I want you to take a deep breath, close your eyes and think of an image of two cute little Golden Retriever puppies peeping out of a pair of bedroom slippers.
You need to think like a hacker in order to understand this better.
No, you are right, this could be about faulty accounting software and we may never know the actual root cause.
But if it was a hack, then maybe the hacker socially engineered Apple's account code for Sega and that allowed him to perform the hack - it's quite possible that was the only thing the hacker was able to do.
However, from the hacker's perspective, to be able to boast about hacking into Apple is big karma amongst the hacker community - it doesn't necessarily need to be a huge world-changing hack like Sony suffered to garner that notoriety.
You also need to be aware that hacking big evil corporations seems to be a cool thing at the moment - so Apple, Microsoft & others being hacked might well be expected.
I work in security on Linux-based VoIP telephony systems for the manufacturer of those systems.
About two years ago, I was contacted by one of our global customers, a big name in the airline industry, because of their Eastern European call centres had suffered toll fraud and they needed an analysis of the cause and additional hardening put on the servers if it was necessary - that in itself was nothing unusual, I do this kind of the stuff all of the time.
But the interesting part of it was that the request for my services came directly from management people in that call centre and as I started planning what I was going to do and how I was going to do it, it became clear it was a cover-up in that I was being asked to work very discreetly so as not to alert that airline company's head office - in other words, the call centre management were covering up the toll fraud, presumably because they themselves had left security holes on the system when administering them, even from their own head office.
From my perspective, because the airline company is a global customer of ours, this was a definite conflict of interest - so I stopped planning it there and then and handed it off to our global account manager for the airline company to go and sort out.
Re:Reminds Me of Something the Sony CEO Said ...
on
Has iTunes Been Hacked?
·
· Score: 4, Interesting
Also about half a dozen years ago, a CEO in a software company was suffering one way transmission on VoIP calls and as the manufacturer of the VoIP hardware and software, we'd had technicians trying to fix the problem for months - countless hardware was changed, IP stations, etc. etc. because the customer was screaming at my company daily and it had been escalated to the highest levels.
As a security & network guy, I got dragged in at the later stages, myself and another consultant went through some packet sniff captures when the problem was happening and we eventually worked out that someone from within the software company was trying to do a man-in-the-middle attack to snoop on the CEO's calls, he/she clearly hadn't got it working right and was interrupting one of the transmission paths, hence the problem.
We emailed the analysis to the customer and showed it was someone in their company causing the problem. From that point on, it went completely quiet - no daily secreaming from the customer, not even an acknowledgement of our emailed analysis.
I don't know if higher up in my company we billed the customer for all the work we did or if anything was said afterwards but this was definitely hushed very quickly within that software company.
Agreed. But if you are a Sony customer who has been affected by the outage, and you have every right to be angry at being affected, then you should also be asking yourself why Sony had such little resilience and backup in place such that the outage you suffered was not more than a few hours, rather than a whole month.
Once the data was stolen, Sony could do nothing but let their customers know the risks of that data getting out into the open and then securing their systems to stop it happening it again. They decided to take their servers down for a month and not put something temporary in place just to give you and other subscribers some kind of the service that you paid for.
If you care about data protection then you have systems in place constantly monitoring for attacks onto your systems, and an alarm should be raised when something out of the ordinary starts to happen. If you've put a proper contingency in place then you can, for instance, stop worrying about credit card payments for a while and drop your customers an email with a temporary account onto backup servers while you investigate the main problem.
If you care about deliveriing proper customer service, there is absolutely no excuse for having important servers offline for a month, unless you've done absolutely nothing in the way of risk assessment and contigency planning and/or care more about you as an organisation losing money than giving your customers the service they have already paid for.
Go to 15 characters in your organisation and the number of numpties ringing you up on the help desk for password resets will increase exponentially.:-)
If you're feeling the need to go beyond 8 character password lengths, then that's the time to look at one-time passwords / challenge-response keys or even scrapping passwords completely and doing authentication over SSH with public and private keys.
Yes, it does make the assumption that you've been able to remove a copy of the encrypted password list and analyse it locally.
If you brute force a service or UNIX daemon over a network then it's going to lock you out of that account for good after maybe 5 attempts, or it might just lock for 20 minutes or so meaning that it's going to take you an incredibly long time to be successful. Besides which, any security or sysadmin guy worth his salary is going to have set up syslogging of invalid access attempts to somewhere where he gets an alarm indication when this stuff is happening.
It's also worth mentioning that if you're going to pull out a local copy of the encrypted passwords, even if it's possible to do so (Windows guys?), the mimimum account access you will need is root on a Linux or UNIX system (well, modern UNIXes anyway).
So, yes, it's a security concern but unless you know the root password, or someone with the root password, of little practical value in the real world.
Also, if LulzSec doesn't get taken out soon, I'm fucking gonna find one of them and shit on their head. This is getting ridiculous.
Okay, I'll take a guess here and say you're a disgruntled PS3 user who's angry at not being able to get onto the PSN for over a month - and, quite frankly, if you're not getting a service you've paid for, you've every right to be hacked off about it. If you're not, then I apologise in advance.
