Securing data against intrusion and theft is really hard. If your data is an attractive target, you're basically putting yourself in a perpetual arms race which you can win only by continually investing a lot of money into it, and only by hiring really good people and listening to them. Some organizations don't want to spend money. Many don't want to listen to their security people when the security advice gets in the way of business goals.
But that's the easy problem.
The hard problem is securing data against your own employees. It begins with treating them so well that they have no incentive to screw you. Few companies want to do what that costs. But no matter how well you do that, you still have to defend against clever, malicious insiders who are disgruntled (in spite of treating them well). This is really hard because many of the people you're defending against actually need access to the data and/or the systems on which it resides. To secure it against them you need layered defenses, separated networks and audited access control points in all of the above -- which also requires very careful ACL management (much, much harder than it appears). Oh, and you really have to audit the accesses, which is neither easy nor cheap. Of course you also need all the typical IT security stuff; control the hardware on your networks, the software on your hardware, etc. Keeping malware out is extremely hard, but at least you can buy products which help (somewhat) with that. Most of the rest of the stuff just requires good staff and lots of resources. It's much more expensive than products.
But that's still the easy part of the hard problem. The hard part of the hard problem is securing your data against honest, well-intentioned employees. People make mistakes. People get social-engineered. Good people intentionally subvert security controls because they know they're not doing anything malicious (and they're not!) but just finding ways to be more efficient. To deal with this, you need lots of things. Start with regular employee security training, repeated fairly frequently, and carefully customized to be relevant for each group of employees. Next you also need oversight from security in all areas of your systems design and deployment, with regular audits. The goal of the security oversight is to ensure that separation of authority and prevention of leakage is built into every part of your systems, from the ground up (note that this will hugely complicate (read $$$) the integration of software you purchase to run your operations). Next, you need to regularly attack your own systems. You should have internal teams who are focused on finding ways to defeat your own security countermeasures. These teams should have full access to all system information, and a very broad permission to use whatever means will work. It's a good idea to rotate the people who design your security systems through your attack teams. Oh, and you need oversight and auditing for the attack teams. Finally, you need executive commitment to do all of the above even though it's expensive, complicated and occasionally embarrassing. Part of that commitment must include not coming down hard on people who have been found to make honest mistakes or overlook things. You must foster a culture of finding and fixing problems, rather than seeking scapegoats. That's perhaps the hardest part of all.
Now... who thinks their company is capable of doing that? In my career (some 20 years in the business, 15 of them as an expensive consultant) I've found none who could do it all, and perhaps three who could do enough of it to really give me confidence in their security posture. Two of the three were military.
BUT! There's a really simple, (technically) very easy solution. Here it is, for free: Don't store sensitive data. If you must touch it, keep it isolated and ephemeral. If you don't have to touch it, don't!
It's super easy to secure data you don't have. If you think you do have to store sensitive
My dad's neighbor's Wifi SSID was "penismightier". It surprised me the first time I saw it (this is a pretty conservative Mormon area) until I manged to mentally reparse it. I pointed it out to my dad, who said he'd been laughing about it every time he saw it, ever since they set it up. My mom finally mentioned it to the neighbors one day and they were shocked and horrified. They had never noticed the "phallic" parse, believe it or not. They changed it immediately.
No they are not. They are driving on nice marked roads in sunny areas. They are not driving in snow, ice, have rain, unmarked roads, gravel roads, mountain roads, heavy fog, etc.
The claim was that cars couldn't "navigate from one end of a big city to the other - without using the city's ring roads, but really going through city traffic, dealing with traffic lights, cyclists, detours, and all the other unexpected obstacles thrown at city drivers."
No, most of the miles driven by Google's cars have been with the highway-speed versions, not the newer custom-built versions that are currently being tested on city streets, and are limited to 25 mph.
The Amendment system works well for areas where people generally agree, but poorly for highly contentious ideas.
Which means the system is working as intended. The Constitution is not supposed to be changed unless and until there is very broad agreement that the change is a really good idea.
