Well, no it's not an outdated attitude -- corporate security is about mitigating risk, not eliminating risk, and part of that mitigation is preventing unmanaged devices from connecting to the corporate "trusted" network through NAC policies -- if your device doesn't pass the NAC check, it's not getting on the network, either let IT manage your device, or you can connect to the guest network.
Corporate security may be about mitigating risk, but IT is about providing services. It shouldn't be security's call to remove a service from the portfolio because they don't want the risk. Your job is to provide the service with as little risk as possible and to provide guidance to the rest of IT. Not allowing BYOD because in the name of security is like wiping everyone's hard drive in the name of security. Sure, you have reduced risk, but also crippled the system.
Most companies already treat insiders as threats, so BYOD on the corporate network isn't any additional risk. If you don't, then that's the outdated attitude I was referring to.
I know an AUP isn't security. I brought it up to say that they only require an AUP, meaning that no additional security precautions are taken.
The "hold you responsible" comment wasn't very clear, sorry about that. What I really meant was that if you are denying functionality then there better be an associated benefit. So, the eventual end of that logic is that if you take an extreme position of "all devices on the network must be controlled by me", then you should be held to an equally extreme consequence of "well, then everything is your fault - not professionally - personally". If you want to only bear professional responsibility then you should have stopped at "here is what it would cost to secure a BYOD environment" and not progressed to "No BYOD here.".
That's a bit of an outdated attitude. Any "secure corporate network" has dozens or even hundreds of compromised client devices on it at any moment (and possibly a compromised employee or two). Not allowing personal devices doesn't increase security all that much. On the other hand, the benefits of BYOD are accepted by most companies that employ knowledge workers. Most places I've worked (some were really big corporations) simply require an employee to sign an acceptable use policy before connecting.
Let me turn that attitude around: are you willing to be held personally responsible when a client is compromised by a zero-day? Control is an illusion in the twenty-first century, it's way past time to start building networks that are able to function properly even with untrusted devices on them.
It would seem like the victim can consent to the location tracking of her stolen cell phone. No warrant necessary or certainly an easily obtained one.
Which is why it is so ridiculous that they didn't get one. Illegal actions committed in secret by authorities continues until they eventually screw up. Unfortunately, the climate has changed so that there is almost no down side to getting caught. In the past, agencies treaded very lightly near the edge of what's legal because when you got caught, you were gone. Today, getting caught means very little.
I would love to see 200 convictions overturned and a big billboard put up with a group photo of fifty murderers and rapists with the caption "These people are all free because of the choices of {{insert name of responsible idiot here}}."
When I worked for a Fortune 50 company, we once had corporate IT charge us $1.7 million to tell us that it would cost $4.5 million to make a simple e-commerce web site for a division that had a catalog of 2000 products and did about 250 orders per day. Everyone on that team was praised and the local GM that refused to go forward with the project was eventually pushed out. The project eventually happened.
They now have a maintenance team of five people dedicated full time to that web site.
(you have to dig somewhere in windows 8 to "unlock the bios", reformat the drive for a different file type, etc)
That's not Microsoft's doing, the hardware vendor shipped the computer with Secure Boot enabled, which Windows 8 supports, but 7 does not. You can't blame them for enabling a new feature. If it's hard to go back, the hardware vendor wrote the user interface, not Microsoft, so put the blame where it belongs.
... only to find out that I couldn't get all the windows 7 drivers. Even basic stuff like the ethernet did not work. I had not experienced to what extent a new PC was non functional after installing the OS. I had to restore it back to windows 8, and buy a different laptop with windows 7 installed.
Once again, the hardware vendor was the one that decided not to distribute Windows 7 drivers. I've found many cases where the driver actually works with Windows 7, but the installer is specifically coded to refuse to run on 7. It's more of the hardware vendor trying to reduce its expenses by not training tech support staff on more than one operating system than an actual flaw with Windows.
