The boss's boss's boss's bosses told everyone that we couldn't register subdomains anymore because there were so many, they couldn't manage them and they should from now on all use subfolders on the main domain (as in don't use "service.example.com", use "example.com/service", that way we can better control the "marketing message". And since nobody up the chain understands the difference between the two and most requests get outright denied, we're just doing what we need to do to "make things work".
Anyone suggesting "security" as a reason to use an official domain/subdomain should not be in security and you end up with cases exactly like this. You can't even guarantee that people WITHIN the organization have company.com resolve to the "authentic" addresses, let alone those outside.
Whether or not you use live customer data on any particular domain is inconsequential, the data does not move ownership if the domain registration changes.
I'm not sure if you're just stupid or trolling, the Clinton "conspiracy" is pretty well covered these days on national and international media. I watch BBC, CNN doesn't make much of a mention of it but obviously Fox would.
Not necessarily, the only thing not going to the dump is the old plastic shell, the rest of the boards (where the "heavy metals" live) still go in the dump if you take it to a repair shop, so even shops find it cheaper to just throw out and replace an entire board than to desolder a capacitor.
I interact with repair shops as I deal with multi-million dollar medical equipment that can't just be replaced, something as simple as a fuse blown ends up in the power board being wholly replaced, a bad FPGA board and they re-rack an entire unit while 7 out of 8 FPGA are still working and now just laying around for recycling because it's cheaper to just replace it than it is to send a unit back to Germany and get an engineer to figure out what's wrong with it, repair and store it.
On the other hand, a "dumb" LCD TV from 10 years ago consumes 140W or 10W in standby and is contributing more long term over another 10y to "environmental issues" than properly recycling it and replacing it with a unit that these days consumes 50W and 1W in standby. Depending on where he lives and the model he has, this little space heater could cost him $100/y vs. $10-20 for one of the latest efficient units.
A good setup would verify the authenticity of the service before installing any software.
Any WiFi hotspot these days can pretend to be âoeyour websiteâ.
The thing is that these schemes are even built-in to most webservers these days, you need to be truly incompetent not to know about and implement them.
Nobody has ever said the Russians had the malware. Russian government involvement is a red herring spun to distract you from the Russia-Clinton-Obama inconvenience.
The problem is that the new TV costs only $3-500 and has much higher resolution, much less power hungry and includes all sorts of bells and whistles your 10yo LCD doesnâ(TM)t have.
Go to a repair shop and youâ(TM)re at $198 for labor before they even know they need $25-100 in parts. There is a brand new TV that saves you energy for the cost of a repair.
Regulation like this would be wholly unnecessary if we instead allowed small manufacturers to compete honestly in the market.
Through regulation and taxation, of which this is only a small part of, only really big companies can afford to bring products to market.
If this were such a problem, people would be buying more repairable machines. I myself havenâ(TM)t needed a âoerightâ to repair anything and I work with Apple products almost exclusively. I know how to repair MacBooks, iPads and even iPhones, where to get spare parts. Iâ(TM)m not a mechanic but I have a fairly modern VW, I bring it to an independent, small business garage and he can fix it in less time and cheaper than the dealership.
I donâ(TM)t know what people are whining about, we have protections in place nobody is enforcing. If you want a right to repair of Androids, sue the manufacturer for violations of GPL - Samsung, Amlogic,... all of them are grossly violating your existing right to the existing code under existing protections.
My point is not about AI jobs (which don't quite exist yet), those are fine and will go through the process naturally, the problem here is that Google and co is guising regular programming jobs as 'working on AI' jobs and then claiming a shortage.
The other point I was trying to make is that there is no actual shortage of "AI research people" to work on self-driving cars and image recognition, we've figured the theory behind that out, the implementation however requires some programming people and here again, Google and co is drumming up a "shortage" that doesn't exist. Try to get a job in implementation-level AI, you'll see there's plenty of applicants, the wages are relatively stable and no bubble exists.
Home based business can already do AI. Iâ(TM)ve built an âoeAI systemâ for advertisement optimization using crowd tracking from open source libraries and some Python glue in a matter of hours. The thing âoelearnsâ and can âoepredictâ demand very rudimentary. I built something similar about a decade ago for systems monitoring and although it ended up being just fed random data, it could predict hard drive failures rather accurate simply based on peripheral data.
