...no problem, Citizen. You may go. If you can't, you're probably guilty and all your shit are belong to us. Oh, and if you look Mexican, or Muslim, you probably shouldn't be here in the first place, terrorist, so your proof is probably not going to count for much.
It isn't a myth, people just didn't read their Adam Smith and they have no idea what it means.
You're absolutely right. Just like every Marxist, Marxist-Leninist, Maoist, Fascist, Techocrat (the political party), Islamic State warrior, Spanish Inquisitor, etc. is right. If everybody would read the book and follow the rules then the outcome would be perfect. The problem is the people who are too stupid or foolish to obey the rules who screw if up for everyone. If we could only remove them and their influence then the ends would justify the means...
First of all, kudos to GP, who is one of the very few here on/. who understand what Smith envisioned. All those who've been drinking the "government is bad" koolaid since the Reagan years are in the "too stupid or foolish to obey the rules" group. Yes, all of them.
Well, if you burn USA flags . . . while waving Mexican flags at an anti-Trump protest . . . I don't think you are doing anything to help Hillary or Bernie.
Totally the opposite . . . this just pours oil on the fire and fans the flames of Trump xenophobia.
Agreed. I totally do not understand the thinking of someone who comes to the U.S. and then waves the flag of the shit nation they just left. I do, however, understand the anger at Trump on the part of hard-working Mexican-Americans. The key point here is that it was Trump who laid the fire and struck the first match. Who poured how much gasoline on it is beside the point. He is basking in the glow as the fire grows higher. How the fuck is that good for this country?
Except crony capitalism is rampant, and so it is not a truly free market.
Never was. The so-called free-market is a myth. Always was. Even the guy who coined the phrase made it plain that without regulatory influence, such a thing would never be possible.
RNC didn't want to advertise there anyway. They're low energy. Losers.
...and probably Mexican. They're Mexican, aren't they? Or Muslim?
In all seriousness, I am enjoying the shit out of watching the clown car that was the republican field, now that Trump is behind the wheel with his foot mashing that gas pedal. The wreck is going to be of historic proportions.
I think money was better spend learning how to properly configure you corporate systems and actually learn how to make secure applications...
Erm..., no. The very notion that such a thing is possible is flawed, evidenced by the fact that we are having this discussion. Granted, there's a lot of room for improvement and not fixing (let alone releasing) software with known exploits is inexcusable, but the reality is that there is no substitute for vigilance.
Can someone please help me understand what's so different about what this guy is proposing, vs common practices which already exists?
Not a damned thing different, though it might be argued that "common practices" and "best practices" are two very different things. What TFA is actually suggesting is little more than the best practice of paying attention to what's going on in your environment, as opposed to throwing up defenses and expecting them to stop all attacks. That takes effort, proper tools, and expertise. The mix of those three can vary, but the bottom line is that it costs money to be vigilant and that is not something that our industry has been inclined spend much on, with predictable results. In each of the high-profile breaches over the last year or two, the attackers where active inside the target's defenses for months, with nobody noticing. The signs were there, but nobody was looking, and that is (I hope) what the author of TFA was trying to get to - you have to actively hunt for the attacker.
His philanthropy may even be what is irritating them, who knows?
Probably more than a little truth to that. The Gates Foundation gives a lot of money to immunization programs, IIRC, and we all know that preventing polio is just another front for dirty Jews trying sterilize young Mu'min. Right?
Non-progressive societies don't encourage girls to do things like science and math in the first place, they expect them to adopt 'traditional female roles'.
Should do a comparative study of marriage stability as well!
Perhaps women from such progressive cultures make terrible mothers and wives, perhaps men from such progressive cultures make terrible husbands and fathers...
So... your definition of "stable" is a marriage where the female partner is little more than property and could not leave an oppressive, often violent relationship even if she tried. Have I got that right? Do you really, even remotely, believe such a naive bullshit notion such as that?
How long has OpenSSL been open source and had major vulnerabilities before they were found?
A pretty long time. What is your point? Surely you are not arguing that those flaws would have been found sooner if it had been closed source. That would just be stupid.
That's all it will take to make up that minimum wage bump. Yes, I am serious. Do the fucking math. How about you do that instead of eliminating jobs and pocketing the savings?
Obviously I meant inside and I've never written down a password in my life since not all of us are idiots?