Furthermore, I work in system security and whilst I'm grateful to hackers for creating a need for my job, I don't admire them for stealing stuff - sure, breaking into a system quietly without doing any harm and letting your victim know how you got in without going public perhaps has some genuinely altruistic motive but that's the extent of what defines a "good" hacker.
But you also need to think about this also. Why did Sony have absolutely no resilience in place such that the PS3 community only suffered, say, 24 hours of outage while they switched in backup systems, rather than a whole month? If customer data records have been stolen then once Sony have let their customers know it's happened, all they can really do is stop it happening again.
In which case, Sony's prime focus should have been to get their customers back online as quickly as possible, even if it meant that they just sent every user an email with a temporary password to a backup set of servers that at least gave them PSN access whilst they sorted the core security issues out.
I can tell you know with my knowledge of the security industry that every major company, particularly those perceived by some as "evil", is constantly under cyberattacks from Internet Robin Hoods who believe they will be doing the world a favour if they take those companies down - the fact is that those same companies don't reveal those attacks are happening because it's bad for business. The only time they WILL reveal attacks is when they have to let their customers know to take some action because their data has been stolen.
What I am actually saying here is that if you are one of these companies then if you are carefully watching those constant attacks on your systems, you are going to see an increase in activity when you make some announcement in the press, especially if it's one that's not popular. That's your warning that it's time to put some kind of resilience solution or failover process in place because the more you are repelling attacks on your systems, the more likely it is that one will actually get through and do some damage - hell, if you've any common sense, you'll predict this anyway and already have something in place *BEFORE* you make the unpopular announcement.
So what you really should be asking yourself is why, on the basis that in all likelihood Sony had plenty of warnings that such an attack would succeed, they did not put in place some contingency plans to, at best, stop the data being stolen in the first place or, at least, putting some backup systems in place to ensure some degree of service continuity when the attack finally occurred?
The fact is that they choose to take your personal data as part of their requirements of doing business with you, they therefore have the responsibility of ensuring the security protection of that data. And since they clearly haven't done that in this instance, despite having plenty of warning, what you and all the PS3 community should be doing is asking yourselves, and Sony, what it is you are actually paying your high monthly subscription fees for.
It's the "VHS vs. Betamax" argument once again - Betamax was technically a better system but VHS had porno movies and that's why Joe Public favoured VHS.
I'm ready to stand corrected but I'd be very surprised if any electronics manufacturer today wasn't having assembly done in China where human rights abuses are probably taking place on the factory floors.
But the fact is, Joe Public just sees CDs that he cannot rip on his computer, horror stories of secretly installed Sony rootkits, and some option to boot Linux on his PS3 has now gone - hence Sony appears infinitely more evil than Nintendo.
To be honest, it sounds like quite a clever move, even though I don't condone anything hackers do, despite the evilness of their victims.
Is this not just LulzSec "giving the bird" to Sony once again? i.e. "We could have attacked Nintendo but we chose not to because we actually quite like them but hate you?"
If you think about it, it's quite elegant - giving Sony another kick without actually touching anything owned by Sony? I know I shouldn't admire them but I quite like their cheekiness.
If they were, as you say, running Linux like Sony then that would possibly serve to explain a scenario where Nintendo were hacked in an identical way to Sony.
However, in this case, Nintendo did not suffer the same fate as Sony - therefore I can only assume that either:
a) the hackers were unsuccessful in their attempt to hack Nintendo, in which case it might be concluded that this was because Nintendo use an entirely different OS set up to Sony to which the hackers have less expertise in discovering flaws, or,
b) the hackers made a conscious decision not to attack Nintendo despite being able to use the same attack vectors on Nintendo as they did on Sony.
In both of the above, both Sony and Nintendo running Linux (if such is the case) does not serve to explain why Sony was hacked and Nintendo wasn't.
One must therefore conclude that your statement was an attempt at humour which failed dismally. But thanks for trying anyway.
The consensus of the population make the law, not the individual people involved with each event no matter how good-willed they may be. Again rule law of vs ruie of man. You accuse me of not understanding "buzzwords" that I use. I see now that is an argument from ignorance on your part, you seem entirely unfamiliar with the basic principles under discussion.
If you're saying I'm ignorant because I don't know "rule of law vs. rule of man" then I agree - because I came to these conclusions based on my own opinions and experiences, not from something I read somewhere. I have no legal training, I'm a technical person, but if someone else has defined better what I myself have drawn conclusions to, then surely the fact that at least two of us came to those conclusions on different paths just strengthens my argument?
Its telling that you predicate your participation in the discussion on the explication of a standard trope used in context. Sorry for giving you the benefit of the doubt by assuming your previous objection was just hyperbole. A dictatorship is about as close to pure rule of man as it gets - the laws on the books don't matter, the outcome of conflict is decided by whichever party involved has the most political strength, deferring up the chain of leadership, and is generally couched in self-serving language about doing the right thing for the country.
What you call "clever phraseology" is simply someone speaking at a level of understanding of the issues above what you have reached. Somewhat like what Clarke said about technology appearing as magic. Don't have so much confidence in your ignorance.
Okay, I take the above as a compliment as you're clearly now trying to resort to clever usage of words to obfuscate rather than explain - that tells me you think you're losing the argument.
