Yep. I guess when I look outside following the secondary explosion sound and see the contrails coming from Gaza terminating with a nice cloud where it exploded it is actually a hologram supplemented with hi-fi sound special effects produced by our physicist friends from MIT.
It's really safer now than in 2012 (less Iron Dome protection) or 2006 which was even worse, despite the Gaza arsenal having increased.
My heart goes out to the innocent victims on both sides.
OMG, another siren going off right now...
answer "that's a business decision that's up to you, but FROM A SECURITY PERSPECTIVE..."
I don't know what the OP's particular situation is wrt business perspective --- could it be that the bosses actually are looking at a tradeoff "ship now with internally known security problems, or try to fix them and not ship at all, and fail as a business"? If this is the case, one should probably think how to gradually integrate better security in long-term. Certainly, if there is a criminal negligence going on, then the "ship with known problems" is not an option!
It is very easy to over-hype security, but remember that, in the end, it's all down to business bottom line. If you have a supermarket chain with some casual shoplifting happening, sometimes you want to invest $$$ not into more security guards and anti-theft tech that frustrates the customers, but into everything else --- maybe opening a couple of more locations --- and in the end turning more profit from the same investment.
*snort* "Today I found out...", indeed! Pretty old story. Ross Anderson's "Security Engineering" book has this "news" for smth like 5 years already!..http://www.cl.cam.ac.uk/~rja14/book/booksec2.html
How is this "you can get a cleartext password in a couple of clicks" is different from, say, kdewallet? With physical access to unlocked wallet you can also ask it to display the cleartext password. This actually helped me once when I forgot my sf password having relied on kdewallet for a while and then I had to retype it on another box.
Unfortunately, not using gmail doesn't mean gmail won't spy on you -- thanks to your helpful correspondents who use gmail themselves, or send a CC to a gmail address. Same with the social networks -- even if you vehemently ignore all the invites, all those helpful enthusiasts that use the networks' spam-invite feature also betray your social graph to whoever mines it.
Yep. And, regarding your "even if they do not decrypt it", I can't help quoting one of my favourite books on security:
"The main problem facing the worldâ(TM)s signals intelligence agencies is traffic selection â" how to filter out interesting nuggets from the mass of international phone, fax, email and other traffic. A terrorist who helpfully encrypts his important traffic does this part of the policeâ(TM)s job for them. If the encryption algorithm used is breakable, or if the end systems can be hacked, then the net result is worse than if the traffic had been sent in clear."
(See http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c09.pdf p31)
And if it didn't exercise maximum diligence in minimizing the taxes, the shareholders would get back at the financial officers responsible and find them liable in breach of the shareholders' trust. Regardless of whether the current system is broken or not, sounds like the big corporations are doing the one and only thing available to them.
Those folks slamming personalised web services for the potentially intrusive BI, are you comfortable with the slashdot cookies?:-)
I've been using/. in AC mode mostly, for the last several years, because of the privacy concerns. "Anonymous coward" and proud of it...
Yep. Obviously, a bug in whatever TeX->HTML chain they used. Unfortunately, there is a long-standing problem with TeX that there is no 100% compatibile PS/PDF/HTML back-end suite on any distro that works flawlessly with a real-life mix of complex figures, bibliographies, LTR/RTL layouts, with hyperref and other complex packages thrown in... so one needs either to tweak what's enabled for each backend, or dumb down the document that works on one but not the other.
If you can afford it, go for Iliad. Unlike Sony, it has very cool ergonomics, and feels much more like a book, especially because of its larger screen.
RMS has proven himself a visionary once more where some thought he was going too far. The whole GPLv3 thing might seem a bit paranoid in the beginning, not just for Linus, with all this talk about forking off a lot of commercially-backed development --- people took SCO's failure as a governing example and thought that other big players would abide by the status quo, with the patent stockpiling by both sides to be an assurance of mutual peace... Following this new development, however, GPLv3 WILL mature and get adopted much quicker and on a larger scale. You're right on the money saying that now the forks will not likely happen.
I bet they don't go after apple with this smear campaign.
Didn't MS invest smth into like 1/3rd of Apple's stock back around 10 years ago when Apple was rumoured to go under? I don't believe they'll now fight their own golden goose...
Definitely flightgear, with a nice set of yokes/pedals/radio stacks/... (With world terrain and source code, as well as all the development docs). Hopefully, this would also bring some new features into it when they finally rescue me:-)
If a company open sources even out of date code it deems useless and announces as such, this is better than code bases going into oblivion when companies change/go out of business.
Tired of paying for the spammer traffic expenses, which are shifted shamelessly by the providers to the users' shoulders, I wish enough laws were passed to persuade the providers into jointly tracking/isolating spam traffic rather than propagating it...
For the same reasons (not a single cent towards the CSS chips/zoning bullshit etc) I don't even own any DVD hardware either, not just this even-worse-DRM-crippled versions, which I sincerely wish battling each other as hard as possible with a speedy death to both sides participating in the battle. Using CDs for critical backups, and over-the-network remote backups here.