Pure AI doesnâ(TM)t exist yet and researchers are far and few between, just like you have very few pure physics professors and pure neuroscience professors. In all those cases the pools are small and the programs expensive and hard to get into but very few companies need people at that level for commercial development.
Modern AI software isn't that complicated and not nearly as expensive to get people in. Look at job offers: $150k for AI research scientists in NYC. $65k in more rural areas. That's not well paid by definition at all. Sure, a pure AI scientist gets paid $500k just like a top neuroscience scientist gets paid $500k or a top biology researcher, but the majority of companies do not want to do the theoretical development of AI, any regular programmer can wrap their heads around the existing literature and build something.
Here in my area, there are a number of employers looking for AI engineers/scientists. They pay about what I make as a non-AI IT sysadmin, which is given my experience on the higher scale but by no means exceptional.
What Google and co wants is a glut of people 4-6 years from now that are "trained" in AI from college. You put out a report like this, you get massive amounts of people applying for the schools that offer programs and 5 years from now you have an over-abundance of people driving down overall wages. You also get to hire a bunch of people on H1B because the "US doesn't have the skillz" and you end up with a bunch of programmers on H1B under the guise of AI development.
In Windows, everything runs under your users' account and almost everything else runs as root. This is similar to setting the noexec flag on the users' home partition, something that has also existed a long time.
On one hand it avoids paying taxes in return for some naming rights on a couple of buildings. On the other hand, he doesn't get taxed on the increased value of Microsoft and thus his "wealth" grows without actually growing his (taxable) bank account.
But yeah, he's "donating" $5B in what amounts to cruddy software that after the grants go away, have to continue to be maintained and doesn't interoperate with non-Microsoft software.
Microsoft, Google and Apple are all competing very hard and "donating" an awful lot of hardware/software just to get a slice of the multi-billion dollar market. Your average school district doesn't flinch at spending $500k-1M for Microsoft Licensing and then we haven't even gotten to higher education, even the complete $5B Gates has donated barely offsets the amount of money schools have spent with Microsoft over the last year.
If he wants to do philanthropy, give all schools free access to the MSFT library of software, no more licensing schemes, everyone gets it. It wouldn't even cost them near $10M per year to organize that but would save more than 50% of schools' IT budgets.
Besides learning about DOS stuff, many of these games use many tricks to optimize the games which not necessarily the code but the thinking processes could be useful even in modern languages.
The other thing is legally, now it's open, if you happen to have used code that looks similar to the original, or some idiot actually plagiarized it, which wouldn't be necessarily unusual, there is no current or future rights holder (another SCO) that can claim ownership to the code.
Security enclaves as you recommend also exist in the iPhone to some extent, so an app could definitely do âoesomething similarâ given it doesnâ(TM)t have remote capabilities, relatively secure. You could probably get a chip with similar properties on an Android.
The problem is indeed cost. Even at $5 per dongle and a $50 plugin (USB) on the server side the cost for a medium size enterprise is easily an $100k investment once you include server-side hardware and people-cost with an ongoing $15-50k yearly cost.
Thatâ(TM)s too expensive for many decision makers, you could just as well get another Windows Server or Cloud solution for that and the Cloud solves the issues of liability.
You have to be able to prove a cost of security flaws above 10x the investment cost. Right now itâ(TM)s just throw money at the wall and many people still get hacked even with 2FA - modern phishing actually get you to authenticate with 2FA and then add RGE attackers device to the app (Another Yet Unfixed Flaw in Duo)
Only for people that BUY the houses. Existing property owners do not get reassessed. It also depends on how your taxes are calculated but typically, you're off pretty good as long as you hold onto the property.
The problem is that they've grown too large to sustain their own growth. It makes more sense to set up second headquarters far away from there if the costs are lower.
So because of Amazon, costs have gone up for real estate and wages, but Amazon is also paying these costs, basically eating it's own tail.
When costs for housing rises, the city gets more property tax income, criminal activity goes down and the city can give police officers and teachers their much needed raises while the schools get better. If Amazon built outside the city, like many companies at one point did (eg. the Google and Apple campus), then you complain about companies destroying the small towns with zero-tax deals and using land that was once grasslands and wildlife while not giving back to the community.
