Who, honestly, really gives a fuck? C'mon kids, get off your arse, get ourdoors and get some fresh air! Cut down on your pork life mate, get some exercise!;p
Hmmm, well firstly that all sounds great but it only works if your management (a) accept your assessment of the risks they're exposed to, and (b) they remember (or allow you to remind them) of your careful risk assessments, control frameworks, independent audits and so on after something costly (in $ or in face - never underestimate the cost of a VP finding his friends taking the piss because his company got hacked) - rather than just saxx0ring your ass.
Anyway - now I'm going to get controversial here - IMO, RM for infosec is snake-oil. Why? Because real risk management is based on probability. How do you assess the probability of a successful attack using the particular threat vector you're considering? Right, you can't -- there are no actuarial tables for web-servers, unfortunately, it comes down to unquantifiable things like your experience, your sense of what's happening in the wild, and any other random things you'd like to throw into the mix. That way madness lies, believe me. The only function of RM is to give your audit group something to keep them out of harm's way.
Security is pretty damn hot at the moment - however, having decided to switch career tracks, it's taken me six or seven years to get my salary back up to what I was earning in 1999-2000 as a web dev.) Now that I know my stuff and have a couple of big name employers on my CV, I could earn quite a lot more.) However there's a reason for that:
Security is hard, much harder than you think, because the obvious instant answers are usually impossible for political reasons.
Your main role in security is to give the warm fuzzies to investors and senior management that "Something Is Being Done".
If anything happens, it's YOUR arse on the line - not the dopy admin or lazy programmer or stupid end user, YOURS. Your job is to secure the (virtually) unsecurable.
Security is often the point where all the departmental rivalry, executive willy-waving and fatuous politics comes together. Everyone, however, will agree on one thing: you are paranoid, delusional, and are asking for impossibly "ivory tower" stuff that no-one in the real world could ever use.
For all that, though, I love the role - mostly for the reasons above; if you can accomplish anything at all in the face of all that, you get a marvellous sense of achievement:) It's also ideal for people who know something about lots of things -- I cover everything from the door access controls and CCTV, source code review, internal pentests, design vulnerability assessments, technical architectural committees, operational infrastructure, desktops and laptops; I deal with XP, W2K3, several flavours of Linux, CATOS, IOS, and a variety of horrible proprietary CLIs various vertical apps, wide area networking, wifi, PDAs,... I also get to read the secuirty mailing lists on my employer's time, which is great. OTOH the employer's time runs from midnight to 23:59 each day, but - anything for a weird life...;)
nohiphop
in England? Shurely shome mishtake! (OK, OK, Newport (home the The Chain) is just over the border in Wales... geographically speaking. [ Psychogeographically, it's like Cardiff Arms Park;) ]
The single most life-changing book I ever read was Beyond Freedom and Dignity" by the psychologist B.F. Skinner. His earlier work on Behaviourism (in a nutshell - science can only speak of observable phenomena. Internal mental states are not, in general, accessible. Humans are composed of atoms and molecules that are subject to the same physical laws as the rest of the world) was criticised by some as suggesting that human behaviour is deterministic, in the sense that it's determined entirely by (a) genetic make-up and (b) learned responses to environmental stimuli. Various religious nutters said this left no room for freedom (of will), dignity - the sense that we are some transcendent sense "Good" because we obey the morals of the society we happen to have been born into. He simply pointed out that "morality" ultimately means "that which enables genes to propogate is good. That which prevents or harms it is bad."
That really seemed like the end of the argument to me back in 1990, so much so that I jacked in my psychology degree, dropped out of university & left rural Ireland for London and a job scouting for rock bands.
I propose we invest a trillion dollars in constructing huge candy-striped balloons at the bottom of the ocean. We can all go and live there! It's a pointless waste of money and will never work, true, but if you disagree you're a Luddite!
You sound a lot like the folks back when who said we'd never drive at 60 MPH 'because it will suck all the air out of your lungs', or the engineer who claimed that 'rockets will never work in space because there's nothing to push against'.
