Slashdot Mirror


User: _Sprocket_

_Sprocket_'s activity in the archive.

Stories
0
Comments
5,182
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,182

  1. Share the Cookie on Lego Mindstorms DJ · · Score: 3
    So what is the cookie they MUST have?

    .lego.com TRUE / FALSE 1919535331 SITESERVER GUID=34d4da85c2fb830daf6ff0ea7d1d7bbc

    Feel free to add that to your, and your friend's, cookie.txt file. :)

  2. Risk and the Blame Game on Secrets & Lies: Digital Security In A Networked World · · Score: 5
    The day you walk into the Big New Project meeting and say "We can't deliver this on time because we need to do a security audit" is the day security gets ignored once more.

    And the real motto? It's tough to be on the technical end, because even if your advice is ignored, you can bet your head is on the line for the mistakes.

    I work at one of the few big corporations that really seem to "get" information security. Granted, it took some major security incidents to bring about this change in mindset - but its happened. Today, the security department has teeth. Do we butt up against production schedules? Constantly. Do we take some flak for it? Sure. You've got to have a thick skin.

    Of course, it takes more than a thick skin to deal with this environment. You're diametrically opposing developers - you want things secure, they want things to work (the inverse relationship of functionality vs. security). The trap here is becoming this big obstical that developers have to figure a way around to get "real work" done. We avoid that.

    In our environment, information security advises on projects. When we note an insecurity, we bring it to the developer's attention and help figure out more secure alternatives. If the developer wishes to push an insecure solution, they need to get management to assume the risk presented.

    This process does a few amazing things. The first thing is it makes security a part of everyone's interest - not just the information security department. The developer has to honestly look at the situation and create a strong enough business case to justify the risk to the manager assuming that risk. The management (in CYA mode) is going to look at this business case very closely before accepting it. If the risk is justified, it gets accepted. If not, the developer is forced to seek out a more secure method and security isn't the Bad Guy impeding progress.

    The only caveat to this is the company's culture. Accountability and a reasonable understanding of a risk's scope is required. Some insecure, but acceptable, decissions will pass (read: risk management). Its crucial that information security's recommendations are well laid out, understood, and valued by management. Alas, that's not always the case.

  3. Re:Social Engineering on Secrets & Lies: Digital Security In A Networked World · · Score: 2
    Covered on pages 266 - 269 under the chapter "The Human Factor". From the beginning of the chapter:
    People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.
    Bruce Schneier offers a fairly comprehensive look at information security today.
  4. Analogy Error on Sun Finds & Exploits Hole in the GPL *Update* · · Score: 5
    This is the napster to kernel drivers, the Xerox machine to books. Remember, it's not Napster's problem that users violate copyright with the service. Nor is it Xerox's probolem that people photocopy copyrighted works on machines.
    Napster doesn't come packages with a Metallica MP3 file to demonstrate how to distribute MP3s. Xerox machines don't include a photocopied Webster's dictionary so the purchaser can see how to duplicate a book.

    Sure, if SUN was just providing the (what appears to be) compiler then there would be no issue. If they included the source code to the GPL code they ship as example binaries, there would be no issue. In that case it would be simular to Napster distrubuting an MP3 with permission of the artist or Xerox buying dictionaries to include with their photocopier.

  5. Re:Odd reasoning, that on Michigan "Anti-Hacker" Law's First Felony Charges · · Score: 4
    Granholm's contention that regardless of damage, hacking should (and will) be considered a felony is a bit odd, considering that she then compares it to vandalism, which definitely does depend on the amount of damage involved.
    That really stuck out to me too. To quote:
    Granholm added: "In the future, any hacking, regardless of the amount of financial damage it causes, will be a felony. A vandal is a vandal whether you are a virtual vandal putting graffiti on a web site or a real world vandal putting graffiti on a wall. Both are illegal. And using a computer to break into a company from the comfort of your living room is just as illegal as using a hammer to break down that company's front door. Because the Internet makes the crime easier doesn't mean that it makes it right. These are the first hacking charges in this state; you can bet that they won't be the last."
    So then the question becomes - when does vandalism constitute a felony (and I expect there IS a point that it does)? If vanalism in the physical world does not constitute an immediate felony charge, why should it in digital form? Once again, we have existing laws that can easily apply without writing up a new mess of digital laws.

