Government handles the development of huge projects via competitive procurements. That means big aerospace/defense contractors doing great work for us. NASA is very mission focused, so NASA needs to keep contractor churn to a minimum until the end of a mission (preferably) while retaining skilled contractors that want to work for their particular aerospace firms.
I'm all for NASA rewarding their hard working contractors and government personnel.
The nutcase conspiracy theorists really crack me up. You have crackpots talking about horrible research being done, for perverted government ends.
I look at the same result thing and see lots of bleeding-edge research in cryptographic, sigint, hardware oriented, and computer security avenues.
The more links I read on NSA funded research, the more I am pleased that the NSA, more so than any other singular institution, is funding research into critical areas of national security.
I am not sure about the mode by which Bill P raised the alarm on the upcoming loss of weather satellites. I do think his message was correct though - to raise the profile on what he sees as a critical issue - the issue of proper funding for NOAA and satellite capabilities. NOAA does so much, with so little... We are stretched incredibly thin compared to other agencies.... I don't believe Dr. Jeff Masters had access to the all the data Bill P used in his decision to go public. People disagree with how he did it and it made more work for the NWS PR people.
Jeff Masters is also advocating the replacement of QuickSCAT with a "next-generation" scatterometer, one that has greatly improved capabilities to help tackle the structure and intensity problem"..... I hope Dr. Masters isn't trying to recreate the NPOESS problem by linking a satellite needed now to a high-risk/experimental sensor because it sure sounds like it.
I work at NOAA, in the satellite group National Environmental Satellite, Data, and Information Service (NESDIS) http://www.nesdis.noaa.gov/
The US government regularly under-funds satellites & space systems. You can see this with the huge cost overruns on NPOESS http://www.space.com/spacenews/archive05/NPOESS_11 2105.html Why did NPOESS cost overruns happen? "Hey, lets do a contract on some incredibly experimental sensors involving high risk research and make sure they are on a fixed budget". Not smart.
I am off on a tangent though - Quickscat is a different story. Quickscat was a NASA R&D bird . See http://winds.jpl.nasa.gov/missions/quikscat/index. cfm I'm not clear whether it was initially launched as NASA only and handed off to us, or if they "owned" the satellite while we did the ground systems for it.
NASA does R&D type of satellites - proof of concepts, risk reduction, etc. We in NESDIS-NOAA often take over running them, or we run their sensors on our satellites. Well, these proof of concept satellites were never intended to be part of a series providing a continual new functionality.
NESDIS/NOAA has two major satellite series that will always (in the future) have spares for: GOES series http://osd.goes.noaa.gov/ POES series http://www.oso.noaa.gov/poes/ (although the newest will be NPOESS via a joint program with DoD replacing our POES and DoD's DMSP)
There is another satellite that is likely to fall soon too - Windsat/Coriolis http://www.ipo.noaa.gov/Projects/windsat.html While Windsat is technically a Navy satellite, we run that one too, and it has no replacement either. Fortunately, Windsat is more about Navy stuff than it is about Hurricane tracking...
Bill Proenza, as a consumer of NESDIS' satellite data, sees NOAA efforts on the publicity side as being detrimental to the funding of the NOAA-NWS-National Hurricane center funding. Well, for the sake of accuracy, a few million dollars isn't going to fix our funding shortfalls...
Until Congress starts funding new satellite development properly (not like NPOESS) this problem won't go away.
The argument being made is not the he had no intent to redistribute, but instead that there is no evidence that any redistribution ever occurred, and if it did, there is no allegation that it *actually* occurred.
I think the premise of the article is rather stupid in fact.
It is not Google's job to provide a secure channel.
I guess when I do a MITM attack to capture login prompts and transparently proxy that is google's problem also? Or when I resolve DNS queries to my own box, that is likewise google at fault?
Game developer stands up MMO game. Game developer gets in bed with a group of players "A" and develops an incestuous relationship with them. Group of players infiltrate the Game developer corporation as both game masters and developers and start providing extra services to their own friends.
Enter rival group of players "B" that threatens the hegemony of "A". Game developer supports "A" by developing items in their favor and scripts outcomes to favor "A" in RP events that dispense virtual cash and equipment.
Although most of the purchases ingame are completely virtual (money, ships, etc), if "B" is being taxed for finances relating to virtual acquisitions, shouldn't they likewise be able to sue under US law for breach of services by the game developer that is clearly favoring "A" in the ongoing war?
Where are your facts supporting the idea that "Soldiers from lower middle class backgrounds without a college education are disproportionately represented in combat units." ? Please share some statistical data.