Many in my family have received medals, Gold, Bronze, Silver Stars to name those I remember clearly, there where others, over the courses of their military careers. In each case it was because they put there lives on the line for their country.
They also got other medals for other things. Ask them. Not all medals are about valor.
It sure beats paying more. At least on the expenses level.
Base pay is associated with rank, which is a separate thing. Earning important medals will definitely improve your chances of promotion which will get you more money but by design the two are separate, and not for fiscal reasons.
And this is what we're reduced to.
Now we have participation trophies in the military.
Everyone's a winner.
What's the point of these if everyone gets them?
There are different medals for different things, and you'd better believe that members of the military look at, say, a Silver Star or a Distinguished Service Medal very differently from an achievement medal. Medals of lower value do still have value. The offer a chance for recognition in front of your peers, in a persistent way (since you wear ribbons or medals on some of your uniforms), they provide a persistent proof of competence and capability in your personnel file (helpful for determining promotions), and they document important and meaningful aspects of your career, such as that you were in an active combat theater with its concomitant risks, even if you didn't actually get injured or do anything heroic. To an experienced service member, a glance at another person's "fruit salad" tells you a lot about who they are and what they've done, not merely by the number of commendations but by their type.
At this point merchants are starting to give me the stink-eye for not having a C&P card as they now have to pick up the tab for fraudulent transactions.
They don't have to pick it up......if the bank hasn't sent you a C&P card, but the merchant has a C&P card reader, then it's up to the bank to pay for fraud.
A little more detail might be good: This is what's known as the "liability shift rule". It was enacted by all of the major credit card associations and individual issuers in the US last year. What it means is that when a transaction is found to be fraudulent, the chain of participants in the transaction is examined, and the first one in the chain that doesn't support the chip technology is liable for the fraud. The chain includes: The bank who issued the card, the merchant who accepted the card, the acquiring bank who processed the transaction, the clearinghouse who routed the transaction and the bank who processed the payment (almost always the same as the card issuer, though it's worth calling out twice because a bank could issue chip cards but not implement the backend system changes needed to process and validate them correctly).
The broader question is whether this is how it should be.
With the law as it stands, companies aren't well motivated to prevent breaches.
Maybe, but it makes sense that the party who is actually harmed is the party who has standing to sue. Who was harmed? The issuers of the credit cards (which is banks, mostly) and the merchants who accepted payments made with the stolen cards. Mostly the latter.
So, really, it should be all of the merchants who got ripped off who should band together and sue Michaels. But they won't because not only are lawsuits a pain, but if they did they'd establish a precedent which might someday place them in the crosshairs of such a suit.
The real solution, though, is not to find ways to motivate merchants to properly secure their databases of credit card numbers, but to get rid of theft-prone credit card numbers entirely. Technology provides many better options for conducting credit transactions. Using them requires work on the part of both banks and other credit card issuers and merchants.
Has anyone here met an Uber driver who is making a comfortable living driving for Uber full time? I haven't.
I have, or at least one who was making a better living driver for Uber than driving a cab. I had a long chat with an Uber driver in London who had previously worked in IT (helpdesk, I'm guessing, I didn't go into detail on that) and as a minicab driver. He said he made better money driving than working IT, and slightly better than driving a minicab. He said the real thing that drew him to Uber over the minicab, though, wasn't the money but the flexibility. He liked being able to pick his own hours, so he could take his kids to school when his wife had to work, or so he could leave work for an hour or two mid-day to attend an event at his kids' school, etc.
I can't say that he was "comfortable", but he seemed to think he was doing okay, and felt that Uber gave him a better opportunity to make a living while being the kind of husband and father he wanted to be than the other options available to him.
Germany checking in: I've yet to be in a poor German taxi. The cars have been in excellent condition, the drivers knew what they were doing, the prices were transparent and offered value for money. No complaints so far!
That's a bunch of opinion... For it to carry any weight you might want to consider backing it up with some facts...