Also, I don't really understand why everyone even secures their wifi. I leave guest mode open. You can use my bandwidth and my devices are fairly secured against attack already.
Two questions. 1) May have your address please? I have spam campaign I'd like to launch an since you're so generous with your Internet access...
2) Who would like to pick the over/under date for when this trusting soul has his "fairly secured" shit pwned?
Dude. We are well past the point in time where your behavior moved from "generous" to irresponsible. Lock down your fucking WLAN.
...if the government's true constituency, those that paid to get their people into office and their agenda carried forward through legislature and regulation, see profit in the move. If they do, you can bank on it happening. Sadly, that equation has little to do with "The People".
Normally, I'd say, yes, punish those responsible for lax security.
But, I'm a security geek. I can't count the times where security measures proposed got shot down by manglement, even the ones that were near-zero cost. Or when senior managers and corporate officers demanded admin/root access.
Because, the people who implemented will get punished, while the people who tied their hands will walk unharmed (and likely get bonuses. . . )
Punish those responsible for lax security. It's not that hard to figure it out, especially if the implementers or other subordinates take the time to create the paper trail that will point to the decision maker who failed to take recommended action. Yes, that opens up a whole can of worms but accountability has to start somewhere, and that somewhere is the boardroom. I can see a day in the not to distant future when regulated (SOX, HIPAA, etc.) organizations require such documentation, e.g. some decision maker's signature on a document authorizing or rejecting a security related change. I don't look forward to that day, but I can clearly see the need.
Why can't we use bulletproof and Windows in the same sentence? According to the report it was the AV scanner that caused the application to crash. The PC was then required to be rebooted for the application to start working correctly. Arguably the client software is at fault for not being able to recover from a situation where "communications" get lost.
It is not reasonable to single out the OS, the AV software, or the application. The three were combined, along with some specialized hardware as a system with an arguably life-or-death role in the OR. This was a bad choice, for all the reasons previously stated. If you're going to place the system in a role as critical as heart surgery, far more serious attention should have been paid to it's availability and reliability. Yes, the AV scan disrupted things, the OS had no way to know that the application software is as important as it was, the application software failed spectacularly when the expected resources weren't available, etc. The big fail was the decision to place a patient's life in the hands of that rickety and untested system.
These are the people who spend over $9,000 for an audio cable because it makes "warmer sound", or better yet, audiophile SATA cables.
I don't do stupid shit like that, but I did spend several hundred dollars building my own SET tube amplifier. The difference is audible, dramatically so. So is the difference between an MP3 and any digital recording that doesn't use a lossy compression algorithm, assuming of course, that the mix wasn't done by the current crop of "more compression is always better" asshats.
In other words, while that tool who paid $9K for an ethernet cable (no shit, it's really a thing) probably can't actually hear any difference, lots of audiophiles do, and the paucity of quality source material in the online world sucks so much that ripped CD's on pirate sites are the predictable result.
And it doesn't bother you that the FBI ran a kiddie porn site, exploiting those children in the name of protecting them?
Of course it does. What part of "...seeing them told, 'Sorry. Try again,' when another questionable procedure is reviewed is welcome news..." did you not get?
On the one hand, I have little concern for those who traffic in anything that genuinely hurts children. On the other hand, the FBI abuses their position regularly, lying to the courts and ignoring the courts' orders when lying doesn't work, so seeing them told, "Sorry. Try again," when another questionable procedure is reviewed is welcome news.
...use the restroom that matches your biological fact, not what your lifestyle choice dictates.
You demonstrate a remarkable, if all too common, ignorance of gender identity issues. In other words (which you are more likely to understand), you are an ignorant asshole.
We employ a handful of developers, some in-house some contractors. All but one has had be taught the importance of some of the fundamentals of secure programming. To see their code, you'd have to assume that they'd never been exposed to the idea of input validation, for example. I don't know if I'd lay the blame wholly on academia, though. Some of our crew are largely self-taught, but still, whatever learning resources they've relied on clearly did not address security.
IMO, it is inexcusable that those with CS degrees have not had more exposure to security issues. "The threat" is a fact of life and any leader in any information technology role should have a grounding in the security principles around that role.
Slashdot Mirror
...no problem, Citizen. You may go. If you can't, you're probably guilty and all your shit are belong to us. Oh, and if you look Mexican, or Muslim, you probably shouldn't be here in the first place, terrorist, so your proof is probably not going to count for much.
