Yeah, that all depends on the end-user. Some end-users never really reply to our emails, aren't at their desks, etc. The higher up the chain the worse it gets; but honestly it's not because their rude but they just are super-busy, deluged with email already, etc. That's when the "unwritten institutional knowledge" comes in handy, to know which users will quickly answer emails and which are better off just going up to their desks.
Plus, physically going up to users often reinforces that IT are "real people" in the same building, build rapport, and helps establish those very important internal business / social connections. If IT is friendly and helpful with the users, the users will usually do the same. Also, having some written procedures that say "if no response, call user; if no answer or call back after XX time, go to their desk." or such.
It's worse than that. Often those companies will withhold wages and basically string the Indian employee along and force them to keep working there. Families get threatened, IDs are taken; often local "government" is complicit due to corruption.
I think the way to stop this is to pollute the system. Pick up, give false information, and move on. If I had it, I'd give them Tom King's info. He's the CISO of Experian, who is one of the companies selling my info to the scammers (they actually told me this...not Tom specifically, but Experian). Or Randall Stephenson, the CEO of AT&T.
It's trivial to spoof "call from" info. I get calls all the time from numbers that are very close to mine. Same prefix, just switching around the last four numbers, etc. The few time I've answered they are some vacation scam, requests for money from various "law enforcement societies", credit card "offers", etc. One CC call actually told me they "got my info from Experian", IMHO they are admitting they are probably using info from their data leak.
If I knew Tom King's "private info" (the CISO of Experian), I would pretend to be him and try to get him as many credit cards as possible because it's his fault I'm getting many of these calls.
I can do fake-ID calls easily with my homebrewed FreePBX / free SIP trunk setup. So just "reporting a number" is the same as "attacking an IP", there is a good chance that the number is fake. And why bother staying on a call to get contact info, when it's a call center in India or such, it's not like anything will happen to the scammers. They are using multiple way of getting these calls through, there is no real "single point of failure" to attack.
"The Century of the Self" documentary is amazingly good I absolutely second this! For anyone who wants to understand how we got to were we are now, this is required viewing.
That's the only regulation you support? So, a known gang member, after getting out of prison for murder, should have zero problem going and buying 100+ fully automatic weapons? You said "one gun regulation", so that means that anything below self-propelled rounds is good to go. Now, from the viewpoint of "protection against tyranny", that might be a good idea. I'm sure a gang member could find three other members to sign for him. Or someone who is mentally ill, hears voices, thinks many people are "out to kill them", etc. No regulations against domestic abusers, violent felons, etc! Just find three other felons to sign for you!
Um, it's not in any "order", they are separate stories. It's an anthology, not a serialized show. I'm assuming you wouldn't read a book of short stories and exclaim "None of these chapters make any sense to each other! This is the most random novel ever!"
Cheap drones with explosives have been used several times already. ISIS does it, the Russians in the Ukraine did it, anyone here on Slashdot with less than $2,000 could easily make a "kamikaze drone" even just using re-packed fireworks and homemade thermite. The Phantom 4 can go at least 4 miles, probably further if you hacked the firmware and told it to ignore anything about power for a return trip. ISIS used homemade drones with grenades and other conventional explosives on them. Flying drones are robots too!
Several reasons: Because Boston Dynamics is in the business of making commercial, "public" robotics. There are already MUCH larger players in that market. The tech isn't up to the level for a decent ground-based robot that's not treaded. Battery life; noisy engines.
And, they are working on this. They have developed several robots for DARPA, and DARPA is the one that gives the funding and sets the developmental goals. BD is "doubling down" as much as financially possible, and honestly their tech is only a part of the over-all military robot; they provide the "body" or the chassis. The weapons, any additional code towards autonomy (which still has ROL and ROW hurdles to pass), aren't within BD scope of business. Several DoD contractors usually work together under DARPA to make something this complex battlefield capable. Plus, even if BD makes a bad-ass "war robot" tomorrow, the DoD must still put it through a long and demanding set of testing protocols before using it.
Yeah, today I had fun killing Cortana today...Rename the dir in SystemApps, wait for the "in use" to popup, kill Cortana in Task Manager, then as quickly as possible click "try again". Only took three tries, but finally made it go away. My co-worker was impressed at least!
