Password strength requirements are a bit of a hassle, but they never really crippled me. I remember when the Internet was new to corporations, and networks were getting hacked because of lame passwords.
Even smart users will sometimes do dumb stuff, and some of them will be your bosses. And "you're fired" won't get your data back anyway. That's why you need policies in place that will protect you. Security is always a tradeoff with convenience, but if your policies are justified, users will deal. (Especially if they have input from the beginning.)
I mean, yes, have a way that IT can manage stuff. A simple contract -- if you want tech support, you run our machines with our dictated software and you follow our rules. But employees should be free to break that contract -- and thus receive no more support.
No, I'm talking about places that are actually SERIOUS about security. It's not a question of whether they're too lazy to patch against the latest threat. Companies that manage billions of dollars of their clients' money can't say, "Well, I guess if you want to bring that skanky virus-infested laptop from home and plug it into our network it's fine as long as you don't call the helpdesk."
In the end, "blame-the-user" is not an effective strategy. Users will be users. Therefore the burden of security rightly belongs on the IT department.
Places I've worked that took security seriously used two-factor authentication where each user carries a token generator, so the password alone is useless. And they have other policies that help prevent the unintended consequences of human nature (like: no employee-owned equipment on the network).
No Nobel Laureate is a "nobody" (and really, who TF are you to say so?). But you want to ignore 52 of them together? You gotta be trolling me.
But that aside, this is NOT only about global climate change issues. See the whole panoply of issues in which the Union of Concerned Scientists is alleging political interference in the scientific and/or regulatory process.
The Bush administration has made a concerted effort like none before it to muzzle science it doesn't like.
If you modded the parent Informative, then RTFA, or at least this quote:
...the White House has been able to censor the work of agencies like the Environmental Protection Agency and the Food and Drug Administration because a Republican congress has been loath to stand up for scientific integrity.
To all the people who say "this kind of thing always goes on", there is a reason that DOZENS of Nobel laureates are speaking out now -- it's worse now than it ever has been.
One last note: The password list contained several e-mail/log-on account names from popular OS and software vendors. Although we can't be assured that the passwords used on the exploited site were the same as the employee's company password, I'm sure some are matches.
Remember this and learn from it: An exploited Web site that's completely unrelated to your company could still put your company at risk. Remind all employees not to use their company passwords on noncompany Web sites, if at all.
So in this case, a company with password-expiration resulting in somewhat crappy easy-to-remember passwords will be immune when their employees fall for an outside phishing scam that would have revealed brilliant passwords that never change.
Of course, if you use expiration AND you don't apply crackability criteria to your passwords then you're just asking for pain.
Now they will have to include backdoors for phone line tapping under US laws if they operate inside the USA. Sure they may be based outside the US and have global customers. Think that makes a whoot of difference to the Justice department?
One way or another they will end up complying with CALEA, that is, if they aren't already.
After all, why should Skype stand up for your privacy when you won't?
My home PC burns 165W running F@H with the monitor off. Even if the power at work is "free", conservation is a moral duty until power comes from some non-global-climate-changing source.
I know nobody here even read TFBBCA, but here's the full Gowers report (see PDF under Final Report), with background etc.
Lawrence Lessig blogged about one interesting recommendation -- that copyright term not be altered retrospectively. I think that's British for "retroactively".
Yes! I wish people doing conference recordings and interviews were more aware of this effect. So many times I've heard the tell-tale sounds of cell-phone interference while listening to these. But you almost never hear this on professional TV or radio, so they handle it somehow. Anybody know if they have signs in studio greenrooms asking guests to pull their cellphone batteries before they go on?
Just out of curiosity, are there plausible scenarios where a phone that is NOT being used for LI would "ping the tower" while off?
Yes, technologically VMWare can run all the Vista variations.
Unfortunatelly the Vista EULA for some of their versions apparently prohibit it[...]
Having missed this nuance, I googled up Scott Granemann's Nov 6th article on the subject. The EULA for home versions of Vista don't permit running under virtualization. The business versions do (but with added restrictions on use of some DRM-protected software).
University funding plummets as drug companies refuse to allow others to reduce their profits by giving away the fruits of research for which they paid.
Except that their profits won't be reduced under the Equitable Access License.
It doesn't force drug manufacturers to make or sell anything, or set any prices. It doesn't erode the drug co.'s markets (which are only the rich countries). It just permits the production of generic drug versions for sale only in low/middle income countries.