    Granted, that doesn't allow for the political "get tough" and Internet buzzphrase newsbites.

  6. Good Call. on US Government Computer Security Evaluated · · Score: 2
    the general consensus from them seems to be this: most of the good, talented technology people (security, programming, etc.) bail of military/gov't service because of the lousey pay (as compared to the commercial world), poor working conditions, and mis-management. As near as I can tell from talking to these people, the gov't wants security and quality without spending the needed amounts of money and (perhaps more importantly) energy on it.
    I'd call that a fair assessment. I'd caution that there is still a fair amount of talented individuals in Gov't service - mainly because they believe in the mission of their appropriate department. But even these dedicated workers may not be allowed to improve the situation.

    My case...

    The leader of my department's HQ info security team once commented to my center's Asst. Director of IT "You have a lot of really good people working here... too bad none of them work for you." It was a stunning statement - and painfully true. IT is largely farmed out to contracts across the center. If you want an IT job at the center, most likely you'll be a contractor.

    While this brings up questions of trust and conflicts of interest, it also creates a bigger problem - budget. Contracts are awarded to the lowest bidder; even if that bid is ridiculously low. The contract I worked for was reasonably sane, but still very tight. The fact that the company counted on a thrift bonus each quarter only increased the challenge. This lead to bare minimal staffing; more work for fewer workers. We had to be very careful to ensure that we only spent time on things we were going to be credited for. Do what you are paid to do - nothing more. And we weren't paid to do info security.

    I, and a few coworkers, had an interesting exception. We were considered an important part of the info security community at the center and were included by the department. The contract made allowances for this since it brought good visibility. But we still had our "real" jobs to do. More work.

    So while the center was becoming very clueful about infosec, it was not funding it. There had been some talks about improving this situation, but last I heard the talks had taken took a bad turn. When it came to budgets, security had a hard time making the cut.

    The lure of decent pay, and small perks such as a training budget proved too much for me. I left my gov't job for private enterprise. And so did one of my co-workers (actually, the department has taken huge hits as IT workers have left in droves after dealing with worse contracts than mine - I often wonder how they're keeping things going). In fact, my new corporate team has recently recruited talent from a wide sampling of US Gov't organizations.

    That alone is probably pretty telling.

  7. Mutt and MIMEs on GPG vs. PGP? · · Score: 3
    IMO, though, if you want a really good MUA with great GPG support, mutt is the way to go.
    A year or so ago, I had tried Mutt. I liked the client and was glad to see a MUA with PGP (and GPG) support built in. But in the end, I had to drop it. The insistance on using the PGP MIME format hurt interoperability with my Windows PGP-using coworkers. I suspect it had something to do with Outlook's handling of MIME types.

    Now, I can appreciate the desire to do things Right. And I applaud the developer's dedication to a standar that, apparently, he was involved in creating. But by forcing this format, it made Mutt incompatible with my environment. Mutt went. I was sad to see it go.

    Maybe I was missing a finer point in configuration? Or does the newer Mutt releases allow ditching the PGP/MIME format? Or perhapse Mutt's primary users tend to not communicate with Windows users. :)

    Any insight is apprecated.

  8. Pine Integration on GPG vs. PGP? · · Score: 3
    I've been using PGP with Pine for awhile now via various filters. My current favorite is pgpenvelope. It offers a nice interface with some powerfull features when properly installed and used with the suggested filter and procmail configuration.

    GPG plays nice with email to/from my coworkers who are mostly PGP for Windows users (using everything from Eudora to Outlook). And I've been able to use my old keys generated via PGP 5.x (on a Windows box).

    GPG, pgpenvelope, and Pine make an excellent combination.

  9. Protecting Revenue on FCC to Rule on Request to Limit Recording From TV · · Score: 2
    What a relief. A valuable service to the public has been threatened too long. This new enhancement will protect it.

    The service? Why, free broadcast programming. Commercials subsidize the cost of quality television programming. But this valuable service is threatened by "time shifting" devices such as VCRs.