No, wrong. A dictatorship is the enforcement of the rules and laws created by one man (or a small group of men) in a leadership position. Whether or not it results in doing the right thing for the country is irrelevant because that's nothing to do with what I am talking about. Therefore your analogy of my opinion to North Korea is a fail.
In fact, I can go a stage further with this one. Even in somewhere like North Korea, despite being oppressed by the governing powers, if you're a lowly citizen living there it is still possible to make the best of an oppressive situation by doing your best to get on with the community you live closest to - if anything, people bond more and are more law abiding because they recognise there's no point fighting each other because they are all in it together.
That's why your North Korea analogy doesn't work because being a citizen in a community where most people have respect for the others around them is not dependent on the type of government they are under. Go anywhere in the democratised and free Western world and you will find generally smaller rural communities where everyone knows everyone else and treats everyone else as a friend and neighbour. And as I said above, communities where everyone shares a common interest or isolated location are those where people are more likely to work more for the interests of the community rather than themselves.
In many organisations, the engineers have the BETTER communication skills because they're the poor sods trying to fix problems on site with the customer screaming at them - salesmen usually appear in front of the customer when they know the customer is happy to think about spending some money.
I've not worked out in the field for 15-years now but I used to do PBX maintenance in a very specific area of West London and I got on absolutely great with my customers, to the point where every Christmas I had to give bottles of whisky away to friends because so many of my customers gave them to me.
Yes, I had screaming customers because PBX systems were dead but I never bullshitted them, always turned up when I said I would (or called them in good time if I had to postpone a visit due to something else) and did my best to fix their problems. And if I had 10 minutes to spare and I was driving past a customer, I would even just pop my head in the door to say hi, have a quick coffee and check everything was okay. They really appreciated that and I'd frequently be told tales of how a salesman or senior manager from my company had visited a couple of days earlier and was a complete asshole.
I EVEN had the classic scenario whereby me and few other engineers were in a customer equipment room with loads of test kit dealing with a particularly hard-to-find problem that the customer had raised a serious complaint about. In walked my boss's boss in his sharp suit, all cheerful and rubbing his hands saying:
"Okay, lads, where's this PBX I need to help you fix then?"
to which I replied:
"Directly underneath what you just put your briefcase on." was my reply.
Well I don't get to banging 15 hookers simultaneously in an Amsterdam hotel room whilst at a sales conference and booking it as a company expense admittedly......and despite the fact that my stable, 18-year-long monogamous heterosexual relationship bursts your stereotyping bubble of we computer geeks, I thought we PC techie-types were renowned for having constantly drained balls due to our enhanced computer knowledge giving us these mystical abilities to always be able to find free porn?
And what's worse is that you are GENUINELY trying to help them out. Something has been promised to the customer that is either impossible or not possible within the promised timescale, it doesn't matter who escalates to who or how high in any of the companies, IT JUST CANNOT POSSIBLY BE THAT WAY.
So as techie you try to brief the sales guy because you know he has to stand in front of the customer and reach some kind of compromise and therefore if he goes in there sounding like he knows what he's talking about, he has a more convincing argument and therefore better chance of getting that compromise.
But even then, not interested. Straight onto the phone to his boss or my boss in some vain belief that escalating it makes the impossible possible... those are the ones who REALLY annoy me.
People skills make money. Technical skills make products, which need to be sold and *may* make money, provided you have someone to sell them.
I'm afraid you suffer from the very blinkered thinking that a lot of other sales people suffer from - to correct you, technical skills make SOLUTIONS, not just products.
That's precisely why I can take a bunch of our existing products, explain to a sales guy how I can connect them together in a fun way for the customer, or devise a value-add service on those products for the customer and get him to go sell it. He can't design it, I can't sell it, end of story.
BTW, as head of sales my notebook is a Thinkpad running Linux.
Sorry, are you the original submitter of the article? If not, then the above is irrelevant information as I was quoting and addressing him based on his "sales-speak" type comments.
However, I drive a black company Audi, which in you eyes probably qualifies enough to be put into the "stupid sales droid" drawer.
I get a company car, I chose a VW Passat because it was a good enough car at a good enough price when I needed to buy one. It's based on the Audi A4 chassis so I'm told, otherwise it's got aircon, a music player and gets me from A-B. Car talk is wasted on me I'm afraid, I'm not an enthusiast and probably don't even know what some of my close friends even drive.
Stupid sales droid? No idea, are you one then? Again, I was quoting and responding to the submitter's comments - he sounds like he works for a reaonably big organisation like I do where there are distinct sales and technical people. Other orgs are smaller, even one-man operations, in those there are probably sales people who have to be technical also.
In my organisation, there are good and bad sales people.
The good ones know I don't bullshit, trust my ability to help them out and leave me to get on with it - they also listen to my point of view and learn something in the process, at the same time I can learn about the pressures there under & either give them more support in front of the customer or work out better and quicker ways of doing stuff.
The bad ones don't listen as soon as they realise they can't have what they want and just go crying to their boss to escalate the issue. Those are the ones I was referring to in my posting.
Only you know which of the above categories you fall into.
