Last place I worked a new employee on her first day, using the corporate e-mail system, sent one e-mail to her line manager saying how much she appreciated the opportunity and arranging a meeting later that week between them and sent another to her friend saying that she was going to slack-off, get trained up in new technologies, and leave as soon as the training stopped.
Well, that was the intention: she got the address-lines muddled and send the "slack-off" one to here new-but-very-soon-to-be-ex manager. I think her total employment was just over an hour.
Decision time: do I believe a random pedant on the internet or the Office for National Statistics? Hmm.
Pedant hint time: Always claim something is something (for example: potatoes are weeds), rather than something isn't something (Scotland isn't country). They probably didn't cover that on your introductory course.
Of course, it may be possible that this is, in some way, important for you - so important that you are willing to look argue the toss about it on the internet. In which case you have my sympathy, although I'd advise caring about something that matters instead.
Ohh - that would be wonderful revenge if you were stuck next to a loud talker. Get out your own phone and have a one-side conversation like:
You: Hello Phone:----- You: Yup - I'm flying to LA Phone: ---- You: Of course I'm OK to fly Phone: ---- You: No - the contagious period is probably over. Phone: You: Yes, really. Phone: You: No - I didn't get the OK from the doctor. But I feel fine. Phone: You: It's not anything like Ebola - stop being a drama queen. Phone: You: What medicine? etc
I thought that the dream of the unicorn was his transition from replicant to human (along with his falling in love with Rachel). Pointing towards that humanity is an accumulation of experience and a result of interactions with others, rather than a given state for an organism.
But the fact that the movie can even provoke such a discussion is a sign of a classic.
Blade Runner - the plot was fairly straightforward.
Replicants (the bad guys) return to earth and they are hunted down by a cop (the good guy). Cop kills all the replicants, but falls for another one, and they do a runner.
The questions that the plot raised - what made the replicants not human? what makes humans human? Was the cop human or not? How do we know our memories are real? - are all pretty deep, complex, and ambigious. Add to that top quality acting from everyone, superb cinematography, good backstory (a dank, dreary, rainy world), a good script (once they ditched the noir voice-over), and all the little touches (like the photos on Deckard's piano, the owl and the snake) some memorable lines (which are not endlessly requoted by the office wit, keeping them freash) and you have a great movie.
They make money from their service - definitely true. This does not equate to make a profit.
They can control the infringement - definitely true. They offer this as part of a licencing deal so it is not just on a case to case basis - it is on a company-wide basis.
This means that they do not comply with clause B, and they cannot be a safe harbor under the DMCA.
The only wriggle room I can see is if they say "They cannot control the infringement as they have to work with a third party to do so". I don't think this will fly if they try and set conditions on this.
Should YouTube be forced to create a whole division just to deal with, not copyright infringement (remember they already do that), but tracking what's popular and searching for it on their site?
Well, I've finally got round to RTFA and, unsurprisingly, my argument is the same as Viacom's. The added bit, which I think makes it a slam-dunk, is this
YouTube has even offered to find infringing content for copyright owners -- but only if they do a licensing deal first.
If this is the case they are clearly in breach of clause B. They gain financial benefit from the service and they have the ability to control the infringment (not that it does not say eliminate - just control).
By limiting safe harbor to ISPs, you effectively cripple the web.
There are several people replying to my comment with words to the effect of "That can't possibly be true because if it was the effects would be devastating." Sorry - that is not how the law works. It looks, from the badly worded clause, that YouTube are liable.
Here is the clause
In general.-- A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider-- (A) (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing; (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material; (B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; and (C) upon notification of claimed infringement as described in paragraph (3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.
To fall within this safe harbor YouTube would have to claim that they fall within clause A(ii) - if they are genuinely not aware of facts or circumstances from which infringing activity is apparent, then they are the only ones on the planet. Perhaps firing up their own search engine and looking for "The Daily Show" may be a clue.
The (B) clause is a bit more subtle that has been made out - in the case of the free ISP they are likely to lack the ability to control such activity. The fact that you can still find violating videos on YouTube by using search terms like "The Daily Show" is a bit of a red flag that the controls (such as vetting any contentious terms before publication) which could be used are not being used.