    Time slots are an imperitive part of the commercial television method. Prime time advertisement rates are based on the limited time periods when a majority of viewers will be available to view and advertisement. Its the rates that these prime time slots attract from advertisers that help fund the better quality shows. Remove these prime time slots and you damage the funding model.

    But that's only the beginning. New electronic VCR devices such Tivo take this threat one level further. These devices not only threaten to shift prime time slots, but it also allows complete removal of commercials. Complete destruction of the revenue model that supports your favorite programs.

    We know you'd hate to loose your favorite shows. We would hate to be forced to stop showing them. That is why we are taking steps to enable viewing enhancements that prevent unauthorized copying of our Intelectual Property and destruction of our revenue.

    At least, this will be their explanation when your new VCR is unable to record anything that's not on PBS.

  10. Naming Fun on Linux Drivers For Free Barcode Scanner Cease-And-D... · · Score: 2
    Law firm: So you want to sue flying butt monkeys?
    DC: Yup.
    Law firm: Riiiight...
    Note to self:
    If planning to do any progect that may involve upsetting goverment or corporate entities, be sure to host the progect on an odd domain name. At least then while you're dealing with legal hassles, you can still chuckle at pompous beurocrats intoning things like "flying butt monkies".
  11. Microsoft offers proof on Slashback: Titanium, Art, Israel · · Score: 2
    Well, in my book, extraordinary claims require extraordinary proof. And to claim that Linux has any sort of desktop market share is most definitely an extraordinary claim. Note the work 'desktop' not 'server', please.

    So where's the proof?

    Microsoft is porting applications to Linux. Applications key to Windows as a desktop OS - Microsoft Media Player and Internet Explorer. MS Office. Extraordinary, indeed!

    I am a bit cautious to sing praises of "Linux has arrived on the desktop". Its my primary desktop (and laptop) OS... but I'll readily admit that I'm not the average user. But having said all that... something strange is afoot.

    Companies that previously distanced themselves from Linux embrace it. Even harsh critics have began to adopt it. Sure... this has been all the talk for servers in the past. But now we're hearing about laptops coming factory installed with Linux (hardly server hardware). Even stranger is other Unix vendors adopting a desktop environment that's synonymous with the Linux desktop - Gnome.

    So what are the numbers? If that's all you're interested in, you're missing something. There's something odd happening right now. And its got nothing to do with current marketshare.

  12. Strong Authentication on Slashback: Cats, Snaps, Pixels, Diagrams · · Score: 2
    Instead of typing the password on the keyboard, you place the cat scan on the table and then run by a credit card size card to which you print random UPC with your printer.
    One of the principles of strong authentication goes something like this (I'm a bit fuzzy on it):

    Authentication should be based on 2 of the 3 following concepts:

    • Something you know (passphrase, pin, etc.)
    • Something you have (key, smartcard, etc.)
    • Something you are (biometrics - fingerprint, retna, etc.)
    Examples of this would be your SSH keypair / passphrase or a smartcard reader that also does a thumbprint scan.

    Having said that, one could do something like a barcode as a poor man's smart card. A user would scan and then enter a PIN. The trouble is, unlike a smart card, the barcode is likely to represent a very simple key. And it would be fairly easy to copy.

    A fun idea... but not very practical.

  13. Nice Apples, but lookie those oranges! on Battlebots Starting On Comedy Central Tonight · · Score: 2
    As I said elsewhere, I watched, and didn't get the overwhelming urge to compete that Junkyard Wars/Scrapheap Challenge left me with.
    I have to agree - Scrapheap definately presents THE show for on-the-fly engineering. It is simply amazing that by the end of the show, teams are able to present a device that actually DOES the challenge task. Even more amazing when both teams produce entries that compete. As an aside, I saw you guy's video entry - how a sewing machine works. Really cool. Good luck!

    Of course, the combative robot arena shows and Junkyard Wars are completely different formats. Apples and Oranges. Some will prefer one or the other. Me... I'd like a fruit salad of Robot Wars, Battlebots, with maybe Junkyard Wars / Scrapheap Challenge to space the two apart. Mmmmm.

