Wow, dude. I don't think cbreaker is the one missing the point here.
FOSS doesn't mean that the developer becomes your slave Has anyone ever called you at 2am waking up you and your kids demanding that you add some feature? Have you ever been pulled off the street into a darkened limo where someone demanded that you fix a bug in FOSS? If not, then how are you a slave? Because some anonymous asshat told you that you suck because there's some bug in the code? You need to get thicker skin. There will always be demanding assholes out there. Ignore them. It sounds to me like you've let them have a little too much power over you.
This is one of the reasons why FOSS will not replace all closed source software. Too many freeloaders. For the sake of argument, let's say I'm a sysadmin that can't write code. I am considerate, intelligent and competent. I can write the scripts I need to administer my systems, but I'm not a programmer. I don't want to be a freeloader, so I guess I'll have to take down that box I just built using FreeNAS. And all those people in my office who I just talked into switching to OpenOffice? They can't write code, either. Guess it's back to MS Office. The sales team has been using SugarCRM, so they'll have to switch to Microsoft CRM. And we'll have to kill the Openfire server, too. And our Apache server. I hate IIS, but I don't want to be a freeloader.
Is this the model where FOSS is supposed to overtake closed source software?
We need to adopt a friendlier attitude towards users. Yes, there are inconsiderate jerks out there who demand that we fix all the bugs in GIMP so they can use it for their overdue school project. They want you to change GNOME right now because their Grandma has bad eyesight and can't read the menus. Some jerk from Oregon just posted a really nasty message on the support forum because he was using Pidgin on his machine and now it won't boot!
We need to get over ourselves and tolerate these people. Yes, it's inconvenient. Yes, we feel like we're being taken advantage of. Guess what. If we don't embrace them, Microsoft and Adobe and Symantec will. Most companies will gladly eat a shit sandwich as long as they're getting $500 our of the deal. I'm not saying that we need to encourage them to be douchebags. I'm not saying that we need to help them when they're being rude. But we at least need to tolerate them. If we keep up with this "down with the freeloaders" attitude, we're going to find FOSS getting crushed by the competition.
The success of FOSS depends on the freeloaders. Without them, we're just writing for other programmers, and there aren't enough of them out there to make any software successful.
The reason they don't/shouldn't do this is simple. The vote is secret by design for one reason. You can't be forced/coerced into voting a certain way. On one hand, my labor union could require that I show them my voter stub so they can verify I didn't vote Republican. It's unjust, but who ever accused labor unions of being just. More importantly, and more likely, this sets up the ability to buy votes directly. Right now, one of Romney's henchmen could pay me $50 to vote for Romney, after which I could go in and punch the button for McCain. There is no way for me to sell my vote. Under your proposed system, I trade my stub for cash, and they could actually verify that I voted for who I say I did.
I have a few of those super strong neodymium magnets This is a great temporary solution, but your license, by law, still has a unique number on it. If people accept having their licenses scanned now, it's only a matter of time before they start enforcing manual entry of non-scannable cards.
I once worked at a place with full control of the back-end network and software for both Visa and MasterCard's network. We didn't have the ability to manipulate the data in any way, but we could have shut it down entirely. Imagine the damage a disgruntled employee could do if the attack was timed just right.
Record company quote from TFA.
There's no one in the record company that's a technologist.... It's like if you were suddenly asked to operate on your dog to remove his kidney. What would you do? I'd probably hire a veterinarian.
Seriously, they couldn't afford some "technologist" consultants? My high school band director (who probably makes less in one year than the average record exec makes in a week) was telling us about digital downloads in 1992. We all thought he was nuts. I mean, it would take days to download a single WAV file from a BBS at 14.4k...
It'll be just like when, in the 1960's, most young people had a laid-back attitude towards drug use, which was illegal at the time. Now, 40 years later, those people are in power, and drug use is perfectly... uh... oh... wait. Never mind.
...whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it... Stay right where you are, terrorist. Someone will be by to pick you up shortly.
I recently bought a spectrum analyzer for a WiFi project I'm working on. I think that most people would be really surprised at what interference is out there. Here's an interesting experiment:
Next time you're transferring a large file (LAN transfer, not an Internet download. Those aren't fast enough to notice anything.) look at the file transfer speed while you're microwaving a cup of water. (Assuming that the AP is within 30 feet or so of the microwave.) It crushes the transfer speed. Microwaves generate a crapload of interference.
I think it's an unfortunate sentiment among some Linux users that all Windows users are greedy idiots. Yes, there are many greedy idiots out there, nobody will deny that. I'll even admit that a majority of them are Windows users. But that's where Microsoft has figured out something that many in the Linux community still haven't. They cater to those people. Why do you think they put such annoying and ridiculous copy protection on their software? Because they know their target audience well.
