Dont even need to do the math, if it is in the national news, by definition you shouldn't worry about it. Car crashes no longer make it on the national news, therefore it happens so often it is no longer interesting. That is all you need to know.
Ryan Phillipe played Milo in Antitrust..... A movie that portray Microsoft as a big evil corporation that was killing Open Source developers... Maybe there is something more to this. A hidden secret perhaps?
To paraphrase:
"In this industry you are either a 1 or a 0.... alive or dead".
This attitude works if you are some joe blow user worried about being part of some zombie attack, but fails miserably if you are some high value target such as a bank or a military. You can't rely on reports of known malware because a real attack isn't going to be "known". OS X does have these issues. It is far from perfect and when you have a web browser that allows drive by downloads for two years, I really have a hard time trusting them with the security of the rest of the system.
Wow.... What a surprise. Just when I thought Microsoft was starting to get better. We really need to get away from these binary formats anyway... A LOT of security vulnerabilities come from binary formats.
Microsoft is putting their customers at risk every time they half ass these standards like they love to do. Companies spend a lot of time and money to develop these lovely web apps that only work for IE version X, then find out that because IE X+1 is trying to finally conform to standards their current app is broken. Whether we like to admit it or not, IE is getting better at security issues, but many of their customers can't upgrade b/c they built the POS that is IE 6. I have seen this again and again in organizations. No one wants to upgrade because application Y breaks when you upgrade so everyone stays with the more vulnerable IE 6. Microsoft needs to stop putting it's customers at rish in the name of vendor lock in.
Look at contractors working for the government. In my experience that is where a lot of the jobs are. I know where I work, they are always looking for talent.
http://maliciousnetworks.org/top20c.php
Who is the number one haven for malicious machines? The US. Not that I disagree with this. I do think it is a step in the right direction. We need to start working together as a world to combat threats on the Internet. If it takes cutting off funding, then I am for it. I would like to see if go further and have the companies who are "supporting" this to agree to NOT send work to these countries. The reason cheap labor exists in a lot of these countries is due to the lack of regulations.
Monitor heavily! Set up a Snort box or some commercial equivelant at multiple points in the network and religously watch it (if you are large enough then you can hire a dedicated team, if you are small then it should be someones job to look at it on a regular time interval). This allows you to respond to incidents faster and ensure that an incident doesn't get out of hand. This can be the difference between a piece of malware is on 1 machine or the entire network. Don't let vendors sell you on an IPS and all it's glory. If you want to buy one as a good Defense In Depth strategy, fine, but an IDS is far more important then an IDS. So if I could only pick one due to budget constraints I am going to pick the IDS every time. IDSes have the benefit of being able to trigger on things that may be incidents and not on it definately is an incident. It is then up to some human to decide whether it is or not.
"Any competent security specialist will tell you that using an established encryption algorithm is always the wise choice."
So, if we read carefully... One year is not a well established protocol. They just chose their own one.
It all depends on what command or where you are. I have been in places where they are very pro open source, and places where they refuse all requests to OSS. Personally I am really happy about this.
I wrote about this a little while ago on why the federal government needs to be using Open Source.
http://www.dremspider.net/?p=15
This is what I have seen as a federal contractor.
Being that I work as a contracter for the government and have worked a bit on the bid process, this is normal. Numerous companies go to a large agency, let's say the treasury and bid for a contracting vehicle. This will often contain numerous contractors, in fact it is garunteed by law to. In this situation quite often contractors will band together to fill in areas they may not be very good at. The contract vehicles will then go to a few groups (consisting of the multiple companies). This contract vehicle process takes a long time as the parent said, but it is important to note that it gets the winners NO money at all. Once this is done a smaller division in the government can "hire" or request for bids using these contract vehicles. For smaller amounts they don't have to go through any bidding process. For larger contracts they must go through a shorter process then the original contract vehicle. I am not saying nothing was fishy in this contract, but I am saying that this is normal.
Does it make it more efficient? First of all I am pretty sure it is going to take longer. Second, for the cost to make one of these I am pretty sure you can make one of those lawn mowers that cut grass BY ITSELF with NO HUMAN INTERVENTION. I don't care if it takes 5 days for the machine to do it, if it is automatic and I don't need to be there.
Finally, all this does is requires a human to still attend to the grass, but not get the side benefit of exercise... While this invention is cool, don't pawn it off as something useful when their is clearly little to no market for something like this...
