These are all true. But let me present to you some analogies between digital and physical security.
Let's say you're a private investigator (incident handler) who is called into to investigate a crime scene at a warehouse (or, mitigate a security incident). Your clients believe someone broke in and stole several items.
You get there and you ask what was stolen. Nobody is sure, because nobody has kept an accurate inventory of items in the warehouse.
So, you walk around and you're trying to figure out where the theif got in. You ask for a blueprint of the warehouse. But they haven't got that, either. So you spend a day making a rough thumbnail sketch of the building. Finally you get a pretty good idea of some ways the guy could have gotten in when you find a broken window (security hole).
"Oh yeah," the groundskeeper tells you. "I've been meaning to fix that for years. Just never got around to it. And I figured if I did, then it would keep that nice breeze from flowing through here (ie, the patch would break an app and the sysadmin didn't spend any time looking for fixes or workarounds).
Then one of the workers at the warehouse tells you "Y'know, there were some guys in here with a truck, loading up a whole bunch of items, maybe that they were the thieves." "They just drove in through the front door, took a bunch of stuff, and left?" you ask. "Well yeah, people come in here and unload and load stuff all the time. How was I supposed to know it wasn't authorized?" "Because it happened at two in the morning, when the warehouse was closed..." (ie, the local guys don't know their own network, or what traffic is "normal," so they can't do any misuse detection).
This is the situation I have to put up with all the time. Security is so much easier when you can keep track of your network assets and when you have an idea of what is "normal" for your network. The things is, there are simple techniques for keeping track of this stuff--SysInternals has some good free products for inventory, for instance.
So definately, more training is necessary. Having a "security mindset" doesn't mean being paranoid, but it does mean being concerned with more than just "Does the boss get his e-mail? Ok, it's Miller Time!"
The vast majority of IT type with whom I work are completely, gloriously incompetent when it comes to security.
I'm not talking about patch management and implementing the SORBS list and having a firewall and so forth. I see the whole gamut when it comes those guys.
What I never see is any kind of inventory system in place so they can say, hey, we have three thousand known MAC addresses that should be allowed on our network--what's that NEW device?
Or, "I know the operating system, patch level, loadout, and purpose of every workstation and server in this IP range, with up-to-date maps." During 99 times out of the last 100 on-site mitigation efforts in the past year, when I asked the local IT guys "Ok, where is this hacked box?" They COULD NOT TELL ME. It took them DAYS to track that shit down. DAYS. Of course, because they are incompetent, they try to stab me in the back by slamming our 24-hour support: "It took them four days to clean up the incident." "Yeah, but three days was you trying to find the box in a building with less than 100 nodes..."
I would settle for guys who knew how to use grep, who knew where the firewall logs were stored, who bought all the expensive Cisco gear and then--GASP--actually took advantage of netflow, or who even knew the IP ranges their organization had allocated to them. I have yet to find any of these among the teeming millions of dickheads with MCSEs and CCNA certifications.
Until IT stops being something you do with a GED, there will always be security problems, and I will always have a well-paying job.
I dunno...I think you could look at OS statistics on high-traffic websites and make a SWAG as to the actual representation. That's what nonparametric tests are for.
Also I think time between discovery and mitigation would be another interesting datum.
Now, if the ID advocates had their way, we would have just said, "Hey, God makes bees fly. Since I already know the real reason, there's no real reason to keep studying it."
Maybe that describes some proponents. But consider this. As a religious person I take ID as an article of faith ("God made the bees and endowed them with the ability to fly.") As a scientist I also believe that every observable phenomenon probably behaves according to certain rules ("The bees fly according to some principle X.") One proposition has nothing to do with the other.
What never ceases to amaze me is that supposedly rational people will make the same mistakes of which they accuse the proponents of ID. While ID errs in claiming it is a science, scientists often elevate empiricism to the place formerly occupied by the Almighty, any time they suggest that anything which cannot be observed and tested must necessarily not exist (hint: empiricism cannot be proven true by empirical methods).
The current push for ID is a power grab. The backlash is another power grab. The problem we're facing with these issues is not with differing (not even "competing") ideas about how the world works, but rather that people with different ideas will start culture wars and attempt to grab power.
