No, definitely not airtight. I was only responding to the notion that you can bluff your way in, plop down in a conference room, hook up to the network, and do bad things. That's the scenario the GP was discussing and it can't happen here, or, if it can happen, it's unlikely to give anyone any better information than how poor is the quality of the carpet and furniture in our conference rooms.
You bring up good points. Let me take a stab at them.
...everyone seems fixated on those ID badges. Precisely what is the security on those? RFID, or is it a magnetic strip?
The security on them is the picture that has to match the face. We're tranisitioning to HSPD12 (RFID smart cards for ID and access) as quickly as we can. The point isn't that the ID badges are of much use in a technical sense. The point is that you must have one of ours. A badge from anyone outside isn't good enough. If you have an accurate-looking fake badge, you can defeat much of our first line of security.
You can't, however, get through any doors with your fake badge. We use separate access-control cards.
...are the PCs at the IRS running windows? Would a simple trick like the "drop a few USB dongles in the employee smoking area" work?
Yes to the first question, no to the second. If someone finds a USB stick, they're going to treat it like radioactive anthrax. A lost USB stick means that someone has lost a device that may contain taxpayer (sensitive but unclassified) data. If you possess SBU data you're not supposed to have, you get in big trouble. Nobody wants that. Also, it is almost universally true (though this was definitely not the case not so long ago) that no one will plug into an IRS computer anything that wasn't issued to them by the IRS.
If, OTOH, you're talking about putting malware of some sort on those USB sticks and hoping someone plugs just one of them in, you have a point. However, we run constant scans on the network looking for unapproved software. The last time a contractor in my building plugged in a personally-owned USB stick with various non-IRS-issued applications, his account was locked off the LAN within 5 minutes. Within 10 minutes, Security had concluded a stern talk with his supervisor. He was a good guy, just new to the place and not yet "in the groove" when it comes to security. He took his suspension and a couple of weeks later got back to work with a bit more appreciation for the fact that we mean it when we tell people not to plug anything into the network that wasn't issued to you by the IRS.
Finally, there's insider information. Somehow, I doubt the IRS pays people very well. There must be all kind of employees with IT jobs who could physically copy from computers containing millions of tax records.
I've been around for 26 years. I know this has happened. And in every case I know of, the offender left the office in handcuffs. Slashdot actually had a story about these incidents some months ago. Yearly, we'll have a few hundred incidents. Most are extremely benign, accidental compromises of a few scraps of disjointed information from a single account. The few deliberate "copy and sell" cases with which I am familiar have sent people to jail. Pretty much no one wants to risk that.
Besides, our access isn't as easy as you might think. I can easily access the computers of people who have massive amounts of SBU data. Their default settings, however, place that data in folders protected by Windows encrypted file system. I can't read their stuff. I can get a recovery key for times when there's been a system crash, but doing so requires documentation and approval from the encryption staff and they are, technically, the only ones who actually use the key, i.e. it's initiated from their end over the network. Everything they do is fully monitored.
One of the serious side effects of running highly classified projects is that the people working on them become obsolete in place. They're so cut off from the outside world that they don't keep up, outside their very narrow area of expertise. That's why I left aerospace and went to the commercial world.
Bingo. I have a set of truly amazing skills that I will take into retirement this year. In the private sector, those skills are worth approximately... nothing.
That doesn't bother me. I like my current job very much; my time here certainly hasn't been wasted. After I retire, I have a number of options unrelated to my current job. But it is definitely true that my IT experience here isn't something you'd call "portable" by any stretch of the imagination.
Need help getting through a door? Sure, people will let you through a door if you're lugging a load. Then they'll see you don't have your badge on, offer to help you find the office and person you're looking for, and if you don't know what name or location to give, they'll stick right with you until you figure it out or security comes along to help.
Selling copiers? "Oh, man, dude, nobody on this floor has the authority to buy anything! Lemme walk you over to the facilities guy that you *must* have an appointment with. He'll get you a temp badge or an escort if you need to look around."
New hire? "Gee, ya know, I hate to be a pain about this but you really do have to keep your badge on in the building. Lemme hold your box while you find it."
Lost your badge? "Gee, ya know, you're gonna get hassled a bunch without it. Do you know where Kathy's office is? Let me show you; she can issue you a temp badge for the day."
Lugging in a server or anything that looks remotely computer-like? The security guard will have you sign in and call down someone from IT to escort you.
Visiting executive? Unless you're the commish, in which case you'll be covered by a phalanx of security, even the lowliest of the low in this place will give you a friendly wave, say hi, and offer you a lanyard for your badge while you're in the building. "Oh, that's OK, I can wait till you find your badge. Do you want me to show you where you're going/where to get a temp badge/to security?" In fact, this is one of the few times a data input operator can pull rank on the highest executive in the organization and you'd better believe that no office lacks for people who would relish the opportunity.
Bluff your way past security and take an elevator ride to an upper floor, looking for something? Big deal. All the doors are on card keys and if you knock, the person who answers is going to lead you right back through the "Gee, I hate to be a pain about this but you really have to wear your badge in the building" routine.
Walking around in the hall looking semi-lost because you got in but realize you can't get through any of the doors? You'll be directly challenged by someone who will walk you directly to your manager (if you can provide a name and location) or directly to security.
