I don't completely agree, you have to define what it is classified as:
- Top Secret
- Secret
- Restricted
- Public
RESTRICTED hasn't been a thing in the US since WWII. There is a CONFIDENTIAL level however. Also, there are many, many other security markings that may be placed on a document, even if it isn't classified, that modify how it may be distributed. You may be also interested to learn that there is no official comprehensive list of all markings and what they mean as each branch or program may designate their own marks that are defined in the Security Classification Guide of the program that is generating the material. See DoD manual 5200.01 for an overview of the widely used marks.
Just stating Classified doesn't really tell much about how sensitive it is.
And anything that isn't classified at all should be handled as if it's Secret.
Treating the information as SECRET means that it may only be transported by courier or over SIPRNet. This is an unreasonable precaution to take for material that is merely sensitive. Also, marking something as SECRET without the proper authority (either as directed by an Original Classification Authority or the material is generated from a previously classified source), is just as much of an issue as improperly stripping marks off of previously classed material.
In general, if something is sensitive but unclassified it is marked (U//FOUO) and may be transmitted encrypted over the internet.
So you recommend both parties be honest about expectations and what is likely to happen in the future? Something like [dude bro]Hi, I am only being nice to you on the off chance you agree to copulation? [lady friend] I will probably never copulate with you, but will allow you to believe there's a slim chance so that you will help me move and fix my tech toys when they break. Is that what you think would be best, oh wise architect?
No, just don't remain friends with shitty people who try to manipulate you using sex. And for your part, don't be a jerk who uses friendship as a pretext to try to sleep with someone. Also, many adult friendships involve a component of playful flirtation with no real sexual intentions implied. Learning to tell the difference between playful banter and real sexual overtures is just part of being a social human being. If this is too hard for you, then maybe forgo friendship with the opposite sex altogether and only meet women through dates, where the social context is explicit (I'm assuming you're a straight male based on your comment).
Friendzone is a bullshit concept that is based on the notion that a woman's only value is as a sexual objective for you.
The Facebook Purity extension has a filter that will remove "share posts" from your feed. They have a bunch of other filters to remove sponsored posts and the like as well. With the right combination of options, you can just about rewind facebook to 2008 or so.
I'll go ahead and field this one: Steam is a games-distribution platform owned by Valve, a privately-held company that has continually demonstrated a commitment to providing an excellent product and service that exceeds any of their peers, while at he same time showing remarkable transparency of operations and who have a history of responding to their users.
You're kidding, right? Steam is a great service, and Valve seems like it is doing a good job of safeguarding its customers' data. However, Valve is famously a secretive black box of a company that closely guards all of its internal processes. And Steam support is likewise notorious for being capricious, unresponsive, or sometimes nonexistent.
So you're proposing that they provide untold billions of dollars worth of infrastructure to billions of people who use their services all day long, but make the money necessary to run all of that by... what? Selling decorative accent carpets, car washes, and whole grain muffins? Please be specific.
Well in this case, they are selling us a $600 piece of hardware as well as running the storefront where we purchase software for said hardware. I imagine there must be some way to make money by taking dollars from people. The data harvesting clauses in this case are egregious and probably wouldn't be there if Oculus weren't owned by Facebook.
There are plenty of contractors with clearances and CACs that do not qualify as a civilian DOD employee. You can check this by logging into MilConnect with your CAC. If the tab next to your personal information says CIV, there will be a checkbox to opt-in to PreCheck. If it says CTR (like mine), then you are out of luck.
Also, not everyone with a clearance gets a CAC, you have to be able to justify it to the sponsor and some are more willing than others to approve them. Where I work roughly 50% of us are cleared, but only a small percentage hold CACs. There's probably a vast pool of people they could enroll just by going through the OPM database and assigning PreCheck numbers to anyone with an active clearance.
Now he's a good example why "tough on crime" and sending people to prison for minor non-violent infractions (or things that shouldn't be infractions in the first place) is a really bad idea. He didn't repent in prison: he got radicalized and came out worse.
