Wasn't it Kinko's where that guy freely installed keyloggers and recovered peoples usernames and passwords on an almost regular basis, nationwide?
Doesn't Kinko's still use IE5.0 and Netscape 4.7, and prohibit installation of anything else (except, I suppose, surreptitious keyloggers). Last I looked (2 weeks ago) that was their software contract.
I enjoyed this, thanks. Arguments could go on forever, but you made some very valid points.
Ignorance is common, and should not be an excuse for making bad decisions.
Those really interested in the truth need to look past the obvious... take a look at how many injuries/deaths are prevented each year by helmet laws, and then look at the economic issues. You'll see the helmet laws have very little relative impact on injury and death OVERALL, yet a tremendous amount of capital is driven through the economy by the helmet laws ( buy helmets, pay fines, impact on insurance liability, impact on law-abiding attitude of people as a result of regulation, etc etc).
Combine a very tragic and emotional issue (a child's avoidable death or disfigurement) with opportunity to generate heaps of revenue, and you earn popular support, however ignorant that might be.
lemme see...
1. It's a company that sells web development tools.
2. It's servers were basically ready to get/.'d
3. They get a post on/. that portrays them as fun and friendly folk, successful enough in selling sw tools to have such time for foolery.
Sure looks like a stab at free advertising and publicity to me. I wonder what the sales figures look like post-/.
If it walks like a duck and talks like a duck...
"I have 10 employees, all of them very capable and qualified, hard working, loyal. Many have been with me 10 years. None of them has tried to start their own company, although I would say at least 3 of them are capable of doing so, and perhaps even out-competing me in the marketplace."
They don't do that. Why not?
I am willing to bet that in your country, you spend part of your 6 weeks off planning how you will branch out on your own -- and those who can probably will eventually.
There is more to work than a paycheck, for many, many people. Given good options (like a fun, supportive and professional environment -- pranks and all), not everyone is looking for the next great opportunity.
Treat your colleagues with dignity, respect, and genuine friendship, and you may be surprised how fulfilling it is to work together year after year.
That's a MINOR benefit. How about all the other stuff that sells the management on deploying this technology like:
- expired meters signal the agent to stop by and ticket. No more walking around checking every meter.... Super efficient way to raise revenues
- weekly/monthly stats of spaces highlight the areas of highest overtime parking incidence. Again, super efficient means of tagging and collecting revenue.
- stats reveal where meter feeding is commonplace, actual park time, and help set time limits based on actual usage. Again, super efficient means to more revenue.
- stats indicate effectiveness of foot agents in monitoring meter use and citing violators.
- "Average Time past exiration before ticketed" and "number of overtime cars who got away before being ticketed" come to mind as new performance metrics for metermaids of the 21st century.
and on and on and on..... Remember people, it's all about money.
Is there any viable defense for the average citizen against the privacy-killing, intrusive technological programs being put into place by our government for apparently "good reasons " (antiterrorism and security, ecomonics, government administrative convenience), when these are implemented so ignorantly or so sloppily that they actually cause more damage than good ? It seems people are permitted to make all kinds of "innocent mistakes" at our expense when the apparent intent is a positive one (evoting, surveillance, eschelon, jet blue, Northwest, Axciom, M.A.T.R.I.X.), and it seems we have no defense against the consequential intrusions on our rights and privacy.
Will there be any accountability for negligent technology deployment or will we continue to see only unfair unilateral protectionist activities (RIAA, John Doe suits, cybercrime acts, anti-theft acts, database protection acts, etc etc etc).
I don't see this having been mentioned yet -- so here goes.
If your gf is hired by you, then you have a supervisory position over her. If by chance there is intimacy in the relationship (at work or away from work) you have big problems. Should she desire to (!) she can basically control you and your business, since in the eyes of the law everything you do may be part of a pattern of harassment. Fire her and it's because she didn't deliver what you wanted. No raise or raise not big enough? Must be because of that special extra relationship -- and your unfairly trying to coerce her. Give a raise to someone else? Must be because of that special relationship... just think about how it would be played out if you ever went to court for divorce!