I 'm with you on the gamers, but not on the developers:
I can't make much money writing code for linux because people don't pay for software, only services' 'There are no software replacements for the best software on windows'.
These two statements pretty much sum up the desktop - and I don't see a solution for it.
Desktop apps will come faster when there are more Linux users, not more Linux developers. These days, lack of apps is not the greatest barrier for many who could be happy using Linux for email/surfing/recipes, or basic office work.
(But ok, the lack of particular applications is the sole barrier for some who otherwise would choose Linux. Gamers might be in that group.)
There are more paid Linux developers every day, going by the job listings requiring Linux skills. Today they're mostly for corporate back-end stuff and embedded device software (and they pay very well BTW). When demand is there for Linux apps, there will be Linux coders to meet it.
Corporate desktop users will probably be the first viable market for commercial desktop apps. They may have administration and support taken care of by IT departments, but they are still a lot like "Aunt Tilly" when it comes to needing ease-of-use and a well-integrated desktop, right?
I just don't see "Mission Accomplished" until every barrier that keeps Aunt Tilly from using Linux is gone, and right now it's not so much lack of apps that's in the way IMHO.
I agree, setup is not the problem of aunt tilly, it is use. The wireless example is wrong, aunt tilly will buy a computer that just works out of the box
or she will ask someone to solve her problem. The flash problem is the real problem.
But how many retailers can you think of where Aunt Tilly can even buy a Linux computer that "just works out of the box"?
Aunt Tilly won't know which wifi card will or won't work with Linux when she's in Best Buy, and the wifi card is a stand-in example for the problem of device driver availability in general. Most vendors and retailers don't yet care about Linux.
Slashdot geeks know we can get a beta version of Flash for Linux, but Aunt Tilly won't find it when she follows the "download missing plugin" link that she'll see in her browser. The point here is that web designers are not yet taking Linux into consideration.
Ubuntu's sudo-by-default is a good step forward for usability. (And the auto-update notification thingy is great too.) But I'll bet even with Ubuntu you need to open a terminal from time to time for some administration task or other. The point here is.... well you get the point by now.
It'll be over when Aunt Tilly uses Linux on the desktop.
And why can't she use it today instead of Windows?
Because, just for one example, today the Smithsonian launched an online exhibition called Earth from Space which uses a version of Flash not available (yet) on Linux.
And because when she buys a wireless card she has to learn about something called "ndiswrapper".
And because asking a little old lady to get root so she can edit/etc/sudoers is hopeless bullshit, but thanks for playing.
No, Linux on the desktop won't have won until Aunt Tilly can use it as easily as Windows.
With Linux appearing on the corporate desktop, the gap is closing. But there's still a long long way to go.
From watching the documentary, it seemed clear to me that vulnerabilites exist. Yet even pro-active elections officials are not able to evaluate them properly. So far, when real problems are pointed out by experts, vendors like Diebold simply brush them off instead of addressing them.
Clearly, the elections officials need leverage over the vendors in order to protect the public.
My question is this: how can we give local elections officials the leverage they need to ensure that vendors' systems are clean and safe?
Do we need a nationwide independent technical advisory panel to certify these systems? And is it enough to evaluate each particular piece of hardware, or does it require end-to-end analysis (i.e. voting machines + central tabulation + pollworker procedures)? What is lacking in the process that is used now to certify these devices?
Well I wish I knew what the issue was. I've never noticed my ISP to throttle bittorrent before.
Anyway, I gave up on bittorrent and pulled the DVD from an ftp mirror at full speed. Now I'm oh-so-generously seeding at 50KB/s upload for the rest of you ungrateful wankers.
Because here in the western US, I've got peers in Italy, Portugal, Slovakia (or maybe Slovenia I forget), Poland, Israel, Turkey, Taiwan, Russia, Singapore, etc. Most of these have horrendous ping times.
It would be better for them and me if they were able to peer as ping-time-locally as possible.
(Actually ping times and throughput to Germany, UK, Sweden are pretty good from here, but Eastern Europe, Italy, Portugal, are just wasted time.)
For the FC6 DVD, I've been getting about 20KB/s download with only very occasional short spikes of 50-100. Over the course of 8 hours, my sharing ratio varies between.5 and 1.0. So far this is the slowest major distro torrent ever.
I don't know the cause, but I kinda wish they had a separate trackers for the US, Europe, and Asia at least.