Home automation gadgets are incompatible because the vendors want it that way. Selling you a $50 light bulb is the "gateway drug" to selling you a $20 a month service to manage it from your smart phone. If the protocol is proprietary, there is no competition. A/V components have been this way for so long that the world has just accepted that IR is the only way to talk to them.
It will change when a system gets so much market share that the component vendors see more value in staying a component vendor than they see in establishing themselves as a system vendor. At that point the problem is that the system vendor will want to protect their market by locking up their protocol.
Someone has to pay for the production in the first place.
Maybe, maybe not. It's perfectly valid to be OK with living in a world where all IP is of volunteer quality. For most of the history of man, music was produced for free, although performances were often paid for. In the renaissance, there was a trend for wealthy people to finance IP, yet still make it public. On the other hand, you will get a more efficient market if people make music and software for money.
The problem with using words like "freetard" or "M$" is that all that does is point out that one extreme or the other is stupid. Everyone already knows that.
As a example of you post not being informative: Did you use the word "freetard" because you feel that IP laws are too consumer friendly and should be tightened up? Do you really think that people are unaware that people make a living doing this? Why does IP take a great deal of effort to produce? Some famous songs were written by one person in 30 minutes. Should compensation be relative to effort? If I spent 30 years of my life writing a song, does that automatically make it worth millions of dollars, even if it sucks? Do content creator automatically "deserve" to be compensated? What if their creation does nothing but cause misery (like the guy who invented the gas chamber)? Should he get a royalty check ever time someone is put to death?
There are a thousand things to talk about. But you, and a million others, choose to talk about teenagers who think they should be allowed to download songs for free over the Internet. Yet, I'll bet you're OK with them listening to the radio for free.
That's how all of his points shake out. Every single one boiled down to... "Sure this law nearly turns thinking into crime, but there are some exceptions that you can work in". The FOSS philosophy requires no law to exist. For-profit software couldn't exist without legal protection. I'm not saying for-profit software is bad, but it certainly requires legal protection to sell something that requires almost no physical effort to reproduce.
The question we can't get any real public dialog on is "How much protection is the right amount to create the world we want to live in?"
Sure, at Facebook and Google scales, license costs are prohibitive. But at the scale of big companies (hundreds of servers), it's not. Another difference is that Facebook and Google mostly run one massively scaled application. That reduces support costs to almost nothing. Medium and large companies run tens or hundreds of applications and every server is a new adventure.
There are plenty of benchmarks that show MSSQL and Oracle with better price/performance ration than MySQL. Here is an example of a benchmark and here is a random person who did the math and found out that the licensing cost of MSSQL is more than balanced by the lower support cost in a large installation.
I'm not saying that MySQL isn't a good choice, just that the licensing cost is only a small part of the cost of a DBMS installation, so MySQL being open source really isn't that big of a price advantage unless the installation is very small. And for small customers, both Microsoft and Oracle have a free option.
I live a quarter mile from a drive-in. In the summer, I have to be careful to leave early for some things because the road the drive-in is on has a line two miles long to get in at around 8:30pm. It has five screens and shows first run movies seven nights a week. This one is certainly not dead.
The people that get undeserved unemployment usually are the ones that lie to the labor department. You're never going to win against these people because it's a your-word-against-theirs situation and the labor department generally believes the employee (probably because it's cheaper for them when the employer loses). So, since you can't win no matter what you do with this class of people, it doesn't matter how you behave.
On the other hand, if you go and fire people who give notice, the honest ones will get unemployment benefits along with the dishonest ones who were going to get them anyways. So, from a game theoretic perspective, it's better to accept everyone's resignation and let them work their two weeks. You won't always come out ahead, but you'll come out ahead more often than if you fire them. You said RARELY. Even if it only reverses one case, it's still positive.
Meanwhile, there are some employers who have fired employees for giving notice and their act of disloyalty.
