I don't see why these kids need openoffice. When I was a kid, nroff and troff were good enough for us, and I think it should be good enough for these kids nowadays. They're all soft. No wonder our education system is in the tank!
Bah, luxury! When I was young we used ed. And we liked it!
The researchers think lesions in several parts of the brain can contribute to an inability to understand sarcasm. But, they wrote, this particular area is important because it draws on your innate recognition of the emotions of other people -- empathy -- and past experiences to comprehend a speaker's intentions.
Wouldn't this also be applicable to people with Asperger's Syndrome? If this research is correct then sarcasm must be especially difficult for Aspergerians (is that even a word?)
Note to self: When Bram Cohen asks how you are doing, do not reply "I so great you should kill me now so I can die happy."
This is similar to the Choicepoint breach where account information was sold to an illegitimate company posing as a real customer. The main difference here is that there were "inside guys" who knew the selling of the data was to a bogus firm. What I find most interesting is that the main clients that the perpetrator (Orazio Lembo) sold to were.. wait for it... law firms and collection agencies! Talk about a vicious hive of scum and villiany.
I say it will only get worse because the Sarbanes-Oxley Act is coming into effect which requires companies to put into place access controls to monitor/audit who has access to what information (among other things). The SOX, in conjunction with the Gramm-Leach-Bliley Act are forcing corporations to get their financial house in order in such a way that this type of malfeasance is getting much harder to hide. Expect to see more of the same for quite some time.
While I think it's nice that these laws are having their desired effect I still envy those wacky europeans and their data protection laws.
Blogs haven't caught on in China, so even when Chan can hire bloggers, it's hard to market them to consumers, attract advertisers and raise venture capital.
Possibly because it's hard to have a unique blog and stand out from the crowd when everyone else is named Wong and has the "Moe from the 3 Stooges haircut" too.
This fine isn't due to Sarbanes-Oxley. Sarbanes-Oxley (SOX) non-compliance fines don't even kick in for publicly traded companies with a cap >$42million until the end of June, with some companies getting an extension as of may 5th for another 6 months if they use a calendar year for financials. Publicy traded companies with a cap $42million have a longer timeline before SOX is in effect.
Additionally, SOX doesn't specify what the retention policy is or the length required (with some exceptions re: financials), only that a policy must be in place and adhered to. If you fail to meet the requirements you can be fined. There are other laws which financial institutions must follow like the Gramm-Leach-Blily Act (GLBA) or other COBIT-type crap. More than likely the Morgan-Stanley fine is related to what another poster said (in addition to a violation of some of those other laws?):
"Apparently, Morgan Stanley came forward, said they had produced all the emails. (time passes) They find some more emails and turn them over. (time passes) The find a closet stuffed with backup tapes and turn them over. (Time passes) Morgan Stanley files a document certifying that they turned everything over. (Time passes) Morgan finds even more emails and turns them over. This causes the judge to get annoyed."
They certified they submitted everything they had. And then found more. Oops.
What I posed to them was "What is the current status of the Mako project and which of the 3 focus areas has been the most difficult to implement and why? We've seen some movement in the firewall/anti-virus area but I've read or seen little regarding the dynamic-systems-protection or behavioral blocking."
Having previously been a contractor at Microsoft and being intimately familiar with the security setup of their online properties (Hotmail, passport, messenger, etc.) the dynamic systems protection area was one that would get the most play (and benefit) on the server side. Automagically monitoring system state and port management would be extremely useful if it was a part of the server OS.
It is so outrageous to make the VoIP companies direct the 911 call to a center that services the address you specify, then make it your responsibility to make certain your account information is up to date?
Outrageous? No. Impractical? Yes.
Putting aside the technical issues (such as if you are travelling and using a laptop and there is [currently] no GPS or similar technology in VoIP protocols or hardware) there is the social issue:
America's Favorite Pastime - Litigation. The general trend of abdicating personal responsibility. You can have warnings and disclaimers up the wazoo about updating the address if you're on the move so 911 works but some asshat is going to sue because the warning wasn't big enough. Or the wrong color. Or because it discriminated against illiterates. Who the hell knows what reason will be used... but you can guarantee someone will sue.
As a result, VoIP companies will have to factor in liability which means increased consumer cost. Which leads to one less reason to go with VoIP.
There are only 3 things certain in life: death, taxes, and asshats with lawyers.