If by some total breakdown (say, you've got a decent fake badge and you piggyback on someone to get through a door) you get into the work area and plop down in a conference room, you're gonna get caught in short order. Plug in your laptop? If you haven't pre-reserved the room, you'll trip port security, that port on the router will shut down, the telecomm lady will get an automatic page and head up to that conference room to see who's screwing around by plugging in an unregistered MAC. Just turning on a laptop with wireless enabled chances setting off the scanner that's sometimes running in every building; in that case, you get a quick visit from scary men with badges and guns. You're a contractor on site and you plug in a wireless access point? See the sentences immediately previous, plus you get tossed out, fired if you're a sub, lose your individual security clearance, and the overall contract holder gets in seriously hot water. Just sit there and try to look important? The conference room reservations are controlled by the nearest secretary. As soon as s/he sees you in the room, you'll get asked to do a formal reservation. "If the room is free, you can have it, but I need your name and badge number for the log book. By the way, where's your badge?" In offices where the conference rooms aren't tightly controlled, people get used to dropping in so if you're sitting there without a badge, you're going to get questioned. If you don't know the right jargon, the right person to say you're working with, the right organizational attributes to assign to yourself, you're going to be questioned. Even the most tim
In most engineering disciplines (if not all), things are not designed simply to not break - that would be unrealistic. Instead, they are designed to fail gracefully;...
There's no heavy engineering here but one of the things I've always wondered about was the reason cast iron is still used for high quality reloading presses. Steel would be stronger and lighter. And when cast iron breaks, it just snaps. Then someone who thinks deeper than me pointed out that for this application (which requires parts be held in perfect alignment), catastrophic failure is preferable. If a press were to bend, even a little, it would appear to be working fine but produce poor-quality output. A press needs to either be perfectly aligned or obviously broken.
Good presses are heavy. Among the presses I own, a legendary early Hollywood is my favorite (Trust me, the two serious reloaders in the audience are now highly impressed) and weighs over 40 pounds. I wonder if it would be possible to make one of these from a light, strong material that would never bend, only break, under excessive load?
That would be not just cool but very useful for portable applications.
I apologize in advance. I don't mean to be obtuse. I'm actually curious about your post.
I'm a math dunderhead. I never got to it. I stopped with simple arithmetic. A couple of years of algebra in high school, some geometry (which I loved, spending hours refining formal proofs to make them more elegant), trig (which I hated), and a single logic course in college (before I dropped out, circa 1978) is the extent of my education. I looked at introductory calculus texts on several occasions; they may as well have been written in Klingon. I was a liberal arts kind of guy and still am.
Still, when I read the problem the first time, I worked it out in my head in a few seconds in a way that looks roughly the same as your "10 years ago" example. But I confess that I had to look at your "5 years ago" example for several minutes before I understood what was happening. When I need to do a square root in my head and am thus forced to accept an approximation to one decimal, I frequently use a method that translates to "Guess. Test. Adjust. Repeat." until I get close. But I can't imagine anyone actually teaching something like that for *real* problem solving. It's a shortcut trick suitable only when accuracy can be sacrificed for speed. It belongs in the lecture on "Daily arithmetic after you get out of school" where the teacher discusses how to compute the tip to leave at a restaurant without pulling out a calculator and looking like a dweeb. (As an aside - I work with accountants who I have seen, on many occasions, pull out the calculators and hold lengthy confabs just to figure out how to split a check and leave a tip. I am invariably mortified.)
Please tell me that methods such as you show in your second example have not supplanted those shown in your first. If they have, perhaps I should be happy I never had children. The process of getting them educated could drive me postal.
...the Model 100's keyboard, more than any other feature, guaranteed the machine's success. The Model 100's designers had the incredible good sense to include an impressive 56-key full-stroke typewriter keyboard in a reasonable, un-cramped size and with a layout that "just feels right."
I have a 100 that I used extensively. For a pure writing machine, I can't think of anything better. Seriously. I can take it anywhere and pour text into it fast and easy. Getting the text out isn't quite as easy but it was never too awfully bad.
I'd pay $500 for a clone (well, a physical interface clone) of the 100 or 102 that boots to a command line in linux and lets me run vi. Add some sort of wireless connectivity and a few gigs of flash to hold data and I'd be in heaven. Lots of writers who can do everything on their smart phones except type would also be in heaven. The physical interface of a typing device simply can't be overemphasized. The feel of a keyboard, the convenience of the device, the "rightness" of the way it feels, the ability of the machine to step aside and never impede the creative process are all things that the M100 got so completely, sublimely right.
A successful writing instrument can't be shrunk to EEE size. (I have one and it's wonderful but it's not a writers tool.) It can't be made out of a PDA connected to some flimsy little fold-up keyboard. (Those things are a bad joke.) It can't irritate the writer with little chiclet keys that float a half-millimeter above some ill-defined point of contact. It can't be designed with style in mind. It simply has to work, to meld with muscle and skin and bone to become a transparent portal for the codification of creative thought.
The 100/102 nailed it. Nothing since then has come close.
Mine sits 10 feet from where I lay my head at night. I may just fire it up this evening for nostalgias sake.
As a part of a criminal investigation or prosecution, for what purpose are photographs categorized on the Copine scale? Is it just to guide in deciding the severity of punishment?
The Wikipedia stub on the subject is more confusing than helpful. It emphasizes that the scale was intended to distinguish between erotica and porn, yet the description given of Level 1 lumps the two (by common definition) together. And, if my readings in re Dost and others are correct, all the images described in Level 1 are prosecutable as porn in the U.S., anyway.
So I'm just trying to figure out how the thing is used. Can you recommend any good online resources where I could look this stuff up? TIA.
the level of batshit crazyness of some USian tabloids (National Enquirer, I'm looking at you here),
I hate to stick up for the Enquirer, but somebody needs to.
During the OJ Simpson mess, a number of odd factors came together. First, the "legitimate" press was perfectly willing to dive into the voyeurism of the time but didn't really have all the show-business contacts they needed to get in deep to the story. Second and not surprisingly, the Enquirer had dealt with many of the principles and their friends for years. The relationship between the Enquirer and that community wasn't always civil, but it was a known quantity. Finally, the Enquirer had become a little embarrassed by their excesses over the years and saw the whole OJ affair as an opportunity to do some more serious work.
So what happened? The Enquirer restrained their "batshit crazy" tendencies while lots of folks close to the case fed them information. The Enquirer broke a bunch of news and became a good, reliable source of news on the investigation and trial. The paper showed it was capable of real journalism. Yeah, they spiced it up where they could but, by and large, their efforts were reasonably good and they scooped the rest of the press regularly.
