That some (perhaps most) of these companies would cut corners and do the wrong thing was inevitable. But the implication of your question is that it's inevitable everywhere, which is not true. It's perfectly possible to construct a system so that no employees have access to the content other than those who need it to troubleshoot specific problems at customer request, and even those are closely audited and monitored.
The fact that your data is stored on their servers guarantees that these kinds of things can happen.
This need not be true, though it takes deliberate effort and discipline on the part of the company. The company as a whole certainly has access to your data, but they can structure things so that no employee does, and that the ways in which the data can be used by the systems and people are limited to the ways that customers know and expect.
They even say WHY they keep that data: To monetize it!
This also need not be true. Nest, for example, explicitly says that it does not.
No, it's her desire to see him not get a key campaign promise through
Okay. I can see why Nancy Pelosi would want to deny him that; you have to expect the opposition to oppose. My question is: Why did Paul Ryan and Mitch McConnell want to prevent him from getting that key campaign promise through? This "blame the Democrats" mantra rings pretty hollow given that the Republican congress refused for two years to give Trump his wall.
The answer, of course, is that Trump's campaign promise was dumb, a waste of money. He knew that at the time he was encouraging people to chant "Build the wall!", which is why he kept having to claim that he'd find some way to make Mexico pay for it. Even his supporters would have balked at footing the bill themselves. His other option was to offer to pay for it himself, but he certainly didn't want to risk having to follow through on that promise. Especially since he might have to admit that he doesn't have that kind of money.
Basically no one other than Trump really wants to pay for a wall. I'm not sure even Trump wants it as much as he wants to keep Mueller off the front page. The shutdown is doing that. And the court battles that will arise from his emergency declaration and attempt to divert FEMA funding will do a fair job of it as well, for a while. I wonder what crisis he'll create next?
The fact is that if Trump wanted $10B to bomb a randomly named country
Yep, I'm sure you're right. That's the next crisis. And I suspect you're also right that the Dems will fall in line, given an even semi-coherent justification. Any guess as to what country it will be? Back into Syria, claiming that the withdrawal was just a ruse, to cover for his plans to jump in with both feet? I don't think so, because Russia wants Syria, and Trump does what Putin wants. Big expansion in Iraq/Afghanistan? Dunno. It would have to be something that doesn't step on the toes of his autocratic buddies in China, Russia and Turkey. Bomb Palestine? Turning the shacks of poverty-stricken and basically unarmed people into rubble would be beyond the pale for most, but Trump is capable of it, and sufficiently insensitive to public reactions to do it. Netanyahu would love it. Still, probably not Palestine. I don't see any good candidates, frankly, but I'm sure one of his remaining aides can find one.
As an aside, I'd love to see the House pass a government funding bill with $5.7B earmarked for a wall... but only as matching funding, to be disbursed as a dollar-for-dollar match for funds contributed voluntarily by Mexico, or by Trump voters (since there's no way to check who someone voted for, it's fine to accept contributions from any American -- they've got $20M so far). Yes, it would be pure legislative snark. And funny as hell. And probably beneath the dignity of the House of Representatives (as low as that bar is). So probably not, more's the pity.
[outside perspective here, I live in the US] The autobahn is a limited access freeway system designed specifically for high speed with strictly enforced laws that are implemented to avoid crashes (no riding in the left lane, for instance)
Also, only about half of it has no speed limit, and even those portions have an "advisory speed limit" of 130 kph (~80 mph). It's not illegal to exceed this speed, but if you exceed it and there's an accident you're presumed to have acted unreasonably for purposes of any liability evaluation.
In addition, since we're talking about speed cameras, though, it should be pointed out that those are rarely, if ever, used on limited access highways, so the autobahn is a red herring.
That some (perhaps most) of these companies would cut corners and do the wrong thing was inevitable. But the implication of your question is that it's inevitable everywhere, which is not true. It's perfectly possible to construct a system so that no employees have access to the content other than those who need it to troubleshoot specific problems at customer request, and even those are closely audited and monitored. Yes, even the sysadmins can be disallowed access, through use of encryption and separation of responsibilities applied both to the system architecture and to the groups of administrators who manage different elements of the system.
I know this can be done because I've seen it done (and participated in doing it), including regular pen testing and ongoing security analysis to ensure it's tight and stays tight. It's not even that expensive to do on a large scale. It's challenging for startups to do well, but can be done even there; liberal use of cloud computing helps because it's easy to put the bulk data processing in a location where it's physically inaccessible to all of your employees, and logical access can easily be partitioned among admins. Appropriate use of encryption is essential, to ensure that no system in isolation (and therefore the managers of that system) has access to sensitive data in plaintext. Then you just need to carefully architect, control and audit the ways in which ciphertext and decryption keys can be brought together.