I think negative propositions such as that tend to fall apart upon close examination unless you have a really, really inclusive definition of "religion," such as one that would include the prevailing rational, secular mindset of our time as taught in the public schools...the reason being, when you ask "Well, WHO created this 'religion' thing?" (society) or "How is it spread?" (indoctrination) or "How exactly does it enable people to be controlled?" (by inculcating belief systems) you start to find all kinds of parallels with the dominant social mindset. That is, there is no case where you can say something about religion that you can't say about supposedly non-religious social structures.
With a wide enough definition of "religion," public schools become religious institutions where students are indoctrinated for 12+ years into a certain model of seeing and thinking about the world. If your definition is really narrow, on the other hand, then you're just arbitrarily persecuting religions. The word for that is "bigotry."
Now, if you're just making the argument that our society isn't any more advanced than so-called "primitive" ones, or that the public school system is full of fraud, well, there's plenty of evidence for that:)
If I'm a rich bastard with a plantation, and I'm depending on the slave labor to make money, then under what circumstances is freeing my slaves ok?
Caveats:
1. Yes, I know slaves are often mistreated.
2. Yes, I know that many slaves already have a life that's much better than some freed slaves.
3. Yes, I know that society as a whole would prosper if these slaves were able to become a equal member of our society rather than a subjugated class.
But the fact remains that this is the system we have in place. It needs changed but it's not changed yet.
Back in reality land, the purpose of sweeping legal changes like this is TO CHANGE THE SYSTEM. You don't wait for the system to change, then change the laws, that's ridiculous. You change the laws, and the system changes to fit. One might even say that the system is simply the actual implementation of the laws, and nothing more. Much in the same way that falling is simply the implementation of gravity. They are the same damn thing.
I disagree entirely with your analogy.
First off, you have to prove that the current system of media recording & distribution is inherently immoral. It is inefficient and the artists get dicked--nobody is arguing those points. But how exactly does not paying for the music at all benefit the artist? And before you come back with "Well, lots of people get the MP3s and buy the albums," please have some hard numbers to back that up.
I'd be willing to allow your logic in the case of essentials (food, life-saving medicines, etc.) but in a world where people starve to death every day, it's hard to see the latest Sigur Ros album as anything but a luxury.
Second, the law of gravity, like all physical laws, is inescapable. It's impossible to change. By your own example, copyright law is mutable--you change it by lobbying, not by ignoring it. So this comparison itself fails utterly.
So it looks like I'm still waiting for a cogent answer...I appreciat the effort in any case.
Fair enough...but do me one favor and define "Previously distributed."
If I'm a musician with a CD out, and I'm depending on the royalty money to pay my bills, then under what circumstances is pirating my work ok?
Caveats: 1. Yes, I know artists get fuck-all from the recording companies compared to how much their work actually generates. 2. Yes, I know that a lot of artists subsist entirely on performance money. 3. Yes, I know that the RIAA/MPAA could be making a killing if they would join the 90s and use the interwebs to distribute their wares.
But the fact remains that this is the system we have in place. It needs changed but it's not changed yet.
So what about "Information the author has ceded to a large entity for distribution and promotion?" How do you handle that?
I dunno. The first thing I imagined when I read their plank was this conversation:
Pirate/Politician: "All information wants to be free, so we're against intellectual property laws." Voter: "But what about my personal information? I don't want anyone using it for any purpose they see fit..." Pirateician: "Er...ok, all information wants to be free, except for your personal information." Voter: "..."
Yes, they need to by physically located on the same network as you.
Only thing is, the physical layer here is a broadcast medium. Any receiver within range of your transmission is already physically inside your network, while the access controls you have in place (encryption, for example) keep them logically outside the network.
Unfortunately wireless security is trivial to break, especially if someone monitors the initial connection between you and your router (but this is still not necessary). So unless your machines are always gone or off, it is possible for someone to defeat all the access controls and use the router.
Alternately, yes, someone could schwack your router. Unless you have yet to change the default login & password, then this is less likely that someone (e.g.) simply breaking your encryption.
I dunno. I think you're assuming what you're trying to prove and that the criticism was valid. Just because information about a vulnerability is more available than drugs, it doesn't follow that it's not illegal to sell that information.
Incidentally I'm not aware of any law, either, that would prohibit their sale. I'm only commenting on the previous post.
...because his basic argument is that everything is a commodity, and all commodities can and should be bought and sold, case closed. The replying poster was pointing out that the assumptions of the argument were not valid in some cases (drugs), therefore the conclusions were also not universally valid.