You've stated your point very well however both you and the kid incorrectly refer to a right to post something to Youtube. Youtube is is a private video hosting service offered by a company and privilege to use. I stand corrected if Canada has mandated free expression on the web via a U.S. Company. I'll admit that I'm not that familiar with Canadian law.
I'm in the UK but otherwise no worries on that.
Okay, we're probably arguing unnecessary semantics over what YouTube is and isn't, at this level it just needs to be a public place where you can post videos that can be viewed by people you probably don't know. And that's why you need to show some discretion and forethought, probably more so on a service that is a privilege, rather than a right, to use.
And, yes, there are as many assholes out there with nothing better to do with their time than actively search for things to be offended by - but at least if you've demonstrated some initial discretion yourself in the first place, then that gives you the right to tell the busy-bodies to bugger off and mind their own business... going back to my pedigree dogs analogy, if I'm stood in a corner discussing the topic fairly privately to someone and a third party butts in and starts taking offence, I can turn round to them and tell them they weren't included in this private conversation so should butt out.:-)
Far from it, I've been a techie guy now for some 25-odd years, done well at it and never want to do anything else.
If I'm honest, I've worked with both good & bad sales people, most of those I do work with these days respect my technical skills and I respect that they're the guy usually standing in front of the customer. I don't like some of the promises they make but I don't bullshit either - if I can deliver what they've sold then I usually go do it, otherwise I'll support them in front of the customer if they need a technical backup to explain why it can't be done.
Unfortunately I have been in meetings with sales people where as soon as I start talking even simple techie-talk, they switch off and don't care to hear what you have to say. So there are probably as many sales assholes out there as think I'm a techie asshole.
...merely to see that look on your once-smug face when you wrap that commission-funded Porsche of yours round the nearest lamp-post after one too many bottles of Pinot Grigot at your expenses-funded lunches.
Here's how it should work:
1. You tell me what you need and when you need it by.
2. I laugh in your face and tell you what you really need and when you can have it by.
3. You get two phone calls or two emails to me between now and the deadline to ask me "How's it going?" Any more than that and I get 10% of your commission for each additional call or email over the limit.
4. You are a salesman, you deal with persuasion and lies. I am a techician, I deal with reality and fact. So don't try to get all technical on me because you read 5 pages of the product manual.
5. When it's ready, I will call you and you can have it. It will leave my lab working but if it's broke when it gets to site, you lose 10% of your commission immediately plus 10% for each 4-hour period I have to spend on making it work again.
And nothing makes me chew and spit out a salesman more than the classic "...but the customer is spending $1,000,000 with us so I need it this week rather than next week like you promised."
This is the point at which I inform the salesman that I can no longer work on his project as he has just personally insulted me by accusing me of not already working at full speed to get the thing working because, in his words, my work speed is directly proportional to the amount of money the customer is spending with us - I then just put the phone down or walk away... and just wait no more than an hour for him to come back crawling with an apology.
"I work for an IT consulting firm and recently I've been tasked with heading up our engineering consulting team — which without the fancy corporate speak means that we're trying to empower our engineering team to think a little like sales people instead of being purely service orientated.
I'll make a deal with you - when I find a bunch of loudmouthed "geezers" in loud suits who are prepared to listen to my "made as simple as possible for the sales mind" technical explanations as to why what they've sold/promised to the customer WON'T FUCKING WORK, rather than caring more about how big an expense lunch they can have that day, then I'll sit down and learn something from them.
BTW, do you own the latest and most expensive MacBook by any chance?
And the means by which that is most effectively accomplished is via law.
And who makes the law? Magic pixies that transcribe law books while everyone else sleeps?
Let's make it clear because I'm getting bored with your endless substanceless but clever phraseology - you tell me how North Korea applies to my opinions, then we continue this discussion.
There's nothing particularly offensive or hateful in them unless you happen to care a great deal about joe lieberman.
But, again, that's not my point.
Let me give you an example. I am not a dog lover but I am really against dog (and other) animal pedigrees because, in my view, it's the deliberate preservation of genetic defects in dogs just to turn them into a fashion accessory on your arm just like a designer handbag. (It's an example, I'm not discussing that further here.)
I have friends with pedigree dogs, I've had interesting discussions in the pub with them on the matter (they disagree with my views) but we can have the discussion without anyone taking offence because we're friends.
I won't walk into a big social gathering and espouse those views (unless someone was to ask me a straight question about my views) because I recognise that some people within ear-shot may take offence to it and I don't want to provoke a scene and embarrassment for the host at the party.
A simple example but a demonstration of how considering actions for the benefit of others around you and ensuring you understand the possible consequences before you do something.
This scenario is no different - the kid posted something in a public place and should therefore have understood, before he did it, who might see it and what they might do about it. Sure, I defend his right to post whatever he wants on YouTube, that's pretty much what it's there for - but what happens afterwards is entirely his responsibility to deal with.
I would look like a complete jerk walking into the centre of a room of crowded people and shouting out my opinions on pedigree dogs, so the second lesson to be learnt here is "Sometimes your opinion is irrelevant anyway so keep your big mouth shut."
Slashdot Mirror
Any OS will be more secure simply by virtue of locking it down that much more, thus restricting the people who use it to do less with it.