Of course, it also eliminates DMCA protection for anyone who makes a profit
There is (probably) no DMCA protection if you make a profit - I say probably because that clause is particularly badly-worded. The point of that get out I think was if an ISP let server space to somebody who infringed copyright then provided that the ISP didn't make any money out of the fact of the infringement then they were in the clear (but they could make money in the normal course of business by renting the server space).
What YouTube are doing does seem to be in breach of this - they (and not a customer) are directly advertising on infringing pages. Their argument that "We're advertising, but we don't know what we're advertising on" doesn't seem to fall within the clause above. This makes them liable. I'm not convinced of their argument that they are genuinely ignorant either - enough stuff seems to get pulled at quickly for decency reasons makes this seem weak. But that probably doesn't matter.
Anything that requires physical access to the target computer is outside the realms of computer security.
No it isn't. Physical security of computer system is but one part of computer security. The aim of computer security is to protect the following three things: confidentiality, integrity, and availability. If somebody nicks your computer then you've just lost two of these. Why do you think that datacenters are mini-fortresses? It is to give physical security. Personel security isn't outside the scope either - how should you vet your staff? Should you enforce two man working?
This is a firewall evaluated to EAL2 - are they completely insane? There are loads of EAL4 and EAL4+ firewalls that will give you much better protection than this. Not to mention a firewall running on a virtual machine - that is an extremely bad idea (I'm not sure if the product of the year is actually evaluated to EAL2 but the best they've got for any product seems to be that).
Intel SS4000-E - The SS4000-E is available as a barebones unit with no hard drives for $550 or fully loaded (2TB) for $2000
Huh - why not buy a fully stocked unit from Buffalo for $1250 - ah margin.
There are three parts to IT security - confidentiality, integrity, and availability. An IT security policy must balance these. Your solution sacrifices availability. Maybe in some situations it is worth it, but in others it won't be. You say data should be secure - what do you mean? If data is on a public web server you know it isn't confidential, but you definitely want the webserver to be up, and you certainly don't want anyone unauthorised to change it.
In your example (which boils down to two man working, essentially) you have increased the cost of support - is it worth paying? That depends - what are you relying on to enforce it (procedural or technical measures, a combination of these)? What are you protecting?
There is also the rather tricky problem of defining who the owner is. If you have a data area with multiple people accessing it how do you put in sensible processes to manage this, and to recover the data when Fred fubars the spreadsheet. How do you audit use of the data (and do you even bother)?
There are ways to cope with all of this, but a blanket "you lose your password, you lose your information (unless you put into action this very expensive process)" isn't a panacea.
Finally - you say "all data in business can be reproduced, at the cost of time and effort". The first part, generally, isn't true. The "cost time and effort" also is misleading - sure, there will be problems where pouring money at them will get you better answers, but the business can't afford it (and it wouldn't be the first business that went down because they had an inappropriate security policy). It's a paradox, I suppose - important data is the only sort you can't afford to recover, because if it wasn't important you wouldn't need to.
I simply feel that by the time you're talking about the "end users" of a computing environment, the users should come first.
Nope - the assurance of the system comes first. You've seen what happens when users are put first - see Microsoft security flaws ad nauseum. Then you allow the users as much freedom as you think they should be allowed. I know that sounds arrogant but its not really - every freedom you give users has to be counterbalanced by some other security measure. Too much freedom and you cannot secure the system to the required level, too little and your users are unproductive.
It shouldn't become a career getting paid to keep up with all the design flaws in commercial products and placing artificial restrictions on their use in an environment.
That really isn't what it is all about. Disaster recovery, business continuity, physical security (where should the server room be, how should you get access to it? Where do the users use the system? Who else has access?). Data link - private/VPN. How good encryption (if any) should you use for data at rest and on the wire? Confidentiality/Intergity/Availability (or CIA) - which of these are you trying to assure? Application security - both in development and deployment of COTS are a part of it, but only a small part.
For starters, I'm of the opinion that the user *must* come first - so maybe I'm fundamentally at odds with the basic premise of their work.
Yes, you are at odds with the basic premise. What comes first is the risk analysis. What are you trying to protect? What are the threats? Who are the agents attacking it? Are you trying to keep something confidential, or are you trying to preserve integrity, are you trying to keep availability of the system?
