...nor do they remain compliant with your security standards once you give developers...root access.
Restricting access to those that write the software that runs your mission critical systems, is not going to increase security. I will tell you from experience that it will decrease your security. When a developer does not have the access they need to complete their job, and have to spend unnecessary time contacting system administrators to handle small changes, you will end up with developers creating workarounds. These workarounds are usually written out of desperation and frustration, which is not a mindset conducive to security conscious decisions.
I am not saying that developers should be granted full root access, I'm just saying that every limitation that is placed on a developer is in itself a security risk as developers work around those limitations.
If you can't trust your developers you are already fucked, just as much as if you can't trust your admins, or your security experts.
Aside from jobs like mine...there are hardly any good reasons for unions to exist in the US anymore.
Don't think I've ever seen such blatant hypocrisy. If even a single job in the has reason for a labor union, then they all do. There is nothing special about certain jobs that make them more in need of collective bargaining.
Ideally you'd pick the best solution for the problem every time.
This is really all you needed to say. It's just that a lot of people don't understand what exactly makes the "best solution." The best solution is not always the fastest, or the cheapest, or the newest or the coolest. More often than not, the best solution is one that you can build and maintain with your current available resources. If you have an entire.Net shop with say a hundred experienced.Net developers, that you have to keep to maintain the dozen.Net apps you already have, then the best solution would probably not be to build your web app in PHP. Sure the "best solution" for regex processing might be Perl, but you would be a fool to throw that into your all Java stack without some really compelling reason.
In Googles case, replacing you well understood and working system with a new, possibly better, implementation, is not necessarily the "best solution."
Little More clarification here. The ninth states that it is not restricted just because it is not listed as a protected right in the constitution. The Tenth grants the rights of further restrictions and protections, not listed in the constitution, to be up to each individual state. Mind you none of that mattes since the 14th is what arguably grants protection from the current practices of DUI check points, and constitutional amendments apply to federal and state governments.
They already weeded most people out by the shear lack of interest in becoming a doctor. Then of those that are interested, they automatically weed out all of those that can't or chose not to dedicate the next 10+ years of their life pursuing it. Then they automatically weed out all the people who can not afford medical school and do not qualify for scholarships or grants. Do we really need yet another way of weeding people out? Are there really that many people interested in becoming doctors that we need to have an exam to limit the number of eligible people?
When it comes to by medical care (or anyone that works for me), I personally don't care if they do all the work themselves, as long as they get the right answer.
If given the choice of who to pick as a medical doctor would you rather have one person that thinks they know what they are doing, or a person smart enough to hire a team to double check his work. Just saying, you can't judge a persons skills just because they chose a more efficient way of by passing an unnecessary barrier to entry.
Oh and quit the hyperbole, no one was endangering any one here. This was not about practicing medicine, just about getting into an establishment to learn how to practice medicine.
Amen. I can only wonder what the other 49 states are doing, and if they have any interest in this "every last mile" concept.
It's one thing to promise "every last mile" when you only have to worry about less than 10k square. Not so easy to do when you have to consider over 100k square or even over half a million square.
Again, where is there any single confirmation that any card numbers have been stolen. Sony's official statement was that they had no evidence that the card data was accessed. And as much as I Sony certainly has reason to lie, their has been no third party verification that their statement is in anyway false. You, and everyone else that likes to cry "shill" and "plant" or even "fanboi" need to start backing up your own statements with some sort of corroboration.
And again, I am not saying that the card information was not stolen, or that it is not or will not, be used illegally. All I am saying is that as of this moment, not a single person has proved any evidence that any card information was stolen, or that it has been used illegally. If someone can provide some, I for one, being a PSN user that has used a credit card on the network, though I never stored it there (wish Sony would confirm if they actually deleted the data when the user deleted it), would love to see the details so I can help spread the correct information.
Thanks for proving there is no confirmation of any card activity related to the PSN breach. And by the way, not everyone that questions common misconceptions is a plant from some corporate organization. I'm just an average person trying to stop the flow of misinformation.
How much is this going to cost the people who's credit information was stolen?
So far, nothing, since there has yet to be a single confirmed case of fraud against card information retrieved from PSN. So far there has not even been any confirmation that card information was stolen. If you can provided a source confirming stolen card information, please post it.
It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.
Other the vast majority of the information, and nearly all the unencrypted/hashed information (with the exception of the so called security questions for password retrieval). , is public domain, at least in the united states. I would also like someone to point me to a reputable reference providing admission or evidence that credit card information was retrieved from the PSN intrusion. I'm not saying it doesn't suck, I'm just saying that most of the concern is unwarranted.
or do like Eddie Murphy says... have a Coke and a smile and shut the fuck up.
It was actually Richard Prior that said that, Eddie Murphy was just quoting him. Never mind that it would work better if it was Microsoft and not apple since the whole quote is "Tell Bill to have a coke and a smile, and shut the fuck up."
As I said to someone else that pointed this out in a different thread, thanks for pointing this study out. It's relatively new so I was not familiar with it (not actually being a geneticist, nor particularly interested in the evolution argument.)