  14. Re:This Viewer's Reaction on Battlebots Starting On Comedy Central Tonight · · Score: 2
    Having it simply be robot vs robot without hype or backstories would limit it to just techies. Like it or not, most people need a to latch on to a personality to stay interested.
    I certainly have no problems with backstories. I like the staff to point out strengths and weaknesses of the bots. I want the drivers / builders / designers (assuming they're not all the same person) interviewed. I want to know what their strategies were (sometimes this isn't entirely apparent when the best laid plans fail on the arena floor). I want the driver to comment when things went right or wrong. The bots are cool - the people behind them complete the story.

    Mindless banter, cheap jokes, "oh gosh aren't I dizzy" physical talent, and other gimics don't add value to this show.

    I can appreciate the producer's concern towards appealing to a larger audience than robot-loving geeks. And I'm more than happy to hear an announcer wax poetic about wanton mechanical destruction and the glee of flying debris. But many sports that fuse the human factor with mechanics and technology (various forms of motor racing come to mind) manage to capture an audience without taking notes from the WWF.

    Of course, I'm being fairly critical without giving the show a chance to prove it isn't all gimick - that it manages to strike an effective balance between "personality" and main event. I hope they manage it. I fear they won't.

  15. This Viewer's Reaction on Battlebots Starting On Comedy Central Tonight · · Score: 2
    I caught the primer episode tonight and have come away with a generally positive reaction - with some caution. The trouble is, its hard to decide on first glance. Battlebots has a good basis, but I'm concerned with some of the personalities that are bundled with the show. But then, this could all be a matter of editing. Future episodes will decide.

    The Good - environment.

    Battlebots has the right environment. Simple and elegant.

    While the backdrop isn't nearly as impressive as the set of Robot Wars (heck - the title animation is amateurish compared to Robot War's but I digress...), it provides a function that limited Robot Wars. Safety. The enclosed arena of Battlebots seems to allow much more powerful robots and weapons systems without endangering spectators. This should pay off with some amazing action. Tonight's match between Backlash and Disposable Hero demonstrated the possibilities - parts flew through the air as Backlash dismantled DH.

    The Battlebots arena is also all about the contestant bots. Two bots pitting engineering, design, and driving skill against their respective opponent. No well funded house bots. No obstacle course. Battlebots is not Robot Wars (though I think both formats are great). Battlebots DOES have a nice layout of hazards such as retractable floor saws, spikes, and ramps to keep the action going and provide another way for a robot to dispatch its opponent and rack up points.

    The Bad - personalities.

    I'm worried about Battlebot's human personalities. There's a whole team of on-screen personalities running around the show - I'm almost worried we won't have enough time in each episode to watch the bots.

    We have the announcers - neccisary, but with too much NFL for my taste. Of course, it could have been worse. They could throw in a heaping measure of WWF. I don't want hyperbole and hype here - tell me whats going on and some interesting facts about the bots and get out of the way.

    We have the female... talent. The physical draw. Her claim to a personality slot? She's a Baywatch babe. And in the short clips she's busy dropping innuendo and playing the ditz. Robot Wars had a cutie to walk the pits... but I tend to remember her as keeping her wits about her.

    Bill Nye also looks to be roaming the pits with a penchant for techno speak. I hope he has something good to say - an eye for the engineering challenges the bot designers face and overcome. As one of the designers just stared at Bill blankly, I began to fear Bill Nye, Science Guy is there to fill dead air with techno babble. That would be a shame.

    The Brothers did a bit involving interviewing the public with a "bot on the street". I hope they bring something interesting to the show. The fear here is that they'll fill up space with cheesy banter while we patiently wait for what we came to see - bots.

    The Ugly - Production

    The whole show, of course, hinges on the production and editing. I can almost hear the whispers in the Producer's ears: "Its metallic WWF!" Resist the Dark Side. Battlebots doesn't need to layer on hype. It doesn't need gimmicks. It has plenty of material in the robot battle, the design and engineering of the bots, and finally the individuals who've designed and drive their mechanized agents of mayhem. And there will be plenty of debris.

    Will I watch the show? Definitely. What they've done with the material they have will decide how long I continue to do so.

  16. New Artists - They're here! on Sony VP On Stopping Napster · · Score: 2
    Not to worry, a quick search on mp3.com turned them up.
    I'm a bit skeptical of the origional poster's claim that "a surprisingly large portion of Napster traffic is that of unsigned artists/artists who have explicitly allowed their material to be traded." It seems a bit hard to quantify. Nevertheless, there IS some evidence to suggest truth to the statement.

