and would not hear how its not really that much like a phone number more like a street address.... he said I was crazy
I am not sure I follow your line of reasoning, as much as there are a few interesting comparisons between IP addresses and street addresses (with this paradigm it's easy to explain NAT as a number of different people living at the same address), still a street address has a certain implied sense of locality, while in general terms nowadays even being in the same class C does not guarantee at all that you're actually physically close by.
In any case it'd be interesting to read about your point of view if you wouldn't mind sharing.
I don't like judging people by their posts, but what you write makes me wonder if you're still in high-school: in the real world something like the above could net you either a written warning or, more likely, a pink slip, if not being sued for the amount of money that was lost during your 'drill' (which, if this was a financial institution, could be quite large).
In any case, if you worked for me and pulled a stunt like that I'd be starting to look for your replacement asap: I pay you to do your job, not to prevent other people from doing theirs.
Exactly, keyword being independent. Splitting one factor doesn't mean the thing is suddenly two-factor.
exactly, *one* of the two factors is your disk image (split between the USB token and the computer HD), the *other* factor is the passwords that you need to actually mount those disk images via truecrypt (I wasn't assuming the disk image was in clear! or that it would be useable at all unless you have both pieces (since it's interleaved in raid-0))
I don't think you've really understood what I was proposing (that or you're straw-manning me), of course just storing data on a USB stick would be pointless, what I have been proposing (to make it clearer) is:
= create two 1gig truecrypt volumes (possibly with different passwords) = move one of said volumes to a usb token = create an interleaved raid-0 2gig partition on top of the mounted truecrypt volumes = store your files in the newly created partition
in order to access the files an attacker would need:
= your laptop = your USB token = your truecrypt passwords
in my opinion this is at least as strong as a 'typical' two-factor authentication, because it's something you have (the token with the second half of the filesystem) and something you know (the password).
Sorry, but that's rubbish. This is just obscurity. The fact that you can get all the data without you knowing makes it 1-factor.
I think you ought to read up a bit more on what 1-factor, 2-factor, 3-factor etc. mean; from wikipedia for example:
Two-factor authentication (T-FA) (or dual factor authentication) is any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication, which requires only one authentication factor (such as knowledge of a password) in order to gain access to a system.
the 2-factor authentication does not imply that the physical side of things is completely secure: it just defines how something works. You can make two factor as secure or as easy to crack as you want, but it'd still be two-factor by design.
So again, for proper 2-factor it must not be possible to duplicate the physical component.
for 'secure' two factor, maybe, but there is no such thing as 'proper' two factor. In any case, every time you use either the article's gizmo, a securid token, a smart card, etc. etc. etc. you're still trusting your supplier that they can't be duplicated: I am not sure if this trust is always warranted, as in my opinion a determined attacker with enough funds could just go in at the circuit level and do whatever. Just look at what happened with satellite cards, despite all the security measures (hardware & software) implemented in them, they still were broken time and time again.
No, it's not. Just because you have the data on a portable device and the data is fairly big or obscured, doesn't mean it's 2-factor
create a 1 gig TC file on the HD of your laptop, create a 1 gig TC file on the usb token, make a raid-0 partition that spans both mounted TC volumes: here's your 2-factor, unless you have the laptop, the usb key and the two TC passwords there's no way you could get the stored files.
having a physical USB token with a TC volume (esp. the kind that stores things in a steganographic way) is in my opinion practically equivalent security-wise to the article's 2-factor authentication if you're smart enough to have your token on your keychain or something (a lot more likely than somebody will steal your laptop than your token IMHO).
In any case if you want to increase the security of what I proposed nothing forbids you from getting TWO usb tokens, create truecrypt volumes on both of them, and then create an overlaid raid-0 striped partition on both of them: in this case an attacker would need to steal BOTH tokens and BOTH passwords to gain access to your files.
Schemes like these make it also very easy to mandatorily have multiple people there to open the files (say, all the directors, etc.). If you do things like RAID-5 you could also make it so that you could still access the information with N-1 USB tokens (in case one is lost).
