When I started my most recent job, they gave me a monitor to hook to the laptop they gave me. I mirrored the desktops for a while as the larger print on the monitor made things a bit easier. As time went on and I found myself doing more and more, I switched over to extending the desktop. The ability to have one screen filled with items that are only used occasionally but are often needed quickly and throughout the day and the other filled with dynamic content that is being updated continuously. More than once, I've had times where a 3rd monitor would be helpful. Between remote desktops, instant messaging, email/calendar, ticketing systems, and more; having to keep track of so many different things in a single monitor is just not feasible if you plan on obtaining any sort of production.
I'm not going to get into the whole Linux/MacOS/Windows mess, but talk about the Dvorak article. Manjoo at least looks at the OS and gives his opinions on it. Dvorak talks about the marketing that M$ does and does not once actually review the OS. He doesn't say one thing good or bad based on the OS itself. He bases his entire opinion on the marketing. That isn't journalism in any manner whatsoever. It is purely a crack pot writing what he thinks things are based purely on his opinion with no facts.
That was my initial thinking also until I read the actual complaint. If this was the path they were going to take you would think they would have mentioned it in the complaint filed against her. Instead they site use of University resources. What I find laughable, is the constant harping in the complaint on the fact that the university email servers were used to deliver the mail. uhhh, that is what email servers do. She sent it via gmail which means the university servers were not used as a relay but only as a delivery mechanism which is what they are designed to do. Now, if she had setup a mail program to send from one address but relay through the university email servers then the complain would hold water (IMO) but I sincerly doubt that this is the case here.
Ummm... I played wow for way to long... from Alpha onward actually...but hell, make ad hominem attacks without any idea on what the person knows or has experience, that is fine with me. The whole idea with WoW and 4e is to pigeon hole characters into specific roles.
This is contrary to entire basis of table top RPGs in the first place. They're meant to be venues of thought and expression; new methods of using what is given you to accomplish tasks; different tactics and ideas.
4E has gotten rid of most of what made D&D (and many other table-top RPGs) so much better than CRPGs. The ability to play something different. I'm sorry but your Arms warrior or Fury warrior is still a tank. They may do more damage than a protect warrior just like the other poster who said he's a figther specced for damage... you're still a tank according to the rules and dictates of the system.
3E and before... hell you could have a mage tank if you wanted... because there are no tanks/damage/etc... it's more about what tools does your party have and how to use them.
It's a complete change not in how things happen but in the culture of WHY they happen.
I've a friend who was in on the testing of the new edition. So I've seen some of the rules. And as someone pointed out above, it's a complete destruction of the core values of D&D and most role playing games in that it moves it almost entirely to a "WoW" format. Where each so-called class is now one of a role filler as in tank/healer/cannon. No more, well I'm a fighter but specialize in damage... there is now aggro and everyone can heal themselves... it's really not D&D in any shape or form.
I for one, am not moving to 4e and neither is my roommate. Considering we both play extensively and have more than 2 book cases and a closet set aside for just D&D books... that's saying quite a bit.
Bring our troops home.
Slash the defense budget to 10% of it's current level.
Fire all private defense forces (i.e. Blackwater)
Take the new funds and
1) Cut taxes
2) Do a complete overhaul of the Medical system and return something akin to Canada's single payer system but with more funding.
3) Split the remainder into funding Education which is decided on at the state level (no more federally mandated no child left behind bull) and NASA because until we get a second place to live, we're all in danger.
Change corporate laws so that corporations are no longer treated as a person but as a corporation. Thus the people running the companies are now responsible for the actions of that company.
Remove most of the constraints on research and on business. But add one big restraint... Executive pay (including all perks) cannot exceed 20 times the pay rate of the average worker in the company.
ala Gravel and Paul - disband the Federal Reserve.
Skip the whole Ethanol debacle and go right to mandated solar/wind/methanol power generation. No more hemming and hawing... give em 3 - 5 years to switch.
Ok I've found that those who it appeard random re-install were in that period of time between when it was explicitly denied in WSUS and when I uninstalled the app. So maybe not so different. It certainly was never approved in the first place.