Unfortunately many times the harassment extends to volunteers as well. And travel? It's been ruled that hotels, motels, bars, etc are all extensons of the "office" when on business travel.
Consider this *very* carefully. Perhaps you can make her YOUR supervisor, give yourself the stock/control, and enjoy the flip side of the situation (everything she does can be viewed as harassment against you).
Or, your could have just as easily generated seemingly interesting (but nonsensical) webpages to feed google, using target keywords as fodder for the generating engine, and cross-linking them all to each other as well as your other ecommerce website on those same keywords. Viola... Google increases your pagerank and sends you traffic so you can sell keyword widgets.
It's done all the time. Ever see a website that says "Chrissy sank her deep wet girls gone wild across his hungry enlarge it today guaranteed free results, causing a thrusting money back guarantee. His debt consolidation enlarged a statistically significant amount as she stroked her poker tour, and he blew the giant jackpot rewards......"
FYI expiration info, balance, credit limit are all readily available for free on certain cc hacker channels on the Internet - all you need is the card number. Apparently courtesy of your friendly neighborhood non-secure banking institution.
This is another example of the FUNDAMENTAL FLAW associated with most of our socio-political deployments of technology.
The plan is technically flawed - so it won't work. Why does this slip past implementers so often? (I have my own answers to that).
Return to the FUNDAMENTAL ASSUMPTIONS made by these people. They ASS-U-ME that if your (item A "tax return") reflects a different economic ability than your (item B "lifestyle evidence trail") then you may be cheating, and deserve further investigation. I am sure each of us can come up with hundred of scenarious where our credit history lies.. with very little mental burden.
They also ASS-U-ME that further investigation is without cost TO THE PERSON INVESTIGATED. This is patently untrue, as the costs run from imposed stress (yes, even honest people are stressed by government inquiry), paperwork management costs, legal and professional fees, and LAST BUT CERTAINLY NOT LEAST society's obsession with circumstantial appearances.
As with every use of technology, unles it is based on sound theory it will not work. It will, however, hum along impressively, generate/consume tons of revenue, make good/bad press, and impress naive congresswomen/taxpayers. If that is what we are really after... then it's a solution.
I would vote for a MANDATORY 20 year test run of this before allowing any actual use. Over 20 years, there should be sufficient data to see the holes and understand the data sets. Sans anything like that (ok, maybe 10 years) this deploment is as foolish as (pick two: Internet voting, unencrypted for-profit corporate email, offshore outsourcing of credit bureaus data management, relocating DARPA research centers to mainland China).
This is something said far too casually, and far too often these days. It is also not true.
If the issue is difficult and stressful, then ignore it and enjoy your life. But please don't make public statements of acceptance of injustice, just to make you feel better.
You signed your note anonymous. Even if I try real hard, I can't find out who you are or where you live. Even if I consider your position anathema to my grand economic and political goals, and decide I need to send goons over to eliminate you as a potential threat to my objectives, I can't. You have privacy.
It is so easy to say "you have no privacy" and "get over it" but when you imagine all that lack of privacy (using your credit card, phone, Internet,/.) can you really truthfully say you have no privacy?
You have tons of privacy. But, you are losing it at a very fast rate, with considerable acceleration. It is not time to quit and accept dominance. It is time to discuss, educate, and proclaim not the lack of privacy or its insignificance, but the importance of privacy and its preservation.
The very same argument can be applied to the environment. Some say "the world is already polluted - get over it" and yet they still are able to breathe without gasping or choking. They still walk outside with bare feet without getting cuts from glass and rusty metal (most times), they still shower with public water without getting skin lesions. Do we all have to wait until their really is no privacy or clean air/water?
... and yes I do recognize the potential impact of a broad application of this: e.g. inexpensive 35mm SLRs often fail at sub-freezing temperatures, and those who know better purchase professional grade cameras for these and other, often related reasons. But even with this in mind, shouldn't the specifications clearly state these facts, and if not, can't satisfaction be sought via implied warranty of fitness for purpose, for example?
