Sort of like "I know burgalars are just going to come in through the windows, so I don't lock my doors."
Well, that's a completely different situation; but as it happens, yeah, that works for me, too. I'm going out tomorrow morning about 8am, I'll be back some time after 7pm, and there'll be (counts on fingers) one, two, three, _four_ open, unlocked doors into the house I live in. Unlikely to be many people around during the day, too.
but, astonishing as it sounds, terrorists watch TV, too. No doubt the people physically at the Superbowl are a little bit safer (and probably feel a bit safer, as well) for all this techno. Sadly, however, the hypothetical station-wagon full of stereotypical evil bearded Muslim fundamentalists (possibly with swords between their teeth and eyepatches? Who dares imagine what shapes the great American subconscious dreams...) - anyway, they're going to screech to a halt in a cloud of rubber. "Mustapha, you son of an infidel! The place is swarming with cops. Curses!!!!!!" *twirls moustache furiously for a moment* "I know, we'll do it next Saturday, at the Denver Earthworms vs. Seattle Turnipfarmers game, instead. Bwaa,hahahahaha!"
Net result in security: nil.
Bruce Schneier has some excellent things to say about "security" measures that defend against movie-plot threats. If you don't read Crypto-Gram yet, go sign yourself up, and learn how counter-intuitive reality can be.
(You might also think about how little you should trust your own intuition, and then deduce things about people who boast of theirs... but I don't want to interfere with domestic political matters:)
yeah, come on , I mean adding disclaimers in China pointing out that their govt demands filtered search results is one thing. Trying to set up a global walled-garden internet is beyond evil and into the area of "brain-meltingly stupid ways to piss away billions of dollars of investors' money". Remember when CompuServe and AOL were walled gardens, without proper end-to-end IP routing as part of the real internet?
If they do this, it means that Larry and Sergei have been replaced by eerie homunculii controlled by the Illuminatii from the same invisible spaceship that they use to control Bush, Blair, Bin Laden, Bill Gates and other menacing shadows of doom. And that I'm Dutch. Which I'm not.
I can't imagine any other ISP giving in to such bullshit, so the end result will be the end of internet email for AOL users. I can't see this doing anything more than speeding up the revolutions, and tightening the circle that AOL is describing around the great plughole at the bottom of the Internet. And I for one shall cheer when they finally collapse, along with other cretinous "pay to play" fools who've never heard of the network effect or Metcalfe's Law. In the words of Pete Doherty: "Fuck 'em."
As well as the groundswell of anger and resentment building up against Oracle (who were already notorious for charging the earth for crappy products, of which only the flagship database offers anything you can't get elsewhere - and even then, the RDBMS hardkore out there will tell you that very very few places use those features) - it's interesting to note that even Gartner, friend of the PHB everywhere, have turned on their erstwhile prize vendor.
I do not understand how anyone can deny the truth of this.
Because, my friend, humans are by and large profoundly stupid and ignorant. Indeed, many of those of us with an education remain startling stupid despite having a larger collection of facts at our fingertips. My personal theory on this is that it's caused by the illusion of an ego (cf: Daniel Dennett and the "theatre of consiousness".) Until we as a species understand and know where our sense of self, identity and existence comes from, the results of science will continue to be seen as "well, on the one hand they said this, on the other hand, those people say that. Perhaps the truth is somewhere in the middle."
Yep, sadly I have to agree... does *anyone* think that this move will mean more better movies in future? My guess is that virtually everyone expects, and will get, less creativity and less quality out of Pixar. Anyone at all think this is good news for films, as opposed to Jobs' bank balance?
I wrote a (not very good) review of 'Going Postal' for Slashdot, because it turns out to be about hackers and geeks and the Internet. The goodies are a secret nderground of 'information wants to be #Free' types called "the Smoking GNU". When I got to that point of the book I switched from thinking Pratchett might possibly be making vague allusions to the popular (public) perception of "hackers"; after reading the Smoking GNU bit I realised that he was actually talking about the "private" sense of "hacker". Anyway I got discouraged with the amount of polishing it needed, then started a new job, so it wsa never finished. Anyway, so - check out "Going Postal", it's jolly good, and as with a lot of his recent stuff is a bit more ambitious than 'send up Tolkein-esque fantasy fiction"
Please, go away and read some Bruce Schneier. He's the one of the authors of the AES crypto suite, the one developed by/for the USG, amongst many other things, and he has some very interesting things to say about post-911 security. Go read some issues of Crypto-Gram - the Jan 2006 issue just came out - and realise how wrong you are. Never mind, well done, now you get it....
Well, Vista does look like it's seriously going to be a helluva flop, but because of a very simple reason: users don't need it!
