same time. Linux and OS/X aren't a paragons of security at times either, but they were put together with security in mind, not an afterthought.
Microsoft is learning, and learning quickly, but until they decide that security comes first, and any app that breaks the security model is broken (glares at Intuit for QuickBooks) we will have to put up with doing a lot of work - which shoulsn't be necessary - to keep our systems secure and running as they should.
I agree that attitude starts at the top, and Microsoft reflects it's paranoid and controlling nature in several ways, on several levels.
However, I don't belive Mr. Ballmer is a moron - quite the contrary. He's just letting his huberis and fear over shadow his intellect at this point. A little humility would work wonders for the whole company.
The Apache license allows for non or commercial distribution of Apache or a direct derivetive (with attribution), but I don't see any other products or projcts based on the Apache codebase (I know there are some) that are nearly as popular as Apache itself. Can you answer why this is?
That's fine if you don't like this, but don't lie about the technology and say that it doesn't help the user to trust the machine. It helps everyone trust the machine. That's why it's called Trusted Computing.
Mmmmmm... KoolAid.
Dude, I trust a machine to do exactly as it's told. I do not trust humans to do the same. Trusted Computing is an aphorism for "Hey, you can trust $VENDOR, since your machine does, due to $TECHNOLOGY." Fuck that.
If you r00t a computer, you're after one thing - getting information _out_ of said machine. (THINK - Credit card #s or Spam - it all has to leave the machine somehow.) You need to do this via a network connection, USB key or some other means. There are ways of noticing that information has left a machine in some way, either through physical security or other means (It'll be a cold day in Hades before a vendor brings a cell phone into my data center. Those things have memory, after all.) since once outside the box it's no longer under the control of the r00tk1t. IOW, if someone r00ts one of my machines, it'll be either noticed or totally useless to them.
I, and I alone, establish trust of my systems. Any vendor who says they can do that for me is sadly mistaken, unless they are willing to allow me to completely vet thier Trust protocol and methods. Even then, I had better be able to fully audit that system at a whim, on my terms.
"Trusted Computing" is for those who don't want to learn or do thier job professionally, are just plain lazy or, they're willing to drink the KoolAid. As for users, they tend to trust people, like me, who fix thier broken systems, and take my advice to heart when I charge them $TEXAS for fixing thier broken assed PCs./me sips his Rye and cola....
My sense of this is she trolled the law firm - got hired just to publicly embarass them. They played right into her hands by firing her for her views. Now they get to deal with any publicity she gets by suckering them in.
Whom ever hired her in the first place should be canned for plain old not doing thier job.
Myself, I congradulate her on a well executed plan. Can't say I'm sorry to see IP lawyers squirm to get out of the light.
Exactly, what are these folks not seeing when it comes to denying global warming?
Dollar signs.
Well, the type of $ that keeps them supplied with power and influence. Once they figure out how to stay in power without the rest of us being dependant on fossil fuels, greenhouse gases will begin to not be a problem.
It is not stupidity really, it's huberis. The MPAA thinks they are the stewards of all creative works involving a camera, and as such can do whatever they please in regards to such.
It's that they're so full of themselves, it just looks like stupidity.
There's a second box along the side of that page, showing one how to avoid stress. Cool! Let's take a look:
1. Live a healthy lifestyle
Well, duh. OK, maybe someone under stress needs the bleeding obvious told to them. Whatever.
2. Don't take too much on
Too much what? Stress?
3. Decide what causes you stress and change it
OS9 causes my stress. The Accounting Dept. says I can't change it either.
4. Avoid unnecessary conflict
So, one should just smile at that luser and say "Yes, you're right - it's a virus I let in through the firewall. Your kids music collection acquired through Kaaza - on our corporate laptop - has _nothing_ to do with all those strange pop-ups. No sir. I'll have it all fixed up in a jiffy."? OK.
5. Manage your time better
Good. Hang on, cell phone ringing again...
