Hey Mr. Tesla! Surely the Solar Impulse team would be happy to slap a very thin sponsor sticker on a prominent spot, in exchange for Tesla waking up some of its lithium-Ion gods out in the desert. Can't think of a better entity to say "let me look into that" and return 48 hours later with a station wagon full of the latest Li-polymer batteries formed in precisely the right shape with precisely the right chemistry.
Maybe? I know Elon's other team needs a bit of a moral boost at this moment; why not get that boost from the team that's NOT fully occupied doing fault analysis at the moment, and totally qualified to solve this specific energy problem?
The article cites two excellent examples of why the Hapeville bomb squad needs to be dropped from next year's budget. I'm not sure of the county authorities would be any better, but if the local squad's hapless misjudgment of risk leads to wasted funds on response, wasted funds on defending their mistake, wasted funds on legal restitution (I sincerely hope the kid and his parents sue the city), and general loss of reputation for the city... then the bomb squad is a liability in terms of finance, risk, and reputation. The most obvious response is to take the toys away from the idiots.
I keep hearing this claim, and I see no evidence for it. Shit, I worked for redmond for years, and IE was *never* faster outside of a lab than Firefox, much less Chrome. I didn't particularly care for the immense amount of telemetry that Chrome shipped back to the goog, but it started fast and stayed that way. A fresh copy of IE/WIn8 on the other hand, was zippy for the first few days of use -- almost as fast as firefox on 32 or 64 -- but quickly bogged down with local cache writes and content inspection, tons of default temetry, and helper libraries that could not be unloaded without heading into the registry with an army of villagers weilding pitchforks and torches. Besides, it's UGLY. Why bother with it?
Not sure why I keep taking the bait on this, but... two things:
1. Just to pick an example: I proposed that one of your users receives *content* (not an exe) that first subverts the function of existing whitelisted exes, then inserts a logical payload; a mildly good version of this will never hit disk or appear as anything more than a new thread of an existing process. Impossible? You are/sure/ that configuring "about four different changes to the way the computers work" contains all risk of misuse or abuse of a particular function type, and all potential vulnerabilities that would unintentionally allow such, in an open system comprising 40 million lines of code in its default configuration? You are the very definition of an optimist.
2. Where the rubber meets the road: The systemic error you've made is assuming you are the smartest guy in the room. You might well be smarter them me, but you are assuredly not smarter than all of your adversaries... where "smarter" may be measured by totality of information about a complex and dynamic system (in which case, there is no condition in which it is possible to have total knowledge or control), or the ability to logically use and creatively combine the resources local to you (not humanly possible to disposition all possible permutations of a mesh graph with a nontrivial number of nodes). If you think you have accounted for all possibilities and logically made errors impossible, then you lack sufficiently deep understanding of the game.
It should be very easy to find you, either from the Hindenburg-size ego, or by following the immense target you painted on your own network. Wrong? Would you post your gateway's public IP ? (I say this to make a point. Please don't be so stupid as to actually connect your personal arrogant bluster with any professional responsibility to protect assets.) In a way I am grateful for opinions like yours, because I'll be fully employed at top dollar well into my old age, doing rescue jobs when your unsinkable ship does the impossible.
'Nother day, 'nother dolla, Dolla dolla dolla bill y'all...
"users needing to exchange information.. [no]" and "protocols for file transfers...upload or download a specific file at time X." No ad-hoc messaging in business? The environment you describe does not exist.
"Communication between the work stations or to unauthorized servers on the network is not allowed... again, at the appliance level" Soooo.... you replaced the hub with a switch?
"refreshed from a template on login. You can't infect the workstations." Check out Angler malware. Oh, and for two scoops of irony, use the browser in your liveCD Kali distro to read up on in-mem exploits for debian.
"unauthorized code" or "BestTrojanEVER.exe"? Not required, nor is code persistence. The default OS contains more than enough helpful code you had to whitelist. But *is* terribly helpful of you to eradicate the host OS after user creds are compromised, so there's no pesky log data.
"about four different changes to the way the computers work" You don't know much about Windows or *nix, do ya? Or computers?
"The system I've set up is the firmest security I've heard of short of building a secret air gapped network run by mole people under the earth with no door in or out." Mole people? Who... who told you about the mole people?
"the sort of system I'm talking about... Doesn't get hacked. Its never happened. Ever." Oh sure it does. Go read up on Buckshot Yankee and SIPRNet. Took three years for the US feds to clean up that shit, all because some lonely intel guy stationed in the sandbox wanted to look at boobies on a goddamn thumbdrive.
"attack with no physical component...just don't see how you could do it" If you use anyone else's code.... Oh shit... are you forking TempleOS?
Bullshit. Arrogance is always the undoing. Even in the most hardcore, wired-only, mac-whitelist, tightass-vlan, zone-enforced user minimum-privilege network, people have to get work done. That means if you have internet access, people will exchange data or even documents with uncontrolled sources. If you don’t, they will find some way to move or bring data in. If you have commodity operating systems or compatible office software, you have compromisable endpoints that need continuous maintenance. If you have shared resources like file servers, printers, and email, then you have nodes to emulate which facilitate lateral movement. If you have user accounts in the same directory as administrators, you have a venue for elevation of privilege. If humans administer the network, there exists a method for changing its configuration.