Then, when you know what you are trying to achieve, you can then design a system that achieves it. You obviously try to maximise usability within the constraints that you have identified, but you are not a slave to it. Lots of environments - not just government controlled have these requirements - medical computers, power generation, financial industry, building control systems and so on.
A "security expert" could surely come into 99.9% of households and implement hundreds of rules that would make the place more secure against break-ins and theft.
No - A security idiot would do this. There are lots of experts - usually your local police force - who will give good advice: deadlocks, windows locks, prickly plants below ground floor windows, that kind of thing. You could give a long list of rules, but any sensible security person would not. However, what you would be advised to do will be different in different cases: in high crime area you may be advised to get a better door if yours is weak. This comes down to the risk analysis mentioned.
With computing, at the end of the day, you *still* have to grant access to sensitive data/documents to certain people
Yes - the skill is making sure that you are granting the right access to the right people, and you know when they accessed it, or changed it, or printed it: Authentication, Authorisation, Auditing - one of the trinities of security. How well you need to know depends on, you guessed, your risk analysis.
The quote is also a link, that goes to a page, that does not have the quote on it. To correct the stunningly wrong submission is not elitist any more than tidying up garbage is elitist.
Wikipedia is trying hard for quality, hence the importance of copy editors - those quick edit users who do a lot of banging articles into shape.
Depends what you mean by quality - grammatically correct and logically ordered is one thing. Actual content - possibly in rough and ready form - is another.
What JW is (apparently) arguing is that what he considers the contributions to wikipedia is best measured by "edits", and that by this metric there is a hardcore of 500 users that do most of the work.
What the article argues is that the a better measure of of contribution to wiki is raw material, and that far from 500 people doing it, it is actually orders of magnitude more than this.
My opinion is that anyone treating all edits are equal and using that to derive a metric for measuring user contributions to the site is using a seriously flawed method. Selling the output of this method as "The Truth about who Created Wikipeida (or the Tale of the Noble 500") is just trying to invent history to fit their preconceived notions.
"the claim that tires are usually found on cars should be obvious to most people".
Hmm - obvious but wrong. The number of bicycles in the world is more than double the number of cars so tires are usually found on bicycles. The number of tires not on cars is much greater than the number of tires on cars.
I know it seems a pedantic point, but it's not when it is a context of an encyclopedia.
Re:Institute To Blow Smoke Into Uncomfortable Plac
on
Hacker Boot Camp
·
· Score: 2, Informative
While "Institute of Certified E-Commerce Consultants" has a nice ring to it, it's a little ambiguous.
I bought Windows XP, and I have notepad.exe and I cracked it to make it display the cursor line number [nikse.dk].
While cool, it's a bit pointless as described. From the link
To edit my code i like to use Note-pad. But one disadventage of Notepad is that it doesn't show linenumbers. So when the compiler gives an error with linenumber, i have to load another editor to find the line with the error.
Obviously he wasn't aware that (ctrl)+g brings up a dialog box where you can enter the line number that you want to go to.
Nobody, except HR, really cares about the attachments - people will find a way to waste time if that is their inclination.
But you still couldn't allow any other e-mail client (regardless of how restricted it was, although that then opens another can of worms about how you can demonstrate compliance with whatever standard you had on all devices attached to your network). You want to make sure that nobody can e-mail out any information that isn't recorded by your corporate systems (or information in, for that matter).
Not all requirements are this strict, but I can't see a niche for a "locked-down client for personal use."
Slashdot Mirror
I think there is an implied "still in use" in the statement - otherwise this is a list - http://en.wikipedia.org/wiki/Timeline_of_programming_languages suggests there are older ones still, and Lisp wasn't even third by any stretch.
Just sign the patent application in blood. Then they'll have your DNA sequence.
You'd be surprised.
Last place I worked a new employee on her first day, using the corporate e-mail system, sent one e-mail to her line manager saying how much she appreciated the opportunity and arranging a meeting later that week between them and sent another to her friend saying that she was going to slack-off, get trained up in new technologies, and leave as soon as the training stopped.