I actually considered this exact thing, but for the sake of brevity I used layman's terms. But apparently even the pendants such as yourself understood clearly the intent.
I'll ignore your attempt to label me unknowingly, and just simply thank you for pointing out a reference. This is a relatively new study and I was not at all familiar with it. Sadly it is still just a single study that has not been independently verified.
there aren't any experiments you can do to demonstrate evolutionary theory.
Sure there are, but they may take a few million years to get results.
You must have a lot of faith in your belief to be so confident that evolution can be demonstrated in a few million years (and it should only take hundreds of thousands in humans, much less in animals with shorter generational cycles).
As a firm believer in evolution, I would really appreciate it if you could point me to a documented and repeated experiment that showed a bacteria or fruit fly evolving into in a new species. I would also like to see the proof that has disproved creationism.
Sadly your examples do not demonstrate evolution at all. What your examples demonstrate is the hereditary nature of genetics. Evolution requires a species to take on a trait not previously existent or to lose a trait that was existent, not just to show a limiting of variation.
As a firm believer in evolution, I would have much preferred that you used experiments that actually prove evolution, which you may be able to find if you look at studies of bacteria and viruses. But even that doesn't really disprove the kind of evolution that we are talking about here. So if you really want to shut up the creationists, under what ever name, you are going to have to find documented proof of a reproducible experiment showing the evolution of a species into a new and unique species. Otherwise you might do best to not state evolution as if it were a fact, but as falsifiable theory that has yet to be proven false.
By that argument, every language that can be used for DOM manipulation has the same exact problem and there for is a Bad language. This includes C, C++, C#, VB, Java, Python, Ruby... I think you get the point. Don't blame the language for the bad DOM implementation you are using. If you don't like the different DOM implementations then use a library that abstracts the differences away (Like JQuery). Using an abstraction library would be the equivalent to using libc in C to abstract away the differences in native calls. The fact that this kind of abstraction is available is just one of the signs of the strength of the JavaScript language.
The risk is mainly with the banks issuing the cards...
Correct, and so far none of those banks have issued any statements regarding any connection between fraud and the PSN intrusion. Many of the major card providers have specifically stated that there has been no pattern. My point still stand.
Slashdot Mirror
...nor do they remain compliant with your security standards once you give developers...root access.
Restricting access to those that write the software that runs your mission critical systems, is not going to increase security. I will tell you from experience that it will decrease your security. When a developer does not have the access they need to complete their job, and have to spend unnecessary time contacting system administrators to handle small changes, you will end up with developers creating workarounds. These workarounds are usually written out of desperation and frustration, which is not a mindset conducive to security conscious decisions.
I am not saying that developers should be granted full root access, I'm just saying that every limitation that is placed on a developer is in itself a security risk as developers work around those limitations.
If you can't trust your developers you are already fucked, just as much as if you can't trust your admins, or your security experts.
Yes, the car is locked, but all the cars use the same key. It would have been hard to prepare for this type of vulnerability.
I think you mean, the cars are all locked but unlocking one car, regardless of key, gives you access to all other cars.
Every user account has it's own credentials, it just happens that once you are authorized you are free to access every account, not just your own.
The iMac was the start of the 'i' trend, not the iPod.
One, does not a trend make.
Aside from jobs like mine...there are hardly any good reasons for unions to exist in the US anymore.
Don't think I've ever seen such blatant hypocrisy. If even a single job in the has reason for a labor union, then they all do. There is nothing special about certain jobs that make them more in need of collective bargaining.
Unemployment insurance eventually runs out. Once someone gets fired, whom will he or she use as a reference when seeking the next job?
Anyone willing to put in a good word for them.
Ideally you'd pick the best solution for the problem every time.
This is really all you needed to say. It's just that a lot of people don't understand what exactly makes the "best solution." The best solution is not always the fastest, or the cheapest, or the newest or the coolest. More often than not, the best solution is one that you can build and maintain with your current available resources. If you have an entire .Net shop with say a hundred experienced .Net developers, that you have to keep to maintain the dozen .Net apps you already have, then the best solution would probably not be to build your web app in PHP. Sure the "best solution" for regex processing might be Perl, but you would be a fool to throw that into your all Java stack without some really compelling reason.
In Googles case, replacing you well understood and working system with a new, possibly better, implementation, is not necessarily the "best solution."
Little More clarification here. The ninth states that it is not restricted just because it is not listed as a protected right in the constitution. The Tenth grants the rights of further restrictions and protections, not listed in the constitution, to be up to each individual state. Mind you none of that mattes since the 14th is what arguably grants protection from the current practices of DUI check points, and constitutional amendments apply to federal and state governments.
They already weeded most people out by the shear lack of interest in becoming a doctor. Then of those that are interested, they automatically weed out all of those that can't or chose not to dedicate the next 10+ years of their life pursuing it. Then they automatically weed out all the people who can not afford medical school and do not qualify for scholarships or grants. Do we really need yet another way of weeding people out? Are there really that many people interested in becoming doctors that we need to have an exam to limit the number of eligible people?