As someone who has watched a significant amount of Fox News, I have to disagree. I think you are in error in conflating Fox News written content and Fox News television content. Their written content is generally not bad, but their televised content is nothing more than a systematic attempt to blur the line between editorial and news. I suggest you try watching Fox News and then compare it to reading Fox News and see if your would consider them as having the same journalistic standards.
That's a potentially valid point. I don't have any way to watch TV (no over-the-air signal where I live and I don't pay for cable/dish), so my take on their content is based on what I get from their website.
First result from a google of "fox news ignoring stories".
Hmm. You said "ignores" and the Vox article headline says "ignores", but their data (which they do not describe any methodology for obtaining, more's the pity) says "covers less".
I would agree that Fox's coverage of things they don't like tends to be less than coverage of things they do like... and that's a really important form of bias, and it's real. But your original statement was that "Fox is just trying to bullshit you", as in tell lies. That's false, as far as I can see. They don't generally provide incorrect facts, and they don't generally ignore stories, though they allocate the amount of coverage differently (and favorably to their viewpoint).
But what they actually need is to generate the expected rate of return. It's not enough just to be profitable, you have to be profitable enough to justify the capital tied up in your operations and the risk that you'll fail. If the owners of that capital find that your risk-adjusted return is lower than what they can get elsewhere, they'll take their capital elsewhere.
And this is a good thing!
If there are other places the capital will as-reliably generate greater returns, it's because those other places are doing a better job of using their capital and other assets to produce goods or services that people want. This is precisely why capital markets are efficient (note that I'm not claiming they're perfectly efficient; that would be silly), and why they have proven so successful at raising standards of living around the world. It's the primary reason why 27,000 people will escape extreme poverty today. And tomorrow. And the next day. It's not the only reason, and it's not an unalloyed good, but it's the biggest reason and it is a net good.
If we as a society don't want TV makers to use this data-based model, there are a few things we can do about it. We can use the law to either bar them from using this business model, or perhaps just to ensure that the data they collect and what they do with it is made plainly known to their potential customers, and let them decide whether they'd rather just pay more up front. Or maybe we can just try to publicize the information other ways and let customers decide (though I'm skeptical that would work).
In every organization, there's always someone who has too much access. And there's not really a good way to avoid it.
I agree with the first sentence, not so much with the second.
It is absolutely possible to divide responsibilities so that no single person has deep access. The larger the number of people who must collude in order to destroy your security, the stronger your actual security is.
The problem is that security is rarely a high priority, and few organizations bother to do the analysis to decide whether they have any single points of failure. Apparently, even incredibly well-funded crime syndicates fail at this.
The Sinaloa Cartel should not have had one IT guy, they should have had a half-dozen, each responsible for different areas of the technology stack. The guy who managed the VOIP servers should not have been the same guy who managed the keys... and the key management infrastructure should have been architected so that no human ever had access to the raw key material. Sometimes there's no way to avoid working on a machine that has the key material, but it's always possible to avoid displaying it, and you can use the "four eyes" rule to ensure that the guy doing the work doesn't try to grab copies of the keys. Oh, and the second pair of eyes should be both knowledgeable and rotated frequently, and randomly augmented with a third set.
The Cartel should also have had at least two competent IT security people responsible for analyzing the systems and ensuring that no single points of security failure existed, and imposing process and demanding system changes where necessary. These two should have worked separately and cross-checked one another.
Of course, although funding such a large IT and security team was no problem for the Cartel, I'm sure the criminal nature of the organization also imposed a desire to minimize the number of people involved. Probably a foolish desire. I think it would be more effective to include "flipping" in the threat model and structure the team and approach accordingly. I have to admit that I haven't spent much time thinking about what the "flipping" threat looks like or how to address it, since I wouldn't work for a crime syndicate. I do think about how to prevent attacks based on buying off or coercing key people of legitimate companies, which seems like almost the same thing, but maybe not.
CNN makes mistakes. Fox is just trying to bullshit you.
Actually these days Fox seems to be trying to beam messages directly into the President's head.
How much time do you spend watching/reading Fox News?