While you are positive that your environment is “basically impossible” to hack, someone will send your staff a slow trickle of emails every week or leave a few 32GB thumbdrives in the lobby that have a file “Confidential-Proposed2015Q4Layoffs.PPTX” and one of your std-priv staff will invariably open it. You might miss powerpoint.exe spawning flash.exe and a call to NativeProcess(); or something more subtle. You might not catch a call to twitter.com or ello.co from their machine that’s missing an http referrer, and a plaintext C2 reply. Soon a regular user makes a few novel but authorized connections, then some hash files get read, then a few more users do the same. Someone with more than usual user privs makes an authorized filesystem write to a host in IT. Soon one of the service admins’ laptops ends up with a virtual USB HID device, and Windows helpfully mirrors all keyboard input to it. One or two more hops, and some patience, and the credentials for your core switch are lifted. Your own infrastructure is then mildly tweaked without disturbing anything you care about – an fspan modified here, some data staged on a low-priv endpoint there, with a path that appears for less than a minute each week to do something else before disappearing from affected tables. An adversary takes residence on one of the cards in your core cisco gear, resistant to even a chassis IOS wipe and reload. And when that’s stable, all the previous steps will be eradicated if not already done, though a diligent adversary might adopt a ‘rule-of-three’ method to ensure each re-entry stage has two fallbacks in case you get wise. But you’ll probably never see it, and you’ll likely insist that it’s not happening even when your adversary makes a mistake and drops a hint. And that’s just what bad guys can do without the advantage of walking in with a warrant and a 1U box.
Now, do the junior-birdman purveyors of “E-Detective” make the claim their sniffer owns up your network simply by being plugged in? They do? That doesn’t even pass the giggle test. But don’t be too smug about what could happen with an adversary that isn’t a fool, or about the efficacy of bone-simple tooling accurately matched to vulnerabilities. And don’t use words like “impossible.”
Blackberry Passport. I got one last week. Holy shit, this is a great phone. Specs very close to the 1+One. Have a look.
Runs android 4.x alongside QNX, runs BB apps, runs Android apps, **sandboxes** the Android apps for better security than typical Samsung implementation. It took me two tries to get standard Google Play services installed, and now it handles both personal and work google accounts cleanly and separately. All the amusements are there, and all the business stuff is there too.
And it has a sweet physical keyboard with a capacitive surface, so I can gesture on the kbd without obscuring what's on that gorgeous 1440x1440 screen. The weird hipster factor is pretty high on the Passport, but it's so damn functional.
I find it really ironic that Google, a company so used to being the new hotness upstart company, is so willfully ignoring usage patterns of a significant minority comprising "the youth" and people on the wrong side of the internet divide, and much of the third world, and anyone without a data plan outside of wifi range.
What these people have in common is they use sms or some form of text-like DM instead of email, so email notifications sit in an unread inbox and are effectively useless. Syncing calendars is fine as long as each individual maintains their own calendar, but sms is one of the nice ways to notify individual attendees without some major calendar confab.
For example, my kid's french tutor uses Google calendar for scheduling, and if you load the calendar it shows *every* person scheduled on that calendar, which is great for finding available spots, but it's not something you would leave visible. Turn it off/non-visible, and you lose web notifications. However, at present each person gets an sms notification for their appointment, even if they turn the calendar off. Sooo.... Google expects every person on a shared calendar to leave that calendar active at all times in order to receive web or email notifications, which are likely ignored if not disabled?
It's a tone-deaf move. Personally, I use sms to ensure my kids get the notification no matter what, and this downgrade will result in all sorts of ignored events and missed appointments. One workaround, at least for t-mobile, is to email the notification to 800YOURNUM@tmomail.net....tho there was some talk of the service being taken down to avoid abuse.
For an individual or small group, I won't assume malice where incompetence or failure is an entirely viable explanation. For a large group, inhuman malice towards individuals is generally indistinguishable from studied and successful neutrality.
Why? Because open naivete and narrow cynicism are both excellent spices, but neither fills the stomach.
Seriously, and trying to sidestep most of the political angles: This is what happens when a person with authority collects a small set of advisers -- in an effort to cut noise/increase focus/get to data-driven decisions -- and then those advisers are not challenged or regularly rotated or infused with new thinking.
This instance pains me, partly because by my citizenship I'm on the wrong end of the Patriot Act aka "Putin's Law"...but even more because I make my living by gathering and giving security and privacy advice on both the technical and compliance sides. When Obama's not even getting the quality of mid-market commercially-available advising, we're all in deep doo-doo.
To wit: - Let's get real: metadata IS the data. Who/when/how/where you called is just as important as the what/why content of the call. The ears don't get much more totalitarian than this, we just don't have totalitarian fists yet. (Oh wait... *watches news about street cops outfitted with combat armaments and light tanks, then acquitted for movie-style executions*) - NSA's collection of citizen's communication data and metadata have not led to even one single foiled terrorist plot. Not one. It's not even the right model to catch the stuff we know about in hindsight. The only reliable detection tool for decades has been manual notification by family and friends to authorities, and there's still no good unified repository and workflow system to handle it. - There are multiple documented instances of abuse where the collected information was too tempting for federal employees not to do something stupid or illegal or both. (LOVEINT is almost funny, but multiple instances of commercial espionage have been alleged and documented.) If we amass this kind of information, people will use it for whatever purpose they imagine -- justified or illicit -- because admitting there's no legitimate function is the worst option of all. - In the big picture, total security really does obliterate freedom. How I wish we could discuss that without hyperbole. Maybe we could stay grounded by involving the French, who are further into a discussion about how overreaction to Muslim immigration will destroy their governing principles as effectively as any perceived human threat. - It deeply troubles me that Obama appears to have no better tech-sourced intel than 3rd tier CEOs buying security guidance from consultancies with 800 number to a sales guy and $150/hr bill rate.