First "ACs"?
Second:
I'm using WSUS 3.0 also and do not have the option set to install updates to already installed programs. On top of that, we do not have any previously installed M$ desktop search installs. We have our desktops locked down pretty hard and approve only security and critical updates as a general rule.
The entire process is fubared. After it auto-installed on all our desktops despite our WSUS server, we went in and specifically set it to declined. It is still reinstalling itself on some (but not all) of our user desktops. This is an incredible nightmare.
Because you're a moron is why you think that. Microsoft pushed this out with the flag of "critical or security" update which means that even those companies who use WSUS or other MS auto-update packages to have more control got hit with this if they go with the setting of auto-install critical and security updates to desktops. If they had just sent this out as an optional update like it should have been, then it wouldn't be raising a stink.
I read it wrong at first and thought "BEER" Robot... and thought hey, the military finally got something right!..... who wouldn't want a robot come along, pick you up and take you out of combat all the while serving you a nice, ice cold barley pop?
Someone really needs to fire whomever the MPAA uses for deciding on security for these things. Haven't they heard the golden rule of computer security? "Security by obscurity is no security" and that's all they are doing is trying to hide a key. Find the key... no security.
Sheesh....
This guy who is a suppossed specialist in computer crime apparently never spent time being a security admin for a network. You know, those guys who spend all day making sure servers and workstations are patched, passwords follow policies, exploits are kept track of, logs analyzed, IDS/IPS systems are up, running and monitored. Who go to sleep at night worrying where the next one is coming from?
He doesn't see large outbreaks as often as before because of people like that. They stay on top of all these things. Take the ani cursor exploit recently in the Windows OS... it was used in a targeted attack against a few locations and some more rare broad attacks. If it has been more widely used or the patch had not come out as quickly as did; more harm would have been done.
As time goes on and more and more data is kept with identifying information; the loss expenctencies get greater not less.
This would make sense if PvP in WoW was actually skill based but it's entirely gear dependent. He who has the best gear wins; it's as simple as that. With a coralary (sp) rule that states among teams with equal gear, those whose timered abilities are up wins.
We've already run into problems with this. It affects our CRM and our HR/Payroll software. And we're a small-medium sized company with an IT staff that can handle the problems quickly. If your staff can't, then it could be a big problem.
You need to patch your OS to reflect the new changes so that items/people/etc get where they need to be at the correct time. This then can cause problems with applications that are not prepared for this.
I've already had 2 apps break because of the OS patch. And I have a 3rd that will break if we install the OS fix so we're waiting for that app dev to provide an update.
It's a lot like Y2K. If you prepare then it won't be a problem at all. If you don't, then you could have a ton of difficulties.
When the Nazis came for the communists,
I remained silent;
I was not a communist.
When they locked up the social democrats,
I remained silent;
I was not a social democrat.
When they came for the trade unionists,
I did not speak out;
I was not a trade unionist.
When they came for me,
there was no one left to speak out.
There is a difference... I take the original statement of "Americans have not only forgotten..." as refering to the general citizens of the USofA. Iraq was not caused by this overwhelming need of the general citizen to invade another country but a calculated action by those in power who wanted to fill thier meglomania and make some money.
I agree... any talk of jumps in multiplayer games need to include games like MULE or TradeWars or DungeonHack... any of the old BBS multiplayer turn based games. These were the predacessors to pretty much every RTS and multiplayer game in existence.
You can argue which ones were most important but any list, no matter how small loses all credibility without mentioning the real beginning of multiplayer computer games.
I'd ask how he has determined that Kazaa was installed on the system. By his own testimony, see number 6 of his statement the hard drive they have was not used to share files or have any copyrighted materials on it. Isn't that sort of like saying, you stole that TV but you can't find the TV in question. How do you prove that he stole it?
________
He states that because he didn't find a private IP assigned to that PC, that it of course was not running a wireless router. Many sec. ops people will run NAT and utilize public IP addresses internally as the set aside private class 4 IP range is easily discovered. Also, a non-computer literate person could just as well assigned him/herself the IP that he was given from the internet provider and used that with a router.