It's called logic. Your library has books on the topic.
But it looks as if Locke's underlying assumption was that "physical property" (ie a sandwich) is the same as "my life," which is not apparent. One I will give up without too much fuss, the other, not.
Origianlly the Declaration of Independence said "Life, Liberty and the ownership of property"
Yes, I'm aware of that--after reading the above post, I was wondering if it was changed because private ownership of property was not a "self-evident" natural right (e.g. part and parcel of the human condition).
So far as I can tell, private ownership is a right which is contingent upon other wants (I'm pretty sure that it is necessary for a working society, for example) which in turn allow us to pursue/express/enjoy our inalienable rights. It is still a right that I recognize, but I don't think it's a "natural" right any more than "living in a society" is a natural right. It is still however a Good Thing to have around.
One such right is the right to private property, closed to others' prying eyes or presence.
To me, this doesn't seem as "self-evident" as the other rights (Life, Liberty, freedom to pursue happiness, etc.) in the D of C. But it does seem to make sense as a possible necessary qualification to achieve the other three: I could live, be free, and try to be happy without owning anything, but it might be exceedingly difficult.
You may or may not be suprised to learn that ACTUAL conservatives (cf. Chronicles, Culture Wars) have spoken out against TMAP, specifically citing "1984."
Either way, all I have to say is...I am NOT a consumer, I am a CITIZEN...
Ask any fundie if the Bible is the sole authority on matters spiritual and temporal, and they'll say, why, of course it is.
Then ask them to find the chapter & verse IN the Bible where it says that.
Problem is, it doesn't. It is a TRADITION that is passed down. So they give authority to tradition as well as scripture, while claiming to only trust scripture.
But, good luck trying to get the/. crowd (engineers, ITs) to understand complex (biological) systems (nontraditional thermodynamics, emergent complexity, etc.)!
A diamond-bladed lawnmower has practical application. It has to be more cost effective than current alternatives
No argument here. But doesn't this seem like an area where someone needed to cut some really tough grass, and then realized that only a diamond-bladed lawnmower would do the trick? Here comes the $1b prototype, and next year the cost is down to $100 because someone responded to the demand for a cost-effective solution and came up with cheap diamonds.
All I'm saying is, yes, it is less cost-effective, but I think typically making it cheaper is a secondary innovation following inventing the thing in the first place (I can imagine exceptions to this too).
Yes, in a libel case, the burden of proof lies with the person making the assertions. But as I pointed out, you can't disprove any of these statements. So the person making them would make their case, and you couldn't disprove it.
Ok, I understand then how a libel case wouldn't work precisely because the defendant could merely say that this was his opinion...but I don't understand that paragraph above...why would it then come to you having to disprove the statements, ever?
Next question, is it possible to suffer damage due to someone's unsubstantiated opinion? Like if I make a website about how much I hate someone, and other people actually pick up on that and then that person has a tough time getting a job or something...can he still sue me for libel in that case?
Hmm. So, where do we put the burden of proof? Does the person making the accusation have to PROVE that he is telling the truth, or do we go the other way and expect the people being defamed to PROVE that the accusations are false?
I should think that the burden of proof should be on the person making the assertions, personally.
In this case, you're right that some of the terms ("character flaws") are open to interpretation. But paranoid? That has a clinical definition, doesn't it? And if you want to say someone's leadership has failed, then you ought to be able to provide specific examples where and how you think a better leader could have done better.
Of course, you can't do any of this investigation if the accuser is merely firing broadsides and then retreating into the digital night. That is people's favorite tactic on the internet...say something inflammatory, and then run away. Of course people have a right to do so, but then what they say is just so much noise to be filtered out...
It's a lot easier for me to remember "It was the best of times, it was the worst of times" or "Iwtbot,iwtwot" than some "strong" password (say, 10 characters, case-sensitive, with special characters and numbers thrown in).
Although we'd still have to deal with most of my co-workers using "Git r dun!" as a passphrase...le sigh.
because that sorta crap doesn't exist in real navies.
Actually, that is pretty much how it works in, at least, the US Navy: New junior officers spend about a year to 18 months learning everything about the ship, from the engineering plant to CIC to the supply train. Then you take a board and you get qualified Officer of the Deck. It's not something you can really go to school for. You're also forgetting what different learning techniques they could have onhand, or what prior experience she could already have. Also the fact that Marina Sirtis was (is?) pretty hot probably helped to grease the skids quite a bit, so to speak.
