While what you are saying is generally true, two facts are worth mentioning 1) first and foremost, a license is not regarded as 100% equivalent to a "contract" in its treatment under the law, and it is inadvisable to equate them, and 2) what you are referring to in terms of the first born son thing is what we call restrictions against "unconscionable" terms in an agreement, which while patently obvious when it comes to things like handing over a first born child, might be less so for more mundane business things, even if you were not to like them. So tread with care.
Oh, there are probably selection reasons, but this doesn't prevent human applications, because the recent 1M years of evolution and selection pressure may have no relevancy at all to the human context. Consider human age limits? Why is the human not evolved to live longer? The answer is probably "there was no particular evolutionary need/utility for that". I.e., once you have birthed children and raised them to adults, you have no further "use" to your selfish gene. Defeating that is beneficial to us, but not evolution.
Because gleefully exclaiming that the money is worth the risk is probably an indicator of an unstable personality at best,...
Your post did not deserve the "Insightful". Three things are wrong with it:
1) You gamely attempt to play armchair psychologist without much working comprehension of psychology, and 2) You have no idea at all what "warzone" like work for an IT worker is in a "warzone," and 3) You appear entirely unacquainted with the market for IT workers supporting the front
To wit" you had no "insight" to provide at all.
The work does suck, though. Just not for any reason you've written about. You simply don't have a clue.
But it's also exempt from hourly work requirements. Which is to say, if they give you 30 hours of stuff to do in a particular week, and you therefore only show up for 30 hours, that's just the way it is.
Isn't it funny how everyone's talking about how expensive power is, but when you do actual sunk and runtime cost calculations, it's rather meh? I have to tell this to sales people all the time. They look at me with disbelief.
There was this company, COPAN systems (that got acquired by SGI, I think). Their storage was, without a doubt, the lowest power storage on the market. It was also expensive. When I told them that they were FAR too expensive, they tried to convince me that we'd actually SAVE money by buying storage that was $500K/PB more than mainstream companies like NetApp. I then brought out my power analysis.
Here we have entire companies based on false premises.
It's the damndest thing.
BTW, it/was/ true that if you could not get more power from the municipal power sources, COPAN might work. But that's a thin thread indeed to hang a company on.
Well, if all browsers did this, you could just install a different one. Whatever else is true, no browser should write to windows or programs (except to install/update itself, a special case which admittedly gives you a quick headache), but what I'm saying is that the protection methods exist, and are being underexploited. MAC is one way; VM isolation is another; "jailing" all ftp roots is another. More here, please.
As far as the confined locked in appstore, don't worry, Apple will encounter an antitrust demon... eventually.
How much space should a web browser be allowed to use to store cookies?
This is a good question, and I appreciate that unrestricted space consumption is its own form of denial of service, but while thinking about better security it's not always a good idea to shackle oneself with best. It is certainly better to be sure that the web browser cannot overwrite kernel.dll, yes?
As for you question about microphone and camera, I think that this would be a very good case for UAC. This website wants to active your computer camera, will you let it? You could kind of treat it like popup denial. Sophisticated users might turn that off entirely, and look for an obscure browswer warning in the GUI when the website's not quite right (ala denied popups).
BTW, if you're interested in this sort of security, you can implement it pretty well now:
1. Install your favorite type-II hypervisor (e.g., VMware workstation). 2. Install, configure, patch the OS and your favorite browser. 3. Configure the OS to allow access to the parent computer on a limited bases, into two sections only: a folder in which the child VM stores things like favorites, and a second section where you can download stuff. 4. Configure a checkpoint. 5. Configure the VM to always rollback to checkpoint when rebooted.
Voila. You have a box that unp0wns itself on reboot.
Use it for all your internet browsing.
If you want to really play the security game, clone this box. Conduct any online financials exclusively on this VM, and on this VM only.
Well, you could have generally prohibited areas. For example, except for a conceptual new installation region, the program could be prohibited from reading or writing anything in Windows and/or Program Files.
Your rephrased question amounts to a policy question. A lot of noggin' time needs to be spent on that. But various sandboxing and/or MAC techniques could certainly be put to good use. For example, the web browser process, even when run as Administrator, has no business modifying certain files on your computer. Same with your mail client (if you have one). This would naturally apply to any process spawned by any of the mentioned parent processes.
Imagine that all the web browser could do was set a cookie, record a favorite, or write files into downloads. And that restriction applied to all derivative processes. Elevations wouldn't be allowed. Such a web browser would be mostly harmless to the local computer, even under the worst of circumstances.
While one might dream up exceptions to this, what I am saying is that Microsoft needs to dream up an approach for which actually works using mentioned approaches, in a practical way.
I certainly do not think they have exhausted all options here, by any stretch.