Most of the people I knew that were soldiers in combat units (my unit) were white upper middle class guys wanting 4 years of excitement, were preparing for a grind at college, or guys that finished 2-3 years of college, wanted a break and some extra cash before going back to school.
I think you are misinformed. Support careers in the military is where more lower class disadvantaged types end up.
Drug companies like to spout off misleading numbers about how much it costs them to develop a drug.
Instead of quoting the actual cost to develop the drug e.g. 250 million dollars, they will take the amount the actual cost to develop the drug over the time the money is used, say 10 -15 years, and do some math on what they would have earned had they invested the money in a compounded mutual fund, exchange trading, or other creative ways big corps make money. End result is a massively inflated sum e.g. 600 million which they quote to the press about how much it costs to develop a new drug.
The grades are on FISMA compliance which is not really the same thing as computer security. This is more about documentation than anything else.......
It is about having documented down to the letter networks, configurations, policies and procedures for everything.
Another weakness is how "controls" are rated. Basically, missing one little policy or procedure is rated as bad as missing something as critical as secure configurations...
Every agency IG has a vested interest in scoring down agency efforts.
If you look too, the ratings are biased because small agencies & independents have inordinately high ratings, while the bigger agencies/departments have far worse ratings.
Who cares about a lil murder? I think his productivity for society far outweighs the negatives of removing one estranged wife that was probably past her 'normal' reproductive period anyways.
I vote we let him go free, regardless.
Even if he strikes again, so long as it is some statistic and not me, I could care less.
My professors have included the head of the NSA's red team, another senior IA guru at the NSA, and senior network defense people from DoD branches. I've met professors from other schools at conferences with the NSA partnership, and I was similarly pleased with their backgrounds and experience levels.
Does passing one CISSP test equal a solid 4-5 year curriculum in software, security, and coding mixing both the theoretical and practical? Of course not! Unfortunately though, employers sometimes use it as a yardstick of skill. This is also why in my day job I am constantly having to tutor/mentor/train CISSPs that should not even be in security in the first place. I am of the opinion that the CISSP boondoggle will be seen through rather quickly.
If you want to get a certification, get a vendor specific one, like a CCNA. However, I implore you to get into a formal degree program. I really think the best these days, is mixing a Computer Science degree with a security degree, one at the masters and one at the undergraduate. Another good choice would be an undergraduate degree, along with one of the newer certificate programs that includes 6 - 9 good courses.
Certifications* are much easier to obtain than a degree, and they cannot hope to compare in the overall knowledge & skills acquisition departments.
It is a well known fact that during the middle ages and before then, during an attack on a city, the sieging army would catapult into cities corpses with the plague, or dead animals, in attempts to spread disease/plague that would decimate populations.
First of all, lets talk about weapons. M249 SAW, IRL this is the best weapon at the squad level. High cylic rate, accuracy like an M240 but light enough to easily run with, has a bipod. Great for 3-5 round bursts. You could say that an M4/M16 with an M203 attached might be overall more versatile, but still not so great at killing people. In CS, an M249 is the worst weapon you can choose, IRL the best. Don't argue with me on this, I've shot in excess of 10,000 rounds using an M60, and several thousands using both the m16, m4, m249 and M240G (was a machine gunner while active duty).
CS teaches people nothing about trigger pulling, breathing, good shooting form, proper ways to rush, pegging a target, etc. There is no concept of rolling in CS, no idea of the prone position, and the list goes on and on.
CS teaches nothing about operating at the true squad tactics in urban/MOUT operations.
Night vision in CS? lol. The US is so experienced at night ops, we actually want to do operations then.
Tactics? jump in, bunny hop, squat shoot strafe, squat shoot. I'd love to see some fundies try that against the US marines/army. They'll get those 40 virgins alot sooner lol.
Iran should keep in mind, their core competentcy is in terrorism and spouting anti-semetic hogwash, not confronting enemies in a real state vs. state conflict on the battlefield. It isn't like Israel is ready to drop the bomb on them already.
First of all, Bin ladin (Al qaeda) had already attacked the USA several times by then. That he was going to continue attacks was obvious. That many attacks had already occurred during the Clinton administration is obvious.
Both Presidents are at fault. Both presidents failed when they had good chances of snagging him, clinton on numerous occasions, and bush with Tora Bora. http://www.msnbc.msn.com/id/8853000/site/newsweek/
First of all, I've never heard of any of these interviewees. Have they done anything of note in security? I am committing a logical fallacy in asking this, but they don't carry any water in my security oriented meritocracy. As far as conferences go - I'd like to see a comparison of skillsets between attendees for say Defcon and Blackhat, excluding people attending both. I'll wager the Defcon crowd will win out anyways (not that defcon attendance = hacker, but it does mean more so than blackhat).
