The utility company lost more than $1 million in revenue that would normally have been generated from the pay systems during the time they were down.
Wait a second. Blaster didn't directly cut off any customers. How could the virus cost revenue?
Well, in the case of this story's Mona, it was because her power was cut off despite the fact she had the money to pay her bill through the last-minute pay system. That means a few days that she didn't use power, plus the cost of a needless disconnect that they couldn't charge for.
If the power company had a brain or heart, they would have not done any disconnects due to non-payment during this time frame. Sure, some deadbeats would get 3 days of free power, but the majority of people who missed their payment deadline would happily pay if just given the chance.
In short, they could have saved time and money if the bill collectors would have been told to take some time off...
A key paragraph in the story... "We had to do some research, but we found out that the way we locked down the users prevented the patch from running properly," lamented one of the policy admins. "What we discovered was that the software restriction policy for the local computer allowed only local computer administrators to select trusted publishers. Because our patch agent ran as a pseudo user, the agent did not have the necessary rights. This was causing the failure. We changed the group policy for the HR systems so that we can patch remotely from now on."
Sometimes, locking your system too tightly ends up locking the keys in the car. When you really need something to run, it doesn't...
Blaster didn't require user intervention to run. Default Windows installations came with the RPC service turned on, and that was all it took to be at risk. If your machine listened on port 135, the virus had a way in.
The main weakness that allowed ingress was that any outside machine with a VPN connection also has a real IP address as well. Those machines, since they were unpatched, were sitting ducks for the virus... and then the trusted nature of the VPN assured that the virus would spread to the inside.
A basic firewall on the deployed machine to drop any packet not from the VPN could have stopped this before it started...
Simply put... an out of the box installation of Windows XP is NOT safe to put on the Internet. When you are first booting it, you have to patch it before letting it touch the Internet. You need to get the Windows Update patches onto the computer before it's allowed online.
The way to do this is with another computer that's already online... Go to Windows Update and under the "Other Options" category select the checkbox for "Display the link to the Windows Update Catalog Under See Also" and then click "Save Settings". Under the "See Also" heading "Windows Update Catelog" will appear, click on it. This will lead you to a place where you can download all of the secuirity updates and/or service patches you need in a way that'll allow you to burn them to CD and take them to the new computer. The most critical package to obtain is Service Pack 1 (shorthanded as "SP1" on the site), because that will be a cumulative patch that'll save you several one-off packages.
Jon Stewart also makes it painfully clear what's a setup-line of true facts and what's a joke. If the audience laughs at a fact, he usually points out what he just said was actually true...
I'm very sure Kurt Loader will soon be firing off an e-mail to his bosses saying that alowing this Comedy Central operation to use the MTV Networks (which they are legitimately a part of) name is going to adversely impact his MTV News organization's ability to book guests.
Real reporters care about the credibility of their brand because without it they'll never be able to get cooperation from sources.
Punk'd has at least one "lost episode" because the celeb involved refused to sign the release waiver. Everyone you see on that show has to approve their segment being aired, because the star involved most certainly can legally lock up the episode if they want to.
There is also an example where a very aware star declared "If this is a joke, I want out of this car right now." She could have brought the stunt driver driving the car up on kidnapping charges (and pulled Ashton and everybody else involved in the show in as an accessory to the crime) if she wanted to after making that statement.
And furthermore, read any contract you're presented with by a TV producer very carefully. Real news interview or documentary subjects don't need to sign anything nor are they ever paid. (The $200 they were offering her was most definitely a red flag... because that $200 is an exchange for value for the right to make her look like a fool.)
Candid Camera (which is still on production on the Pax network, being led by Peter Funt, the son of Alan Funt) to this day still has a policy of junking any tape for which they aren't able to get a release form from the subject of the joke. Therefore, they have to keep their pranks so tame that nobody will be too mad at them after it's over.
Cops obscures the faces of anybody who refuses to sign the waiver when presented with it. It has nothing to do with eventual convictions or lack there of.
Comedy Central is now a part of MTV Networks, the division of Viacom that also runs Nickelodeon, VH1, SpikeTV and every other cable network the company has. It's pretty clear that the guest bookers were using the MTV Networks name in order to book the "real people who don't realise that the show is a sham" because there'd be a chance that somebody would hear "MTV Networks" and think "MTV News"... while saying "Comedy Central" would instantly have the victim looking for the comedy aspect and realise the joke was on them.