Those assertions were trivially disprovable when (if) they were made. However, the balance of proof is reversed when it comes to space colonisation, because the first railway engine didn't cost trillions of dollars, was economically viable, (which was why it was such a roaring success -- hint, hint) and it actually achieved something useful -- it moved people from Stockton, a large well-established human settlement, to Darlington, a well-established settlement (I won't call em human... I've/been/ to Darlington.) There were lots of people who wanted to go from A to B, and indeed from B to A. The only people who want to go to Mars are a very small number of ego-tripping over-achievers, and a vast army of delusional geeks.
Few people in 1900 would have predicted airliners, satellites, nuclear weapons and ICBMs less than 70 years later. Right, so anything that would have been thought impossible fifty or a hundred years ago, must be practical now. Why, with our technological might, we can achieve anything we want! Bad news: you can't engineer human societies or economies with new materials the way you can engineer rocket engines with new alloys. (Many have tried: check your local history textbook for details.)
My "cynicism" (realism) in this matter is founded on tendentious things like Newton's laws and our understanding of the conditions on the surface of Mars. Believe me, you don't really want to go there.
Colonizing space is the only hope for our species to last more than a few more millenia IMO
If we're going to destroy ourselves living here on Earth, where let's face it we are quite nicely tuned to survive by 4 billion years of evolution, what makes you think things will be different on Mars, where you can kill someone in seconds by sticking a rusty nail through their suit?
Do yourself a favour kid, go read up on some actual orbital mechanics, some rocket and spacecraft engineering, and a smidgen on the Martian environment before trying to patronise me. You might like to throw in a dash of sociology and psychology, and perhaps think a bit about historical precendents for trapping people in an enclosed spaces for an indefinite period of time. Re-examine your assumptions: they are wrong.
P.S. Sophomoric? I watched Apollo at the time! Lordy... I thought the days of feeling insulted by having my age underestimated were long gone!;)
That goes for UU or Above.Net as much as the teensy networkette I actually run. If my users don't like it, I'll lose em.
Network neutrality is the wrong solution to the real problem, which is last-mile monopolies in the US domestic ISP market. Sort your government out, make it illegal to buy law enforcement, and join the rest of us in the 21st Century. Or don't. Personally, I couldn't give a fuck, as I'm not in the US.
I started writing a reasoned explication of the pointlessness and irrelevance of this whole story, but I made myself too angry with the uncritical "private space colonisation" fanboy mentality that says we'll all be living on Starship Enterprise in a century's time. To those people (probably everyone on this thread) I say this: turn off the damn Star Trek DVDs and get a life. Colonising space is an infantile fantasy. Grow up and get over it already, ffs.
Fuck, even this has now turned into flamebait. Dear Taco, could we possibly split the "science" section into "techno-utopia bullshit" and "actual science" categories please?
>Why do you think that the chance of permanent Mars base is zero?
In a nutshell, it's entirely unsustainable. It could never be self-supporting. Thus it would never be more than a very very expensive prestige project.
>What do you propose instead?
Why should there be any instead?
> Space habitats? Colonizing asteroids? Or are you saying that we are just gonna hang around on the Earth for a while and then die?
>
The latter, of course. What makes you think homo sapiens is not subject to the same laws of biology, physics, and statistical chance over geological time periods that everything else on the planet is?
Your job is safe in the short term. In the long term, competitors with a lower cost base will eat your lunch (because you know that 100% MS shops are more likely to be pissing away huge piles of money on expensive brochureware "Enterprise Solutions" and zillions of clueless, ill-educated "consultants".
Of course IT spend is only a portion of your capex and opex, but when all other things are equal (which they will be when averaged over millions of businesses across the world) cheap/free software that works will win.
Mind you, in 1998 I thought Oracle would be bankrupt by now - that's the power of lock-in for you I guess...
Not at all, I've been on Slashdot for years (since before user accounts in fact), but I disagree with the general consensus on a couple of things that are a big deal to Slashdot. One is the usefulness, practicality, and probability of manned spaceflight (in particular, ideas about colonisation of space as if it's the new Wild West). There's a ton a stuff on here I'm not interested in at all, but that's fine, i just don't read stories about gaming... but I'm very, very interested in astronomy and planetary science. I hope that doesn't make me a troll.