It doesn't stop the teachers and police officers that live there from continuing to live there and if they want to, they can sell the house for a tidy profit, get themselves into a better position, go live in the suburbs, get better educated or retire early.
We're also very sad the fish mongers no longer occupy the houses near the river or the horse buggy makers near the city gates.
If it's your first time in a casino, you indeed happen to have a lot of 'luck'. I live near a few Indian reservations and have applied for a number of IT jobs in them. You would never want to play after you see what they have in modern times, nobody is going to break your arm anymore for winning, the odds will shift in their favor until you start losing. The small datacenter in the casino is not just for video recording.
You walk in first time and you always get a "promotion", once a certain promotion has been fulfilled based on your demographic, the casino will expect a 'return' on it's promotion. This all gets calculated out based on the information you give them, location analysis, food and drink consumption etc.
The problem with these bounty programs is a) The "underworld" will pay more for it, regardless of where you live. A juicy bug can net you between $10k and $100k to the right people, even more if it's on the scale of Equifax. There is little incentive to the grey and black hatters to participate in these programs and the professionals are also precluded from participating due to a variety of contracts. b) You get hundreds of people trying to get the $1000, it's basically free employment to them and a lottery to the participants. Even if you're a 1337 h4x0r, there are hundreds of other ones and if one of them finds it faster than you for a variety of reasons (perhaps they're just submitting on a vague hunch), even if you are technically better and would get hired over them, you still don't get the reward. c) You typically sign away a bunch of things under these programs too. You could sign away the right to be named or publicize the exploit so even if you find one, the public will never know any better if Google and co. never fix the problem. And if they do fix it, you're typically not going to be credited for it, rather Google's bounty program gets the credit while you're a footnote in an advisory. If you truly want to enter the market, you're not going to get very far with these programs, again, it's much better if you're caught making millions because after a short stint in a penitentiary you get legitimate contracts even with government agencies.
Slashdot Mirror
Religions tend to make these occurrences mutually exclusive
Congratulations on being a moron and not understanding the difference between "security" and DNS.
The boss's boss's boss's bosses told everyone that we couldn't register subdomains anymore because there were so many, they couldn't manage them and they should from now on all use subfolders on the main domain (as in don't use "service.example.com", use "example.com/service", that way we can better control the "marketing message". And since nobody up the chain understands the difference between the two and most requests get outright denied, we're just doing what we need to do to "make things work".
Explain why is it so 'dangerously stupid'. DNS is no part of any security model, if yours is, then I would fire you in a heartbeat.
Anyone suggesting "security" as a reason to use an official domain/subdomain should not be in security and you end up with cases exactly like this. You can't even guarantee that people WITHIN the organization have company.com resolve to the "authentic" addresses, let alone those outside.
Whether or not you use live customer data on any particular domain is inconsequential, the data does not move ownership if the domain registration changes.
I'm not sure if you're just stupid or trolling, the Clinton "conspiracy" is pretty well covered these days on national and international media. I watch BBC, CNN doesn't make much of a mention of it but obviously Fox would.
Not necessarily, the only thing not going to the dump is the old plastic shell, the rest of the boards (where the "heavy metals" live) still go in the dump if you take it to a repair shop, so even shops find it cheaper to just throw out and replace an entire board than to desolder a capacitor.
I interact with repair shops as I deal with multi-million dollar medical equipment that can't just be replaced, something as simple as a fuse blown ends up in the power board being wholly replaced, a bad FPGA board and they re-rack an entire unit while 7 out of 8 FPGA are still working and now just laying around for recycling because it's cheaper to just replace it than it is to send a unit back to Germany and get an engineer to figure out what's wrong with it, repair and store it.
On the other hand, a "dumb" LCD TV from 10 years ago consumes 140W or 10W in standby and is contributing more long term over another 10y to "environmental issues" than properly recycling it and replacing it with a unit that these days consumes 50W and 1W in standby. Depending on where he lives and the model he has, this little space heater could cost him $100/y vs. $10-20 for one of the latest efficient units.
A good setup would verify the authenticity of the service before installing any software.
Any WiFi hotspot these days can pretend to be âoeyour websiteâ.
The thing is that these schemes are even built-in to most webservers these days, you need to be truly incompetent not to know about and implement them.
In large corporations itâ(TM)s often easier to register a new domain than go through the hoops of getting a subdomain approved.