I can see it being useful for application development, maybe. That is stretching it though because usually you emulate the phone on your computer when developing, rather then using the phone itself. How many people are going to do this? Virtualization is great for somethings, but this I would say is pointless. I want my phone to work, the less the interface is relevant the better the interface is. Why would I want two different interfaces that do the exact same thing?
You don't have multiple users with a phone, so that doesn't help. You aren't consolidating phones because everyone is still going to want their own phone. What can I do with this?
NAT must be set for a router to work. The very nature of a router is to use NAT. Ironically though it is a bigger issue on corporate networks as they are more likely to forward off ports. Not that NAT is a panacea by any means, but it is better then nothing. All routers need to do some type of NAT period, it is how a router works.
It does "phone home", but to the server that you point it to, not some other server. If you use the enterprise features, you say I am going to point it to this server, and that is all that it ever looks at. Then you can kill the blackberry from that server. Once you move the server it points to, ATT or RIM or whoever can't kill the phone. It is your choice to do so as the admin of the server.
Do you forsee a time when we find out that country X broke into our infrastructure and say brought down the Internet (or maybe just part of it like DNS), causing an war? Would this be limited to taking down their computers or is sending in physical force acceptable? Would we ever really call out a country who is trying to hack us or do we just batten down the hatches to prevent them from getting in? Would you make this public? After all, we are probably doing the same thing.
On a side note I am really interested in this. I currently work in IT as a DOD contractor, and am pursuing a degree in InfoSec. Do you think cyber command will be contractor dominated or military personnel dominated ? Would you accept someone who is given a guaranteed position in this command who is say 27-30, has a masters in infosec and is willing to take a little bit of a pay cut to have this on their resume when they get out in 4 years?
One thing that this article is missing is the fact that Microsoft loses money on the hardware (a lot now that they are replacing them all two or three times a piece). Why would HP come out with an HP xbox. If they aren't going to get a share of the games then the unit will need to be a lot more expensive then Microsoft's. Are they going to say Dell sold 20% of the units out there, so they get 20% of the marketshare? This won't work because some units may be inclined to attract more hardcore gamers which means they will lose out, because they are getting more sales for video games, but the company who makes the cheapest xbox possible is now getting more of the profit because they are aiming at a market who may buy one or two games a year. They could track purchases online and divy it out this way, but that would be difficult as well, and not everyone is online. The only other thing that I could think that would work is MS pays companies to make the devices. And then MS still gets the royalties. There is not much else that would make sense for companies to get involved.
Well, you are almost correct. What really happens is you put the disk in and it opens up something similiar to pipe dream. What you need to do is shift the "pipes" before the water gets to be too full. Depending on how well the box is locked down the water will flow faster. This is how I was taught in my classes from Bioshock university.
First of all there are plenty of "disadvantaged" people in the "white male" group. The beauty of America is that you can work your tail end off and be successful from the very bottom all the way to the top. Will it be harder then the guy who has a daddy with millions in the bank? You bet it will, but it can be done. By giving benefits to any race or gender you are essentially saying, you are not as good as the other white person, who is in the same income bracket, so we are going to pay for your tuition. I can see offering more money to people in lower income families more money without a doubt, but not for their race. By giving it to people in lower income families you are doing it on an as needed basis. If it turns out to be more minorities (which statistically it will because of the legacy as you described it) then so be it. This is a great system because it is self correcting over time.
Affirmative action is really subconsciously telling people to not work because the government feels pity on you, you are after all disadvantaged because of your race/gender. Your gender is something that you can't change (well.... easily) and your race is something you can't change (without looking like Michael Jackson) and your kids really can't without racial integration. Your socio-economic status you can change though and therefore giving to people with lower incomes is not saying you are not as good as the other people, but rather you did not start with as many advantages as the person with the rich parents. These are two very big differences. If you give to people by race you are saying that they are "disadvantaged" and not as smart, but by socio-economic status and you are saying that they were given less opportunity.
If your legacy argument is true, and I believe that it is, there will be little to no difference between these two policies in terms of the numbers getting them. The policy will correct itself over time as the legacy is washed out and gets older. A lot of schools no longer do interviews for acceptance and only require a paper, high school transcripts and a few other things. It is ridiculous that they even need to know your race. Look at their academic abilities, adjust for economic status and you are done.