Since then, things have moderated. The Enquirer is a tabloid, sure, but it's probably the best of them. Half of it is crap, of course, but it's actually a decent quality news source on the entertainment industry. They've left their stupid days behind them.
If you want to read the life story of the bat-boy or about how you can use an ancient Indian talisman to ward off the coming Great Depression II, IOW if you want *real* "batshit crazy," we still have the Weekly World News and the Sun
At my job, any URL with the string "porn" in it is automatically filtered. Given my love of tech, you have no idea how many times I've hit our blockpage when trying to access a story about unpacking a new piece of tech, generically referred to as "unboxing porn."
It's a federal crime, it's also a state crime, or a local crime depending on circumstances.
Excellent point.
I had occasion recently to spend some time waiting around at a small, rural courthouse annex while a relative did some business. Wandering around, bored, I found that they posted a simple printout of court activities to the door of each court. Most listings were a variety of all sorts of basic, run-of-the-mill offenses such as burglary and public intoxication. There were drug possession cases and even one rape. What I didn't expect but found anyway was that at least 1 out of 5 cases was child porn possession.
Maybe this was just a weird coincidence but it clearly demonstrates to me that lots of child porn is prosecuted at the local level, not by the feds. I get the feeling there are lots more cases out there than most people realize.
That drive uses ATA security. ATA has been broken for at least 3 years. While it provides good protection against determined thieves, it's not proof against anyone who can write a check to a major data recovery firm. Successful file recovery from locked drives has been demonstrated for at least 3 years.
Los Angeles tried to ruin Max Hardcore because he released an explicit film with an obviously over-18 actress who said she was 14 in the video. Ultimately, the city lost in court. But the fact remains that some CP is completely, obviously fake and you can *still* be prosecuted, have your life ruined for making or possessing it.
Since the GP mentioned the Tin Drum. Years ago, police in Oklahoma City decided the Tin Drum was CP, too. They went to video stores, found out who had the thing, and went knocking on doors. What's funny is that one of the people who had rented it that night was the OK ACLU President. Ultimately, the cops got their asses handed to them.
Too lazy to google for references at the moment...
Seagate has been most active in this space and the most disappointing. Seagate announced their encrypted drives a couple of years ago. Complete vaporware and required a custom BIOS, to boot. Seagate re-announced their encrypted drives about 7-8 months ago. A few of the Momentus FDE drives showed up in retail channels only to go out-of-stock/back-ordered in a matter of weeks. A month or so ago, Seagate showed their encrypted portable drives. Anybody seen one for sale? Seagate announced their encrypted SAS-connected and FC-connected server drives a couple of days ago. Availbility? Only to OEMs. I don't think even OEMs have access to the 1TB desktop disks that Seagate announced months ago and that's the model that home users and hobbyists would scarf up by the truckload if it were only available.
Digisafe has a nice web site but I can't find any place to actually buy the drives.
Lots of other manufacturers, including some of the big ones, have made announcements but nothing has shown up in the retail channels. Even if you're willing to buy a new laptop to get the encrypted drives that are apparently going preferentially to OEMs, actually finding encrypted machines for sale on the web sites of the major players will have you clicking fruitlessly until your fingers cramp. Even the much simpler "bump in the wire" encryptors (e.g. from Digisafe) that are supposed to work with any IDE drive are simply non-existent in the marketplace. The whole range of products from Enova is tantalizing until you realize that you can't actually lay hands on any of it.
For years, I've used Flagstone. They're expensive and insufficiently large. But at least I can pick up the phone and order one of them and, lo and behold, actually receive it in the mail. Given the way the dollar is tanking and the size of the available drives, I'd love to have another choice. Realistically, I don't.
Call me back when I can drop an encrypted drive into my shopping cart at NewEgg. Until then, this is so much supremely frustrating vapor.
My first thought upon reading about county cops using UAVs from a few hundred feet was "What a nice target for an American 180." Then I realized that we long ago started allowing "reasonable" infringements on our second-amendment rights, thus making us unable to straightforwardly respond to such police tactics.
What, then, is the alternative? You mentioned EMP. Is that possible? I assume domestic-use UAVs will be cheaper and less hardened, but is it actually reasonable to set up some sort of EMP or other protection?
It saddens me to say that this is now a legitimate question: How do you shoot down a UAV while retaining some sort of plausible deniability?
I'm in Houston, so I checked HAR.com and looked up single-family detached homes for under $20K. I find 30 houses with their lots listed for sale at $18,000 or less. Remove the 6 error listings that show as priced for $1 and that leave 24 houses ranging from $7499 to $18000. Some are in depressed areas. Some are 50+ miles out of town or out in the middle of nowhere. Still, the fact is that it's possible.
Office Space was trying to deal with too much money. Greed'll kill ya.
Personally, I'd want my ill-gotten gains to be sufficiently small that no one would notice. I have a life and a job. If I had some criminal enterprise on the side, I'd want it to be just big enough to keep me with a couple of grand in my pockets all the time. Then I could buy pretty much anything I wanted any old time without being noticed. A new target pistol? A night on the town? Expensive car repairs? A new flat-panel? A new media server for the house? Food and clothing? Just pull out a wad of $100s. The basic stress of making a living and paying for all the basic necessities disappears.
For big purchases, like a house or car, there's the completely traditional route, paid from my legit income. And I'm going to have no problem making my payments because all the expenses that might eat up my cash are taken care of from that ever-present walking-around money.
So the Office Space guys made too much money and earned too many problems along with it. If they had put in some kind of limiter to keep their ill-gotten gains below a reasonable amount, they could have lived easy and stayed under the radar. Yeah, greed by itself is bad but the combination of greedy AND stupid is just tragic.