Slashdot Mirror
These are all true. But let me present to you some analogies between digital and physical security.
Let's say you're a private investigator (incident handler) who is called into to investigate a crime scene at a warehouse (or, mitigate a security incident). Your clients believe someone broke in and stole several items.
You get there and you ask what was stolen. Nobody is sure, because nobody has kept an accurate inventory of items in the warehouse.
So, you walk around and you're trying to figure out where the theif got in. You ask for a blueprint of the warehouse. But they haven't got that, either. So you spend a day making a rough thumbnail sketch of the building. Finally you get a pretty good idea of some ways the guy could have gotten in when you find a broken window (security hole).
"Oh yeah," the groundskeeper tells you. "I've been meaning to fix that for years. Just never got around to it. And I figured if I did, then it would keep that nice breeze from flowing through here (ie, the patch would break an app and the sysadmin didn't spend any time looking for fixes or workarounds).
Then one of the workers at the warehouse tells you "Y'know, there were some guys in here with a truck, loading up a whole bunch of items, maybe that they were the thieves."
"They just drove in through the front door, took a bunch of stuff, and left?" you ask.
"Well yeah, people come in here and unload and load stuff all the time. How was I supposed to know it wasn't authorized?"
"Because it happened at two in the morning, when the warehouse was closed..."
(ie, the local guys don't know their own network, or what traffic is "normal," so they can't do any misuse detection).
This is the situation I have to put up with all the time. Security is so much easier when you can keep track of your network assets and when you have an idea of what is "normal" for your network. The things is, there are simple techniques for keeping track of this stuff--SysInternals has some good free products for inventory, for instance.
So definately, more training is necessary. Having a "security mindset" doesn't mean being paranoid, but it does mean being concerned with more than just "Does the boss get his e-mail? Ok, it's Miller Time!"
The vast majority of IT type with whom I work are completely, gloriously incompetent when it comes to security.
I'm not talking about patch management and implementing the SORBS list and having a firewall and so forth. I see the whole gamut when it comes those guys.
What I never see is any kind of inventory system in place so they can say, hey, we have three thousand known MAC addresses that should be allowed on our network--what's that NEW device?
Or, "I know the operating system, patch level, loadout, and purpose of every workstation and server in this IP range, with up-to-date maps." During 99 times out of the last 100 on-site mitigation efforts in the past year, when I asked the local IT guys "Ok, where is this hacked box?" They COULD NOT TELL ME. It took them DAYS to track that shit down. DAYS. Of course, because they are incompetent, they try to stab me in the back by slamming our 24-hour support: "It took them four days to clean up the incident." "Yeah, but three days was you trying to find the box in a building with less than 100 nodes..."
I would settle for guys who knew how to use grep, who knew where the firewall logs were stored, who bought all the expensive Cisco gear and then--GASP--actually took advantage of netflow, or who even knew the IP ranges their organization had allocated to them. I have yet to find any of these among the teeming millions of dickheads with MCSEs and CCNA certifications.
Until IT stops being something you do with a GED, there will always be security problems, and I will always have a well-paying job.
I dunno...I think you could look at OS statistics on high-traffic websites and make a SWAG as to the actual representation. That's what nonparametric tests are for.
Also I think time between discovery and mitigation would be another interesting datum.
Now, if the ID advocates had their way, we would have just said, "Hey, God makes bees fly. Since I already know the real reason, there's no real reason to keep studying it."
Maybe that describes some proponents. But consider this. As a religious person I take ID as an article of faith ("God made the bees and endowed them with the ability to fly.") As a scientist I also believe that every observable phenomenon probably behaves according to certain rules ("The bees fly according to some principle X.") One proposition has nothing to do with the other.
What never ceases to amaze me is that supposedly rational people will make the same mistakes of which they accuse the proponents of ID. While ID errs in claiming it is a science, scientists often elevate empiricism to the place formerly occupied by the Almighty, any time they suggest that anything which cannot be observed and tested must necessarily not exist (hint: empiricism cannot be proven true by empirical methods).
The current push for ID is a power grab. The backlash is another power grab. The problem we're facing with these issues is not with differing (not even "competing") ideas about how the world works, but rather that people with different ideas will start culture wars and attempt to grab power.