Personally, I've been trying to read them regularly, specifically because I want to understand that side of the coverage, though I still use the NY Times as my primary news source. What I see is that it's not nearly as bad as I had been led to believe. Outside of a handful of opinion commentators who tend to go off the rails on occasion, the factual level of their coverage is pretty good. They often cover things that I'd have thought they would prefer to ignore, and do it fairly. Their headlines tend to have an obvious slant to them -- though not be actually incorrect -- but the articles tend to be accurate.
I mention this only because I think there are lots of left-leaning and moderate people around who have a very inaccurate perception of Fox News, which derives from their own online echo chambers. I think that's just as unhealthy as if Fox really were what so many believe them to be.
So, you didn't lower your grocery bill by switching to cash, you lowered your grocery bill by choosing to buy less expensive food and dealing with the suckiness that entailed. As for your link... meh. If you live to a budget, cash vs plastic doesn't make any difference... except you don't get the 2% cash back from the card.
When you have a sample size of 1, it's easy to believe in spells and fairies....however in the real world, in corporate America where turn over is a constant, old programmers get tossed on their ass on a regular basis. Don't believe me, read a few articles about IBM's layoffs. How about the Microsoft? Google? Perhaps UC Medical Center?
Interesting that you should mention Google, since that's where I work:-)
And if you read the post you responded to, you'll see my sample size is far more than one. Not only did I mention my co-workers (who have a lot of collective experience), but I've been in the industry for 30 years which obviously cannot all have been at Google. As it happens a big chunk of it was at IBM, where the only ageism I saw was pension cost-cutting.
The point is if you bothered to read the news and follow what's been going on in the IT sector, you'd understand that state of the industry.
IT or software development? The two are hugely different.
I first noticed it myself when I used to do contracting. Multiple times in contract interviews they'd ask variations of, "We'd like to confirm you are comfortable working for a project lead who is younger." They wouldn't ask such unless something about age made them hesitant.
Don't be ridiculous. People in every industry would ask you that question. It's common for people to feel like the reporting hierarchy should somehow match the age hierarchy.
The big problem with software development is it has no direct future. If you don't move into management-esque positions, your career will plateau early. It can be decent money, don't get me wrong, but it's a poor ticket to a bigger and better future.
"Old" developers are typically not very welcomed. The reasons are a long and winding topic, and there are exceptions, but the bottom line is the software biz is not kind to "age".
At what point does this age problem kick in? I'm 50 and not seeing it. I have coworkers in their 60s and they're not seeing it. Heck, I know one guy in his early 70s who just likes to work and doesn't want to retire. He's independently wealthy at this point, having been through a couple of successful startups, so he tends to work for a year or two (at a premium salary, given his incredible depth and breadth of experience) and then take a year off.
From what I can see, software development is about as close to a pure merit-based industry as I've seen. If you can write good code, nobody much cares what you look like, how you dress (well, clothing is generally mandatory), the color of your hair, etc.
The one issue I have seen is that software devs who have accumulated only one or two years of experience in 20 years of work, meaning they've spent the whole time doing the same things over and over again, find it hard to get a job because they want to be paid like a 20-year veteran, but aren't any more effective than someone a couple years out of school.
Are you suggesting that you want security research done by philosophers?
The way you phrase this question is disingenous. Obviously computer security research isn't most effectively done by philosophers (though if they do and do it successfully, good on 'em), nor physical security research. But research into the security/trustworthiness of our epistemological processes is squarely in the province of philosophy. Important assumptions about epistemology were implicit in the philosophy of the pre-Socratics, and epistemology was explicitly addressed by Aristotle and has been a major subject of philosophical work every since.
Philosophers are exactly the people I'd expect to test the processes by which we construct scientific knowledge.
In the early 2000s, Google should have been smart enough to know that "by default, just let anyone do anything" was a bad place to start.
That's not where they started, at all (and Google wasn't involved until 2005). They started with a much tighter security model than Windows had. Every app sandboxed and running as its own UID to make sure that apps couldn't look at each others' files (unless they chose to make them world-readable), and every app having to declare the permissions it would use and requiring users to approve those permissions before installing. The original Android security model was tighter than the Windows security model is today.
That the original security model wasn't adequate is now clear, but it's hardly reasonable to expect the early Android engineers to have understood that their radically tighter security model still wasn't going to be good enough.
the Supreme court can shut the whole thing down on constitutional grounds if it so chooses (though it needs a volunteer with standing to bring a relevant case against the government).