I want you to take a deep breath, close your eyes and think of an image of two cute little Golden Retriever puppies peeping out of a pair of bedroom slippers.
There... feel a bit calmer now?
You need to think like a hacker in order to understand this better.
No, you are right, this could be about faulty accounting software and we may never know the actual root cause.
But if it was a hack, then maybe the hacker socially engineered Apple's account code for Sega and that allowed him to perform the hack - it's quite possible that was the only thing the hacker was able to do.
However, from the hacker's perspective, to be able to boast about hacking into Apple is big karma amongst the hacker community - it doesn't necessarily need to be a huge world-changing hack like Sony suffered to garner that notoriety.
You also need to be aware that hacking big evil corporations seems to be a cool thing at the moment - so Apple, Microsoft & others being hacked might well be expected.
I work in security on Linux-based VoIP telephony systems for the manufacturer of those systems.
About two years ago, I was contacted by one of our global customers, a big name in the airline industry, because of their Eastern European call centres had suffered toll fraud and they needed an analysis of the cause and additional hardening put on the servers if it was necessary - that in itself was nothing unusual, I do this kind of the stuff all of the time.
But the interesting part of it was that the request for my services came directly from management people in that call centre and as I started planning what I was going to do and how I was going to do it, it became clear it was a cover-up in that I was being asked to work very discreetly so as not to alert that airline company's head office - in other words, the call centre management were covering up the toll fraud, presumably because they themselves had left security holes on the system when administering them, even from their own head office.
From my perspective, because the airline company is a global customer of ours, this was a definite conflict of interest - so I stopped planning it there and then and handed it off to our global account manager for the airline company to go and sort out.
Also about half a dozen years ago, a CEO in a software company was suffering one way transmission on VoIP calls and as the manufacturer of the VoIP hardware and software, we'd had technicians trying to fix the problem for months - countless hardware was changed, IP stations, etc. etc. because the customer was screaming at my company daily and it had been escalated to the highest levels.
As a security & network guy, I got dragged in at the later stages, myself and another consultant went through some packet sniff captures when the problem was happening and we eventually worked out that someone from within the software company was trying to do a man-in-the-middle attack to snoop on the CEO's calls, he/she clearly hadn't got it working right and was interrupting one of the transmission paths, hence the problem.
We emailed the analysis to the customer and showed it was someone in their company causing the problem. From that point on, it went completely quiet - no daily secreaming from the customer, not even an acknowledgement of our emailed analysis.
I don't know if higher up in my company we billed the customer for all the work we did or if anything was said afterwards but this was definitely hushed very quickly within that software company.
...posthumously.
Agreed. But if you are a Sony customer who has been affected by the outage, and you have every right to be angry at being affected, then you should also be asking yourself why Sony had such little resilience and backup in place such that the outage you suffered was not more than a few hours, rather than a whole month.
Once the data was stolen, Sony could do nothing but let their customers know the risks of that data getting out into the open and then securing their systems to stop it happening it again. They decided to take their servers down for a month and not put something temporary in place just to give you and other subscribers some kind of the service that you paid for.
If you care about data protection then you have systems in place constantly monitoring for attacks onto your systems, and an alarm should be raised when something out of the ordinary starts to happen. If you've put a proper contingency in place then you can, for instance, stop worrying about credit card payments for a while and drop your customers an email with a temporary account onto backup servers while you investigate the main problem.
If you care about deliveriing proper customer service, there is absolutely no excuse for having important servers offline for a month, unless you've done absolutely nothing in the way of risk assessment and contigency planning and/or care more about you as an organisation losing money than giving your customers the service they have already paid for.
OK, so go to 15 characters.
Go to 15 characters in your organisation and the number of numpties ringing you up on the help desk for password resets will increase exponentially. :-)
If you're feeling the need to go beyond 8 character password lengths, then that's the time to look at one-time passwords / challenge-response keys or even scrapping passwords completely and doing authentication over SSH with public and private keys.
Yes, it does make the assumption that you've been able to remove a copy of the encrypted password list and analyse it locally.
If you brute force a service or UNIX daemon over a network then it's going to lock you out of that account for good after maybe 5 attempts, or it might just lock for 20 minutes or so meaning that it's going to take you an incredibly long time to be successful. Besides which, any security or sysadmin guy worth his salary is going to have set up syslogging of invalid access attempts to somewhere where he gets an alarm indication when this stuff is happening.
It's also worth mentioning that if you're going to pull out a local copy of the encrypted passwords, even if it's possible to do so (Windows guys?), the mimimum account access you will need is root on a Linux or UNIX system (well, modern UNIXes anyway).
So, yes, it's a security concern but unless you know the root password, or someone with the root password, of little practical value in the real world.
Also, if LulzSec doesn't get taken out soon, I'm fucking gonna find one of them and shit on their head. This is getting ridiculous.
Okay, I'll take a guess here and say you're a disgruntled PS3 user who's angry at not being able to get onto the PSN for over a month - and, quite frankly, if you're not getting a service you've paid for, you've every right to be hacked off about it. If you're not, then I apologise in advance.