Everything in the WindowsApp directory, all the AppX packages, etc. I shouldn't have to spend hours via PowerShell fighting to remove games from an "Enterprise" operating system. I now have a love / hate relationship with DISM. There is always LTSB, but that is meant for "kiosk-like devices" only.
Both Intel and Google keep going after the "consumer space" for this, even though they have been shown repeatedly that the general public is just not wanting this. There IS a large market that could utilize augmented reality vision, which is various manufacturing, inspection, utilities, etc; basically any place that needs to apply diagrams out of a manual to real-world situations.
I could see, for example, smart glasses working with airline mechanics, bringing up the various specifications that need to be followed, the glasses scanning whole sections of aircraft making sure nothing is out of place. A system like this could even incorporate risk management; if X number of parts are showing the same Y issue, notify a safety team to a potential larger problem and have a larger inspection done.
Paramedics could use this in conjunction with emergency rooms; imagine an ER being able to remotely guide an EMT to look at specific injuries while en-route, use that information to prep an OR before they even arrive. Nurses in the ER could also use them on injuries, allowing doctors to better queue and prep for incoming patients. Calling in a "specialist" would be far easier, as the specialist could guide a surgeon remotely; especially if the smart glasses had dual cameras that fed into another smart glass the specialist was wearing enabling stereoscopic vision.
Complex manufacturing could use them too; seeing what electronics need to connect where, what bolts need to be tightened to what specifications. They could even be paired up with specialist tools that measured voltage, torque, etc that feeds back into a larger database. Such a system could send out automatic maintenance requests if later it was found that some bolt on some aircraft needed to be a X torque but was done Y instead; or type X fuse was used but a safety report shows that Y should have been used instead; or even that X IC was installed on a flight circuit board but they all need to be replaced with type Y instead.
This is the most INCORRECT comment so far. He actually has a very detailed vision, perhaps you should read it for yourself. For some reason, I thought that such a low UID poster would do more than just pull shit like your comment out of their ass.
"the United States should maintain a continuous human presence in low Earth orbit and, to the extent practical and consistent with national security priorities, should utilize commercial capabilities for operations in low Earth orbit."
" to develop and publish standards and specifications necessary for on-orbit habitats to house NASA astronauts and science experiments in low Earth orbit. "
"NASA continue its commercial partnerships for resupply and crew movement to the ISS and future low Earth orbit platforms. "
"Expresses a sense of Congress that space debris is a growing threat to space access and that the United States does not currently have a plan for developing space debris remediation capabilities."
"Space Transportation Infrastructure Matching Grants – Updates the Space Transportation Infrastructure Matching Grants program and funds it by setting aside one half of one percent of funding in the Airport and Airway Trust Fund. "
"Recognizes that startup space companies are often limited in their ability to offer cash compensation to employees. For stock or option compensation, defers employee tax liability until liquidation."
"space-based weather data and services can help mitigate gaps in critical weather requirements, increase architecture resilience, and augment legacy government weather systems."
"Electromagnetic Spectrum – Expresses a sense of Congress that commercial launch providers require access to spectrum during launch. Requires NTIA and FCC to ensure access to frequencies and reduce the number of authorizations required per launch." - this was actually a issue on one of SpaceX's recent launches when they were denied broadcasting.
I could go on, but I think everyone will get the point. For a thought experiment, let's say that he is able to turn his bill into NASA's operating policy. It's a very coherent policy that could push the US and all of mankind upwards. Weather monitoring is mentioned several times, as is working with foreign governments. Personally, I think the ASPA has amazing potential. None of Trump's other appointees have ANYTHING like this already outlined.
it was clearly a mistake by the web server I don't think you understand the definition of "mistake". LTFTFY: "an action or judgment that is misguided or wrong". This wasn't a mistake, the web server did EXACTLY WHAT IT WAS PROGRAMMED TO DO. The server didn't have an error, or make a misguided judgment. The human programmer did; I'm guessing their project requirements didn't specify NOT to do this. It's not really even a "flaw"; it's just bad programming. It's not "debug code".
Sucks to be you / them, because it's the last "couple of years" that Netflix has really hit a decent scifi stride. "Stranger Things", "Altererd Carbon" (what the new Blade Runner should have been like), "Lost in Space", all their Marvel series...
But I'm assuming your a troll because your posting anon.
Only in Microsoft-land do they charge you to buy a mail server (Exchange), while also charging you to buy the client (Outlook) that was specifically designed to talk to that mail server....and then they have the balls to say you need special permission to 'allow' them to talk (CALs).
