Should corporate officers take responsability for security, including the cyber variety? Of course! One wonders about the logistics for measuring their success, but that's not my point.
The real day-to-day security problem is not in the CEO's office, at least not exclusively. We've all seen or had passwords on monitors, and under keyboards. We've all seen or used a birthday, family member, or pet as a "secure" password. We've all telneted when we should have SSH'ed, or HTTP'ed when we should have HTTPS'ed.
We're the same folks who've held the security door open for someone we didn't actually recognize. Changing the context to "cyber" just gets the article posted on/. It doesn't change the real issue of why people, even those who know better, shortcut security principles every day.
To be "secure", companies need to set a priority for security, and enforce policies with sanctions. In fairness, they should also provide people with tools for success, and for computing that means security hardware, security software and near constant security training.
Since doing it "right" costs money, companies will have to balance corporate security against their corporate economy. If it costs more to be "secure" than your assets are worth, then why bother?
Re:Dealer Authorized Bliss
on
Hack Your Ride
·
· Score: 1
Whatever. What's your problem?
P.S. '97 E36 Sedan, from one of the two years (97-98) they made M3 sedans. In theory the Dinan toys add about 15-25 hp to the stock 240 put out by the inline six. Any more questions?
Dealer Authorized Bliss
on
Hack Your Ride
·
· Score: 2, Funny
I'm lucky enough to drive a BMW M3. My local dealership is also the only regional Dinan (aftermarket mods) authorized dealer/installer.
I've had them add some choice goodies, with no effect on my warranty. Dinan also warrantees their mods specifically. No problems yet. The "Ludicrous Speed" button is my favorite. For some reason, my wife still calls it the "accelerator".
You mean to tell me that you can't go four hours off-leash once in awhile without getting into trouble? That's actually sorta sad.
What kind of ADHD world do you live in where you can't just go sit in a damn ballpark and watch the world spin for an evening?
It's called a "pastime" for God's sake.
I have a laptop (powerbook TYVM) and email and a cellphone and wife and a job and a mortgage and a BMW. But I can turn them all off (my wife will vouch for this) for an occasional ballgame.
So 30 hours of your life is worth the entire remainder of another person's life? Yet you only earn about ten bucks an hour. Funny, that.
Wouldn't it be more appropriate that someone who steals 30 hours of your life just be forced to listen to your babbling lunacy for another 30 hours? Eye for an eye, right?
I think the driving vision is that eventually online e-voting will be viable. Behind that vision is a dubious assumption that low voter turnout would be improved if everyone could vote via browser.
Whether or not this is a good idea is left to the reader....
Not complaining? Seemed explicitly implicit to me...:^/
Anyway, giving you the benefit of the doubt, I'll engage you in this "discussion." The primary difference is that the HTTP protocol introduces a "user opt in" element that SMTP doesn't.
Under normal circumstances, users aren't "forced" to visit any given website that has banner-ads (not counting pr0n pop-ups and the like). You elect your default homepage, and you initiate outbound "GETs" to acquire more content.
But with email, user mail clients must receive all the messages the server has waiting for them, whether it's spam or ham.
Another technical difference is the distribution of high impact image (banners for example) content to localized server clusters, like Akamai. It minimizes inter-AS bandwidth. Unlike SPAM which does the opposite.
Uh,/. is a big endeavor, taking time and money from the site's proprietors. It's free to you. I'd quit complaining about what they have to do to fund your entertainment. Really.
Actually, there's yet another theory that says *every* story plot is derivative of Beowulf.
Wow--This is the first time in a decade that I've ever repeated anything I learned in several college Lit courses.
Even in legitimate cases, option two would be a tough call for most companies. The Catch-22 is that they might have to publicly disclose the valuable intellectual property they are suing to keep private.
This is exacerbated by the fact that the code would likely be presented into evidence in a human-readable form. Once it's in evidence, the public would have easy access to it.
Now, let's ignore the likelyhood that some people would just steal the code to use, as is, in their own software. The other risks are: that knowing the weaknesses of your code, competitors come up with _better_ code for their software; or blackhats find some vulnerability to maliciously exploit. Neither is attractive.