Last I looked you couldn't just shrug off your obligations because you know you produce a crappy product - if it really didn't work you had to take it back. (except, of course, for software!)
Since there was no such thing as "extreme" prior to the new Extreme product, all we had was regular. Since alot of photgraphy is done at sub-freezing temperatures (all those wonderful outdoor scenes in calendars, for example), then aren't they marketing a defective product to all photographers? AFAIK they did not sell these with limited claims on use in low temperatures - it was discovered by photographers the unfortunate way.
I guess my point is, when SanDisk finally found a way to make it work at 0 degrees C *and below* (and started admitting the others may not work well at those temperatures), shouldn't that be a fix of a defect and not a new specialty product worthy of a higher price?
This thread was about releasing products before they were actually ready. My feeling is that since these memory cards (in hindsight) were not ready, shouldn't they be returnable under an implied warranty?
It really doesn't change much except disclosure (they would have to disclose any known inadequacies to avoid returns) and perhaps it would impose more incentive to properly design a product before selling it.
SanDisk brought us SanDisk Ultra, rated at 60x speed. Then they reminded us that if we really want it to keep it's memory at low temperatures (such as outdoor photography in winter) then we really need to buy SanDisk Extreme (same speed, higher temperature tolerance).
Seems to me these hardware manufacturers are taking a clue from the software industry. The "implied warranty of fitness for a particular purpose" is intended to protect consumers against such crap. But then, if you can shrink-wrap the product with all sorts of disclaimers of warranties (even implied warranties) then hey, why not? Cheating is cheating, and everybody is doing it, so it must be ok.
Okay, so now that the domain has been abandoned I guess it's ok to talk about.
A few years ago I got a resume from someone who listed their email address as fly@flyonshit.com. Sure enough, it was a webdev position, and the website www.flyonshit.com was listed as part of the portfolio.
I don't care how extreme things got back then (dogs at work, hair-color-of-the-week contests, corporate-sponsored PlayStations, etc) there is just no way I would ever interview someone known (self-proclaimed or otherwise) as fly@flyonshit.com.
Follow rulesforuse.org to the US section, which sends you to the Secret Service website, where the Investigative Mission states:
The Secret Service believes that its primary enforcement jurisdictions will only increase in significance in the 21st Century. For this reason, the Secret Service has adopted a proactive approach to monitor the development of technology and continue to use it in the interest of federal, state, and local law enforcement.
Before this law, many spammers(1) were paranoid about the legalities of their methods. Additionally, many potential customers of spammers(2) were hesitant due to the unknown potential legal consequences.
After January 1, at least one spammer I know will be heavily pitching his spam newsletters to those hesitant customers, and probably cashing in. This law appears to make such spam *legal* (since it appears to have inherent value in addition to commercial embedded links).
Today such spam newsletters are ethically quuestionable and illegal in many states, not because they are deceptive advertorials but because they are sent unsolicited to millions of email addresses. After January 1st they will be declared LEGAL, making them an option for business that otherwise would have continued to decline to use questionably ethical means of commercial promotion.
Notes:
(1) The source of this statement is a very wealthy and very paranoid acquaintence of mine who is a full-time spam marketer and a lawyer. He spends tons of time and money covering his arse just in case while never technically breaking any laws. Now he can keep that money.
(2) I am one of these - I will not hire spammers to spam the world to sell my wares, nor will many of my associates. But since our competitors do, it makes for some tough business economics.
See section 9, it provides for the establishment of a "do not email" list.
I assume there will be some means of applying fines for violations, and won't that be fun to administer! (but it was a spoofed FROM field! Really! It wasn't us!)
is everyone missing the point?
on
Real Security?
·
· Score: 2, Insightful
All of this talk about real security in the example hospital seting, and how users resorting to sticky notes are less secure than no password at all?
The point is not to be secure from unathorized access. The point is to be secure from liability!
If users resort to stickies then they are the ones violating policy, not the hospital administration. Go ahead and use your associates login while you wait forever for IT to give you access.... as described in the article. But do so and you take responsibility for having violating the rules. Wait until you get your own login (as the company policy probably says you should) and you will not incur such liability.