I'm horrified, partly because I'm on the verge of buying a BB Passport. It's the best thing they've done in years, and since playing with SWMBO's (she bought one instead of a galaxy edge, after much comparison). The BB has a nice android implementation, simple hack to add the Google apps, better security and sandboxing of droid apps, and real keys with a touch surface that flows right onto the 1440x1440 touchscreen. Oh, and all that stuffy Blackberry stuff. It's a truly awesome piece of hardware. And now Redmond wants to gut 'em for their IP portfolio and security reputation?
In the mobile market, Microsoft is like King Midas in reverse: everything they touch turns to shit.* But this isn't a rant about Microsoft, it's a worry that Blackberry -- having done the amazing job of pulling out of the total nosedive they were in -- might get stomped just as they level out, and ship something even better. What a disappointment that would be.
Yes, kitchen counter space is limited. And toolbox space, and desks, and dressers, etc etc. Keurig has a functional niche (places where mess is intolerable or there's no one to clean it up, like medical lobby or a low-use office), but their marketing has convinced a broader market that it's too cool not to have one. It won't last. Already there's blowback about the amount of waste produced by this particular device, and popularity is waning... just like most other uber-popular single-use doohickeys.
In order to survive past initial novelty-driven sales, a single-purpose/non-flexible device had better be utterly awesome at what it does, and seriously durable in both function and regularity of need. That's why the regular pan stays while the egg-magic pan goes to Goodwill (not durable, don't want eggs every day), and virtually every Rolodex has been replaced by a free app on a general-purpose portable computing device (not flexible, need changed). The Keurig makes consistent mid-grade coffee (not awesome), and is moderately durable at best (and DRM is a form of intentional breakage), which means market survival will eventually come down to flexibility. Can JoeBob consumer make ramen with a Keurig? No? Then eventually he'll keep the kettle and throw out the Keurig.
'Jus sayin... as I sip decent coffee out of a mug, made with a 15yo Cuisinart kettle, an $0.80 sbux Via packet, and less waste/cleanup than Keurig. The packet will change, the kettle will stay.
Oh, holy shit yes, THIS. Having just dropped off dragon #2 at his educational containment unit, I have just a few hours to restock the feed lots before the return of #1 early this afternoon. I do not know how long I can keep this up; perhaps they will just eat my remains.
No, because I dropped Facebook a couple of years ago. Too narrow a view on the world, too much of a social/political/financial echo chamber, too prying re personal detail, too much advertising, and too much extremely-creepy influence on ads I see externally. I miss a *little* of the content, but most of it was OCD junk from distant relatives and bloviating nonsense from industry "thought leaders". Good riddance.
Ok, ok, I know Ford would sue the bejezus out of Tesla if they did it, but... I so hoped that after the Roadster ("Model R") and the Model S (...well...), the affordable car for the masses would be the Tesla Model T. Can they at least spell out "Three" on the nameplate, with a big capital "T"??? Please ??:)
So.... really, how is this different from Windows RT leftovers, warmed up and plonked onto a phone a la Atrix as mentioned above?
It's got all the overhead of Windows but in a walled garden, etc etc. As before, what's the compelling advantage versus Android (which is faster, less costly, runs everywhere) or iOS (more pretty, more apps, and reliably walled-in)? It seems like they're beating the wall with their collective head.
More pointedly, the scraps left between the two big players in mobile aren't enough to create a success condition for Windows Phone 10, UNLESS somehow Microsoft fixes all the hassles with syncing enterprise AD accounts with consumer-level Microsoft accounts, AND all those Fortune 1000 companies with their own cloud implementation plans abruptly change their security policies to allow confidential documents to transit MS cloud services under consumer msft accounts (e.g. do phone buyers allow an employer to have complete control of their personal phone aka Blackberry, or carry two phones). Unlikely on all fronts. They can build it, but who's gonna come?
Over a period of 5 years: Hired in. Report to a guy who looks 12, but turns out to be an Excellent Manager*. Do my best work in a decade. Excellent Manager reorg'ed from Inspiring General Manager to Disastrous Director. Excellent Manager is driven out by political fuckery by Disastrous Director. Disastrous Director is fired for malfeasance. Inspiring General Manager won't come back, had enough, quits managing to do research. Report to Microsoft Lifer, old EM's technical manager a who does a passable job leading. Microsoft Lifer is reorg'ed under General Manager/Bottlewasher who can't stop micromanaging. Lifer gets ruthlessly fucked with, has entire team's work credited to incompetent Level 67 Blowhard. Lifer's team is reorg'ed under Blowhard, except for me+handful. Old EM's peer Last Asskicking Manager quits because he won't work for Blowhard. GM/Bottlewasher can't stop micromanaging everyone. Lifer gives up and takes a non-mgmt job. Report to McManager hired from military, who used to manage 600. GM/Bottlewasher can't stop micromanaging everyone. McManager reorg'ed, team reduced to 5. Blowhard steals work output from McManager, leaving no credit. GM/Bottlewasher lines up all resources behind Blowhard. McManager demoted to my peer. Report to new guy Perennial Survivor, brought in by another reog. Lifer demoted to my peer. Old Excellent Manager quits to work for Amazon, because it's saner(!!!). Survivor admits 80% of Botlewasher's 2015-16 yearly plan is bullshit makework. Fuck this noise, quit. Even a startup is saner.
*only one in 5 years.
It's easier for incompetence to hide in large enterprises. They used to write books about how great Redmond managers were. Now the entire enterprise is infested with pointy-haired, risk-averse, beige, wannabe-hipsters who can't make any decisions other than to stab each other in the back. And front. And sides. Precious few people do actual work, when so much effort is devoted to bad management and the shielding of productive people from that bad management.