6. Practice saying "no" without feeling guilty
Me: Hullo? Them: Hey - the server's down Me: *checks with ssh* Odd - it was runnig like a top when I left for home. Them: Well, with the construction going on in here, the electricians kinda shut the power to the server room off. Me: Ummmm... The server is on UPS. Why's it dead? Them: They shut it off a 5. It's now 8. The drill they plugged into the UPS didn't help either. Can you come in and fix it? Me: NO. Get them to fix it - it's thier fault! And nothing you say will make me feel guilty enough to come in. Them: Suuuure. Get your ass in here or your fired! The CIO golfs at my country club, you know. Me: Yeahyeahyeah. Be there ASAP. As soon as I explain to my wife why I'm going to work during her birthday celebration.
Yup, no stress there....
7. Take time out to "recharge your batteries"
Me: Yup, the batteries aren't charging. You guys fried the my UPS batteries with your drill. You've trashed my DB and destroyed a 3000VA UPS. I need to see the foreman now - you guys owe us for all this. FatAssSparky: Fuck you.
8. Talk about problems so they do not get out of proportion
Me: I'd like to talk to you about your workers killing power to my server room, and... Foreman: Sorry 'bout that, buddy. Now, we want we should take 4 days to finish up here, or an extra week with similar 'mishaps', if you wanna start sqwaking about our little boo-boo dis evenin'? Me: *WINCE*...Have a nice evening.
9. Make time to see friends
Friend: Soko, if your just going to bitch about your day, I'm leaving. I hate that geeky stuff. Oh, and you pay the tab.
10. Do not use alcohol, nicotine or caffeine to cope with stress
Are they FUCKING KIDDING?? WHO ARE THESE MORONS?? I'll FUCKING SHOW THEM STRESS. WITH A SNOWSHOVEL CAVING IN THIER FUCKING SKULL!!!
Quite a lot, actually. I'm going back to AuoCAD 13, but it would save a.DWG as a WMF for you so you could paste your drawing into Word. IIRC, the.WMF format was essentially a dump of what was on the clipboard, and the clipboard in Windows 3.11 and 95 couldn't handle some larger CAD files as metadata, hence.WMF files.
And thanks for the clarification regarding MIME types, though the effect is still the same.
I thought most importantly users should be responsible enough not to simply click on or open anything in front of them.
Ummm... the recent WMF vulerability needed no user interaction, other than visiting a web page or getting an e-mail with a "specially crafted" WMF file disguised as a.JPEG or.GIF file. It wouldn't matter which program accessed the file either - the OS would bypass the extension based MIME type and treat the file as a.WMF anyway, complete with being able to execute code, as WMF files are able to do by design. IOW, there was very little defense for an end user, unless you knew what sites had these files in advance. Users are usually the weakest link in the chain, but not always.
Your first bit of advice was correct - security is a process, not a product, and as such needs to be maintained and thought out in advance. I'd add "Educate users why people want into thier machine and here's how they get in" to the list too.
Understood. They are learning but not getting an education. *sigh*
I suppose I have more of my childrens attention since I'm thier parent, and of course I'm not 100% successful at the method in my previous post, but I figure it's the root of the problem and needs to be addressed. If they learn how to deduce things by applying the basics, learning becomes easy.
There is a definite lack of teaching childern _how_ to learn, before we teach them _what_ to learn. Keep trying, please - we need more teachers like you.
MVHO is that children not only need to know the how, but the why and how that applies to them in a logical manner before they'll be interested enough to listen properly. Say to a kid "Want to learn how to make a car do the 1/4 mile in 10 seconds?" you'll get them interested (girls like powerful cars too, BTW). Next, they'll say "OK, how do I do that, NO2?", and you say "Yup, but how much NO2? Where do you inject it? Can you do that without cratering the motor? In order to master this you need to know those things, and why they are the way they are. Let's start from the beginning..." and each step you show them that they're progessing to the goal of mastering the art of putting together a hot car.
I'm no school teacher, but as a parent I've often gotten through by showing my childern a goal, and geting them interested in mastering a process of achieving that goal. For example, when I get a "Tell me the answer, please." kind of question, my response is "No, but I'll show you how to handle this all on your own from now on, OK? Like a mature person does." - usually with positive results. What almost always happens next is "Hey, Dad, can I do it this way? It cuts out a few steps." - critical thinking.
My bet is that your class might be the very same way.
Ten rules? Not enough - we are dealing with lusers here. With lusers, you can guarantee but one thing - they will find new ways to completely fsck up a perfectly running system. IOW, "No one could be that stupid." is by _definition_ false.