    I've searched for artists on napster that I first heard of on mp3.com. And I've found them on occasion. These authorized releases ARE available through Napster.

    What Napster seems to be missing is a method of promoting these artists. Sure... they have links on their web page. That's hardly origional. It doesn't make use of the Napster client's function. It would seem Napster should have an ability for the Napster user community to support and promote their favorite finds. Of course, I'm not a big Napster user so I might be missing an aspect of "community" more savvy Napster users are a part of.

    Of course, that's neither here nor there. The question is can Napster be used for legal purposes? Yes. And it is doing that today.

  17. Re:I'm not officially confused. ;) on AOL Sued for Creating Gnutella · · Score: 2
    Counter-suing (or suing a third party) is SOP in these sorts of disputes.
    Indeed!

    For some reason, this brings forth an odd image of lawyers in a Hong Kong martial arts movie. It's all legal kung-fu.

    The RIAA has thrown the first legal punch at mp3board.com. The energy from that hit needs to be disapated somehow and mp3board.com doesn't have a way to strike back at the RIAA. But there's an available conduit - Time Warner, one of the major RIAA members. Time Warner is AOL. AOL is also Nullsoft. Nullsoft made Gnutella. Go after Gnutella, therefore Nullsoft, therefore AOL, therefore Time Warner, finally striking the RIAA.

    I'm not sure how practical all this is. But it does make for some amusing coreography.

  18. New(s) Vulnerability on Default Behavior: Piranha vs. Microsoft SQL Server · · Score: 2
    Is it *REALLY* Microsofts fault, and should they *REALLY* call this a vulnerability, when the admin KNOWINGLY leaves a system account with a blank password exposed to the Internet in all its glory?
    I don't think we're directly concerned about who's "fault" this is. Sure - it'll be used in the constant propoganda battle various corporate marketing departments rage. But that's not our focus. What we're concerened with is the press' reporting of the vulnerability.

    Wait. Is it a vulnerability? Certainly. If we can believe this is the exploit Herbless is using, a cursory look at the attrition.org archive will show a handfull of gov't and commercial site defacements accredited to him and presume its involving this default password issue. Web sites are being defaced. Whether it is trivial or not, its still a vulnerability.

    So how trivial is this? DO sysadmins knowingly put out boxes with default passwords belonging to highly priviliged accounts? Common sense would suggest the admins wouldn't leave "the biggest door to [their] house" open. Trivial? Perhapse. Obvious... apparently not.

    So we have a fairly serious situation, one many admins are apparently unaware of, affecting a large number of sites. Isn't that newsworthy?

    Perhapse its not affecting THAT many sites. Of course, the fact that the pirahna case didn't involve actual defacements seems to argue against that being a pre-requisite of newsworthiness.

    Perhapse Microsoft owns the press and vetos this kind of coverage. Sure... some of the sources mentioned might be more than friendly towards Microsoft. But not all of them. Besides, bashing Microsoft is trendy in some circles. I'm sure at least a few would have jumped on the chance to show that they're hip.

    Maybe news of Microsoft vulnerabilities just isn't interesting anymore? PHBs are trying to wrap their brains around this whole Open Source jugernaught that just materialized in front of them. Since Red Hat is one of the more tangible phantoms, its a given that there will be a readership interested in material that deals with Open Source development and Red Hat. Will Red Hat vulerability news sell? No brainer.

    Of course, this all goes far beyond the cares of your average admin. All exploits are trivial once they're known and a patch / configuration is available. Its just a matter of knowing the vulnerability is there and doing something about it. Any admin can do it. Simple. Trivial.

    How are a majority of sites taken? Trivial exploits known for months if not years by the general community. The challenge developers have, closed or open source, is limiting the exploits available "out of the box".

  19. Why kill VPN? on @Home Stops Allowing VPNs · · Score: 2
    So we've established that a VPN isn't NAT. It isn't a home network. Its an encrypted connection often used by telecommuters. So why ban it?