Son, I've been hearing people say that every time Microsoft finally crimps off another length of code into a shrinkwrapped box and calls it an OS since 1995. It was true then (cos Windows NT 3.51 was out...) and it's been true for every turd they've shipped since. And people still keep buying new PCs, which keep on arriving with the current shipping Microsoft OS for that market. They don't have to sellthe thing to anyone, they just have to 'roll it out'. Even corporates work on the same basis with a 12-24 month lag behind the consumer market.
"nuclear power releases less radioactive material than burning coal."
Complete bullshit, and yet again we see this tired old lie trotted out again and flogged until it stumbles around the ring once more... this is true ONLY if you only count "releases" as "stuff that comes out the top of the chimneys on site". Apart from the tons of highly radioactive waste (the spent fuel rods, cladding, reactor containment material etc) there's also the issue of how you decommission a nuclear station. I happen to live and work within fifteen miles of the site of the first evernuclear power generation reactors to be decommissioned, so I take some interest in this topic. They started work in 1988/89, IIRC, and I believe work is scheduled to finish, ooh, any decade now. In fact final site clearance (leaving a 100 foot wide concrete cube containing the reactor core, which will be lethally radioactive for hundreds of thousands of years and cannot safely be disposed of elsewhere) is scheduled for completion in the year 2089. No, I'm not making this up, that's how long it's going to take. Costs? No idea, who knows? It's a blank cheque - we HAVE to clean it up, regardless of the cost; if it comes down to it, nuclear clean up must be funded ahead of the health service, education, armed forces, transport,.. *everything*, in fact. Strangely, the govt and the privatised nuclear energy company refuse to divulge cost estimates, but the BBC mentions a figure of 2.5 billion quid.
Folks: it's not worth it.
the official plans (which of course are highly optimistic and filled with disclaimers along the lines of "if nothing goes wrong" - ie., we don't have any major disruptions of civil society, loss or power or shortages of energy, skills, resources, raw materials -
My datapoint: Running GNU/Linux on a P2/233Mhz, and I built my Mum her first computer three months ago, using parts pulled frorm a skip; it's a straight Pentium (yup, the original, 'classic'(?) P5), with 128Mb of RAM. All she does is basic web browsing, email, and types up the minutes from meetings of the church, uh, (...whatever you call church-wardens and the like.) It was just-about usable with a current Firefox under KDE, but switching to WindowMaker remvoes a lot of the load and it runs just fine. It's not fast exactly but it IS pretty responsive. Of course my Mum doesn't have anything else to compare it with, which helps;)
The main machine (the P2) is pimped to the max with 320Mb of RAM, and that helps as well - the more RAM you have, the less the CPU speed matters.
However, I can't quite shake off the creeping suspicion that I've got something terribly, terribly wrong in my model of the world, though, that I feel I have to point out that I told you so. Please, say it isn't just me!!
I was intending to submit this as a story, but I'm sure someone else will save me the trouble in a few days' time;)
The - final? - twist in the long, strange trip of the WMF bug - the vulnerability that just keeps on giving - has been revealed by H D Moore, the author of the Metasploit exploits (which is now on a third generation and even tricksier than ever!:)
To quote the words of a song by H D's namesake, Dudley:
Laugh? We nearly shat
We had not laughed so much since Grandma died
Or Aunty Mabel caught her left tit in the mangle...
(And I'm posting from a Thinkpad running Mandriva GNU/Linux, the first time I've been 100% Billy free at work as well as at home since 2000, so I'm allowed to laugh... no WINE for me cos I only run Free software *smug*:)
Sadly all too believable. As you move out of education into the real commercial world you'll notice this sort of crap happens routinely, virtually everywhere you look. Word of advice: be careful how you go about it if you try to raise such things with management. It's rare that you'll get thanked for it, because they will have to spend time & money on fixing stuff that in their eyes, doesn't need fixing. Go read Bruce Schneier's writings about externalities (CryptoGrams passim). He's been harping on about this sort of thing for years - how the cost of security isn't borne by the ones responsible for fixing stuff, so they have no incentive to do so. How you fix this sort of things is something of a topic in economics. I guess Wikipedia'll have something too, come to think of it, hmmm where's my other tab...
This is why apparently lame legislative and regulatory setups can be a good thing. Certs such as ISO17799, Sarbanes-Oxley, HIPAA, NIST etc etc actually connect how well a company does with how secure it is. Much of security that would seem like common-sense no-brainers to most of us are actually not worth the org's time and money. (Of course then you get into risk management topics, and quantifying risks, which is very hard to do. How likely is it that your 150 staff, who all use Internet Explorer, will get infected with a drive-by trojan? If they use Firefox? What about Firefox on OS/X? Now, how do you back up your intuitive answers with emperical evidence from the real world?