Lusers are scared of the computer (Fear what you don't know), scared of what it does (Fear of learning) and scared of making it work properly (Fear of looking like a fool). What you need to do is provide more fear (Fear of being LARTed into oblivion by the sysadmin), which will negate the first 3.
A shyster is an unscrupulous lawyer. How did shyster get to mean shady digital camera salesman?
Well, since there dosn't seem to be any lawyers left that have scruples, and we couldn't lose usage of such a cool word as shyster, we've just added one more definition.
One of our not-so-secret weapons is our ideas mailing list: a companywide suggestion box where people can post ideas ranging from parking procedures to the next killer app. The software allows for everyone to comment on and rate ideas, permitting the best ideas to percolate to the top.
So, Google uses a Slash like moderation system? Imagine being able to moderate a PHB (-1, Talking out of Your ASS), or a colleague (-1, Clueless Luser). And moderating the CEO (-100, Evil - Fuck Shareholder Value, This is Wrong!) to keep them to thier word.
Slashdot Mirror
Whoa. That's an awful lot of figs... ;-)
Soko
NewScientist is reporting that scientists have discovered complex nanoscale structures that have successfully protected rats from anthrax.
So, with this protecting them, we can't use anthrax on these rats now? Pity.
We all know that anything that helps protect a politician is funded fully, quickly...
Soko
Actually, RMS is more a John The Baptist than a saint - railing against the establishment, morally pure, living in the desert eating naught but locusts and honey and using over the top, fire and brimstone sermons to try and draw the masses towards salvation. And abso-fucking-loutley batshit crazy.
;-)
He is however, necessary if we are to make it to the promised land.
Soko
Granted. Social engineering is a major cause of the problem. Whats the solution? Us.
We, as professional and responsible administrators, need to do whatever we can to prevent "the clueless luser" from getting hit by malware. It's a study in risk management, nothing more, nothing less.
That's why we admin types rail against Microsoft's seeming lack of proper OS design - it's way too easy to get nailed unless you go to a lot of trouble and expense to keep the Windows OS useable and secure at the same time. Linux and OS/X aren't a paragons of security at times either, but they were put together with security in mind, not an afterthought.
Microsoft is learning, and learning quickly, but until they decide that security comes first, and any app that breaks the security model is broken (glares at Intuit for QuickBooks) we will have to put up with doing a lot of work - which shoulsn't be necessary - to keep our systems secure and running as they should.
Soko
I agree that attitude starts at the top, and Microsoft reflects it's paranoid and controlling nature in several ways, on several levels.
However, I don't belive Mr. Ballmer is a moron - quite the contrary. He's just letting his huberis and fear over shadow his intellect at this point. A little humility would work wonders for the whole company.
Soko
The Apache license allows for non or commercial distribution of Apache or a direct derivetive (with attribution), but I don't see any other products or projcts based on the Apache codebase (I know there are some) that are nearly as popular as Apache itself. Can you answer why this is?
Soko
That's fine if you don't like this, but don't lie about the technology and say that it doesn't help the user to trust the machine. It helps everyone trust the machine. That's why it's called Trusted Computing.
/me sips his Rye and cola....
Mmmmmm... KoolAid.
Dude, I trust a machine to do exactly as it's told. I do not trust humans to do the same. Trusted Computing is an aphorism for "Hey, you can trust $VENDOR, since your machine does, due to $TECHNOLOGY." Fuck that.
If you r00t a computer, you're after one thing - getting information _out_ of said machine. (THINK - Credit card #s or Spam - it all has to leave the machine somehow.) You need to do this via a network connection, USB key or some other means. There are ways of noticing that information has left a machine in some way, either through physical security or other means (It'll be a cold day in Hades before a vendor brings a cell phone into my data center. Those things have memory, after all.) since once outside the box it's no longer under the control of the r00tk1t. IOW, if someone r00ts one of my machines, it'll be either noticed or totally useless to them.
I, and I alone, establish trust of my systems. Any vendor who says they can do that for me is sadly mistaken, unless they are willing to allow me to completely vet thier Trust protocol and methods. Even then, I had better be able to fully audit that system at a whim, on my terms.
"Trusted Computing" is for those who don't want to learn or do thier job professionally, are just plain lazy or, they're willing to drink the KoolAid. As for users, they tend to trust people, like me, who fix thier broken systems, and take my advice to heart when I charge them $TEXAS for fixing thier broken assed PCs.