My first reaction was like that. It seems like Scouting, which I admire, is being misused for propaganda (other than the obsolete proto-militarism that it was created for).
But after thinking about it, this IS an interesting merit-badge subject because it involves both something relevant to today's kids (MP3s) AND an issue of ethics, which is a strong point of Scouting.
Ethics come most into play when the temptation is high and the risk seems low. Piracy is a great example. So it's a teachable moment for ethics, which aren't taught explicitly in many places these days.
Of course, if the whole thing comes packaged by the ??AA then it will suck, because it won't question the ethics of the laws themselves.
Slashdot Mirror
Even smart users will sometimes do dumb stuff, and some of them will be your bosses. And "you're fired" won't get your data back anyway. That's why you need policies in place that will protect you. Security is always a tradeoff with convenience, but if your policies are justified, users will deal. (Especially if they have input from the beginning.)
No, I'm talking about places that are actually SERIOUS about security. It's not a question of whether they're too lazy to patch against the latest threat. Companies that manage billions of dollars of their clients' money can't say, "Well, I guess if you want to bring that skanky virus-infested laptop from home and plug it into our network it's fine as long as you don't call the helpdesk."
In the end, "blame-the-user" is not an effective strategy. Users will be users. Therefore the burden of security rightly belongs on the IT department.
Places I've worked that took security seriously used two-factor authentication where each user carries a token generator, so the password alone is useless. And they have other policies that help prevent the unintended consequences of human nature (like: no employee-owned equipment on the network).
No Nobel Laureate is a "nobody" (and really, who TF are you to say so?). But you want to ignore 52 of them together? You gotta be trolling me.
But that aside, this is NOT only about global climate change issues. See the whole panoply of issues in which the Union of Concerned Scientists is alleging political interference in the scientific and/or regulatory process.
The Bush administration has made a concerted effort like none before it to muzzle science it doesn't like.
To all the people who say "this kind of thing always goes on", there is a reason that DOZENS of Nobel laureates are speaking out now -- it's worse now than it ever has been.
So in this case, a company with password-expiration resulting in somewhat crappy easy-to-remember passwords will be immune when their employees fall for an outside phishing scam that would have revealed brilliant passwords that never change.
Of course, if you use expiration AND you don't apply crackability criteria to your passwords then you're just asking for pain.
On a related note, this guy is offering a bounty up to $225 for a Linux program that implements configuration syncing for the Harmony 880.
One way or another they will end up complying with CALEA, that is, if they aren't already.
After all, why should Skype stand up for your privacy when you won't?
My home PC burns 165W running F@H with the monitor off. Even if the power at work is "free", conservation is a moral duty until power comes from some non-global-climate-changing source.
I know nobody here even read TFBBCA, but here's the full Gowers report (see PDF under Final Report), with background etc.
Lawrence Lessig blogged about one interesting recommendation -- that copyright term not be altered retrospectively. I think that's British for "retroactively".
Yes! I wish people doing conference recordings and interviews were more aware of this effect. So many times I've heard the tell-tale sounds of cell-phone interference while listening to these. But you almost never hear this on professional TV or radio, so they handle it somehow. Anybody know if they have signs in studio greenrooms asking guests to pull their cellphone batteries before they go on?
Just out of curiosity, are there plausible scenarios where a phone that is NOT being used for LI would "ping the tower" while off?
Wait, are you talking about Hula or the Microsoft deal??
A slashdotting sounds like this: "Kaaaaaaaaaahhhhnn!"
I just tried it on my desktop (fluidsynth is in Fedora Extras), and I think it would probably be more useful on a server.
Because the state of the cpu/disk/network are just all over the map in normal desktop use, so I'm not getting useful information.
But on a server the state probably changes more slowly, and you can quickly compare the sonic-state to what you expect your server to be doing.
Except that their profits won't be reduced under the Equitable Access License.
It doesn't force drug manufacturers to make or sell anything, or set any prices.
It doesn't erode the drug co.'s markets (which are only the rich countries).
It just permits the production of generic drug versions for sale only in low/middle income countries.
Desktop apps will come faster when there are more Linux users, not more Linux developers. These days, lack of apps is not the greatest barrier for many who could be happy using Linux for email/surfing/recipes, or basic office work.
(But ok, the lack of particular applications is the sole barrier for some who otherwise would choose Linux. Gamers might be in that group.)