________
What information provided by verizon ties a particular IP to that computer? How can he be sure that the IP found on the kazaa network was not spoofed? Or that the MAC address (if they even mention finding that) was not similarly co-oped?
Just an FYI, IBM is "convicted criminal" also using this line of reasoning. They were handled pretty roughly in the 80s by the DOJ as a monopoly on PCs. It was the results of this that allowed MSFT and all the other non-Apple PCs to take off.
IBM has turned things around somewhat but they still use bully tactics just like MSFT does. All corporations do so when they can. Corporations are not people (outside of the legal context) and as such have no conscience. They act in the best interested of themselves all the time.
Mythic made a wonderful game with the original incarnation of DAoC but watered it down and killed it by trying to capitalize on the everquest model of raid for loot. WoW has done the same thing but to an even greater degree. Both EQ and WoW focus on ease of development and limiting player choices. How will Mythic battle this in Warhammer and keep it slimmed down to the game that people want to play?
Players need choices that mean something. The ability to choose to do or not do raids is not a choice when the rewards severly effect the outcome of the PvP/RvR type combat. Look at the huge change in how things operated from pre-ToA in DAoC vs. post-ToA. Or even better Pre-raid Blue armor vs. Tier 2 or 3 raid sets. Players also need to be able to customize their avatars both in appearance and abilities. WoW fails horribly in this in that every class has talents that should be usable as a customization effort but the setup results in a few cookie-cutter builds for each class or they end up severly gimping themselves. What sort of customization will be allowed and what seperates dwarf fighter #1 from dwarf fighter #2?
It's not a case of useability vs. security... it's a case of security has to be designed into the system first. Then make it usable for the users. There is no longer any case where you can toss one or the other out. But basing everything on the user first is a sure way to ignore or make securing an application/appliance/network/etc harder if not impossible.
I've been doing one part or another of IT for close to 30 years and I've seen it all. Even in today's age, I'm working with a program where the first thing it does is grant the "Everyone" group full access to the drive it's installed on. By going with usability over security and not looking at both; the program has made it nigh impossible to create a usable and secure environment.
Today's world... the only usable environment is a secure one. Sure, you can go overboard, implement or reccomend policies that have no hope of being enacted or followed but that is not security. That's someone who really doesn't understand what they are doing. A good security policy has to be followed and for this to happen it has to be usable. You can create policy all day long saying people have to have passwords of 20 characters with upper, lower, numbers, symbols with no 2 repeating in sequence or next to each other in a keyboard but no one is going to follow that without writing it down. Thus breaking the entire reason for the policy in the first place. But if you understand your business model; like maybe it's a publishing firm that specializes in children's books... set passwords equal to entire phrases from their more popular books. They can carry the book around and one is the wiser that it includes their password and it's quite secure being very long and containing, upper/lower possibly number and certainly characters.
This is what a good infosec guy does. It's more then just creating policy in a vacuum. It's creating a secure computing environment. This will only happen if the users can and will follow the procedures.
Then you really don't understand how a good secop person works or have only worked with bad ones. A good one will not only help write the policy, yes help... it takes an entire IS staff and many others outside of that area to come up with a good Security Policy but will audit and help fix everything throughout the network. Gone are the days where a security person is the guy who manages the firewall. The real security IS people are in charge of the entire onion. Each layer of the network needs to be hardened and protected just as much as the perimeter.
It's more then just keeping up on patches, although that is part of it. It's staying abreast of the latest exploits and techniques, managing logs from all the machines not just firewalls, developing authentication procedures, and many more.
It's quite often a fight between the InfoSec guys and the regular IS guys when something is implemented. Is the implementation done for the user first or security first? Commonly, it's user first, security second and it's the job of the InfoSec guys to make it the other way around. Only by choosing security first do we set a bed for a secure network.
I've been every part of the IS infrastructure from data entry to network engineer to system admin to infosec. The good infosec guys are the ones who have done everything. They are most likely not the best at anything (except security) but they need to know a little about everything otherwise their just a firewall jockey and not worth paying IMO.