Soko
Spaceflight is a little dangerous, sure; but I'd volunteer if I was given a 50/50 chance of returning alive. I'm sure many other people would too.
Okie. I volunteer Eightyford for SpaceX, too.
Soko
it terminates your license and removes your computers hard drive with a 12 guage. It's then known as "Hasta-la-VISTA", babee.
Soko
I clicked on the link in TFA, and got a page displaying an ad. 'For what?' you may ask.
The ad was for American Express. ^_^
Soko
My sense of this is she trolled the law firm - got hired just to publicly embarass them. They played right into her hands by firing her for her views. Now they get to deal with any publicity she gets by suckering them in.
Whom ever hired her in the first place should be canned for plain old not doing thier job.
Myself, I congradulate her on a well executed plan. Can't say I'm sorry to see IP lawyers squirm to get out of the light.
Soko
(society as a hole, on the other hand...)
Best. Typo. Ever.
Soko
Exactly, what are these folks not seeing when it comes to denying global warming?
Dollar signs.
Well, the type of $ that keeps them supplied with power and influence. Once they figure out how to stay in power without the rest of us being dependant on fossil fuels, greenhouse gases will begin to not be a problem.
Soko
It is not stupidity really, it's huberis. The MPAA thinks they are the stewards of all creative works involving a camera, and as such can do whatever they please in regards to such.
It's that they're so full of themselves, it just looks like stupidity.
Soko
There's a second box along the side of that page, showing one how to avoid stress. Cool! Let's take a look:
...Have a nice evening.
H HHHHHHHHHH!!!!!!!!!
1. Live a healthy lifestyle
Well, duh. OK, maybe someone under stress needs the bleeding obvious told to them. Whatever.
2. Don't take too much on
Too much what? Stress?
3. Decide what causes you stress and change it
OS9 causes my stress. The Accounting Dept. says I can't change it either.
4. Avoid unnecessary conflict
So, one should just smile at that luser and say "Yes, you're right - it's a virus I let in through the firewall. Your kids music collection acquired through Kaaza - on our corporate laptop - has _nothing_ to do with all those strange pop-ups. No sir. I'll have it all fixed up in a jiffy."? OK.
5. Manage your time better
Good. Hang on, cell phone ringing again...
6. Practice saying "no" without feeling guilty
Me: Hullo?
Them: Hey - the server's down
Me: *checks with ssh* Odd - it was runnig like a top when I left for home.
Them: Well, with the construction going on in here, the electricians kinda shut the power to the server room off.
Me: Ummmm... The server is on UPS. Why's it dead?
Them: They shut it off a 5. It's now 8. The drill they plugged into the UPS didn't help either. Can you come in and fix it?
Me: NO. Get them to fix it - it's thier fault! And nothing you say will make me feel guilty enough to come in.
Them: Suuuure. Get your ass in here or your fired! The CIO golfs at my country club, you know.
Me: Yeahyeahyeah. Be there ASAP. As soon as I explain to my wife why I'm going to work during her birthday celebration.
Yup, no stress there....
7. Take time out to "recharge your batteries"
Me: Yup, the batteries aren't charging. You guys fried the my UPS batteries with your drill. You've trashed my DB and destroyed a 3000VA UPS. I need to see the foreman now - you guys owe us for all this.
FatAssSparky: Fuck you.
8. Talk about problems so they do not get out of proportion
Me: I'd like to talk to you about your workers killing power to my server room, and...
Foreman: Sorry 'bout that, buddy. Now, we want we should take 4 days to finish up here, or an extra week with similar 'mishaps', if you wanna start sqwaking about our little boo-boo dis evenin'?
Me: *WINCE*
9. Make time to see friends
Friend: Soko, if your just going to bitch about your day, I'm leaving. I hate that geeky stuff. Oh, and you pay the tab.
10. Do not use alcohol, nicotine or caffeine to cope with stress
Are they FUCKING KIDDING?? WHO ARE THESE MORONS?? I'll FUCKING SHOW THEM STRESS. WITH A SNOWSHOVEL CAVING IN THIER FUCKING SKULL!!!