I'm not a Microsoft lover by a longshot, but if Linux, and OSS in general, ever want to make inroads against Microsoft, they need to learn to at least be tolerant, if not embrace, those people. Yes, there still needs to be a committed, community based group of people to make up the backbone of the Open-Source community, but essentially the GP post said "I don't want to make software that appeals to the general public because they don't appreciate it." Well, apparently Microsoft has figured out that if you make software easy enough and polished enough for the general public to use, they'll appreciate it at least enough to fork over $500 for it.
Yes, being a member of the OSS community is thankless. Over the last two weeks, I was trying to configure an OSS package for a specific task. I posted several humble, intelligent, reasonable, well-researched questions on the forums and IRC channel, and got exactly ZERO responses from anyone. After about 40 hours of researching it on my own (which would have taken about 2 hours if any of my questions had been answered) I finally figured out what I needed to do. Then, I spent an hour and a half (of Saturday time, which is worth twice as much as weekday time) posting a comprehensive how-to on a forum, so that the next person wouldn't have to needlessly go through the trouble I did. I didn't get a single thanks, or even a response. I just got the satisfaction of knowing that the next person with that particular issue wouldn't have to go through as much as I did.
I suspect his method involves secretly encrypting his instructions in trollish Slashdot posts so they get modded to -1. Even the NSA doesn't browse that low.
As a Windows IT professional, I am offended by your comment. I love the open-source community. I support it as much as I can as often as I can. I'm becoming more and more proficient at Linux, too, but there's an element of snobbery in the Linux community that drives intelligent people away. It's unfortunate, too, because I think that those elitists are in the minority.
Chances are good that the thief passed the cassette to someone else, and the press unwittingly authenticated the cassette to the potential buyer. Had this made the news immediately, I would agree with you, but the news outlets didn't report it for months. If I were an intelligent ID thief, the smart move would have been to exploit this information as soon as possible, preferably before it was reported.
At any case, it was a very bad thing to have a backup tape in an employee's car. You and I don't disagree there. That employee should have been terminated. His superior should have been terminated. The person who came up with this hare-brained backup idea should be terminated. In all honesty, the consulting company itself is probably no longer getting state contracts. This is all just.
It is also a very bad thing to assume that the cassette tape is safe because it may be obscured. I don't assume it's safe. But I don't assume anything is safe. I assume that every machine in my office is going to be stolen tomorrow, and I try to imagine what would be in my report to the state if that were to happen. Is our security airtight? Not by a longshot. Anyone telling you that their security is airtight either works at the Pentagon, or has a dangerously sad understanding of security. (or both) However, I can say that we've used the best technology available and practical to assure that the data on our networks doesn't fall into the wrong hands.
I know that EBCDIC -> ASCII isn't a big deal to geeks like us, but any person that even knows what those words mean can make more money in the IT industry than stealing car stereos.
I like your other point, too. There are far more serious breaches being made every day auctioning off equipment at state auctions and on eBay. A cash-strapped homeless shelter might auction off a Pentium 200MMX to pay for another hot meal, not realizing that a list of indigent names and social security numbers could be a gold mine for an identity thief. The only way to fight ignorance is with education, not with credit monitoring.
whats the point of hounding everyone for password security if its just windows? i can blank out any windows password with a linux boot disk. I doubt it. Someone who doesn't know how to use the shift key doesn't present a threat to my network. You probably say things like this because you think it'll makes you sound cool, but it just shows your ignorance. I love Linux. I use it for a lot of things. But if you want to make a living in the software industry, you can't avoid Windows.
A competent sysadmin with good understanding of encrypted volumes, Kerberos, NTLMv2 and group policy can enforce good security, even in Windows. There are definitely risks that I live in fear of, but some kid with a LiveCD isn't one of them.
According to your definition, there is a whole hell of a lot of data "out in the open." In Windows 2000/XP, it's reasonably difficult to encrypt your system drive and your pagefile. Even if you diligently keep 100% of your data on an encrypted volume, can you guarantee that no social security numbers were written to your pagefile? That data can be scraped, you know. Plus, if your computer is stolen, can you tell with any degree of confidence which records were in that pagefile? No? Then you have to assume that all of them were compromised.
Truthfully, the only perfect security is a computer that's disconnected from the Internet, underground, in a locked room turned off with all the hard drive cables removed. And even then, "they" can probably read the information from their satellites in space. In the real world, we need to make compromises.
