I work in the field. There's only one question I really care about - the rest is just a simple question of reading man pages and documentation and textbooks and writing policies and having meetings and reviewing designs and, and, and. You know. Stuff that you can do.
What I want to know is, how can I make my senior management care?
Seriously. Yes, I've tried all the known things. All I have to cling to now are customer requirements. Show them a pot of gold and, like Valerie Solanos' view of men and sex, they'd wade through a river of warm puke up to their nostrils to get to it, and if that means tossing some budget at security, they'll do it. (So, to answer my own question -- folks who are involved in assessing suppliers - for heaven's sake, ask them about their security, and I mean really ask - don't believe the marketing bullshit, look for independent reviews and certifications. Hell, even an ISO 27001 cert is better than nothing (and that has very little to do with real, on-the-metal infosec.)
That whole "don't worry, we have two more ready to go" line really puzzles me. Aren't they going to do a full accident investigation, find out what's wrong with the design or QA that enabled it to happen, and fix it, before scheduling future launches? Hmmm, there's a saying about a fool and his money...
I personally am as sceptical about the "private enterprise spaceflight" for anything other than satellite launches (for which there is a large well-established market) as the next, er, troll, but to be fair to the SpaceX people: launching into orbit is very, very difficult. It would be really amazing if they'd had no failures at all.
The good news is that each time a total-loss-of-vehicle accident happens, they get to fix it. Eventually most of such failure modes are identified and fixed. SpaceX are infinitely more likely to reach orbit than Scaled Composites.
I have to agree that the "manned flights in 2009" milestone looks, well, a little optimistic; you don't really want to be sitting on a booster that's had less than half a dozen flawless launches, at least. At least, I don't, and I really don't want to be seeing footage of "heroic" idiots incinerating themselves in the name of progress, either. If people want to commit suicide that badly, please don't show me video. I have an over-active imagination and don't enjoy it one little bit.
Quite so. What peeves me (as a practioner in the field) is the people who try to decide where to spend their security dollars by doing absurd calculations using such unmeasurable values. (not to mention all the certs that require you to parrot such nonsense as if you believed it.)
"...you're pretty sure that... " comes down to gut feel, experience, and professional judgement. This is bad news for the attempts to put infosec on a similar professional basis to business functions like audit or accountancy (or plain ol' engineering, not to mention attempts to reduce it to a teachable subject. You can learn a lot from studying of course (and if you don't study, you won't be much good), but experience and... I hate to say it, but "talent" come into play.
I stand corrected, shame on me for not checking my facts; thanks. It turns out I had the wrong idea of the relative power of Falcon 9, and I had no idea at all they were going to try manned launches in 2009. After last night's debacle (yes I was awake to watch it live, at 4am in the UK) I wonder how many of the NASA hater types would still like a ticket on one of the first, say, dozen manned flights.
Yeah, it's no biggy. We've had ANPR systems in the UK for years now, both static and mobile systems in police cars. What's the difference between a cop reading off a license plate over the radio (or manually punching it into a terminal) - which is what they've done for at least forty years - and the gizmo doing it automatically? It only triggers on unlicensed / uninsured cars. Admittedly there are some teething troubles and data accuracy issues, but hey, if a few dozen innocent motorists having their cars crushed (yeah, they do that) saves me (and every other motorist in the country) a few quid on my insurance, I'm all in favour. Yeah, I'm in a "fuck civil liberties, make the trains run on time" sorta mood today, probably I'll be thinking straight after more coffee... bit groggy after staying up all night to watch the latest Falcon fiasco...
Alter Relationship
Hell I'm a republican, and I'd pony up $100 to see that as well,
Well I'm not American, and I'd pay good hard cash to watch any random American congresscritter or senator administering a good hard smack in the face to another one. I'd pay more for a generalised brawl, though. Using furniture as improvised weapons? More still. Gunplay? Hold me back, honey, or I swear the kids aren't going to college!!
So it's 1825 UTC on August 2nd, and there are 1003 comments on this post. I only hit the link to see what the hell was so interesting about a political squabble in Congress to get so many comments... I should have guessed. The price of oil.
Isn't it possible that just maybe enormous uptick in demand over the past decade as China industrialises might possibly have something to do with the rising price? OPEC can't make the price fall at this point; there just isn't the spare capacity. They're pumping as fast as they can go - after all it costs the same to pump and refine, but the product's fetching time times more than it was a few years ago.