I do think that these solutions are safer than trusting a random crypto vendor, also this is why I have all my sensitive things (tax returns etc.) strictly on TC volumes.
if they ever plan to re-release GH1 with the GH2 engine (as GH1's songs are in general better than GH2, but GH2 is so much nicer to play given that HO/PO actually work)
how can you assume that all 300 'first employees' had the same amount of stock options? I've seen before startups where if you are employee 1-10 you get a couple million options at $0.01, if you are employee 11-50, you get several hundred thousand stock options at $0.50, while if you are employee #51 and up (after the higher ups decide that the startup is viable, that it will go public, and that the less dilution the better) you get maybe 5,000 options at $5.00. When you go public and/or get acquired, although employees #51 and up will get a nice bonus, only 1-50 will actually have enough money to quit and do whatever (11-50 for a few years, 1-10 for the rest of their lives).
I strongly doubt that the first 300 google employees were treated the same way compensation-wise.
yeah, it was used in office space, but I've seen it many times before when I was living in Europe and trying to print letter-formatted documents on printers at school & at home.
Older Laserjet printers do not automatically re-size a page when the page size of a document does not match the paper that is loaded in the printer. When trying to print a document whose paper size is set to "letter" on A4-sized paper the message occurs.
that's also why I haven't really ever found that particular line in office space all that funny (unlike the rest of the movie).
I take it means that likely the instructions come on letter-formatted pdfs etc. and the printer (like most printers in Europe) only has a4 sheets loaded (hence the 'load letter' message)
If I'm working in a city, I can pretty much order whatever I want to (and can afford) for lunch
try doing that as a vegan/veggie and you'll see that having a vegan/veggie-friendly cafeteria onsite would be great.
In my opinion the only big minuses with working for google are that
#1 it's in the valley (plenty of nicer places to live in the US/Canada, of course if you live to work this doesn't really matter)
#2 everybody and their dog is applying to work there, which means that the odds of the company culture deteriorating are not insignificant (not to mention that the bigger the company the more likely that it will become a series of fiefdoms and so on)
#3 given #2 the interview process is way way way way too convoluted and drawn out, but that's just to be expected with the sheer volume of resumes they receive: the downside is that it will turn away a lot of really qualified folks, since in general people at a certain level of competency/employability won't feel like putting up with that (since on average they'll have plenty of other companies vying for their services and honestly, you wouldn't want to hire somebody that's just going through the motions for a few months at their current job just waiting for your call, would you? that wouldn't be exactly the type of ethics you ought to go for IMHO).
My teachers (from grade school to college) had no problems gesturing and writing on whiteboards all day, also something tells me that painters, form carpenters, etc. etc. (especially in days gone by, without power nailers and spray guns) can keep their hands up in the air all day long no problem.
that's what I'm doing at the moment (I have a license for linux, but had to switch to windows as the host OS) but I do miss workstation, which I think is better than server.
vmware is one of the few companies where a bought and paid for vmware workstation license is strictly platform related, if you buy a linux license you can't use it on windows and vice-versa (in this case on mac as well). I would like to be able to run vmware workstation regardless of what base OS I am using...
I still can't understand why this game gets so many top honors, yes, graphically it's quite nice (especially with fan-made add-ons) but that's about it: the unrealistic and immersion-breaking item/level scaling decisions made when creating the game should definitely put it in the 'the game would've been great if...' category. And the plot/writing don't come even close to Planescape:Torment, also hindered by the 'every line has voice acting' decision made by Bethesda, which severely limits the quantity of content available in the game.
I know that with things like OOO or Francesco's the level scaling and loot issues can be fixed, but the reviewers ought to review the game as it was published, not after the community spends countless hours fixing broken issues (also look at the unofficial oblivion patch for a ton of bugfixes).
have one admin with vmware player and a vm that mounts read-only the quarantine folder on the network where any 'suspect' doc is dumped (resumes, attachments from untrusted sources, whatever), in the vm convert the.doc to.pdf and put it in a separate directory that is instead accessible from everybody. Of course the vmware image should be configured NOT to have access to absolutely anything but this one 'quarantine' host.
