As someone who has just spent the better part of a day trying to convince a large multi-national organisation (no prizes for guessing where) that security is not "release fast, and release often, and wonder when than might bite one in the ass" I've seen this time and time again.
Corporates/Government just don't really get the security angle. They have been really lucky up till now with the 'you'll never work in this industry again' ruse.
And how many of us fall for that.
Heres an example:
We've developed (not me, but someone in our department) a document management tool. They have been telling everyone that this tool is ultra secure - in emails, in internal product literature. This is the beef with our current boss.
So why are we having to explicity say we think that 'the application is insecure?'. We have multiple people who have access to everything on the machine, where does that take the security? (Basically, our machine is accessed by everyone who has priviledges to code on the public site - normal stuff?')
Well, from their point of view it takes the machine into 'never-never-land' - we have to expect that IP spoofing might occur, and that maybe what we have done just gives the 'level of access neccesary'.
I'm sorry, but this just smacks of being unprofessional. Where are the 'security-audits' where are the 'attempted attacks'?
The projects we are protecting here are something that potentially has billions of (something) profit?
And they want us to give a thumbs up to 'good enough'?
I mean come one, we can play the 'good enough' game until the cows come home.
Huge organisations, its about 'do what you can, we'll deal with the enron when it happens'.
Zero knowledge, zero accountabilty, And the techies get it in the head.
Ok. I'm done.
P.S. These opinions reflect nothing. Its total hot air, and quite frankly, none of it makes sense, and actually, none of it is true. None of it.
Heres the skinny on making it time-consuming to scrape:
* Do certain number of results per page (I see your already doing this). * Have a maximum number of results per IP per time period - make it so it takes 5 years for a particular IP to download your entire DB. * Implement an offline open proxy checker against incoming IP addresses. If you get an access from an open proxy - block it.
This last one is the killer - you need to make sure that someone scraping your site can't just back up and swap proxies on you.
Unfortunately, the DB_ID redirect thing you are using doesn't really make it anymore difficult for someone to scrape, but it does get rid of the 'drive-by-scrapings'.
Do you know, I keep telling myself to stop reading this piss-poor site, go out with my friends, get slaughtered, go bowling. Take up a social hobby like learning a language at night classes.
Be more productive with the little time I have been given on the planet.
And then I read a comment like the parents and I realise I'll never do that whilst we have SAGYDUYA trolls.
that springs to mind right now is: Its not the Indians who are doing the jobs for less you should worry about, its the government who allows this brain drain to occur. Regardless of what you thunk about the CTOs or the management of the 'real world' right now, they are only taking advantage of what they are being offered.
Lets make it plain and simple for those that can't read or wright:
Cheaper labor, and easier 'responsibility pointy over there thingy' culture.
This will bite them in the ass, and this generation of CEO/CTO will die along with the management articles they read. I'm from the UK and I've been living in mainland Europe for about five years, and over here you don't really see (doesn't mean it isn't happening, just its not so in your face) the mass out-sourcing the US is currently facing. I have to ask - what is it that makes the US so ripe for exploitation like this? Overinflated salaries for information technology workers?
I don't have a fantastic income, I work hard, and we don't oversell products just because we know 'dave' who I used to work with who now works in sales, and could do with the hit.
Sorry guys, but we kinda brought this on ourselves by flooding the knowledge pool within the subject, and making that knowledge easily transferable.
And you know what? I love it. Because its about time we kicked the 'landed in IT with a philosophy degree' people out, and brought it back to the people in IT who think that 'just for fun, I re-blew the ROMS on my wireless access point, so that my new custom WAP in the CAR can upload its performance data when I get home'.
I mean, our subject is SO overloading with marketing and crap. Just once, I want to see:
They claim that the product is able to 'scan data quickly... uses hardware, not software to scan quickly...'.
This product seems entirely built upon PHB fear of technology - its a rack mounted unit that scans network traffic looking for rogue packets/signatures. So to do this effectively, you'd need one of these devices in place _for every router, firewall and computer to computer connection_ - along with some way to travel into the future to obtain the signatures of the all the viruses of the future.
I just don't see how this is securing a network against viruses and worms. The best thing corporates can do (who I guess this particular piece of IT jewelry is aimed at), is lock down the desktop as far as they can go, and have a sensible patch system in place to roll out automagically.
I mean, when "Travelling Salesman Dixie" brings his laptop back from the wild of the Sales Conference and plugs it in, do they honestly think that having it in hardware, rather than software, will cover their asses?