When it comes to by medical care (or anyone that works for me), I personally don't care if they do all the work themselves, as long as they get the right answer.
If given the choice of who to pick as a medical doctor would you rather have one person that thinks they know what they are doing, or a person smart enough to hire a team to double check his work. Just saying, you can't judge a persons skills just because they chose a more efficient way of by passing an unnecessary barrier to entry.
Oh and quit the hyperbole, no one was endangering any one here. This was not about practicing medicine, just about getting into an establishment to learn how to practice medicine.
Amen. I can only wonder what the other 49 states are doing, and if they have any interest in this "every last mile" concept.
It's one thing to promise "every last mile" when you only have to worry about less than 10k square. Not so easy to do when you have to consider over 100k square or even over half a million square.
Again, where is there any single confirmation that any card numbers have been stolen. Sony's official statement was that they had no evidence that the card data was accessed. And as much as I Sony certainly has reason to lie, their has been no third party verification that their statement is in anyway false. You, and everyone else that likes to cry "shill" and "plant" or even "fanboi" need to start backing up your own statements with some sort of corroboration.
And again, I am not saying that the card information was not stolen, or that it is not or will not, be used illegally. All I am saying is that as of this moment, not a single person has proved any evidence that any card information was stolen, or that it has been used illegally. If someone can provide some, I for one, being a PSN user that has used a credit card on the network, though I never stored it there (wish Sony would confirm if they actually deleted the data when the user deleted it), would love to see the details so I can help spread the correct information.
Thanks for proving there is no confirmation of any card activity related to the PSN breach. And by the way, not everyone that questions common misconceptions is a plant from some corporate organization. I'm just an average person trying to stop the flow of misinformation.
How much is this going to cost the people who's credit information was stolen?
So far, nothing, since there has yet to be a single confirmed case of fraud against card information retrieved from PSN. So far there has not even been any confirmation that card information was stolen. If you can provided a source confirming stolen card information, please post it.
It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.
Other the vast majority of the information, and nearly all the unencrypted/hashed information (with the exception of the so called security questions for password retrieval). , is public domain, at least in the united states. I would also like someone to point me to a reputable reference providing admission or evidence that credit card information was retrieved from the PSN intrusion. I'm not saying it doesn't suck, I'm just saying that most of the concern is unwarranted.
or do like Eddie Murphy says... have a Coke and a smile and shut the fuck up.
It was actually Richard Prior that said that, Eddie Murphy was just quoting him. Never mind that it would work better if it was Microsoft and not apple since the whole quote is "Tell Bill to have a coke and a smile, and shut the fuck up."
If dolphins are so smart, how come they haven't built a translator to communicate with us yet?
For the same reason we aren't trying this with Dogs. You only attempt to communicate with beings that are smarter than you.
As I said to someone else that pointed this out in a different thread, thanks for pointing this study out. It's relatively new so I was not familiar with it (not actually being a geneticist, nor particularly interested in the evolution argument.)
I actually considered this exact thing, but for the sake of brevity I used layman's terms. But apparently even the pendants such as yourself understood clearly the intent.
I'll ignore your attempt to label me unknowingly, and just simply thank you for pointing out a reference. This is a relatively new study and I was not at all familiar with it. Sadly it is still just a single study that has not been independently verified.
there aren't any experiments you can do to demonstrate evolutionary theory.
Sure there are, but they may take a few million years to get results.
You must have a lot of faith in your belief to be so confident that evolution can be demonstrated in a few million years (and it should only take hundreds of thousands in humans, much less in animals with shorter generational cycles).
As a firm believer in evolution, I would really appreciate it if you could point me to a documented and repeated experiment that showed a bacteria or fruit fly evolving into in a new species. I would also like to see the proof that has disproved creationism.
Sadly your examples do not demonstrate evolution at all. What your examples demonstrate is the hereditary nature of genetics. Evolution requires a species to take on a trait not previously existent or to lose a trait that was existent, not just to show a limiting of variation.
As a firm believer in evolution, I would have much preferred that you used experiments that actually prove evolution, which you may be able to find if you look at studies of bacteria and viruses. But even that doesn't really disprove the kind of evolution that we are talking about here. So if you really want to shut up the creationists, under what ever name, you are going to have to find documented proof of a reproducible experiment showing the evolution of a species into a new and unique species. Otherwise you might do best to not state evolution as if it were a fact, but as falsifiable theory that has yet to be proven false.
Amen brother, preach on...
By that argument, every language that can be used for DOM manipulation has the same exact problem and there for is a Bad language. This includes C, C++, C#, VB, Java, Python, Ruby... I think you get the point. Don't blame the language for the bad DOM implementation you are using. If you don't like the different DOM implementations then use a library that abstracts the differences away (Like JQuery). Using an abstraction library would be the equivalent to using libc in C to abstract away the differences in native calls. The fact that this kind of abstraction is available is just one of the signs of the strength of the JavaScript language.
The risk is mainly with the banks issuing the cards...
Correct, and so far none of those banks have issued any statements regarding any connection between fraud and the PSN intrusion. Many of the major card providers have specifically stated that there has been no pattern. My point still stand.