This subject comes up a lot. It's been on/. in various forms in the past. In fact, I think I'll just cut n paste a previous comment of mine:)
----
I'm sure I'm not the only one who occassionally uses keyboard patterns for passwords. I'm not talking qwertyuiop or asdfg (obvious, no randomization/separation of key sequences) but things like !@()ZX>? or QW./>?wq
Hell, half the time I remember friend's phone numbers by the way you punch in the numbers. Sometimes when asked what a number is I'll even do the "phantom phone dial finger wiggle" so I can recite the damned thing.
Looking at the above example it appears to be a password which follows the "strong password" methodology but have there been any studies on the effectiveness of using such a method? I know there are dictionary-based attacks which have some of the obvious patterns (qwerty, poiuy etc) but is such a method random *enough* to be feasible?
It seems to me that it would be much easier to train users to use a muscle-memory-like password than picking some word out of their ass. The human brain has one seriously developed pattern recognition/matching capability... why not use it?
I know this because it's currently my own personal hell. The deadline for SOX compliance has been pushed back several times (most recently this past friday when the SEC gave another 6 month extension depending on a company's fiscal year end) but for most companies with a market cap >$42 million the deadline is June 30. Publicly traded companies with a market cap
Should have read: Publicly traded companies with a market cap less than $42 million have a deadline farther out.
I mean, it's probably more likely that some law got passed in the past few years that's forcing companies to highlight all these incidents of compromised data, but it seems pretty spooky that we just recently hear about all these stories...
Sarbanes-Oxley Act (SOX) of 2002. This act was a response to the corporate/financial malfeasance of Enron and Worldcomm. Every publicly traded company is required by law to have SOX controls in place, with corporate executives asses (and financial fines to the company) on the line if they are not in compliance.
I know this because it's currently my own personal hell. The deadline for SOX compliance has been pushed back several times (most recently this past friday when the SEC gave another 6 month extension depending on a company's fiscal year end) but for most companies with a market cap >$42 million the deadline is June 30. Publicly traded companies with a market cap
The Act is a Good Thing but it is definitely not an easy thing to implement due to the depth of controls needed and the nebulous definitions the SOX act provides as guidelines. Most companies in the process of becoming SOX-compliant are looking at major hits to their financial bottom line getting this up and running. Cisco, IBM.. ouch.
On a side note, if you have security and/or financial systems background the job market for SOX specialists is red hot.
The 8 or so MB that the servers are downloading is coming across much more quickly than I've seen it in the past. Could just be an abberation, but usually the feeding frenzy is pretty intense.
Probably because there is a brand new cluster of like 48 update servers that were deployed for SP2 late last year (in one datacenter alone) that have been recommissioned for general windows updates. Additionally, they upgraded the network infrastructure a tad as well (better border routers, streamlined some BGP etc.)
I would know since I racked, stacked, and imaged the damned things when I was still at MS. However, now that I'm at Sun I don't care about being all secretive.
(note to ms-attack lawyers: None of the contents of this post have enough specific detail for you to sue me for NDA breach. Nyah Nyah! Eat it!)
Forget about "cruel and unusual punishment". Punishment should be cruel, otherwise it isn't punishment. And flogging is only unusual in the context of modern times; it wasn't too long ago that gallows and whipping posts were commonplace in this country. Just beat the man senseless, bandage his wounds, and let him be on his way.
No. Punishment should be designed to instruct/teach the perpetrator or cause aversion (in perp and others from the example) to repeating the action that caused the punishment. There is no "get even" purpose in justice (idealogically at least). I'm not disagreeing that at one time flogging was (and probably still would be) an effective punishment and served as a deterrent but your statement that punishment should be "cruel" I strongly disagree with.
Lets put more NON-VIOLENT people who only commited a crime against property(If you tell me spam is a personal assault I'll come down there and smack you)
Talk about an effective way to teach people to differentiate the two...
Don't forget to compile the kernel modules for your SoundDriva too.
And do you pronounce Mandriva as "Man-drive-ah" or as "Man-dree-vah"? I'm thinking the first one would be best cause, Snap G! I gots my Soundriva up n running in dis mofo.
Ok, so his thesis seems to be that Windows is insecure because it's too hard? Is this guy on crack?
There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).
This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?
You are purposefully misunderstanding his point. He was not stating that Windows is "harder" than unix to secure, merely that the "average" unix user will generally have a deeper understanding of how the underlying OS works as opposed to an "average" Windows user. Think about it.