Full marks for receiving funding though. I'm probably just bitchy cos I didn't think of it.
Hahahahaha thanks man I really needed a good laugh:
"the pepper shaker 20 will announce his/her intended use of what will be articulated as a "pooper shaker," to the delight of those at the dinner table 44"... "individually and collectively, designated 52, descending from the hindquarter exit openings 26 onto a food serving 54 beneath the shaker 20"
O whoop de bleedin doo. Will this file selector allow me as an application to have its own 'preferred last selected files/directories' or will this be the normal straight clone.
Genuine question, sarcastically put.
How do you equate your blatant move from france to germany? Much as the internet poplulation loves to brood on the second world war, one must at some point just point the finger at asia, I mean, come on, we got the bukake videos, we got the wierd fetish stuff, but this just plain comes down to how much we all love good old 2 women and a horse stuff.
Long live the internet.
I reply in essence to the manner in which you posted your 'first bukake' extreme velocity post.
Whilst your post did indeed exceed the speed limit for the submit perl script (over 25000 characters per second), unfortunately, your post failed to exceed the 'humanity gives a shit' threshold (2.5 shits per 1000 popul), therefore, your post was rejected.
Slashdot Mirror
As someone who has just spent the better part of a day trying to convince a large multi-national organisation (no prizes for guessing where) that security is not "release fast, and release often, and wonder when than might bite one in the ass" I've seen this time and time again.
Corporates/Government just don't really get the security angle. They have been really lucky up till now with the 'you'll never work in this industry again' ruse.
And how many of us fall for that.
Heres an example:
We've developed (not me, but someone in our department) a document management tool. They have been telling everyone that this tool is ultra secure - in emails, in internal product literature. This is the beef with our current boss.
So why are we having to explicity say we think that 'the application is insecure?'. We have multiple people who have access to everything on the machine, where does that take the security? (Basically, our machine is accessed by everyone who has priviledges to code on the public site - normal stuff?')
Well, from their point of view it takes the machine into 'never-never-land' - we have to expect that IP spoofing might occur, and that maybe what we have done just gives the 'level of access neccesary'.
I'm sorry, but this just smacks of being unprofessional. Where are the 'security-audits' where are the 'attempted attacks'?
The projects we are protecting here are something that potentially has billions of (something) profit?
And they want us to give a thumbs up to 'good enough'?
I mean come one, we can play the 'good enough' game until the cows come home.
Huge organisations, its about 'do what you can, we'll deal with the enron when it happens'.
Zero knowledge, zero accountabilty, And the techies get it in the head.
Ok. I'm done.
P.S. These opinions reflect nothing. Its total hot air, and quite frankly, none of it makes sense, and actually, none of it is true. None of it.
Heres the skinny on making it time-consuming to scrape:
* Do certain number of results per page (I see your already doing this).
* Have a maximum number of results per IP per time period - make it so it takes 5 years for a particular IP to download your entire DB.
* Implement an offline open proxy checker against incoming IP addresses. If you get an access from an open proxy - block it.
This last one is the killer - you need to make sure that someone scraping your site can't just back up and swap proxies on you.
Unfortunately, the DB_ID redirect thing you are using doesn't really make it anymore difficult for someone to scrape, but it does get rid of the 'drive-by-scrapings'.
HTH
This one goes out for all the logged in fp'ers.
AC's, get back under your rocks.
Free Lollipops!
O, go on. For me.
Do you know, I keep telling myself to stop reading this piss-poor site, go out with my friends, get slaughtered, go bowling. Take up a social hobby like learning a language at night classes.
Be more productive with the little time I have been given on the planet.
And then I read a comment like the parents and I realise I'll never do that whilst we have SAGYDUYA trolls.
that springs to mind right now is:
Its not the Indians who are doing the jobs for less you should worry about, its the government who allows this brain drain to occur. Regardless of what you thunk about the CTOs or the management of the 'real world' right now, they are only taking advantage of what they are being offered.
Lets make it plain and simple for those that can't read or wright:
Cheaper labor, and easier 'responsibility pointy over there thingy' culture.
This will bite them in the ass, and this generation of CEO/CTO will die along with the management articles they read. I'm from the UK and I've been living in mainland Europe for about five years, and over here you don't really see (doesn't mean it isn't happening, just its not so in your face) the mass out-sourcing the US is currently facing. I have to ask - what is it that makes the US so ripe for exploitation like this? Overinflated salaries for information technology workers?
I don't have a fantastic income, I work hard, and we don't oversell products just because we know 'dave' who I used to work with who now works in sales, and could do with the hit.