That's generally a bad idea. If an employer lets an employee quit, there's no loose ends. If they fire the employee who gave notice, that employee is probably eligible for unemployment benefits. The knee-jerk "you're fired" could turn into both an insurance claim and possibly the employee becoming eligible for other company-specific benefits like severance, job placement services, paid medical, etc.
I live in New York. Three weeks ago, we had a flood warning in my area and I got a message similar to the one you did complete with extremely loud sound. The problem is, I've received duplicates of this message every few days for three weeks. I talked to AT&T and all they said was "The message is stuck in the system, we're working on it".
Gun control is a big issue in the US. As soon as people can print their own reliable firearms, the very concept of gun control will become either laughable or Orwellian. Either outcome would be big news.
The article says that he experiences 1g of drag at 27mph. That means if you threw him out of a plane, he'd fall at less than 30mph and probably live. Sounds like there's an error in their analysis somewhere.
The patent was the poster child for "obvious patent". The reason they were so successful in court was that everyone who created a web browser added similar functionality. The standard response to this is "of course it's obvious in hindsight", but the court case shows that someone implemented the idea before Eolas, putting the nail in the coffin of that train of thought.
Are you suggesting that the load limit of this vessel was determined by someone who wasn't aware that it might be used in rough water?
Maybe you're saying that the captain was stupid enough to take the vessel into waters it wasn't qualified to be in. In that case, it wasn't an overloading problem, it was an idiot captain problem. The load line still did its job - it wasn't put there to solve every problem.
I didn't say anything about how this accident was caused, I only responded to someone who implied that shipping companies overload their ships and let the insurance companies cover their asses with a simple fact that it's not possible to get away with putting too much weight on a ship. I have no idea how you came to the conclusion that I don't know the possible problems associated with a poorly distributed load, since that's not what was being discussed.
Slashdot Mirror
Well, no it's not an outdated attitude -- corporate security is about mitigating risk, not eliminating risk, and part of that mitigation is preventing unmanaged devices from connecting to the corporate "trusted" network through NAC policies -- if your device doesn't pass the NAC check, it's not getting on the network, either let IT manage your device, or you can connect to the guest network.
Corporate security may be about mitigating risk, but IT is about providing services. It shouldn't be security's call to remove a service from the portfolio because they don't want the risk. Your job is to provide the service with as little risk as possible and to provide guidance to the rest of IT. Not allowing BYOD because in the name of security is like wiping everyone's hard drive in the name of security. Sure, you have reduced risk, but also crippled the system.
Most companies already treat insiders as threats, so BYOD on the corporate network isn't any additional risk. If you don't, then that's the outdated attitude I was referring to.
I know an AUP isn't security. I brought it up to say that they only require an AUP, meaning that no additional security precautions are taken.
The "hold you responsible" comment wasn't very clear, sorry about that. What I really meant was that if you are denying functionality then there better be an associated benefit. So, the eventual end of that logic is that if you take an extreme position of "all devices on the network must be controlled by me", then you should be held to an equally extreme consequence of "well, then everything is your fault - not professionally - personally". If you want to only bear professional responsibility then you should have stopped at "here is what it would cost to secure a BYOD environment" and not progressed to "No BYOD here.".
That's a bit of an outdated attitude. Any "secure corporate network" has dozens or even hundreds of compromised client devices on it at any moment (and possibly a compromised employee or two). Not allowing personal devices doesn't increase security all that much. On the other hand, the benefits of BYOD are accepted by most companies that employ knowledge workers. Most places I've worked (some were really big corporations) simply require an employee to sign an acceptable use policy before connecting.
Let me turn that attitude around: are you willing to be held personally responsible when a client is compromised by a zero-day? Control is an illusion in the twenty-first century, it's way past time to start building networks that are able to function properly even with untrusted devices on them.
It would seem like the victim can consent to the location tracking of her stolen cell phone. No warrant necessary or certainly an easily obtained one.
Which is why it is so ridiculous that they didn't get one. Illegal actions committed in secret by authorities continues until they eventually screw up. Unfortunately, the climate has changed so that there is almost no down side to getting caught. In the past, agencies treaded very lightly near the edge of what's legal because when you got caught, you were gone. Today, getting caught means very little.