The summary even points that out. This clearly is not the first e-mail project on the Internet to get 1GB storage going. They may have beat Google to the punch, but so have others. The claim of "first" is bogus.
It's interesting to see all of these companies upping their e-mail storage space, however, the 1 GB aspect is just the headliner of Google's product.
Google has quite the list of other new features in development including their own take on spam filter technology, and their intelligent sorting among topics. They also their text-based ad model that nobody else has been able to knock off yet. Yahoo has the chance to do so with Overture, but they've yet to connect Overture to Yahoo Mail.
So, even if everybody else in the free e-mail space can pull 1 GB out of their hats to, they still have a lot of work to do to catch up to what Google's working on.
"Friday Night Follies" (document dumps of volumes in info that revealed administration mistakes) happened under the Clinton administration as well... this isn't exactly a tactic exclusive to either side of the political line.
That exemption currently applies only to law enforcement officials working on criminal cases...
Which is to say that the DoD is trying to get into the subject area that is presently the property of the FBI along with state and local police forces. It's not that this kind of work can't be done by the US Government, but that the wrong division is asking to do it.
The DoD runs our armed forces... they are not designed for law enforcement and when they are asked to do so they usually do a poor job of it. This provision in the law should be stricken and replaced with more funding to the FBI and other police forces so that the people who should be gathering info on US soil can continue to do so correctly.
That was my point about that a high score doesn't identify a winner as much as low scores on this test identify losers. The management types will be able to test the management side of things, which is why this person needs to focus on making sure the successful candidate has a minimal level of tech knowledge.
The key thing that a boss over engineers needs to do is clear the administrative hassles that a project may run into before the workers on project actually hits it. For example, if things are going over budget, they should detect that and get a correction in place before it actually causes any stopages in work.
It's fairly clear that the reason you've been invited to take part in the interview is because you "know your stuff" inside out, more so than anybody who is two levels above you. Therefore, your portion of the interview competition should be to judge how much the candidates know about the exact technologies you're working with.
I'd come up with a list of 10 to 20 buzzwords that you use in your everyday conversations and e-mails, but keep that list secret from the candidates. See how many of those words each canadidate mentions in proper context as they talk with you and the other interviewers.
The point of this exercise isn't so much as to hire the high-scorer like it's a video game, but so that you can have a reason to veto somebody who is talking in generalizations but can't come up with the terms for what you actually do. Basically, your whole point is to eliminate anybody who is likely to become a PHB character if given the job because they don't know what you do.
Conversely, those who have news that they have to release that they don't want too much attention for can do their best to try to time such disclosures for days on which the news mindspace is completely jammed by a larger story. For example, last Friday the Ronald Reagan funeral was covered by all of the major broadcast networks during the early evening block where local and national newscasts are typically aired in most of the USA... essentially meaning that story captured 100% of those usual programs. Even in the PT time zone where the event was not a direct hit, it could be expected that their newscasts would be heavy on funeral coverage since he was the governor of California before being president.
So, if a company has a price increase to announce or the shutdown of a product line, timing the bad news to hit on that day would likely cause the story to be ignored even if it would have made the B-block of a newscast on a typical day. Saturday newscasts are much lower-rated than weekday ones, and by Monday the story would be old news. Sure, a few soruces might pick up the story, but the mass media would be occupied with something else.
Google News doesn't even have any interface in the Google API at all. These projects are most often based on HTML-ripping because that's the only way to go.
Google could shut such projects down, but so long as they're not overly commericalized or overly taxing to Google's systems they usually just let them stand.
The GMail Invite Machine is a project of The Broken.org, which mainly Kevin Rose of TechTV fame. Most of its invites that it's giving away stem from the fact that everyone at TechTV has a GMail account and they've pooled their invites into that.
I don't even think they need to change anything they're doing, since Gator at least requires an affirmative confirmation to install and politely cleans up when asked to. As bad as they are, at least they're playing by the proposed rules already.
Earthlink offers a spyware blocking program to its customers and also a free web-based version. I assume they can glean some survey information from the users of these tools.
It's been on Slashdot mentioned before, but a good starting point for this kind of legislation is Google's Proposed Software Principles defining what honest programs should be doing.
I can see the whole site starting to grind to a crawl even as I type this. Sopmeplace in europe, an MIS manager's beeper is going off, on a friday night no less./i?
It was already time for the sun for rise for Saturday Morning over there by the time this story was posted. It's presently Late Friday Night in the USA, but not in Europe.
Slashdot Mirror
The utility company lost more than $1 million in revenue that would normally have been generated from the pay systems during the time they were down.