It also needs an executive branch who is willing to abide by its rulings. We take that mostly for granted, since it's so rare in US history that the other branches have chosen to ignore court decisions. You can bet that the courts don't take it for granted, though. They know full well that they have to be seen as the reasonable, apolitical branch or they'll lose their power, because if the other branches ignore them and the voters don't care there's nothing they can do about it.
The history of this is fascinating. We all accept now that the Supreme Court is the ultimate arbiter of constitutionality, but it's worth noting that the Constitution itself doesn't say that, and it wasn't a foregone conclusion that it would be so. Our tradition of accepting SCOTUS as the interpreter of the Constitution began with Marbury v Madison and Chief Justice John C. Marshall's decision that the Supreme Court had no constitutional authority to enforce judicial appointments made by President John Adams, which his successor, President Thomas Jefferson, ordered not to be delivered. To understand the power of that decision, it's crucial to understand that Marshall was not only a close ally of Adams and political opponent of Jefferson, but that Marshall himself had personally signed the appointment commissions in question when he was Adams' Secretary of State. Marshall had even hired his younger brother to deliver the commissions.
So, the country pretty much expected Marshall to support his political ally and defy his political opponent by ordering the opponent to carry out the commissions he himself had worked to create and distribute. Adams certainly expected it. But Marshall instead took the position that the court had no constitutional authority to do so, despite the fact that Congress had given the court that authority in Jucidiary Act of 1789, ruling that portion of the Judiciary Act unconstitutional. It was the fact that he essentially opposed himself made the decision politically powerful and thereby effectively created the role of the Supreme Court as the body whose job it is to read the Constitution and decide whether executive and legislative actions accord with it. It was the carefully selfless nature of that decision that led everyone to accept it and established the precedent that the other branches fall in line.
But they haven't always, and the court would have no recourse if they were to stop. Only the voters could intervene.
And note that voter intervention assumes we continue the tradition of accepting the results of elections. The whole system rests on a foundation of traditional expectations. Things are the way they are because we all expect them to be that way.
I certainly won't disagree with the basic point. It's unwise to trust your business with free services that give you no specific set of guarantees. There's value in paying just so that you have a contract and know what you can count on.
If you're concerned about Google scanning your stuff, you can always buy her a GSuite subscription rather than use a consumer account. It's pretty cheap.
Which is what you want to do for some other reason, too. Free Google accounts come with absolutely zilch support. If she locks herself out of her account, it will be lost.
There are good reset options available for consumer accounts, but you have to set those up in advance. Google pushes you to do it, but many don't.
Unless the Chromebook will do everything and anything your employee needs, don't skimp.
I don't disagree, but I want to point out that the primary value of a Chromebook isn't the cheaper hardware -- indeed, high-end Chromebooks aren't particularly cheap -- it's the fact that the costs of training, setup, maintenance and backup are all basically zero. Well, you might want to spend $5 per month on a GSuite Basic account.
Of course if the employee needs to do something that can't be done in a web browser, then a Chromebook may not work.
Since she's straight out of college and a non-techie...
For a safer environment, I'd give her something with Linux on it.
If she actually only needs a browser, plus some sort of office suite... I'd have her use the ChromeOS variant of Linux, with Google Docs. That will make your long-distance asynchronous collaboration smoother as well, since shared cloud-based docs are so much easier than emailing files around. Chromebooks are basically bulletproof from a security perspective (well, nothing is perfect, but ChromeOS is about as close as you can get), and since they sync everything to the cloud, and everything is versioned, you don't need to worry about backups. If her laptop gets run over by a truck you just buy her a new one and everything is there.
If you're concerned about Google scanning your stuff, you can always buy her a GSuite subscription rather than use a consumer account. It's pretty cheap.
Really, if you want a zero-maintenance business laptop for a non-technical user that doesn't need non-web apps, there's nothing that compares to a Chromebook.
That said, I strongly agree with the commenter who suggested letting her pick. Unless she is so non-technical that she isn't going to be able to choose, or doesn't want to, you'll get more benefit from making her happy than you'll save from cheaper hardware. Unless her choice turns into a support nightmare, of course.
Slashdot Mirror
That some (perhaps most) of these companies would cut corners and do the wrong thing was inevitable. But the implication of your question is that it's inevitable everywhere, which is not true. It's perfectly possible to construct a system so that no employees have access to the content other than those who need it to troubleshoot specific problems at customer request, and even those are closely audited and monitored.
The fact that your data is stored on their servers guarantees that these kinds of things can happen.