Where I work, it takes me $8 and a half hour work to get a domain but it can easily take me 6 work hours across 2-4 weeks to get a subdomain.
The corporations only take the freedom and money you allow them to take. If you donâ(TM)t let them, they will die.
The government takes your freedom and money at gunpoint.
Nobody has ever said the Russians had the malware. Russian government involvement is a red herring spun to distract you from the Russia-Clinton-Obama inconvenience.
The problem is that the new TV costs only $3-500 and has much higher resolution, much less power hungry and includes all sorts of bells and whistles your 10yo LCD doesnâ(TM)t have.
Go to a repair shop and youâ(TM)re at $198 for labor before they even know they need $25-100 in parts. There is a brand new TV that saves you energy for the cost of a repair.
Regulation like this would be wholly unnecessary if we instead allowed small manufacturers to compete honestly in the market.
Through regulation and taxation, of which this is only a small part of, only really big companies can afford to bring products to market.
If this were such a problem, people would be buying more repairable machines. I myself havenâ(TM)t needed a âoerightâ to repair anything and I work with Apple products almost exclusively. I know how to repair MacBooks, iPads and even iPhones, where to get spare parts. Iâ(TM)m not a mechanic but I have a fairly modern VW, I bring it to an independent, small business garage and he can fix it in less time and cheaper than the dealership.
I donâ(TM)t know what people are whining about, we have protections in place nobody is enforcing. If you want a right to repair of Androids, sue the manufacturer for violations of GPL - Samsung, Amlogic, ... all of them are grossly violating your existing right to the existing code under existing protections.
My point is not about AI jobs (which don't quite exist yet), those are fine and will go through the process naturally, the problem here is that Google and co is guising regular programming jobs as 'working on AI' jobs and then claiming a shortage.
The other point I was trying to make is that there is no actual shortage of "AI research people" to work on self-driving cars and image recognition, we've figured the theory behind that out, the implementation however requires some programming people and here again, Google and co is drumming up a "shortage" that doesn't exist. Try to get a job in implementation-level AI, you'll see there's plenty of applicants, the wages are relatively stable and no bubble exists.
Home based business can already do AI. Iâ(TM)ve built an âoeAI systemâ for advertisement optimization using crowd tracking from open source libraries and some Python glue in a matter of hours. The thing âoelearnsâ and can âoepredictâ demand very rudimentary. I built something similar about a decade ago for systems monitoring and although it ended up being just fed random data, it could predict hard drive failures rather accurate simply based on peripheral data.
Pure AI doesnâ(TM)t exist yet and researchers are far and few between, just like you have very few pure physics professors and pure neuroscience professors. In all those cases the pools are small and the programs expensive and hard to get into but very few companies need people at that level for commercial development.
Modern AI software isn't that complicated and not nearly as expensive to get people in. Look at job offers: $150k for AI research scientists in NYC. $65k in more rural areas. That's not well paid by definition at all. Sure, a pure AI scientist gets paid $500k just like a top neuroscience scientist gets paid $500k or a top biology researcher, but the majority of companies do not want to do the theoretical development of AI, any regular programmer can wrap their heads around the existing literature and build something.
Here in my area, there are a number of employers looking for AI engineers/scientists. They pay about what I make as a non-AI IT sysadmin, which is given my experience on the higher scale but by no means exceptional.
What Google and co wants is a glut of people 4-6 years from now that are "trained" in AI from college. You put out a report like this, you get massive amounts of people applying for the schools that offer programs and 5 years from now you have an over-abundance of people driving down overall wages. You also get to hire a bunch of people on H1B because the "US doesn't have the skillz" and you end up with a bunch of programmers on H1B under the guise of AI development.
In Windows, everything runs under your users' account and almost everything else runs as root. This is similar to setting the noexec flag on the users' home partition, something that has also existed a long time.
On one hand it avoids paying taxes in return for some naming rights on a couple of buildings. On the other hand, he doesn't get taxed on the increased value of Microsoft and thus his "wealth" grows without actually growing his (taxable) bank account.
But yeah, he's "donating" $5B in what amounts to cruddy software that after the grants go away, have to continue to be maintained and doesn't interoperate with non-Microsoft software.