Well I'm going to have to go RTFA now, based on your comment. However, from your remark "beat the Xeon on all benchmarks which can generate enough threads," I'm curious how it is doing on virtualization. That is the corporate benchmark these days.
While I have performed similar calculations and come to similar conclusions, when you calculated the cost of "power" (and you would, naturally also include cooling), did you at the same time calculate the depreciation costs of the implied capital for power and cooling (power mainboard, transformer, subpanel distribution, heat exchangers, chiller plant) as well as preventative maintenance and so forth for all of previous mentioned?
As someone who hires occasionally, and has been responsible for evaluating candidates for job positions, I tend to treat post-graduate degrees a bit akin to work experience. I'm not troubled by a degree that is off-theme a bit. For example, the work that we do is computer-related. I'll take degrees in computer science, computer engineering, computational biology, computational physics, mathematics. Note the math thing. In that particular case I would be looking for a lot of evidence in personal initiative with computing. E.g., "open source contributor" or otherwise.
Some of the threads here are failing to distinguish between employers who hire PhD's for PhD purpose, and those that just hire them. My organization is in the latter group. There are lots of such organizations. Just two buildings over from me, my organization hires PhD's in photogrammetry. So my organization isn't even consistent about that.
You do realize that all businesses successful under capitalism engage in anti-competitive behavior, right? It's called competing, ironically enough.
Not really. Competitive behavior is pricing your product to sell. Anticompetitive behavior is temporarily dropping the price of your product sufficiently long enough to put your competitor out of business, with malice aforethought.
At program installation time, the program is given a list of areas of the computer and other behaviors that it is allowed to access. It can't do more than that even if installed and run by a 100% privileged account.
This is otherwise known as "mandatory access control".
Public behavior should be recordable. You really don't want a precedent set against the recording of public behavior. It's not in anyone's interests.
However, we need to remain diligent and make sure that it is always all public behavior, meaning it must always include the public behaviors of those who work for the government in any capacity. Without exception.
Well, that's strange. 1999 would have been a great year to get a cleared job in the DoD community, and the DoD community tends not to have the same biases as commerce. There is the little issue that we separate internal positions into "systems administration" versus "systems engineering," the latter of which requires either a degree or an army of professional certificates, but this shouldn't have stopped you from getting a job in DoD-related IT at all. Lockheed, Boeing, Northrop Grumman, Raytheon, etc, all hire people like you all the time. We call it the "clearance, and a pulse" phenomenon.
Well, 4 years experience trumps the degree most of the time. The experience versus degree question is more of a question of experience or talent. Higher degrees tend to select for slightly higher IQ's; even SAT is effectively a bit of an IQ test. Then there is the question of work ethic, which of course none of what we discussed so far gives you much insight.
He was referring to the various sorts of non-verified and commonly inflated income statements that were made by some buyers. That's hardly everyone, or even any kind of significant percentage AFAICT, but of course they should be held to fraud as well.
> The OS+hypervisor has a larger attack surface than the OS alone, period. Unless you can prove your hypervisor is un-hackable (don't make me laugh), a virtualized system is less secure.
This is a fair point. On the other side of it, though, you have emerging new features such as the ability to install your anti-malicious software tools up at the hypervisor level, which can, in theory treat the VM as a sort of honey pot. You can also install the hypervisor's mgmt system onto a private network.
The other thing that is starting to happen in virtualization/cloud environments is that people are beginning to treat the VM's as disposable. So if they are owned, you either delete them or roll them back using a check point mechanism.
Very soon now the approach to detecting the bad guy will be virus scanners that aren't installed in the OSses, and network attack scanners that aren't installed in the OSes, and software firewall devices not installed in the OSses. That whole part of the enterprise is about to transform in one fell swoop.
So while what you are saying is technically true (more attack services), the ability of the enterprise to cope with attacks, with lower amounts of staff, is currently in the process of shooting up, in part due to virtualization. Overall security isn't just about vulnerabilities. It's also about bad guy detection, and getting them out.
The net result will be more security, and not less.
This interpretation might be true for you, but it would only be true for a large legal entity like a corporation if they made a decision to not buy support for RHEL anywhere in the entire company. The license is clear; if you buy support even once, you must have support for every RHEL you have installed. Given this is the case, it's better to flip to CentOS or even OEL, which has that nice internet-only support model which entitles you to patches but no phone calls at literally 1:10th of RHEL's support costs.
Whatever else is the case, I can tell you for a fact that certain manufacturers (e.g., EMC, NetApp) are not supply constrained right now, and the situation is not affecting pricing. Wanna bet that these big storage companies have specific agreements about supply?
Slashdot Mirror
While what you are saying is generally true, two facts are worth mentioning 1) first and foremost, a license is not regarded as 100% equivalent to a "contract" in its treatment under the law, and it is inadvisable to equate them, and 2) what you are referring to in terms of the first born son thing is what we call restrictions against "unconscionable" terms in an agreement, which while patently obvious when it comes to things like handing over a first born child, might be less so for more mundane business things, even if you were not to like them. So tread with care.