Now, can anybody suggest a low-end criminal enterprise that would produce moderate additional income for minimal risk and effort? No? Darned if the real world doesn't put a major damper on most silly daydreams. Doncha just hate that?
Thanks for the info. I understand. That's what I figured.
I would settle for a map of the places where it's *already* deployed.
Can anybody confirm the existence of FIOS in Houston at any location within 6 blocks of any light rail stop? If you can, I'll know where to start looking for a new house.
How did you discover the FIOS rollout schedule for your location? I'm contemplating moving my household and I would definitely use the current/future availability of FIOS to help me choose my destination. However, I can't figure out where to look to find a map that says "This is where you can get it, this is where you can get it in 6 months, and this is where you're out of luck."
I had occasion to leave the cube a while back and spend a few days working around a conference table with a bunch of other folks in a very busy environment, the control room of a very large conference with thousands of people from all around the country.
My tablemates were utterly confounded that I had no IMs, one of my cell phones was often off with an outgoing message of "I don't pick up these messages, so don't bother", that I never sent any text messages, that I used an old-school one-way pager, and that I actually checked incoming email "only" every couple of hours or so. They thought I was a complete neanderthal. Yet I was the IT guy for the conference. In fact, I had been specifically requested by the head of the planning team; he had worked with me before and valued not just my willingness to work long and hard but my ability to communicate face-to-face with the hordes of hyper managers and executives who inevitably showed up with work-stopping computer problem and have to be "handled" properly while they get their problems fixed.
I got the assignment mostly because I was seen as a good communicator. Yet the entire rest of his staff (who I met for the first time at this event) thought I was nuts to be so out of touch.
I've never thought that avoiding distractions and interruptions made for poor communication. Indeed, my attitude is quite the opposite. It also seems to be increasingly rare these days.
Yes, you can get a speeding ticket issued by a federal agency if you speed on U.S. government property. I actually managed to get one in Houston from a Federal Protective Service cop.
I almost burst out laughing. It was a bicycle cop. I had passed him quite a distance back and didn't even see him. I had already parked and was unloading my car when he rode up to me, huffing and puffing. Apparently he didn't write many tickets and didn't feel comfortable deviating from the training script, because he launched into a pre-rehearsed speech explaining to me why *he* stopped *me*!
The whole thing pissed me off. The cop had no radar, no pavement marks to time me, no nothing. He just said that it looked to him like I was driving over the limit. Well, in a 5 MPH zone ( yes, *5* MPH ) it's a pretty good bet that most people are doing a little over the limit. I was irritated that I had been singled out and I was ready to fight. I talked to a lawyer who regularly dealt with odd issues before the federal courts and he was gung-ho. I knew all the federal judges in town, having appeared before them on one thing or another over the years. I knew good and well that all I had to do was show up and fight the ticket and there was about a 50-50 chance, depending on the judge I got, that he would explode in anger at the U.S. Attorney for daring to waste his time on a case with a $35 max fine.
Then I noticed someting weird. The address on the docket notice for the courthouse was most definitely not what I expected. I had been written the ticket in Houston, Texas. The case had been docketed to a federal court in Miami, Florida.
I suppose that's one way to make sure no one ever shows up in court. I mailed in the fine.
>But privacy protections do not extend to protections of illegal activities.
Actually, they do
Aren't you both right? There are some illegal things that have privacy protection in some circumstances and some that don't.
In the case of your wife who's a doctor, she may be obligated under HIPAA to keep drug use private. But if some 8-year-old comes in with a condition clearly caused by repeated sexual activity, I'll bet she has a higher priority legal obligation to notify the authorities. You can get no-questions-asked treatment for drug addiction but if you go to a therapist and ask for help overcoming your addiction to child porn, you're likely to find the cops banging on your door.
Likewise, confessional privilege varies. It doesn't exist in the U.K. In the U.S., it's modified depending on the state you're in, whether your priest is a licensed counselor of some sort (and thus subject to the laws applying to that profession) and the context under which your confession is made.
In the instant case, we're dealing with things at a lower level. This isn't a planned murder or ongoing child molestation. This is a civil claim, represented as being *really* big and important by the people who are bringing it, versus a set of legal protections for student records, something generally acknowledged to be a good thing. But neither concern is so clearly inferior to the other that a judgement is easy. It sounds to me like a real crap shoot whether a judge would come down on one side or the other.
Of course, I could render a more insightful opinion if I actually read the article. But then I wouldn't be a true slashdotter, would I?
This had me flashing back to elementary school arithmetic. It happened to me a hundred times. The textbook showed an equation and made a statement about it. The textbook showed another equation and made a statement about it. Then the textbook showed a third equation and asked "What can we say about this equation?"
My answers always started the same way. "It's printed in ink on paper." I don't really think that the textbook author expected people to do anything other than to extend whatever line of reasoning had been presented in the previous examples (and I always got around to that) but the open-ended question "What can we say about this equation?" always struck me as license to comment on the clarity of the typesetting or anything else.
My teachers thought I was weird.
Later in life, I became involved in competitive pistol shooting. I loved the rule books. They were just collections of hidden loopholes begging to be found. And then came the problems. In some sports it was called the "engagement" rule. In others, it was the "spirit of the rules" rule. They were all the same sort of thing - a way to say you couldn't do anything unexpected. If you looked at a practical defensive scenario and found some completely whacky way to beat it by, say, running between cover in an odd sequence, you'd be found guilty by the officials of "failure to engage" the scenario. No points for you. A guy I knew had trouble seeing sights too close to his face but the rules forbid changing the sight radius (distance between the sights) making it impossible for him to move the rear sight further from his face. He responded by cantilevering both sights forward so that the sight radius stayed unchanged but both sights were now completely forward of the muzzle. It was perfectly legal under the rules as written but his pistol was declared illegal because it violated the "spirit of the rules."
