I was thinking that the main thing I'd do that for would be protecting operational intelligence - if the info was something like a NOC list, then I'd take the hit. Of course, I'm in no position to be protecting anything like that, so yeah. Best strategy is for the adversary to not know I have whatever they want.
Well, that's what a duress code is for. If you're feeling plucky, give out the wrong code and the drive triggers the 10mg of thermite over the SSD chips. With the right sort of engineering, the outside won't even get warm, and the chewy SSD center just stops responding. Of course, they might decide to torture you to death for pissing them off, but the data's forever beyond saving.
The HP costs about $400 less than the MBP I got a year or two back. For that money, I have Office, Photoshop, a large amount of support, and unix. Match that.
the hardware lasts for years and the overall experience is leagues better than windows. If you don't care, that's fine, I'll just keep buying what I like.
The technical term is UPS, I think. Anyway, one of the cool things that power tech does is staggered boot - this was important when disk drives were the size of a washing machine, but still useful. I wonder if a fancy powerstrip could do that. At the moment, I'm running into the same problem with load - my old 350VA UPS can't hack two machines (one with GPU) and two monitors if the GPU decides to start doing a lot of stuff - Starcraft cutscenes suck when you get a hideous beeping over the dialog, but the actual game was ok. It does make me feel good though - if the combination of all the above kit just barely overstresses the UPS, then my power load during normal use should be fairly modest.
My solution would be to simplify - NFS dependencies are something to be avoided; my pref is that no server reexports NFS shares, and that NFS is isolated and granular - leaving a network to agglomerate over 10 years leads to situations where you have circular dependencies and no good way to power everything up. The way I see it, disk is cheap, so the only reason to have NFS is for backups (not a persistent or boot time thing) and data deduplication. YMMV of course, else we'd all be out of a job.
It's called contextual ads - various companies use small pixels to build up a profile of you and then serve ads based on the profile. FB may do extra stuff, but the targetted ads are nothing new.
I do understand rainbow tables, and my example of per-account salting makes them useless. You can't make them in advance at this point because the storage costs and compute requirements are prohibitive, although yes, doing the common passwords is a good idea.
So if I want to download a file for one app, then use it with another, I have to download it again? If you make it easy to change the defaults for convenience, that's what will happen. If you make it annoying (like with win7), people use something else.
If you use the username in a hashed password, a rainbow table needs to be generated for each possible username. This is equivalent to a brute force attack, therefore rainbow tables as a technique are pointless.
Also, don't take legal advice from slashdot. If this is something you're worried about, print out the proof of you having sent the email and get it notarized. Geez...
Definitely a terrible idea from a strict IA perspective
I don't see why - it isn't like they don't know about the account, and it is being used; you could keep it active only for short windows, I suppose, but the main problem is when you leave with no further relationship and the passwords still work.
Research has pretty well proved by now that making people change their passwords regularly means they write them down.
Citation? Excessive requirements, sure, but requiring that people change them every 3 months and allowing most to get by with a single password? Shouldn't be a problem.
sorry, sarcasm doesn't always come across in text. Absurd as your post was, there are people out there that say that stuff and actually believe it - satire is getting harder every year:)
What happens when the corporate database IS accessible from the corporate wifi because other apps need that access and those apps are run by people on wifi?
That's why it's fun to run an app layer in a web container. Then you get to open access to the container, and it talks to the DB. It can be SOAP, JSON, whatever, and shouldn't be a big deal.
Just for fun, what would malware actually do? Apps are heavily insulated from one another, and a corporate Ipad store has exactly what you want it to have. I wonder if Apple has set up a whitelist control for its corporate plans, as that would address most of your concerns. In the meantime, a compromised Ipad can be wiped without much problem.
interesting, you say that comm skills are paramount in paragraph 1, then walk through a scenario where comm skills make the difference between success and failure. Seems that, while devs are social enough, they generally fail at communicating effectively. Lord knows I suck at it. Not that I'm a troglodyte, but working through soft skills and developing my capacity for getting my point across has helped a lot - nothing like taking a hard dev problem and finding out that you don't even have to do it, or finding that the hard part is irrelevant to what people actually want.
Slashdot Mirror
I was thinking that the main thing I'd do that for would be protecting operational intelligence - if the info was something like a NOC list, then I'd take the hit. Of course, I'm in no position to be protecting anything like that, so yeah. Best strategy is for the adversary to not know I have whatever they want.
