What do mean? Do you prefer the encrypted or incomplete version of the data?
Anyways, the actual hackers pointed out that the data was just bit-shifted. That's pretty weak. This is like 90s-era movie decryption techniques that will occur on your monitor while you watch.
I've worked on a bunch of contract at various levels of government and I'm always shocked to see how belligerent and protective departments or groups can be with their code and applications. There's been so many times when I get hired to do something that after spending a day or two there, that I discovered that another department has done the exact same thing. What follows is my recommendation to leverage what they have in-house already rather than whip something up. What always follows after is weeks of chatter and the eventual escalation to the board/CIO/CTO/CEO to make things happen. 90% of the time they tell me to go back to my original work order and get it done as they initially requested. Good money for me, but what a waste.
Case in point, the "communications" department wanted to refresh the staff directory with more helpful information and include (for who wants to) include their Twitter/LinkedIn/geocities/etc links. We get hired to do this for them. HR has a full-fledged table that we need to do nightly imports and THEIR OWN Web Application (and a dormant web-service to call). What would be a simple DB extend by adding a couple of other linked tables, becomes a duplicate because the HR folks have their own IT department and don't want to play nice with corporate. $10k vs $50k.
I mean, who enables remote management of their router?
I get the fact that sometimes you gotta open stuff up remotely; but in that case, you'd hop onto your jumpbox and then launch a browser to log into your router.
You are absolutely correct; it's the only way they can measure easily: your attendance. Timelines, deliverables, e-mail replies, etc are the other easier ones. Determine the quality of work, leadership, innovation, efficiency, etc need proper analysis and most managers are not able to do it.
I'm finding more and more job descriptions explicitly stating that they expect the employee to be on site and working the regular schedule.
I currently have a handful of people reporting to me and I have no issues of allowing them to work a day a week from home. I do it myself. Only time when I can get some peace and quiet to get proper work done. Life is too short, commutes are too long, and don't have budget to give people raises. I do get the occasional comments about my team and I just ignore those.
... that the journalist contact Adams a day or so after his father passed away for a story?
As distasteful Adams comments may be about wanting people dead, it's completely inappropriate to hassle someone who just his father pass away? He's mourning and probably not in a good place.
I'm sure Adams had his PR person filter the request, but still, give the guy some time!
Heh, I was referring to Project Management, as the "new line of work".
You're right though, I have about 8 outlook rules that make it very simple. I only really care about what 4 or 5 people have to say, the rest is just noise or done on a best effort basis.
When dealing with PMs I usually have one rule; one reply every four hours in an eight-hour shift, during one of my three e-mail checking windows.
Some people I reply at the end of the week, setting a delay to send the message at 5pm Friday when I know they have skipped work early.
If you don't have the skills to route my daily BS update somewhere more appropriate then your inbox maybe you should look for new line of work.
Project Management?
Seriously, one could make the argument that for a comprehensive communication skill-set, knowing who you should be engaging is as important as the actual message.
Whereas with a PC, Android or iOS system you have plenty of RAM, storage and graphics capability so you can be pretty sloppy in your code and get away with it.
Man, I don't have fond memories of memory/resource management in the old PC and C64 day. Not having to deal 64k blocks for expanded memory is a good thing.
In this day and age, multi-threaded programming is more important than managing memory IMHO. I've done my share of sloppy code, mostly because I had more important things to deal with. Sometimes a nested loop does the job quickly and you can move on to other parts. I have yet gotten a bonus,programming style points and won accolades from my peers by coding beautifully or super-efficiently. It's usually scorn and jealousy. 80% of the code I've worked on, no other soul looks at.
I say use what you have at hand and get the job done. If you got 2 Megs of RAM, use them. If you save the a Meg, you're not going to have some sort of cyber consciousness thank you for using less electricity or cycles. Hell, you may have limited your application by not using all the resources available to you.
If you have the luxury of time, enhance it and make it more bug-free.
While many good people lost their job in Nortel, there was a LOT of deadwood at Nortel. Kanata has never been the same since.
We had one upgrade with Nortel telecom equipment, where I had one engineer and five (or six) project managers. You need one or sometimes even two good project managers, but never FIVE, especially when the engineer is doing all the heavy lifting (figuratively and literally). So by charging us $300/hr, we knew we were subsidizing several crappy layers of ineffeciency.
A-L may in a similar boat. There are probably people who did not keep fresh or add very little value, because they were brought in when a VP went on an empire-building spree.
Apple is setting a terrible precedent. I think I know their motivation (e.g. money, Chinese market, etc).
