"Todd: We knew we had a bigger problem than just enabling the firewall. And so at that point, I sent out a mail to everyone in the division saying, "This is what we're going to do. We're going to take a little bit more time to do it. And if you want to submit a security feature, you should do so, and then show up at this room." Well, the next day, it was standing room only, and everyone had a security feature that they wanted to check in. It went all the way down from things like the new Bluetooth stack, to the new Windows Media Player, to the new Group Policy stuff, and on, and on, and on, and on."
I find it interesting that MS is so aware of their security problems internally, yet still claims to put an emphasis on security. This exchange seems to be good evidence that they ship ahead of any thorough security analysis/testing. Not only did they realize on closer examination that their own firewall didn't work, but half the division shows up with suggestions for known security concerns. Clearly this shows people's voices are not being heard.
I guess I'm not surprised, but this seems like fodder for a lawsuit.
Yea, only 97.8, huh? And to think I start sweating when my CIO starts screaming that "Four 9's are not enough of a guarentee". Folks who make their living quoting availability stats are crapping their pants right now...
Maybe there's some way to turn this back on the RIAA - Can we file some claims about "Copyright Infringement" with their ISP, and get them shut off too? Sure it wouldn't be permanent, but it would sure be inconvenient.
All the technology in the world will not fix your issues, if you keep getting beat back by politics and demanding customers. The REAL key to stopping these problems is ensuring you have the support of senior management. If you bosses will back you when yelling department heads ask for higher access, you'll quickly see things change.
Write good, sound IT policies, explain the pros and cons to senior management/CIO, spell out the risk to your org, and your sure to get support. They have to be willing to make the tough calls though, or your doomed at the start.
At the company I work at, it is a condition of employment to comply with IT security policy.
...And since when are humans less important than the environment? Screw the trend, the earth will adapt or die.
Surely we can invent a technology that will allow us to breath CO2, and live underwater.
I have had many years of experience in QA departments over my career. My observation is that it is difficult to attract good talent to a QA depratment. Many developers and technically inclinded folks see QA as menial labor. This mentality misses the value add and complexities of a true QA department/function.
Ideally, you would hire dedicated and technically experiences individuals that:
+ Can analyize requirements into test plans (not by following the programming logic, but by following the business logic)
+ Understand the application architecture and environments so they can design tests to get at those components and risks
+ Develop automation tools, test harnesses and tests data loaders.
You really want the technical expertise in your QA department to think about certifying or trying to break your application from a different perspective. When developers guide test plan development too closely, QA can never really be sure they are getting the best test coverage.
Do thses skills sound like a "college entry level job"? I think not. Companies that hire inexperienced QA analysts are missing the real benefits of an objective QA department.
Depending on the size of the organization, it is helpful to have a QA department report into a centrallized org structure, like the PMO (Project Management Office), or have policies requiring "hard signoff" on quality from QA. This allows them a level of objectivity and ability to ensure the quality of the product.
I challenge developers to think of QA differently than in the past. Look for talented independant technical professionals in your QA department, and you will truely assure quality.
This all makes sense, but what also seems apparent is that the cost advantages the orginal company had in offering consolodated operations and services disappear, and consumers actually end up paying more in the long run.
In truth however, I believe SBC is preparing itself for such a ruling. As an internet customer of theirs for over 12 years, I have observed a general shift in operations to disconnect their Internet services from normal telephone operations. It's just a matter of time.
Yes, of course I download a number of files that I do not own, but my question is this:
If I own a CD, and that CD is destroyed/damaged, do I not have the right to retain a backup copy of the material, and burn another copy? Why does it matter where this material is located - On my PC, on someone else's PC, or hand-written binary code? If a digital copy is identical to the original, then how can you say that a backup stored on someone else's system is any different than a backup on my system? If the RIAA doesn't want me to make copies of my CDs, then perhaps they wouldn't mind replacing all of my original scratched CDs that will no longer play. What is illegal about using P2P and other storage as a repository for material I already own? Where is the licensing agreement for the CD I bought (actully sorry I brought that up - don't want to give them any stupid ideas).