I think it's unlikely that a reasonably attentive driver would hit a pedestrian stepping out between parked cars. On any road, there still needs to be room for somebody who just parked to open his door.
That's rich. In Boston, we have plenty of streets that are two-way in name only. You either familiarize yourself with the convention of which way people tend to drive down it or be prepared to play chicken. And that's before people start parking half on the sidewalk. On both sides of the street. And then dump a couple of feet of snow on top of it.
When you open the driver side door, you check your mirror, crack the door, look over your shoulder, and then make a break for the sidewalk (or Look, Latch, and Leap, as my driver's ed instructor used to put it). Needless to say, if a pedestrian strolls out from behind a van or SUV without peeking around the edge for traffic first, yes they will get flattened, no matter how attentive the driver or how hard they stand on the brake.
If anything would horrify our founding fathers, it would be our large standing Army and the general lack of self-reliance.
I don't know, I suspect for many of the founding fathers, it would be that we've allowed women and blacks to vote.
Which is why I don't think America should automatically hew to 200+ year old principles held by the founding fathers.
It's fortunate for us then that they gave us a living constitution that can be amended as society and morality evolved. I for one, as a lefty socialist peacenik, am not particularly attached to the 2nd amendment, and I would feel perfectly safe living in a society where personal firearms are far more restricted than they are today.
However, I have to side with the "gun nuts" for the most part on issues of federally mandated gun control. The language is pretty clear: the "well regulated militia" bit is just expository preamble, and anyway "well regulated" and "militia" don't mean what most pro gun control folks want it to mean in the context of when the amendment was ratified.
If you are willing to tie the language of the 2nd amendment into knots to get what you want, what does that mean for ones you might care more about, like the 1st, 4th, or 5th?
Because tracking down all your dependencies' dependencies (and their deps, (and their deps, ad infinitum)) can get to be a huge hassle. This is especially true if you need to bump up to a newer version of a lib you depend on and it has a ripple effect throughout the dependency tree. For example, in one of my java projects, if you include transitive deps, there are 192 jars required at runtime. This count goes up if you include stuff that is part of the build scaffolding.
What we do is use Ivy to manage deps and Ivy is configured to point at only at a private Nexus server that we run. The Nexus server in turn proxies for Maven central and whatever other repos we need to pull from. We can also manually add stuff to the Nexus repo if there are one off deps that aren't available from an existing repo. The private Nexus repo itself is backed up on a regular bases so we are completely isolated from any shenanigans that are happening on other repos except when we have to update a dependency.
In your case where you add deps as git sub modules, how do you mitigate the fact the the third party lib you are pulling in as a git module might itself use a dependency manager and be pulling things in from the internet as part of its build process? Or do you rewrite the builds of all your first order deps to include the transitive deps as sub-sub modules?
I had several friends who abandoned computer programming in college because health care became the new money major for everyone to enroll in after the dot com bust. In fact, I was told repeatedly that I was crazy to pursue a technical career. My friends make more money in health care than I do in IT, but they hate their jobs because they don't like being around sick people. Ironically, some of my best paying IT assignments were from working at hospitals.
That's why I spent 10 years doing healthcare IT. First there was all the work on the business side getting everyone HIPAA-compliant, and now on the clinical side everyone wants to build an HIE.
If your timeline for generating revenue is "a few years", then you should not be in the business of doing advanced research. You're just going to be disappointed.
The app maker can intercept things all day, but if the messages are encrypted on the client, and the keys are not stored on the app maker's servers, then you will have no way of decrypting them. It's the same thing as if I used an encrypting handset over a POTS line: the phone company may be required to intercept it, but they won't be able to do anything with the results without the keys off the handset.
Doesn't cislunar just mean between the earth and moon? If that's the case, then all the Apollo missions necessarily took place mostly in cislunar space. Maybe first this century, or first for the SLS, but not first full stop.