    Quick. Lets get out our conspiracy hats. Its either money or power. Corporate greed or government subversion of our privacy. Which could it be?

    rc-flyer was nice enough to call up the Comcast folks and get clarification. Encryption for consumer use such as shopping and banking? OK. Telecommuters? No way.

    Aha. While it might be more exciting to strain for the sounds of black helicopters and carnivorous black boxes, greed wins out. A look at the @Work site gushus:

    End-To-End Security
    @Work Remote eliminates the risks associated with sending critical information over the Internet by providing the privacy of a secured data network via encrypted "tunnels." In addition, our 5Gbps fiber-optic IP network is continuously monitored by the @Work Network Operations Center, and managed at the most secure level possible using a combination of cryptographic techniques, packet filters, passwords, and secure configurations. @Work provides subscriber PC security options for remote users, as well as gateway security for the corporate connection.
    It would seem that telecommuters are finding it easy to do their own "@Work" solution and aren't interested in the undoubtfully higher price tag of @Work over @Home service.
  20. The Box on Fred Moody Says Linux Worst Operating System Ever · · Score: 2
    Yes, but is it really bug if it can't actually be hit with a program? I'm sure there are latent bugs in (say) Windows NT 4.0 which nobody has ever hit, so should those count towards the bug list? They certainly are not very severe.
    We're fast approuching the old debate over security through obscurity. If a bug exists but nobody knows how to exploit it, is it still a threat? Can you actually say its not very severe?

    Let's jump in to an analogy...

    You have a black box. Several times during the previous year, people have walked up to other black boxes with a remote control and managed to detonate a bomb inside the box. Are you safe sitting on your box?

    You can't open your black box to see if there's a bomb in it. In fact, people finding bombs before were forced to have their remote control scan frequencies until they found the right combination to set it off. Not all black boxes explode so its unknown if they all have bombs. Yours might not. Or it might. Are you safe?

    There's another vendor out there who makes red boxes. You can open those, but searching them for bombs is a complex process. But there are those who, for various acedemic and personal reasons, search red boxes and then publish their findings (often including instructions on how to immediately remove the bomb). More bombs are being found in the red boxes. Does that mean the red boxes are more dangerous than the black ones?

    Sure... we'd all like boxes without bombs. But either way, red or black, you're liable to end up sitting on a bomb. The question you have to ask is do you feel safer having people opening boxes and publishing information on the bombs they find (and having to quickly remove it before some idiot runs up with a new remote) or are you happier sitting on a sealed box with the knowledge that there MAY be a bomb in there, but nobody's been able to set it off yet if there is one.

  21. VA Linux effect on Fred Moody Says Linux Worst Operating System Ever · · Score: 1
    Of course, we can't rely on Slashdot to show editorial independence when it is owned by a leading vendor of Linux systems (VA Linux). If you want unbiased reporting, go elsewhere because Slashdot continues to repeat the tired old "Linux rules, Microsoft sucks" mantra ad infinitum.
    Yep. Slashdot has really gone downhill since VA Linux got ahold of them. Man... I remember the days when Slashdot didn't express the editor's viewpoints, bash Microsoft, or rave about Linux. It all changed when VA Linux came in to the picutre.

    Oh. Wait. No it didn't.

    Slashdot has always reflected the views of those who run it. Corporate ownership hasn't changed that.

    What has changed is the readership of Slashdot. More and more, we see uninformed opinions being tossed around the comments to articles. When such an opinion is supposedly against Slashdot, its immediately self-promoted as martyrdom in action. Don't break your arm trying to pat yourself on the back.

    The only sad aside to this whole rant is the fact that the same misguided viewpoints that lead to uninformed posts also drive the moderation process. Moderation occasionally gets used to bury misguided or uninformed posts when discussion would handle the situation so much better. Heck... some of the discussions spawned by an ignorant post are worth the moderation points themselves!

    Sure, there's always the troll or other noise to clean up with a negative moderation. But still, discussion would be so much better if moderators did actually concentrate on using points positively and allow opinion to be worked out by posting. We'd have less martyrs and more good information; VA Linux or not.

  22. Prevention and Prosecution on Paper: "Cybercrimes: A Practical Approach..." · · Score: 3
    When threatened in unknown territory, people tend to cling to the things they do know - even if that leads to their eventual downfall. Information security is a prime field to observe this in action.