Furthermore, I work in system security and whilst I'm grateful to hackers for creating a need for my job, I don't admire them for stealing stuff - sure, breaking into a system quietly without doing any harm and letting your victim know how you got in without going public perhaps has some genuinely altruistic motive but that's the extent of what defines a "good" hacker.
But you also need to think about this also. Why did Sony have absolutely no resilience in place such that the PS3 community only suffered, say, 24 hours of outage while they switched in backup systems, rather than a whole month? If customer data records have been stolen then once Sony have let their customers know it's happened, all they can really do is stop it happening again.
In which case, Sony's prime focus should have been to get their customers back online as quickly as possible, even if it meant that they just sent every user an email with a temporary password to a backup set of servers that at least gave them PSN access whilst they sorted the core security issues out.
I can tell you know with my knowledge of the security industry that every major company, particularly those perceived by some as "evil", is constantly under cyberattacks from Internet Robin Hoods who believe they will be doing the world a favour if they take those companies down - the fact is that those same companies don't reveal those attacks are happening because it's bad for business. The only time they WILL reveal attacks is when they have to let their customers know to take some action because their data has been stolen.
What I am actually saying here is that if you are one of these companies then if you are carefully watching those constant attacks on your systems, you are going to see an increase in activity when you make some announcement in the press, especially if it's one that's not popular. That's your warning that it's time to put some kind of resilience solution or failover process in place because the more you are repelling attacks on your systems, the more likely it is that one will actually get through and do some damage - hell, if you've any common sense, you'll predict this anyway and already have something in place *BEFORE* you make the unpopular announcement.
So what you really should be asking yourself is why, on the basis that in all likelihood Sony had plenty of warnings that such an attack would succeed, they did not put in place some contingency plans to, at best, stop the data being stolen in the first place or, at least, putting some backup systems in place to ensure some degree of service continuity when the attack finally occurred?
The fact is that they choose to take your personal data as part of their requirements of doing business with you, they therefore have the responsibility of ensuring the security protection of that data. And since they clearly haven't done that in this instance, despite having plenty of warning, what you and all the PS3 community should be doing is asking yourselves, and Sony, what it is you are actually paying your high monthly subscription fees for.
It's the "VHS vs. Betamax" argument once again - Betamax was technically a better system but VHS had porno movies and that's why Joe Public favoured VHS.
I'm ready to stand corrected but I'd be very surprised if any electronics manufacturer today wasn't having assembly done in China where human rights abuses are probably taking place on the factory floors.
But the fact is, Joe Public just sees CDs that he cannot rip on his computer, horror stories of secretly installed Sony rootkits, and some option to boot Linux on his PS3 has now gone - hence Sony appears infinitely more evil than Nintendo.
To be honest, it sounds like quite a clever move, even though I don't condone anything hackers do, despite the evilness of their victims.
Is this not just LulzSec "giving the bird" to Sony once again? i.e. "We could have attacked Nintendo but we chose not to because we actually quite like them but hate you?"
If you think about it, it's quite elegant - giving Sony another kick without actually touching anything owned by Sony? I know I shouldn't admire them but I quite like their cheekiness.
You reasoning is not logical.
If they were, as you say, running Linux like Sony then that would possibly serve to explain a scenario where Nintendo were hacked in an identical way to Sony.
However, in this case, Nintendo did not suffer the same fate as Sony - therefore I can only assume that either:
a) the hackers were unsuccessful in their attempt to hack Nintendo, in which case it might be concluded that this was because Nintendo use an entirely different OS set up to Sony to which the hackers have less expertise in discovering flaws, or,
b) the hackers made a conscious decision not to attack Nintendo despite being able to use the same attack vectors on Nintendo as they did on Sony.
In both of the above, both Sony and Nintendo running Linux (if such is the case) does not serve to explain why Sony was hacked and Nintendo wasn't.
One must therefore conclude that your statement was an attempt at humour which failed dismally. But thanks for trying anyway.
The consensus of the population make the law, not the individual people involved with each event no matter how good-willed they may be. Again rule law of vs ruie of man. You accuse me of not understanding "buzzwords" that I use. I see now that is an argument from ignorance on your part, you seem entirely unfamiliar with the basic principles under discussion.
If you're saying I'm ignorant because I don't know "rule of law vs. rule of man" then I agree - because I came to these conclusions based on my own opinions and experiences, not from something I read somewhere. I have no legal training, I'm a technical person, but if someone else has defined better what I myself have drawn conclusions to, then surely the fact that at least two of us came to those conclusions on different paths just strengthens my argument?
Its telling that you predicate your participation in the discussion on the explication of a standard trope used in context. Sorry for giving you the benefit of the doubt by assuming your previous objection was just hyperbole. A dictatorship is about as close to pure rule of man as it gets - the laws on the books don't matter, the outcome of conflict is decided by whichever party involved has the most political strength, deferring up the chain of leadership, and is generally couched in self-serving language about doing the right thing for the country.
What you call "clever phraseology" is simply someone speaking at a level of understanding of the issues above what you have reached. Somewhat like what Clarke said about technology appearing as magic. Don't have so much confidence in your ignorance.
Okay, I take the above as a compliment as you're clearly now trying to resort to clever usage of words to obfuscate rather than explain - that tells me you think you're losing the argument.