In my youth as a latch-key kid in the eighties before caller ID, my parents used a code when calling us: ring three times, hang up, wait 20 seconds, and call again. If we didn't hear that ring pattern, we weren't to pick up the phone when home alone.
I don't think the constitution requires 9 justices, it just creates the court and grants the president the power to appoint them. 9 is just the traditional number.
Your argument is reasonable, just not based on constitutional principles. I don't think this law abides by the constitution, even if it seems reasonable enough. How do you reckon the feds have authority in such matters?
What the congress can do, however, is attach strings to federal assistance programs for schools to enforce these types of regulations. Since many schools systems or states absolutely depend on this money, the feds have a good deal of leeway in the kinds of regulations they can enforce.
This same kind of pressure gave us the national speed limit, raised the drinking age to 21, and created the right turn on red rule: all these measures were mandated at the federal level by tying compliance to federal highway funds.
The court was right in my opinion. The breach is bad, but showing concrete material damages (outside of copyright infringment suits) is a usual requirement. If the plaintiffs couldn't show they were harmed, Michael's doesn't need to make them whole.
There is still potential for various other types of lawsuits to succeed; PCI compliance, or criminal negligence, etc.
This is why we need statutory punitive damages to make companies liable for these kinds of breaches. Otherwise they have no incentive to protect your data. The harm done by all these leaks just becomes an externality. The only way we are going to get corporations to protect the data they are entrusted with is if they have a financial interest in doing so.
It's not as if we are ever going to learn the truth in these kinds of "incidents". Russia will say they were in Syria, Turkey will say they were in Turkey. However this time since the pilot parachuted in Syria, and got captured by rebels, I tend to believe the Russian story. If the plane was shot down in Turkey, the Turkish army would have recovered the pilot, isn't it?
Jets move fast, wind blows a parachute around. It's possible that when the missile was launched, the Russian jet was in Turkey but by the time of impact, missile and jet were over Syria. Based on the description, it sounds like the Russians were flying parallel tot he border and flew across a small finger of Turkish land that protruded into Syria. It sounds like both countries are somewhat it the wrong. The Russians technically entered Turkish airspace, but they were transiting, not flying a sortie in Turkey. The Turks over reacted.
Basically isn't that the core of it? Regardless of one's feelings about it, doesn't FB have the right to dictate what content they allow?
First Amendment issues might be different is this was a gov't run/controlled site, right? Oh wait... um, hmmm...
Sure, but by exercising editorial control, they now bear an increased responsibility for the content they do allow to be posted. You can't have it both ways: either you are a disinterested common carrier that provides a medium of transmission, or you are an active curator who is liable for what your users post.
Fighting in a war zone is one thing, going into restaurants in the middle of Paris and opening up with automatic AK-47s into civilians eating dinner is quite another.
People who would do such things are animals and aren't worth dealing with on an even level. If they wish to behave this way, then they should be treated that way.
Yes, dropping bombs from 20,000 feet on the restaurant is far more civilized.
1 in 50,000 is pretty unsecure if you ask me. That means that there are 200 people in a million that can get into my phone...
1 in 50,000 is better than the 1 in 10,000 you get with a 4 digit PIN, which is what the fingerprint is usually replacing. And since you usually get at least 10 wrong guesses before the phone locks for a long time or erases itself, the PIN is more like 10:10,000 or 1:1000. And to be fair, your chances of matching a random fingerprint are actually 5:50,000 since it lets you try 5 times (or 5 different fingers) before locking out TouchID.
Having TouchID lets me set a long alphanumeric passcode. This is tolerable since I don't have to enter it very often. So I am arguably more secure now than with the 4-digit PIN I was using before since the convenience of the biometric allows me to set a longer, seldom-used passcode.
