I work at a Saas provider. Although I think I have a better view at aspects that define good 'service operations' I see few customers demanding security. This means it has lower priority and therefore I cannot make the 'business case' for ISO 27k1 or PCI DSS level 1. Maybe good to mention that we are no bank or insurance company but we deal with personal data.
Practically you are right, theoretically one can discuss that. Practically it is discussed in topics 'larger than life' (religiion,...) and the largest denominator 'is right'.
I always considered the dichotomy to be true: An engineer has to deal with stuff that is practically interesting and a scientist does not. For instance in EE (my field) there is little interest in radio bulbs but a lot of interest in silicon. These are all practical/monetary considerations (even though I hardly touch any of the stuff itself).
Exception reported on Wed Dec 15 17:20:02 CET 2010 from... Cannot query XXX database with query SELECT * FROM YYY Table \'./XXX/YYY\' is marked as crashed and should be repaired at
I'll tell you why we need so many IP's... Many email servers are restricted in the amount of emails per hour they allow from 1 IP. One of our customers has 300.000 subscribers (their own customers!) and about 100.000 are from hotmail. They would like to deliver their email within the hour.
Hotmail will not allow more than X connections and Y emails per session per IP to one of their Z email servers. So I have this special software from port25.com which will allow me to create A virtual mailservers. I just have to feed that software some IP's.
The maximum rate is dependant on the 'reputation' of the IP (see e.g. senderscore.org). A fresh IP is 'cold' and has to be 'warmed up' (it takes a couple of months). A warm IP is therefore an asset to our company.
This is definately NOT flamebait. Guess why the US has most criminals (http://www.nationmaster.com/graph/cri_pri_per_cap-crime-prisoners-per-capita). That is definately a social issue (hard to pinpoint exactly). Well, not more flamebait than TFA itself.
Option 3: The engineers really hated to create a good encryption scheme so they faked #1 or #2. All you have to do is sell it to a marketeer (i.e. *AA): they buy anything.
I think the answer lies in the amount of risk that you are willing to take when you don't follow procedure (e.g. a test cycle) compared to the risk you take when you do follow one.
At the moment I work at a small company: there is no test team and there is no team that formally accepts responsability.
You can rent a virtual server for a couple of euro's a month, use it as proxy over an encrypted connection,... profit. Once you have a working internet connection, you can transfer data.
The only correct answer imho. Most people do not take prior work along and it is hard to distinguish theirs from their collegues. We have a LAMJ setup and it is hilarious how many people cannot even create proper code like "bla".equals(inputField) when their resume says they are Sun Certified Java Programmers. Secondly: it is a skill to follow an existing style of coding (even if it is not the most elegant). Something that is necessary in large codebases. Our test is 2 to 3 hours and we also regularly ask 'how are things going', along the way (i.e.: they should have an opinion). They should be able to communicate about the current state and problems they encounter and/or work around that.
Slashdot Mirror
I work at a Saas provider. Although I think I have a better view at aspects that define good 'service operations' I see few customers demanding security. This means it has lower priority and therefore I cannot make the 'business case' for ISO 27k1 or PCI DSS level 1. Maybe good to mention that we are no bank or insurance company but we deal with personal data.
Practically you are right, theoretically one can discuss that. Practically it is discussed in topics 'larger than life' (religiion, ...) and the largest denominator 'is right'.
I always considered the dichotomy to be true: An engineer has to deal with stuff that is practically interesting and a scientist does not. For instance in EE (my field) there is little interest in radio bulbs but a lot of interest in silicon. These are all practical/monetary considerations (even though I hardly touch any of the stuff itself).
Can you give a reference to this 'fact'?
I guess there will be two kinds of admins: Those who control the borg and those who replace dead parts.
There are more assets than 'my data' being available or not. For instance reputation: http://www.linuxmagic.com/power_of_ip_reputation.
Yeah, good luck finding anyone who checks router logs and compares them to what 'should' be happening. :)
It's called an IDS and you can set rules for it. It should warn you.
The question is not _if_ they can own your privileges. The question is when, for how long and how much damage they do to your assets.
If you need loadable firmware and need to write CPU code to make it work: provide source.
Btw. are you asking a question or posing a statement?
Exception reported on Wed Dec 15 17:20:02 CET 2010 from ... Cannot query XXX database with query SELECT * FROM YYY Table \'./XXX/YYY\' is marked as crashed and should be repaired at
Our racks are full of servers with vga connectors, even the new ones.
And to think that some people can not envision war in their own country.
Most countries do not have global stability, only local (in mathematical sense).
Pricing the OS too high is the same mistake the Unices made. It cost them their head.
I'll tell you why we need so many IP's... Many email servers are restricted in the amount of emails per hour they allow from 1 IP. One of our customers has 300.000 subscribers (their own customers!) and about 100.000 are from hotmail. They would like to deliver their email within the hour.
Hotmail will not allow more than X connections and Y emails per session per IP to one of their Z email servers. So I have this special software from port25.com which will allow me to create A virtual mailservers. I just have to feed that software some IP's.
The maximum rate is dependant on the 'reputation' of the IP (see e.g. senderscore.org). A fresh IP is 'cold' and has to be 'warmed up' (it takes a couple of months). A warm IP is therefore an asset to our company.
This is definately NOT flamebait. Guess why the US has most criminals (http://www.nationmaster.com/graph/cri_pri_per_cap-crime-prisoners-per-capita). That is definately a social issue (hard to pinpoint exactly). Well, not more flamebait than TFA itself.
http://www.faa.gov/news/press_releases/news_story.cfm?newsId=11960
or maybe you noticed the 15 min delay...
like http://casper.frontier.nl/
Become an ISP yourself and get a free C block. It worked for us..
Everybody selectively adheres to the law as they see fit, most do so knowingly. I have yet to see a persion uphold to the law perfectly.
About this drug screening: does alcohol count? Because it causes many kinds of bad behaviour.
if I only had mod points now... For me: +1 insightful
Option 3: The engineers really hated to create a good encryption scheme so they faked #1 or #2. All you have to do is sell it to a marketeer (i.e. *AA): they buy anything.
I think the answer lies in the amount of risk that you are willing to take when you don't follow procedure (e.g. a test cycle) compared to the risk you take when you do follow one.
At the moment I work at a small company: there is no test team and there is no team that formally accepts responsability.
You can rent a virtual server for a couple of euro's a month, use it as proxy over an encrypted connection, ... profit. Once you have a working internet connection, you can transfer data.
They cannot write software to determine intent.
The only correct answer imho. Most people do not take prior work along and it is hard to distinguish theirs from their collegues. We have a LAMJ setup and it is hilarious how many people cannot even create proper code like "bla".equals(inputField) when their resume says they are Sun Certified Java Programmers. Secondly: it is a skill to follow an existing style of coding (even if it is not the most elegant). Something that is necessary in large codebases. Our test is 2 to 3 hours and we also regularly ask 'how are things going', along the way (i.e.: they should have an opinion). They should be able to communicate about the current state and problems they encounter and/or work around that.
That is an interesting idea: non-serializable languages.