This need not be true, though it takes deliberate effort and discipline on the part of the company. The company as a whole certainly has access to your data, but they can structure things so that no employee does, and that the ways in which the data can be used by the systems and people are limited to the ways that customers know and expect.
They even say WHY they keep that data: To monetize it!
This also need not be true. Nest, for example, explicitly says that it does not.
No, it's her desire to see him not get a key campaign promise through
Okay. I can see why Nancy Pelosi would want to deny him that; you have to expect the opposition to oppose. My question is: Why did Paul Ryan and Mitch McConnell want to prevent him from getting that key campaign promise through? This "blame the Democrats" mantra rings pretty hollow given that the Republican congress refused for two years to give Trump his wall.
The answer, of course, is that Trump's campaign promise was dumb, a waste of money. He knew that at the time he was encouraging people to chant "Build the wall!", which is why he kept having to claim that he'd find some way to make Mexico pay for it. Even his supporters would have balked at footing the bill themselves. His other option was to offer to pay for it himself, but he certainly didn't want to risk having to follow through on that promise. Especially since he might have to admit that he doesn't have that kind of money.
Basically no one other than Trump really wants to pay for a wall. I'm not sure even Trump wants it as much as he wants to keep Mueller off the front page. The shutdown is doing that. And the court battles that will arise from his emergency declaration and attempt to divert FEMA funding will do a fair job of it as well, for a while. I wonder what crisis he'll create next?
The fact is that if Trump wanted $10B to bomb a randomly named country
Yep, I'm sure you're right. That's the next crisis. And I suspect you're also right that the Dems will fall in line, given an even semi-coherent justification. Any guess as to what country it will be? Back into Syria, claiming that the withdrawal was just a ruse, to cover for his plans to jump in with both feet? I don't think so, because Russia wants Syria, and Trump does what Putin wants. Big expansion in Iraq/Afghanistan? Dunno. It would have to be something that doesn't step on the toes of his autocratic buddies in China, Russia and Turkey. Bomb Palestine? Turning the shacks of poverty-stricken and basically unarmed people into rubble would be beyond the pale for most, but Trump is capable of it, and sufficiently insensitive to public reactions to do it. Netanyahu would love it. Still, probably not Palestine. I don't see any good candidates, frankly, but I'm sure one of his remaining aides can find one.
As an aside, I'd love to see the House pass a government funding bill with $5.7B earmarked for a wall... but only as matching funding, to be disbursed as a dollar-for-dollar match for funds contributed voluntarily by Mexico, or by Trump voters (since there's no way to check who someone voted for, it's fine to accept contributions from any American -- they've got $20M so far). Yes, it would be pure legislative snark. And funny as hell. And probably beneath the dignity of the House of Representatives (as low as that bar is). So probably not, more's the pity.
[outside perspective here, I live in the US] The autobahn is a limited access freeway system designed specifically for high speed with strictly enforced laws that are implemented to avoid crashes (no riding in the left lane, for instance)
Also, only about half of it has no speed limit, and even those portions have an "advisory speed limit" of 130 kph (~80 mph). It's not illegal to exceed this speed, but if you exceed it and there's an accident you're presumed to have acted unreasonably for purposes of any liability evaluation.
In addition, since we're talking about speed cameras, though, it should be pointed out that those are rarely, if ever, used on limited access highways, so the autobahn is a red herring.
What did you think would happen?
That some (perhaps most) of these companies would cut corners and do the wrong thing was inevitable. But the implication of your question is that it's inevitable everywhere, which is not true. It's perfectly possible to construct a system so that no employees have access to the content other than those who need it to troubleshoot specific problems at customer request, and even those are closely audited and monitored. Yes, even the sysadmins can be disallowed access, through use of encryption and separation of responsibilities applied both to the system architecture and to the groups of administrators who manage different elements of the system.
I know this can be done because I've seen it done (and participated in doing it), including regular pen testing and ongoing security analysis to ensure it's tight and stays tight. It's not even that expensive to do on a large scale. It's challenging for startups to do well, but can be done even there; liberal use of cloud computing helps because it's easy to put the bulk data processing in a location where it's physically inaccessible to all of your employees, and logical access can easily be partitioned among admins. Appropriate use of encryption is essential, to ensure that no system in isolation (and therefore the managers of that system) has access to sensitive data in plaintext. Then you just need to carefully architect, control and audit the ways in which ciphertext and decryption keys can be brought together.
