Has anyone else noticed how hot hard drives get?
As the densities get higher and the parts get smaller, I don't see how such temperature fluctuations can't have a devastating effect on a thing so 'physical' as a HD.
The good news is that most auditors are just as clueless as the people who you're working with.
In all seriousness, if it's anything like banking, it's about one thing: paper. For state and federal regulators, paper is reality. This is not to say you should be fraudulent in creating your paper, just make sure you alter your view of reality when preparing for an audit.
Shut yourself into a room for a week. Make up the greatest security policies you can. Then come up with a realisting phase-based approach for implementing it. Produce lots and lots of paper. Then do screenshots of progress. Keep huge huge archives of logfiles of all kind. Don't get rid of anything. Print them out and put them in binders. Burn them to CDs. Turn out as much paper as you can, and when the auditors show up...have boxes and boxes of paper waiting for them.
Know what they're looking for and give them reams and reams of paper addressing the individual items. Those things that aren't covered, yet...make a 'due date' and implementation schedule then somehow create some paper relating to it. You'll do fine.
They better go in with some cash and buy up media outlets.
Newspapers, Radio, and Television could eliminate the voting power of 20k on a monday morning whim. Think about it...just paint them as some sort of extremist, then claim anyone and anything they endorse is out to take away prescription drugs or *gasp* harm the education of our children.
Almost nothing is routinely secure "out of the box". And even OpenBSD has had its share of black eyes.
It's not a question of "How secure is it"...it's a question of how securABLE it is. IIS is securable, so is Apache. The problem with IIS is that it's usable by the low end of the technical spectrum who don't know or don't take the time to secure it. People who use *nix/*nux and Apache are almost techies by definition. They generally have the attitude to secure their boxes.
The irony is that with a flurry of points and clicks, IIS is easier to secure than Apache. However, nobody does it.
seriously...this technique won't prevent against bad/poorly protected passwords or other issues where the 'proper' behavior is inherently insecure.
These systems will have to be tuned to such a fine line between false positives and false negatives that it will be hard to see as viable. A few false positives too many and the CEO will be sending memos.
Uh...ask your grandparents
on
Generation Wrecked
·
· Score: 3, Insightful
..what life was like for them.
My grandparents grew up on a farm doing manual labor, and worked their entire lives to improve their lives and those of their offspring. When they were my age, the didn't have air conditioning.
Oh yeah, and there was this whole thing about my grandfather watching his friends get hosed off the inside of an airplane because there was a REAL threat of evil in the world.
Oh...us poor gen X'ers. We wouldn't know prosperity if it sat on our faces...because it IS and we DON'T KNOW IT. We have more than anyone has ever had. I almost wish we'd have a real depression so we'd know what it's like.
I was referring to the opinion that textbook capitalism and textbook socialism are no different.
Indymedia is more anti-capitalist with a dose of anarchist than classic marxist or socialist. But the roots of the hatred are the same raw stuff of both.
I see your point, but it's not really saying anything. The rich and the powerful are by definition the rich and the powerful. The huge difference between historical capitalism and historical socialism is how we as individuals *can* live our lives, and the power given to the lower and middle classes.
The corruption of the U.S. (enron, etc) is nothing compared to the corruption of the U.S.S.R., where in it's most glaring example, millions of people disappeared.
It is 1000 times better to live under U.S. capitalism/republican democracy than under the former U.S.S.R., or any of it's remaining offshoots. Just talk to some folks who lived in both. To say that they are no different might sound good in a PO401 packet printed in the university printshop for a phd, but it is incorrect in the extreme.
Back to the topic at hand. I'd simply rather not give my time and resources to an ideology that so closely resembles that former politic. If you do, then fine.
Ah...we could compare textbooks for hours, debating the various definitions of political systems and whether they existed or not. But it's funny how all these rebranding efforts (equalitarian, humanitarian, social democracy, social responsibility, etc) started when the soviet union fell. It's just a wound licking effort by failed political systems to say that the political system, in fact, never existed.
Of course it never existed, because we don't live in a textbook.
But if we're going to play it that way, then:
If a political ideology that favors oppression by powers paying lip service to the plight of the worker is your thing, then go ahead and support indymedia's efforts. If you're more of the political ideology that favors simple oppression by powers that simply have wealth with the opportunity to secure wealth by all involved, then don't.