No, although theoretically if something swims past one of the microscopy instruments (there's an Atomic Force Microsoft as well as an optical instrument) that could be seen. However the Aviation Leak report specifically says their sources say "it's not life itself", but something to do with the behaviour of the soil in the presence of water - which is exactly what the "wet chemistry" aspect of MECA is about; adding pure water (carried from earth) to the samples to see what happens.
if indeed they confirmed the existance of water, it seems to me very likely that they will also find at least the building blocks of life
Why? We've known there was water (ice) on Mars for ages, just as we know the moons of the gas giants are giant balls of ice, and I'm pretty sure it's been observed in molecular clouds in deep space as well. As none of that's alive, what makes you think this would be any different?
2101: [snip stuff about Judge Cal the mad despot] The powerful mutant Father Earth leads a massed attack on Mega-City One, destroying Power Tower (a controlled volcano) and unleashing a flood of lava, before being stopped. A few months later, an invasion of mutant spiders leads to the burning of entire sectors.
If this was Microsoft, Sun, Red Hat, etc., people would be ranting about it, but since it is Apple, it must be okay.
To be fair, if you look up and down the comments around this you can see a big barrel o'hate being upended over Jobbsey's smug fatuous face. Quite right too, I'm delighted the short-lived love affair with "open source" geek types drooling over the idea of lickable bash shells is wearing off a little.
In English common law we have this marvellous word "reasonable". If your legal system is fucked, that's tough, but you really think the answer to a system that can make anyone a criminal is to have everyone ACT like a criminal?? Only in America.
We'll be taking trips out of LEO to go mining just as soon as Earth runs out of rocks, and someone figures out how to launch 10,000 tons of smelter. Oh, wait, that's never going to happen is it. DUH.
Slashdot Mirror
I work in the field. There's only one question I really care about - the rest is just a simple question of reading man pages and documentation and textbooks and writing policies and having meetings and reviewing designs and, and, and. You know. Stuff that you can do.
What I want to know is, how can I make my senior management care?
Seriously. Yes, I've tried all the known things. All I have to cling to now are customer requirements. Show them a pot of gold and, like Valerie Solanos' view of men and sex, they'd wade through a river of warm puke up to their nostrils to get to it, and if that means tossing some budget at security, they'll do it. (So, to answer my own question -- folks who are involved in assessing suppliers - for heaven's sake, ask them about their security, and I mean really ask - don't believe the marketing bullshit, look for independent reviews and certifications. Hell, even an ISO 27001 cert is better than nothing (and that has very little to do with real, on-the-metal infosec.)
That whole "don't worry, we have two more ready to go" line really puzzles me. Aren't they going to do a full accident investigation, find out what's wrong with the design or QA that enabled it to happen, and fix it, before scheduling future launches? Hmmm, there's a saying about a fool and his money...
I personally am as sceptical about the "private enterprise spaceflight" for anything other than satellite launches (for which there is a large well-established market) as the next, er, troll, but to be fair to the SpaceX people: launching into orbit is very, very difficult. It would be really amazing if they'd had no failures at all.
The good news is that each time a total-loss-of-vehicle accident happens, they get to fix it. Eventually most of such failure modes are identified and fixed. SpaceX are infinitely more likely to reach orbit than Scaled Composites.
I have to agree that the "manned flights in 2009" milestone looks, well, a little optimistic; you don't really want to be sitting on a booster that's had less than half a dozen flawless launches, at least. At least, I don't, and I really don't want to be seeing footage of "heroic" idiots incinerating themselves in the name of progress, either. If people want to commit suicide that badly, please don't show me video. I have an over-active imagination and don't enjoy it one little bit.
Quite so. What peeves me (as a practioner in the field) is the people who try to decide where to spend their security dollars by doing absurd calculations using such unmeasurable values. (not to mention all the certs that require you to parrot such nonsense as if you believed it.) "...you're pretty sure that... " comes down to gut feel, experience, and professional judgement. This is bad news for the attempts to put infosec on a similar professional basis to business functions like audit or accountancy (or plain ol' engineering, not to mention attempts to reduce it to a teachable subject. You can learn a lot from studying of course (and if you don't study, you won't be much good), but experience and... I hate to say it, but "talent" come into play.
What part of "potential for" don't you understand?
I stand corrected, shame on me for not checking my facts; thanks. It turns out I had the wrong idea of the relative power of Falcon 9, and I had no idea at all they were going to try manned launches in 2009. After last night's debacle (yes I was awake to watch it live, at 4am in the UK) I wonder how many of the NASA hater types would still like a ticket on one of the first, say, dozen manned flights.
we have not known that there is ice on mars, only speculated that it is likely.