Slashdot Mirror
I don't completely agree, you have to define what it is classified as:
- Top Secret
- Secret
- Restricted
- Public
RESTRICTED hasn't been a thing in the US since WWII. There is a CONFIDENTIAL level however. Also, there are many, many other security markings that may be placed on a document, even if it isn't classified, that modify how it may be distributed. You may be also interested to learn that there is no official comprehensive list of all markings and what they mean as each branch or program may designate their own marks that are defined in the Security Classification Guide of the program that is generating the material. See DoD manual 5200.01 for an overview of the widely used marks.
Just stating Classified doesn't really tell much about how sensitive it is.
And anything that isn't classified at all should be handled as if it's Secret.
Treating the information as SECRET means that it may only be transported by courier or over SIPRNet. This is an unreasonable precaution to take for material that is merely sensitive. Also, marking something as SECRET without the proper authority (either as directed by an Original Classification Authority or the material is generated from a previously classified source), is just as much of an issue as improperly stripping marks off of previously classed material.
In general, if something is sensitive but unclassified it is marked (U//FOUO) and may be transmitted encrypted over the internet.
So you recommend both parties be honest about expectations and what is likely to happen in the future? Something like [dude bro]Hi, I am only being nice to you on the off chance you agree to copulation? [lady friend] I will probably never copulate with you, but will allow you to believe there's a slim chance so that you will help me move and fix my tech toys when they break. Is that what you think would be best, oh wise architect?
No, just don't remain friends with shitty people who try to manipulate you using sex. And for your part, don't be a jerk who uses friendship as a pretext to try to sleep with someone. Also, many adult friendships involve a component of playful flirtation with no real sexual intentions implied. Learning to tell the difference between playful banter and real sexual overtures is just part of being a social human being. If this is too hard for you, then maybe forgo friendship with the opposite sex altogether and only meet women through dates, where the social context is explicit (I'm assuming you're a straight male based on your comment).
Friendzone is a bullshit concept that is based on the notion that a woman's only value is as a sexual objective for you.
The Facebook Purity extension has a filter that will remove "share posts" from your feed. They have a bunch of other filters to remove sponsored posts and the like as well. With the right combination of options, you can just about rewind facebook to 2008 or so.
I'll go ahead and field this one: Steam is a games-distribution platform owned by Valve, a privately-held company that has continually demonstrated a commitment to providing an excellent product and service that exceeds any of their peers, while at he same time showing remarkable transparency of operations and who have a history of responding to their users.
You're kidding, right? Steam is a great service, and Valve seems like it is doing a good job of safeguarding its customers' data. However, Valve is famously a secretive black box of a company that closely guards all of its internal processes. And Steam support is likewise notorious for being capricious, unresponsive, or sometimes nonexistent.
So you're proposing that they provide untold billions of dollars worth of infrastructure to billions of people who use their services all day long, but make the money necessary to run all of that by ... what? Selling decorative accent carpets, car washes, and whole grain muffins? Please be specific.
Well in this case, they are selling us a $600 piece of hardware as well as running the storefront where we purchase software for said hardware. I imagine there must be some way to make money by taking dollars from people. The data harvesting clauses in this case are egregious and probably wouldn't be there if Oculus weren't owned by Facebook.
There are plenty of contractors with clearances and CACs that do not qualify as a civilian DOD employee. You can check this by logging into MilConnect with your CAC. If the tab next to your personal information says CIV, there will be a checkbox to opt-in to PreCheck. If it says CTR (like mine), then you are out of luck.
Also, not everyone with a clearance gets a CAC, you have to be able to justify it to the sponsor and some are more willing than others to approve them. Where I work roughly 50% of us are cleared, but only a small percentage hold CACs. There's probably a vast pool of people they could enroll just by going through the OPM database and assigning PreCheck numbers to anyone with an active clearance.
Now he's a good example why "tough on crime" and sending people to prison for minor non-violent infractions (or things that shouldn't be infractions in the first place) is a really bad idea. He didn't repent in prison: he got radicalized and came out worse.