I think negative propositions such as that tend to fall apart upon close examination unless you have a really, really inclusive definition of "religion," such as one that would include the prevailing rational, secular mindset of our time as taught in the public schools...the reason being, when you ask "Well, WHO created this 'religion' thing?" (society) or "How is it spread?" (indoctrination) or "How exactly does it enable people to be controlled?" (by inculcating belief systems) you start to find all kinds of parallels with the dominant social mindset. That is, there is no case where you can say something about religion that you can't say about supposedly non-religious social structures.
:)
With a wide enough definition of "religion," public schools become religious institutions where students are indoctrinated for 12+ years into a certain model of seeing and thinking about the world. If your definition is really narrow, on the other hand, then you're just arbitrarily persecuting religions. The word for that is "bigotry."
Now, if you're just making the argument that our society isn't any more advanced than so-called "primitive" ones, or that the public school system is full of fraud, well, there's plenty of evidence for that
If I'm a rich bastard with a plantation, and I'm depending on the slave labor to make money, then under what circumstances is freeing my slaves ok? Caveats: 1. Yes, I know slaves are often mistreated. 2. Yes, I know that many slaves already have a life that's much better than some freed slaves. 3. Yes, I know that society as a whole would prosper if these slaves were able to become a equal member of our society rather than a subjugated class. But the fact remains that this is the system we have in place. It needs changed but it's not changed yet. Back in reality land, the purpose of sweeping legal changes like this is TO CHANGE THE SYSTEM. You don't wait for the system to change, then change the laws, that's ridiculous. You change the laws, and the system changes to fit. One might even say that the system is simply the actual implementation of the laws, and nothing more. Much in the same way that falling is simply the implementation of gravity. They are the same damn thing. I disagree entirely with your analogy. First off, you have to prove that the current system of media recording & distribution is inherently immoral. It is inefficient and the artists get dicked--nobody is arguing those points. But how exactly does not paying for the music at all benefit the artist? And before you come back with "Well, lots of people get the MP3s and buy the albums," please have some hard numbers to back that up. I'd be willing to allow your logic in the case of essentials (food, life-saving medicines, etc.) but in a world where people starve to death every day, it's hard to see the latest Sigur Ros album as anything but a luxury. Second, the law of gravity, like all physical laws, is inescapable. It's impossible to change. By your own example, copyright law is mutable--you change it by lobbying, not by ignoring it. So this comparison itself fails utterly. So it looks like I'm still waiting for a cogent answer...I appreciat the effort in any case.
Fair enough...but do me one favor and define "Previously distributed."
If I'm a musician with a CD out, and I'm depending on the royalty money to pay my bills, then under what circumstances is pirating my work ok?
Caveats:
1. Yes, I know artists get fuck-all from the recording companies compared to how much their work actually generates.
2. Yes, I know that a lot of artists subsist entirely on performance money.
3. Yes, I know that the RIAA/MPAA could be making a killing if they would join the 90s and use the interwebs to distribute their wares.
But the fact remains that this is the system we have in place. It needs changed but it's not changed yet.
So what about "Information the author has ceded to a large entity for distribution and promotion?" How do you handle that?
I dunno. The first thing I imagined when I read their plank was this conversation:
Pirate/Politician: "All information wants to be free, so we're against intellectual property laws."
Voter: "But what about my personal information? I don't want anyone using it for any purpose they see fit..."
Pirateician: "Er...ok, all information wants to be free, except for your personal information."
Voter: "..."
Yes, they need to by physically located on the same network as you.
Only thing is, the physical layer here is a broadcast medium. Any receiver within range of your transmission is already physically inside your network, while the access controls you have in place (encryption, for example) keep them logically outside the network.
Unfortunately wireless security is trivial to break, especially if someone monitors the initial connection between you and your router (but this is still not necessary). So unless your machines are always gone or off, it is possible for someone to defeat all the access controls and use the router.
Alternately, yes, someone could schwack your router. Unless you have yet to change the default login & password, then this is less likely that someone (e.g.) simply breaking your encryption.
If this is really a concern for you, check out the SANS Reading Room wireless section at http://www.sans.org/rr/whitepapers/wireless/.
Yes. But we're talking MAC address "inside" the wireless LAN. That is, between your laptop on the couch and the wireless router in your office.