Given their numbers, and the fact that NH only has 3,300 voters per representative, it would be trivial for them to elect a couple of dozen third-party candidates in office.
Well, not trivial, because they'd all have to choose where to live with careful coordination, to spread themselves across voting districts in the right proportions.
Still, with careful planning they could get a pretty strong representation. Assuming 50% voter turnout (and 100% free-stater turnout), they'd need to place 825 free-staters in each targeted voting district to guarantee a win for their candidate. Assuming the natives don't unite against them, they might be able to place as few as 600 or so free-staters in each and still pull it off, which would allow them to elect 33 representatives, giving them 8% of the House. If they could identify and choose districts where non-trivial numbers of the natives would vote with them, they could do even better.
Do you know of any report that has done that analysis? I've seen lots of analyses that correlate gun ownership with gun homicide, but that's not really very informative, since it could just mean that people choose the tools that are available when they want to commit murder, not that the availability of the tools actually makes society more dangerous.
Now if, there is a strong correlation between gun ownership and total homicide rate, that may indicate that the presence of guns makes societies more dangerous -- or it may indicate that people living in dangerous societies prefer to own guns, or that some third factor causes both high violence and a tendency to permissiveness with respect to firearms. But at least such a correlation would say something, while the analyses I've seen between gun ownership and gun homicides really don't.
Of course, I suspect that your assertion -- that gun ownership is not correlated with homicide rate -- is correct. But I'd like to see it, and I'm too lazy to do it myself:-)
Slashdot Mirror
Securing data against intrusion and theft is really hard. If your data is an attractive target, you're basically putting yourself in a perpetual arms race which you can win only by continually investing a lot of money into it, and only by hiring really good people and listening to them. Some organizations don't want to spend money. Many don't want to listen to their security people when the security advice gets in the way of business goals.
But that's the easy problem.
The hard problem is securing data against your own employees. It begins with treating them so well that they have no incentive to screw you. Few companies want to do what that costs. But no matter how well you do that, you still have to defend against clever, malicious insiders who are disgruntled (in spite of treating them well). This is really hard because many of the people you're defending against actually need access to the data and/or the systems on which it resides. To secure it against them you need layered defenses, separated networks and audited access control points in all of the above -- which also requires very careful ACL management (much, much harder than it appears). Oh, and you really have to audit the accesses, which is neither easy nor cheap. Of course you also need all the typical IT security stuff; control the hardware on your networks, the software on your hardware, etc. Keeping malware out is extremely hard, but at least you can buy products which help (somewhat) with that. Most of the rest of the stuff just requires good staff and lots of resources. It's much more expensive than products.
But that's still the easy part of the hard problem. The hard part of the hard problem is securing your data against honest, well-intentioned employees. People make mistakes. People get social-engineered. Good people intentionally subvert security controls because they know they're not doing anything malicious (and they're not!) but just finding ways to be more efficient. To deal with this, you need lots of things. Start with regular employee security training, repeated fairly frequently, and carefully customized to be relevant for each group of employees. Next you also need oversight from security in all areas of your systems design and deployment, with regular audits. The goal of the security oversight is to ensure that separation of authority and prevention of leakage is built into every part of your systems, from the ground up (note that this will hugely complicate (read $$$) the integration of software you purchase to run your operations). Next, you need to regularly attack your own systems. You should have internal teams who are focused on finding ways to defeat your own security countermeasures. These teams should have full access to all system information, and a very broad permission to use whatever means will work. It's a good idea to rotate the people who design your security systems through your attack teams. Oh, and you need oversight and auditing for the attack teams. Finally, you need executive commitment to do all of the above even though it's expensive, complicated and occasionally embarrassing. Part of that commitment must include not coming down hard on people who have been found to make honest mistakes or overlook things. You must foster a culture of finding and fixing problems, rather than seeking scapegoats. That's perhaps the hardest part of all.