All of our company backups are encrypted using 256-bit AES encryption. If one gets stolen, I can't "guarantee" that the data hasn't been compromised. After all, someone with a few billion^10 CPU cycles to spare could crack the encryption algorithm. Sure, AES is trusted by the Pentagon, but that doesn't mean it's 100% infallible. In fact, there's a calculable mathematical chance that someone could guess the encryption key on the very first try, even without a supercomputer. It's damn unlikely, but certainly not impossible.
So the question comes down to this: what level of risk are you prepared to accept? More importantly, what level of security are you willing to pay for? Security isn't free. "Perfect" security (like nuclear launch codes, where failure is absolutely not an option) is very expensive. Would you be willing to donate a couple thousand dollars of your own money (along with every other taxpayer) to replace all computers in the country with ones that have hardware-level encryption? Is that good enough? Most of our customers are small, non-profit organizations already run on a shoestring budget. Most of them can't afford to hire a proper secretary, let alone an IT specialist who knows how to use TrueCrypt and enforce security policies.
Listen, I'm not arguing against data security. If you knew me personally, you'd know I'm a very security conscious individual, but I'm saying that we need to be realistic. We need to spend a finite amount of money where it will do the most good. Those millions of dollars in Ohio put towards useless credit checks were funneled directly away from our customers' already meager budgets. My boss is a nice guy, but he needs to keep the company running, so he can't donate our services. That money could have been spent on education, or updated hardware, or proper disposal of old equipment. Put in perspective, there are breaches far more egregious than this one that happen every day, and I can say first-hand that they are usually the result of ignorance. Some people don't know it's not OK to save a SQL backup to a USB key and take it home. Some people don't know that you have to DBAN a hard drive before you throw the computer away. These are far more dangerous than a lost (and probably trashed) AS400 backup.
As an IT professional in Ohio who works in a field very close in both location and function to what this company did, I just want to say that this whole thing has been blown so far out of proportion it's not even funny. Yes, there was some sloppiness going on. Yes, someone, maybe a few people, deserved to lose their jobs over this. However, the amount of time and money that has been spent on this is so far overboard it's ridiculous.
No actual loss has ever been reported as a result of this breach. The tape that was stolen was in a relatively obscure tape format. (I don't believe it's ever been reported, but I work with similar systems, and I would guess it's probably 5 1/4 inch format, likely not even in ASCII. Most of the data backups we get are EBCDIC.) It was unencrypted, but in order for someone to get anything off this, they would need the correct hardware, the correct software and they'd really need to know that they were looking for something. Add to that it wasn't reported until weeks after the loss, by which time the thug who broke into the car had log since ditched the useless cassette tape that he stole.
Meanwhile, Ohio taxpayers are spending millions of dollars doing credit checks on every person whose information was potentially on that tape.
I'm not advocating that we forgo due diligence. I take great care in making sure that all backups from my company are encrypted. I hound everyone in the office to make sure their passwords are secure. However, the fact that we're still speding money on this makes me irate. If there was any indication whatsoever that this data was compromised, I'd be OK, but there's a 99% chance that this tape is in a landfill in southern Columbus right now.
Slashdot Mirror
Is this the model where FOSS is supposed to overtake closed source software?
We need to adopt a friendlier attitude towards users. Yes, there are inconsiderate jerks out there who demand that we fix all the bugs in GIMP so they can use it for their overdue school project. They want you to change GNOME right now because their Grandma has bad eyesight and can't read the menus. Some jerk from Oregon just posted a really nasty message on the support forum because he was using Pidgin on his machine and now it won't boot!
We need to get over ourselves and tolerate these people. Yes, it's inconvenient. Yes, we feel like we're being taken advantage of. Guess what. If we don't embrace them, Microsoft and Adobe and Symantec will. Most companies will gladly eat a shit sandwich as long as they're getting $500 our of the deal. I'm not saying that we need to encourage them to be douchebags. I'm not saying that we need to help them when they're being rude. But we at least need to tolerate them. If we keep up with this "down with the freeloaders" attitude, we're going to find FOSS getting crushed by the competition.
The success of FOSS depends on the freeloaders. Without them, we're just writing for other programmers, and there aren't enough of them out there to make any software successful.
I would have modded this "insightful" rather than "funny."
I can't tell if you're being sarcastic or agreeing with my point. :)
What I find most interesting is now, after the "Googlebomb" try looking at some of the links that come up. More than half in the first few pages are the scum-sucking lowlife advertising sites. Clearly what they're doing is monitoring the "hot Google searches" and then googlepimping© their own sites to match those searches. Everybody knows this is going on, but the efficiency at which these people monitored Google searches, noticed that a particular search was popular, then got their own sites listed really surprises and frightens me. Google is fundamentally broken.