To say indymedia is "humanitarian" is laughable. They'd support the slaughtering a babies, as long as the babies were the offspring of multi-national capitalists.
then go for it.
Personally, I find indymedia to be socialist propoganda. I wouldn't get involved with this, but I wouldn't get involved with "Linux boxes for the Aryan Nation" either.
Yep...heard this before. "we'll replace person X with a product".
If a company is not going to spend the resources hiring someone who understands security, then no product in the world will help them. Security tools are (or should be) by definition tools for people who understand security. Plugging in a shiny $50k box will not protect them. These boxes, however fully featured, must have someone competent running them.
And then there's this myth that you have to have some uber-geek to be a security expert. You don't need an uber-geek, you just need a competent admin who doesn't poo-poo security.
The reason to purchase a commercial product over using open source products like snort and nessus should NEVER be because "our techies wouldn't understand the open source tool". If that's your reasoning, unplug that DSL connection and step away slowly. If a person can't understand a snort implementation, you're wasting your money on a commmercial product.
The crackers will love this. Yet another challenge and chance to prove 'skillz'.
Do they actually think that people are simply burning copies of the disk?
I've just recently gotten into Oracle out of necessity. It is very very reminiscent of my Novell days.
They are too focused on their appserver and various "microsoft replacement" apps. Documentation is awkward when it exists, and even the smallest things result in a support call to find out about a bug or workaround. It takes even the resident guru days to do what would take a morning for me on a BSD/Apache/PHP box.
The point? It's not that "Oracle is crap". That's clearly not the case. They're just so busy making the database do *everything* that they're going to look up and find out that people are using open source databases instead of Oracle. By then it may be too late. It won't happen overnight....remember that there are plenty of Novell boxes still humming.
It's Oracle's arrogance about the up-and-coming databases that make it a statistical goliath.
The brief history of software is littered with companies that were once of the same mentality as Oracle. They need to stop trying to be the end-all software co. and write some documentation.
Slashdot Mirror
Has anyone else noticed how hot hard drives get? As the densities get higher and the parts get smaller, I don't see how such temperature fluctuations can't have a devastating effect on a thing so 'physical' as a HD.
The good news is that most auditors are just as clueless as the people who you're working with.
In all seriousness, if it's anything like banking, it's about one thing: paper. For state and federal regulators, paper is reality. This is not to say you should be fraudulent in creating your paper, just make sure you alter your view of reality when preparing for an audit.
Shut yourself into a room for a week. Make up the greatest security policies you can. Then come up with a realisting phase-based approach for implementing it. Produce lots and lots of paper. Then do screenshots of progress. Keep huge huge archives of logfiles of all kind. Don't get rid of anything. Print them out and put them in binders. Burn them to CDs. Turn out as much paper as you can, and when the auditors show up...have boxes and boxes of paper waiting for them.
Know what they're looking for and give them reams and reams of paper addressing the individual items. Those things that aren't covered, yet...make a 'due date' and implementation schedule then somehow create some paper relating to it. You'll do fine.
They better go in with some cash and buy up media outlets.
Newspapers, Radio, and Television could eliminate the voting power of 20k on a monday morning whim. Think about it...just paint them as some sort of extremist, then claim anyone and anything they endorse is out to take away prescription drugs or *gasp* harm the education of our children.
Almost nothing is routinely secure "out of the box". And even OpenBSD has had its share of black eyes.
It's not a question of "How secure is it"...it's a question of how securABLE it is. IIS is securable, so is Apache. The problem with IIS is that it's usable by the low end of the technical spectrum who don't know or don't take the time to secure it. People who use *nix/*nux and Apache are almost techies by definition. They generally have the attitude to secure their boxes.
The irony is that with a flurry of points and clicks, IIS is easier to secure than Apache. However, nobody does it.
seriously...this technique won't prevent against bad/poorly protected passwords or other issues where the 'proper' behavior is inherently insecure.
These systems will have to be tuned to such a fine line between false positives and false negatives that it will be hard to see as viable. A few false positives too many and the CEO will be sending memos.