Microsoft, Google and Apple are all competing very hard and "donating" an awful lot of hardware/software just to get a slice of the multi-billion dollar market. Your average school district doesn't flinch at spending $500k-1M for Microsoft Licensing and then we haven't even gotten to higher education, even the complete $5B Gates has donated barely offsets the amount of money schools have spent with Microsoft over the last year.
If he wants to do philanthropy, give all schools free access to the MSFT library of software, no more licensing schemes, everyone gets it. It wouldn't even cost them near $10M per year to organize that but would save more than 50% of schools' IT budgets.
Besides learning about DOS stuff, many of these games use many tricks to optimize the games which not necessarily the code but the thinking processes could be useful even in modern languages.
The other thing is legally, now it's open, if you happen to have used code that looks similar to the original, or some idiot actually plagiarized it, which wouldn't be necessarily unusual, there is no current or future rights holder (another SCO) that can claim ownership to the code.
Security enclaves as you recommend also exist in the iPhone to some extent, so an app could definitely do âoesomething similarâ given it doesnâ(TM)t have remote capabilities, relatively secure. You could probably get a chip with similar properties on an Android.
The problem is indeed cost. Even at $5 per dongle and a $50 plugin (USB) on the server side the cost for a medium size enterprise is easily an $100k investment once you include server-side hardware and people-cost with an ongoing $15-50k yearly cost.
Thatâ(TM)s too expensive for many decision makers, you could just as well get another Windows Server or Cloud solution for that and the Cloud solves the issues of liability.
You have to be able to prove a cost of security flaws above 10x the investment cost. Right now itâ(TM)s just throw money at the wall and many people still get hacked even with 2FA - modern phishing actually get you to authenticate with 2FA and then add RGE attackers device to the app (Another Yet Unfixed Flaw in Duo)
Only for people that BUY the houses. Existing property owners do not get reassessed. It also depends on how your taxes are calculated but typically, you're off pretty good as long as you hold onto the property.
The problem is that they've grown too large to sustain their own growth. It makes more sense to set up second headquarters far away from there if the costs are lower.
So because of Amazon, costs have gone up for real estate and wages, but Amazon is also paying these costs, basically eating it's own tail.
When costs for housing rises, the city gets more property tax income, criminal activity goes down and the city can give police officers and teachers their much needed raises while the schools get better. If Amazon built outside the city, like many companies at one point did (eg. the Google and Apple campus), then you complain about companies destroying the small towns with zero-tax deals and using land that was once grasslands and wildlife while not giving back to the community.
It doesn't stop the teachers and police officers that live there from continuing to live there and if they want to, they can sell the house for a tidy profit, get themselves into a better position, go live in the suburbs, get better educated or retire early.
We're also very sad the fish mongers no longer occupy the houses near the river or the horse buggy makers near the city gates.
If it's your first time in a casino, you indeed happen to have a lot of 'luck'. I live near a few Indian reservations and have applied for a number of IT jobs in them. You would never want to play after you see what they have in modern times, nobody is going to break your arm anymore for winning, the odds will shift in their favor until you start losing. The small datacenter in the casino is not just for video recording.
You walk in first time and you always get a "promotion", once a certain promotion has been fulfilled based on your demographic, the casino will expect a 'return' on it's promotion. This all gets calculated out based on the information you give them, location analysis, food and drink consumption etc.
The problem with these bounty programs is
a) The "underworld" will pay more for it, regardless of where you live. A juicy bug can net you between $10k and $100k to the right people, even more if it's on the scale of Equifax. There is little incentive to the grey and black hatters to participate in these programs and the professionals are also precluded from participating due to a variety of contracts.
b) You get hundreds of people trying to get the $1000, it's basically free employment to them and a lottery to the participants. Even if you're a 1337 h4x0r, there are hundreds of other ones and if one of them finds it faster than you for a variety of reasons (perhaps they're just submitting on a vague hunch), even if you are technically better and would get hired over them, you still don't get the reward.
c) You typically sign away a bunch of things under these programs too. You could sign away the right to be named or publicize the exploit so even if you find one, the public will never know any better if Google and co. never fix the problem. And if they do fix it, you're typically not going to be credited for it, rather Google's bounty program gets the credit while you're a footnote in an advisory. If you truly want to enter the market, you're not going to get very far with these programs, again, it's much better if you're caught making millions because after a short stint in a penitentiary you get legitimate contracts even with government agencies.