No, really, it's been known for years.
The moons of the gas giants are hardly giant balls of ice, though many do contain "ice", although that ice may not be water.
No.
Yeah, it's no biggy. We've had ANPR systems in the UK for years now, both static and mobile systems in police cars. What's the difference between a cop reading off a license plate over the radio (or manually punching it into a terminal) - which is what they've done for at least forty years - and the gizmo doing it automatically? It only triggers on unlicensed / uninsured cars. Admittedly there are some teething troubles and data accuracy issues, but hey, if a few dozen innocent motorists having their cars crushed (yeah, they do that) saves me (and every other motorist in the country) a few quid on my insurance, I'm all in favour. Yeah, I'm in a "fuck civil liberties, make the trains run on time" sorta mood today, probably I'll be thinking straight after more coffee... bit groggy after staying up all night to watch the latest Falcon fiasco...
...DiY servicing and maintenance, no license needed, cheap spares available everywhere...
Winglet? WingNUT is more like it.
A gram? Positive?
Thanks, I'm here all week.
What, to be blunt, the fuck is going on?
As your comments says, Microsoft are being evil. That is what they are. What they do is be what they are. Evil.
Alter Relationship Hell I'm a republican, and I'd pony up $100 to see that as well,
Well I'm not American, and I'd pay good hard cash to watch any random American congresscritter or senator administering a good hard smack in the face to another one. I'd pay more for a generalised brawl, though. Using furniture as improvised weapons? More still. Gunplay? Hold me back, honey, or I swear the kids aren't going to college!!
We are all SO fucked it's not even funny.
Isn't it possible that just maybe enormous uptick in demand over the past decade as China industrialises might possibly have something to do with the rising price? OPEC can't make the price fall at this point; there just isn't the spare capacity. They're pumping as fast as they can go - after all it costs the same to pump and refine, but the product's fetching time times more than it was a few years ago.
No, although theoretically if something swims past one of the microscopy instruments (there's an Atomic Force Microsoft as well as an optical instrument) that could be seen. However the Aviation Leak report specifically says their sources say "it's not life itself", but something to do with the behaviour of the soil in the presence of water - which is exactly what the "wet chemistry" aspect of MECA is about; adding pure water (carried from earth) to the samples to see what happens.
if indeed they confirmed the existance of water, it seems to me very likely that they will also find at least the building blocks of life
Why? We've known there was water (ice) on Mars for ages, just as we know the moons of the gas giants are giant balls of ice, and I'm pretty sure it's been observed in molecular clouds in deep space as well. As none of that's alive, what makes you think this would be any different?
MECA can't do that ("carbon chains" - are you thinking of amino acids?)
'We think a three-to-one ratio of alerts to actual events is what the market will accept,' he says. 'We could be wrong.'"
Fail!
2101: [snip stuff about Judge Cal the mad despot] The powerful mutant Father Earth leads a massed attack on Mega-City One, destroying Power Tower (a controlled volcano) and unleashing a flood of lava, before being stopped. A few months later, an invasion of mutant spiders leads to the burning of entire sectors.
So did you test the exploit code? huh?
If this was Microsoft, Sun, Red Hat, etc., people would be ranting about it, but since it is Apple, it must be okay.
To be fair, if you look up and down the comments around this you can see a big barrel o'hate being upended over Jobbsey's smug fatuous face. Quite right too, I'm delighted the short-lived love affair with "open source" geek types drooling over the idea of lickable bash shells is wearing off a little.
Funny you should say that. Someone just released exploit code that, when used with the DNS cache-poisoning attack, allows the attacker to masquerade as the Apple OS update site and supply arbitrary binaries that the victim machine will happily download and install. That's right, in 2008 MacOS doesn't use SSL to authenticate the OS update server. The words "un fucking believable" spring to mind.
In English common law we have this marvellous word "reasonable". If your legal system is fucked, that's tough, but you really think the answer to a system that can make anyone a criminal is to have everyone ACT like a criminal?? Only in America.
Now every proposed solution must not only be "cleaner" than the technology it replaces, it must be completely and utterly non-polluting
[ Citation needed ]
We'll be taking trips out of LEO to go mining just as soon as Earth runs out of rocks, and someone figures out how to launch 10,000 tons of smelter. Oh, wait, that's never going to happen is it. DUH.