It isn't a myth, people just didn't read their Adam Smith and they have no idea what it means.
You're absolutely right. Just like every Marxist, Marxist-Leninist, Maoist, Fascist, Techocrat (the political party), Islamic State warrior, Spanish Inquisitor, etc. is right. If everybody would read the book and follow the rules then the outcome would be perfect. The problem is the people who are too stupid or foolish to obey the rules who screw if up for everyone. If we could only remove them and their influence then the ends would justify the means...
First of all, kudos to GP, who is one of the very few here on /. who understand what Smith envisioned. All those who've been drinking the "government is bad" koolaid since the Reagan years are in the "too stupid or foolish to obey the rules" group. Yes, all of them.
...and probably Mexican. They're Mexican, aren't they?
Well, if you burn USA flags . . . while waving Mexican flags at an anti-Trump protest . . . I don't think you are doing anything to help Hillary or Bernie.
Totally the opposite . . . this just pours oil on the fire and fans the flames of Trump xenophobia.
Agreed. I totally do not understand the thinking of someone who comes to the U.S. and then waves the flag of the shit nation they just left. I do, however, understand the anger at Trump on the part of hard-working Mexican-Americans. The key point here is that it was Trump who laid the fire and struck the first match. Who poured how much gasoline on it is beside the point. He is basking in the glow as the fire grows higher. How the fuck is that good for this country?
Except crony capitalism is rampant, and so it is not a truly free market.
Never was. The so-called free-market is a myth. Always was. Even the guy who coined the phrase made it plain that without regulatory influence, such a thing would never be possible.
RNC didn't want to advertise there anyway. They're low energy. Losers.
...and probably Mexican. They're Mexican, aren't they? Or Muslim?
In all seriousness, I am enjoying the shit out of watching the clown car that was the republican field, now that Trump is behind the wheel with his foot mashing that gas pedal. The wreck is going to be of historic proportions.
I think money was better spend learning how to properly configure you corporate systems and actually learn how to make secure applications...
Erm..., no. The very notion that such a thing is possible is flawed, evidenced by the fact that we are having this discussion. Granted, there's a lot of room for improvement and not fixing (let alone releasing) software with known exploits is inexcusable, but the reality is that there is no substitute for vigilance.
Can someone please help me understand what's so different about what this guy is proposing, vs common practices which already exists?
Not a damned thing different, though it might be argued that "common practices" and "best practices" are two very different things. What TFA is actually suggesting is little more than the best practice of paying attention to what's going on in your environment, as opposed to throwing up defenses and expecting them to stop all attacks. That takes effort, proper tools, and expertise. The mix of those three can vary, but the bottom line is that it costs money to be vigilant and that is not something that our industry has been inclined spend much on, with predictable results. In each of the high-profile breaches over the last year or two, the attackers where active inside the target's defenses for months, with nobody noticing. The signs were there, but nobody was looking, and that is (I hope) what the author of TFA was trying to get to - you have to actively hunt for the attacker.
Here in the USA, we just pay Fox News to do all that for us.
It is stable. Fact. Nothing naïve about it.
Why do you think "stable" is a synonym of "good"?
Because it's pretty clear that's exactly what you meant, your disingenuous attempt to portray your original comment otherwise notwithstanding.
His philanthropy may even be what is irritating them, who knows?
Probably more than a little truth to that. The Gates Foundation gives a lot of money to immunization programs, IIRC, and we all know that preventing polio is just another front for dirty Jews trying sterilize young Mu'min. Right?
Non-progressive societies don't encourage girls to do things like science and math in the first place, they expect them to adopt 'traditional female roles'.
Should do a comparative study of marriage stability as well!
Perhaps women from such progressive cultures make terrible mothers and wives, perhaps men from such progressive cultures make terrible husbands and fathers...
So... your definition of "stable" is a marriage where the female partner is little more than property and could not leave an oppressive, often violent relationship even if she tried. Have I got that right? Do you really, even remotely, believe such a naive bullshit notion such as that?
...to murder influential people to advance your socio-economic agenda. Right? What was that passage again?
The first video game that made me react in real life was Leisure Suit Larry.
Oh, Eve...
LSL was pretty pedestrian. Now "Leather Goddesses of Phobos" :)
How long has OpenSSL been open source and had major vulnerabilities before they were found?