Now... who thinks their company is capable of doing that? In my career (some 20 years in the business, 15 of them as an expensive consultant) I've found none who could do it all, and perhaps three who could do enough of it to really give me confidence in their security posture. Two of the three were military.
BUT! There's a really simple, (technically) very easy solution. Here it is, for free: Don't store sensitive data. If you must touch it, keep it isolated and ephemeral. If you don't have to touch it, don't!
It's super easy to secure data you don't have. If you think you do have to store sensitive
There is a reason the difference between a Moron and a Mormon is a single letter.
Because Mormons tend not to have dirty minds? I'm a Mormon, BTW.
The penis, mightier than the sword.
My dad's neighbor's Wifi SSID was "penismightier". It surprised me the first time I saw it (this is a pretty conservative Mormon area) until I manged to mentally reparse it. I pointed it out to my dad, who said he'd been laughing about it every time he saw it, ever since they set it up. My mom finally mentioned it to the neighbors one day and they were shocked and horrified. They had never noticed the "phallic" parse, believe it or not. They changed it immediately.
The response to offensive speech is speech that drowns out the offensive speech?
I suppose to Kim Jong Il that's an obviously-true statement. Well, when one can't just shoot the source of the offensive speech, anyway.
No they are not. They are driving on nice marked roads in sunny areas. They are not driving in snow, ice, have rain, unmarked roads, gravel roads, mountain roads, heavy fog, etc.
The claim was that cars couldn't "navigate from one end of a big city to the other - without using the city's ring roads, but really going through city traffic, dealing with traffic lights, cyclists, detours, and all the other unexpected obstacles thrown at city drivers."
Which Google's cars already are doing.
A million miles at no higher than 25mph.
http://www.nbcnews.com/tech/te...
No, most of the miles driven by Google's cars have been with the highway-speed versions, not the newer custom-built versions that are currently being tested on city streets, and are limited to 25 mph.
The Amendment system works well for areas where people generally agree, but poorly for highly contentious ideas.
Which means the system is working as intended. The Constitution is not supposed to be changed unless and until there is very broad agreement that the change is a really good idea.
Many in my family have received medals, Gold, Bronze, Silver Stars to name those I remember clearly, there where others, over the courses of their military careers. In each case it was because they put there lives on the line for their country.
They also got other medals for other things. Ask them. Not all medals are about valor.
It sure beats paying more. At least on the expenses level.
Base pay is associated with rank, which is a separate thing. Earning important medals will definitely improve your chances of promotion which will get you more money but by design the two are separate, and not for fiscal reasons.
And this is what we're reduced to. Now we have participation trophies in the military. Everyone's a winner. What's the point of these if everyone gets them?
There are different medals for different things, and you'd better believe that members of the military look at, say, a Silver Star or a Distinguished Service Medal very differently from an achievement medal. Medals of lower value do still have value. The offer a chance for recognition in front of your peers, in a persistent way (since you wear ribbons or medals on some of your uniforms), they provide a persistent proof of competence and capability in your personnel file (helpful for determining promotions), and they document important and meaningful aspects of your career, such as that you were in an active combat theater with its concomitant risks, even if you didn't actually get injured or do anything heroic. To an experienced service member, a glance at another person's "fruit salad" tells you a lot about who they are and what they've done, not merely by the number of commendations but by their type.
At this point merchants are starting to give me the stink-eye for not having a C&P card as they now have to pick up the tab for fraudulent transactions.
They don't have to pick it up......if the bank hasn't sent you a C&P card, but the merchant has a C&P card reader, then it's up to the bank to pay for fraud.
A little more detail might be good: This is what's known as the "liability shift rule". It was enacted by all of the major credit card associations and individual issuers in the US last year. What it means is that when a transaction is found to be fraudulent, the chain of participants in the transaction is examined, and the first one in the chain that doesn't support the chip technology is liable for the fraud. The chain includes: The bank who issued the card, the merchant who accepted the card, the acquiring bank who processed the transaction, the clearinghouse who routed the transaction and the bank who processed the payment (almost always the same as the card issuer, though it's worth calling out twice because a bank could issue chip cards but not implement the backend system changes needed to process and validate them correctly).