No, wrong. A dictatorship is the enforcement of the rules and laws created by one man (or a small group of men) in a leadership position. Whether or not it results in doing the right thing for the country is irrelevant because that's nothing to do with what I am talking about. Therefore your analogy of my opinion to North Korea is a fail.
In fact, I can go a stage further with this one. Even in somewhere like North Korea, despite being oppressed by the governing powers, if you're a lowly citizen living there it is still possible to make the best of an oppressive situation by doing your best to get on with the community you live closest to - if anything, people bond more and are more law abiding because they recognise there's no point fighting each other because they are all in it together.
That's why your North Korea analogy doesn't work because being a citizen in a community where most people have respect for the others around them is not dependent on the type of government they are under. Go anywhere in the democratised and free Western world and you will find generally smaller rural communities where everyone knows everyone else and treats everyone else as a friend and neighbour. And as I said above, communities where everyone shares a common interest or isolated location are those where people are more likely to work more for the interests of the community rather than themselves.
Surely that's common sense isn't it?
Absolute rubbish!
In many organisations, the engineers have the BETTER communication skills because they're the poor sods trying to fix problems on site with the customer screaming at them - salesmen usually appear in front of the customer when they know the customer is happy to think about spending some money.
I've not worked out in the field for 15-years now but I used to do PBX maintenance in a very specific area of West London and I got on absolutely great with my customers, to the point where every Christmas I had to give bottles of whisky away to friends because so many of my customers gave them to me.
Yes, I had screaming customers because PBX systems were dead but I never bullshitted them, always turned up when I said I would (or called them in good time if I had to postpone a visit due to something else) and did my best to fix their problems. And if I had 10 minutes to spare and I was driving past a customer, I would even just pop my head in the door to say hi, have a quick coffee and check everything was okay. They really appreciated that and I'd frequently be told tales of how a salesman or senior manager from my company had visited a couple of days earlier and was a complete asshole.
I EVEN had the classic scenario whereby me and few other engineers were in a customer equipment room with loads of test kit dealing with a particularly hard-to-find problem that the customer had raised a serious complaint about. In walked my boss's boss in his sharp suit, all cheerful and rubbing his hands saying:
"Okay, lads, where's this PBX I need to help you fix then?"
to which I replied:
"Directly underneath what you just put your briefcase on." was my reply.
Well I don't get to banging 15 hookers simultaneously in an Amsterdam hotel room whilst at a sales conference and booking it as a company expense admittedly... ...and despite the fact that my stable, 18-year-long monogamous heterosexual relationship bursts your stereotyping bubble of we computer geeks, I thought we PC techie-types were renowned for having constantly drained balls due to our enhanced computer knowledge giving us these mystical abilities to always be able to find free porn?
Exactly right.
And what's worse is that you are GENUINELY trying to help them out. Something has been promised to the customer that is either impossible or not possible within the promised timescale, it doesn't matter who escalates to who or how high in any of the companies, IT JUST CANNOT POSSIBLY BE THAT WAY.
So as techie you try to brief the sales guy because you know he has to stand in front of the customer and reach some kind of compromise and therefore if he goes in there sounding like he knows what he's talking about, he has a more convincing argument and therefore better chance of getting that compromise.
But even then, not interested. Straight onto the phone to his boss or my boss in some vain belief that escalating it makes the impossible possible... those are the ones who REALLY annoy me.
People skills make money. Technical skills make products, which need to be sold and *may* make money, provided you have someone to sell them.
I'm afraid you suffer from the very blinkered thinking that a lot of other sales people suffer from - to correct you, technical skills make SOLUTIONS, not just products.
That's precisely why I can take a bunch of our existing products, explain to a sales guy how I can connect them together in a fun way for the customer, or devise a value-add service on those products for the customer and get him to go sell it. He can't design it, I can't sell it, end of story.
BTW, as head of sales my notebook is a Thinkpad running Linux.
Sorry, are you the original submitter of the article? If not, then the above is irrelevant information as I was quoting and addressing him based on his "sales-speak" type comments.
However, I drive a black company Audi, which in you eyes probably qualifies enough to be put into the "stupid sales droid" drawer.
I get a company car, I chose a VW Passat because it was a good enough car at a good enough price when I needed to buy one. It's based on the Audi A4 chassis so I'm told, otherwise it's got aircon, a music player and gets me from A-B. Car talk is wasted on me I'm afraid, I'm not an enthusiast and probably don't even know what some of my close friends even drive.
Stupid sales droid? No idea, are you one then? Again, I was quoting and responding to the submitter's comments - he sounds like he works for a reaonably big organisation like I do where there are distinct sales and technical people. Other orgs are smaller, even one-man operations, in those there are probably sales people who have to be technical also.
In my organisation, there are good and bad sales people.
The good ones know I don't bullshit, trust my ability to help them out and leave me to get on with it - they also listen to my point of view and learn something in the process, at the same time I can learn about the pressures there under & either give them more support in front of the customer or work out better and quicker ways of doing stuff.
The bad ones don't listen as soon as they realise they can't have what they want and just go crying to their boss to escalate the issue. Those are the ones I was referring to in my posting.
Only you know which of the above categories you fall into.