Slashdot Mirror
When I started my most recent job, they gave me a monitor to hook to the laptop they gave me. I mirrored the desktops for a while as the larger print on the monitor made things a bit easier. As time went on and I found myself doing more and more, I switched over to extending the desktop. The ability to have one screen filled with items that are only used occasionally but are often needed quickly and throughout the day and the other filled with dynamic content that is being updated continuously. More than once, I've had times where a 3rd monitor would be helpful. Between remote desktops, instant messaging, email/calendar, ticketing systems, and more; having to keep track of so many different things in a single monitor is just not feasible if you plan on obtaining any sort of production.
I'm not going to get into the whole Linux/MacOS/Windows mess, but talk about the Dvorak article. Manjoo at least looks at the OS and gives his opinions on it. Dvorak talks about the marketing that M$ does and does not once actually review the OS. He doesn't say one thing good or bad based on the OS itself. He bases his entire opinion on the marketing. That isn't journalism in any manner whatsoever. It is purely a crack pot writing what he thinks things are based purely on his opinion with no facts.
That was my initial thinking also until I read the actual complaint. If this was the path they were going to take you would think they would have mentioned it in the complaint filed against her. Instead they site use of University resources. What I find laughable, is the constant harping in the complaint on the fact that the university email servers were used to deliver the mail. uhhh, that is what email servers do. She sent it via gmail which means the university servers were not used as a relay but only as a delivery mechanism which is what they are designed to do. Now, if she had setup a mail program to send from one address but relay through the university email servers then the complain would hold water (IMO) but I sincerly doubt that this is the case here.
Ummm... I played wow for way to long... from Alpha onward actually...but hell, make ad hominem attacks without any idea on what the person knows or has experience, that is fine with me. The whole idea with WoW and 4e is to pigeon hole characters into specific roles. This is contrary to entire basis of table top RPGs in the first place. They're meant to be venues of thought and expression; new methods of using what is given you to accomplish tasks; different tactics and ideas. 4E has gotten rid of most of what made D&D (and many other table-top RPGs) so much better than CRPGs. The ability to play something different. I'm sorry but your Arms warrior or Fury warrior is still a tank. They may do more damage than a protect warrior just like the other poster who said he's a figther specced for damage... you're still a tank according to the rules and dictates of the system. 3E and before... hell you could have a mage tank if you wanted... because there are no tanks/damage/etc... it's more about what tools does your party have and how to use them. It's a complete change not in how things happen but in the culture of WHY they happen.
I've a friend who was in on the testing of the new edition. So I've seen some of the rules. And as someone pointed out above, it's a complete destruction of the core values of D&D and most role playing games in that it moves it almost entirely to a "WoW" format. Where each so-called class is now one of a role filler as in tank/healer/cannon. No more, well I'm a fighter but specialize in damage... there is now aggro and everyone can heal themselves... it's really not D&D in any shape or form. I for one, am not moving to 4e and neither is my roommate. Considering we both play extensively and have more than 2 book cases and a closet set aside for just D&D books... that's saying quite a bit.
Bring our troops home. Slash the defense budget to 10% of it's current level. Fire all private defense forces (i.e. Blackwater) Take the new funds and 1) Cut taxes 2) Do a complete overhaul of the Medical system and return something akin to Canada's single payer system but with more funding. 3) Split the remainder into funding Education which is decided on at the state level (no more federally mandated no child left behind bull) and NASA because until we get a second place to live, we're all in danger. Change corporate laws so that corporations are no longer treated as a person but as a corporation. Thus the people running the companies are now responsible for the actions of that company. Remove most of the constraints on research and on business. But add one big restraint... Executive pay (including all perks) cannot exceed 20 times the pay rate of the average worker in the company. ala Gravel and Paul - disband the Federal Reserve. Skip the whole Ethanol debacle and go right to mandated solar/wind/methanol power generation. No more hemming and hawing... give em 3 - 5 years to switch.
Ok I've found that those who it appeard random re-install were in that period of time between when it was explicitly denied in WSUS and when I uninstalled the app. So maybe not so different. It certainly was never approved in the first place.