As someone who has watched a significant amount of Fox News, I have to disagree. I think you are in error in conflating Fox News written content and Fox News television content. Their written content is generally not bad, but their televised content is nothing more than a systematic attempt to blur the line between editorial and news. I suggest you try watching Fox News and then compare it to reading Fox News and see if your would consider them as having the same journalistic standards.
That's a potentially valid point. I don't have any way to watch TV (no over-the-air signal where I live and I don't pay for cable/dish), so my take on their content is based on what I get from their website.
https://www.vox.com/2018/5/30/...
First result from a google of "fox news ignoring stories".
Hmm. You said "ignores" and the Vox article headline says "ignores", but their data (which they do not describe any methodology for obtaining, more's the pity) says "covers less".
I would agree that Fox's coverage of things they don't like tends to be less than coverage of things they do like... and that's a really important form of bias, and it's real. But your original statement was that "Fox is just trying to bullshit you", as in tell lies. That's false, as far as I can see. They don't generally provide incorrect facts, and they don't generally ignore stories, though they allocate the amount of coverage differently (and favorably to their viewpoint).
They want the +50% margin iPhones get.
Sure, who wouldn't?
But what they actually need is to generate the expected rate of return. It's not enough just to be profitable, you have to be profitable enough to justify the capital tied up in your operations and the risk that you'll fail. If the owners of that capital find that your risk-adjusted return is lower than what they can get elsewhere, they'll take their capital elsewhere.
And this is a good thing!
If there are other places the capital will as-reliably generate greater returns, it's because those other places are doing a better job of using their capital and other assets to produce goods or services that people want. This is precisely why capital markets are efficient (note that I'm not claiming they're perfectly efficient; that would be silly), and why they have proven so successful at raising standards of living around the world. It's the primary reason why 27,000 people will escape extreme poverty today. And tomorrow. And the next day. It's not the only reason, and it's not an unalloyed good, but it's the biggest reason and it is a net good.
If we as a society don't want TV makers to use this data-based model, there are a few things we can do about it. We can use the law to either bar them from using this business model, or perhaps just to ensure that the data they collect and what they do with it is made plainly known to their potential customers, and let them decide whether they'd rather just pay more up front. Or maybe we can just try to publicize the information other ways and let customers decide (though I'm skeptical that would work).
Every system no matter how well built has at least one point of failure. It may not be exploitable in any practical way, but it does exist.
I'm talking about single points of failure. And I disagree with your statement. Do you have any evidence to support it?
Fox is notorious for ignoring important news stories for political reasons. It's well documented.
Got any examples? Or links to said documentation? I've only been looking for more than the last couple of months, but I haven't seen that.
In every organization, there's always someone who has too much access. And there's not really a good way to avoid it.
I agree with the first sentence, not so much with the second.
It is absolutely possible to divide responsibilities so that no single person has deep access. The larger the number of people who must collude in order to destroy your security, the stronger your actual security is.
The problem is that security is rarely a high priority, and few organizations bother to do the analysis to decide whether they have any single points of failure. Apparently, even incredibly well-funded crime syndicates fail at this.
The Sinaloa Cartel should not have had one IT guy, they should have had a half-dozen, each responsible for different areas of the technology stack. The guy who managed the VOIP servers should not have been the same guy who managed the keys... and the key management infrastructure should have been architected so that no human ever had access to the raw key material. Sometimes there's no way to avoid working on a machine that has the key material, but it's always possible to avoid displaying it, and you can use the "four eyes" rule to ensure that the guy doing the work doesn't try to grab copies of the keys. Oh, and the second pair of eyes should be both knowledgeable and rotated frequently, and randomly augmented with a third set.
The Cartel should also have had at least two competent IT security people responsible for analyzing the systems and ensuring that no single points of security failure existed, and imposing process and demanding system changes where necessary. These two should have worked separately and cross-checked one another.
Of course, although funding such a large IT and security team was no problem for the Cartel, I'm sure the criminal nature of the organization also imposed a desire to minimize the number of people involved. Probably a foolish desire. I think it would be more effective to include "flipping" in the threat model and structure the team and approach accordingly. I have to admit that I haven't spent much time thinking about what the "flipping" threat looks like or how to address it, since I wouldn't work for a crime syndicate. I do think about how to prevent attacks based on buying off or coercing key people of legitimate companies, which seems like almost the same thing, but maybe not.
CNN makes mistakes. Fox is just trying to bullshit you.
Actually these days Fox seems to be trying to beam messages directly into the President's head.
How much time do you spend watching/reading Fox News?