Ok, now Vizio, you have my attention for being a good guy... in this regard. I'm in the market for a couple of new screens every year (home offices for two, couple of tech saavy kids, etc etc), and this sort of corporate behavior is a huge influencer in my decision of whose almost-commodity product to buy.
If you're listening at all: I'll buy your products again this year. How about you try to be better about the GPL?
I see this sort of news couched in discussions of "What do people/really/ want?" but that has little relation to what would be a market success. That's like asking "What kind of food do people really want?" when the reality is that people cluster around multiple options in the market.
With plenty of room for debate, there are multiple clusters of success in the mobile market today. For the sake of argument: - safe, pretty, predictable, simple, stable, walled garden -- apple totally owns this ~20% of the market, populated mostly with 1+gen older iPhone devices - predictable, pretty, open/powerful, cheap, with a walled garden that's easy to exit -- android devices mostly running 4.3 and prior - powerful, predictable, pretty, walled garden that's easy to exit -- top-line android devices mostly running 4.4+ - purpose-built, totally walled, predictable, safe (and fugly), designed for easy remote mgmt by corp -- used to be owned by Blackberry - totally walled, predictable, safe (and very pretty), designed for easy remote mgmt by corp -- top line windows mobile devices
From this view, Windows Mobile doesn't compete in or intersect much with the same success cluster as newer OR older clusters of Android. So you have to ask yourself, what does success look like for Windows mobile? Dominating the market that Blackberry/RIM dropped through their own mismanagement? Not being snide here, but I keep looking at WinOS devices, and see elegant solutions to problems that few people have or that are increasingly becoming solved by feature subsets of other clusters.
Other posters have given several solutions, just collecting and adding my voice to a few of them:
in a pinch: Google docs: lightweight and simple, with limited functionality and a light learning curve Sharepoint: simple to use, full of hassle to administer, limited functionality, gets expensive mediawiki: like sharepoint without the licensing problems, but gets limiting beyond simple document collections
More serious solutions: Alfresco: serious document/object management and workflow, free version to start/pay for support if you like it (spinoff of Documentum) Documentum: elder god #1 of doc management, excellent repository, workflow, project management functions. rather expensive Opentext Livelink: elder god #2 of doc management, excellent repository, project management, nice Visio-like workflow development that makes sharepoint devs cry, also rather expensive.
TLDR: Google docs if you need a fix today, Alfresco if you have a month or two to fix the problem and want it to stay fixed.
MSOffice has NEITHER version control NOR document management built in. Word/Ppt/etc provide track-changes internal to a file, which is a very nice feature for tracking edits and incremental rollback. However, this shouldn't be confused with file/object version tracking, repository functions, checkin/checkout or other functions external to the file objects. Sharepoint provides some of these, but it's still basically a wiki for content management. OP is looking for a solution to "fix the wrong file version" not "fix a bad edit."
Arguing about a bottle label? Now you're just trollin.'
Homeopathy is a system that claims to treat disease. A homeopathic preparation "made in the standard way" incorporates those claims, even if the FDA/equiv prohibits printing that claim on the bottle. This is because the preparation and method have been subjected to rigorous scientific and medical examination (for over two centuries) and found to be fake medicines before the fact.
Herbal supplements also claim to treat disease, and some of them have been found effective through scientific and medical examination. An herbal supplement (or any other medicine at all) that doesn't contain the specified substance is found to be a fake medicine after the fact.
I suppose the difference is "can't work" versus "doesn't work." Now if you're arguing that I ought to trust homeopathic preparations to actually be pure water when the entire system's basis has been utterly debunked.... that boils down to trusting a systemic liar to be consistent (and not to include harmful stuff). That's somehow better than finding incidents of lying (and possibly including harmful stuff) in a consistent supply chain? Really, really, no.
No. One claims to do something it does not.* The other claims to be something it is not, to the same outcome. Both mislead the consumer, both are equally as useless, and both may be dangerous to a person believing they have treated a condition when they have not. Barring extra harmful substances in the fake pills, the only substantive difference from homeopathic remedies is _when_ the lie is told.
*Specifically, the idea that a homeopathic potion "is what it claims to be" is wrong, in that it claims to be a treatment for a condition or to effect a change in a condition. It absolutely does not and cannot, unless one throws out basic laws of physics and chemistry. Homeopathy is solid bullshit from roots to branch, and it occasionally kills people.
What's the difference between this surreptitiously fraudulent store-brand crap (does not contain stated ingredients unproven to work) versus purposely fraudulent homeopathic crap (explicitly does not contain ingredients for the stated purpose)?
They're all placebos, and they are a genuine danger to ignorant people who need actual treatment for actual medical conditions. It'd be interesting to see a solid study of how many people are killed each year through opting for homeopathic flu and pneumonia cures, instead of actual treatment.
According to the Montgomery County school website, having the kids walk a mile with a sibling is within normal community standards, and in line with guidelines set forth by the county itself. (See www.montgomeryschoolsmd.org/parents/basics/transportation/ )
In Montgomery County where this occurred, school bus transportation is only provided for elementary school children who live further than 1mi from school, and for middle schoolers (11yo+) further than 1.5mi. The county's guidance for elementary school kids walking 1 mile or less is "Younger walkers are encouraged to walk to and from school with siblings, older children from their neighborhood, or parents. At many schools, Montgomery County crossing guards help walkers cross at busy intersections near the school. In most elementary schools, student safety patrols guide younger children in crossing smaller neighborhood streets."
I don't see how CPS has a leg to stand on here; the children were simply practicing what they are expected to do by the county school system itself.