Well, that was the intention: she got the address-lines muddled and send the "slack-off" one to here new-but-very-soon-to-be-ex manager. I think her total employment was just over an hour.
The government calls them countries: http://www.statistics.gov.uk/geography/glossary/c. asp
Decision time: do I believe a random pedant on the internet or the Office for National Statistics? Hmm.
Pedant hint time: Always claim something is something (for example: potatoes are weeds), rather than something isn't something (Scotland isn't country). They probably didn't cover that on your introductory course.
Of course, it may be possible that this is, in some way, important for you - so important that you are willing to look argue the toss about it on the internet. In which case you have my sympathy, although I'd advise caring about something that matters instead.
If y = x + (n/x) then dy/dx = 1 -n/x^2
As we know it is a extrema then dy/dx= 0 therefore n/x^2 = 1, => n = x^2, => x = n^(1/2).
Which someone else said was the answer somewhere else.
Now, the problem with m marbles and f floors....
Ohh - that would be wonderful revenge if you were stuck next to a loud talker. Get out your own phone and have a one-side conversation like:
You: Hello
Phone:-----
You: Yup - I'm flying to LA
Phone: ----
You: Of course I'm OK to fly
Phone: ----
You: No - the contagious period is probably over.
Phone:
You: Yes, really.
Phone:
You: No - I didn't get the OK from the doctor. But I feel fine.
Phone:
You: It's not anything like Ebola - stop being a drama queen.
Phone:
You: What medicine?
etc
I thought that the dream of the unicorn was his transition from replicant to human (along with his falling in love with Rachel). Pointing towards that humanity is an accumulation of experience and a result of interactions with others, rather than a given state for an organism.
But the fact that the movie can even provoke such a discussion is a sign of a classic.
Blade Runner - the plot was fairly straightforward.
Replicants (the bad guys) return to earth and they are hunted down by a cop (the good guy). Cop kills all the replicants, but falls for another one, and they do a runner.
The questions that the plot raised - what made the replicants not human? what makes humans human? Was the cop human or not? How do we know our memories are real? - are all pretty deep, complex, and ambigious. Add to that top quality acting from everyone, superb cinematography, good backstory (a dank, dreary, rainy world), a good script (once they ditched the noir voice-over), and all the little touches (like the photos on Deckard's piano, the owl and the snake) some memorable lines (which are not endlessly requoted by the office wit, keeping them freash) and you have a great movie.
I'm not seeing it.
They make money from their service - definitely true. This does not equate to make a profit.
They can control the infringement - definitely true. They offer this as part of a licencing deal so it is not just on a case to case basis - it is on a company-wide basis.
This means that they do not comply with clause B, and they cannot be a safe harbor under the DMCA.
The only wriggle room I can see is if they say "They cannot control the infringement as they have to work with a third party to do so". I don't think this will fly if they try and set conditions on this.
Should YouTube be forced to create a whole division just to deal with, not copyright infringement (remember they already do that), but tracking what's popular and searching for it on their site?
Well, I've finally got round to RTFA and, unsurprisingly, my argument is the same as Viacom's. The added bit, which I think makes it a slam-dunk, is this
YouTube has even offered to find infringing content for copyright owners -- but only if they do a licensing deal first.
If this is the case they are clearly in breach of clause B. They gain financial benefit from the service and they have the ability to control the infringment (not that it does not say eliminate - just control).
There are several people replying to my comment with words to the effect of "That can't possibly be true because if it was the effects would be devastating." Sorry - that is not how the law works. It looks, from the badly worded clause, that YouTube are liable.
Here is the clause
To fall within this safe harbor YouTube would have to claim that they fall within clause A(ii) - if they are genuinely not aware of facts or circumstances from which infringing activity is apparent, then they are the only ones on the planet. Perhaps firing up their own search engine and looking for "The Daily Show" may be a clue.
The (B) clause is a bit more subtle that has been made out - in the case of the free ISP they are likely to lack the ability to control such activity. The fact that you can still find violating videos on YouTube by using search terms like "The Daily Show" is a bit of a red flag that the controls (such as vetting any contentious terms before publication) which could be used are not being used.