What amazes me is the hostility this mindset engenders. I'm not shy about saying that I love to parse out the rules and find advantages. I'm not shy about saying that a "spirit of the rules" rule is really just saying "You're not allowed to be smarter than the people writing the rules and running the match." The reaction I get is flaming on message boards and accusations of poor sportsmanship. There are actually people out there who want to punish innovation; at least, that's the way I look at it.
"Thinking different" makes people feel threatened and act nervous and hostile. I don't understand that. Am I weird, or are they?
Slashdot Mirror
No, definitely not airtight. I was only responding to the notion that you can bluff your way in, plop down in a conference room, hook up to the network, and do bad things. That's the scenario the GP was discussing and it can't happen here, or, if it can happen, it's unlikely to give anyone any better information than how poor is the quality of the carpet and furniture in our conference rooms.
You bring up good points. Let me take a stab at them.
The security on them is the picture that has to match the face. We're tranisitioning to HSPD12 (RFID smart cards for ID and access) as quickly as we can. The point isn't that the ID badges are of much use in a technical sense. The point is that you must have one of ours. A badge from anyone outside isn't good enough. If you have an accurate-looking fake badge, you can defeat much of our first line of security.
You can't, however, get through any doors with your fake badge. We use separate access-control cards.
Yes to the first question, no to the second. If someone finds a USB stick, they're going to treat it like radioactive anthrax. A lost USB stick means that someone has lost a device that may contain taxpayer (sensitive but unclassified) data. If you possess SBU data you're not supposed to have, you get in big trouble. Nobody wants that. Also, it is almost universally true (though this was definitely not the case not so long ago) that no one will plug into an IRS computer anything that wasn't issued to them by the IRS.
If, OTOH, you're talking about putting malware of some sort on those USB sticks and hoping someone plugs just one of them in, you have a point. However, we run constant scans on the network looking for unapproved software. The last time a contractor in my building plugged in a personally-owned USB stick with various non-IRS-issued applications, his account was locked off the LAN within 5 minutes. Within 10 minutes, Security had concluded a stern talk with his supervisor. He was a good guy, just new to the place and not yet "in the groove" when it comes to security. He took his suspension and a couple of weeks later got back to work with a bit more appreciation for the fact that we mean it when we tell people not to plug anything into the network that wasn't issued to you by the IRS.
I've been around for 26 years. I know this has happened. And in every case I know of, the offender left the office in handcuffs. Slashdot actually had a story about these incidents some months ago. Yearly, we'll have a few hundred incidents. Most are extremely benign, accidental compromises of a few scraps of disjointed information from a single account. The few deliberate "copy and sell" cases with which I am familiar have sent people to jail. Pretty much no one wants to risk that.
Besides, our access isn't as easy as you might think. I can easily access the computers of people who have massive amounts of SBU data. Their default settings, however, place that data in folders protected by Windows encrypted file system. I can't read their stuff. I can get a recovery key for times when there's been a system crash, but doing so requires documentation and approval from the encryption staff and they are, technically, the only ones who actually use the key, i.e. it's initiated from their end over the network. Everything they do is fully monitored.
Bingo. I have a set of truly amazing skills that I will take into retirement this year. In the private sector, those skills are worth approximately ... nothing.
That doesn't bother me. I like my current job very much; my time here certainly hasn't been wasted. After I retire, I have a number of options unrelated to my current job. But it is definitely true that my IT experience here isn't something you'd call "portable" by any stretch of the imagination.
None of that crap would pan out where I work.
Need help getting through a door? Sure, people will let you through a door if you're lugging a load. Then they'll see you don't have your badge on, offer to help you find the office and person you're looking for, and if you don't know what name or location to give, they'll stick right with you until you figure it out or security comes along to help.
Selling copiers? "Oh, man, dude, nobody on this floor has the authority to buy anything! Lemme walk you over to the facilities guy that you *must* have an appointment with. He'll get you a temp badge or an escort if you need to look around."
New hire? "Gee, ya know, I hate to be a pain about this but you really do have to keep your badge on in the building. Lemme hold your box while you find it."
Lost your badge? "Gee, ya know, you're gonna get hassled a bunch without it. Do you know where Kathy's office is? Let me show you; she can issue you a temp badge for the day."
Lugging in a server or anything that looks remotely computer-like? The security guard will have you sign in and call down someone from IT to escort you.
Visiting executive? Unless you're the commish, in which case you'll be covered by a phalanx of security, even the lowliest of the low in this place will give you a friendly wave, say hi, and offer you a lanyard for your badge while you're in the building. "Oh, that's OK, I can wait till you find your badge. Do you want me to show you where you're going/where to get a temp badge/to security?" In fact, this is one of the few times a data input operator can pull rank on the highest executive in the organization and you'd better believe that no office lacks for people who would relish the opportunity.
Bluff your way past security and take an elevator ride to an upper floor, looking for something? Big deal. All the doors are on card keys and if you knock, the person who answers is going to lead you right back through the "Gee, I hate to be a pain about this but you really have to wear your badge in the building" routine.
Walking around in the hall looking semi-lost because you got in but realize you can't get through any of the doors? You'll be directly challenged by someone who will walk you directly to your manager (if you can provide a name and location) or directly to security.
If by some total breakdown (say, you've got a decent fake badge and you piggyback on someone to get through a door) you get into the work area and plop down in a conference room, you're gonna get caught in short order. Plug in your laptop? If you haven't pre-reserved the room, you'll trip port security, that port on the router will shut down, the telecomm lady will get an automatic page and head up to that conference room to see who's screwing around by plugging in an unregistered MAC. Just turning on a laptop with wireless enabled chances setting off the scanner that's sometimes running in every building; in that case, you get a quick visit from scary men with badges and guns. You're a contractor on site and you plug in a wireless access point? See the sentences immediately previous, plus you get tossed out, fired if you're a sub, lose your individual security clearance, and the overall contract holder gets in seriously hot water. Just sit there and try to look important? The conference room reservations are controlled by the nearest secretary. As soon as s/he sees you in the room, you'll get asked to do a formal reservation. "If the room is free, you can have it, but I need your name and badge number for the log book. By the way, where's your badge?" In offices where the conference rooms aren't tightly controlled, people get used to dropping in so if you're sitting there without a badge, you're going to get questioned. If you don't know the right jargon, the right person to say you're working with, the right organizational attributes to assign to yourself, you're going to be questioned. Even the most tim
I've never met a sane woman who took more than 10 seconds to decide she'd NEVER sleep with me.