I would love to see 200 convictions overturned and a big billboard put up with a group photo of fifty murderers and rapists with the caption "These people are all free because of the choices of {{insert name of responsible idiot here}}."
When I worked for a Fortune 50 company, we once had corporate IT charge us $1.7 million to tell us that it would cost $4.5 million to make a simple e-commerce web site for a division that had a catalog of 2000 products and did about 250 orders per day. Everyone on that team was praised and the local GM that refused to go forward with the project was eventually pushed out. The project eventually happened.
They now have a maintenance team of five people dedicated full time to that web site.
(you have to dig somewhere in windows 8 to "unlock the bios", reformat the drive for a different file type, etc)
That's not Microsoft's doing, the hardware vendor shipped the computer with Secure Boot enabled, which Windows 8 supports, but 7 does not. You can't blame them for enabling a new feature. If it's hard to go back, the hardware vendor wrote the user interface, not Microsoft, so put the blame where it belongs.
... only to find out that I couldn't get all the windows 7 drivers. Even basic stuff like the ethernet did not work. I had not experienced to what extent a new PC was non functional after installing the OS. I had to restore it back to windows 8, and buy a different laptop with windows 7 installed.
Once again, the hardware vendor was the one that decided not to distribute Windows 7 drivers. I've found many cases where the driver actually works with Windows 7, but the installer is specifically coded to refuse to run on 7. It's more of the hardware vendor trying to reduce its expenses by not training tech support staff on more than one operating system than an actual flaw with Windows.
Home automation gadgets are incompatible because the vendors want it that way. Selling you a $50 light bulb is the "gateway drug" to selling you a $20 a month service to manage it from your smart phone. If the protocol is proprietary, there is no competition. A/V components have been this way for so long that the world has just accepted that IR is the only way to talk to them.
It will change when a system gets so much market share that the component vendors see more value in staying a component vendor than they see in establishing themselves as a system vendor. At that point the problem is that the system vendor will want to protect their market by locking up their protocol.
Yes... because the first priority of the police should be to make sure you don't get annoyed.
Someone has to pay for the production in the first place.
Maybe, maybe not. It's perfectly valid to be OK with living in a world where all IP is of volunteer quality. For most of the history of man, music was produced for free, although performances were often paid for. In the renaissance, there was a trend for wealthy people to finance IP, yet still make it public. On the other hand, you will get a more efficient market if people make music and software for money.
The problem with using words like "freetard" or "M$" is that all that does is point out that one extreme or the other is stupid. Everyone already knows that.
As a example of you post not being informative: Did you use the word "freetard" because you feel that IP laws are too consumer friendly and should be tightened up? Do you really think that people are unaware that people make a living doing this? Why does IP take a great deal of effort to produce? Some famous songs were written by one person in 30 minutes. Should compensation be relative to effort? If I spent 30 years of my life writing a song, does that automatically make it worth millions of dollars, even if it sucks? Do content creator automatically "deserve" to be compensated? What if their creation does nothing but cause misery (like the guy who invented the gas chamber)? Should he get a royalty check ever time someone is put to death?
There are a thousand things to talk about. But you, and a million others, choose to talk about teenagers who think they should be allowed to download songs for free over the Internet. Yet, I'll bet you're OK with them listening to the radio for free.
That's how all of his points shake out. Every single one boiled down to... "Sure this law nearly turns thinking into crime, but there are some exceptions that you can work in". The FOSS philosophy requires no law to exist. For-profit software couldn't exist without legal protection. I'm not saying for-profit software is bad, but it certainly requires legal protection to sell something that requires almost no physical effort to reproduce.
The question we can't get any real public dialog on is "How much protection is the right amount to create the world we want to live in?"