You've stated your point very well however both you and the kid incorrectly refer to a right to post something to Youtube. Youtube is is a private video hosting service offered by a company and privilege to use. I stand corrected if Canada has mandated free expression on the web via a U.S. Company. I'll admit that I'm not that familiar with Canadian law.
I'm in the UK but otherwise no worries on that.
Okay, we're probably arguing unnecessary semantics over what YouTube is and isn't, at this level it just needs to be a public place where you can post videos that can be viewed by people you probably don't know. And that's why you need to show some discretion and forethought, probably more so on a service that is a privilege, rather than a right, to use.
And, yes, there are as many assholes out there with nothing better to do with their time than actively search for things to be offended by - but at least if you've demonstrated some initial discretion yourself in the first place, then that gives you the right to tell the busy-bodies to bugger off and mind their own business... going back to my pedigree dogs analogy, if I'm stood in a corner discussing the topic fairly privately to someone and a third party butts in and starts taking offence, I can turn round to them and tell them they weren't included in this private conversation so should butt out. :-)
Far from it, I've been a techie guy now for some 25-odd years, done well at it and never want to do anything else.
If I'm honest, I've worked with both good & bad sales people, most of those I do work with these days respect my technical skills and I respect that they're the guy usually standing in front of the customer. I don't like some of the promises they make but I don't bullshit either - if I can deliver what they've sold then I usually go do it, otherwise I'll support them in front of the customer if they need a technical backup to explain why it can't be done.
Unfortunately I have been in meetings with sales people where as soon as I start talking even simple techie-talk, they switch off and don't care to hear what you have to say. So there are probably as many sales assholes out there as think I'm a techie asshole.
...merely to see that look on your once-smug face when you wrap that commission-funded Porsche of yours round the nearest lamp-post after one too many bottles of Pinot Grigot at your expenses-funded lunches.
Here's how it should work:
1. You tell me what you need and when you need it by.
2. I laugh in your face and tell you what you really need and when you can have it by.
3. You get two phone calls or two emails to me between now and the deadline to ask me "How's it going?" Any more than that and I get 10% of your commission for each additional call or email over the limit.
4. You are a salesman, you deal with persuasion and lies. I am a techician, I deal with reality and fact. So don't try to get all technical on me because you read 5 pages of the product manual.
5. When it's ready, I will call you and you can have it. It will leave my lab working but if it's broke when it gets to site, you lose 10% of your commission immediately plus 10% for each 4-hour period I have to spend on making it work again.
That's it. Simple.
Beautifully put, sir!
And nothing makes me chew and spit out a salesman more than the classic "...but the customer is spending $1,000,000 with us so I need it this week rather than next week like you promised."
This is the point at which I inform the salesman that I can no longer work on his project as he has just personally insulted me by accusing me of not already working at full speed to get the thing working because, in his words, my work speed is directly proportional to the amount of money the customer is spending with us - I then just put the phone down or walk away... and just wait no more than an hour for him to come back crawling with an apology.
"I work for an IT consulting firm and recently I've been tasked with heading up our engineering consulting team — which without the fancy corporate speak means that we're trying to empower our engineering team to think a little like sales people instead of being purely service orientated.
I'll make a deal with you - when I find a bunch of loudmouthed "geezers" in loud suits who are prepared to listen to my "made as simple as possible for the sales mind" technical explanations as to why what they've sold/promised to the customer WON'T FUCKING WORK, rather than caring more about how big an expense lunch they can have that day, then I'll sit down and learn something from them.
BTW, do you own the latest and most expensive MacBook by any chance?
And the means by which that is most effectively accomplished is via law.
And who makes the law? Magic pixies that transcribe law books while everyone else sleeps?
Let's make it clear because I'm getting bored with your endless substanceless but clever phraseology - you tell me how North Korea applies to my opinions, then we continue this discussion.
Otherwise, YAWN! and BYE!
There's nothing particularly offensive or hateful in them unless you happen to care a great deal about joe lieberman.
But, again, that's not my point.
Let me give you an example. I am not a dog lover but I am really against dog (and other) animal pedigrees because, in my view, it's the deliberate preservation of genetic defects in dogs just to turn them into a fashion accessory on your arm just like a designer handbag. (It's an example, I'm not discussing that further here.)
I have friends with pedigree dogs, I've had interesting discussions in the pub with them on the matter (they disagree with my views) but we can have the discussion without anyone taking offence because we're friends.
I won't walk into a big social gathering and espouse those views (unless someone was to ask me a straight question about my views) because I recognise that some people within ear-shot may take offence to it and I don't want to provoke a scene and embarrassment for the host at the party.
A simple example but a demonstration of how considering actions for the benefit of others around you and ensuring you understand the possible consequences before you do something.
This scenario is no different - the kid posted something in a public place and should therefore have understood, before he did it, who might see it and what they might do about it. Sure, I defend his right to post whatever he wants on YouTube, that's pretty much what it's there for - but what happens afterwards is entirely his responsibility to deal with.
I would look like a complete jerk walking into the centre of a room of crowded people and shouting out my opinions on pedigree dogs, so the second lesson to be learnt here is "Sometimes your opinion is irrelevant anyway so keep your big mouth shut."