Enlarged heart is not in and of itself a "problem". Pick out your favorite high endurance athlete. I guarantee you: they have an enlarged heart.
Oh, there are probably selection reasons, but this doesn't prevent human applications, because the recent 1M years of evolution and selection pressure may have no relevancy at all to the human context. Consider human age limits? Why is the human not evolved to live longer? The answer is probably "there was no particular evolutionary need/utility for that". I.e., once you have birthed children and raised them to adults, you have no further "use" to your selfish gene. Defeating that is beneficial to us, but not evolution.
You mean Canada isn't a state?
Because gleefully exclaiming that the money is worth the risk is probably an indicator of an unstable personality at best, ...
Your post did not deserve the "Insightful". Three things are wrong with it:
1) You gamely attempt to play armchair psychologist without much working comprehension of psychology, and
2) You have no idea at all what "warzone" like work for an IT worker is in a "warzone," and
3) You appear entirely unacquainted with the market for IT workers supporting the front
To wit" you had no "insight" to provide at all.
The work does suck, though. Just not for any reason you've written about. You simply don't have a clue.
So why post?
But it's also exempt from hourly work requirements. Which is to say, if they give you 30 hours of stuff to do in a particular week, and you therefore only show up for 30 hours, that's just the way it is.
Isn't it funny how everyone's talking about how expensive power is, but when you do actual sunk and runtime cost calculations, it's rather meh? I have to tell this to sales people all the time. They look at me with disbelief.
There was this company, COPAN systems (that got acquired by SGI, I think). Their storage was, without a doubt, the lowest power storage on the market. It was also expensive. When I told them that they were FAR too expensive, they tried to convince me that we'd actually SAVE money by buying storage that was $500K/PB more than mainstream companies like NetApp. I then brought out my power analysis.
Here we have entire companies based on false premises.
It's the damndest thing.
BTW, it /was/ true that if you could not get more power from the municipal power sources, COPAN might work. But that's a thin thread indeed to hang a company on.
Well, if all browsers did this, you could just install a different one. Whatever else is true, no browser should write to windows or programs (except to install/update itself, a special case which admittedly gives you a quick headache), but what I'm saying is that the protection methods exist, and are being underexploited. MAC is one way; VM isolation is another; "jailing" all ftp roots is another. More here, please.
As far as the confined locked in appstore, don't worry, Apple will encounter an antitrust demon... eventually.
How much space should a web browser be allowed to use to store cookies?
This is a good question, and I appreciate that unrestricted space consumption is its own form of denial of service, but while thinking about better security it's not always a good idea to shackle oneself with best. It is certainly better to be sure that the web browser cannot overwrite kernel.dll, yes?
As for you question about microphone and camera, I think that this would be a very good case for UAC. This website wants to active your computer camera, will you let it? You could kind of treat it like popup denial. Sophisticated users might turn that off entirely, and look for an obscure browswer warning in the GUI when the website's not quite right (ala denied popups).
BTW, if you're interested in this sort of security, you can implement it pretty well now:
1. Install your favorite type-II hypervisor (e.g., VMware workstation).
2. Install, configure, patch the OS and your favorite browser.
3. Configure the OS to allow access to the parent computer on a limited bases, into two sections only: a folder in which the child VM stores things like favorites, and a second section where you can download stuff.
4. Configure a checkpoint.
5. Configure the VM to always rollback to checkpoint when rebooted.
Voila. You have a box that unp0wns itself on reboot.
Use it for all your internet browsing.
If you want to really play the security game, clone this box. Conduct any online financials exclusively on this VM, and on this VM only.
C//
Well, you could have generally prohibited areas. For example, except for a conceptual new installation region, the program could be prohibited from reading or writing anything in Windows and/or Program Files.
Your rephrased question amounts to a policy question. A lot of noggin' time needs to be spent on that. But various sandboxing and/or MAC techniques could certainly be put to good use. For example, the web browser process, even when run as Administrator, has no business modifying certain files on your computer. Same with your mail client (if you have one). This would naturally apply to any process spawned by any of the mentioned parent processes.
Imagine that all the web browser could do was set a cookie, record a favorite, or write files into downloads. And that restriction applied to all derivative processes. Elevations wouldn't be allowed. Such a web browser would be mostly harmless to the local computer, even under the worst of circumstances.
While one might dream up exceptions to this, what I am saying is that Microsoft needs to dream up an approach for which actually works using mentioned approaches, in a practical way.
I certainly do not think they have exhausted all options here, by any stretch.
Well I'm going to have to go RTFA now, based on your comment. However, from your remark "beat the Xeon on all benchmarks which can generate enough threads," I'm curious how it is doing on virtualization. That is the corporate benchmark these days.