I'd much rather have a reformed blackhat on my team, than a white-hat. Simply judging from the people I've known in the industry, the people pushing the envelope have the greater skills and tend to have at least some illegal behaviour in the past.
Thinking as an attacker is a skill that requires cultivation too. You don't get this from Joe Software developer.
Turnitin.com will be on the receiving end of a class action lawsuit.
Why? They violate student's IP rights (copyright) They profit from it. They farm the web using bots and also add it to their database
Beyond the simple case with them going after students materials, they are essentially farming the entire web for material, then adding it to their database, then making a profit from it. I wonder if they are likewise obtaining content from the large media conglomerates (most likely).
I hope turnitin gets sued. I want to be a member of the class too, because they have things my school has submitted, and they have probably farmed my website too.
Slashdot Mirror
Government handles the development of huge projects via competitive procurements. That means big aerospace/defense contractors doing great work for us. NASA is very mission focused, so NASA needs to keep contractor churn to a minimum until the end of a mission (preferably) while retaining skilled contractors that want to work for their particular aerospace firms.
I'm all for NASA rewarding their hard working contractors and government personnel.
full disclosure: I work for the govt.
The nutcase conspiracy theorists really crack me up. You have crackpots talking about horrible research being done, for perverted government ends.
I look at the same result thing and see lots of bleeding-edge research in cryptographic, sigint, hardware oriented, and computer security avenues.
The more links I read on NSA funded research, the more I am pleased that the NSA, more so than any other singular institution, is funding research into critical areas of national security.
Take a peek for yourself
They have some nice boxes. I'm sure some admins would like to run Windows on them.
I'd like an X4600 so I could throw VMware ESX on it
It could be that he is a flat-earth adherent, stating something that quite obviously isn't so.
Or
He could be a fifth column, the leader of an organization, sabotaging their PR from within by his foolish arguments.
I'm leaning towards the former.
So many support calls!
Why does Zonk continually post such uninformed articles?
Slashdot continues approving junk as newsworthy.
Competition from online sales is not a piracy issue you cretin.
(Disclaimer: I work for NOAA)
I am not sure about the mode by which Bill P raised the alarm on the upcoming loss of weather satellites. I do think his message was correct though - to raise the profile on what he sees as a critical issue - the issue of proper funding for NOAA and satellite capabilities. NOAA does so much, with so little... We are stretched incredibly thin compared to other agencies.... I don't believe Dr. Jeff Masters had access to the all the data Bill P used in his decision to go public. People disagree with how he did it and it made more work for the NWS PR people.
Jeff Masters is also advocating the replacement of QuickSCAT with a "next-generation" scatterometer, one that has greatly improved capabilities to help tackle the structure and intensity problem"..... I hope Dr. Masters isn't trying to recreate the NPOESS problem by linking a satellite needed now to a high-risk/experimental sensor because it sure sounds like it.
I work at NOAA, in the satellite group National Environmental Satellite, Data, and Information Service (NESDIS) http://www.nesdis.noaa.gov/
1 2105.html Why did NPOESS cost overruns happen? "Hey, lets do a contract on some incredibly experimental sensors involving high risk research and make sure they are on a fixed budget". Not smart.
. cfm I'm not clear whether it was initially launched as NASA only and handed off to us, or if they "owned" the satellite while we did the ground systems for it.
The US government regularly under-funds satellites & space systems. You can see this with the huge cost overruns on NPOESS http://www.space.com/spacenews/archive05/NPOESS_1
I am off on a tangent though - Quickscat is a different story. Quickscat was a NASA R&D bird . See http://winds.jpl.nasa.gov/missions/quikscat/index
NASA does R&D type of satellites - proof of concepts, risk reduction, etc. We in NESDIS-NOAA often take over running them, or we run their sensors on our satellites. Well, these proof of concept satellites were never intended to be part of a series providing a continual new functionality.
NESDIS/NOAA has two major satellite series that will always (in the future) have spares for:
GOES series http://osd.goes.noaa.gov/
POES series http://www.oso.noaa.gov/poes/ (although the newest will be NPOESS via a joint program with DoD replacing our POES and DoD's DMSP)
There is another satellite that is likely to fall soon too - Windsat/Coriolis http://www.ipo.noaa.gov/Projects/windsat.html While Windsat is technically a Navy satellite, we run that one too, and it has no replacement either. Fortunately, Windsat is more about Navy stuff than it is about Hurricane tracking...