Unix has a larger barrier of entry in terms of learning the OS and understanding how it works until you get to a point where it is "usable". Windows on the other hand has a much lower barrier of entry and a deep understanding of the underlying actions of the OS are not required in order to utilize the system. As a result the complexity of securing unix systems is not as complex to the average unix user since they already have overcome that initial large barrier whereas Windows is more complex to the average windows user because they are faced with a magnitude of complexity they normally do not see.
I do agree with you that Windows can be locked down thoroughly and be just as secure as a unix machine.
I think he was just trying to make a point here and that you read too much into it.
I think that he was pointing out a hypothetical situation to explain his point of view. He probably didn't use Windows Server 2003 as an example because there are some significant changes between it and 2000 or XP.
Yes, maybe I should have made myself clearer on this matter and you are exactly correct. Of course, this being/. I should have used smaller words and spelled it out. For the record both versions were retail, upgrading has worked from 95->98->2k so I made what most people would consider a reasonable assumption, and as for my clue or lack thereof I'm a unix geek (JASS contributor, e10k certed blah blah blah) and view Windows as a necessary evil to know but do not profess to be an expert on it nor very interested either.
...many users don't buy new computers because of how hard it is to move all their data and applications.
I think the problem is deeper than he realizes. Even if you don't buy a new machine you can run into this issue: Upgrading.
I recently attempted to upgrade my 2k pro machine to XP pro. I wanted to get slightly better (newer) driver support and play with the newer OS. However, you cannot upgrade from 2k pro to XP pro but have to do a clean install. WTF!? It's the same base NT kernel with some slight tweaks and services and a new front-end. Why exactly am I required to do a clean install? I could understand possible issues if it was from 2k pro to XP advanced server but from pro->pro?
Don't get me wrong, I possess Clue having been a system admin and network architect for many years so my reticence to doing a clean install isn't from a lack of technical ability. But I'll be damned if I can figure out why I have to re-install all of my applications again. Having a easier way to updgrade products and OS versions would go a long way towards Microsoft accomplishing their goal of putting users on the upgrade treadmill. Spoonful of sugar makes the medicine go down...
I'm sure I'm not the only one who occassionally uses keyboard patterns for passwords. I'm not talking qwertyuiop or asdfg (obvious) but things like !@()ZX>? Hell, half the time I remember friend's phone numbers by the way you punch in the numbers. Sometimes when asked what a number is I'll even do the "phantom phone dial finger wiggle" so I can recite the damned thing.
Looking at the above example it appears to be a password which follows the "strong password" methodology but have there been any studies on the effectiveness of using such a method? I know there are dictionary-based attacks which have some of the obvious patterns (qwerty, poiuy etc) but is such a method random *enough* to be feasible?
It seems to me that it would be much easier to train users to use a muscle-memory-like password than picking some word out of their ass. The human brain has one seriously developed pattern recognition/matching capability... why not use it?
Slashdot Mirror
ed? You young punks! Back in my day we had to tap out our papers in binary with our bare hands on the end of the power cord. And we liked it!
Bah, luxury! When I was young we used ed. And we liked it!
The world's most dysfunctional family?
Wouldn't this also be applicable to people with Asperger's Syndrome? If this research is correct then sarcasm must be especially difficult for Aspergerians (is that even a word?)
Note to self: When Bram Cohen asks how you are doing, do not reply "I so great you should kill me now so I can die happy."
This is similar to the Choicepoint breach where account information was sold to an illegitimate company posing as a real customer. The main difference here is that there were "inside guys" who knew the selling of the data was to a bogus firm. What I find most interesting is that the main clients that the perpetrator (Orazio Lembo) sold to were.. wait for it... law firms and collection agencies! Talk about a vicious hive of scum and villiany.
I say it will only get worse because the Sarbanes-Oxley Act is coming into effect which requires companies to put into place access controls to monitor/audit who has access to what information (among other things). The SOX, in conjunction with the Gramm-Leach-Bliley Act are forcing corporations to get their financial house in order in such a way that this type of malfeasance is getting much harder to hide. Expect to see more of the same for quite some time.
While I think it's nice that these laws are having their desired effect I still envy those wacky europeans and their data protection laws.
Amoeba
SWEET! My very first Flamebait mod!
All those years of perfecting my humor have finally suceeded in pissing someone off.