There are more paid Linux developers every day, going by the job listings requiring Linux skills. Today they're mostly for corporate back-end stuff and embedded device software (and they pay very well BTW). When demand is there for Linux apps, there will be Linux coders to meet it.
Corporate desktop users will probably be the first viable market for commercial desktop apps. They may have administration and support taken care of by IT departments, but they are still a lot like "Aunt Tilly" when it comes to needing ease-of-use and a well-integrated desktop, right?
I just don't see "Mission Accomplished" until every barrier that keeps Aunt Tilly from using Linux is gone, and right now it's not so much lack of apps that's in the way IMHO.
But how many retailers can you think of where Aunt Tilly can even buy a Linux computer that "just works out of the box"?
Aunt Tilly won't know which wifi card will or won't work with Linux when she's in Best Buy, and the wifi card is a stand-in example for the problem of device driver availability in general. Most vendors and retailers don't yet care about Linux.
.... well you get the point by now.
Slashdot geeks know we can get a beta version of Flash for Linux, but Aunt Tilly won't find it when she follows the "download missing plugin" link that she'll see in her browser. The point here is that web designers are not yet taking Linux into consideration.
Ubuntu's sudo-by-default is a good step forward for usability. (And the auto-update notification thingy is great too.) But I'll bet even with Ubuntu you need to open a terminal from time to time for some administration task or other. The point here is
It'll be over when Aunt Tilly uses Linux on the desktop.
/etc/sudoers is hopeless bullshit, but thanks for playing.
And why can't she use it today instead of Windows?
Because, just for one example, today the Smithsonian launched an online exhibition called Earth from Space which uses a version of Flash not available (yet) on Linux.
And because when she buys a wireless card she has to learn about something called "ndiswrapper".
And because asking a little old lady to get root so she can edit
No, Linux on the desktop won't have won until Aunt Tilly can use it as easily as Windows.
With Linux appearing on the corporate desktop, the gap is closing. But there's still a long long way to go.
From watching the documentary, it seemed clear to me that vulnerabilites exist. Yet even pro-active elections officials are not able to evaluate them properly.
So far, when real problems are pointed out by experts, vendors like Diebold simply brush them off instead of addressing them.
Clearly, the elections officials need leverage over the vendors in order to protect the public.
My question is this: how can we give local elections officials the leverage they need to ensure that vendors' systems are clean and safe?
Do we need a nationwide independent technical advisory panel to certify these systems? And is it enough to evaluate each particular piece of hardware, or does it require end-to-end analysis (i.e. voting machines + central tabulation + pollworker procedures)? What is lacking in the process that is used now to certify these devices?
Well I wish I knew what the issue was. I've never noticed my ISP to throttle bittorrent before.
Anyway, I gave up on bittorrent and pulled the DVD from an ftp mirror at full speed. Now I'm oh-so-generously seeding at 50KB/s upload for the rest of you ungrateful wankers.
Because here in the western US, I've got peers in Italy, Portugal, Slovakia (or maybe Slovenia I forget), Poland, Israel, Turkey, Taiwan, Russia, Singapore, etc. Most of these have horrendous ping times.
It would be better for them and me if they were able to peer as ping-time-locally as possible.
(Actually ping times and throughput to Germany, UK, Sweden are pretty good from here, but Eastern Europe, Italy, Portugal, are just wasted time.)
For the FC6 DVD, I've been getting about 20KB/s download with only very occasional short spikes of 50-100. Over the course of 8 hours, my sharing ratio varies between .5 and 1.0. So far this is the slowest major distro torrent ever.
I don't know the cause, but I kinda wish they had a separate trackers for the US, Europe, and Asia at least.
My first reaction was like that. It seems like Scouting, which I admire, is being misused for propaganda (other than the obsolete proto-militarism that it was created for).
But after thinking about it, this IS an interesting merit-badge subject because it involves both something relevant to today's kids (MP3s) AND an issue of ethics, which is a strong point of Scouting.
Ethics come most into play when the temptation is high and the risk seems low. Piracy is a great example. So it's a teachable moment for ethics, which aren't taught explicitly in many places these days.
Of course, if the whole thing comes packaged by the ??AA then it will suck, because it won't question the ethics of the laws themselves.
Well in that case, let the riots begin!
I don't know, but my laptop batteries exploded and now the speaker just keeps repeating "allahu akbar". Should I bugzilla this?