You forgot to add in them charging you for the underlying OS as well.
It's an UNSOLVABLE problem, looking at it from the viewpoint of "fixed and done". It's a continual process,due to a huge army of APTs who are constantly pushing the envelope. Executives need to realize modern ITSEC is an unending war; one in which everything with electricity is a potential target. Every company and user is a target of various criminal groups and state-level actors; often there is quite a bit of overlap between those groups. It's no longer acceptable to believe that "law enforcement" is capable of handling any "computer hacking" that might happen; it should be a criminal offense to cover up breaches.
Exactly this. Average employees have ZERO comprehension of what goes on backend-wise. We have about 1,000 employees; we leverage Mimecast, blade servers, load balancers, a separate disaster recovery site, HA firewalls, a complex Exchange / Skype environment, etc. On top of all of that we are required to be 800-171 CUI compliant, which adds in a whole new level of complexity we are still working on hitting.
Even the executives think that a "purchased product" is the end of whatever; and have little idea the time and effort it takes to actually go from purchase to correctly configured install. Due to time constraints, usually the install process isn't properly documented, so if there is employee turnover it's "back to the start" on many projects. Part of my job is to force everyone to document their processes, but they are "learning as they go" so half the time we don't really know what needs to actually go into the documentation. There is also resistance from IT to document processes, because they think "no documented process" = "job security".
This is why companies get breached. IT only has the time to get a system up and running, and then it's pulled into production before it's ever locked down. Patches aren't applied because they "might break a 3rd party app" or something that has gained wide use. The original employees that did the setup were just a vendor team, who wanted more $$$ to "finish up on the security part"; or the employee team had a new project to do and never got around to going back in and finalizing the security lock-down. I also run into the problem of "well, this application is in constant 24/7 use so there is no window to shut it down and update it" so it becomes a forgotten security hole.
Slashdot Mirror
Yeah, that all depends on the end-user. Some end-users never really reply to our emails, aren't at their desks, etc. The higher up the chain the worse it gets; but honestly it's not because their rude but they just are super-busy, deluged with email already, etc. That's when the "unwritten institutional knowledge" comes in handy, to know which users will quickly answer emails and which are better off just going up to their desks.
Plus, physically going up to users often reinforces that IT are "real people" in the same building, build rapport, and helps establish those very important internal business / social connections. If IT is friendly and helpful with the users, the users will usually do the same. Also, having some written procedures that say "if no response, call user; if no answer or call back after XX time, go to their desk." or such.
It's worse than that. Often those companies will withhold wages and basically string the Indian employee along and force them to keep working there. Families get threatened, IDs are taken; often local "government" is complicit due to corruption.
I think the way to stop this is to pollute the system. Pick up, give false information, and move on. If I had it, I'd give them Tom King's info. He's the CISO of Experian, who is one of the companies selling my info to the scammers (they actually told me this...not Tom specifically, but Experian). Or Randall Stephenson, the CEO of AT&T.
It's trivial to spoof "call from" info. I get calls all the time from numbers that are very close to mine. Same prefix, just switching around the last four numbers, etc. The few time I've answered they are some vacation scam, requests for money from various "law enforcement societies", credit card "offers", etc. One CC call actually told me they "got my info from Experian", IMHO they are admitting they are probably using info from their data leak.
If I knew Tom King's "private info" (the CISO of Experian), I would pretend to be him and try to get him as many credit cards as possible because it's his fault I'm getting many of these calls.
I can do fake-ID calls easily with my homebrewed FreePBX / free SIP trunk setup. So just "reporting a number" is the same as "attacking an IP", there is a good chance that the number is fake. And why bother staying on a call to get contact info, when it's a call center in India or such, it's not like anything will happen to the scammers. They are using multiple way of getting these calls through, there is no real "single point of failure" to attack.
Brooke Brokack? She is my father's brother's nephew's cousin's former roommate!
"The Century of the Self" documentary is amazingly good I absolutely second this! For anyone who wants to understand how we got to were we are now, this is required viewing.
Well, it's not really the "appropriate" response, it is very common. Thus why "swatting" is such a phenomenon now, and has happened several times.
It seems it's more of a problem of the "mass killers" getting ahold of someone else's guns.
