It doesn't help that most of the supposed IT people that I interview are woefully inept when it comes to anything above desktop support work. Even the staple (Windows) exam questions like "What are the 5 FSMO roles" or "How would you recover a failed domain controller" or even "What are the stages of name resolution" usually result in blank stares. Once you start getting into more complex questions such as the pros and cons of running different systems in virtual environments they mostly just give up entirely.
A lot of these people are contractors that are sent by reputable agencies as "the best they have to offer" and are asking £300-£350/day or more. Frankly I'm amazed that the unemployment rate for them isn't much higher, I can only assume that most of the time they either don't have to interview or get interviewed by someone just a little worse than they are.
Not really. It's a pretty decent news site with a horrible tabloid editorial slant.
When they're publishing press releases or writing humour, they're fine, but their opinion pieces & editorials are more often than not sensationalist nonsense.
Whack an "Anti-Terrorism Rock" sticker on it, put some at every airport in prominent places and I'll bet you you could turn it into a multi-billion dollar boondoggle easily.
*IF* this vulnerability allowed you to authenticate to AD Domain Controllers with administrative rights then you would be able to dump the SAM database and potentially gain access to all of the user credentials, but then if you could authenticate to a DC as an admin why would you bother when you can just setup your own credentials or modify account permissions directly?
But it doesn't, so you're getting usernames, machine names, a bit of contact info, a lastlogontimestamp and a few other bits and pieces that in most cases anyone with regular user credentials on the domain would be able to access anyway (Most people don't seem to realise that a lot of fields on AD accounts are readable by any authenticated user).
Except you're not even getting that because as far as I can tell this only affects logging on locally to an OSX Lion client.
It's actually a client problem. Lion may allow you to logon using any username/password combo, or refuse to allow you to logon regardless of your username/password combo if you're using an LDAP backend. AFAIK this won't allow you to access similarly secured network resources using the bogus credentials.
I believe the phrase is "Two wrongs don't make a right". Just because you're employed by a bunch of criminal arseholes doesn't make it acceptable for you to act like a bunch of criminal arseholes in return.
So they accidentally resized the image of the 10.1 so that it looked identical to the iPad for a side-by-side comparison, it's a mistake anyone could have made on a key page of court-submitted legal documents...
Have you worked in a large corporate environment where IT *doesn't* lock down the PCs and control what users can do with them? It's total carnage.
Bonsai Buddies as far as the eye can see, torrent clients on every desktop, 6 browsers, 12 IM clients - none of them patched up to date - 4 different trojans all battling to make the machine part of their botnet and everything that goes wrong is *still* IT's fault to deal with.
The browsers were made to behave that way precisely to prevent the problem of people self-signing certificates for paypal.com or mylocalbank.com and browsers *not* making it obvious to the user that the cert probably wasn't valid.
Of course, you might argue that SSL certs shouldn't be relied on for identification, but that's what users have been told to do; look for the little padlock, make sure it says "paypal.com" etc.
Point is, reverting the behaviour would alleviate one problem while exacerbating another - mostly likely more substantial - one.
Making the argument that "Well it's your stupid fault for allowing our moronic, baseless case to be brought into your court room in the first place" does seem something of a last-gasp strategy.
A good corp login process should do the bare minimum; ours maps the required drives and does a check to see if it's time for the user's 6-monthly contact details update (and if so fires up a form for them to complete). There are Group Policies in place as well, but they only update anything that's changed since the last application and are pretty low impact user-wise.
AV updates on its own schedule & scans out of hours, audits run at a random period within the first hour after logon and software updates are either run overnight using WOL or prompt the user to install with an option to delay 15 minutes if they're in the middle of something.
Without actually knowing anything about the event in question...
Just because he didn't fire it doesn't mean he didn't pull it on the police; generally if you're up against firearms officers in the UK it's because they've got serious reason to believe you're armed and dangerous in the first place, so if you point a gun at them there's a good chance they'll shoot you.
Indeed, blocking known troublemakers from posting Twitter updates about their latest theft isn't exactly the civil rights disaster that TFA appears to be trying to paint.
That's not realism you're after, it's a consistent, believable world. Games like Dragon Age or Mass Effect or Fallout aren't realistic - far from it in a lot of cases - but they have well designed, consistent worlds with well written characters that you can identify with and form attachments to.
The fact that you're battling an ancient race of sentient machines or throwing fireballs at orgres doesn't really factor into it that much because, as TFA says, in the worlds in which the games exist, those things are perfectly acceptable.
He isn't, at least outside of V and amongst people who actually know what history is.
The 5th of November in the UK isn't a celebration of Guy Fawkes as so many people seem to believe, it's a day that remembers the foiling of his plot to blow up the Houses of Parliament.
Remember, remember, the 5th of November Gunpowder, treason and plot I see no reason why gunpowder, treason Should ever be forgot...
Anything else is going to be fulfilling needs that are not needed (unnatural), like the government providing an education to people who are starving to death.
Slashdot Mirror
It doesn't help that most of the supposed IT people that I interview are woefully inept when it comes to anything above desktop support work. Even the staple (Windows) exam questions like "What are the 5 FSMO roles" or "How would you recover a failed domain controller" or even "What are the stages of name resolution" usually result in blank stares. Once you start getting into more complex questions such as the pros and cons of running different systems in virtual environments they mostly just give up entirely.