Slashdot Mirror
Hey Mr. Tesla! Surely the Solar Impulse team would be happy to slap a very thin sponsor sticker on a prominent spot, in exchange for Tesla waking up some of its lithium-Ion gods out in the desert. Can't think of a better entity to say "let me look into that" and return 48 hours later with a station wagon full of the latest Li-polymer batteries formed in precisely the right shape with precisely the right chemistry.
Maybe? I know Elon's other team needs a bit of a moral boost at this moment; why not get that boost from the team that's NOT fully occupied doing fault analysis at the moment, and totally qualified to solve this specific energy problem?
The article cites two excellent examples of why the Hapeville bomb squad needs to be dropped from next year's budget. I'm not sure of the county authorities would be any better, but if the local squad's hapless misjudgment of risk leads to wasted funds on response, wasted funds on defending their mistake, wasted funds on legal restitution (I sincerely hope the kid and his parents sue the city), and general loss of reputation for the city... then the bomb squad is a liability in terms of finance, risk, and reputation. The most obvious response is to take the toys away from the idiots.
Don't fight them, defund 'em.
I keep hearing this claim, and I see no evidence for it. Shit, I worked for redmond for years, and IE was *never* faster outside of a lab than Firefox, much less Chrome. I didn't particularly care for the immense amount of telemetry that Chrome shipped back to the goog, but it started fast and stayed that way. A fresh copy of IE/WIn8 on the other hand, was zippy for the first few days of use -- almost as fast as firefox on 32 or 64 -- but quickly bogged down with local cache writes and content inspection, tons of default temetry, and helper libraries that could not be unloaded without heading into the registry with an army of villagers weilding pitchforks and torches. Besides, it's UGLY. Why bother with it?
Not sure why I keep taking the bait on this, but... two things:
1. Just to pick an example: I proposed that one of your users receives *content* (not an exe) that first subverts the function of existing whitelisted exes, then inserts a logical payload; a mildly good version of this will never hit disk or appear as anything more than a new thread of an existing process. Impossible? You are /sure/ that configuring "about four different changes to the way the computers work" contains all risk of misuse or abuse of a particular function type, and all potential vulnerabilities that would unintentionally allow such, in an open system comprising 40 million lines of code in its default configuration? You are the very definition of an optimist.
2. Where the rubber meets the road: The systemic error you've made is assuming you are the smartest guy in the room. You might well be smarter them me, but you are assuredly not smarter than all of your adversaries... where "smarter" may be measured by totality of information about a complex and dynamic system (in which case, there is no condition in which it is possible to have total knowledge or control), or the ability to logically use and creatively combine the resources local to you (not humanly possible to disposition all possible permutations of a mesh graph with a nontrivial number of nodes). If you think you have accounted for all possibilities and logically made errors impossible, then you lack sufficiently deep understanding of the game.
It should be very easy to find you, either from the Hindenburg-size ego, or by following the immense target you painted on your own network. Wrong? Would you post your gateway's public IP ? (I say this to make a point. Please don't be so stupid as to actually connect your personal arrogant bluster with any professional responsibility to protect assets.) In a way I am grateful for opinions like yours, because I'll be fully employed at top dollar well into my old age, doing rescue jobs when your unsinkable ship does the impossible.
'Nother day, 'nother dolla, Dolla dolla dolla bill y'all...
Whooosh.
"users needing to exchange information.. [no]" and "protocols for file transfers...upload or download a specific file at time X."
No ad-hoc messaging in business? The environment you describe does not exist.
"Communication between the work stations or to unauthorized servers on the network is not allowed... again, at the appliance level"
Soooo.... you replaced the hub with a switch?
"refreshed from a template on login. You can't infect the workstations."
Check out Angler malware. Oh, and for two scoops of irony, use the browser in your liveCD Kali distro to read up on in-mem exploits for debian.
"unauthorized code" or "BestTrojanEVER.exe"?
Not required, nor is code persistence. The default OS contains more than enough helpful code you had to whitelist. But *is* terribly helpful of you to eradicate the host OS after user creds are compromised, so there's no pesky log data.
"about four different changes to the way the computers work"
You don't know much about Windows or *nix, do ya? Or computers?
"The system I've set up is the firmest security I've heard of short of building a secret air gapped network run by mole people under the earth with no door in or out."
Mole people? Who... who told you about the mole people?
"the sort of system I'm talking about... Doesn't get hacked. Its never happened. Ever."
Oh sure it does. Go read up on Buckshot Yankee and SIPRNet. Took three years for the US feds to clean up that shit, all because some lonely intel guy stationed in the sandbox wanted to look at boobies on a goddamn thumbdrive.
"attack with no physical component...just don't see how you could do it"
If you use anyone else's code.... Oh shit... are you forking TempleOS?
*blink*
Bullshit. Arrogance is always the undoing. Even in the most hardcore, wired-only, mac-whitelist, tightass-vlan, zone-enforced user minimum-privilege network, people have to get work done. That means if you have internet access, people will exchange data or even documents with uncontrolled sources. If you don’t, they will find some way to move or bring data in. If you have commodity operating systems or compatible office software, you have compromisable endpoints that need continuous maintenance. If you have shared resources like file servers, printers, and email, then you have nodes to emulate which facilitate lateral movement. If you have user accounts in the same directory as administrators, you have a venue for elevation of privilege. If humans administer the network, there exists a method for changing its configuration.