Let's say Saudi Arabia makes looking at dirty pictures illegal (not just immoral). Are they scrapping browsers?
No, the government needs to ensure that while using their network infrastructure the "dangerous" services and applications are blocked. Don't impose your morality and legality on citizens of other countries.
Apple is weak. They considered the cost/benefit analysis, and figured that the few hundred people who get irate about this won't matter. Chinese citizen will not stop buying an iPhone even with this app gone; they buy it for the "cool" factor not because it allows civil disobedience. Most Chinese are terrified of getting in the sights of their government. Those who have an iPhone will gladly use in the government-approved manner.
I once experienced an DoS MitM LTE XSS attack that lasted 42 hours and had a steady stream of 105TB/ms using NetBIOS Saturation over AppleTalk techniques that spread over a redundant cluster of MBR using HPFS. Of course the victim wishes to remain in the shadows as sharing the company's identity would either harm their reputation or allow you to verify the plausibility of the incident.
I really liked the series, but them dropping the ball on Episode 3 and forfeiting on their promise to release, really soured the experience for me.
I will certainly not buy when it comes out, whatever they call it. Actually, I haven't bought anything off Steam and certainly from Valve for that reason (I always associated both together, since the only reason I installed Steam was for HL2).
Agreed, that to me seems a respectful way of treating your employees. People have families and commitments, the least you can do is give them notice as far ahead as possible. And some generous severance.
Agreed. Chances are there are a bunch of PMPs and ITIL processes in place. Could be internal politics.
Coding a few minutes is a one thing. Testing it, getting someone to approve to move something to prod, and herding people to actually do work is a bunch of other things. Legal and PR may get involved too.
In some corps I worked, the finger-pointing usually takes days and involves a bunch of crappy meetings. It can be days before someone engages InfoSec or the developers to confirm a problem.
Two weeks is not terrible; better than most large corporations.
That's not too bad all things considering. Maybe they have a proper structured development shop (not too structured, since it obviously doesn't include code reviews or vuln scanning)? Maybe they had maintenance windows which they are contractually bound to (and more expensive to make an exception then to do deal with a flaw)? Maybe once they were made aware of the problem they were scanning the database system for odd entries or suspicious activity? Maybe they needed to get an independent audtor to review so they can appease their various stakeholders?
Hopefully they learned from this, and will at least run an automated vulnerability tool against the app for future releases.
Treat a desktop like a desktop. Perhaps share elements of the Windows OS between platform (.NET framework, kernel, DirectX, etc) but the UI must be diffirent. In case of a hybrid device; let the user pick the experience he/she wants.
Continue the Home Server concept; partner with a company (D-Link) to create a stand-alone box. Don't screw this up. If you want a media box, do it properly. Get some content; pick a movie studio or two to back you up. Get an American TV channel. GET LIVE SPORTS, especially SOCCER!
Realize that you lost the smartphone market. Work towards creating a presence on the incumbents. Price the competition out of the water. Do a proper Office version.
Lower the OS price. Create three versions tops; Lite, Regular and Corporate.
They want an app store. Okay, that's fine. Create a "certified by Microsoft" program that provides some perks and allow people to buy stuff online. Fully-tested software (a proper QA process), no malware/spyware, backups, more generous licensing,
XBoXOne - give a free online experience. Support the indie community more. Don't release 20 variants of the console.
Forget doing a hardware media player like the zune. Do something that allows you to play music on existing smartphones. An app that allows you to stream the music from your media box (as mentioned above).
Pick another commercial product area. Perhaps education? Perhaps extend messaging.
Look at more reasonable pricing for CALs in the corporate market. Give better volume discounts.
How about the fact that Chrome can import passwords stored in Safari to begin with?
So Safari has some security issues as well. Where is the "master key" to export passwords?
I guess the underlying message is that if you leave a computer unattended the information is accessible to anyone. E-mail, passwords, documents, MP3s, etc.
This is a convenience feature and 99% rather have the convenience of a cached web passwords on their personal computer then worrying about something walking by.
Slashdot Mirror
What do mean? Do you prefer the encrypted or incomplete version of the data?
Anyways, the actual hackers pointed out that the data was just bit-shifted. That's pretty weak. This is like 90s-era movie decryption techniques that will occur on your monitor while you watch.