Possibly because it's hard to have a unique blog and stand out from the crowd when everyone else is named Wong and has the "Moe from the 3 Stooges haircut" too.
*puts on kevlar suit and runs away*
This fine isn't due to Sarbanes-Oxley. Sarbanes-Oxley (SOX) non-compliance fines don't even kick in for publicly traded companies with a cap >$42million until the end of June, with some companies getting an extension as of may 5th for another 6 months if they use a calendar year for financials. Publicy traded companies with a cap $42million have a longer timeline before SOX is in effect.
Additionally, SOX doesn't specify what the retention policy is or the length required (with some exceptions re: financials), only that a policy must be in place and adhered to. If you fail to meet the requirements you can be fined. There are other laws which financial institutions must follow like the Gramm-Leach-Blily Act (GLBA) or other COBIT-type crap. More than likely the Morgan-Stanley fine is related to what another poster said (in addition to a violation of some of those other laws?):
"Apparently, Morgan Stanley came forward, said they had produced all the emails. (time passes) They find some more emails and turn them over. (time passes) The find a closet stuffed with backup tapes and turn them over. (Time passes) Morgan Stanley files a document certifying that they turned everything over. (Time passes) Morgan finds even more emails and turns them over. This causes the judge to get annoyed."
They certified they submitted everything they had. And then found more. Oops.
Quick background on Mako: http://www.microsoft-watch.com/article2/0,1995,176 4087,00.asp
Having previously been a contractor at Microsoft and being intimately familiar with the security setup of their online properties (Hotmail, passport, messenger, etc.) the dynamic systems protection area was one that would get the most play (and benefit) on the server side. Automagically monitoring system state and port management would be extremely useful if it was a part of the server OS.
Outrageous? No. Impractical? Yes.
Putting aside the technical issues (such as if you are travelling and using a laptop and there is [currently] no GPS or similar technology in VoIP protocols or hardware) there is the social issue:
America's Favorite Pastime - Litigation. The general trend of abdicating personal responsibility. You can have warnings and disclaimers up the wazoo about updating the address if you're on the move so 911 works but some asshat is going to sue because the warning wasn't big enough. Or the wrong color. Or because it discriminated against illiterates. Who the hell knows what reason will be used... but you can guarantee someone will sue.
As a result, VoIP companies will have to factor in liability which means increased consumer cost. Which leads to one less reason to go with VoIP.
There are only 3 things certain in life: death, taxes, and asshats with lawyers.
This subject comes up a lot. It's been on /. in various forms in the past. In fact, I think I'll just cut n paste a previous comment of mine :)
----
I'm sure I'm not the only one who occassionally uses keyboard patterns for passwords. I'm not talking qwertyuiop or asdfg (obvious, no randomization/separation of key sequences) but things like !@()ZX>? or QW./>?wq
Hell, half the time I remember friend's phone numbers by the way you punch in the numbers. Sometimes when asked what a number is I'll even do the "phantom phone dial finger wiggle" so I can recite the damned thing.
Looking at the above example it appears to be a password which follows the "strong password" methodology but have there been any studies on the effectiveness of using such a method? I know there are dictionary-based attacks which have some of the obvious patterns (qwerty, poiuy etc) but is such a method random *enough* to be feasible?
It seems to me that it would be much easier to train users to use a muscle-memory-like password than picking some word out of their ass. The human brain has one seriously developed pattern recognition/matching capability... why not use it?
Should have read: Publicly traded companies with a market cap less than $42 million have a deadline farther out.
preview is a good thing. *sigh*
Sarbanes-Oxley Act (SOX) of 2002. This act was a response to the corporate/financial malfeasance of Enron and Worldcomm. Every publicly traded company is required by law to have SOX controls in place, with corporate executives asses (and financial fines to the company) on the line if they are not in compliance.
I know this because it's currently my own personal hell. The deadline for SOX compliance has been pushed back several times (most recently this past friday when the SEC gave another 6 month extension depending on a company's fiscal year end) but for most companies with a market cap >$42 million the deadline is June 30. Publicly traded companies with a market cap The Act is a Good Thing but it is definitely not an easy thing to implement due to the depth of controls needed and the nebulous definitions the SOX act provides as guidelines. Most companies in the process of becoming SOX-compliant are looking at major hits to their financial bottom line getting this up and running. Cisco, IBM.. ouch.