I'd bet that even SCO would have picked option three if their lungs hadn't been full of bankruptcy-tainted water. This is case is likely their deathrattle, ghost-funding or not.
Common sense requires common experience. That's a difficult requirement to meet in a geographically large and economically diverse population. Probably easier to achieve in Finland...
I admit that my original reply may have seemed a bit anti-US
Yes. But that's okay, and it's not what I'm responding to.
My point is that law is a tangible entity and "common sense" is decidely intangible. You can't decide legality on "common sense" in a land where there's too much diversity to call any sense "common to all people."
They are boring because there are no loudmouthed lawyers trying to convince a jury or a judge on why this or that particular tiny loophole or constitutional article...
Excellent example of a lack of "common sensibility" between you and me. To me, "innocent until proven guilty" is common sense. In the US, the burden is on the prosecutor (an arm of the state) to prove criminality, not on the defendant to prove innocence. Even if someone is "clearly" guilty of the spirit of the law, a loophole or constitutional article/amendment that contradicts the written law is an acceptible, albeit unsavory, legal defense. See, "spirit of the law" and "common sense" are both intangible, written laws are significantly more tangible.
... should be used to aquit someone who has clearly committed a criminal act.
By "clearly" you're refering to the clarity that the trial is attempting to establish? If this clarity is predetermined in Finland, why even have a trial court system? Courts may, and probably should, be boring for many reasons, but predetermined criminality shouldn't be one of them.
And when it comes to "Abuse of power"... I'd like to welcome you to study the recent history of Finland...
The recent history of any single nation is weak anecdotal evidence for any given argument, and fairly useless in this context. Human history across any geopolitical boundaries gives us overwhelming evidence of our tendencies to abuse power.
and compared to certain figurehead...
Believe me, there's plenty of national debate regarding our leaders' performance. And you know little about where I stand on that, because it's way off-topic.
I honestly believe that although the Finnish administration does have its faults, it really does have everyone's best interests in mind. I'm sure many Finns agree.
Again, then why have courts? If the state is infallibly benevolent, then there's no point to them, but that's a BIG "if."
I admit that I really don't know enough about Finland to judge how naive you are. So I won't.
there are people at them helm of the US who care more about the $ than they do about the people
Assuming that is true, I'm sure you'll admit the US doesn't even come close to cornering this market.
Common sense:^)
shows that most nations are in the same predicament.
Wow, you're clearly bringing some extra bagage to this discussion. I read none of this undertone in the letter.
The only thing you need to measure yourself with is money. If you do something and don't make money from it, you're a failure.
You missed the point entirely. The letter didn't frame money as a measure of personal success or failure at all. It just pointed out that eventually you will need money to support yourself, and possibly others.
If you learned to do something in school, you MUST make money from it, or you're a failure (again, see above)
Wrong. The point was: If you don't plan to get paid for your software, what will you do to earn the money you need? Logically, most folks pursue careers aligned with their education. In fact, most people believe their education is an investment towards a better career.
What amazes me is that this advice must be given to twentysomethings. The whole, "Someday son, you'll have to support a family of your own," lecture seems more appropriate for teenagers. Come on.
Opensource projects are completely vital and important in many ways (innovation, affordability, and more...), but commercial software has its place too. Programmers deserve reasonable compensation for their expertise, and commercial projects offer such compensation (mostly).
Cops would no longer have to catch someone speeding, they would just have to link the illegal speed with the vehical and send the ticket in the mail.
Why something passive? Cops could directly signal the speeder's vehicle to slow to the posted limit, or in extreme cases, signal a felony suspect's vehicle to stop outright.
Not advocating it, mind you...
Any government could track were certain citizens are (or rather their cars) at any time.
Got your cellphone on you? Or, as others have pointed out, are you paying for Onstar?
What we've got to remember is that we (in the US) opt in to cellphone service, Onstar, and the like. Until the (US) government considers mandating these things, then we really have no reason to fear the technology.
The day the (US) government does start mandating such things, then we'll have something to fear (and work to change.)
Huh? Respectfully, this is nonsense. The vast majority of us have at least one "access point into the global communications infrastucture." They're called "phones". Does this give us all "unlimited access to the Internet?" Of course not.