I've worked on a bunch of contract at various levels of government and I'm always shocked to see how belligerent and protective departments or groups can be with their code and applications. There's been so many times when I get hired to do something that after spending a day or two there, that I discovered that another department has done the exact same thing. What follows is my recommendation to leverage what they have in-house already rather than whip something up. What always follows after is weeks of chatter and the eventual escalation to the board/CIO/CTO/CEO to make things happen. 90% of the time they tell me to go back to my original work order and get it done as they initially requested. Good money for me, but what a waste.
Case in point, the "communications" department wanted to refresh the staff directory with more helpful information and include (for who wants to) include their Twitter/LinkedIn/geocities/etc links. We get hired to do this for them. HR has a full-fledged table that we need to do nightly imports and THEIR OWN Web Application (and a dormant web-service to call). What would be a simple DB extend by adding a couple of other linked tables, becomes a duplicate because the HR folks have their own IT department and don't want to play nice with corporate. $10k vs $50k.
I just wanted to say that your blog entry is outstanding and explains the replay scenario perfectly. Thank you for sharing.
Same here.
I mean, who enables remote management of their router?
I get the fact that sometimes you gotta open stuff up remotely; but in that case, you'd hop onto your jumpbox and then launch a browser to log into your router.
You are absolutely correct; it's the only way they can measure easily: your attendance. Timelines, deliverables, e-mail replies, etc are the other easier ones. Determine the quality of work, leadership, innovation, efficiency, etc need proper analysis and most managers are not able to do it.
I'm finding more and more job descriptions explicitly stating that they expect the employee to be on site and working the regular schedule.
I currently have a handful of people reporting to me and I have no issues of allowing them to work a day a week from home. I do it myself. Only time when I can get some peace and quiet to get proper work done. Life is too short, commutes are too long, and don't have budget to give people raises.
I do get the occasional comments about my team and I just ignore those.
... that the journalist contact Adams a day or so after his father passed away for a story?
As distasteful Adams comments may be about wanting people dead, it's completely inappropriate to hassle someone who just his father pass away? He's mourning and probably not in a good place.
I'm sure Adams had his PR person filter the request, but still, give the guy some time!
Every heard of Free Trade; e.g. NAFTA? Why should it only benefit American corporations?
No argument about CGI's incompetence. Seen it myself first-hand.
Cool it on the jingoism though.
Heh, I was referring to Project Management, as the "new line of work".
You're right though, I have about 8 outlook rules that make it very simple. I only really care about what 4 or 5 people have to say, the rest is just noise or done on a best effort basis.
When dealing with PMs I usually have one rule; one reply every four hours in an eight-hour shift, during one of my three e-mail checking windows.
Some people I reply at the end of the week, setting a delay to send the message at 5pm Friday when I know they have skipped work early.
If you don't have the skills to route my daily BS update somewhere more appropriate then your inbox maybe you should look for new line of work.
Project Management?
Seriously, one could make the argument that for a comprehensive communication skill-set, knowing who you should be engaging is as important as the actual message.
No, they used "sarcasm". The deadliest attack of them all.
Hm, /. may have a valid case to chase after.
After all, they duplicated the site/logo/etc without the permission of the actual copyright owners.
Whereas with a PC, Android or iOS system you have plenty of RAM, storage and graphics capability so you can be pretty sloppy in your code and get away with it.
Man, I don't have fond memories of memory/resource management in the old PC and C64 day. Not having to deal 64k blocks for expanded memory is a good thing.
In this day and age, multi-threaded programming is more important than managing memory IMHO. I've done my share of sloppy code, mostly because I had more important things to deal with. Sometimes a nested loop does the job quickly and you can move on to other parts. I have yet gotten a bonus,programming style points and won accolades from my peers by coding beautifully or super-efficiently. It's usually scorn and jealousy. 80% of the code I've worked on, no other soul looks at.
I say use what you have at hand and get the job done. If you got 2 Megs of RAM, use them. If you save the a Meg, you're not going to have some sort of cyber consciousness thank you for using less electricity or cycles. Hell, you may have limited your application by not using all the resources available to you.
If you have the luxury of time, enhance it and make it more bug-free.
While many good people lost their job in Nortel, there was a LOT of deadwood at Nortel. Kanata has never been the same since.
We had one upgrade with Nortel telecom equipment, where I had one engineer and five (or six) project managers. You need one or sometimes even two good project managers, but never FIVE, especially when the engineer is doing all the heavy lifting (figuratively and literally). So by charging us $300/hr, we knew we were subsidizing several crappy layers of ineffeciency.
A-L may in a similar boat. There are probably people who did not keep fresh or add very little value, because they were brought in when a VP went on an empire-building spree.