Wait a second. Blaster didn't directly cut off any customers. How could the virus cost revenue?
Well, in the case of this story's Mona, it was because her power was cut off despite the fact she had the money to pay her bill through the last-minute pay system. That means a few days that she didn't use power, plus the cost of a needless disconnect that they couldn't charge for.
If the power company had a brain or heart, they would have not done any disconnects due to non-payment during this time frame. Sure, some deadbeats would get 3 days of free power, but the majority of people who missed their payment deadline would happily pay if just given the chance.
In short, they could have saved time and money if the bill collectors would have been told to take some time off...
A key paragraph in the story...
"We had to do some research, but we found out that the way we locked down the users prevented the patch from running properly," lamented one of the policy admins. "What we discovered was that the software restriction policy for the local computer allowed only local computer administrators to select trusted publishers. Because our patch agent ran as a pseudo user, the agent did not have the necessary rights. This was causing the failure. We changed the group policy for the HR systems so that we can patch remotely from now on."
Sometimes, locking your system too tightly ends up locking the keys in the car. When you really need something to run, it doesn't...
Blaster didn't require user intervention to run. Default Windows installations came with the RPC service turned on, and that was all it took to be at risk. If your machine listened on port 135, the virus had a way in.
The main weakness that allowed ingress was that any outside machine with a VPN connection also has a real IP address as well. Those machines, since they were unpatched, were sitting ducks for the virus... and then the trusted nature of the VPN assured that the virus would spread to the inside.
A basic firewall on the deployed machine to drop any packet not from the VPN could have stopped this before it started...
Simply put... an out of the box installation of Windows XP is NOT safe to put on the Internet. When you are first booting it, you have to patch it before letting it touch the Internet. You need to get the Windows Update patches onto the computer before it's allowed online.
The way to do this is with another computer that's already online... Go to Windows Update and under the "Other Options" category select the checkbox for "Display the link to the Windows Update Catalog Under See Also" and then click "Save Settings". Under the "See Also" heading "Windows Update Catelog" will appear, click on it. This will lead you to a place where you can download all of the secuirity updates and/or service patches you need in a way that'll allow you to burn them to CD and take them to the new computer. The most critical package to obtain is Service Pack 1 (shorthanded as "SP1" on the site), because that will be a cumulative patch that'll save you several one-off packages.
Jon Stewart also makes it painfully clear what's a setup-line of true facts and what's a joke. If the audience laughs at a fact, he usually points out what he just said was actually true...
I'm very sure Kurt Loader will soon be firing off an e-mail to his bosses saying that alowing this Comedy Central operation to use the MTV Networks (which they are legitimately a part of) name is going to adversely impact his MTV News organization's ability to book guests.
Real reporters care about the credibility of their brand because without it they'll never be able to get cooperation from sources.
Punk'd has at least one "lost episode" because the celeb involved refused to sign the release waiver. Everyone you see on that show has to approve their segment being aired, because the star involved most certainly can legally lock up the episode if they want to.
There is also an example where a very aware star declared "If this is a joke, I want out of this car right now." She could have brought the stunt driver driving the car up on kidnapping charges (and pulled Ashton and everybody else involved in the show in as an accessory to the crime) if she wanted to after making that statement.
And furthermore, read any contract you're presented with by a TV producer very carefully. Real news interview or documentary subjects don't need to sign anything nor are they ever paid. (The $200 they were offering her was most definitely a red flag... because that $200 is an exchange for value for the right to make her look like a fool.)
Candid Camera (which is still on production on the Pax network, being led by Peter Funt, the son of Alan Funt) to this day still has a policy of junking any tape for which they aren't able to get a release form from the subject of the joke. Therefore, they have to keep their pranks so tame that nobody will be too mad at them after it's over.
Cops obscures the faces of anybody who refuses to sign the waiver when presented with it. It has nothing to do with eventual convictions or lack there of.
Comedy Central is now a part of MTV Networks, the division of Viacom that also runs Nickelodeon, VH1, SpikeTV and every other cable network the company has. It's pretty clear that the guest bookers were using the MTV Networks name in order to book the "real people who don't realise that the show is a sham" because there'd be a chance that somebody would hear "MTV Networks" and think "MTV News"... while saying "Comedy Central" would instantly have the victim looking for the comedy aspect and realise the joke was on them.
The summary even points that out. This clearly is not the first e-mail project on the Internet to get 1GB storage going. They may have beat Google to the punch, but so have others. The claim of "first" is bogus.