Why would I be joking about Mars colonisation being an impractical fantasy? I look at raw images from the MER rovers virtually every day, I am *fascinated* by the planets - Mars and Venus in particular; some of the gas-giant moons are pretty cool, too. I'm failing to express myself here,, I guess what I mean is, "why would you think I'm joking?" It's a perfectly serious opinion, hopefully the people on the planet in a position to decide whether to do it or not will realise it's a waste of resources before wasting too much. I do think that the chances of the current Dubya plan to land on teh moon as a precursor to going back to Mars isn't going to happen - and I'll put money on this, real folding cash money you can buy beer with. Chances that the programme will produce a successful landing on the moon are pretty good; I'd say as good as 3:1. But the chances of that translating to a successful manned mission to Mars and back is 50:1 at best; and the chance of a permanent manned presence is nil.
According to the SANS Incident Handler's Diary, various issues have been reported in Cisco VOIP phones, Blackberrys, Veritas aka Symantec BackupExec, and Watchguard firewalls.
...except for being totally arid (no, really, there's a lot more water in even the dry deserts of Antarctica than anywhere on Mars - on the surface anyway); and the atmospheric pressure is rather lower, being about 0.1% of that in Antarctica; and of course the lack of a magnetosphere and atmosphere means that surface has been steadily cooked by high-energy cosmic rays and solar irradiation. Oh yeah and the gravity's 2/3 the value on Earth. And if you're in Antarctica,you now more than 100ms (as the packet flies) from civilisation. And of course the chemistry of the surface is pretty acidic; Spirit's found deep deposits of various types of ferrous and sulphate salts - the closest similar formations on earth are, I believe, in Death Valley. And finally, virtually no earth life would survive more than a few seconds on the surface; there are various lichens and mosses (and biofilms, at a lower level) in amongst the rocks in the dry valleys and other arid deserts in Antarctica.
Still, some lunatics want to spend billions of dollars to take a picture of someone saluting an American flag there. There are even some crackpots who want to try to set up some sort of permanent manned presence there - the poor, deluded fools... go figure! (Thinks: if I observe that this is what happens when you watch too much Star Trek, will I get a flamebait mod? hey, if you disagree, don't mod me down - explain what I've got wrong.
Bored? Looking to kill five minutes? Nothing new on the newsfeeds? Start here...:
$ ls -l/usr/bin/a*
I bet you don't know what half of those do. Go hit the man pages (or google up docs on anything your system for which you don't have the manual.) Rinse & repeat for b,c,.. I've been doing this for years & still find plenty of new stuff.
but they've BEEN subject to ACTUAL terrorism via the IRA for much longer... like 20 years, Much longer than that. There were "Fenian outrages" in the 50s, and IIRC before the war and indeed before 1920 (Irish independence.)
-- tangent: Are you aware of the origin of the phrase "Something must be done!" ? It's rather interesting. It was said by (the British) King Edward VIII when he took the unprecedented decision to visit the wastelands of industrial Britain in the early 30s and saw the desperate grinding povery caused by mass unemployment in the pre-social security era.
yes, of course, but when you you learn & develop new skills? I've never had formal training since I last worked at a megacorp multinational (D&B). The "small-to-medium" co I work for now (500 or so employees) provides some crappy Office CBT and naff all else. So I spend some of my own time reading round the subject. Eg the Richard Beijtlich "Tao of Security Monitoring" at present.
Can I just say, I consider myself a geek and I would *never* waste time watching *any* of that crap that you've listed. Same thing with games -- how the fuck can y'all spend hours and hours playing confounded MMORPGs and shooting shit up and all the rest of it? I haven't enough time for my official paid work, let alone the routine own-time self-maintenance stuff (learning new stuff, reading books & generally staying up to date.)
...that's AdamLaurie! The godlike genius of Shepherd's Bush! Seriously though... he's something of a geek hero to me. Dunno why (apart from respect for a fellow-survivor of Bush) -- lots of other people write code and do research, but he just seems like such a nice chap with it.