I dunno. I think you're assuming what you're trying to prove and that the criticism was valid. Just because information about a vulnerability is more available than drugs, it doesn't follow that it's not illegal to sell that information. Incidentally I'm not aware of any law, either, that would prohibit their sale. I'm only commenting on the previous post.
...because his basic argument is that everything is a commodity, and all commodities can and should be bought and sold, case closed. The replying poster was pointing out that the assumptions of the argument were not valid in some cases (drugs), therefore the conclusions were also not universally valid.
It's called logic. Your library has books on the topic.
Thanks for the link.
But it looks as if Locke's underlying assumption was that "physical property" (ie a sandwich) is the same as "my life," which is not apparent. One I will give up without too much fuss, the other, not.
Origianlly the Declaration of Independence said "Life, Liberty and the ownership of property"
Yes, I'm aware of that--after reading the above post, I was wondering if it was changed because private ownership of property was not a "self-evident" natural right (e.g. part and parcel of the human condition).
So far as I can tell, private ownership is a right which is contingent upon other wants (I'm pretty sure that it is necessary for a working society, for example) which in turn allow us to pursue/express/enjoy our inalienable rights. It is still a right that I recognize, but I don't think it's a "natural" right any more than "living in a society" is a natural right. It is still however a Good Thing to have around.
I am with you on almost everything except this:
One such right is the right to private property, closed to others' prying eyes or presence.
To me, this doesn't seem as "self-evident" as the other rights (Life, Liberty, freedom to pursue happiness, etc.) in the D of C. But it does seem to make sense as a possible necessary qualification to achieve the other three: I could live, be free, and try to be happy without owning anything, but it might be exceedingly difficult.
Just sayin'.
(Also, "irregardless" is not a word)
You may or may not be suprised to learn that ACTUAL conservatives (cf. Chronicles, Culture Wars) have spoken out against TMAP, specifically citing "1984."
Either way, all I have to say is...I am NOT a consumer, I am a CITIZEN...
This is actually a really telling point.
Ask any fundie if the Bible is the sole authority on matters spiritual and temporal, and they'll say, why, of course it is.
Then ask them to find the chapter & verse IN the Bible where it says that.
Problem is, it doesn't. It is a TRADITION that is passed down. So they give authority to tradition as well as scripture, while claiming to only trust scripture.
Excellent criticism!
/. crowd (engineers, ITs) to understand complex (biological) systems (nontraditional thermodynamics, emergent complexity, etc.)!
But, good luck trying to get the
"But you fuck one goat..."
All I'm saying is, yes, it is less cost-effective, but I think typically making it cheaper is a secondary innovation following inventing the thing in the first place (I can imagine exceptions to this too).
Next question, is it possible to suffer damage due to someone's unsubstantiated opinion? Like if I make a website about how much I hate someone, and other people actually pick up on that and then that person has a tough time getting a job or something...can he still sue me for libel in that case?
Hmm. So, where do we put the burden of proof? Does the person making the accusation have to PROVE that he is telling the truth, or do we go the other way and expect the people being defamed to PROVE that the accusations are false?
I should think that the burden of proof should be on the person making the assertions, personally.
In this case, you're right that some of the terms ("character flaws") are open to interpretation. But paranoid? That has a clinical definition, doesn't it? And if you want to say someone's leadership has failed, then you ought to be able to provide specific examples where and how you think a better leader could have done better.
Of course, you can't do any of this investigation if the accuser is merely firing broadsides and then retreating into the digital night. That is people's favorite tactic on the internet...say something inflammatory, and then run away. Of course people have a right to do so, but then what they say is just so much noise to be filtered out...
It's a lot easier for me to remember "It was the best of times, it was the worst of times" or "Iwtbot,iwtwot" than some "strong" password (say, 10 characters, case-sensitive, with special characters and numbers thrown in).
Although we'd still have to deal with most of my co-workers using "Git r dun!" as a passphrase...le sigh.
because that sorta crap doesn't exist in real navies.
Actually, that is pretty much how it works in, at least, the US Navy: New junior officers spend about a year to 18 months learning everything about the ship, from the engineering plant to CIC to the supply train. Then you take a board and you get qualified Officer of the Deck. It's not something you can really go to school for. You're also forgetting what different learning techniques they could have onhand, or what prior experience she could already have. Also the fact that Marina Sirtis was (is?) pretty hot probably helped to grease the skids quite a bit, so to speak.
Who do you think is digging all these ditches? Mexicans, that's who!