Personally, I've been trying to read them regularly, specifically because I want to understand that side of the coverage, though I still use the NY Times as my primary news source. What I see is that it's not nearly as bad as I had been led to believe. Outside of a handful of opinion commentators who tend to go off the rails on occasion, the factual level of their coverage is pretty good. They often cover things that I'd have thought they would prefer to ignore, and do it fairly. Their headlines tend to have an obvious slant to them -- though not be actually incorrect -- but the articles tend to be accurate.
I mention this only because I think there are lots of left-leaning and moderate people around who have a very inaccurate perception of Fox News, which derives from their own online echo chambers. I think that's just as unhealthy as if Fox really were what so many believe them to be.
If so, that underscores my other comments about "typical" expectations being shattered in IT Land.
Not in the slightest. The same question would be asked for the same situation elsewhere -- and the same situation does happen elsewhere.
So, you didn't lower your grocery bill by switching to cash, you lowered your grocery bill by choosing to buy less expensive food and dealing with the suckiness that entailed. As for your link... meh. If you live to a budget, cash vs plastic doesn't make any difference... except you don't get the 2% cash back from the card.
Lets compromise on second tier technology, because the other superior product doesn't oblige with your favorite license agreement.
I agree completely, though I don't care about a specific license agreement, just that it be OSI compliant.
When you have a sample size of 1, it's easy to believe in spells and fairies....however in the real world, in corporate America where turn over is a constant, old programmers get tossed on their ass on a regular basis. Don't believe me, read a few articles about IBM's layoffs. How about the Microsoft? Google? Perhaps UC Medical Center?
Interesting that you should mention Google, since that's where I work :-)
And if you read the post you responded to, you'll see my sample size is far more than one. Not only did I mention my co-workers (who have a lot of collective experience), but I've been in the industry for 30 years which obviously cannot all have been at Google. As it happens a big chunk of it was at IBM, where the only ageism I saw was pension cost-cutting.
The point is if you bothered to read the news and follow what's been going on in the IT sector, you'd understand that state of the industry.
IT or software development? The two are hugely different.
I first noticed it myself when I used to do contracting. Multiple times in contract interviews they'd ask variations of, "We'd like to confirm you are comfortable working for a project lead who is younger." They wouldn't ask such unless something about age made them hesitant.
Don't be ridiculous. People in every industry would ask you that question. It's common for people to feel like the reporting hierarchy should somehow match the age hierarchy.
You need to read more philosophy. I suggest you start with Karl Popper.
The big problem with software development is it has no direct future. If you don't move into management-esque positions, your career will plateau early. It can be decent money, don't get me wrong, but it's a poor ticket to a bigger and better future.
"Old" developers are typically not very welcomed. The reasons are a long and winding topic, and there are exceptions, but the bottom line is the software biz is not kind to "age".
At what point does this age problem kick in? I'm 50 and not seeing it. I have coworkers in their 60s and they're not seeing it. Heck, I know one guy in his early 70s who just likes to work and doesn't want to retire. He's independently wealthy at this point, having been through a couple of successful startups, so he tends to work for a year or two (at a premium salary, given his incredible depth and breadth of experience) and then take a year off.
From what I can see, software development is about as close to a pure merit-based industry as I've seen. If you can write good code, nobody much cares what you look like, how you dress (well, clothing is generally mandatory), the color of your hair, etc.
The one issue I have seen is that software devs who have accumulated only one or two years of experience in 20 years of work, meaning they've spent the whole time doing the same things over and over again, find it hard to get a job because they want to be paid like a 20-year veteran, but aren't any more effective than someone a couple years out of school.
Are you suggesting that you want security research done by philosophers?
The way you phrase this question is disingenous. Obviously computer security research isn't most effectively done by philosophers (though if they do and do it successfully, good on 'em), nor physical security research. But research into the security/trustworthiness of our epistemological processes is squarely in the province of philosophy. Important assumptions about epistemology were implicit in the philosophy of the pre-Socratics, and epistemology was explicitly addressed by Aristotle and has been a major subject of philosophical work every since.
Philosophers are exactly the people I'd expect to test the processes by which we construct scientific knowledge.
In the early 2000s, Google should have been smart enough to know that "by default, just let anyone do anything" was a bad place to start.
That's not where they started, at all (and Google wasn't involved until 2005). They started with a much tighter security model than Windows had. Every app sandboxed and running as its own UID to make sure that apps couldn't look at each others' files (unless they chose to make them world-readable), and every app having to declare the permissions it would use and requiring users to approve those permissions before installing. The original Android security model was tighter than the Windows security model is today.