    When I was a contractor for a major US Government organization, I used to attend monthly security meetings. These meetings were open to contractors as well as Civil Servants - attendies included a select few who's job was security, a handfull of admins interested in security, and a larger number of those less technically oriented but tasked to "do something" about the environments they were responsible for.

    Common patterns formed each meeting.

    In one example, one of the people in charge would bring up an incident or vulnerability they were concerned with. The techies would pipe in with comments and occasionally hijack the meeting with a discussion. The non-techies (mostly management) would stare at the whole proceeding with glazed eyes and confusion. Occasionally they would wince at what the technies were suggesting should be done or scoff at the costs and lack of funding for such activities.

    Other times, our special guest from the local federal investigative function would begin to talk about prosecution. Comments and discussion would soon follow... but no longer did the techies have control of the meeting. It was the non-technical management corp that lit up with enthusiasm.

    Technical issues are hard for the non-technical to grasp. In many organizations, it isn't the technically adept who are responsible and pressured to "do something". Faced with this ultimatum, its much easier to jump in to the physical world of prosecution than the archane technical issues involved.

    The sad part of this experience is that if the same amount of enthusiasm, man hours, and funding went to solving the technical issues of information security... much of the prosecution wouldn't be neccissary. The environment would have been secure enough to avoid most incidents.

  23. Re:Isn't this illegal in some states? on ABC Ads Target Answering Machines? · · Score: 3
    I guess they'd better bring me in on charges.. I've been hanging up on solicitors for the past 3 years without saying a word...
    You call up solicitors? Wow. I get enough of them bothering me without initiating contact on my own.
  24. The Effect of Leadership on The Myth Of The Borg · · Score: 3
    However, successful large organizations share a characteristic which can be rather disturbing to us more individual-minded types: they have a culture, which dictates to a large degree how their members behave, even in the absence of orders from above.
    When I was in the US military, I saw the effects of leadership. Shop Chiefs affected the working environment and productivity of their shops. Squadron Commanders affected the interaction of those shops and the culture of the Squadron. Base Commanders affected the quality of life and feel of an entire base community - from military members to their civilian families.

    I thought perhapse this was a reflection of military life (so much of military life is completely foreign to the civilian sector). I was wrong. When I found myself as a contractor for a large US Government agency, I could begin to trace how the environment was affected by various leaders that made up its leadership. Right up to the highest levels.

    Perhapse its a reflection of Government beucracy? Not so. I'm now in the corporate sector working for one of the most successfull US corporations in its industry. Its culture is amazing - and it is a direct reflection of the man in charge. The company's corporate culture is key and is actively tended by its leadership.

    An organization is reflection of the personality and attitude of its leadership. It doesn't matter what sector of society that organization is a part of. Sure, its not exactly "Borg mentality". But as alienmole points out - its not random.

  25. For their own good... on Web Standards Project Blasts Netscape · · Score: 2
    AOL really is trying to use the Microsoft strategy by distributing applications such as Winamp, Netscape (Mozilla), AOL Instant Messenger, and ICQ with their popular Internet connection software. I guess I just find it funny that someone from a community advocating open standards and free software (as in speech,) is suggesting that the tactics that AOL will use will benefit the community.
    You're pointing to "Microsoft tactics"... yet, you're only half right, I think. Let's take a look at the applications mentioned.

    Winamp. What data format does it use? MP3. An open standard (more or less).

    Netscape/Mozilla. Data formats and protocols used? Based on open standards.

    AIM and ICQ. Protocols used? Proprietary. Oops. But the protocols are either documented, commonly reverse engineered, or a backdoor to the service has been provided. And AOL has been shamed in to agreeing to an "open standard" messaging protocol. We'll see if this improves.

    So sure... AOL is pushing its brand out there. But, unlike much of Microsoft's offerings, AOL is ultimately backing open standards. And creating a default customer base who wants open standards helps the community.

    Now does Joe User really know what these open standards are? Most likely not. Too technical. Joe User just wants things to work. Of course, unknown to Joe User, open standards helps make sure things work. Everywhere.

    And things will continue to work whether they stay with AOL's offerings or not.

    And there's where AOL's new strategy suddenly stands apart from Microsoft's.