Of course, it also eliminates DMCA protection for anyone who makes a profit
There is (probably) no DMCA protection if you make a profit - I say probably because that clause is particularly badly-worded. The point of that get out I think was if an ISP let server space to somebody who infringed copyright then provided that the ISP didn't make any money out of the fact of the infringement then they were in the clear (but they could make money in the normal course of business by renting the server space).
What YouTube are doing does seem to be in breach of this - they (and not a customer) are directly advertising on infringing pages. Their argument that "We're advertising, but we don't know what we're advertising on" doesn't seem to fall within the clause above. This makes them liable. I'm not convinced of their argument that they are genuinely ignorant either - enough stuff seems to get pulled at quickly for decency reasons makes this seem weak. But that probably doesn't matter.
Anything that requires physical access to the target computer is outside the realms of computer security.
No it isn't. Physical security of computer system is but one part of computer security. The aim of computer security is to protect the following three things: confidentiality, integrity, and availability. If somebody nicks your computer then you've just lost two of these. Why do you think that datacenters are mini-fortresses? It is to give physical security. Personel security isn't outside the scope either - how should you vet your staff? Should you enforce two man working?
It's not all just bytes on a wire.
It's not Applae's fault the the PC world decided to spite them by twisting USB into a system it was never designed to do.
a +fee/2100-1040_3-220209.html
Yeah - it's not like Apple tried to licence the firewire port at $1 a port or anything like that: http://news.com.com/Apple+licensing+FireWire+for+
Oh, wait...
Astaro Security Gateway
This is a firewall evaluated to EAL2 - are they completely insane? There are loads of EAL4 and EAL4+ firewalls that will give you much better protection than this. Not to mention a firewall running on a virtual machine - that is an extremely bad idea (I'm not sure if the product of the year is actually evaluated to EAL2 but the best they've got for any product seems to be that).
Intel SS4000-E - The SS4000-E is available as a barebones unit with no hard drives for $550 or fully loaded (2TB) for $2000
Huh - why not buy a fully stocked unit from Buffalo for $1250 - ah margin.
There are three parts to IT security - confidentiality, integrity, and availability. An IT security policy must balance these. Your solution sacrifices availability. Maybe in some situations it is worth it, but in others it won't be. You say data should be secure - what do you mean? If data is on a public web server you know it isn't confidential, but you definitely want the webserver to be up, and you certainly don't want anyone unauthorised to change it.
In your example (which boils down to two man working, essentially) you have increased the cost of support - is it worth paying? That depends - what are you relying on to enforce it (procedural or technical measures, a combination of these)? What are you protecting?
There is also the rather tricky problem of defining who the owner is. If you have a data area with multiple people accessing it how do you put in sensible processes to manage this, and to recover the data when Fred fubars the spreadsheet. How do you audit use of the data (and do you even bother)?
There are ways to cope with all of this, but a blanket "you lose your password, you lose your information (unless you put into action this very expensive process)" isn't a panacea.
Finally - you say "all data in business can be reproduced, at the cost of time and effort". The first part, generally, isn't true. The "cost time and effort" also is misleading - sure, there will be problems where pouring money at them will get you better answers, but the business can't afford it (and it wouldn't be the first business that went down because they had an inappropriate security policy). It's a paradox, I suppose - important data is the only sort you can't afford to recover, because if it wasn't important you wouldn't need to.
I simply feel that by the time you're talking about the "end users" of a computing environment, the users should come first.
Nope - the assurance of the system comes first. You've seen what happens when users are put first - see Microsoft security flaws ad nauseum. Then you allow the users as much freedom as you think they should be allowed. I know that sounds arrogant but its not really - every freedom you give users has to be counterbalanced by some other security measure. Too much freedom and you cannot secure the system to the required level, too little and your users are unproductive.
It shouldn't become a career getting paid to keep up with all the design flaws in commercial products and placing artificial restrictions on their use in an environment.
That really isn't what it is all about. Disaster recovery, business continuity, physical security (where should the server room be, how should you get access to it? Where do the users use the system? Who else has access?). Data link - private/VPN. How good encryption (if any) should you use for data at rest and on the wire? Confidentiality/Intergity/Availability (or CIA) - which of these are you trying to assure? Application security - both in development and deployment of COTS are a part of it, but only a small part.