Sure, at Facebook and Google scales, license costs are prohibitive. But at the scale of big companies (hundreds of servers), it's not. Another difference is that Facebook and Google mostly run one massively scaled application. That reduces support costs to almost nothing. Medium and large companies run tens or hundreds of applications and every server is a new adventure.
There are plenty of benchmarks that show MSSQL and Oracle with better price/performance ration than MySQL. Here is an example of a benchmark and here is a random person who did the math and found out that the licensing cost of MSSQL is more than balanced by the lower support cost in a large installation.
I'm not saying that MySQL isn't a good choice, just that the licensing cost is only a small part of the cost of a DBMS installation, so MySQL being open source really isn't that big of a price advantage unless the installation is very small. And for small customers, both Microsoft and Oracle have a free option.
I live a quarter mile from a drive-in. In the summer, I have to be careful to leave early for some things because the road the drive-in is on has a line two miles long to get in at around 8:30pm. It has five screens and shows first run movies seven nights a week. This one is certainly not dead.
The people that get undeserved unemployment usually are the ones that lie to the labor department. You're never going to win against these people because it's a your-word-against-theirs situation and the labor department generally believes the employee (probably because it's cheaper for them when the employer loses). So, since you can't win no matter what you do with this class of people, it doesn't matter how you behave.
On the other hand, if you go and fire people who give notice, the honest ones will get unemployment benefits along with the dishonest ones who were going to get them anyways. So, from a game theoretic perspective, it's better to accept everyone's resignation and let them work their two weeks. You won't always come out ahead, but you'll come out ahead more often than if you fire them. You said RARELY. Even if it only reverses one case, it's still positive.
Meanwhile, there are some employers who have fired employees for giving notice and their act of disloyalty.
That's generally a bad idea. If an employer lets an employee quit, there's no loose ends. If they fire the employee who gave notice, that employee is probably eligible for unemployment benefits. The knee-jerk "you're fired" could turn into both an insurance claim and possibly the employee becoming eligible for other company-specific benefits like severance, job placement services, paid medical, etc.
Not all employers are like that. I was eligible for my profit sharing bonus even though it was paid months after I left.
I got four weeks notice and 18 weeks severance last time I was laid off.
I live in New York. Three weeks ago, we had a flood warning in my area and I got a message similar to the one you did complete with extremely loud sound. The problem is, I've received duplicates of this message every few days for three weeks. I talked to AT&T and all they said was "The message is stuck in the system, we're working on it".
Gun control is a big issue in the US. As soon as people can print their own reliable firearms, the very concept of gun control will become either laughable or Orwellian. Either outcome would be big news.
They said he wasn't accelerating any more because he was providing 1g of force against 1g of drag.
The article says that he experiences 1g of drag at 27mph. That means if you threw him out of a plane, he'd fall at less than 30mph and probably live. Sounds like there's an error in their analysis somewhere.
The patent was the poster child for "obvious patent". The reason they were so successful in court was that everyone who created a web browser added similar functionality. The standard response to this is "of course it's obvious in hindsight", but the court case shows that someone implemented the idea before Eolas, putting the nail in the coffin of that train of thought.
Are you suggesting that the load limit of this vessel was determined by someone who wasn't aware that it might be used in rough water?
Maybe you're saying that the captain was stupid enough to take the vessel into waters it wasn't qualified to be in. In that case, it wasn't an overloading problem, it was an idiot captain problem. The load line still did its job - it wasn't put there to solve every problem.
So... how does that relate to overloading?
I didn't say anything about how this accident was caused, I only responded to someone who implied that shipping companies overload their ships and let the insurance companies cover their asses with a simple fact that it's not possible to get away with putting too much weight on a ship. I have no idea how you came to the conclusion that I don't know the possible problems associated with a poorly distributed load, since that's not what was being discussed.
Even if that was what happened, that has nothing to do with overloading. Verifying container weight wouldn't solve the problem.
BTW, did you even look at the pictures?
How do you overload a ship? It has a load line on the side of the hull. If there's too much stuff on it, everyone knows just by looking.