Definitionally, as well as practically, the Internet is a very specific arrangement of routed IP networks that have peering or customer/vendor relationships. Your access point must have at least one routable IP address on one of these networks. Period.
For Internet access, any physical connection (DS0/DS1/DS3/OCN/Wireless) you have to a local exchange carrier, e.g. the global communications infrastructure, is moot without a business or consumer relationship with an ISP.
You can run your own IP network between your own sites, but you're not going to read/. from there.
If everybody just changed the list all at once, their servers would suddenly become quiet and this would be a non-issue.
You really believe total DNS mutiny would be preferable (read: more stable) than wildcards in two TLDs? I don't like Verisign's moneygrubbing wildcard plan either, but I'll take it over complete pollution and destabilization of an otherwise working system.
Note to VS: You know browsers are not the only network applications that *rely* on DNS. For the love of God, stop messing with it to make a quick and dirty buck.
Note to all: If we stop buying Verisign products, they will stop bothering us. Corporations exist only with customer revenue.
s/bothers/stresses/ and the sentence starts out very topical...
how software, sometimes hardware manufacturers present you with "the latest" of whatever it is that they sell, and then describe to you how it will make your life easier, and why version (+1) of their product is better than the current version,
So you'd rather hear, "We've released version 9.0.2. There's no new features, and it's no better than 9.0.1."
Companies sell goods and services. Sometimes companies improve those goods and services. When they do, they usually tell their customers. What bothers you about this?
and why you should shell out a couple hundred grand for it.
Yes! All hardware/software upgrades should be free for life. No stress! Unless, of course, we work for the company selling the hardware/software. Then we'd be very stressed because we have no money for food.
You should run right in and tell your boss that (s)he should fire your company's sales staff, so they quit bothering your customers.:-/
Your post was very insightful, other than this odd rant about the sales process. And no, I don't work in sales.
It seems that many of us have become so used to our technology that when something breaks we feel stressed and a little off center until we have it replaced or fixed.
Heh. One time my wife dropped her Handspring and cracked the screen. "Stressed and a little off center" doesn't doesn't cover the full amplitude of the mood of the woman I married when she doesn't have immediate access to someone's address. Trust me. Technology can cause me stress.:-/
Slashdot Mirror
Should corporate officers take responsability for security, including the cyber variety? Of course! One wonders about the logistics for measuring their success, but that's not my point.
/. It doesn't change the real issue of why people, even those who know better, shortcut security principles every day.
The real day-to-day security problem is not in the CEO's office, at least not exclusively. We've all seen or had passwords on monitors, and under keyboards. We've all seen or used a birthday, family member, or pet as a "secure" password. We've all telneted when we should have SSH'ed, or HTTP'ed when we should have HTTPS'ed.
We're the same folks who've held the security door open for someone we didn't actually recognize. Changing the context to "cyber" just gets the article posted on
To be "secure", companies need to set a priority for security, and enforce policies with sanctions. In fairness, they should also provide people with tools for success, and for computing that means security hardware, security software and near constant security training.
Since doing it "right" costs money, companies will have to balance corporate security against their corporate economy. If it costs more to be "secure" than your assets are worth, then why bother?
Whatever. What's your problem?
P.S. '97 E36 Sedan, from one of the two years (97-98) they made M3 sedans. In theory the Dinan toys add about 15-25 hp to the stock 240 put out by the inline six. Any more questions?
I'm lucky enough to drive a BMW M3. My local dealership is also the only regional Dinan (aftermarket mods) authorized dealer/installer.
I've had them add some choice goodies, with no effect on my warranty. Dinan also warrantees their mods specifically. No problems yet. The "Ludicrous Speed" button is my favorite. For some reason, my wife still calls it the "accelerator".
I've got absolutely nothing to hide,
by Anonymous Coward
Um...
I've never been to SBC, but if it's a typical stadium, it's the last place I'd take my beloved powerbook.
While I run very well on beer and pizza, the PB runs much better without them.
Add the limited elbow room to the drunken fans and you've got a funny anecdote about the cool G4 you used to have.