As long as technologists ignore the real world, we will not have functional IT. It may be painfull to wait for the system to solve its real world problems (just imaging the doctor simply not doing any work until she got her login account several weeks into the job), but unless we let the whole system find and fix its mistakes, we will keep chasing our tails. It is certainly not about whether or not certain passwords are more secure than others.
Yet Vonage has been cited as a telecom company, and now has to follow BPU regulations like subsidizing residnetial services etc..... so some IP services are "Internet" and some are "telecom"?
Sounds like anyone with an unsecured WiFi hotspot is now an IAC. Probably an ISP as well. So when a war driver routes his spam attack through your gateway while parked on the street at the end of your driveway.....
Perhaps it is a very wise move to give access to everyone, and let them decide whether or not to use it. At least they are not being denied access. The government is helping break down barriers to access to what is surely to become a great cultural advance, as everything moves to an online information delivery model.
If you want a driver license, apply online. Check your government benefits? Go online. Pay your taxes... online.
Can't get online? Nonsense.. every house has been wired.
Time to protect the monopoly. Once in that phase, funds are diverted away from R&D and into protectionism -- the great money pit.
Is it really easier or more cost-effective to change the world (pay bounties for crackers, lobby for prtctionist laws) than to change your business practices (write more secure software)?
This had better be a temporary endeavor conducted in parallel with major shifts toward better busines practices, or MS is starting the downward spiral.
"In her experience many malicious hackers have a borderline criminal view of the world and do not share mainstream ethical norms....Their judgement processes might be different... as well as their perception of risk and reward."
Well great, more POP psychology to brand us as evil if we demonstrate different "judgement processes", don't share "mainstream ethical norms" or maintream reward systems.
Who do you think built the Internet in the first place, and launched all this disruptive technology that's changing the world? Don't we have enough ignorant techophobes in the way of progress already?
Slashdot Mirror
Wasn't it Kinko's where that guy freely installed keyloggers and recovered peoples usernames and passwords on an almost regular basis, nationwide?
Doesn't Kinko's still use IE5.0 and Netscape 4.7, and prohibit installation of anything else (except, I suppose, surreptitious keyloggers). Last I looked (2 weeks ago) that was their software contract.
I enjoyed this, thanks. Arguments could go on forever, but you made some very valid points.
Ignorance is common, and should not be an excuse for making bad decisions.
Those really interested in the truth need to look past the obvious... take a look at how many injuries/deaths are prevented each year by helmet laws, and then look at the economic issues. You'll see the helmet laws have very little relative impact on injury and death OVERALL, yet a tremendous amount of capital is driven through the economy by the helmet laws ( buy helmets, pay fines, impact on insurance liability, impact on law-abiding attitude of people as a result of regulation, etc etc).
Combine a very tragic and emotional issue (a child's avoidable death or disfigurement) with opportunity to generate heaps of revenue, and you earn popular support, however ignorant that might be.
lemme see... 1. It's a company that sells web development tools. 2. It's servers were basically ready to get /.'d
3. They get a post on /. that portrays them as fun and friendly folk, successful enough in selling sw tools to have such time for foolery.
Sure looks like a stab at free advertising and publicity to me. I wonder what the sales figures look like post-/.
If it walks like a duck and talks like a duck...
Consider this perspective:
"I have 10 employees, all of them very capable and qualified, hard working, loyal. Many have been with me 10 years. None of them has tried to start their own company, although I would say at least 3 of them are capable of doing so, and perhaps even out-competing me in the marketplace."
They don't do that. Why not?
I am willing to bet that in your country, you spend part of your 6 weeks off planning how you will branch out on your own -- and those who can probably will eventually.
There is more to work than a paycheck, for many, many people. Given good options (like a fun, supportive and professional environment -- pranks and all), not everyone is looking for the next great opportunity.
Treat your colleagues with dignity, respect, and genuine friendship, and you may be surprised how fulfilling it is to work together year after year.