As another example, I recently helped a friend compile some songs from CDs he owns to a single disk. He calls me to say "song #3 is wrong, please substitute it with 'blah'". Instead of driving across town to get his original CD, rip the needed song, and add it to the compilation, I simply jump on Kazaa and d/l a copy of the original tune from the original album. Gee, that sure makes me a criminal for using digital transportation instead of physical.
The RIAA is making a huge blunder here. This will backfire terribly on them and any of the so-called labels and artists that support them.
Slashdot Mirror
Yea, only 97.8, huh? And to think I start sweating when my CIO starts screaming that "Four 9's are not enough of a guarentee". Folks who make their living quoting availability stats are crapping their pants right now...
Maybe there's some way to turn this back on the RIAA - Can we file some claims about "Copyright Infringement" with their ISP, and get them shut off too? Sure it wouldn't be permanent, but it would sure be inconvenient.
All the technology in the world will not fix your issues, if you keep getting beat back by politics and demanding customers. The REAL key to stopping these problems is ensuring you have the support of senior management. If you bosses will back you when yelling department heads ask for higher access, you'll quickly see things change.
Write good, sound IT policies, explain the pros and cons to senior management/CIO, spell out the risk to your org, and your sure to get support. They have to be willing to make the tough calls though, or your doomed at the start.
At the company I work at, it is a condition of employment to comply with IT security policy.
...And since when are humans less important than the environment? Screw the trend, the earth will adapt or die. Surely we can invent a technology that will allow us to breath CO2, and live underwater.
I have had many years of experience in QA departments over my career. My observation is that it is difficult to attract good talent to a QA depratment. Many developers and technically inclinded folks see QA as menial labor. This mentality misses the value add and complexities of a true QA department/function. Ideally, you would hire dedicated and technically experiences individuals that: + Can analyize requirements into test plans (not by following the programming logic, but by following the business logic) + Understand the application architecture and environments so they can design tests to get at those components and risks + Develop automation tools, test harnesses and tests data loaders. You really want the technical expertise in your QA department to think about certifying or trying to break your application from a different perspective. When developers guide test plan development too closely, QA can never really be sure they are getting the best test coverage. Do thses skills sound like a "college entry level job"? I think not. Companies that hire inexperienced QA analysts are missing the real benefits of an objective QA department. Depending on the size of the organization, it is helpful to have a QA department report into a centrallized org structure, like the PMO (Project Management Office), or have policies requiring "hard signoff" on quality from QA. This allows them a level of objectivity and ability to ensure the quality of the product. I challenge developers to think of QA differently than in the past. Look for talented independant technical professionals in your QA department, and you will truely assure quality.
This all makes sense, but what also seems apparent is that the cost advantages the orginal company had in offering consolodated operations and services disappear, and consumers actually end up paying more in the long run.
In truth however, I believe SBC is preparing itself for such a ruling. As an internet customer of theirs for over 12 years, I have observed a general shift in operations to disconnect their Internet services from normal telephone operations. It's just a matter of time.
Yes, of course I download a number of files that I do not own, but my question is this: If I own a CD, and that CD is destroyed/damaged, do I not have the right to retain a backup copy of the material, and burn another copy? Why does it matter where this material is located - On my PC, on someone else's PC, or hand-written binary code? If a digital copy is identical to the original, then how can you say that a backup stored on someone else's system is any different than a backup on my system? If the RIAA doesn't want me to make copies of my CDs, then perhaps they wouldn't mind replacing all of my original scratched CDs that will no longer play. What is illegal about using P2P and other storage as a repository for material I already own? Where is the licensing agreement for the CD I bought (actully sorry I brought that up - don't want to give them any stupid ideas). As another example, I recently helped a friend compile some songs from CDs he owns to a single disk. He calls me to say "song #3 is wrong, please substitute it with 'blah'". Instead of driving across town to get his original CD, rip the needed song, and add it to the compilation, I simply jump on Kazaa and d/l a copy of the original tune from the original album. Gee, that sure makes me a criminal for using digital transportation instead of physical. The RIAA is making a huge blunder here. This will backfire terribly on them and any of the so-called labels and artists that support them.