A lot of these people are contractors that are sent by reputable agencies as "the best they have to offer" and are asking £300-£350/day or more. Frankly I'm amazed that the unemployment rate for them isn't much higher, I can only assume that most of the time they either don't have to interview or get interviewed by someone just a little worse than they are.
Not really. It's a pretty decent news site with a horrible tabloid editorial slant.
When they're publishing press releases or writing humour, they're fine, but their opinion pieces & editorials are more often than not sensationalist nonsense.
Whack an "Anti-Terrorism Rock" sticker on it, put some at every airport in prominent places and I'll bet you you could turn it into a multi-billion dollar boondoggle easily.
Mozilla, Google & Microsoft (at least, so far) have all now removed Diginotar from their list of trusted authorities in their respective browsers.
*IF* this vulnerability allowed you to authenticate to AD Domain Controllers with administrative rights then you would be able to dump the SAM database and potentially gain access to all of the user credentials, but then if you could authenticate to a DC as an admin why would you bother when you can just setup your own credentials or modify account permissions directly?
But it doesn't, so you're getting usernames, machine names, a bit of contact info, a lastlogontimestamp and a few other bits and pieces that in most cases anyone with regular user credentials on the domain would be able to access anyway (Most people don't seem to realise that a lot of fields on AD accounts are readable by any authenticated user).
Except you're not even getting that because as far as I can tell this only affects logging on locally to an OSX Lion client.
Storm, meet Teacup.
It's actually a client problem. Lion may allow you to logon using any username/password combo, or refuse to allow you to logon regardless of your username/password combo if you're using an LDAP backend. AFAIK this won't allow you to access similarly secured network resources using the bogus credentials.
You can even say "fuck" like a child if you wish.
They aren't. It's not a software patent.
I believe the phrase is "Two wrongs don't make a right". Just because you're employed by a bunch of criminal arseholes doesn't make it acceptable for you to act like a bunch of criminal arseholes in return.
Story? Character development? Not being teabagged by a 12 year old while they hurl racial slurs at me?
There are many reasons.
So they accidentally resized the image of the 10.1 so that it looked identical to the iPad for a side-by-side comparison, it's a mistake anyone could have made on a key page of court-submitted legal documents...
Have you worked in a large corporate environment where IT *doesn't* lock down the PCs and control what users can do with them? It's total carnage.
Bonsai Buddies as far as the eye can see, torrent clients on every desktop, 6 browsers, 12 IM clients - none of them patched up to date - 4 different trojans all battling to make the machine part of their botnet and everything that goes wrong is *still* IT's fault to deal with.
City of Heroes. You can run almost any content with almost any combination of classes, as long as the players are good.
The browsers were made to behave that way precisely to prevent the problem of people self-signing certificates for paypal.com or mylocalbank.com and browsers *not* making it obvious to the user that the cert probably wasn't valid.
Of course, you might argue that SSL certs shouldn't be relied on for identification, but that's what users have been told to do; look for the little padlock, make sure it says "paypal.com" etc.
Point is, reverting the behaviour would alleviate one problem while exacerbating another - mostly likely more substantial - one.
Making the argument that "Well it's your stupid fault for allowing our moronic, baseless case to be brought into your court room in the first place" does seem something of a last-gasp strategy.
A good corp login process should do the bare minimum; ours maps the required drives and does a check to see if it's time for the user's 6-monthly contact details update (and if so fires up a form for them to complete). There are Group Policies in place as well, but they only update anything that's changed since the last application and are pretty low impact user-wise.
AV updates on its own schedule & scans out of hours, audits run at a random period within the first hour after logon and software updates are either run overnight using WOL or prompt the user to install with an option to delay 15 minutes if they're in the middle of something.
It's hardly surprising, most people don't know that the web isn't just Facebook and that "Goggle" page you type Facebook into to login.
...ordinary citizens who do not use caps
I'm not sure that the use of hats is quite as specialised a field as you make out.
Without actually knowing anything about the event in question...
Just because he didn't fire it doesn't mean he didn't pull it on the police; generally if you're up against firearms officers in the UK it's because they've got serious reason to believe you're armed and dangerous in the first place, so if you point a gun at them there's a good chance they'll shoot you.
Indeed, blocking known troublemakers from posting Twitter updates about their latest theft isn't exactly the civil rights disaster that TFA appears to be trying to paint.
That's not realism you're after, it's a consistent, believable world. Games like Dragon Age or Mass Effect or Fallout aren't realistic - far from it in a lot of cases - but they have well designed, consistent worlds with well written characters that you can identify with and form attachments to.
The fact that you're battling an ancient race of sentient machines or throwing fireballs at orgres doesn't really factor into it that much because, as TFA says, in the worlds in which the games exist, those things are perfectly acceptable.
A lot more than you'd expect; estimates put it at almost 40% of teenagers in the UK who have a Blackberry, mostly for the BBM functionality.
He isn't, at least outside of V and amongst people who actually know what history is.
The 5th of November in the UK isn't a celebration of Guy Fawkes as so many people seem to believe, it's a day that remembers the foiling of his plot to blow up the Houses of Parliament.
Remember, remember, the 5th of November
Gunpowder, treason and plot
I see no reason why gunpowder, treason
Should ever be forgot...
Yes. At least according to Bethesda.
Anything else is going to be fulfilling needs that are not needed (unnatural), like the government providing an education to people who are starving to death.
Yeah, fuck those guys!