Assuming you don't get a coupon, everyone knows to not pay full price for a Dell! Here is a laptop I just ordered
Thinkpad t61
14 inches 1440x900 screen Core 2 duo Santa Rosa (2.0 GHz, 4 megs cache) nvidia quadro nv140 128 meg (based off an 8400 apparently) 2 gigs of ram 100 gig 7200 rpm hd 3 year warranty
If you look around, you can find really good deals on PCs, Macs never change in price. I wanted a mac this time around, but I had no options. I wanted a nice midrange laptop, something in between a pro and a regular and nothing was to be found so they lost my business.
Everyone as shot down as the enraged terrorist realizes what is going on and that he has no option but to kill himself or face serious charges. Might as well take out as many people while you can in the process. This is an interesting, if not extremely original idea but I think that a terrorist can still cause a lot of damage even with this.
The degree is worth it. I first went to a technical school. Then decided I wanted to get a two year degree from PSU in networking. After my third year I decided to go on for my 4 years in college from seeing various friends graduating and where they were ending up. I lost quite a few credits in the move (and am now graduating with 140+ credits), but I did finish it in time. If you are like me a four year degree will not teach you a whole lot of technical stuff.
Being that you read Slashdot and probably can network computers and run 5 OSes on your computer at once you probably have a strong base of technical knowledge. I would say I learned very little and really only filled in my technical skills, but what I learned is invaluable. I learned that there is more to IT then setting up a router or configuring a computer. I learned how to handle IT and make it useful to people. I learned how to handle business. I learned to manage a project. I learned to learn.
I had a job interview for a BIG company that pays amazingly well in DC who doesn't even interview people w/o bachelor's. My interview started with the interviewer telling me that he went to PSU and that he thinks people from my major are the best things sliced bread. I landed a nice job with great benefits. I plan on going to grad school now for information security, which this company will pay for. I went from two year to 4 year to 6 year. Learning in IT is never ending the quicker you learn that the better. Certs will help, but nothing beats a degree. Most people with degrees will probably have the same certs as you anyways as they are really easy to get with a base of learning like a degree.
My suggestion go for 4 years and make the best of it!
Slashdot Mirror
Dont even need to do the math, if it is in the national news, by definition you shouldn't worry about it. Car crashes no longer make it on the national news, therefore it happens so often it is no longer interesting. That is all you need to know.
Here are some sites that I have used for malicious sites: http://www.malwaredomainlist.com/ http://www.malwareurl.com/ http://iblocklist.com/lists.php https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist http://mtc.sri.com/live_data/malware_dns/ Also if you use Snort you are able to use the rules created over at Emerging Threats as well as others: http://emergingthreats.net/rules/emerging-drop.rules
Ryan Phillipe played Milo in Antitrust..... A movie that portray Microsoft as a big evil corporation that was killing Open Source developers... Maybe there is something more to this. A hidden secret perhaps? To paraphrase: "In this industry you are either a 1 or a 0.... alive or dead".
This attitude works if you are some joe blow user worried about being part of some zombie attack, but fails miserably if you are some high value target such as a bank or a military. You can't rely on reports of known malware because a real attack isn't going to be "known". OS X does have these issues. It is far from perfect and when you have a web browser that allows drive by downloads for two years, I really have a hard time trusting them with the security of the rest of the system.
Wow.... What a surprise. Just when I thought Microsoft was starting to get better. We really need to get away from these binary formats anyway... A LOT of security vulnerabilities come from binary formats.
Microsoft is putting their customers at risk every time they half ass these standards like they love to do. Companies spend a lot of time and money to develop these lovely web apps that only work for IE version X, then find out that because IE X+1 is trying to finally conform to standards their current app is broken. Whether we like to admit it or not, IE is getting better at security issues, but many of their customers can't upgrade b/c they built the POS that is IE 6. I have seen this again and again in organizations. No one wants to upgrade because application Y breaks when you upgrade so everyone stays with the more vulnerable IE 6. Microsoft needs to stop putting it's customers at rish in the name of vendor lock in.
Look at contractors working for the government. In my experience that is where a lot of the jobs are. I know where I work, they are always looking for talent.
http://maliciousnetworks.org/top20c.php Who is the number one haven for malicious machines? The US. Not that I disagree with this. I do think it is a step in the right direction. We need to start working together as a world to combat threats on the Internet. If it takes cutting off funding, then I am for it. I would like to see if go further and have the companies who are "supporting" this to agree to NOT send work to these countries. The reason cheap labor exists in a lot of these countries is due to the lack of regulations.