Slashdot Mirror
Yep. I guess when I look outside following the secondary explosion sound and see the contrails coming from Gaza terminating with a nice cloud where it exploded it is actually a hologram supplemented with hi-fi sound special effects produced by our physicist friends from MIT. It's really safer now than in 2012 (less Iron Dome protection) or 2006 which was even worse, despite the Gaza arsenal having increased. My heart goes out to the innocent victims on both sides. OMG, another siren going off right now...
I don't know what the OP's particular situation is wrt business perspective --- could it be that the bosses actually are looking at a tradeoff "ship now with internally known security problems, or try to fix them and not ship at all, and fail as a business"? If this is the case, one should probably think how to gradually integrate better security in long-term. Certainly, if there is a criminal negligence going on, then the "ship with known problems" is not an option! It is very easy to over-hype security, but remember that, in the end, it's all down to business bottom line. If you have a supermarket chain with some casual shoplifting happening, sometimes you want to invest $$$ not into more security guards and anti-theft tech that frustrates the customers, but into everything else --- maybe opening a couple of more locations --- and in the end turning more profit from the same investment.
*snort* "Today I found out...", indeed! Pretty old story. Ross Anderson's "Security Engineering" book has this "news" for smth like 5 years already!..http://www.cl.cam.ac.uk/~rja14/book/booksec2.html
Should have been from the security-theater-tickets-proven-expensive dept.
*snort* Reminds me of a 1960s J.Gordon sci-fi novel "Honesty is the best policy".
Surely one of those patch Tuesdays will nuke it out of existance? Or the Windows Malicious Software Removal tool? :-)
How is this "you can get a cleartext password in a couple of clicks" is different from, say, kdewallet? With physical access to unlocked wallet you can also ask it to display the cleartext password. This actually helped me once when I forgot my sf password having relied on kdewallet for a while and then I had to retype it on another box.
Unfortunately, not using gmail doesn't mean gmail won't spy on you -- thanks to your helpful correspondents who use gmail themselves, or send a CC to a gmail address. Same with the social networks -- even if you vehemently ignore all the invites, all those helpful enthusiasts that use the networks' spam-invite feature also betray your social graph to whoever mines it.
Yep. And, regarding your "even if they do not decrypt it", I can't help quoting one of my favourite books on security: "The main problem facing the worldâ(TM)s signals intelligence agencies is traffic selection â" how to filter out interesting nuggets from the mass of international phone, fax, email and other traffic. A terrorist who helpfully encrypts his important traffic does this part of the policeâ(TM)s job for them. If the encryption algorithm used is breakable, or if the end systems can be hacked, then the net result is worse than if the traffic had been sent in clear." (See http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c09.pdf p31)
Thanks a lot for this article, one of the best I've seen on /. recently.
And if it didn't exercise maximum diligence in minimizing the taxes, the shareholders would get back at the financial officers responsible and find them liable in breach of the shareholders' trust. Regardless of whether the current system is broken or not, sounds like the big corporations are doing the one and only thing available to them.
Even worse, you also pay with personal information of those you communicate with, and they have no say in it.
Those folks slamming personalised web services for the potentially intrusive BI, are you comfortable with the slashdot cookies? :-)
I've been using /. in AC mode mostly, for the last several years, because of the privacy concerns. "Anonymous coward" and proud of it...
Yep. Obviously, a bug in whatever TeX->HTML chain they used. Unfortunately, there is a long-standing problem with TeX that there is no 100% compatibile PS/PDF/HTML back-end suite on any distro that works flawlessly with a real-life mix of complex figures, bibliographies, LTR/RTL layouts, with hyperref and other complex packages thrown in... so one needs either to tweak what's enabled for each backend, or dumb down the document that works on one but not the other.
If you can afford it, go for Iliad. Unlike Sony, it has very cool ergonomics, and feels much more like a book, especially because of its larger screen.
thanks for that one
Thanks for the info, I hadn't followed it myself closely enough...
RMS has proven himself a visionary once more where some thought he was going too far. The whole GPLv3 thing might seem a bit paranoid in the beginning, not just for Linus, with all this talk about forking off a lot of commercially-backed development --- people took SCO's failure as a governing example and thought that other big players would abide by the status quo, with the patent stockpiling by both sides to be an assurance of mutual peace... Following this new development, however, GPLv3 WILL mature and get adopted much quicker and on a larger scale. You're right on the money saying that now the forks will not likely happen.
Definitely flightgear, with a nice set of yokes/pedals/radio stacks/... (With world terrain and source code, as well as all the development docs). Hopefully, this would also bring some new features into it when they finally rescue me :-)
Gentoo's Power Management Guide is a bit gentoo-centric, but most things carry to another distribution easily.
If a company open sources even out of date code it deems useless and announces as such, this is better than code bases going into oblivion when companies change/go out of business.
Tired of paying for the spammer traffic expenses, which are shifted shamelessly by the providers to the users' shoulders, I wish enough laws were passed to persuade the providers into jointly tracking/isolating spam traffic rather than propagating it...
For the same reasons (not a single cent towards the CSS chips/zoning bullshit etc) I don't even own any DVD hardware either, not just this even-worse-DRM-crippled versions, which I sincerely wish battling each other as hard as possible with a speedy death to both sides participating in the battle. Using CDs for critical backups, and over-the-network remote backups here.