For starters, I'm of the opinion that the user *must* come first - so maybe I'm fundamentally at odds with the basic premise of their work.
Yes, you are at odds with the basic premise. What comes first is the risk analysis. What are you trying to protect? What are the threats? Who are the agents attacking it? Are you trying to keep something confidential, or are you trying to preserve integrity, are you trying to keep availability of the system?
Then, when you know what you are trying to achieve, you can then design a system that achieves it. You obviously try to maximise usability within the constraints that you have identified, but you are not a slave to it. Lots of environments - not just government controlled have these requirements - medical computers, power generation, financial industry, building control systems and so on.
A "security expert" could surely come into 99.9% of households and implement hundreds of rules that would make the place more secure against break-ins and theft.
No - A security idiot would do this. There are lots of experts - usually your local police force - who will give good advice: deadlocks, windows locks, prickly plants below ground floor windows, that kind of thing. You could give a long list of rules, but any sensible security person would not. However, what you would be advised to do will be different in different cases: in high crime area you may be advised to get a better door if yours is weak. This comes down to the risk analysis mentioned.
With computing, at the end of the day, you *still* have to grant access to sensitive data/documents to certain people
Yes - the skill is making sure that you are granting the right access to the right people, and you know when they accessed it, or changed it, or printed it: Authentication, Authorisation, Auditing - one of the trinities of security. How well you need to know depends on, you guessed, your risk analysis.
Is there any -- ANY -- doubt in your mind that Shatner was completely and fully Captain Kirk?
Spock - Logical Alien
McCoy - Emotional Physician
Scotty - Engineering Miracle Worker
Kirk - William Shatner
With Kirk you think of the actor, with the others you think of the character. That's why Shatner is a bad actor.
The quote is also a link, that goes to a page, that does not have the quote on it. To correct the stunningly wrong submission is not elitist any more than tidying up garbage is elitist.
Wikipedia is trying hard for quality, hence the importance of copy editors - those quick edit users who do a lot of banging articles into shape.
Depends what you mean by quality - grammatically correct and logically ordered is one thing. Actual content - possibly in rough and ready form - is another.
What JW is (apparently) arguing is that what he considers the contributions to wikipedia is best measured by "edits", and that by this metric there is a hardcore of 500 users that do most of the work.
What the article argues is that the a better measure of of contribution to wiki is raw material, and that far from 500 people doing it, it is actually orders of magnitude more than this.
My opinion is that anyone treating all edits are equal and using that to derive a metric for measuring user contributions to the site is using a seriously flawed method. Selling the output of this method as "The Truth about who Created Wikipeida (or the Tale of the Noble 500") is just trying to invent history to fit their preconceived notions.
"the claim that tires are usually found on cars should be obvious to most people".
Hmm - obvious but wrong. The number of bicycles in the world is more than double the number of cars so tires are usually found on bicycles. The number of tires not on cars is much greater than the number of tires on cars.
I know it seems a pedantic point, but it's not when it is a context of an encyclopedia.
While "Institute of Certified E-Commerce Consultants" has a nice ring to it, it's a little ambiguous.
The submitter has put in the wrong website - The CEH site is at http://www.eccouncil.org/CEH.htm
It is a penetration testing certification for people who can't do penetration testing.
I bought Windows XP, and I have notepad.exe and I cracked it to make it display the cursor line number [nikse.dk].
While cool, it's a bit pointless as described. From the link
To edit my code i like to use Note-pad. But one disadventage of Notepad is that it doesn't show linenumbers. So when the compiler gives an error with linenumber, i have to load another editor to find the line with the error.
Obviously he wasn't aware that (ctrl)+g brings up a dialog box where you can enter the line number that you want to go to.
Nobody, except HR, really cares about the attachments - people will find a way to waste time if that is their inclination.
But you still couldn't allow any other e-mail client (regardless of how restricted it was, although that then opens another can of worms about how you can demonstrate compliance with whatever standard you had on all devices attached to your network). You want to make sure that nobody can e-mail out any information that isn't recorded by your corporate systems (or information in, for that matter).
Not all requirements are this strict, but I can't see a niche for a "locked-down client for personal use."