While I have performed similar calculations and come to similar conclusions, when you calculated the cost of "power" (and you would, naturally also include cooling), did you at the same time calculate the depreciation costs of the implied capital for power and cooling (power mainboard, transformer, subpanel distribution, heat exchangers, chiller plant) as well as preventative maintenance and so forth for all of previous mentioned?
As someone who hires occasionally, and has been responsible for evaluating candidates for job positions, I tend to treat post-graduate degrees a bit akin to work experience. I'm not troubled by a degree that is off-theme a bit. For example, the work that we do is computer-related. I'll take degrees in computer science, computer engineering, computational biology, computational physics, mathematics. Note the math thing. In that particular case I would be looking for a lot of evidence in personal initiative with computing. E.g., "open source contributor" or otherwise.
Some of the threads here are failing to distinguish between employers who hire PhD's for PhD purpose, and those that just hire them. My organization is in the latter group. There are lots of such organizations. Just two buildings over from me, my organization hires PhD's in photogrammetry. So my organization isn't even consistent about that.
Point being, you can go either way with this.
You do realize that all businesses successful under capitalism engage in anti-competitive behavior, right? It's called competing, ironically enough.
Not really. Competitive behavior is pricing your product to sell. Anticompetitive behavior is temporarily dropping the price of your product sufficiently long enough to put your competitor out of business, with malice aforethought.
One behavior is legal.
The other is not.
At program installation time, the program is given a list of areas of the computer and other behaviors that it is allowed to access. It can't do more than that even if installed and run by a 100% privileged account.
This is otherwise known as "mandatory access control".
Public behavior should be recordable. You really don't want a precedent set against the recording of public behavior. It's not in anyone's interests.
However, we need to remain diligent and make sure that it is always all public behavior, meaning it must always include the public behaviors of those who work for the government in any capacity. Without exception.
Well, that's strange. 1999 would have been a great year to get a cleared job in the DoD community, and the DoD community tends not to have the same biases as commerce. There is the little issue that we separate internal positions into "systems administration" versus "systems engineering," the latter of which requires either a degree or an army of professional certificates, but this shouldn't have stopped you from getting a job in DoD-related IT at all. Lockheed, Boeing, Northrop Grumman, Raytheon, etc, all hire people like you all the time. We call it the "clearance, and a pulse" phenomenon.
Well, 4 years experience trumps the degree most of the time. The experience versus degree question is more of a question of experience or talent. Higher degrees tend to select for slightly higher IQ's; even SAT is effectively a bit of an IQ test. Then there is the question of work ethic, which of course none of what we discussed so far gives you much insight.
Three words: Land Value Tax.
Go carefully read through the Fair Tax. Anyway, reducing collection points is FTW.
He was referring to the various sorts of non-verified and commonly inflated income statements that were made by some buyers. That's hardly everyone, or even any kind of significant percentage AFAICT, but of course they should be held to fraud as well.
On the positive side, the value of fixed (previously purchased) mortgages in real dollars is about to drop catastrophically.
> The OS+hypervisor has a larger attack surface than the OS alone, period. Unless you can prove your hypervisor is un-hackable (don't make me laugh), a virtualized system is less secure.
This is a fair point. On the other side of it, though, you have emerging new features such as the ability to install your anti-malicious software tools up at the hypervisor level, which can, in theory treat the VM as a sort of honey pot. You can also install the hypervisor's mgmt system onto a private network.
The other thing that is starting to happen in virtualization/cloud environments is that people are beginning to treat the VM's as disposable. So if they are owned, you either delete them or roll them back using a check point mechanism.
Very soon now the approach to detecting the bad guy will be virus scanners that aren't installed in the OSses, and network attack scanners that aren't installed in the OSes, and software firewall devices not installed in the OSses. That whole part of the enterprise is about to transform in one fell swoop.
So while what you are saying is technically true (more attack services), the ability of the enterprise to cope with attacks, with lower amounts of staff, is currently in the process of shooting up, in part due to virtualization. Overall security isn't just about vulnerabilities. It's also about bad guy detection, and getting them out.
The net result will be more security, and not less.
Mr. Crosby has a good crystal ball. He is right.
This interpretation might be true for you, but it would only be true for a large legal entity like a corporation if they made a decision to not buy support for RHEL anywhere in the entire company. The license is clear; if you buy support even once, you must have support for every RHEL you have installed. Given this is the case, it's better to flip to CentOS or even OEL, which has that nice internet-only support model which entitles you to patches but no phone calls at literally 1:10th of RHEL's support costs.
Whatever else is the case, I can tell you for a fact that certain manufacturers (e.g., EMC, NetApp) are not supply constrained right now, and the situation is not affecting pricing. Wanna bet that these big storage companies have specific agreements about supply?