Bill Proenza, as a consumer of NESDIS' satellite data, sees NOAA efforts on the publicity side as being detrimental to the funding of the NOAA-NWS-National Hurricane center funding. Well, for the sake of accuracy, a few million dollars isn't going to fix our funding shortfalls...
Until Congress starts funding new satellite development properly (not like NPOESS) this problem won't go away.
The argument being made is not the he had no intent to redistribute, but instead that there is no evidence that any redistribution ever occurred, and if it did, there is no allegation that it *actually* occurred.
I think the premise of the article is rather stupid in fact.
It is not Google's job to provide a secure channel.
I guess when I do a MITM attack to capture login prompts and transparently proxy that is google's problem also?
Or when I resolve DNS queries to my own box, that is likewise google at fault?
Lol.
Game developer stands up MMO game. Game developer gets in bed with a group of players "A" and develops an incestuous relationship with them. Group of players infiltrate the Game developer corporation as both game masters and developers and start providing extra services to their own friends.
Enter rival group of players "B" that threatens the hegemony of "A". Game developer supports "A" by developing items in their favor and scripts outcomes to favor "A" in RP events that dispense virtual cash and equipment.
Rival group of players "B" uses kickbacks from and paraphernalia sales, earning the ire of the IRS in the process.
Although most of the purchases ingame are completely virtual (money, ships, etc), if "B" is being taxed for finances relating to virtual acquisitions, shouldn't they likewise be able to sue under US law for breach of services by the game developer that is clearly favoring "A" in the ongoing war?
This is incorrect.
The FBI, likes all other government agencies, has a CIO with an office of security under him responsible for securing their IT systems.
http://www.fbi.gov/hq/ocio/ocio_home.htm
Where are your facts supporting the idea that "Soldiers from lower middle class backgrounds without a college education are disproportionately represented in combat units." ? Please share some statistical data.
Most of the people I knew that were soldiers in combat units (my unit) were white upper middle class guys wanting 4 years of excitement, were preparing for a grind at college, or guys that finished 2-3 years of college, wanted a break and some extra cash before going back to school.
I think you are misinformed. Support careers in the military is where more lower class disadvantaged types end up.
Drug companies like to spout off misleading numbers about how much it costs them to develop a drug.
Instead of quoting the actual cost to develop the drug e.g. 250 million dollars, they will take the amount the actual cost to develop the drug over the time the money is used, say 10 -15 years, and do some math on what they would have earned had they invested the money in a compounded mutual fund, exchange trading, or other creative ways big corps make money. End result is a massively inflated sum e.g. 600 million which they quote to the press about how much it costs to develop a new drug.
The grades are on FISMA compliance which is not really the same thing as computer security. This is more about documentation than anything else.......
It is about having documented down to the letter networks, configurations, policies and procedures for everything.
Another weakness is how "controls" are rated. Basically, missing one little policy or procedure is rated as bad as missing something as critical as secure configurations...
Every agency IG has a vested interest in scoring down agency efforts.
If you look too, the ratings are biased because small agencies & independents have inordinately high ratings, while the bigger agencies/departments have far worse ratings.
Who cares about a lil murder? I think his productivity for society far outweighs the negatives of removing one estranged wife that was probably past her 'normal' reproductive period anyways.
I vote we let him go free, regardless.
Even if he strikes again, so long as it is some statistic and not me, I could care less.
Not a sermon, just a thought. lol.
Security used to lack quality academic training for it, with some exceptions.
Certifications filled a gap then.
Now though, that is no longer the case.
Many universities, including my own, have partnered with the NSA.
http://www.nsa.gov/ia/academia/caeiae.cfm
My professors have included the head of the NSA's red team, another senior IA guru at the NSA, and senior network defense people from DoD branches. I've met professors from other schools at conferences with the NSA partnership, and I was similarly pleased with their backgrounds and experience levels.
Does passing one CISSP test equal a solid 4-5 year curriculum in software, security, and coding mixing both the theoretical and practical? Of course not! Unfortunately though, employers sometimes use it as a yardstick of skill. This is also why in my day job I am constantly having to tutor/mentor/train CISSPs that should not even be in security in the first place. I am of the opinion that the CISSP boondoggle will be seen through rather quickly.