Fancy a career in infosec? It's a lot more fun than it sounds, actually;)
I take a vaguely zen approach to work. You're doing it because you're doing it, so make the most of it and dop it as well as you can. (It can be hard to maintain a state of mindfulness when doing a security audit of a Windows 2000 server sometimes, though.) Someone somewhere has written about this in the context of washing-up. I always enjoyed washing up (US readers: 'doing to dishes')...
He obviously doesn't understand what "impeachable offense" means.
I keep hearing this word 'impeachement' gettimng thrown about on Slashdot, but there's no suggestion in the mainstream media (that I've seen) wherethis is even mentioned as a possibility, let alone "well Bush will sureoly be impeached as he's now admitted in public a clear breach of the Constitution". Is this because the mainstream media just don't realise it yet? Or could it be wishful thinking? I'd love to believe the US system of government had enough checks and balances to make this happen, but somehow I just don't see it. The post-911 hoo-haa about "a state of war" and what extraordinary powers to combat extraordinary threats (radiation monitors outside mosques? I mean, really, come on!) isn't jgoing to just evaporate because a few tens of thousands of US military were casualties in Iraq.
Yep, completely agree. Also, here in the UK anyway, cubicles seem to be going out of fashion; the last six or seven places I've worked have had large open-plan offices with shared desks. Works pretty well most of the time, tho' headphones are mandatory when you need to focus. It makes it much easier to get to know the people around you and to pick up what's really going on on the grapevine. (These jobs have been a variety of programming, network and security consulting type stuff.)
Dunno about the US, but in the UK lawyers operate under what's called the 'taxi-rank principle' - they must accept whatever case walks in the door (I'm ignorant of how this works in practice, anyone?)
As anyone who's ever used SourceSafe will attest, it's horrible because it will lose your data.
Wow, I'm no Microsoft fanboy but even so, that's... pretty stunning. Source control systems that *lose your data*... *shakes head* wow. I think my best bet is going to be to build a Subversion server and quietly move a few individual devs over to it at one at a time, rather than trying to get official approval for a switch... present 'em with a fait accompli. If the MS alternative will cost us money, I know which way they'll jump:)
Slashdot Mirror
Nice village, this. I love the Forest :)
Net result in security: nil.
Bruce Schneier has some excellent things to say about "security" measures that defend against movie-plot threats. If you don't read Crypto-Gram yet, go sign yourself up, and learn how counter-intuitive reality can be.
(You might also think about how little you should trust your own intuition, and then deduce things about people who boast of theirs... but I don't want to interfere with domestic political matters :)
If they do this, it means that Larry and Sergei have been replaced by eerie homunculii controlled by the Illuminatii from the same invisible spaceship that they use to control Bush, Blair, Bin Laden, Bill Gates and other menacing shadows of doom. And that I'm Dutch. Which I'm not.
I can't imagine any other ISP giving in to such bullshit, so the end result will be the end of internet email for AOL users. I can't see this doing anything more than speeding up the revolutions, and tightening the circle that AOL is describing around the great plughole at the bottom of the Internet. And I for one shall cheer when they finally collapse, along with other cretinous "pay to play" fools who've never heard of the network effect or Metcalfe's Law. In the words of Pete Doherty: "Fuck 'em."
http://news.com.com/Gartner+Oracle+no+longer+a+bas tion+of+security/2100-7355_3-6030733.html
A sad day :(
I wrote a (not very good) review of 'Going Postal' for Slashdot, because it turns out to be about hackers and geeks and the Internet. The goodies are a secret nderground of 'information wants to be #Free' types called "the Smoking GNU". When I got to that point of the book I switched from thinking Pratchett might possibly be making vague allusions to the popular (public) perception of "hackers"; after reading the Smoking GNU bit I realised that he was actually talking about the "private" sense of "hacker". Anyway I got discouraged with the amount of polishing it needed, then started a new job, so it wsa never finished. Anyway, so - check out "Going Postal", it's jolly good, and as with a lot of his recent stuff is a bit more ambitious than 'send up Tolkein-esque fantasy fiction"
Please, go away and read some Bruce Schneier. He's the one of the authors of the AES crypto suite, the one developed by/for the USG, amongst many other things, and he has some very interesting things to say about post-911 security. Go read some issues of Crypto-Gram - the Jan 2006 issue just came out - and realise how wrong you are. Never mind, well done, now you get it....
Son, I've been hearing people say that every time Microsoft finally crimps off another length of code into a shrinkwrapped box and calls it an OS since 1995. It was true then (cos Windows NT 3.51 was out...) and it's been true for every turd they've shipped since. And people still keep buying new PCs, which keep on arriving with the current shipping Microsoft OS for that market. They don't have to sellthe thing to anyone, they just have to 'roll it out'. Even corporates work on the same basis with a 12-24 month lag behind the consumer market.
