While the statements about sugar may be on shaky ground, the primary conclusion of the research quoted could be summarized rather simply.
Eat organic.
Saying such a thing is hardly "trying to bilk someone out of money" or being a "scumbag".
Instead I would say you rushed to judgment.
Powershell is by far, one of the best Microsoft has created on the scripting side. Why? They basically took a shell and enhanced it by making it object aware, and giving it access to.net. In Microsoft lingo, cmdlets replace unix utilities.
I am not a fan of the naming conventions they use in powershell! It makes it harder to write terse scripts.
Phase 2 A certification agent comes in, assesses the system using tools and configuration analysis. This is heavily slanted towards audit, instead of true security analysis.
Phase 3 A senior executive (Authorizing official) makes a decision about the risk acceptability of the system to operate, and may make the system owner do corrective action. The system then moves into continuous monitoring (phase 4).
That is how certification and accreditation operates in theory. Now I am going to tell you how the system is gamed.
During Phase 1, it implies you actually have competent IT security professionals on hand, performing work for the system owner. This is a false assumption. Most system owners don't know security, nor do their staff.
Phase 2 - First of all, have the certification agent companies don't understand security. They can talk the talk (CISSP) but have no solid IT / IT security expertise (not security testers). Many certification agents will not even test systems. They play a game of bringing in cheap staff or running vulnerability scanners then passing them off as "penetration tests". The amount of utter garbage in the field is amazing. Even more so are the reports they write up are audit garbage. If you asked most certification agents about a security methodology, they haven't heard of the OSSTMM or similar. They use NIST 800-53A (heavily audit driven) then they write up meaningless reports, equating technical weaknesses as just as relevant as a gap in a policy.
Phase 3 - The vast majority of government executives are clueless when it comes to IT. They know a little bit, like the name of an operating system (Linux - buzzword - yay!) but not much else. So, they are easily led astray. Most will allow a system to operate regardless of how bad it is, based on a horrible security review performed by incompetent certification agents, on a package made by the almost as clueless system owner and his staff.
After a system gets an authorization to operate, many staffs stop doing all security for 3 years, til the next C&A comes around.
It is not uncommon for a federal cabinet level agency to have 300+ systems, with 300+ system owners, with 300+ completely separate, unique and underfunded security implementations that have more holes than swiss cheese.
If you notice, what is missing from above is actually rigorous security analysis. Code is rarely audited. Configurations are rarely checked 100%. Policy is viewed as important as technical controls. Most testing is a wash. Penetration tests are vulnerability scans by nitwits.
And you wonder why the Chinese are plundering the US govt on a daily basis?
Another govt stooge in management like Melissa Hathaway that lacks a background in computer security and only knows what layers of bureaucrats said.
Maybe he is qualified to be a CIO?
If the universities fail to produce enough security experts, ISC2 is happy to convert your tech support guy into a CISSP for the low rate of $600, and $200 a year thereafter! If you order now, you can also get a CAP certification along with a free toaster.
Lawyers are the scourge of the earth, and will not be finished mining the product liability goldmine until everything in existence has giant safety warnings on it, and commonsense is abandoned.
Your description of the CEO of United Healthcare receiving a 1 billion dollar bonus is false.
He received options from a time period when the stock was much less valuable. Over several years the company's value rose dramatically, and he exercised the options.
I like how you followed your falsehood immediately with a string of discombobulated emotional arguments, socialistic ranting and wealth redistribution ideas.
The manufacturing conglomerates in Big Hearing Aid are making those windfall profits in the billions of dollars. We need to raise taxes on them so they stop exploiting tax loopholes. Down with Big Hearing Aid!
Are you saying the court system in China is (A) open, fair, and impartial, particularly when it judges a case involving (B) the Chinese Govt vs a defendant anti-spyware company?
"The rise of the SAM's made things trickier for land-attack craft. A multi-million dollar jet is risked attacking tanks that are worth maybe $200k".
Tanks cost more than 200k.