This is news?
There's no heavy engineering here but one of the things I've always wondered about was the reason cast iron is still used for high quality reloading presses. Steel would be stronger and lighter. And when cast iron breaks, it just snaps. Then someone who thinks deeper than me pointed out that for this application (which requires parts be held in perfect alignment), catastrophic failure is preferable. If a press were to bend, even a little, it would appear to be working fine but produce poor-quality output. A press needs to either be perfectly aligned or obviously broken.
Good presses are heavy. Among the presses I own, a legendary early Hollywood is my favorite (Trust me, the two serious reloaders in the audience are now highly impressed) and weighs over 40 pounds. I wonder if it would be possible to make one of these from a light, strong material that would never bend, only break, under excessive load?
That would be not just cool but very useful for portable applications.
I apologize in advance. I don't mean to be obtuse. I'm actually curious about your post.
I'm a math dunderhead. I never got to it. I stopped with simple arithmetic. A couple of years of algebra in high school, some geometry (which I loved, spending hours refining formal proofs to make them more elegant), trig (which I hated), and a single logic course in college (before I dropped out, circa 1978) is the extent of my education. I looked at introductory calculus texts on several occasions; they may as well have been written in Klingon. I was a liberal arts kind of guy and still am.
Still, when I read the problem the first time, I worked it out in my head in a few seconds in a way that looks roughly the same as your "10 years ago" example. But I confess that I had to look at your "5 years ago" example for several minutes before I understood what was happening. When I need to do a square root in my head and am thus forced to accept an approximation to one decimal, I frequently use a method that translates to "Guess. Test. Adjust. Repeat." until I get close. But I can't imagine anyone actually teaching something like that for *real* problem solving. It's a shortcut trick suitable only when accuracy can be sacrificed for speed. It belongs in the lecture on "Daily arithmetic after you get out of school" where the teacher discusses how to compute the tip to leave at a restaurant without pulling out a calculator and looking like a dweeb. (As an aside - I work with accountants who I have seen, on many occasions, pull out the calculators and hold lengthy confabs just to figure out how to split a check and leave a tip. I am invariably mortified.)
Please tell me that methods such as you show in your second example have not supplanted those shown in your first. If they have, perhaps I should be happy I never had children. The process of getting them educated could drive me postal.
From the article:
I have a 100 that I used extensively. For a pure writing machine, I can't think of anything better. Seriously. I can take it anywhere and pour text into it fast and easy. Getting the text out isn't quite as easy but it was never too awfully bad.
I'd pay $500 for a clone (well, a physical interface clone) of the 100 or 102 that boots to a command line in linux and lets me run vi. Add some sort of wireless connectivity and a few gigs of flash to hold data and I'd be in heaven. Lots of writers who can do everything on their smart phones except type would also be in heaven. The physical interface of a typing device simply can't be overemphasized. The feel of a keyboard, the convenience of the device, the "rightness" of the way it feels, the ability of the machine to step aside and never impede the creative process are all things that the M100 got so completely, sublimely right.
A successful writing instrument can't be shrunk to EEE size. (I have one and it's wonderful but it's not a writers tool.) It can't be made out of a PDA connected to some flimsy little fold-up keyboard. (Those things are a bad joke.) It can't irritate the writer with little chiclet keys that float a half-millimeter above some ill-defined point of contact. It can't be designed with style in mind. It simply has to work, to meld with muscle and skin and bone to become a transparent portal for the codification of creative thought.
The 100/102 nailed it. Nothing since then has come close.
Mine sits 10 feet from where I lay my head at night. I may just fire it up this evening for nostalgias sake.
As a part of a criminal investigation or prosecution, for what purpose are photographs categorized on the Copine scale? Is it just to guide in deciding the severity of punishment?
The Wikipedia stub on the subject is more confusing than helpful. It emphasizes that the scale was intended to distinguish between erotica and porn, yet the description given of Level 1 lumps the two (by common definition) together. And, if my readings in re Dost and others are correct, all the images described in Level 1 are prosecutable as porn in the U.S., anyway.
So I'm just trying to figure out how the thing is used. Can you recommend any good online resources where I could look this stuff up? TIA.
I hate to stick up for the Enquirer, but somebody needs to.
During the OJ Simpson mess, a number of odd factors came together. First, the "legitimate" press was perfectly willing to dive into the voyeurism of the time but didn't really have all the show-business contacts they needed to get in deep to the story. Second and not surprisingly, the Enquirer had dealt with many of the principles and their friends for years. The relationship between the Enquirer and that community wasn't always civil, but it was a known quantity. Finally, the Enquirer had become a little embarrassed by their excesses over the years and saw the whole OJ affair as an opportunity to do some more serious work.
So what happened? The Enquirer restrained their "batshit crazy" tendencies while lots of folks close to the case fed them information. The Enquirer broke a bunch of news and became a good, reliable source of news on the investigation and trial. The paper showed it was capable of real journalism. Yeah, they spiced it up where they could but, by and large, their efforts were reasonably good and they scooped the rest of the press regularly.
Since then, things have moderated. The Enquirer is a tabloid, sure, but it's probably the best of them. Half of it is crap, of course, but it's actually a decent quality news source on the entertainment industry. They've left their stupid days behind them.