Users then access the pdf files from the 'safe' area normally, if you want to just have the admin move files to separate subdirectories with appropriate user permissions.
If you don't want to have a designated person doing this, you could mandate that your users can use email only from within VMs (that don't have any sort of network access besides receiving email) and must convert to a different format before saving it on a shared folder on their local disk.
I think something along these lines (quarantine + conversion to a different format, whether centrally located on on everybody's box) should be mandatory for offices where they are expecting.docs from untrusted sources. After all if the HR person's desktop gets compromised you'll be in a LOT more pain than if somebody else's was, given the sensitivity of the information that generally is stored in there...
...they ought to give you a problem to solve and expect you to mail in the solution, something like 'ok, let's coordinate, sat morning at 8am I'll send you problem xyz by email, you mail back your code by 5pm, we'll discuss your solution during your follow up interview'.
There's no way that a prospective employer can reasonably expect to be able to look at your current production code, and if they do and they expect you to bend the rules of your current NDAs I'm not sure it'd be somebody I'd want to work for anyways.
DDR + wii remote at the same time would be quite cool and a full body workout, although I betcha anything they'd put Y-M-C-A among the songs you have to do that way:)
amen! 99% of the time I have the following maximized on my two screens:
left (1280x1024) - firefox right (1920x1200) - emacs/eclipse depending if I'm programming C, python or java at the time, + some random rxvts to alt-tab to
I don't think I have seen my desktop background in months: who cares about themes! As long as windows have some sort of a (small) title bar and (even smaller) borders that I can use to resize them I'm as happy as can be. All these screenshots of people with 4-5 windows taking up 1/4th of the screen max boggle me: why waste screen real estate? Heck, if I had of those 2500x1600 30" monitors I would *still* have most things maximized.
What I find frustrating is that so many can't get it into their heads is that sometimes a cog is needed.
cogs are needed sometimes, that's what consultants are for (and why they cost so much). If you try to hire a consultant for the pay of an employee, you'll end up with neither likely, because an employee wants to be more than a cog (and will leave if you treat him like one) and a good consultant won't even look at you unless you pay a good rate.
Then why haven't they? 95% of the people we get applying for jobs only know Java. They haven't even tried learning anything else. They teach java at the Univeristy, and java is all they think they need to know.
you have to define 'know', every ad I've ever seen requires 'business work experience' with whatever language it is that you are using. What you do in your spare time doesn't count, if on your resume they see that you worked for a C++ shop, well, if they need a java person they won't give you the time of day.
In my professional career I've programmed in C, Java, Python and Perl. At home I've dabbled in lisp, C++ and assembly: do you think I'd even be given an interview in a C++ shop? or in an embedded shop? not a chance! Also, if I had to write down the number of years, my C experience would dwarf the other three, which would make it next to impossible to get in a Java shop either.
It's always a chicken-and-egg issue: if you are hired for your skills odds are the company will require only the skills you already have, and won't allow you to get the 'business experience' in others you might want/need for another job later on...
Slashdot Mirror
In any case it'd be interesting to read about your point of view if you wouldn't mind sharing.
In any case, if you worked for me and pulled a stunt like that I'd be starting to look for your replacement asap: I pay you to do your job, not to prevent other people from doing theirs.
I don't think you've really understood what I was proposing (that or you're straw-manning me), of course just storing data on a USB stick would be pointless, what I have been proposing (to make it clearer) is:
= create two 1gig truecrypt volumes (possibly with different passwords)
= move one of said volumes to a usb token
= create an interleaved raid-0 2gig partition on top of the mounted truecrypt volumes
= store your files in the newly created partition
in order to access the files an attacker would need:
= your laptop
= your USB token
= your truecrypt passwords
in my opinion this is at least as strong as a 'typical' two-factor authentication, because it's something you have (the token with the second half of the filesystem) and something you know (the password).