A pretty long time. What is your point? Surely you are not arguing that those flaws would have been found sooner if it had been closed source. That would just be stupid.
That's all it will take to make up that minimum wage bump. Yes, I am serious. Do the fucking math. How about you do that instead of eliminating jobs and pocketing the savings?
Obviously I meant inside and I've never written down a password in my life since not all of us are idiots? Also, I don't really understand why everyone even secures their wifi. I leave guest mode open. You can use my bandwidth and my devices are fairly secured against attack already.
Two questions.
1) May have your address please? I have spam campaign I'd like to launch an since you're so generous with your Internet access...
2) Who would like to pick the over/under date for when this trusting soul has his "fairly secured" shit pwned?
Dude. We are well past the point in time where your behavior moved from "generous" to irresponsible. Lock down your fucking WLAN.
...if the government's true constituency, those that paid to get their people into office and their agenda carried forward through legislature and regulation, see profit in the move. If they do, you can bank on it happening. Sadly, that equation has little to do with "The People".
Normally, I'd say, yes, punish those responsible for lax security.
But, I'm a security geek. I can't count the times where security measures proposed got shot down by manglement, even the ones that were near-zero cost. Or when senior managers and corporate officers demanded admin/root access.
Because, the people who implemented will get punished, while the people who tied their hands will walk unharmed (and likely get bonuses. . . )
Punish those responsible for lax security. It's not that hard to figure it out, especially if the implementers or other subordinates take the time to create the paper trail that will point to the decision maker who failed to take recommended action. Yes, that opens up a whole can of worms but accountability has to start somewhere, and that somewhere is the boardroom. I can see a day in the not to distant future when regulated (SOX, HIPAA, etc.) organizations require such documentation, e.g. some decision maker's signature on a document authorizing or rejecting a security related change. I don't look forward to that day, but I can clearly see the need.
Why can't we use bulletproof and Windows in the same sentence? According to the report it was the AV scanner that caused the application to crash. The PC was then required to be rebooted for the application to start working correctly. Arguably the client software is at fault for not being able to recover from a situation where "communications" get lost.
It is not reasonable to single out the OS, the AV software, or the application. The three were combined, along with some specialized hardware as a system with an arguably life-or-death role in the OR. This was a bad choice, for all the reasons previously stated. If you're going to place the system in a role as critical as heart surgery, far more serious attention should have been paid to it's availability and reliability. Yes, the AV scan disrupted things, the OS had no way to know that the application software is as important as it was, the application software failed spectacularly when the expected resources weren't available, etc. The big fail was the decision to place a patient's life in the hands of that rickety and untested system.
These are the people who spend over $9,000 for an audio cable because it makes "warmer sound", or better yet, audiophile SATA cables.
I don't do stupid shit like that, but I did spend several hundred dollars building my own SET tube amplifier. The difference is audible, dramatically so. So is the difference between an MP3 and any digital recording that doesn't use a lossy compression algorithm, assuming of course, that the mix wasn't done by the current crop of "more compression is always better" asshats.
In other words, while that tool who paid $9K for an ethernet cable (no shit, it's really a thing) probably can't actually hear any difference, lots of audiophiles do, and the paucity of quality source material in the online world sucks so much that ripped CD's on pirate sites are the predictable result.
He died in poverty because of copyright infringers.
You keep using that word. I do not think it means what you think it means.
And it doesn't bother you that the FBI ran a kiddie porn site, exploiting those children in the name of protecting them?
Of course it does. What part of "...seeing them told, 'Sorry. Try again,' when another questionable procedure is reviewed is welcome news..." did you not get?
On the one hand, I have little concern for those who traffic in anything that genuinely hurts children. On the other hand, the FBI abuses their position regularly, lying to the courts and ignoring the courts' orders when lying doesn't work, so seeing them told, "Sorry. Try again," when another questionable procedure is reviewed is welcome news.
...use the restroom that matches your biological fact, not what your lifestyle choice dictates.
You demonstrate a remarkable, if all too common, ignorance of gender identity issues. In other words (which you are more likely to understand), you are an ignorant asshole.
IMO, it is inexcusable that those with CS degrees have not had more exposure to security issues. "The threat" is a fact of life and any leader in any information technology role should have a grounding in the security principles around that role.