Well, that's what a duress code is for. If you're feeling plucky, give out the wrong code and the drive triggers the 10mg of thermite over the SSD chips. With the right sort of engineering, the outside won't even get warm, and the chewy SSD center just stops responding. Of course, they might decide to torture you to death for pissing them off, but the data's forever beyond saving.
Explain to me how a seal will pass long carbon chains but not O2 molecules.
Have you played around with Opterons? I'd like to hear if they stack up any differently to the Xeons.
They tried, but got slapped down.
The HP costs about $400 less than the MBP I got a year or two back. For that money, I have Office, Photoshop, a large amount of support, and unix. Match that.
the hardware lasts for years and the overall experience is leagues better than windows. If you don't care, that's fine, I'll just keep buying what I like.
That fits with my strategy - I'm mostly avoiding crosslinked NFS shares in serverland. nfs homedirs work pretty well in my experience.
The technical term is UPS, I think. Anyway, one of the cool things that power tech does is staggered boot - this was important when disk drives were the size of a washing machine, but still useful. I wonder if a fancy powerstrip could do that. At the moment, I'm running into the same problem with load - my old 350VA UPS can't hack two machines (one with GPU) and two monitors if the GPU decides to start doing a lot of stuff - Starcraft cutscenes suck when you get a hideous beeping over the dialog, but the actual game was ok. It does make me feel good though - if the combination of all the above kit just barely overstresses the UPS, then my power load during normal use should be fairly modest.
My solution would be to simplify - NFS dependencies are something to be avoided; my pref is that no server reexports NFS shares, and that NFS is isolated and granular - leaving a network to agglomerate over 10 years leads to situations where you have circular dependencies and no good way to power everything up. The way I see it, disk is cheap, so the only reason to have NFS is for backups (not a persistent or boot time thing) and data deduplication. YMMV of course, else we'd all be out of a job.
It's called contextual ads - various companies use small pixels to build up a profile of you and then serve ads based on the profile. FB may do extra stuff, but the targetted ads are nothing new.
I do understand rainbow tables, and my example of per-account salting makes them useless. You can't make them in advance at this point because the storage costs and compute requirements are prohibitive, although yes, doing the common passwords is a good idea.
So if I want to download a file for one app, then use it with another, I have to download it again? If you make it easy to change the defaults for convenience, that's what will happen. If you make it annoying (like with win7), people use something else.
If you use the username in a hashed password, a rainbow table needs to be generated for each possible username. This is equivalent to a brute force attack, therefore rainbow tables as a technique are pointless.
Also, don't take legal advice from slashdot. If this is something you're worried about, print out the proof of you having sent the email and get it notarized. Geez...
Definitely a terrible idea from a strict IA perspective
I don't see why - it isn't like they don't know about the account, and it is being used; you could keep it active only for short windows, I suppose, but the main problem is when you leave with no further relationship and the passwords still work.
If rainbow tables work on your system, your system sucks, period.
Research has pretty well proved by now that making people change their passwords regularly means they write them down.
Citation? Excessive requirements, sure, but requiring that people change them every 3 months and allowing most to get by with a single password? Shouldn't be a problem.
dude, baracknaphobia is even more twisted than fartbama. Can we at least discuss this like grownups?
sorry, sarcasm doesn't always come across in text. Absurd as your post was, there are people out there that say that stuff and actually believe it - satire is getting harder every year :)
What happens when the corporate database IS accessible from the corporate wifi because other apps need that access and those apps are run by people on wifi?
That's why it's fun to run an app layer in a web container. Then you get to open access to the container, and it talks to the DB. It can be SOAP, JSON, whatever, and shouldn't be a big deal.
Just for fun, what would malware actually do? Apps are heavily insulated from one another, and a corporate Ipad store has exactly what you want it to have. I wonder if Apple has set up a whitelist control for its corporate plans, as that would address most of your concerns. In the meantime, a compromised Ipad can be wiped without much problem.
interesting, you say that comm skills are paramount in paragraph 1, then walk through a scenario where comm skills make the difference between success and failure. Seems that, while devs are social enough, they generally fail at communicating effectively. Lord knows I suck at it. Not that I'm a troglodyte, but working through soft skills and developing my capacity for getting my point across has helped a lot - nothing like taking a hard dev problem and finding out that you don't even have to do it, or finding that the hard part is irrelevant to what people actually want.
protip: the way you get to the right side of the bell curve is by figuring out how to fix the plan when it blows up.
remind me never to cross you.