On a side note, if you have security and/or financial systems background the job market for SOX specialists is red hot.
It's unintentional gems like this that make my day.
Probably because there is a brand new cluster of like 48 update servers that were deployed for SP2 late last year (in one datacenter alone) that have been recommissioned for general windows updates. Additionally, they upgraded the network infrastructure a tad as well (better border routers, streamlined some BGP etc.)
I would know since I racked, stacked, and imaged the damned things when I was still at MS. However, now that I'm at Sun I don't care about being all secretive.
(note to ms-attack lawyers: None of the contents of this post have enough specific detail for you to sue me for NDA breach. Nyah Nyah! Eat it!)
Empty-V: The Shiny Things Network
No. Punishment should be designed to instruct/teach the perpetrator or cause aversion (in perp and others from the example) to repeating the action that caused the punishment. There is no "get even" purpose in justice (idealogically at least). I'm not disagreeing that at one time flogging was (and probably still would be) an effective punishment and served as a deterrent but your statement that punishment should be "cruel" I strongly disagree with.
Talk about an effective way to teach people to differentiate the two...
And do you pronounce Mandriva as "Man-drive-ah" or as "Man-dree-vah"? I'm thinking the first one would be best cause, Snap G! I gots my Soundriva up n running in dis mofo.
Uh.. nevermind.
There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).
This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?
You are purposefully misunderstanding his point. He was not stating that Windows is "harder" than unix to secure, merely that the "average" unix user will generally have a deeper understanding of how the underlying OS works as opposed to an "average" Windows user. Think about it.
Unix has a larger barrier of entry in terms of learning the OS and understanding how it works until you get to a point where it is "usable". Windows on the other hand has a much lower barrier of entry and a deep understanding of the underlying actions of the OS are not required in order to utilize the system. As a result the complexity of securing unix systems is not as complex to the average unix user since they already have overcome that initial large barrier whereas Windows is more complex to the average windows user because they are faced with a magnitude of complexity they normally do not see.
I do agree with you that Windows can be locked down thoroughly and be just as secure as a unix machine.
Yes, maybe I should have made myself clearer on this matter and you are exactly correct. Of course, this being /. I should have used smaller words and spelled it out. For the record both versions were retail, upgrading has worked from 95->98->2k so I made what most people would consider a reasonable assumption, and as for my clue or lack thereof I'm a unix geek (JASS contributor, e10k certed blah blah blah) and view Windows as a necessary evil to know but do not profess to be an expert on it nor very interested either.
I think the problem is deeper than he realizes. Even if you don't buy a new machine you can run into this issue: Upgrading.
I recently attempted to upgrade my 2k pro machine to XP pro. I wanted to get slightly better (newer) driver support and play with the newer OS. However, you cannot upgrade from 2k pro to XP pro but have to do a clean install. WTF!? It's the same base NT kernel with some slight tweaks and services and a new front-end. Why exactly am I required to do a clean install? I could understand possible issues if it was from 2k pro to XP advanced server but from pro->pro?
Don't get me wrong, I possess Clue having been a system admin and network architect for many years so my reticence to doing a clean install isn't from a lack of technical ability. But I'll be damned if I can figure out why I have to re-install all of my applications again. Having a easier way to updgrade products and OS versions would go a long way towards Microsoft accomplishing their goal of putting users on the upgrade treadmill. Spoonful of sugar makes the medicine go down...
Amoeba
I'm sure I'm not the only one who occassionally uses keyboard patterns for passwords. I'm not talking qwertyuiop or asdfg (obvious) but things like !@()ZX>? Hell, half the time I remember friend's phone numbers by the way you punch in the numbers. Sometimes when asked what a number is I'll even do the "phantom phone dial finger wiggle" so I can recite the damned thing.
Looking at the above example it appears to be a password which follows the "strong password" methodology but have there been any studies on the effectiveness of using such a method? I know there are dictionary-based attacks which have some of the obvious patterns (qwerty, poiuy etc) but is such a method random *enough* to be feasible?
It seems to me that it would be much easier to train users to use a muscle-memory-like password than picking some word out of their ass. The human brain has one seriously developed pattern recognition/matching capability... why not use it?
Amoeba
Technically it's "This hooptyplug action for firefoshizzle and thunderbirdilly-yo is da sh'nizzle, my nizzle"
Would you please stop injecting logic and reason into these discussions? You're seriously harshing my mellow.