And this is different than any other public hotspot how?
You mean to tell me that you can't go four hours off-leash once in awhile without getting into trouble? That's actually sorta sad. What kind of ADHD world do you live in where you can't just go sit in a damn ballpark and watch the world spin for an evening? It's called a "pastime" for God's sake. I have a laptop (powerbook TYVM) and email and a cellphone and wife and a job and a mortgage and a BMW. But I can turn them all off (my wife will vouch for this) for an occasional ballgame.
So 30 hours of your life is worth the entire remainder of another person's life? Yet you only earn about ten bucks an hour. Funny, that.
Wouldn't it be more appropriate that someone who steals 30 hours of your life just be forced to listen to your babbling lunacy for another 30 hours? Eye for an eye, right?
Yet, you're on /.
Whether or not this is a good idea is left to the reader....
Anyway, giving you the benefit of the doubt, I'll engage you in this "discussion." The primary difference is that the HTTP protocol introduces a "user opt in" element that SMTP doesn't.
Under normal circumstances, users aren't "forced" to visit any given website that has banner-ads (not counting pr0n pop-ups and the like). You elect your default homepage, and you initiate outbound "GETs" to acquire more content.
But with email, user mail clients must receive all the messages the server has waiting for them, whether it's spam or ham.
Another technical difference is the distribution of high impact image (banners for example) content to localized server clusters, like Akamai. It minimizes inter-AS bandwidth. Unlike SPAM which does the opposite.
don't be so sensitive. Really.
?? I have no idea what you're talking about...
Uh, /. is a big endeavor, taking time and money from the site's proprietors. It's free to you. I'd quit complaining about what they have to do to fund your entertainment. Really.
Actually, there's yet another theory that says *every* story plot is derivative of Beowulf. Wow--This is the first time in a decade that I've ever repeated anything I learned in several college Lit courses.
This is exacerbated by the fact that the code would likely be presented into evidence in a human-readable form. Once it's in evidence, the public would have easy access to it.
Now, let's ignore the likelyhood that some people would just steal the code to use, as is, in their own software. The other risks are: that knowing the weaknesses of your code, competitors come up with _better_ code for their software; or blackhats find some vulnerability to maliciously exploit. Neither is attractive.
I'd bet that even SCO would have picked option three if their lungs hadn't been full of bankruptcy-tainted water. This is case is likely their deathrattle, ghost-funding or not.
Common sense requires common experience. That's a difficult requirement to meet in a geographically large and economically diverse population. Probably easier to achieve in Finland...
I admit that my original reply may have seemed a bit anti-US
Yes. But that's okay, and it's not what I'm responding to.
My point is that law is a tangible entity and "common sense" is decidely intangible. You can't decide legality on "common sense" in a land where there's too much diversity to call any sense "common to all people."
They are boring because there are no loudmouthed lawyers trying to convince a jury or a judge on why this or that particular tiny loophole or constitutional article...
Excellent example of a lack of "common sensibility" between you and me. To me, "innocent until proven guilty" is common sense. In the US, the burden is on the prosecutor (an arm of the state) to prove criminality, not on the defendant to prove innocence. Even if someone is "clearly" guilty of the spirit of the law, a loophole or constitutional article/amendment that contradicts the written law is an acceptible, albeit unsavory, legal defense. See, "spirit of the law" and "common sense" are both intangible, written laws are significantly more tangible.
By "clearly" you're refering to the clarity that the trial is attempting to establish? If this clarity is predetermined in Finland, why even have a trial court system? Courts may, and probably should, be boring for many reasons, but predetermined criminality shouldn't be one of them.
And when it comes to "Abuse of power"... I'd like to welcome you to study the recent history of Finland...
The recent history of any single nation is weak anecdotal evidence for any given argument, and fairly useless in this context. Human history across any geopolitical boundaries gives us overwhelming evidence of our tendencies to abuse power.
and compared to certain figurehead...
Believe me, there's plenty of national debate regarding our leaders' performance. And you know little about where I stand on that, because it's way off-topic.
I honestly believe that although the Finnish administration does have its faults, it really does have everyone's best interests in mind. I'm sure many Finns agree.