First "ACs"? Second: I'm using WSUS 3.0 also and do not have the option set to install updates to already installed programs. On top of that, we do not have any previously installed M$ desktop search installs. We have our desktops locked down pretty hard and approve only security and critical updates as a general rule.
The entire process is fubared. After it auto-installed on all our desktops despite our WSUS server, we went in and specifically set it to declined. It is still reinstalling itself on some (but not all) of our user desktops. This is an incredible nightmare.
Because you're a moron is why you think that. Microsoft pushed this out with the flag of "critical or security" update which means that even those companies who use WSUS or other MS auto-update packages to have more control got hit with this if they go with the setting of auto-install critical and security updates to desktops. If they had just sent this out as an optional update like it should have been, then it wouldn't be raising a stink.
Just keep their hands off of NASA. Switch budgets with defense and leave em alone. We'll have colonies on the moon and Mars in a decade.
I read it wrong at first and thought "BEER" Robot... and thought hey, the military finally got something right!..... who wouldn't want a robot come along, pick you up and take you out of combat all the while serving you a nice, ice cold barley pop?
Yep; when studying for my CISSP you have to learn that or you fail. Assessment of risk and threats is the main idea behind a business impact analysis.
Someone really needs to fire whomever the MPAA uses for deciding on security for these things. Haven't they heard the golden rule of computer security? "Security by obscurity is no security" and that's all they are doing is trying to hide a key. Find the key... no security. Sheesh....
This guy who is a suppossed specialist in computer crime apparently never spent time being a security admin for a network. You know, those guys who spend all day making sure servers and workstations are patched, passwords follow policies, exploits are kept track of, logs analyzed, IDS/IPS systems are up, running and monitored. Who go to sleep at night worrying where the next one is coming from?
He doesn't see large outbreaks as often as before because of people like that. They stay on top of all these things. Take the ani cursor exploit recently in the Windows OS... it was used in a targeted attack against a few locations and some more rare broad attacks. If it has been more widely used or the patch had not come out as quickly as did; more harm would have been done.
As time goes on and more and more data is kept with identifying information; the loss expenctencies get greater not less.
This would make sense if PvP in WoW was actually skill based but it's entirely gear dependent. He who has the best gear wins; it's as simple as that. With a coralary (sp) rule that states among teams with equal gear, those whose timered abilities are up wins.
We've already run into problems with this. It affects our CRM and our HR/Payroll software. And we're a small-medium sized company with an IT staff that can handle the problems quickly. If your staff can't, then it could be a big problem. You need to patch your OS to reflect the new changes so that items/people/etc get where they need to be at the correct time. This then can cause problems with applications that are not prepared for this. I've already had 2 apps break because of the OS patch. And I have a 3rd that will break if we install the OS fix so we're waiting for that app dev to provide an update. It's a lot like Y2K. If you prepare then it won't be a problem at all. If you don't, then you could have a ton of difficulties.
When the Nazis came for the communists, I remained silent; I was not a communist. When they locked up the social democrats, I remained silent; I was not a social democrat. When they came for the trade unionists, I did not speak out; I was not a trade unionist. When they came for me, there was no one left to speak out.
There is a difference... I take the original statement of "Americans have not only forgotten..." as refering to the general citizens of the USofA. Iraq was not caused by this overwhelming need of the general citizen to invade another country but a calculated action by those in power who wanted to fill thier meglomania and make some money.
I agree... any talk of jumps in multiplayer games need to include games like MULE or TradeWars or DungeonHack... any of the old BBS multiplayer turn based games. These were the predacessors to pretty much every RTS and multiplayer game in existence. You can argue which ones were most important but any list, no matter how small loses all credibility without mentioning the real beginning of multiplayer computer games.
I'd ask how he has determined that Kazaa was installed on the system. By his own testimony, see number 6 of his statement the hard drive they have was not used to share files or have any copyrighted materials on it. Isn't that sort of like saying, you stole that TV but you can't find the TV in question. How do you prove that he stole it? ________ He states that because he didn't find a private IP assigned to that PC, that it of course was not running a wireless router. Many sec. ops people will run NAT and utilize public IP addresses internally as the set aside private class 4 IP range is easily discovered. Also, a non-computer literate person could just as well assigned him/herself the IP that he was given from the internet provider and used that with a router. ________ What information provided by verizon ties a particular IP to that computer? How can he be sure that the IP found on the kazaa network was not spoofed? Or that the MAC address (if they even mention finding that) was not similarly co-oped?