While you are positive that your environment is “basically impossible” to hack, someone will send your staff a slow trickle of emails every week or leave a few 32GB thumbdrives in the lobby that have a file “Confidential-Proposed2015Q4Layoffs.PPTX” and one of your std-priv staff will invariably open it. You might miss powerpoint.exe spawning flash.exe and a call to NativeProcess(); or something more subtle. You might not catch a call to twitter.com or ello.co from their machine that’s missing an http referrer, and a plaintext C2 reply. Soon a regular user makes a few novel but authorized connections, then some hash files get read, then a few more users do the same. Someone with more than usual user privs makes an authorized filesystem write to a host in IT. Soon one of the service admins’ laptops ends up with a virtual USB HID device, and Windows helpfully mirrors all keyboard input to it. One or two more hops, and some patience, and the credentials for your core switch are lifted. Your own infrastructure is then mildly tweaked without disturbing anything you care about – an fspan modified here, some data staged on a low-priv endpoint there, with a path that appears for less than a minute each week to do something else before disappearing from affected tables. An adversary takes residence on one of the cards in your core cisco gear, resistant to even a chassis IOS wipe and reload. And when that’s stable, all the previous steps will be eradicated if not already done, though a diligent adversary might adopt a ‘rule-of-three’ method to ensure each re-entry stage has two fallbacks in case you get wise. But you’ll probably never see it, and you’ll likely insist that it’s not happening even when your adversary makes a mistake and drops a hint. And that’s just what bad guys can do without the advantage of walking in with a warrant and a 1U box.
Now, do the junior-birdman purveyors of “E-Detective” make the claim their sniffer owns up your network simply by being plugged in? They do? That doesn’t even pass the giggle test. But don’t be too smug about what could happen with an adversary that isn’t a fool, or about the efficacy of bone-simple tooling accurately matched to vulnerabilities. And don’t use words like “impossible.”
Blackberry Passport. I got one last week. Holy shit, this is a great phone. Specs very close to the 1+One. Have a look.
Runs android 4.x alongside QNX, runs BB apps, runs Android apps, **sandboxes** the Android apps for better security than typical Samsung implementation. It took me two tries to get standard Google Play services installed, and now it handles both personal and work google accounts cleanly and separately. All the amusements are there, and all the business stuff is there too.
And it has a sweet physical keyboard with a capacitive surface, so I can gesture on the kbd without obscuring what's on that gorgeous 1440x1440 screen.
The weird hipster factor is pretty high on the Passport, but it's so damn functional.
I find it really ironic that Google, a company so used to being the new hotness upstart company, is so willfully ignoring usage patterns of a significant minority comprising "the youth" and people on the wrong side of the internet divide, and much of the third world, and anyone without a data plan outside of wifi range.
What these people have in common is they use sms or some form of text-like DM instead of email, so email notifications sit in an unread inbox and are effectively useless. Syncing calendars is fine as long as each individual maintains their own calendar, but sms is one of the nice ways to notify individual attendees without some major calendar confab.
For example, my kid's french tutor uses Google calendar for scheduling, and if you load the calendar it shows *every* person scheduled on that calendar, which is great for finding available spots, but it's not something you would leave visible. Turn it off/non-visible, and you lose web notifications. However, at present each person gets an sms notification for their appointment, even if they turn the calendar off. Sooo.... Google expects every person on a shared calendar to leave that calendar active at all times in order to receive web or email notifications, which are likely ignored if not disabled?
It's a tone-deaf move. Personally, I use sms to ensure my kids get the notification no matter what, and this downgrade will result in all sorts of ignored events and missed appointments. One workaround, at least for t-mobile, is to email the notification to 800YOURNUM@tmomail.net ....tho there was some talk of the service being taken down to avoid abuse.
For an individual or small group, I won't assume malice where incompetence or failure is an entirely viable explanation.
For a large group, inhuman malice towards individuals is generally indistinguishable from studied and successful neutrality.
Why? Because open naivete and narrow cynicism are both excellent spices, but neither fills the stomach.
Note to Obama: You are being lied to.
Seriously, and trying to sidestep most of the political angles: This is what happens when a person with authority collects a small set of advisers -- in an effort to cut noise/increase focus/get to data-driven decisions -- and then those advisers are not challenged or regularly rotated or infused with new thinking.
This instance pains me, partly because by my citizenship I'm on the wrong end of the Patriot Act aka "Putin's Law" ...but even more because I make my living by gathering and giving security and privacy advice on both the technical and compliance sides. When Obama's not even getting the quality of mid-market commercially-available advising, we're all in deep doo-doo.
To wit:
- Let's get real: metadata IS the data. Who/when/how/where you called is just as important as the what/why content of the call. The ears don't get much more totalitarian than this, we just don't have totalitarian fists yet. (Oh wait... *watches news about street cops outfitted with combat armaments and light tanks, then acquitted for movie-style executions*)
- NSA's collection of citizen's communication data and metadata have not led to even one single foiled terrorist plot. Not one. It's not even the right model to catch the stuff we know about in hindsight. The only reliable detection tool for decades has been manual notification by family and friends to authorities, and there's still no good unified repository and workflow system to handle it.
- There are multiple documented instances of abuse where the collected information was too tempting for federal employees not to do something stupid or illegal or both. (LOVEINT is almost funny, but multiple instances of commercial espionage have been alleged and documented.) If we amass this kind of information, people will use it for whatever purpose they imagine -- justified or illicit -- because admitting there's no legitimate function is the worst option of all.
- In the big picture, total security really does obliterate freedom. How I wish we could discuss that without hyperbole. Maybe we could stay grounded by involving the French, who are further into a discussion about how overreaction to Muslim immigration will destroy their governing principles as effectively as any perceived human threat.
- It deeply troubles me that Obama appears to have no better tech-sourced intel than 3rd tier CEOs buying security guidance from consultancies with 800 number to a sales guy and $150/hr bill rate.
What a sad state of affairs.