That's a MINOR benefit. How about all the other stuff that sells the management on deploying this technology like:
- expired meters signal the agent to stop by and ticket. No more walking around checking every meter.... Super efficient way to raise revenues
- weekly/monthly stats of spaces highlight the areas of highest overtime parking incidence. Again, super efficient means of tagging and collecting revenue.
- stats reveal where meter feeding is commonplace, actual park time, and help set time limits based on actual usage. Again, super efficient means to more revenue.
- stats indicate effectiveness of foot agents in monitoring meter use and citing violators.
- "Average Time past exiration before ticketed" and "number of overtime cars who got away before being ticketed" come to mind as new performance metrics for metermaids of the 21st century.
and on and on and on..... Remember people, it's all about money.
Sorry...I wrote eschelon but I meant carnivore.
Is there any viable defense for the average citizen against the privacy-killing, intrusive technological programs being put into place by our government for apparently "good reasons " (antiterrorism and security, ecomonics, government administrative convenience), when these are implemented so ignorantly or so sloppily that they actually cause more damage than good ? It seems people are permitted to make all kinds of "innocent mistakes" at our expense when the apparent intent is a positive one (evoting, surveillance, eschelon, jet blue, Northwest, Axciom, M.A.T.R.I.X.), and it seems we have no defense against the consequential intrusions on our rights and privacy.
Will there be any accountability for negligent technology deployment or will we continue to see only unfair unilateral protectionist activities (RIAA, John Doe suits, cybercrime acts, anti-theft acts, database protection acts, etc etc etc).
I don't see this having been mentioned yet -- so here goes.
If your gf is hired by you, then you have a supervisory position over her. If by chance there is intimacy in the relationship (at work or away from work) you have big problems. Should she desire to (!) she can basically control you and your business, since in the eyes of the law everything you do may be part of a pattern of harassment. Fire her and it's because she didn't deliver what you wanted. No raise or raise not big enough? Must be because of that special extra relationship -- and your unfairly trying to coerce her. Give a raise to someone else? Must be because of that special relationship... just think about how it would be played out if you ever went to court for divorce!
Unfortunately many times the harassment extends to volunteers as well. And travel? It's been ruled that hotels, motels, bars, etc are all extensons of the "office" when on business travel.
Consider this *very* carefully. Perhaps you can make her YOUR supervisor, give yourself the stock/control, and enjoy the flip side of the situation (everything she does can be viewed as harassment against you).
Or, your could have just as easily generated seemingly interesting (but nonsensical) webpages to feed google, using target keywords as fodder for the generating engine, and cross-linking them all to each other as well as your other ecommerce website on those same keywords. Viola... Google increases your pagerank and sends you traffic so you can sell keyword widgets.
It's done all the time. Ever see a website that says "Chrissy sank her deep wet girls gone wild across his hungry enlarge it today guaranteed free results, causing a thrusting money back guarantee. His debt consolidation enlarged a statistically significant amount as she stroked her poker tour, and he blew the giant jackpot rewards......"
FYI expiration info, balance, credit limit are all readily available for free on certain cc hacker channels on the Internet - all you need is the card number. Apparently courtesy of your friendly neighborhood non-secure banking institution.
The plan is technically flawed - so it won't work. Why does this slip past implementers so often? (I have my own answers to that).
Return to the FUNDAMENTAL ASSUMPTIONS made by these people. They ASS-U-ME that if your (item A "tax return") reflects a different economic ability than your (item B "lifestyle evidence trail") then you may be cheating, and deserve further investigation. I am sure each of us can come up with hundred of scenarious where our credit history lies.. with very little mental burden.
They also ASS-U-ME that further investigation is without cost TO THE PERSON INVESTIGATED. This is patently untrue, as the costs run from imposed stress (yes, even honest people are stressed by government inquiry), paperwork management costs, legal and professional fees, and LAST BUT CERTAINLY NOT LEAST society's obsession with circumstantial appearances.