I've not had much formal education in English grammar, but the construction "Were I to do something, the thing I would do would be X" is well-established vernacular at the least, and I think it's actually formally correct grammar as well. Disclaimer: it is UK English of which I speak;)
Yeah, right, he's a member of the Faculty of Mumbo-Jumbo, Visiting Lecturer in Spaghetti Aviation, and has written the definitive undergraduate textbook on fairies, elves and goblins.
I mean, please, "Professor" of theology? That makes no sense anywhere. Professor of the history or psychology (or even philsophy, at a stretch) of religion, possibly. Theology? C'mon do us a favour. Anyone who took him more seriously because of that claimed title deserves everything they get.
Slashdot Mirror
Who, honestly, really gives a fuck? C'mon kids, get off your arse, get ourdoors and get some fresh air! Cut down on your pork life mate, get some exercise! ;p
Anyway - now I'm going to get controversial here - IMO, RM for infosec is snake-oil. Why? Because real risk management is based on probability. How do you assess the probability of a successful attack using the particular threat vector you're considering? Right, you can't -- there are no actuarial tables for web-servers, unfortunately, it comes down to unquantifiable things like your experience, your sense of what's happening in the wild, and any other random things you'd like to throw into the mix. That way madness lies, believe me. The only function of RM is to give your audit group something to keep them out of harm's way.
(Don't mod me down unless you know D&C.
- Security is hard, much harder than you think, because the obvious instant answers are usually impossible for political reasons.
- Your main role in security is to give the warm fuzzies to investors and senior management that "Something Is Being Done".
- If anything happens, it's YOUR arse on the line - not the dopy admin or lazy programmer or stupid end user, YOURS. Your job is to secure the (virtually) unsecurable.
- Security is often the point where all the departmental rivalry, executive willy-waving and fatuous politics comes together. Everyone, however, will agree on one thing: you are paranoid, delusional, and are asking for impossibly "ivory tower" stuff that no-one in the real world could ever use.
For all that, though, I love the role - mostly for the reasons above; if you can accomplish anything at all in the face of all that, you get a marvellous sense of achievementno hip hop in England? Shurely shome mishtake! (OK, OK, Newport (home the The Chain) is just over the border in Wales... geographically speaking. [ Psychogeographically, it's like Cardiff Arms Park ;) ]
That really seemed like the end of the argument to me back in 1990, so much so that I jacked in my psychology degree, dropped out of university & left rural Ireland for London and a job scouting for rock bands.
Those assertions were trivially disprovable when (if) they were made. However, the balance of proof is reversed when it comes to space colonisation, because the first railway engine didn't cost trillions of dollars, was economically viable, (which was why it was such a roaring success -- hint, hint) and it actually achieved something useful -- it moved people from Stockton, a large well-established human settlement, to Darlington, a well-established settlement (I won't call em human... I've /been/ to Darlington.) There were lots of people who wanted to go from A to B, and indeed from B to A. The only people who want to go to Mars are a very small number of ego-tripping over-achievers, and a vast army of delusional geeks.
Few people in 1900 would have predicted airliners, satellites, nuclear weapons and ICBMs less than 70 years later. Right, so anything that would have been thought impossible fifty or a hundred years ago, must be practical now. Why, with our technological might, we can achieve anything we want! Bad news: you can't engineer human societies or economies with new materials the way you can engineer rocket engines with new alloys. (Many have tried: check your local history textbook for details.)My "cynicism" (realism) in this matter is founded on tendentious things like Newton's laws and our understanding of the conditions on the surface of Mars. Believe me, you don't really want to go there.
Colonizing space is the only hope for our species to last more than a few more millenia IMOIf we're going to destroy ourselves living here on Earth, where let's face it we are quite nicely tuned to survive by 4 billion years of evolution, what makes you think things will be different on Mars, where you can kill someone in seconds by sticking a rusty nail through their suit?
Do yourself a favour kid, go read up on some actual orbital mechanics, some rocket and spacecraft engineering, and a smidgen on the Martian environment before trying to patronise me. You might like to throw in a dash of sociology and psychology, and perhaps think a bit about historical precendents for trapping people in an enclosed spaces for an indefinite period of time. Re-examine your assumptions: they are wrong.