That the original security model wasn't adequate is now clear, but it's hardly reasonable to expect the early Android engineers to have understood that their radically tighter security model still wasn't going to be good enough.
the Supreme court can shut the whole thing down on constitutional grounds if it so chooses (though it needs a volunteer with standing to bring a relevant case against the government).
It also needs an executive branch who is willing to abide by its rulings. We take that mostly for granted, since it's so rare in US history that the other branches have chosen to ignore court decisions. You can bet that the courts don't take it for granted, though. They know full well that they have to be seen as the reasonable, apolitical branch or they'll lose their power, because if the other branches ignore them and the voters don't care there's nothing they can do about it.
The history of this is fascinating. We all accept now that the Supreme Court is the ultimate arbiter of constitutionality, but it's worth noting that the Constitution itself doesn't say that, and it wasn't a foregone conclusion that it would be so. Our tradition of accepting SCOTUS as the interpreter of the Constitution began with Marbury v Madison and Chief Justice John C. Marshall's decision that the Supreme Court had no constitutional authority to enforce judicial appointments made by President John Adams, which his successor, President Thomas Jefferson, ordered not to be delivered. To understand the power of that decision, it's crucial to understand that Marshall was not only a close ally of Adams and political opponent of Jefferson, but that Marshall himself had personally signed the appointment commissions in question when he was Adams' Secretary of State. Marshall had even hired his younger brother to deliver the commissions.
So, the country pretty much expected Marshall to support his political ally and defy his political opponent by ordering the opponent to carry out the commissions he himself had worked to create and distribute. Adams certainly expected it. But Marshall instead took the position that the court had no constitutional authority to do so, despite the fact that Congress had given the court that authority in Jucidiary Act of 1789, ruling that portion of the Judiciary Act unconstitutional. It was the fact that he essentially opposed himself made the decision politically powerful and thereby effectively created the role of the Supreme Court as the body whose job it is to read the Constitution and decide whether executive and legislative actions accord with it. It was the carefully selfless nature of that decision that led everyone to accept it and established the precedent that the other branches fall in line.
But they haven't always, and the court would have no recourse if they were to stop. Only the voters could intervene.
And note that voter intervention assumes we continue the tradition of accepting the results of elections. The whole system rests on a foundation of traditional expectations. Things are the way they are because we all expect them to be that way.
:-)
I certainly won't disagree with the basic point. It's unwise to trust your business with free services that give you no specific set of guarantees. There's value in paying just so that you have a contract and know what you can count on.
If you're concerned about Google scanning your stuff, you can always buy her a GSuite subscription rather than use a consumer account. It's pretty cheap.
Which is what you want to do for some other reason, too. Free Google accounts come with absolutely zilch support. If she locks herself out of her account, it will be lost.
There are good reset options available for consumer accounts, but you have to set those up in advance. Google pushes you to do it, but many don't.
Unless the Chromebook will do everything and anything your employee needs, don't skimp.
I don't disagree, but I want to point out that the primary value of a Chromebook isn't the cheaper hardware -- indeed, high-end Chromebooks aren't particularly cheap -- it's the fact that the costs of training, setup, maintenance and backup are all basically zero. Well, you might want to spend $5 per month on a GSuite Basic account.
Of course if the employee needs to do something that can't be done in a web browser, then a Chromebook may not work.
Since she's straight out of college and a non-techie...
For a safer environment, I'd give her something with Linux on it.
If she actually only needs a browser, plus some sort of office suite... I'd have her use the ChromeOS variant of Linux, with Google Docs. That will make your long-distance asynchronous collaboration smoother as well, since shared cloud-based docs are so much easier than emailing files around. Chromebooks are basically bulletproof from a security perspective (well, nothing is perfect, but ChromeOS is about as close as you can get), and since they sync everything to the cloud, and everything is versioned, you don't need to worry about backups. If her laptop gets run over by a truck you just buy her a new one and everything is there.
If you're concerned about Google scanning your stuff, you can always buy her a GSuite subscription rather than use a consumer account. It's pretty cheap.
Really, if you want a zero-maintenance business laptop for a non-technical user that doesn't need non-web apps, there's nothing that compares to a Chromebook.
That said, I strongly agree with the commenter who suggested letting her pick. Unless she is so non-technical that she isn't going to be able to choose, or doesn't want to, you'll get more benefit from making her happy than you'll save from cheaper hardware. Unless her choice turns into a support nightmare, of course.