Just an FYI, IBM is "convicted criminal" also using this line of reasoning. They were handled pretty roughly in the 80s by the DOJ as a monopoly on PCs. It was the results of this that allowed MSFT and all the other non-Apple PCs to take off.
IBM has turned things around somewhat but they still use bully tactics just like MSFT does. All corporations do so when they can. Corporations are not people (outside of the legal context) and as such have no conscience. They act in the best interested of themselves all the time.
Mythic made a wonderful game with the original incarnation of DAoC but watered it down and killed it by trying to capitalize on the everquest model of raid for loot. WoW has done the same thing but to an even greater degree. Both EQ and WoW focus on ease of development and limiting player choices. How will Mythic battle this in Warhammer and keep it slimmed down to the game that people want to play?
Players need choices that mean something. The ability to choose to do or not do raids is not a choice when the rewards severly effect the outcome of the PvP/RvR type combat. Look at the huge change in how things operated from pre-ToA in DAoC vs. post-ToA. Or even better Pre-raid Blue armor vs. Tier 2 or 3 raid sets. Players also need to be able to customize their avatars both in appearance and abilities. WoW fails horribly in this in that every class has talents that should be usable as a customization effort but the setup results in a few cookie-cutter builds for each class or they end up severly gimping themselves. What sort of customization will be allowed and what seperates dwarf fighter #1 from dwarf fighter #2?
It's not a case of useability vs. security... it's a case of security has to be designed into the system first. Then make it usable for the users. There is no longer any case where you can toss one or the other out. But basing everything on the user first is a sure way to ignore or make securing an application/appliance/network/etc harder if not impossible.
I've been doing one part or another of IT for close to 30 years and I've seen it all. Even in today's age, I'm working with a program where the first thing it does is grant the "Everyone" group full access to the drive it's installed on. By going with usability over security and not looking at both; the program has made it nigh impossible to create a usable and secure environment.
Today's world... the only usable environment is a secure one. Sure, you can go overboard, implement or reccomend policies that have no hope of being enacted or followed but that is not security. That's someone who really doesn't understand what they are doing. A good security policy has to be followed and for this to happen it has to be usable. You can create policy all day long saying people have to have passwords of 20 characters with upper, lower, numbers, symbols with no 2 repeating in sequence or next to each other in a keyboard but no one is going to follow that without writing it down. Thus breaking the entire reason for the policy in the first place. But if you understand your business model; like maybe it's a publishing firm that specializes in children's books... set passwords equal to entire phrases from their more popular books. They can carry the book around and one is the wiser that it includes their password and it's quite secure being very long and containing, upper/lower possibly number and certainly characters.
This is what a good infosec guy does. It's more then just creating policy in a vacuum. It's creating a secure computing environment. This will only happen if the users can and will follow the procedures.
Then you really don't understand how a good secop person works or have only worked with bad ones. A good one will not only help write the policy, yes help... it takes an entire IS staff and many others outside of that area to come up with a good Security Policy but will audit and help fix everything throughout the network. Gone are the days where a security person is the guy who manages the firewall. The real security IS people are in charge of the entire onion. Each layer of the network needs to be hardened and protected just as much as the perimeter. It's more then just keeping up on patches, although that is part of it. It's staying abreast of the latest exploits and techniques, managing logs from all the machines not just firewalls, developing authentication procedures, and many more. It's quite often a fight between the InfoSec guys and the regular IS guys when something is implemented. Is the implementation done for the user first or security first? Commonly, it's user first, security second and it's the job of the InfoSec guys to make it the other way around. Only by choosing security first do we set a bed for a secure network. I've been every part of the IS infrastructure from data entry to network engineer to system admin to infosec. The good infosec guys are the ones who have done everything. They are most likely not the best at anything (except security) but they need to know a little about everything otherwise their just a firewall jockey and not worth paying IMO.