Good point.
Apple is setting a terrible precedent. I think I know their motivation (e.g. money, Chinese market, etc).
Let's say Saudi Arabia makes looking at dirty pictures illegal (not just immoral). Are they scrapping browsers?
No, the government needs to ensure that while using their network infrastructure the "dangerous" services and applications are blocked. Don't impose your morality and legality on citizens of other countries.
Apple is weak. They considered the cost/benefit analysis, and figured that the few hundred people who get irate about this won't matter. Chinese citizen will not stop buying an iPhone even with this app gone; they buy it for the "cool" factor not because it allows civil disobedience. Most Chinese are terrified of getting in the sights of their government. Those who have an iPhone will gladly use in the government-approved manner.
I once experienced an DoS MitM LTE XSS attack that lasted 42 hours and had a steady stream of 105TB/ms using NetBIOS Saturation over AppleTalk techniques that spread over a redundant cluster of MBR using HPFS. Of course the victim wishes to remain in the shadows as sharing the company's identity would either harm their reputation or allow you to verify the plausibility of the incident.
I really liked the series, but them dropping the ball on Episode 3 and forfeiting on their promise to release, really soured the experience for me.
I will certainly not buy when it comes out, whatever they call it. Actually, I haven't bought anything off Steam and certainly from Valve for that reason (I always associated both together, since the only reason I installed Steam was for HL2).
"Brand" and "Knock-off" should be carefully used in the same sentence.
For 10 seconds I thought that Apple was branching off and selling some new cola that tastes like Coke(tm).
Agreed, that to me seems a respectful way of treating your employees. People have families and commitments, the least you can do is give them notice as far ahead as possible. And some generous severance.
If you want to know more what each party is discussing with their national governments, can't think of a better place than hacking Belgian telecom.
This is why they did it.
Agreed. Chances are there are a bunch of PMPs and ITIL processes in place. Could be internal politics.
Coding a few minutes is a one thing. Testing it, getting someone to approve to move something to prod, and herding people to actually do work is a bunch of other things. Legal and PR may get involved too.
In some corps I worked, the finger-pointing usually takes days and involves a bunch of crappy meetings. It can be days before someone engages InfoSec or the developers to confirm a problem.
Two weeks is not terrible; better than most large corporations.
That's not too bad all things considering. Maybe they have a proper structured development shop (not too structured, since it obviously doesn't include code reviews or vuln scanning)? Maybe they had maintenance windows which they are contractually bound to (and more expensive to make an exception then to do deal with a flaw)? Maybe once they were made aware of the problem they were scanning the database system for odd entries or suspicious activity? Maybe they needed to get an independent audtor to review so they can appease their various stakeholders?
Hopefully they learned from this, and will at least run an automated vulnerability tool against the app for future releases.
Excellent question. Here's what I would do.
Treat a desktop like a desktop. Perhaps share elements of the Windows OS between platform (.NET framework, kernel, DirectX, etc) but the UI must be diffirent. In case of a hybrid device; let the user pick the experience he/she wants.
Continue the Home Server concept; partner with a company (D-Link) to create a stand-alone box. Don't screw this up. If you want a media box, do it properly. Get some content; pick a movie studio or two to back you up. Get an American TV channel. GET LIVE SPORTS, especially SOCCER!
Realize that you lost the smartphone market. Work towards creating a presence on the incumbents. Price the competition out of the water. Do a proper Office version.
Lower the OS price. Create three versions tops; Lite, Regular and Corporate.
They want an app store. Okay, that's fine. Create a "certified by Microsoft" program that provides some perks and allow people to buy stuff online. Fully-tested software (a proper QA process), no malware/spyware, backups, more generous licensing,
XBoXOne - give a free online experience. Support the indie community more. Don't release 20 variants of the console.
Forget doing a hardware media player like the zune. Do something that allows you to play music on existing smartphones. An app that allows you to stream the music from your media box (as mentioned above).
Pick another commercial product area. Perhaps education? Perhaps extend messaging.
Look at more reasonable pricing for CALs in the corporate market. Give better volume discounts.
Thanks; that's good info.
So the underlying convenience is at fault.
How about the fact that Chrome can import passwords stored in Safari to begin with?
So Safari has some security issues as well. Where is the "master key" to export passwords?
I guess the underlying message is that if you leave a computer unattended the information is accessible to anyone. E-mail, passwords, documents, MP3s, etc.
This is a convenience feature and 99% rather have the convenience of a cached web passwords on their personal computer then worrying about something walking by.