True ground attack aircraft such as an A-10 are dramatically different from the a standard high flying fighter. An A-10 may have some vulnerability to SAMs, but they are much harder to shoot down than say an attack helicopter. Generally when A-10s are operating, it is as a close air support, so they have some measure of security on the ground already. The A-10 will supposedly be retired for a lack of speed vs the newest SAMs though.
Air forces have a significant number of measures they take against ground radar and SAM sites. Cruise missiles, ecm birds, and anti-radiation missiles, paired with spy satellite data feeds and drones make operating a SAM a short lifespan occupation against an advanced military. Manpad SAMs have limited ranges and low effectiveness so it isn't like they will fill in the gap either.
Your conclusion that we are near the death of the manned fighter due to advanced SAMs is highly suspect.
The reduction of the manned fighter to a minimal role is more likely because: Every private can potentially fly a drone Drones are not casualties It is pretty easy to have drones sitting around waiting for target sightings, loitering over an area of operations.
Slashdot Mirror
While the statements about sugar may be on shaky ground, the primary conclusion of the research quoted could be summarized rather simply. Eat organic. Saying such a thing is hardly "trying to bilk someone out of money" or being a "scumbag". Instead I would say you rushed to judgment.
Powershell is by far, one of the best Microsoft has created on the scripting side. Why? They basically took a shell and enhanced it by making it object aware, and giving it access to .net. In Microsoft lingo, cmdlets replace unix utilities.
I am not a fan of the naming conventions they use in powershell! It makes it harder to write terse scripts.
Please see
http://w3.linux-magazine.com/issue/78/Bash_vs._Vista_PowerShell.pdf for a comparison of powershell vs Bash.
http://blog.brandonbloom.name/2009/04/powershell-condemned-to-reinvent.html
Most of work involves commodity certification & accreditation (C&A) that involves the following:
Phase 1
a "system owner" (Govt IT manager) has staff prepare documentation of the security controls implemented on a "system" (Logical grouping of computers). The security controls are in NIST 800-53, this is FISMA in action.
C&A process http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf
NIST Controls http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2-final.pdf
NIST Audit process http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-53-A%20Rev.%201
Phase 2
A certification agent comes in, assesses the system using tools and configuration analysis. This is heavily slanted towards audit, instead of true security analysis.
Phase 3
A senior executive (Authorizing official) makes a decision about the risk acceptability of the system to operate, and may make the system owner do corrective action. The system then moves into continuous monitoring (phase 4).
That is how certification and accreditation operates in theory. Now I am going to tell you how the system is gamed.
During Phase 1, it implies you actually have competent IT security professionals on hand, performing work for the system owner. This is a false assumption. Most system owners don't know security, nor do their staff.
Phase 2 - First of all, have the certification agent companies don't understand security. They can talk the talk (CISSP) but have no solid IT / IT security expertise (not security testers). Many certification agents will not even test systems. They play a game of bringing in cheap staff or running vulnerability scanners then passing them off as "penetration tests". The amount of utter garbage in the field is amazing. Even more so are the reports they write up are audit garbage. If you asked most certification agents about a security methodology, they haven't heard of the OSSTMM or similar. They use NIST 800-53A (heavily audit driven) then they write up meaningless reports, equating technical weaknesses as just as relevant as a gap in a policy.
Phase 3 - The vast majority of government executives are clueless when it comes to IT. They know a little bit, like the name of an operating system (Linux - buzzword - yay!) but not much else. So, they are easily led astray. Most will allow a system to operate regardless of how bad it is, based on a horrible security review performed by incompetent certification agents, on a package made by the almost as clueless system owner and his staff.
After a system gets an authorization to operate, many staffs stop doing all security for 3 years, til the next C&A comes around.
It is not uncommon for a federal cabinet level agency to have 300+ systems, with 300+ system owners, with 300+ completely separate, unique and underfunded security implementations that have more holes than swiss cheese.
If you notice, what is missing from above is actually rigorous security analysis. Code is rarely audited. Configurations are rarely checked 100%. Policy is viewed as important as technical controls. Most testing is a wash. Penetration tests are vulnerability scans by nitwits.