I think it's unlikely that a reasonably attentive driver would hit a pedestrian stepping out between parked cars. On any road, there still needs to be room for somebody who just parked to open his door.
That's rich. In Boston, we have plenty of streets that are two-way in name only. You either familiarize yourself with the convention of which way people tend to drive down it or be prepared to play chicken. And that's before people start parking half on the sidewalk. On both sides of the street. And then dump a couple of feet of snow on top of it.
When you open the driver side door, you check your mirror, crack the door, look over your shoulder, and then make a break for the sidewalk (or Look, Latch, and Leap, as my driver's ed instructor used to put it). Needless to say, if a pedestrian strolls out from behind a van or SUV without peeking around the edge for traffic first, yes they will get flattened, no matter how attentive the driver or how hard they stand on the brake.
If anything would horrify our founding fathers, it would be our large standing Army and the general lack of self-reliance.
I don't know, I suspect for many of the founding fathers, it would be that we've allowed women and blacks to vote.
Which is why I don't think America should automatically hew to 200+ year old principles held by the founding fathers.
It's fortunate for us then that they gave us a living constitution that can be amended as society and morality evolved. I for one, as a lefty socialist peacenik, am not particularly attached to the 2nd amendment, and I would feel perfectly safe living in a society where personal firearms are far more restricted than they are today.
However, I have to side with the "gun nuts" for the most part on issues of federally mandated gun control. The language is pretty clear: the "well regulated militia" bit is just expository preamble, and anyway "well regulated" and "militia" don't mean what most pro gun control folks want it to mean in the context of when the amendment was ratified.
If you are willing to tie the language of the 2nd amendment into knots to get what you want, what does that mean for ones you might care more about, like the 1st, 4th, or 5th?
Because tracking down all your dependencies' dependencies (and their deps, (and their deps, ad infinitum)) can get to be a huge hassle. This is especially true if you need to bump up to a newer version of a lib you depend on and it has a ripple effect throughout the dependency tree. For example, in one of my java projects, if you include transitive deps, there are 192 jars required at runtime. This count goes up if you include stuff that is part of the build scaffolding.
What we do is use Ivy to manage deps and Ivy is configured to point at only at a private Nexus server that we run. The Nexus server in turn proxies for Maven central and whatever other repos we need to pull from. We can also manually add stuff to the Nexus repo if there are one off deps that aren't available from an existing repo. The private Nexus repo itself is backed up on a regular bases so we are completely isolated from any shenanigans that are happening on other repos except when we have to update a dependency.
In your case where you add deps as git sub modules, how do you mitigate the fact the the third party lib you are pulling in as a git module might itself use a dependency manager and be pulling things in from the internet as part of its build process? Or do you rewrite the builds of all your first order deps to include the transitive deps as sub-sub modules?
I had several friends who abandoned computer programming in college because health care became the new money major for everyone to enroll in after the dot com bust. In fact, I was told repeatedly that I was crazy to pursue a technical career. My friends make more money in health care than I do in IT, but they hate their jobs because they don't like being around sick people. Ironically, some of my best paying IT assignments were from working at hospitals.
That's why I spent 10 years doing healthcare IT. First there was all the work on the business side getting everyone HIPAA-compliant, and now on the clinical side everyone wants to build an HIE.
If your timeline for generating revenue is "a few years", then you should not be in the business of doing advanced research. You're just going to be disappointed.
The app maker can intercept things all day, but if the messages are encrypted on the client, and the keys are not stored on the app maker's servers, then you will have no way of decrypting them. It's the same thing as if I used an encrypting handset over a POTS line: the phone company may be required to intercept it, but they won't be able to do anything with the results without the keys off the handset.
Doesn't cislunar just mean between the earth and moon? If that's the case, then all the Apollo missions necessarily took place mostly in cislunar space. Maybe first this century, or first for the SLS, but not first full stop.