..what life was like for them. My grandparents grew up on a farm doing manual labor, and worked their entire lives to improve their lives and those of their offspring. When they were my age, the didn't have air conditioning. Oh yeah, and there was this whole thing about my grandfather watching his friends get hosed off the inside of an airplane because there was a REAL threat of evil in the world. Oh...us poor gen X'ers. We wouldn't know prosperity if it sat on our faces...because it IS and we DON'T KNOW IT. We have more than anyone has ever had. I almost wish we'd have a real depression so we'd know what it's like.
I was referring to the opinion that textbook capitalism and textbook socialism are no different.
Indymedia is more anti-capitalist with a dose of anarchist than classic marxist or socialist. But the roots of the hatred are the same raw stuff of both.
I see your point, but it's not really saying anything. The rich and the powerful are by definition the rich and the powerful. The huge difference between historical capitalism and historical socialism is how we as individuals *can* live our lives, and the power given to the lower and middle classes.
The corruption of the U.S. (enron, etc) is nothing compared to the corruption of the U.S.S.R., where in it's most glaring example, millions of people disappeared.
It is 1000 times better to live under U.S. capitalism/republican democracy than under the former U.S.S.R., or any of it's remaining offshoots. Just talk to some folks who lived in both. To say that they are no different might sound good in a PO401 packet printed in the university printshop for a phd, but it is incorrect in the extreme.
Back to the topic at hand. I'd simply rather not give my time and resources to an ideology that so closely resembles that former politic. If you do, then fine.
Ah...we could compare textbooks for hours, debating the various definitions of political systems and whether they existed or not. But it's funny how all these rebranding efforts (equalitarian, humanitarian, social democracy, social responsibility, etc) started when the soviet union fell. It's just a wound licking effort by failed political systems to say that the political system, in fact, never existed.
Of course it never existed, because we don't live in a textbook.
But if we're going to play it that way, then:
If a political ideology that favors oppression by powers paying lip service to the plight of the worker is your thing, then go ahead and support indymedia's efforts. If you're more of the political ideology that favors simple oppression by powers that simply have wealth with the opportunity to secure wealth by all involved, then don't.
To say indymedia is "humanitarian" is laughable. They'd support the slaughtering a babies, as long as the babies were the offspring of multi-national capitalists.
then go for it. Personally, I find indymedia to be socialist propoganda. I wouldn't get involved with this, but I wouldn't get involved with "Linux boxes for the Aryan Nation" either.
I guess we did it all for the nokie.
Yep...heard this before. "we'll replace person X with a product". If a company is not going to spend the resources hiring someone who understands security, then no product in the world will help them. Security tools are (or should be) by definition tools for people who understand security. Plugging in a shiny $50k box will not protect them. These boxes, however fully featured, must have someone competent running them. And then there's this myth that you have to have some uber-geek to be a security expert. You don't need an uber-geek, you just need a competent admin who doesn't poo-poo security. The reason to purchase a commercial product over using open source products like snort and nessus should NEVER be because "our techies wouldn't understand the open source tool". If that's your reasoning, unplug that DSL connection and step away slowly. If a person can't understand a snort implementation, you're wasting your money on a commmercial product.
This is really cool. Until someone spoofs an attack from AOL, Yahoo, and Hotmail SMTP servers.
When the CEO can't get email from his daughter at college, this cool sounding autoresponse thingamajig doesn't look so smart all of a sudden.
The crackers will love this. Yet another challenge and chance to prove 'skillz'. Do they actually think that people are simply burning copies of the disk?
This amazing new "push" technology will ruin the internet! Oh wait...
I've just recently gotten into Oracle out of necessity. It is very very reminiscent of my Novell days.
They are too focused on their appserver and various "microsoft replacement" apps. Documentation is awkward when it exists, and even the smallest things result in a support call to find out about a bug or workaround. It takes even the resident guru days to do what would take a morning for me on a BSD/Apache/PHP box.
The point? It's not that "Oracle is crap". That's clearly not the case. They're just so busy making the database do *everything* that they're going to look up and find out that people are using open source databases instead of Oracle. By then it may be too late. It won't happen overnight....remember that there are plenty of Novell boxes still humming.
It's Oracle's arrogance about the up-and-coming databases that make it a statistical goliath.
The brief history of software is littered with companies that were once of the same mentality as Oracle. They need to stop trying to be the end-all software co. and write some documentation.