That's the only regulation you support? So, a known gang member, after getting out of prison for murder, should have zero problem going and buying 100+ fully automatic weapons? You said "one gun regulation", so that means that anything below self-propelled rounds is good to go. Now, from the viewpoint of "protection against tyranny", that might be a good idea. I'm sure a gang member could find three other members to sign for him. Or someone who is mentally ill, hears voices, thinks many people are "out to kill them", etc. No regulations against domestic abusers, violent felons, etc! Just find three other felons to sign for you!
Um, it's not in any "order", they are separate stories. It's an anthology, not a serialized show. I'm assuming you wouldn't read a book of short stories and exclaim "None of these chapters make any sense to each other! This is the most random novel ever!"
Cheap drones with explosives have been used several times already. ISIS does it, the Russians in the Ukraine did it, anyone here on Slashdot with less than $2,000 could easily make a "kamikaze drone" even just using re-packed fireworks and homemade thermite. The Phantom 4 can go at least 4 miles, probably further if you hacked the firmware and told it to ignore anything about power for a return trip. ISIS used homemade drones with grenades and other conventional explosives on them. Flying drones are robots too!
Several reasons: Because Boston Dynamics is in the business of making commercial, "public" robotics. There are already MUCH larger players in that market. The tech isn't up to the level for a decent ground-based robot that's not treaded. Battery life; noisy engines.
And, they are working on this. They have developed several robots for DARPA, and DARPA is the one that gives the funding and sets the developmental goals. BD is "doubling down" as much as financially possible, and honestly their tech is only a part of the over-all military robot; they provide the "body" or the chassis. The weapons, any additional code towards autonomy (which still has ROL and ROW hurdles to pass), aren't within BD scope of business. Several DoD contractors usually work together under DARPA to make something this complex battlefield capable. Plus, even if BD makes a bad-ass "war robot" tomorrow, the DoD must still put it through a long and demanding set of testing protocols before using it.
You didn't say it, but I would bet " re-done poorly on purpose for revenge / teach you a lesson"...
There is, even a LTSB pre-activated via KMS. Torrents are your friend.
Yeah, today I had fun killing Cortana today...Rename the dir in SystemApps, wait for the "in use" to popup, kill Cortana in Task Manager, then as quickly as possible click "try again". Only took three tries, but finally made it go away. My co-worker was impressed at least!
Everything in the WindowsApp directory, all the AppX packages, etc. I shouldn't have to spend hours via PowerShell fighting to remove games from an "Enterprise" operating system. I now have a love / hate relationship with DISM. There is always LTSB, but that is meant for "kiosk-like devices" only.
Both Intel and Google keep going after the "consumer space" for this, even though they have been shown repeatedly that the general public is just not wanting this. There IS a large market that could utilize augmented reality vision, which is various manufacturing, inspection, utilities, etc; basically any place that needs to apply diagrams out of a manual to real-world situations.
I could see, for example, smart glasses working with airline mechanics, bringing up the various specifications that need to be followed, the glasses scanning whole sections of aircraft making sure nothing is out of place. A system like this could even incorporate risk management; if X number of parts are showing the same Y issue, notify a safety team to a potential larger problem and have a larger inspection done.
Paramedics could use this in conjunction with emergency rooms; imagine an ER being able to remotely guide an EMT to look at specific injuries while en-route, use that information to prep an OR before they even arrive. Nurses in the ER could also use them on injuries, allowing doctors to better queue and prep for incoming patients. Calling in a "specialist" would be far easier, as the specialist could guide a surgeon remotely; especially if the smart glasses had dual cameras that fed into another smart glass the specialist was wearing enabling stereoscopic vision.
Complex manufacturing could use them too; seeing what electronics need to connect where, what bolts need to be tightened to what specifications. They could even be paired up with specialist tools that measured voltage, torque, etc that feeds back into a larger database. Such a system could send out automatic maintenance requests if later it was found that some bolt on some aircraft needed to be a X torque but was done Y instead; or type X fuse was used but a safety report shows that Y should have been used instead; or even that X IC was installed on a flight circuit board but they all need to be replaced with type Y instead.
This is the most INCORRECT comment so far. He actually has a very detailed vision, perhaps you should read it for yourself. For some reason, I thought that such a low UID poster would do more than just pull shit like your comment out of their ass.
His American Space Renaissance Act is actually pretty awesome. Ideas like:
"the United States should maintain a continuous human presence in low Earth orbit and, to the extent practical and consistent with national security priorities, should utilize commercial capabilities for operations in low Earth orbit."