P.S. Sophomoric? I watched Apollo at the time! Lordy... I thought the days of feeling insulted by having my age underestimated were long gone! ;)
That goes for UU or Above.Net as much as the teensy networkette I actually run. If my users don't like it, I'll lose em.
Network neutrality is the wrong solution to the real problem, which is last-mile monopolies in the US domestic ISP market. Sort your government out, make it illegal to buy law enforcement, and join the rest of us in the 21st Century. Or don't. Personally, I couldn't give a fuck, as I'm not in the US.
Fuck, even this has now turned into flamebait. Dear Taco, could we possibly split the "science" section into "techno-utopia bullshit" and "actual science" categories please?
In a nutshell, it's entirely unsustainable. It could never be self-supporting. Thus it would never be more than a very very expensive prestige project.
>What do you propose instead?
Why should there be any instead? > Space habitats? Colonizing asteroids? Or are you saying that we are just gonna hang around on the Earth for a while and then die? > The latter, of course. What makes you think homo sapiens is not subject to the same laws of biology, physics, and statistical chance over geological time periods that everything else on the planet is?
Deja-vu, anyone?
If ever there was a case for cruel and unusual punishment, Darl is it. I say we make him spend the rest of his days as a Java programmer.
Of course IT spend is only a portion of your capex and opex, but when all other things are equal (which they will be when averaged over millions of businesses across the world) cheap/free software that works will win.
Mind you, in 1998 I thought Oracle would be bankrupt by now - that's the power of lock-in for you I guess...
Why would I be joking about Mars colonisation being an impractical fantasy? I look at raw images from the MER rovers virtually every day, I am *fascinated* by the planets - Mars and Venus in particular; some of the gas-giant moons are pretty cool, too. I'm failing to express myself here,, I guess what I mean is, "why would you think I'm joking?" It's a perfectly serious opinion, hopefully the people on the planet in a position to decide whether to do it or not will realise it's a waste of resources before wasting too much. I do think that the chances of the current Dubya plan to land on teh moon as a precursor to going back to Mars isn't going to happen - and I'll put money on this, real folding cash money you can buy beer with. Chances that the programme will produce a successful landing on the moon are pretty good; I'd say as good as 3:1. But the chances of that translating to a successful manned mission to Mars and back is 50:1 at best; and the chance of a permanent manned presence is nil.
Any takers?
According to the SANS Incident Handler's Diary, various issues have been reported in Cisco VOIP phones, Blackberrys, Veritas aka Symantec BackupExec, and Watchguard firewalls.
Still, some lunatics want to spend billions of dollars to take a picture of someone saluting an American flag there. There are even some crackpots who want to try to set up some sort of permanent manned presence there - the poor, deluded fools... go figure! (Thinks: if I observe that this is what happens when you watch too much Star Trek, will I get a flamebait mod? hey, if you disagree, don't mod me down - explain what I've got wrong.
...and if that returns a lot of "nothing appropriates", you may need to run /usr/sbin/makewhatis . As I just found by reading the whatis manpage.
http://en.wikipedia.org/wiki/Edward_VIII_of_the_ United_Kingdom
yes, of course, but when you you learn & develop new skills? I've never had formal training since I last worked at a megacorp multinational (D&B). The "small-to-medium" co I work for now (500 or so employees) provides some crappy Office CBT and naff all else. So I spend some of my own time reading round the subject. Eg the Richard Beijtlich "Tao of Security Monitoring" at present.
Perhaps it's just me.
...that's Adam Laurie! The godlike genius of Shepherd's Bush! Seriously though... he's something of a geek hero to me. Dunno why (apart from respect for a fellow-survivor of Bush) -- lots of other people write code and do research, but he just seems like such a nice chap with it.
I've not had much formal education in English grammar, but the construction "Were I to do something, the thing I would do would be X" is well-established vernacular at the least, and I think it's actually formally correct grammar as well. Disclaimer: it is UK English of which I speak ;)
I mean, please, "Professor" of theology? That makes no sense anywhere. Professor of the history or psychology (or even philsophy, at a stretch) of religion, possibly. Theology? C'mon do us a favour. Anyone who took him more seriously because of that claimed title deserves everything they get.