Monitor heavily! Set up a Snort box or some commercial equivelant at multiple points in the network and religously watch it (if you are large enough then you can hire a dedicated team, if you are small then it should be someones job to look at it on a regular time interval). This allows you to respond to incidents faster and ensure that an incident doesn't get out of hand. This can be the difference between a piece of malware is on 1 machine or the entire network. Don't let vendors sell you on an IPS and all it's glory. If you want to buy one as a good Defense In Depth strategy, fine, but an IDS is far more important then an IDS. So if I could only pick one due to budget constraints I am going to pick the IDS every time. IDSes have the benefit of being able to trigger on things that may be incidents and not on it definately is an incident. It is then up to some human to decide whether it is or not.
"Any competent security specialist will tell you that using an established encryption algorithm is always the wise choice." So, if we read carefully... One year is not a well established protocol. They just chose their own one.
It all depends on what command or where you are. I have been in places where they are very pro open source, and places where they refuse all requests to OSS. Personally I am really happy about this.
I wrote about this a little while ago on why the federal government needs to be using Open Source. http://www.dremspider.net/?p=15 This is what I have seen as a federal contractor.
you have obviously never used Red Hat's Sattellite server.... It is one of their best products in my opinion.
Being that I work as a contracter for the government and have worked a bit on the bid process, this is normal. Numerous companies go to a large agency, let's say the treasury and bid for a contracting vehicle. This will often contain numerous contractors, in fact it is garunteed by law to. In this situation quite often contractors will band together to fill in areas they may not be very good at. The contract vehicles will then go to a few groups (consisting of the multiple companies). This contract vehicle process takes a long time as the parent said, but it is important to note that it gets the winners NO money at all. Once this is done a smaller division in the government can "hire" or request for bids using these contract vehicles. For smaller amounts they don't have to go through any bidding process. For larger contracts they must go through a shorter process then the original contract vehicle. I am not saying nothing was fishy in this contract, but I am saying that this is normal.
Does it make it more efficient? First of all I am pretty sure it is going to take longer. Second, for the cost to make one of these I am pretty sure you can make one of those lawn mowers that cut grass BY ITSELF with NO HUMAN INTERVENTION. I don't care if it takes 5 days for the machine to do it, if it is automatic and I don't need to be there. Finally, all this does is requires a human to still attend to the grass, but not get the side benefit of exercise... While this invention is cool, don't pawn it off as something useful when their is clearly little to no market for something like this...
I can see it being useful for application development, maybe. That is stretching it though because usually you emulate the phone on your computer when developing, rather then using the phone itself. How many people are going to do this? Virtualization is great for somethings, but this I would say is pointless. I want my phone to work, the less the interface is relevant the better the interface is. Why would I want two different interfaces that do the exact same thing? You don't have multiple users with a phone, so that doesn't help. You aren't consolidating phones because everyone is still going to want their own phone. What can I do with this?
NAT must be set for a router to work. The very nature of a router is to use NAT. Ironically though it is a bigger issue on corporate networks as they are more likely to forward off ports. Not that NAT is a panacea by any means, but it is better then nothing. All routers need to do some type of NAT period, it is how a router works.
It does "phone home", but to the server that you point it to, not some other server. If you use the enterprise features, you say I am going to point it to this server, and that is all that it ever looks at. Then you can kill the blackberry from that server. Once you move the server it points to, ATT or RIM or whoever can't kill the phone. It is your choice to do so as the admin of the server.
Do you forsee a time when we find out that country X broke into our infrastructure and say brought down the Internet (or maybe just part of it like DNS), causing an war? Would this be limited to taking down their computers or is sending in physical force acceptable? Would we ever really call out a country who is trying to hack us or do we just batten down the hatches to prevent them from getting in? Would you make this public? After all, we are probably doing the same thing.
On a side note I am really interested in this. I currently work in IT as a DOD contractor, and am pursuing a degree in InfoSec. Do you think cyber command will be contractor dominated or military personnel dominated ? Would you accept someone who is given a guaranteed position in this command who is say 27-30, has a masters in infosec and is willing to take a little bit of a pay cut to have this on their resume when they get out in 4 years?
One thing that this article is missing is the fact that Microsoft loses money on the hardware (a lot now that they are replacing them all two or three times a piece). Why would HP come out with an HP xbox. If they aren't going to get a share of the games then the unit will need to be a lot more expensive then Microsoft's. Are they going to say Dell sold 20% of the units out there, so they get 20% of the marketshare? This won't work because some units may be inclined to attract more hardcore gamers which means they will lose out, because they are getting more sales for video games, but the company who makes the cheapest xbox possible is now getting more of the profit because they are aiming at a market who may buy one or two games a year. They could track purchases online and divy it out this way, but that would be difficult as well, and not everyone is online.