If you want to get a certification, get a vendor specific one, like a CCNA. However, I implore you to get into a formal degree program. I really think the best these days, is mixing a Computer Science degree with a security degree, one at the masters and one at the undergraduate. Another good choice would be an undergraduate degree, along with one of the newer certificate programs that includes 6 - 9 good courses.
Certifications* are much easier to obtain than a degree, and they cannot hope to compare in the overall knowledge & skills acquisition departments.
* - Not counting the CCIE
10,000 longbows ~ hardly!
a r_timeline.htmlh tml& issueID=46
It is a well known fact that during the middle ages and before then, during an attack on a city, the sieging army would catapult into cities corpses with the plague, or dead animals, in attempts to spread disease/plague that would decimate populations.
http://www.cbc.ca/news/background/bioweapons/biow
http://academic.evergreen.edu/g/grossmaz/xiongmn.
http://www.usmedicine.com/column.cfm?columnID=109
http://en.wikipedia.org/wiki/Bubonic_plague
CS is nothing like real life.
First of all, lets talk about weapons.
M249 SAW, IRL this is the best weapon at the squad level. High cylic rate, accuracy like an M240 but light enough to easily run with, has a bipod. Great for 3-5 round bursts. You could say that an M4/M16 with an M203 attached might be overall more versatile, but still not so great at killing people. In CS, an M249 is the worst weapon you can choose, IRL the best. Don't argue with me on this, I've shot in excess of 10,000 rounds using an M60, and several thousands using both the m16, m4, m249 and M240G (was a machine gunner while active duty).
CS teaches people nothing about trigger pulling, breathing, good shooting form, proper ways to rush, pegging a target, etc. There is no concept of rolling in CS, no idea of the prone position, and the list goes on and on.
CS teaches nothing about operating at the true squad tactics in urban/MOUT operations.
Night vision in CS? lol. The US is so experienced at night ops, we actually want to do operations then.
Tactics? jump in, bunny hop, squat shoot strafe, squat shoot. I'd love to see some fundies try that against the US marines/army. They'll get those 40 virgins alot sooner lol.
Iran should keep in mind, their core competentcy is in terrorism and spouting anti-semetic hogwash, not confronting enemies in a real state vs. state conflict on the battlefield. It isn't like Israel is ready to drop the bomb on them already.
That isn't so different from what creative evolutionary biologists do already when they spin why things exist in the "wrong" periods already?
http://s8int.com/page8.html
This is a dumb post.
e dge/Clinton_let_bin_laden.htm
/
First of all, Bin ladin (Al qaeda) had already attacked the USA several times by then. That he was going to continue attacks was obvious. That many attacks had already occurred during the Clinton administration is obvious.
I advise you to consult Wikipedia on this.
http://en.wikipedia.org/wiki/Al_Quaeda#Activities
Attacks listed by year: (might be missing some)
1992
1993*, 1993
1995, 1995
1996 (Khobar)
1998,1998
1999
2000
*dubious, may or may not be al-qaeda
These facts aren't really so relevant as is the fact that Clinton had many chances to get Bin Ladin and he failed to capitalize on them. http://www.infowars.com/saved%20pages/Prior_Knowl
http://www.msnbc.msn.com/id/4540958/
Both Presidents are at fault. Both presidents failed when they had good chances of snagging him, clinton on numerous occasions, and bush with Tora Bora. http://www.msnbc.msn.com/id/8853000/site/newsweek
First of all, I've never heard of any of these interviewees. Have they done anything of note in security? I am committing a logical fallacy in asking this, but they don't carry any water in my security oriented meritocracy. As far as conferences go - I'd like to see a comparison of skillsets between attendees for say Defcon and Blackhat, excluding people attending both. I'll wager the Defcon crowd will win out anyways (not that defcon attendance = hacker, but it does mean more so than blackhat).
I'd much rather have a reformed blackhat on my team, than a white-hat. Simply judging from the people I've known in the industry, the people pushing the envelope have the greater skills and tend to have at least some illegal behaviour in the past.
Thinking as an attacker is a skill that requires cultivation too. You don't get this from Joe Software developer.
Mark my words, it is coming.
Turnitin.com will be on the receiving end of a class action lawsuit.
Why?
They violate student's IP rights (copyright)
They profit from it.
They farm the web using bots and also add it to their database
Beyond the simple case with them going after students materials, they are essentially farming the entire web for material, then adding it to their database, then making a profit from it. I wonder if they are likewise obtaining content from the large media conglomerates (most likely).
I hope turnitin gets sued. I want to be a member of the class too, because they have things my school has submitted, and they have probably farmed my website too.