As with every use of technology, unles it is based on sound theory it will not work. It will, however, hum along impressively, generate/consume tons of revenue, make good/bad press, and impress naive congresswomen/taxpayers. If that is what we are really after... then it's a solution.
I would vote for a MANDATORY 20 year test run of this before allowing any actual use. Over 20 years, there should be sufficient data to see the holes and understand the data sets. Sans anything like that (ok, maybe 10 years) this deploment is as foolish as (pick two: Internet voting, unencrypted for-profit corporate email, offshore outsourcing of credit bureaus data management, relocating DARPA research centers to mainland China).
One of the primary problems with this stuff is that living outside the realmof normal becomes "suspect".
Every innovation to hit our so-called civilization has, by very definition, resulted from activities outside the realm of normal.
To be different should NOT to mean to be suspicious.
This is something said far too casually, and far too often these days. It is also not true.
/.) can you really truthfully say you have no privacy?
If the issue is difficult and stressful, then ignore it and enjoy your life. But please don't make public statements of acceptance of injustice, just to make you feel better.
You signed your note anonymous. Even if I try real hard, I can't find out who you are or where you live. Even if I consider your position anathema to my grand economic and political goals, and decide I need to send goons over to eliminate you as a potential threat to my objectives, I can't. You have privacy.
It is so easy to say "you have no privacy" and "get over it" but when you imagine all that lack of privacy (using your credit card, phone, Internet,
You have tons of privacy. But, you are losing it at a very fast rate, with considerable acceleration. It is not time to quit and accept dominance. It is time to discuss, educate, and proclaim not the lack of privacy or its insignificance, but the importance of privacy and its preservation.
The very same argument can be applied to the environment. Some say "the world is already polluted - get over it" and yet they still are able to breathe without gasping or choking. They still walk outside with bare feet without getting cuts from glass and rusty metal (most times), they still shower with public water without getting skin lesions. Do we all have to wait until their really is no privacy or clean air/water?
Lead, follow, or get out of the way.
... and yes I do recognize the potential impact of a broad application of this: e.g. inexpensive 35mm SLRs often fail at sub-freezing temperatures, and those who know better purchase professional grade cameras for these and other, often related reasons. But even with this in mind, shouldn't the specifications clearly state these facts, and if not, can't satisfaction be sought via implied warranty of fitness for purpose, for example?
Last I looked you couldn't just shrug off your obligations because you know you produce a crappy product - if it really didn't work you had to take it back. (except, of course, for software!)
Thanks for the comments.
Since there was no such thing as "extreme" prior to the new Extreme product, all we had was regular. Since alot of photgraphy is done at sub-freezing temperatures (all those wonderful outdoor scenes in calendars, for example), then aren't they marketing a defective product to all photographers? AFAIK they did not sell these with limited claims on use in low temperatures - it was discovered by photographers the unfortunate way.
I guess my point is, when SanDisk finally found a way to make it work at 0 degrees C *and below* (and started admitting the others may not work well at those temperatures), shouldn't that be a fix of a defect and not a new specialty product worthy of a higher price?
This thread was about releasing products before they were actually ready. My feeling is that since these memory cards (in hindsight) were not ready, shouldn't they be returnable under an implied warranty?
It really doesn't change much except disclosure (they would have to disclose any known inadequacies to avoid returns) and perhaps it would impose more incentive to properly design a product before selling it.
True.
SanDisk brought us SanDisk Ultra, rated at 60x speed. Then they reminded us that if we really want it to keep it's memory at low temperatures (such as outdoor photography in winter) then we really need to buy SanDisk Extreme (same speed, higher temperature tolerance).
Seems to me these hardware manufacturers are taking a clue from the software industry. The "implied warranty of fitness for a particular purpose" is intended to protect consumers against such crap. But then, if you can shrink-wrap the product with all sorts of disclaimers of warranties (even implied warranties) then hey, why not? Cheating is cheating, and everybody is doing it, so it must be ok.
Okay, so now that the domain has been abandoned I guess it's ok to talk about.
A few years ago I got a resume from someone who listed their email address as fly@flyonshit.com. Sure enough, it was a webdev position, and the website www.flyonshit.com was listed as part of the portfolio.