Two-factor authentication (T-FA) (or dual factor authentication) is any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication, which requires only one authentication factor (such as knowledge of a password) in order to gain access to a system.
the 2-factor authentication does not imply that the physical side of things is completely secure: it just defines how something works. You can make two factor as secure or as easy to crack as you want, but it'd still be two-factor by design. for 'secure' two factor, maybe, but there is no such thing as 'proper' two factor. In any case, every time you use either the article's gizmo, a securid token, a smart card, etc. etc. etc. you're still trusting your supplier that they can't be duplicated: I am not sure if this trust is always warranted, as in my opinion a determined attacker with enough funds could just go in at the circuit level and do whatever. Just look at what happened with satellite cards, despite all the security measures (hardware & software) implemented in them, they still were broken time and time again.
having a physical USB token with a TC volume (esp. the kind that stores things in a steganographic way) is in my opinion practically equivalent security-wise to the article's 2-factor authentication if you're smart enough to have your token on your keychain or something (a lot more likely than somebody will steal your laptop than your token IMHO).
In any case if you want to increase the security of what I proposed nothing forbids you from getting TWO usb tokens, create truecrypt volumes on both of them, and then create an overlaid raid-0 striped partition on both of them: in this case an attacker would need to steal BOTH tokens and BOTH passwords to gain access to your files.
Schemes like these make it also very easy to mandatorily have multiple people there to open the files (say, all the directors, etc.). If you do things like RAID-5 you could also make it so that you could still access the information with N-1 USB tokens (in case one is lost).
I do think that these solutions are safer than trusting a random crypto vendor, also this is why I have all my sensitive things (tax returns etc.) strictly on TC volumes.
..not just get a usb thumb drive and make it a big truecrypt volume?
I do own already both games and 2 guitars for my PS2, likelyhood of me re-buying the games and the guitars is pretty slim...
if they ever plan to re-release GH1 with the GH2 engine (as GH1's songs are in general better than GH2, but GH2 is so much nicer to play given that HO/PO actually work)
how can you assume that all 300 'first employees' had the same amount of stock options? I've seen before startups where if you are employee 1-10 you get a couple million options at $0.01, if you are employee 11-50, you get several hundred thousand stock options at $0.50, while if you are employee #51 and up (after the higher ups decide that the startup is viable, that it will go public, and that the less dilution the better) you get maybe 5,000 options at $5.00. When you go public and/or get acquired, although employees #51 and up will get a nice bonus, only 1-50 will actually have enough money to quit and do whatever (11-50 for a few years, 1-10 for the rest of their lives).
I strongly doubt that the first 300 google employees were treated the same way compensation-wise.
from http://en.wikipedia.org/wiki/PC_Load_Letter
that's also why I haven't really ever found that particular line in office space all that funny (unlike the rest of the movie).
I take it means that likely the instructions come on letter-formatted pdfs etc. and the printer (like most printers in Europe) only has a4 sheets loaded (hence the 'load letter' message)
try doing that as a vegan/veggie and you'll see that having a vegan/veggie-friendly cafeteria onsite would be great.
In my opinion the only big minuses with working for google are that
#1 it's in the valley (plenty of nicer places to live in the US/Canada, of course if you live to work this doesn't really matter)
#2 everybody and their dog is applying to work there, which means that the odds of the company culture deteriorating are not insignificant (not to mention that the bigger the company the more likely that it will become a series of fiefdoms and so on)
#3 given #2 the interview process is way way way way too convoluted and drawn out, but that's just to be expected with the sheer volume of resumes they receive: the downside is that it will turn away a lot of really qualified folks, since in general people at a certain level of competency/employability won't feel like putting up with that (since on average they'll have plenty of other companies vying for their services and honestly, you wouldn't want to hire somebody that's just going through the motions for a few months at their current job just waiting for your call, would you? that wouldn't be exactly the type of ethics you ought to go for IMHO).
My teachers (from grade school to college) had no problems gesturing and writing on whiteboards all day, also something tells me that painters, form carpenters, etc. etc. (especially in days gone by, without power nailers and spray guns) can keep their hands up in the air all day long no problem.
yeah, I just wish vmware didn't do the 'you want to run it on a different platform? too bad, you have to buy it all over again' thing :(
that's what I'm doing at the moment (I have a license for linux, but had to switch to windows as the host OS) but I do miss workstation, which I think is better than server.
vmware is one of the few companies where a bought and paid for vmware workstation license is strictly platform related, if you buy a linux license you can't use it on windows and vice-versa (in this case on mac as well). I would like to be able to run vmware workstation regardless of what base OS I am using...