It's interesting to see all of these companies upping their e-mail storage space, however, the 1 GB aspect is just the headliner of Google's product.
Google has quite the list of other new features in development including their own take on spam filter technology, and their intelligent sorting among topics. They also their text-based ad model that nobody else has been able to knock off yet. Yahoo has the chance to do so with Overture, but they've yet to connect Overture to Yahoo Mail.
So, even if everybody else in the free e-mail space can pull 1 GB out of their hats to, they still have a lot of work to do to catch up to what Google's working on.
"Friday Night Follies" (document dumps of volumes in info that revealed administration mistakes) happened under the Clinton administration as well... this isn't exactly a tactic exclusive to either side of the political line.
That exemption currently applies only to law enforcement officials working on criminal cases...
Which is to say that the DoD is trying to get into the subject area that is presently the property of the FBI along with state and local police forces. It's not that this kind of work can't be done by the US Government, but that the wrong division is asking to do it.
The DoD runs our armed forces... they are not designed for law enforcement and when they are asked to do so they usually do a poor job of it. This provision in the law should be stricken and replaced with more funding to the FBI and other police forces so that the people who should be gathering info on US soil can continue to do so correctly.
That was my point about that a high score doesn't identify a winner as much as low scores on this test identify losers. The management types will be able to test the management side of things, which is why this person needs to focus on making sure the successful candidate has a minimal level of tech knowledge.
The key thing that a boss over engineers needs to do is clear the administrative hassles that a project may run into before the workers on project actually hits it. For example, if things are going over budget, they should detect that and get a correction in place before it actually causes any stopages in work.
It's fairly clear that the reason you've been invited to take part in the interview is because you "know your stuff" inside out, more so than anybody who is two levels above you. Therefore, your portion of the interview competition should be to judge how much the candidates know about the exact technologies you're working with.
I'd come up with a list of 10 to 20 buzzwords that you use in your everyday conversations and e-mails, but keep that list secret from the candidates. See how many of those words each canadidate mentions in proper context as they talk with you and the other interviewers.
The point of this exercise isn't so much as to hire the high-scorer like it's a video game, but so that you can have a reason to veto somebody who is talking in generalizations but can't come up with the terms for what you actually do. Basically, your whole point is to eliminate anybody who is likely to become a PHB character if given the job because they don't know what you do.
Conversely, those who have news that they have to release that they don't want too much attention for can do their best to try to time such disclosures for days on which the news mindspace is completely jammed by a larger story. For example, last Friday the Ronald Reagan funeral was covered by all of the major broadcast networks during the early evening block where local and national newscasts are typically aired in most of the USA... essentially meaning that story captured 100% of those usual programs. Even in the PT time zone where the event was not a direct hit, it could be expected that their newscasts would be heavy on funeral coverage since he was the governor of California before being president.
So, if a company has a price increase to announce or the shutdown of a product line, timing the bad news to hit on that day would likely cause the story to be ignored even if it would have made the B-block of a newscast on a typical day. Saturday newscasts are much lower-rated than weekday ones, and by Monday the story would be old news. Sure, a few soruces might pick up the story, but the mass media would be occupied with something else.
Google News doesn't even have any interface in the Google API at all. These projects are most often based on HTML-ripping because that's the only way to go.
Google could shut such projects down, but so long as they're not overly commericalized or overly taxing to Google's systems they usually just let them stand.
The GMail Invite Machine is a project of The Broken.org, which mainly Kevin Rose of TechTV fame. Most of its invites that it's giving away stem from the fact that everyone at TechTV has a GMail account and they've pooled their invites into that.
I don't even think they need to change anything they're doing, since Gator at least requires an affirmative confirmation to install and politely cleans up when asked to. As bad as they are, at least they're playing by the proposed rules already.
Earthlink offers a spyware blocking program to its customers and also a free web-based version. I assume they can glean some survey information from the users of these tools.
It's been on Slashdot mentioned before, but a good starting point for this kind of legislation is Google's Proposed Software Principles defining what honest programs should be doing.
They were most definitely wise enough not to webpost the full 70 megapixel images... think of the Slashdotting that woulda been. :)
I can see the whole site starting to grind to a crawl even as I type this. Sopmeplace in europe, an MIS manager's beeper is going off, on a friday night no less./i?
It was already time for the sun for rise for Saturday Morning over there by the time this story was posted. It's presently Late Friday Night in the USA, but not in Europe.