In my youth as a latch-key kid in the eighties before caller ID, my parents used a code when calling us: ring three times, hang up, wait 20 seconds, and call again. If we didn't hear that ring pattern, we weren't to pick up the phone when home alone.
I think you mean Tasmanian Devils, not wombats. Also there is a domestic canine tumor that is sexually transmissible.
I don't think the constitution requires 9 justices, it just creates the court and grants the president the power to appoint them. 9 is just the traditional number.
Your argument is reasonable, just not based on constitutional principles. I don't think this law abides by the constitution, even if it seems reasonable enough. How do you reckon the feds have authority in such matters?
What the congress can do, however, is attach strings to federal assistance programs for schools to enforce these types of regulations. Since many schools systems or states absolutely depend on this money, the feds have a good deal of leeway in the kinds of regulations they can enforce.
This same kind of pressure gave us the national speed limit, raised the drinking age to 21, and created the right turn on red rule: all these measures were mandated at the federal level by tying compliance to federal highway funds.
The court was right in my opinion. The breach is bad, but showing concrete material damages (outside of copyright infringment suits) is a usual requirement. If the plaintiffs couldn't show they were harmed, Michael's doesn't need to make them whole.
There is still potential for various other types of lawsuits to succeed; PCI compliance, or criminal negligence, etc.
This is why we need statutory punitive damages to make companies liable for these kinds of breaches. Otherwise they have no incentive to protect your data. The harm done by all these leaks just becomes an externality. The only way we are going to get corporations to protect the data they are entrusted with is if they have a financial interest in doing so.
You should at least cite your sources :P
It's not as if we are ever going to learn the truth in these kinds of "incidents". Russia will say they were in Syria, Turkey will say they were in Turkey.
However this time since the pilot parachuted in Syria, and got captured by rebels, I tend to believe the Russian story. If the plane was shot down in Turkey, the Turkish army would have recovered the pilot, isn't it?
Jets move fast, wind blows a parachute around. It's possible that when the missile was launched, the Russian jet was in Turkey but by the time of impact, missile and jet were over Syria. Based on the description, it sounds like the Russians were flying parallel tot he border and flew across a small finger of Turkish land that protruded into Syria. It sounds like both countries are somewhat it the wrong. The Russians technically entered Turkish airspace, but they were transiting, not flying a sortie in Turkey. The Turks over reacted.
Basically isn't that the core of it? Regardless of one's feelings about it, doesn't FB have the right to dictate what content they allow?
First Amendment issues might be different is this was a gov't run/controlled site, right? Oh wait... um, hmmm...
Sure, but by exercising editorial control, they now bear an increased responsibility for the content they do allow to be posted. You can't have it both ways: either you are a disinterested common carrier that provides a medium of transmission, or you are an active curator who is liable for what your users post.
Fighting in a war zone is one thing, going into restaurants in the middle of Paris and opening up with automatic AK-47s into civilians eating dinner is quite another.
People who would do such things are animals and aren't worth dealing with on an even level. If they wish to behave this way, then they should be treated that way.
Yes, dropping bombs from 20,000 feet on the restaurant is far more civilized.
1 in 50,000 is pretty unsecure if you ask me. That means that there are 200 people in a million that can get into my phone...
1 in 50,000 is better than the 1 in 10,000 you get with a 4 digit PIN, which is what the fingerprint is usually replacing. And since you usually get at least 10 wrong guesses before the phone locks for a long time or erases itself, the PIN is more like 10:10,000 or 1:1000. And to be fair, your chances of matching a random fingerprint are actually 5:50,000 since it lets you try 5 times (or 5 different fingers) before locking out TouchID.
Having TouchID lets me set a long alphanumeric passcode. This is tolerable since I don't have to enter it very often. So I am arguably more secure now than with the 4-digit PIN I was using before since the convenience of the biometric allows me to set a longer, seldom-used passcode.
It's not just /. HTML compresses consecutive spaces when rendering unless you explicitly use non-breaking spaces.