" to develop and publish standards and specifications necessary for on-orbit habitats to house NASA astronauts and science experiments in low Earth orbit. "
"NASA continue its commercial partnerships for resupply and crew movement to the ISS and future low Earth orbit platforms. "
"Expresses a sense of Congress that space debris is a growing threat to space access and that the United States does not currently have a plan for developing space debris remediation capabilities."
"Space Transportation Infrastructure Matching Grants – Updates the Space Transportation Infrastructure Matching Grants program and funds it by setting aside one half of one percent of funding in the Airport and Airway Trust Fund. "
"Recognizes that startup space companies are often limited in their ability to offer cash compensation to employees. For stock or option compensation, defers employee tax liability until liquidation."
"space-based weather data and services can help mitigate gaps in critical weather requirements, increase architecture resilience, and augment legacy government weather systems."
"Electromagnetic Spectrum – Expresses a sense of Congress that commercial launch providers require access to spectrum during launch. Requires NTIA and FCC to ensure access to frequencies and reduce the number of authorizations required per launch." - this was actually a issue on one of SpaceX's recent launches when they were denied broadcasting.
I could go on, but I think everyone will get the point. For a thought experiment, let's say that he is able to turn his bill into NASA's operating policy. It's a very coherent policy that could push the US and all of mankind upwards. Weather monitoring is mentioned several times, as is working with foreign governments. Personally, I think the ASPA has amazing potential. None of Trump's other appointees have ANYTHING like this already outlined.
But...but...but...I coded to the specs given! You didn't say anything about security in the project requirements!
it was clearly a mistake by the web server I don't think you understand the definition of "mistake". LTFTFY: "an action or judgment that is misguided or wrong". This wasn't a mistake, the web server did EXACTLY WHAT IT WAS PROGRAMMED TO DO. The server didn't have an error, or make a misguided judgment. The human programmer did; I'm guessing their project requirements didn't specify NOT to do this. It's not really even a "flaw"; it's just bad programming. It's not "debug code".
Sucks to be you / them, because it's the last "couple of years" that Netflix has really hit a decent scifi stride. "Stranger Things", "Altererd Carbon" (what the new Blade Runner should have been like), "Lost in Space", all their Marvel series...
But I'm assuming your a troll because your posting anon.
Only in Microsoft-land do they charge you to buy a mail server (Exchange), while also charging you to buy the client (Outlook) that was specifically designed to talk to that mail server....and then they have the balls to say you need special permission to 'allow' them to talk (CALs).
You forgot to add in them charging you for the underlying OS as well.
It's an UNSOLVABLE problem, looking at it from the viewpoint of "fixed and done". It's a continual process,due to a huge army of APTs who are constantly pushing the envelope. Executives need to realize modern ITSEC is an unending war; one in which everything with electricity is a potential target. Every company and user is a target of various criminal groups and state-level actors; often there is quite a bit of overlap between those groups. It's no longer acceptable to believe that "law enforcement" is capable of handling any "computer hacking" that might happen; it should be a criminal offense to cover up breaches.
Exactly this. Average employees have ZERO comprehension of what goes on backend-wise. We have about 1,000 employees; we leverage Mimecast, blade servers, load balancers, a separate disaster recovery site, HA firewalls, a complex Exchange / Skype environment, etc. On top of all of that we are required to be 800-171 CUI compliant, which adds in a whole new level of complexity we are still working on hitting.
Even the executives think that a "purchased product" is the end of whatever; and have little idea the time and effort it takes to actually go from purchase to correctly configured install. Due to time constraints, usually the install process isn't properly documented, so if there is employee turnover it's "back to the start" on many projects. Part of my job is to force everyone to document their processes, but they are "learning as they go" so half the time we don't really know what needs to actually go into the documentation. There is also resistance from IT to document processes, because they think "no documented process" = "job security".
This is why companies get breached. IT only has the time to get a system up and running, and then it's pulled into production before it's ever locked down. Patches aren't applied because they "might break a 3rd party app" or something that has gained wide use. The original employees that did the setup were just a vendor team, who wanted more $$$ to "finish up on the security part"; or the employee team had a new project to do and never got around to going back in and finalizing the security lock-down. I also run into the problem of "well, this application is in constant 24/7 use so there is no window to shut it down and update it" so it becomes a forgotten security hole.