I'm horrified, partly because I'm on the verge of buying a BB Passport. It's the best thing they've done in years, and since playing with SWMBO's (she bought one instead of a galaxy edge, after much comparison). The BB has a nice android implementation, simple hack to add the Google apps, better security and sandboxing of droid apps, and real keys with a touch surface that flows right onto the 1440x1440 touchscreen. Oh, and all that stuffy Blackberry stuff. It's a truly awesome piece of hardware. And now Redmond wants to gut 'em for their IP portfolio and security reputation?
In the mobile market, Microsoft is like King Midas in reverse: everything they touch turns to shit.* But this isn't a rant about Microsoft, it's a worry that Blackberry -- having done the amazing job of pulling out of the total nosedive they were in -- might get stomped just as they level out, and ship something even better. What a disappointment that would be.
*apologies to Tony Soprano
Yes, kitchen counter space is limited. And toolbox space, and desks, and dressers, etc etc. Keurig has a functional niche (places where mess is intolerable or there's no one to clean it up, like medical lobby or a low-use office), but their marketing has convinced a broader market that it's too cool not to have one. It won't last. Already there's blowback about the amount of waste produced by this particular device, and popularity is waning... just like most other uber-popular single-use doohickeys.
In order to survive past initial novelty-driven sales, a single-purpose/non-flexible device had better be utterly awesome at what it does, and seriously durable in both function and regularity of need. That's why the regular pan stays while the egg-magic pan goes to Goodwill (not durable, don't want eggs every day), and virtually every Rolodex has been replaced by a free app on a general-purpose portable computing device (not flexible, need changed). The Keurig makes consistent mid-grade coffee (not awesome), and is moderately durable at best (and DRM is a form of intentional breakage), which means market survival will eventually come down to flexibility. Can JoeBob consumer make ramen with a Keurig? No? Then eventually he'll keep the kettle and throw out the Keurig.
'Jus sayin... as I sip decent coffee out of a mug, made with a 15yo Cuisinart kettle, an $0.80 sbux Via packet, and less waste/cleanup than Keurig. The packet will change, the kettle will stay.
Oh, holy shit yes, THIS.
Having just dropped off dragon #2 at his educational containment unit, I have just a few hours to restock the feed lots before the return of #1 early this afternoon. I do not know how long I can keep this up; perhaps they will just eat my remains.
No, because I dropped Facebook a couple of years ago. Too narrow a view on the world, too much of a social/political/financial echo chamber, too prying re personal detail, too much advertising, and too much extremely-creepy influence on ads I see externally. I miss a *little* of the content, but most of it was OCD junk from distant relatives and bloviating nonsense from industry "thought leaders". Good riddance.
Ok, ok, I know Ford would sue the bejezus out of Tesla if they did it, but... I so hoped that after the Roadster ("Model R") and the Model S (...well...), the affordable car for the masses would be the Tesla Model T. Can they at least spell out "Three" on the nameplate, with a big capital "T"??? Please ?? :)
So.... really, how is this different from Windows RT leftovers, warmed up and plonked onto a phone a la Atrix as mentioned above?
It's got all the overhead of Windows but in a walled garden, etc etc. As before, what's the compelling advantage versus Android (which is faster, less costly, runs everywhere) or iOS (more pretty, more apps, and reliably walled-in)? It seems like they're beating the wall with their collective head.
More pointedly, the scraps left between the two big players in mobile aren't enough to create a success condition for Windows Phone 10, UNLESS somehow Microsoft fixes all the hassles with syncing enterprise AD accounts with consumer-level Microsoft accounts, AND all those Fortune 1000 companies with their own cloud implementation plans abruptly change their security policies to allow confidential documents to transit MS cloud services under consumer msft accounts (e.g. do phone buyers allow an employer to have complete control of their personal phone aka Blackberry, or carry two phones). Unlikely on all fronts. They can build it, but who's gonna come?
I just quit Micro^h^h^h^h for this exact reason.
Over a period of 5 years:
Hired in.
Report to a guy who looks 12, but turns out to be an Excellent Manager*.
Do my best work in a decade.
Excellent Manager reorg'ed from Inspiring General Manager to Disastrous Director.
Excellent Manager is driven out by political fuckery by Disastrous Director.
Disastrous Director is fired for malfeasance.
Inspiring General Manager won't come back, had enough, quits managing to do research.
Report to Microsoft Lifer, old EM's technical manager a who does a passable job leading.
Microsoft Lifer is reorg'ed under General Manager/Bottlewasher who can't stop micromanaging.
Lifer gets ruthlessly fucked with, has entire team's work credited to incompetent Level 67 Blowhard.
Lifer's team is reorg'ed under Blowhard, except for me+handful.
Old EM's peer Last Asskicking Manager quits because he won't work for Blowhard.
GM/Bottlewasher can't stop micromanaging everyone.
Lifer gives up and takes a non-mgmt job.
Report to McManager hired from military, who used to manage 600.
GM/Bottlewasher can't stop micromanaging everyone.
McManager reorg'ed, team reduced to 5.
Blowhard steals work output from McManager, leaving no credit.
GM/Bottlewasher lines up all resources behind Blowhard.
McManager demoted to my peer.
Report to new guy Perennial Survivor, brought in by another reog.
Lifer demoted to my peer.
Old Excellent Manager quits to work for Amazon, because it's saner(!!!).
Survivor admits 80% of Botlewasher's 2015-16 yearly plan is bullshit makework.
Fuck this noise, quit. Even a startup is saner.
*only one in 5 years.
It's easier for incompetence to hide in large enterprises. They used to write books about how great Redmond managers were. Now the entire enterprise is infested with pointy-haired, risk-averse, beige, wannabe-hipsters who can't make any decisions other than to stab each other in the back. And front. And sides. Precious few people do actual work, when so much effort is devoted to bad management and the shielding of productive people from that bad management.