And you wonder why the Chinese are plundering the US govt on a daily basis?
Application virtualization having similar sandboxing has been out for several years now.
Another govt stooge in management like Melissa Hathaway that lacks a background in computer security and only knows what layers of bureaucrats said. Maybe he is qualified to be a CIO?
If the universities fail to produce enough security experts, ISC2 is happy to convert your tech support guy into a CISSP for the low rate of $600, and $200 a year thereafter! If you order now, you can also get a CAP certification along with a free toaster.
Don't some consumer motherboards have the triple BIOS features now?
Shoot, even Gigabyte and Asus have passed NASA technology. No wonder the US is in trouble!
Lawyers are the scourge of the earth, and will not be finished mining the product liability goldmine until everything in existence has giant safety warnings on it, and commonsense is abandoned.
Your description of the CEO of United Healthcare receiving a 1 billion dollar bonus is false.
He received options from a time period when the stock was much less valuable. Over several years the company's value rose dramatically, and he exercised the options.
I like how you followed your falsehood immediately with a string of discombobulated emotional arguments, socialistic ranting and wealth redistribution ideas.
Would you happen to know of a bathroom nearby, I think I need to take a SCO.
You scammed your users but part of accounting is to consider goodwill. Just like SCO, you are now in the negative.
I can't wait for Google to enter that market and bankrupt you.
The manufacturing conglomerates in Big Hearing Aid are making those windfall profits in the billions of dollars. We need to raise taxes on them so they stop exploiting tax loopholes. Down with Big Hearing Aid!
Whatever they produce will contain pretty graphs.
Buy a netapp. Yay, RAID-DP.
That was hard!
* wipes brow *
I would hire him. He knows how to secure a network.
Koalas don't know how to use condoms
Koals don't know how to use condoms
Came through the rift in Cardiff and drifted all the way to Norfolk.....
Are you saying the court system in China is (A) open, fair, and impartial, particularly when it judges a case involving (B) the Chinese Govt vs a defendant anti-spyware company?
More evidence of the Google - China fight!
Old people may need money to eat and get health care.
The question is whether or not that money should be coming from their own savings, their families, or the US taxpayer.
Prior to the growth of entitlements, there was a massive amount of $$ available for defense, if needed.
"The rise of the SAM's made things trickier for land-attack craft. A multi-million dollar jet is risked attacking tanks that are worth maybe $200k".
Tanks cost more than 200k.
True ground attack aircraft such as an A-10 are dramatically different from the a standard high flying fighter. An A-10 may have some vulnerability to SAMs, but they are much harder to shoot down than say an attack helicopter. Generally when A-10s are operating, it is as a close air support, so they have some measure of security on the ground already. The A-10 will supposedly be retired for a lack of speed vs the newest SAMs though.
Air forces have a significant number of measures they take against ground radar and SAM sites. Cruise missiles, ecm birds, and anti-radiation missiles, paired with spy satellite data feeds and drones make operating a SAM a short lifespan occupation against an advanced military. Manpad SAMs have limited ranges and low effectiveness so it isn't like they will fill in the gap either.
Your conclusion that we are near the death of the manned fighter due to advanced SAMs is highly suspect.
The reduction of the manned fighter to a minimal role is more likely because:
Every private can potentially fly a drone
Drones are not casualties
It is pretty easy to have drones sitting around waiting for target sightings, loitering over an area of operations.
you left out anything about budget, or acquisition activities.
If you think the govt has good IT people and loads of $$ just sitting around waiting for unfunded mandates from OMB, you are smoking something.
http://en.wikipedia.org/wiki/Parkinson's_Law applies to govt IT and $$
(1) you have a shill of a biased company selling products to the industry pushing the requirement
(2) An unrealistic deadline set by OMB initially.
This is a craptastic story.
Chinese intelligence hacked Google.
Google realized the Chinese government cannot be trusted.
Google then posts this.....