Again, then why have courts? If the state is infallibly benevolent, then there's no point to them, but that's a BIG "if."
I admit that I really don't know enough about Finland to judge how naive you are. So I won't.
there are people at them helm of the US who care more about the $ than they do about the people
Assuming that is true, I'm sure you'll admit the US doesn't even come close to cornering this market.
Common sense :^)
shows that most nations are in the same predicament.
I hope they've got everyone's best interests in mind.
I'm sure they do. "Abuse of power" is rare. Hardly happens anywhere, historically speaking. (/sarcasm)
Dick reads Jane's post, then blogs his take on it.
Sally reads Dick's blog, and blogs her twist.
Tom catches Sally's blog, and then spins his blog.
Jane notices Tom's blog and says, "Gee this looks familiar, sort of..."
Cisco ATA 186 lists for $170, but check the street for a better deal.
The only thing you need to measure yourself with is money. If you do something and don't make money from it, you're a failure.
You missed the point entirely. The letter didn't frame money as a measure of personal success or failure at all. It just pointed out that eventually you will need money to support yourself, and possibly others.
If you learned to do something in school, you MUST make money from it, or you're a failure (again, see above)
Wrong. The point was: If you don't plan to get paid for your software, what will you do to earn the money you need? Logically, most folks pursue careers aligned with their education. In fact, most people believe their education is an investment towards a better career.
What amazes me is that this advice must be given to twentysomethings. The whole, "Someday son, you'll have to support a family of your own," lecture seems more appropriate for teenagers. Come on.
Opensource projects are completely vital and important in many ways (innovation, affordability, and more...), but commercial software has its place too. Programmers deserve reasonable compensation for their expertise, and commercial projects offer such compensation (mostly).
Why something passive? Cops could directly signal the speeder's vehicle to slow to the posted limit, or in extreme cases, signal a felony suspect's vehicle to stop outright.
Not advocating it, mind you...
Any government could track were certain citizens are (or rather their cars) at any time.
Got your cellphone on you? Or, as others have pointed out, are you paying for Onstar?
What we've got to remember is that we (in the US) opt in to cellphone service, Onstar, and the like. Until the (US) government considers mandating these things, then we really have no reason to fear the technology.
The day the (US) government does start mandating such things, then we'll have something to fear (and work to change.)
Definitionally, as well as practically, the Internet is a very specific arrangement of routed IP networks that have peering or customer/vendor relationships. Your access point must have at least one routable IP address on one of these networks. Period.
For Internet access, any physical connection (DS0/DS1/DS3/OCN/Wireless) you have to a local exchange carrier, e.g. the global communications infrastructure, is moot without a business or consumer relationship with an ISP.
You can run your own IP network between your own sites, but you're not going to read /. from there.
You really believe total DNS mutiny would be preferable (read: more stable) than wildcards in two TLDs? I don't like Verisign's moneygrubbing wildcard plan either, but I'll take it over complete pollution and destabilization of an otherwise working system.
Note to VS: You know browsers are not the only network applications that *rely* on DNS. For the love of God, stop messing with it to make a quick and dirty buck.
Note to all: If we stop buying Verisign products, they will stop bothering us. Corporations exist only with customer revenue.
s/bothers/stresses/ and the sentence starts out very topical...
So you'd rather hear, "We've released version 9.0.2. There's no new features, and it's no better than 9.0.1."
Companies sell goods and services. Sometimes companies improve those goods and services. When they do, they usually tell their customers. What bothers you about this?
Yes! All hardware/software upgrades should be free for life. No stress! Unless, of course, we work for the company selling the hardware/software. Then we'd be very stressed because we have no money for food.
You should run right in and tell your boss that (s)he should fire your company's sales staff, so they quit bothering your customers. :-/
Your post was very insightful, other than this odd rant about the sales process. And no, I don't work in sales.
Heh. One time my wife dropped her Handspring and cracked the screen. "Stressed and a little off center" doesn't doesn't cover the full amplitude of the mood of the woman I married when she doesn't have immediate access to someone's address. Trust me. Technology can cause me stress. :-/
Obviously.