If you want to read the life story of the bat-boy or about how you can use an ancient Indian talisman to ward off the coming Great Depression II, IOW if you want *real* "batshit crazy," we still have the Weekly World News and the Sun
At my job, any URL with the string "porn" in it is automatically filtered. Given my love of tech, you have no idea how many times I've hit our blockpage when trying to access a story about unpacking a new piece of tech, generically referred to as "unboxing porn."
Excellent point.
I had occasion recently to spend some time waiting around at a small, rural courthouse annex while a relative did some business. Wandering around, bored, I found that they posted a simple printout of court activities to the door of each court. Most listings were a variety of all sorts of basic, run-of-the-mill offenses such as burglary and public intoxication. There were drug possession cases and even one rape. What I didn't expect but found anyway was that at least 1 out of 5 cases was child porn possession.
Maybe this was just a weird coincidence but it clearly demonstrates to me that lots of child porn is prosecuted at the local level, not by the feds. I get the feeling there are lots more cases out there than most people realize.
That drive uses ATA security. ATA has been broken for at least 3 years. While it provides good protection against determined thieves, it's not proof against anyone who can write a check to a major data recovery firm. Successful file recovery from locked drives has been demonstrated for at least 3 years.
But I appreciate the effort.
Los Angeles tried to ruin Max Hardcore because he released an explicit film with an obviously over-18 actress who said she was 14 in the video. Ultimately, the city lost in court. But the fact remains that some CP is completely, obviously fake and you can *still* be prosecuted, have your life ruined for making or possessing it.
Since the GP mentioned the Tin Drum. Years ago, police in Oklahoma City decided the Tin Drum was CP, too. They went to video stores, found out who had the thing, and went knocking on doors. What's funny is that one of the people who had rented it that night was the OK ACLU President. Ultimately, the cops got their asses handed to them.
Too lazy to google for references at the moment...
Organizationally, that's exactly what we did. We use SecureDoc from WinMagic almost universally.
Seagate has been most active in this space and the most disappointing. Seagate announced their encrypted drives a couple of years ago. Complete vaporware and required a custom BIOS, to boot. Seagate re-announced their encrypted drives about 7-8 months ago. A few of the Momentus FDE drives showed up in retail channels only to go out-of-stock/back-ordered in a matter of weeks. A month or so ago, Seagate showed their encrypted portable drives. Anybody seen one for sale? Seagate announced their encrypted SAS-connected and FC-connected server drives a couple of days ago. Availbility? Only to OEMs. I don't think even OEMs have access to the 1TB desktop disks that Seagate announced months ago and that's the model that home users and hobbyists would scarf up by the truckload if it were only available.
n-Crypt has never answered my emails.
Digisafe has a nice web site but I can't find any place to actually buy the drives.
Lots of other manufacturers, including some of the big ones, have made announcements but nothing has shown up in the retail channels. Even if you're willing to buy a new laptop to get the encrypted drives that are apparently going preferentially to OEMs, actually finding encrypted machines for sale on the web sites of the major players will have you clicking fruitlessly until your fingers cramp. Even the much simpler "bump in the wire" encryptors (e.g. from Digisafe) that are supposed to work with any IDE drive are simply non-existent in the marketplace. The whole range of products from Enova is tantalizing until you realize that you can't actually lay hands on any of it.
For years, I've used Flagstone. They're expensive and insufficiently large. But at least I can pick up the phone and order one of them and, lo and behold, actually receive it in the mail. Given the way the dollar is tanking and the size of the available drives, I'd love to have another choice. Realistically, I don't.
Call me back when I can drop an encrypted drive into my shopping cart at NewEgg. Until then, this is so much supremely frustrating vapor.
My first thought upon reading about county cops using UAVs from a few hundred feet was "What a nice target for an American 180." Then I realized that we long ago started allowing "reasonable" infringements on our second-amendment rights, thus making us unable to straightforwardly respond to such police tactics.
What, then, is the alternative? You mentioned EMP. Is that possible? I assume domestic-use UAVs will be cheaper and less hardened, but is it actually reasonable to set up some sort of EMP or other protection?
It saddens me to say that this is now a legitimate question: How do you shoot down a UAV while retaining some sort of plausible deniability?
I'm in Houston, so I checked HAR.com and looked up single-family detached homes for under $20K. I find 30 houses with their lots listed for sale at $18,000 or less. Remove the 6 error listings that show as priced for $1 and that leave 24 houses ranging from $7499 to $18000. Some are in depressed areas. Some are 50+ miles out of town or out in the middle of nowhere. Still, the fact is that it's possible.
Office Space was trying to deal with too much money. Greed'll kill ya.
Personally, I'd want my ill-gotten gains to be sufficiently small that no one would notice. I have a life and a job. If I had some criminal enterprise on the side, I'd want it to be just big enough to keep me with a couple of grand in my pockets all the time. Then I could buy pretty much anything I wanted any old time without being noticed. A new target pistol? A night on the town? Expensive car repairs? A new flat-panel? A new media server for the house? Food and clothing? Just pull out a wad of $100s. The basic stress of making a living and paying for all the basic necessities disappears.
For big purchases, like a house or car, there's the completely traditional route, paid from my legit income. And I'm going to have no problem making my payments because all the expenses that might eat up my cash are taken care of from that ever-present walking-around money.
So the Office Space guys made too much money and earned too many problems along with it. If they had put in some kind of limiter to keep their ill-gotten gains below a reasonable amount, they could have lived easy and stayed under the radar. Yeah, greed by itself is bad but the combination of greedy AND stupid is just tragic.
Now, can anybody suggest a low-end criminal enterprise that would produce moderate additional income for minimal risk and effort? No? Darned if the real world doesn't put a major damper on most silly daydreams. Doncha just hate that?
I gotta get back to work.
Thanks for the info. I understand. That's what I figured.
I would settle for a map of the places where it's *already* deployed.
Can anybody confirm the existence of FIOS in Houston at any location within 6 blocks of any light rail stop? If you can, I'll know where to start looking for a new house.