Complete bullshit, and yet again we see this tired old lie trotted out again and flogged until it stumbles around the ring once more... this is true ONLY if you only count "releases" as "stuff that comes out the top of the chimneys on site". Apart from the tons of highly radioactive waste (the spent fuel rods, cladding, reactor containment material etc) there's also the issue of how you decommission a nuclear station. I happen to live and work within fifteen miles of the site of the first ever nuclear power generation reactors to be decommissioned, so I take some interest in this topic. They started work in 1988/89, IIRC, and I believe work is scheduled to finish, ooh, any decade now. In fact final site clearance (leaving a 100 foot wide concrete cube containing the reactor core, which will be lethally radioactive for hundreds of thousands of years and cannot safely be disposed of elsewhere) is scheduled for completion in the year 2089. No, I'm not making this up, that's how long it's going to take. Costs? No idea, who knows? It's a blank cheque - we HAVE to clean it up, regardless of the cost; if it comes down to it, nuclear clean up must be funded ahead of the health service, education, armed forces, transport,.. *everything*, in fact. Strangely, the govt and the privatised nuclear energy company refuse to divulge cost estimates, but the BBC mentions a figure of 2.5 billion quid.
Folks: it's not worth it.
the official plans (which of course are highly optimistic and filled with disclaimers along the lines of "if nothing goes wrong" - ie., we don't have any major disruptions of civil society, loss or power or shortages of energy, skills, resources, raw materials -
The main machine (the P2) is pimped to the max with 320Mb of RAM, and that helps as well - the more RAM you have, the less the CPU speed matters.
However, I can't quite shake off the creeping suspicion that I've got something terribly, terribly wrong in my model of the world, though, that I feel I have to point out that I told you so. Please, say it isn't just me!!
Speaking as a King Crimson fan of more than 20 years, I'm a bit gutted about this. Apart from anything else, Fripp has shown interesting signs of 'getting it' with regard to copyright and the Pigopolists. See eg. this article on the company he started to buy back his copyrights, and indeed this previous post on a previous Slashdot article.
The - final? - twist in the long, strange trip of the WMF bug - the vulnerability that just keeps on giving - has been revealed by H D Moore, the author of the Metasploit exploits (which is now on a third generation and even tricksier than ever!:)
After all the jokes about WINE compatibility... it turns out that WINE is vulnerable, too!!
To quote the words of a song by H D's namesake, Dudley:
(And I'm posting from a Thinkpad running Mandriva GNU/Linux, the first time I've been 100% Billy free at work as well as at home since 2000, so I'm allowed to laugh... no WINE for me cos I only run Free software *smug* :)
I think you mean Network Associates, who bought McAffee years ago. Just after they'd bought Dr Solomon's, in turn, as it happens.
This is why apparently lame legislative and regulatory setups can be a good thing. Certs such as ISO17799, Sarbanes-Oxley, HIPAA, NIST etc etc actually connect how well a company does with how secure it is. Much of security that would seem like common-sense no-brainers to most of us are actually not worth the org's time and money. (Of course then you get into risk management topics, and quantifying risks, which is very hard to do. How likely is it that your 150 staff, who all use Internet Explorer, will get infected with a drive-by trojan? If they use Firefox? What about Firefox on OS/X? Now, how do you back up your intuitive answers with emperical evidence from the real world?
Fancy a career in infosec? It's a lot more fun than it sounds, actually ;)
David Brent.
I take a vaguely zen approach to work. You're doing it because you're doing it, so make the most of it and dop it as well as you can. (It can be hard to maintain a state of mindfulness when doing a security audit of a Windows 2000 server sometimes, though.) Someone somewhere has written about this in the context of washing-up. I always enjoyed washing up (US readers: 'doing to dishes')...
Yep, completely agree. Also, here in the UK anyway, cubicles seem to be going out of fashion; the last six or seven places I've worked have had large open-plan offices with shared desks. Works pretty well most of the time, tho' headphones are mandatory when you need to focus. It makes it much easier to get to know the people around you and to pick up what's really going on on the grapevine. (These jobs have been a variety of programming, network and security consulting type stuff.)
Dunno about the US, but in the UK lawyers operate under what's called the 'taxi-rank principle' - they must accept whatever case walks in the door (I'm ignorant of how this works in practice, anyone?)
Hilarious, thanks for the best laugh I've had all week! :D
Another obvious missing name: Microsoft. Which is nice, as it means that the list isn't _just_ composed of the holder of the biggest chequebook...