I still can't understand why this game gets so many top honors, yes, graphically it's quite nice (especially with fan-made add-ons) but that's about it: the unrealistic and immersion-breaking item/level scaling decisions made when creating the game should definitely put it in the 'the game would've been great if...' category. And the plot/writing don't come even close to Planescape:Torment, also hindered by the 'every line has voice acting' decision made by Bethesda, which severely limits the quantity of content available in the game.
I know that with things like OOO or Francesco's the level scaling and loot issues can be fixed, but the reviewers ought to review the game as it was published, not after the community spends countless hours fixing broken issues (also look at the unofficial oblivion patch for a ton of bugfixes).
have one admin with vmware player and a vm that mounts read-only the quarantine folder on the network where any 'suspect' doc is dumped (resumes, attachments from untrusted sources, whatever), in the vm convert the .doc to .pdf and put it in a separate directory that is instead accessible from everybody. Of course the vmware image should be configured NOT to have access to absolutely anything but this one 'quarantine' host.
.docs from untrusted sources. After all if the HR person's desktop gets compromised you'll be in a LOT more pain than if somebody else's was, given the sensitivity of the information that generally is stored in there...
Users then access the pdf files from the 'safe' area normally, if you want to just have the admin move files to separate subdirectories with appropriate user permissions.
If you don't want to have a designated person doing this, you could mandate that your users can use email only from within VMs (that don't have any sort of network access besides receiving email) and must convert to a different format before saving it on a shared folder on their local disk.
I think something along these lines (quarantine + conversion to a different format, whether centrally located on on everybody's box) should be mandatory for offices where they are expecting
...they ought to give you a problem to solve and expect you to mail in the solution, something like 'ok, let's coordinate, sat morning at 8am I'll send you problem xyz by email, you mail back your code by 5pm, we'll discuss your solution during your follow up interview'.
There's no way that a prospective employer can reasonably expect to be able to look at your current production code, and if they do and they expect you to bend the rules of your current NDAs I'm not sure it'd be somebody I'd want to work for anyways.
yeah, because of course all our executives are going to vote for their own jobs to be outsourced right?
DDR + wii remote at the same time would be quite cool and a full body workout, although I betcha anything they'd put Y-M-C-A among the songs you have to do that way :)
amen! 99% of the time I have the following maximized on my two screens:
left (1280x1024) - firefox
right (1920x1200) - emacs/eclipse depending if I'm programming C, python or java at the time, + some random rxvts to alt-tab to
I don't think I have seen my desktop background in months: who cares about themes! As long as windows have some sort of a (small) title bar and (even smaller) borders that I can use to resize them I'm as happy as can be. All these screenshots of people with 4-5 windows taking up 1/4th of the screen max boggle me: why waste screen real estate? Heck, if I had of those 2500x1600 30" monitors I would *still* have most things maximized.
cogs are needed sometimes, that's what consultants are for (and why they cost so much). If you try to hire a consultant for the pay of an employee, you'll end up with neither likely, because an employee wants to be more than a cog (and will leave if you treat him like one) and a good consultant won't even look at you unless you pay a good rate.
you have to define 'know', every ad I've ever seen requires 'business work experience' with whatever language it is that you are using. What you do in your spare time doesn't count, if on your resume they see that you worked for a C++ shop, well, if they need a java person they won't give you the time of day.
In my professional career I've programmed in C, Java, Python and Perl. At home I've dabbled in lisp, C++ and assembly: do you think I'd even be given an interview in a C++ shop? or in an embedded shop? not a chance! Also, if I had to write down the number of years, my C experience would dwarf the other three, which would make it next to impossible to get in a Java shop either.
It's always a chicken-and-egg issue: if you are hired for your skills odds are the company will require only the skills you already have, and won't allow you to get the 'business experience' in others you might want/need for another job later on...