How did you discover the FIOS rollout schedule for your location? I'm contemplating moving my household and I would definitely use the current/future availability of FIOS to help me choose my destination. However, I can't figure out where to look to find a map that says "This is where you can get it, this is where you can get it in 6 months, and this is where you're out of luck."
So how did you figure this out?
I had occasion to leave the cube a while back and spend a few days working around a conference table with a bunch of other folks in a very busy environment, the control room of a very large conference with thousands of people from all around the country.
My tablemates were utterly confounded that I had no IMs, one of my cell phones was often off with an outgoing message of "I don't pick up these messages, so don't bother", that I never sent any text messages, that I used an old-school one-way pager, and that I actually checked incoming email "only" every couple of hours or so. They thought I was a complete neanderthal. Yet I was the IT guy for the conference. In fact, I had been specifically requested by the head of the planning team; he had worked with me before and valued not just my willingness to work long and hard but my ability to communicate face-to-face with the hordes of hyper managers and executives who inevitably showed up with work-stopping computer problem and have to be "handled" properly while they get their problems fixed.
I got the assignment mostly because I was seen as a good communicator. Yet the entire rest of his staff (who I met for the first time at this event) thought I was nuts to be so out of touch.
I've never thought that avoiding distractions and interruptions made for poor communication. Indeed, my attitude is quite the opposite. It also seems to be increasingly rare these days.
Odd. To me, this is really, really odd.
And yes, I am strongly introverted.
Yes, you can get a speeding ticket issued by a federal agency if you speed on U.S. government property. I actually managed to get one in Houston from a Federal Protective Service cop.
I almost burst out laughing. It was a bicycle cop. I had passed him quite a distance back and didn't even see him. I had already parked and was unloading my car when he rode up to me, huffing and puffing. Apparently he didn't write many tickets and didn't feel comfortable deviating from the training script, because he launched into a pre-rehearsed speech explaining to me why *he* stopped *me*!
The whole thing pissed me off. The cop had no radar, no pavement marks to time me, no nothing. He just said that it looked to him like I was driving over the limit. Well, in a 5 MPH zone ( yes, *5* MPH ) it's a pretty good bet that most people are doing a little over the limit. I was irritated that I had been singled out and I was ready to fight. I talked to a lawyer who regularly dealt with odd issues before the federal courts and he was gung-ho. I knew all the federal judges in town, having appeared before them on one thing or another over the years. I knew good and well that all I had to do was show up and fight the ticket and there was about a 50-50 chance, depending on the judge I got, that he would explode in anger at the U.S. Attorney for daring to waste his time on a case with a $35 max fine.
Then I noticed someting weird. The address on the docket notice for the courthouse was most definitely not what I expected. I had been written the ticket in Houston, Texas. The case had been docketed to a federal court in Miami, Florida.
I suppose that's one way to make sure no one ever shows up in court. I mailed in the fine.
Aren't you both right? There are some illegal things that have privacy protection in some circumstances and some that don't.
In the case of your wife who's a doctor, she may be obligated under HIPAA to keep drug use private. But if some 8-year-old comes in with a condition clearly caused by repeated sexual activity, I'll bet she has a higher priority legal obligation to notify the authorities. You can get no-questions-asked treatment for drug addiction but if you go to a therapist and ask for help overcoming your addiction to child porn, you're likely to find the cops banging on your door.
Likewise, confessional privilege varies. It doesn't exist in the U.K. In the U.S., it's modified depending on the state you're in, whether your priest is a licensed counselor of some sort (and thus subject to the laws applying to that profession) and the context under which your confession is made.
In the instant case, we're dealing with things at a lower level. This isn't a planned murder or ongoing child molestation. This is a civil claim, represented as being *really* big and important by the people who are bringing it, versus a set of legal protections for student records, something generally acknowledged to be a good thing. But neither concern is so clearly inferior to the other that a judgement is easy. It sounds to me like a real crap shoot whether a judge would come down on one side or the other.
Of course, I could render a more insightful opinion if I actually read the article. But then I wouldn't be a true slashdotter, would I?
This had me flashing back to elementary school arithmetic. It happened to me a hundred times. The textbook showed an equation and made a statement about it. The textbook showed another equation and made a statement about it. Then the textbook showed a third equation and asked "What can we say about this equation?"
My answers always started the same way. "It's printed in ink on paper." I don't really think that the textbook author expected people to do anything other than to extend whatever line of reasoning had been presented in the previous examples (and I always got around to that) but the open-ended question "What can we say about this equation?" always struck me as license to comment on the clarity of the typesetting or anything else.
My teachers thought I was weird.
Later in life, I became involved in competitive pistol shooting. I loved the rule books. They were just collections of hidden loopholes begging to be found. And then came the problems. In some sports it was called the "engagement" rule. In others, it was the "spirit of the rules" rule. They were all the same sort of thing - a way to say you couldn't do anything unexpected. If you looked at a practical defensive scenario and found some completely whacky way to beat it by, say, running between cover in an odd sequence, you'd be found guilty by the officials of "failure to engage" the scenario. No points for you. A guy I knew had trouble seeing sights too close to his face but the rules forbid changing the sight radius (distance between the sights) making it impossible for him to move the rear sight further from his face. He responded by cantilevering both sights forward so that the sight radius stayed unchanged but both sights were now completely forward of the muzzle. It was perfectly legal under the rules as written but his pistol was declared illegal because it violated the "spirit of the rules."
What amazes me is the hostility this mindset engenders. I'm not shy about saying that I love to parse out the rules and find advantages. I'm not shy about saying that a "spirit of the rules" rule is really just saying "You're not allowed to be smarter than the people writing the rules and running the match." The reaction I get is flaming on message boards and accusations of poor sportsmanship. There are actually people out there who want to punish innovation; at least, that's the way I look at it.
"Thinking different" makes people feel threatened and act nervous and hostile. I don't understand that. Am I weird, or are they?