The only other thing that I could think that would work is MS pays companies to make the devices. And then MS still gets the royalties. There is not much else that would make sense for companies to get involved.
Well, you are almost correct. What really happens is you put the disk in and it opens up something similiar to pipe dream. What you need to do is shift the "pipes" before the water gets to be too full. Depending on how well the box is locked down the water will flow faster. This is how I was taught in my classes from Bioshock university.
Sorry, I couldn't resist.
I disagree with this and here is why.
First of all there are plenty of "disadvantaged" people in the "white male" group. The beauty of America is that you can work your tail end off and be successful from the very bottom all the way to the top. Will it be harder then the guy who has a daddy with millions in the bank? You bet it will, but it can be done. By giving benefits to any race or gender you are essentially saying, you are not as good as the other white person, who is in the same income bracket, so we are going to pay for your tuition. I can see offering more money to people in lower income families more money without a doubt, but not for their race. By giving it to people in lower income families you are doing it on an as needed basis. If it turns out to be more minorities (which statistically it will because of the legacy as you described it) then so be it. This is a great system because it is self correcting over time.
Affirmative action is really subconsciously telling people to not work because the government feels pity on you, you are after all disadvantaged because of your race/gender. Your gender is something that you can't change (well.... easily) and your race is something you can't change (without looking like Michael Jackson) and your kids really can't without racial integration. Your socio-economic status you can change though and therefore giving to people with lower incomes is not saying you are not as good as the other people, but rather you did not start with as many advantages as the person with the rich parents. These are two very big differences. If you give to people by race you are saying that they are "disadvantaged" and not as smart, but by socio-economic status and you are saying that they were given less opportunity.
If your legacy argument is true, and I believe that it is, there will be little to no difference between these two policies in terms of the numbers getting them. The policy will correct itself over time as the legacy is washed out and gets older. A lot of schools no longer do interviews for acceptance and only require a paper, high school transcripts and a few other things. It is ridiculous that they even need to know your race. Look at their academic abilities, adjust for economic status and you are done.
Assuming you don't get a coupon, everyone knows to not pay full price for a Dell! Here is a laptop I just ordered
Thinkpad t61
14 inches 1440x900 screen
Core 2 duo Santa Rosa (2.0 GHz, 4 megs cache)
nvidia quadro nv140 128 meg (based off an 8400 apparently)
2 gigs of ram
100 gig 7200 rpm hd
3 year warranty
If you look around, you can find really good deals on PCs, Macs never change in price. I wanted a mac this time around, but I had no options. I wanted a nice midrange laptop, something in between a pro and a regular and nothing was to be found so they lost my business.
Everyone as shot down as the enraged terrorist realizes what is going on and that he has no option but to kill himself or face serious charges. Might as well take out as many people while you can in the process. This is an interesting, if not extremely original idea but I think that a terrorist can still cause a lot of damage even with this.
The degree is worth it. I first went to a technical school. Then decided I wanted to get a two year degree from PSU in networking. After my third year I decided to go on for my 4 years in college from seeing various friends graduating and where they were ending up. I lost quite a few credits in the move (and am now graduating with 140+ credits), but I did finish it in time. If you are like me a four year degree will not teach you a whole lot of technical stuff.
Being that you read Slashdot and probably can network computers and run 5 OSes on your computer at once you probably have a strong base of technical knowledge. I would say I learned very little and really only filled in my technical skills, but what I learned is invaluable. I learned that there is more to IT then setting up a router or configuring a computer. I learned how to handle IT and make it useful to people. I learned how to handle business. I learned to manage a project. I learned to learn.
I had a job interview for a BIG company that pays amazingly well in DC who doesn't even interview people w/o bachelor's. My interview started with the interviewer telling me that he went to PSU and that he thinks people from my major are the best things sliced bread. I landed a nice job with great benefits. I plan on going to grad school now for information security, which this company will pay for. I went from two year to 4 year to 6 year. Learning in IT is never ending the quicker you learn that the better. Certs will help, but nothing beats a degree. Most people with degrees will probably have the same certs as you anyways as they are really easy to get with a base of learning like a degree.
My suggestion go for 4 years and make the best of it!