Sorry guys, but we kinda brought this on ourselves by flooding the knowledge pool within the subject, and making that knowledge easily transferable.
And you know what? I love it. Because its about time we kicked the 'landed in IT with a philosophy degree' people out, and brought it back to the people in IT who think that 'just for fun, I re-blew the ROMS on my wireless access point, so that my new custom WAP in the CAR can upload its performance data when I get home'.
I mean, our subject is SO overloading with marketing and crap. Just once, I want to see:
" Here comes the science bit..... "
Thanks man, that was great shit right there. I look forward to seeing your movie.
> I wish there was a way for me, as a Devil
> Worshiper
Too embarrassed to admit you work for Microsoft eh?
I think fedora core1 uses a custom redhat kernel version that includes the nptl (new threading, which includes thread local storage) patches and code.
> uname -a
Linux officebitch 2.4.22-1.114.nptl #1 Wed Oct 29 15:31:21 EST 2003 i686 athlon i386 GNU/Linux
Using vanilla probably breaks anything that is expecting this functionality from the kernel.
You'll have to wait for an official one from redhat, or patch it in yourself at a guess.
They claim that the product is able to 'scan data quickly ... uses hardware, not software to scan quickly ...'.
This product seems entirely built upon PHB fear of technology - its a rack mounted unit that scans network traffic looking for rogue packets/signatures. So to do this effectively, you'd need one of these devices in place _for every router, firewall and computer to computer connection_ - along with some way to travel into the future to obtain the signatures of the all the viruses of the future.
I just don't see how this is securing a network against viruses and worms. The best thing corporates can do (who I guess this particular piece of IT jewelry is aimed at), is lock down the desktop as far as they can go, and have a sensible patch system in place to roll out automagically.
I mean, when "Travelling Salesman Dixie" brings his laptop back from the wild of the Sales Conference and plugs it in, do they honestly think that having it in hardware, rather than software, will cover their asses?
Full marks for receiving funding though. I'm probably just bitchy cos I didn't think of it.
Hehehe. Maybe SCO should look a little closer at the use of Linux (particularly SUSE Linux) within Deutsche Bank.
They could be the first licensee.
Hahahahaha thanks man I really needed a good laugh:
... "individually and collectively, designated 52, descending from the hindquarter exit openings 26 onto a food serving 54 beneath the shaker 20"
"the pepper shaker 20 will announce his/her intended use of what will be articulated as a "pooper shaker," to the delight of those at the dinner table 44"
Maynard,
I'm suprised to find I actually do agree with something you've said.
But you're still a tosser.
Yes but what about windows Me
M = Roman numeral 1000
e = 2.71828
1000 X 2.71828 = 2718.28
Thus confirming that Windows ME is a better operating system than windows 2000.
Of course, we then must examine windows XP in this new light where
X = Romal numeral 10
P = pi 3.1415926
Therefore, windows XP = 31.4159 making windows XP only a factor of ten better than windows 3.11.
Isn't math powerful.
So you got busted for that SSH tunnel through the UNI firewall then huh?
My god!
Its built on logo!
(* dramatic music, and scene passing through stars and hyper-universe bridge *)
Surely the best hoax ever perpetrated is the ongoing lies that parents tell to most (western) children - Santa Claus (father christmas/St Nik etc).
This one is probably the longest running one that has sucked up the greatest number of gullible people falling for it.
And don't get me started about the tooth fairy.
I think you need to expand on the shelf concept. That shows most promise.
O, and you have diarrhea, real bad.
O whoop de bleedin doo. Will this file selector allow me as an application to have its own 'preferred last selected files/directories' or will this be the normal straight clone. Genuine question, sarcastically put.
How do you equate your blatant move from france to germany? Much as the internet poplulation loves to brood on the second world war, one must at some point just point the finger at asia, I mean, come on, we got the bukake videos, we got the wierd fetish stuff, but this just plain comes down to how much we all love good old 2 women and a horse stuff. Long live the internet.
I reply in essence to the manner in which you posted your 'first bukake' extreme velocity post.
Whilst your post did indeed exceed the speed limit for the submit perl script (over 25000 characters per second), unfortunately, your post failed to exceed the 'humanity gives a shit' threshold (2.5 shits per 1000 popul), therefore, your post was rejected.
Sorry,
Slashdot
About the only insightfull comment on this thread.
Hahahahah now if this isn't a case of OFFTOPIC I don't know what is.
The topic was 'Is Redhat the Microsoft of Linux'.
Anyone else see where Qt came up?