The broader question is whether this is how it should be.
With the law as it stands, companies aren't well motivated to prevent breaches.
Maybe, but it makes sense that the party who is actually harmed is the party who has standing to sue. Who was harmed? The issuers of the credit cards (which is banks, mostly) and the merchants who accepted payments made with the stolen cards. Mostly the latter.
So, really, it should be all of the merchants who got ripped off who should band together and sue Michaels. But they won't because not only are lawsuits a pain, but if they did they'd establish a precedent which might someday place them in the crosshairs of such a suit.
The real solution, though, is not to find ways to motivate merchants to properly secure their databases of credit card numbers, but to get rid of theft-prone credit card numbers entirely. Technology provides many better options for conducting credit transactions. Using them requires work on the part of both banks and other credit card issuers and merchants.
Most Java "fans" I know are considerably less "rabid" than devotees of more trendy languages (I'm looking at you, Ruby). Just my experience.
Absolutely. "Rabid Java fan" reads about the same to me as "Rabid COBOL fan". I mean, it's not impossible, but why?
Has anyone here met an Uber driver who is making a comfortable living driving for Uber full time? I haven't.
I have, or at least one who was making a better living driver for Uber than driving a cab. I had a long chat with an Uber driver in London who had previously worked in IT (helpdesk, I'm guessing, I didn't go into detail on that) and as a minicab driver. He said he made better money driving than working IT, and slightly better than driving a minicab. He said the real thing that drew him to Uber over the minicab, though, wasn't the money but the flexibility. He liked being able to pick his own hours, so he could take his kids to school when his wife had to work, or so he could leave work for an hour or two mid-day to attend an event at his kids' school, etc.
I can't say that he was "comfortable", but he seemed to think he was doing okay, and felt that Uber gave him a better opportunity to make a living while being the kind of husband and father he wanted to be than the other options available to him.
Germany checking in: I've yet to be in a poor German taxi. The cars have been in excellent condition, the drivers knew what they were doing, the prices were transparent and offered value for money. No complaints so far!
That's a bunch of opinion... For it to carry any weight you might want to consider backing it up with some facts...
(http://tech.slashdot.org/comments.pl?sid=8578249&cid=51254733)
Given their numbers, and the fact that NH only has 3,300 voters per representative, it would be trivial for them to elect a couple of dozen third-party candidates in office.
Well, not trivial, because they'd all have to choose where to live with careful coordination, to spread themselves across voting districts in the right proportions.
Still, with careful planning they could get a pretty strong representation. Assuming 50% voter turnout (and 100% free-stater turnout), they'd need to place 825 free-staters in each targeted voting district to guarantee a win for their candidate. Assuming the natives don't unite against them, they might be able to place as few as 600 or so free-staters in each and still pull it off, which would allow them to elect 33 representatives, giving them 8% of the House. If they could identify and choose districts where non-trivial numbers of the natives would vote with them, they could do even better.
When I lived there I quickly discovered it really means Do exactly as the people with money and power tell you to, or Die, Motherfucker!
Interesting. Got any examples?
Do you know of any report that has done that analysis? I've seen lots of analyses that correlate gun ownership with gun homicide, but that's not really very informative, since it could just mean that people choose the tools that are available when they want to commit murder, not that the availability of the tools actually makes society more dangerous.
Now if, there is a strong correlation between gun ownership and total homicide rate, that may indicate that the presence of guns makes societies more dangerous -- or it may indicate that people living in dangerous societies prefer to own guns, or that some third factor causes both high violence and a tendency to permissiveness with respect to firearms. But at least such a correlation would say something, while the analyses I've seen between gun ownership and gun homicides really don't.
Of course, I suspect that your assertion -- that gun ownership is not correlated with homicide rate -- is correct. But I'd like to see it, and I'm too lazy to do it myself :-)