AAAAAAAAAAAUUUUUUUUUUUUUUUUUUUUUUUUGGGGGGGGGGGGGH
Soko
Quite a lot, actually. I'm going back to AuoCAD 13, but it would save a .DWG as a WMF for you so you could paste your drawing into Word. IIRC, the .WMF format was essentially a dump of what was on the clipboard, and the clipboard in Windows 3.11 and 95 couldn't handle some larger CAD files as metadata, hence .WMF files.
And thanks for the clarification regarding MIME types, though the effect is still the same.
Soko
I thought most importantly users should be responsible enough not to simply click on or open anything in front of them.
.JPEG or .GIF file. It wouldn't matter which program accessed the file either - the OS would bypass the extension based MIME type and treat the file as a .WMF anyway, complete with being able to execute code, as WMF files are able to do by design. IOW, there was very little defense for an end user, unless you knew what sites had these files in advance. Users are usually the weakest link in the chain, but not always.
Ummm... the recent WMF vulerability needed no user interaction, other than visiting a web page or getting an e-mail with a "specially crafted" WMF file disguised as a
Your first bit of advice was correct - security is a process, not a product, and as such needs to be maintained and thought out in advance. I'd add "Educate users why people want into thier machine and here's how they get in" to the list too.
Soko
Video Encoded Invisible Light (VEIL)
How about Encoded Video - Invisible Light (EVIL)
or Video Invisible Light Encoded (VILE)
No? Sounds more apropos to me.
Soko
You left out "It's like trying to be funny on Slashdot", Alanis.
Soko
Understood. They are learning but not getting an education. *sigh*
I suppose I have more of my childrens attention since I'm thier parent, and of course I'm not 100% successful at the method in my previous post, but I figure it's the root of the problem and needs to be addressed. If they learn how to deduce things by applying the basics, learning becomes easy.
There is a definite lack of teaching childern _how_ to learn, before we teach them _what_ to learn. Keep trying, please - we need more teachers like you.
Soko
MVHO is that children not only need to know the how, but the why and how that applies to them in a logical manner before they'll be interested enough to listen properly. Say to a kid "Want to learn how to make a car do the 1/4 mile in 10 seconds?" you'll get them interested (girls like powerful cars too, BTW). Next, they'll say "OK, how do I do that, NO2?", and you say "Yup, but how much NO2? Where do you inject it? Can you do that without cratering the motor? In order to master this you need to know those things, and why they are the way they are. Let's start from the beginning..." and each step you show them that they're progessing to the goal of mastering the art of putting together a hot car.
I'm no school teacher, but as a parent I've often gotten through by showing my childern a goal, and geting them interested in mastering a process of achieving that goal. For example, when I get a "Tell me the answer, please." kind of question, my response is "No, but I'll show you how to handle this all on your own from now on, OK? Like a mature person does." - usually with positive results. What almost always happens next is "Hey, Dad, can I do it this way? It cuts out a few steps." - critical thinking.
My bet is that your class might be the very same way.
Soko
Ten rules? Not enough - we are dealing with lusers here. With lusers, you can guarantee but one thing - they will find new ways to completely fsck up a perfectly running system. IOW, "No one could be that stupid." is by _definition_ false.
Lusers are scared of the computer (Fear what you don't know), scared of what it does (Fear of learning) and scared of making it work properly (Fear of looking like a fool). What you need to do is provide more fear (Fear of being LARTed into oblivion by the sysadmin), which will negate the first 3.
Soko
A shyster is an unscrupulous lawyer. How did shyster get to mean shady digital camera salesman?
Well, since there dosn't seem to be any lawyers left that have scruples, and we couldn't lose usage of such a cool word as shyster, we've just added one more definition.
Soko
How apropos, given the state of most content on the Web.
Crap In, Crap Out.
Soko
One of our not-so-secret weapons is our ideas mailing list: a companywide suggestion box where people can post ideas ranging from parking procedures to the next killer app. The software allows for everyone to comment on and rate ideas, permitting the best ideas to percolate to the top.
So, Google uses a Slash like moderation system? Imagine being able to moderate a PHB (-1, Talking out of Your ASS), or a colleague (-1, Clueless Luser). And moderating the CEO (-100, Evil - Fuck Shareholder Value, This is Wrong!) to keep them to thier word.
That would be cool.
Soko