The reason they don't/shouldn't do this is simple. The vote is secret by design for one reason. You can't be forced/coerced into voting a certain way. On one hand, my labor union could require that I show them my voter stub so they can verify I didn't vote Republican. It's unjust, but who ever accused labor unions of being just. More importantly, and more likely, this sets up the ability to buy votes directly. Right now, one of Romney's henchmen could pay me $50 to vote for Romney, after which I could go in and punch the button for McCain. There is no way for me to sell my vote. Under your proposed system, I trade my stub for cash, and they could actually verify that I voted for who I say I did.
If you outlaw downloading, the outlaws will continue to download.
I once worked at a place with full control of the back-end network and software for both Visa and MasterCard's network. We didn't have the ability to manipulate the data in any way, but we could have shut it down entirely. Imagine the damage a disgruntled employee could do if the attack was timed just right.
You're painting with an awfully wide brush. We're not all idiots.
Seriously, they couldn't afford some "technologist" consultants? My high school band director (who probably makes less in one year than the average record exec makes in a week) was telling us about digital downloads in 1992. We all thought he was nuts. I mean, it would take days to download a single WAV file from a BBS at 14.4k...
It'll be just like when, in the 1960's, most young people had a laid-back attitude towards drug use, which was illegal at the time. Now, 40 years later, those people are in power, and drug use is perfectly... uh... oh... wait. Never mind.
This story is highly entertaining, but I think Fake Steve posted it about 3 months and 10 days too early.
...whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it... Stay right where you are, terrorist. Someone will be by to pick you up shortly.In theory, the exploit could probably be used to flash a bad BIOS image or something, so maybe the headline is possible if not entirely correct...
I recently bought a spectrum analyzer for a WiFi project I'm working on. I think that most people would be really surprised at what interference is out there. Here's an interesting experiment:
Next time you're transferring a large file (LAN transfer, not an Internet download. Those aren't fast enough to notice anything.) look at the file transfer speed while you're microwaving a cup of water. (Assuming that the AP is within 30 feet or so of the microwave.) It crushes the transfer speed. Microwaves generate a crapload of interference.
I think it's an unfortunate sentiment among some Linux users that all Windows users are greedy idiots. Yes, there are many greedy idiots out there, nobody will deny that. I'll even admit that a majority of them are Windows users. But that's where Microsoft has figured out something that many in the Linux community still haven't. They cater to those people. Why do you think they put such annoying and ridiculous copy protection on their software? Because they know their target audience well.
I'm not a Microsoft lover by a longshot, but if Linux, and OSS in general, ever want to make inroads against Microsoft, they need to learn to at least be tolerant, if not embrace, those people. Yes, there still needs to be a committed, community based group of people to make up the backbone of the Open-Source community, but essentially the GP post said "I don't want to make software that appeals to the general public because they don't appreciate it." Well, apparently Microsoft has figured out that if you make software easy enough and polished enough for the general public to use, they'll appreciate it at least enough to fork over $500 for it.
Yes, being a member of the OSS community is thankless. Over the last two weeks, I was trying to configure an OSS package for a specific task. I posted several humble, intelligent, reasonable, well-researched questions on the forums and IRC channel, and got exactly ZERO responses from anyone. After about 40 hours of researching it on my own (which would have taken about 2 hours if any of my questions had been answered) I finally figured out what I needed to do. Then, I spent an hour and a half (of Saturday time, which is worth twice as much as weekday time) posting a comprehensive how-to on a forum, so that the next person wouldn't have to needlessly go through the trouble I did. I didn't get a single thanks, or even a response. I just got the satisfaction of knowing that the next person with that particular issue wouldn't have to go through as much as I did.
I suspect his method involves secretly encrypting his instructions in trollish Slashdot posts so they get modded to -1. Even the NSA doesn't browse that low.
As a Windows IT professional, I am offended by your comment. I love the open-source community. I support it as much as I can as often as I can. I'm becoming more and more proficient at Linux, too, but there's an element of snobbery in the Linux community that drives intelligent people away. It's unfortunate, too, because I think that those elitists are in the minority.
Wow, dude. I think someone put a little extra crazy in your crystal meth.
It is also a very bad thing to assume that the cassette tape is safe because it may be obscured. I don't assume it's safe. But I don't assume anything is safe. I assume that every machine in my office is going to be stolen tomorrow, and I try to imagine what would be in my report to the state if that were to happen. Is our security airtight? Not by a longshot. Anyone telling you that their security is airtight either works at the Pentagon, or has a dangerously sad understanding of security. (or both) However, I can say that we've used the best technology available and practical to assure that the data on our networks doesn't fall into the wrong hands.