I don't care how extreme things got back then (dogs at work, hair-color-of-the-week contests, corporate-sponsored PlayStations, etc) there is just no way I would ever interview someone known (self-proclaimed or otherwise) as fly@flyonshit.com.
The Secret Service believes that its primary enforcement jurisdictions will only increase in significance in the 21st Century. For this reason, the Secret Service has adopted a proactive approach to monitor the development of technology and continue to use it in the interest of federal, state, and local law enforcement.
Before this law, many spammers(1) were paranoid about the legalities of their methods. Additionally, many potential customers of spammers(2) were hesitant due to the unknown potential legal consequences.
After January 1, at least one spammer I know will be heavily pitching his spam newsletters to those hesitant customers, and probably cashing in. This law appears to make such spam *legal* (since it appears to have inherent value in addition to commercial embedded links).
Today such spam newsletters are ethically quuestionable and illegal in many states, not because they are deceptive advertorials but because they are sent unsolicited to millions of email addresses. After January 1st they will be declared LEGAL, making them an option for business that otherwise would have continued to decline to use questionably ethical means of commercial promotion.
Notes:
(1) The source of this statement is a very wealthy and very paranoid acquaintence of mine who is a full-time spam marketer and a lawyer. He spends tons of time and money covering his arse just in case while never technically breaking any laws. Now he can keep that money.
(2) I am one of these - I will not hire spammers to spam the world to sell my wares, nor will many of my associates. But since our competitors do, it makes for some tough business economics.
See section 9, it provides for the establishment of a "do not email" list.
I assume there will be some means of applying fines for violations, and won't that be fun to administer! (but it was a spoofed FROM field! Really! It wasn't us!)
All of this talk about real security in the example hospital seting, and how users resorting to sticky notes are less secure than no password at all?
The point is not to be secure from unathorized access. The point is to be secure from liability!
If users resort to stickies then they are the ones violating policy, not the hospital administration. Go ahead and use your associates login while you wait forever for IT to give you access.... as described in the article. But do so and you take responsibility for having violating the rules. Wait until you get your own login (as the company policy probably says you should) and you will not incur such liability.
As long as technologists ignore the real world, we will not have functional IT. It may be painfull to wait for the system to solve its real world problems (just imaging the doctor simply not doing any work until she got her login account several weeks into the job), but unless we let the whole system find and fix its mistakes, we will keep chasing our tails. It is certainly not about whether or not certain passwords are more secure than others.
Yet Vonage has been cited as a telecom company, and now has to follow BPU regulations like subsidizing residnetial services etc..... so some IP services are "Internet" and some are "telecom"?
Sounds like anyone with an unsecured WiFi hotspot is now an IAC. Probably an ISP as well. So when a war driver routes his spam attack through your gateway while parked on the street at the end of your driveway.....
Perhaps it is a very wise move to give access to everyone, and let them decide whether or not to use it. At least they are not being denied access. The government is helping break down barriers to access to what is surely to become a great cultural advance, as everything moves to an online information delivery model.
If you want a driver license, apply online. Check your government benefits? Go online. Pay your taxes... online.
Can't get online? Nonsense.. every house has been wired.
Time to protect the monopoly. Once in that phase, funds are diverted away from R&D and into protectionism -- the great money pit.
Is it really easier or more cost-effective to change the world (pay bounties for crackers, lobby for prtctionist laws) than to change your business practices (write more secure software)?
This had better be a temporary endeavor conducted in parallel with major shifts toward better busines practices, or MS is starting the downward spiral.
"In her experience many malicious hackers have a borderline criminal view of the world and do not share mainstream ethical norms....Their judgement processes might be different... as well as their perception of risk and reward."
Well great, more POP psychology to brand us as evil if we demonstrate different "judgement processes", don't share "mainstream ethical norms" or maintream reward systems.
Who do you think built the Internet in the first place, and launched all this disruptive technology that's changing the world? Don't we have enough ignorant techophobes in the way of progress already?