Ok, now Vizio, you have my attention for being a good guy... in this regard. I'm in the market for a couple of new screens every year (home offices for two, couple of tech saavy kids, etc etc), and this sort of corporate behavior is a huge influencer in my decision of whose almost-commodity product to buy.
If you're listening at all: I'll buy your products again this year. How about you try to be better about the GPL?
I see this sort of news couched in discussions of "What do people /really/ want?" but that has little relation to what would be a market success.
That's like asking "What kind of food do people really want?" when the reality is that people cluster around multiple options in the market.
With plenty of room for debate, there are multiple clusters of success in the mobile market today. For the sake of argument:
- safe, pretty, predictable, simple, stable, walled garden -- apple totally owns this ~20% of the market, populated mostly with 1+gen older iPhone devices
- predictable, pretty, open/powerful, cheap, with a walled garden that's easy to exit -- android devices mostly running 4.3 and prior
- powerful, predictable, pretty, walled garden that's easy to exit -- top-line android devices mostly running 4.4+
- purpose-built, totally walled, predictable, safe (and fugly), designed for easy remote mgmt by corp -- used to be owned by Blackberry
- totally walled, predictable, safe (and very pretty), designed for easy remote mgmt by corp -- top line windows mobile devices
From this view, Windows Mobile doesn't compete in or intersect much with the same success cluster as newer OR older clusters of Android. So you have to ask yourself, what does success look like for Windows mobile? Dominating the market that Blackberry/RIM dropped through their own mismanagement? Not being snide here, but I keep looking at WinOS devices, and see elegant solutions to problems that few people have or that are increasingly becoming solved by feature subsets of other clusters.
Other posters have given several solutions, just collecting and adding my voice to a few of them:
in a pinch:
Google docs: lightweight and simple, with limited functionality and a light learning curve
Sharepoint: simple to use, full of hassle to administer, limited functionality, gets expensive
mediawiki: like sharepoint without the licensing problems, but gets limiting beyond simple document collections
More serious solutions:
Alfresco: serious document/object management and workflow, free version to start/pay for support if you like it (spinoff of Documentum)
Documentum: elder god #1 of doc management, excellent repository, workflow, project management functions. rather expensive
Opentext Livelink: elder god #2 of doc management, excellent repository, project management, nice Visio-like workflow development that makes sharepoint devs cry, also rather expensive.
TLDR:
Google docs if you need a fix today, Alfresco if you have a month or two to fix the problem and want it to stay fixed.
MSOffice has NEITHER version control NOR document management built in. Word/Ppt/etc provide track-changes internal to a file, which is a very nice feature for tracking edits and incremental rollback. However, this shouldn't be confused with file/object version tracking, repository functions, checkin/checkout or other functions external to the file objects. Sharepoint provides some of these, but it's still basically a wiki for content management. OP is looking for a solution to "fix the wrong file version" not "fix a bad edit."
Arguing about a bottle label? Now you're just trollin.'
Homeopathy is a system that claims to treat disease. A homeopathic preparation "made in the standard way" incorporates those claims, even if the FDA/equiv prohibits printing that claim on the bottle. This is because the preparation and method have been subjected to rigorous scientific and medical examination (for over two centuries) and found to be fake medicines before the fact.
Herbal supplements also claim to treat disease, and some of them have been found effective through scientific and medical examination. An herbal supplement (or any other medicine at all) that doesn't contain the specified substance is found to be a fake medicine after the fact.
I suppose the difference is "can't work" versus "doesn't work." Now if you're arguing that I ought to trust homeopathic preparations to actually be pure water when the entire system's basis has been utterly debunked.... that boils down to trusting a systemic liar to be consistent (and not to include harmful stuff). That's somehow better than finding incidents of lying (and possibly including harmful stuff) in a consistent supply chain? Really, really, no.
No. One claims to do something it does not.* The other claims to be something it is not, to the same outcome.
Both mislead the consumer, both are equally as useless, and both may be dangerous to a person believing they have treated a condition when they have not. Barring extra harmful substances in the fake pills, the only substantive difference from homeopathic remedies is _when_ the lie is told.
*Specifically, the idea that a homeopathic potion "is what it claims to be" is wrong, in that it claims to be a treatment for a condition or to effect a change in a condition. It absolutely does not and cannot, unless one throws out basic laws of physics and chemistry. Homeopathy is solid bullshit from roots to branch, and it occasionally kills people.
What's the difference between this surreptitiously fraudulent store-brand crap (does not contain stated ingredients unproven to work) versus purposely fraudulent homeopathic crap (explicitly does not contain ingredients for the stated purpose)?
They're all placebos, and they are a genuine danger to ignorant people who need actual treatment for actual medical conditions. It'd be interesting to see a solid study of how many people are killed each year through opting for homeopathic flu and pneumonia cures, instead of actual treatment.
According to the Montgomery County school website, having the kids walk a mile with a sibling is within normal community standards, and in line with guidelines set forth by the county itself.
(See www.montgomeryschoolsmd.org/parents/basics/transportation/ )
In Montgomery County where this occurred, school bus transportation is only provided for elementary school children who live further than 1mi from school, and for middle schoolers (11yo+) further than 1.5mi. The county's guidance for elementary school kids walking 1 mile or less is "Younger walkers are encouraged to walk to and from school with siblings, older children from their neighborhood, or parents. At many schools, Montgomery County crossing guards help walkers cross at busy intersections near the school. In most elementary schools, student safety patrols guide younger children in crossing smaller neighborhood streets."
I don't see how CPS has a leg to stand on here; the children were simply practicing what they are expected to do by the county school system itself.