I know that EBCDIC -> ASCII isn't a big deal to geeks like us, but any person that even knows what those words mean can make more money in the IT industry than stealing car stereos.
I like your other point, too. There are far more serious breaches being made every day auctioning off equipment at state auctions and on eBay. A cash-strapped homeless shelter might auction off a Pentium 200MMX to pay for another hot meal, not realizing that a list of indigent names and social security numbers could be a gold mine for an identity thief. The only way to fight ignorance is with education, not with credit monitoring.
A competent sysadmin with good understanding of encrypted volumes, Kerberos, NTLMv2 and group policy can enforce good security, even in Windows. There are definitely risks that I live in fear of, but some kid with a LiveCD isn't one of them.
According to your definition, there is a whole hell of a lot of data "out in the open." In Windows 2000/XP, it's reasonably difficult to encrypt your system drive and your pagefile. Even if you diligently keep 100% of your data on an encrypted volume, can you guarantee that no social security numbers were written to your pagefile? That data can be scraped, you know. Plus, if your computer is stolen, can you tell with any degree of confidence which records were in that pagefile? No? Then you have to assume that all of them were compromised.
Truthfully, the only perfect security is a computer that's disconnected from the Internet, underground, in a locked room turned off with all the hard drive cables removed. And even then, "they" can probably read the information from their satellites in space. In the real world, we need to make compromises.
All of our company backups are encrypted using 256-bit AES encryption. If one gets stolen, I can't "guarantee" that the data hasn't been compromised. After all, someone with a few billion^10 CPU cycles to spare could crack the encryption algorithm. Sure, AES is trusted by the Pentagon, but that doesn't mean it's 100% infallible. In fact, there's a calculable mathematical chance that someone could guess the encryption key on the very first try, even without a supercomputer. It's damn unlikely, but certainly not impossible.
So the question comes down to this: what level of risk are you prepared to accept? More importantly, what level of security are you willing to pay for? Security isn't free. "Perfect" security (like nuclear launch codes, where failure is absolutely not an option) is very expensive. Would you be willing to donate a couple thousand dollars of your own money (along with every other taxpayer) to replace all computers in the country with ones that have hardware-level encryption? Is that good enough? Most of our customers are small, non-profit organizations already run on a shoestring budget. Most of them can't afford to hire a proper secretary, let alone an IT specialist who knows how to use TrueCrypt and enforce security policies.
Listen, I'm not arguing against data security. If you knew me personally, you'd know I'm a very security conscious individual, but I'm saying that we need to be realistic. We need to spend a finite amount of money where it will do the most good. Those millions of dollars in Ohio put towards useless credit checks were funneled directly away from our customers' already meager budgets. My boss is a nice guy, but he needs to keep the company running, so he can't donate our services. That money could have been spent on education, or updated hardware, or proper disposal of old equipment. Put in perspective, there are breaches far more egregious than this one that happen every day, and I can say first-hand that they are usually the result of ignorance. Some people don't know it's not OK to save a SQL backup to a USB key and take it home. Some people don't know that you have to DBAN a hard drive before you throw the computer away. These are far more dangerous than a lost (and probably trashed) AS400 backup.
As an IT professional in Ohio who works in a field very close in both location and function to what this company did, I just want to say that this whole thing has been blown so far out of proportion it's not even funny. Yes, there was some sloppiness going on. Yes, someone, maybe a few people, deserved to lose their jobs over this. However, the amount of time and money that has been spent on this is so far overboard it's ridiculous.
No actual loss has ever been reported as a result of this breach. The tape that was stolen was in a relatively obscure tape format. (I don't believe it's ever been reported, but I work with similar systems, and I would guess it's probably 5 1/4 inch format, likely not even in ASCII. Most of the data backups we get are EBCDIC.) It was unencrypted, but in order for someone to get anything off this, they would need the correct hardware, the correct software and they'd really need to know that they were looking for something. Add to that it wasn't reported until weeks after the loss, by which time the thug who broke into the car had log since ditched the useless cassette tape that he stole.
Meanwhile, Ohio taxpayers are spending millions of dollars doing credit checks on every person whose information was potentially on that tape.
I'm not advocating that we forgo due diligence. I take great care in making sure that all backups from my company are encrypted. I hound everyone in the office to make sure their passwords are secure. However, the fact that we're still speding money on this makes me irate. If there was any indication whatsoever that this data was compromised, I'd be OK, but there's a 99% chance that this tape is in a landfill in southern Columbus right now.