Then the correct policy is "Don't haphazardly store personal data on machines without considering what you are doing". There is no reason to barge into Dr. Smith's office, who's madly creating his slides for the conference next week while trying to babysit a supercomputer at Berkeley while fending off emails from his students, and insist in a very bureaucratic tone that you have to scan his workstation, the RAID, his other computer, his student's computer, and the two computers used to monitor various instruments (which the other students are taking data on) for SSN's.
Unfortunately, Dr Smith is taking his laptop to the conference. He's much too busy to go on travel without taking all of his data with him on the laptop, such as his students grading info (SSNs) or info on the other proprietary projects he's working on. He he's too important to worry about such trivialities such as data protection policies issued by those idiots on the Board of Directors. After all drive encryption slows things down too much he hears, but in truth he doesn't know how to set it up. Of course his laptop gets stolen and now the University has to report that data was compromised. Suddenly Dr Smith is no longer an asset to the university but rather a liability.
Sorry, but anyone who has worked in IT or even law enforcement knows damn well that users will ignore written policies unless there is some level of monitoring and enforcement. Just scroll up a bit and you'll see examples of those guys posting stuff like "just store the ssn as an integer so they scripts don't find it".
so what you are saying is that i need to be storing socials as integers rather than strings, so they don't look like socials?
No it means you need to be storing the data in an encrypted file/folder. Believe it or not, doing it right is sometimes easier than trying to hide what is arguably illegal activity.
I have a feeling AOL just spend $1,000,000 on something they didn't really need as well.
They admitted as much in the article. They decided that it was cheaper to improve the hardware throughput than to spend the money on developers to try to trim the demand. They were also probably losing money by not meeting SLAs and a quick fix was cheaper in the long run. They also reduced power and cooling requirements as well, so there may be some long term payback there as well. The free publicity certainly didn't hurt either
It sounds like they are looking to catch accidental leaks. I would like to know if they have examined their policies to reduce over-collection of unnecessary data. If they never collect it in the first place, then they never have to worry about losing control of it later on.
Most leaks aren't accidental. It's laptops which never should have had the data saved locally getting stolen, or systems getting hacked into. First step is understanding where the data is, the second step is removing it from where it shouldn't be, and third providing adequate protection for the areas it must remain (ie encryption).
You have an excellent point about it being overcollected in the first place. Technically the way most institutions use SSNs isn't legal anyway. In the US its only legal to use it for taxation purposes, so businesses claim they need it to file some tax paperwork. Of course then using it as your primary ID is retarded.
And a) is the reason my department does not trust IT cowboys with any of our data. This is data that cost actual money to generate, not some shit we downloaded off BitTorrent for fun. I hope you get fired.
Well are you an arrogant and self-important little bugger. The fact is that improperly retaining and losing privacy act data costs money and reputation too (just ask the Veterans Administration). Potentially a lot more than some professors grading data where he stupidly tracks students by their full soc number. Or the sociology researcher keeping a huge database of personal info on their test subjects. The mandate for this action did not originate with the IT folks, but they were tasked to implement the policy. Stop being a little prick and try to understand the bigger picture.
Besides the article didn't say it was going to delete the data. It said "cleanup" which could be anything from a script that pops up when it detects questionable data, or even maybe it just moves it off of theft-prone laptops and desktops onto a central file server.
Many institutions are going the route of encryption. Hard drives are encrypted, and anything stored onto removeable media gets encrypted. A pain in the ass to be sure, but it does allow management to claim that no data was compromise if a laptop disappears.
We have a medium sized data center in wyoming and are working to build a large one. We cannot find qualified staff, no one will take the lower pay (no state income tax) or even move up here, it is a serious problem.
Aren't you supposed to figure these things out before you decide to build a data center?
From the article: " and she likes the fact that the firm hires U.S.-based people, even if they have no background in IT. " Seems they still want to hire unqualified people to do IT-type phone support. This quote also means they're not paying squat either "For example, new hires at CrossUSA typically make 30 to 40 percent less than what they earned in their previous IT job. "
What exactly is so incredibly and overwhelmingly evil about a corporate owned photocopier that is able to enforce the "CONFIDENTIAL DO NOT PHOTOCOPY" marks on important documents? A locksmith will refuse to cut a key that says "DO NOT DUPLICATE". Is this more evil than that? Less? Same?
Exactly. It's a means of preventing or detecting if employees are printing or illicitly photocopying controlled or sensitive documents. I'm pretty sure the DOD would be interested in controlling the copying or printing of classified documents on an unclassified printer for example. The obvious key words would be confidential, limited distributions, etc.
Don't get wrapped up thinking this is censorship because you can't xerox your kids boy scout flyers using company equipment and paper.
Linux still has a long way to go in the arena of centralized management of desktops. Most centralized Linux management schemes I've seen were cobbled together unique solutions that only one guy actually knew how it worked.
what about cfengine or the newer stuff like chef, puppet, bcnf2 ?
They are making good inroads into centralized management. On the plus side they do have client packages for a wide range of OSs. In my opinion, they still lack the depth and ease of use of ActiveDirectory.
"Yet another example of why I am sooooooo glad I don't own a smartphone and won't be buying one soon."
I can't shift into drive in my vehicle unless I have my foot on the brake. By your logic I should do without all the good reasons to own a vehicle and walk everywhere instead.
Er no. You can't shift out of park without your foot on the brake. A subtle but important difference. If you can't understand the difference, then having that interlock in there is a good thing.
Microsoft's Group Policy also recently got a Recycle Bin of its own, allowing certain deletions to be undone. I haven't tinkered with it in depth yet, so I don't know its full limitations, but some form of state retrieval would be helpful for both GUIs and CLIs.
Yeah. Prior to the AD recycle bin it was very easy to make a major fuckup using the GUI that required command line prowess to recover from. Of course, usually it was a result of the wrong guy even having the permissions in the first place.
If you write a script, you're certain that the changes made will be identical on each box.
If you put in in a GPO, then it goes to all the boxes whenever they happen to be available. It'll even configure new boxes that you put online. Sure beats sitting there cursing that your script won't run on an offline box.
Linux still has a long way to go in the arena of centralized management of desktops. Most centralized Linux management schemes I've seen were cobbled together unique solutions that only one guy actually knew how it worked. That guy was usually oh-so proud that it almost worked as well as AD. At least an experienced Windows admin can generally walk from one Active Directory environment to another and immediately be productive instead of wondering what the previous admin ginned up with highly customized scripts. Note I said experienced not MS certified as that's still a joke.
Why would you even want Server 2008 to run without a GUI? The windows command line tools are dodgy and it only takes up like 64MB of your 16GB server memory.
Mostly for reduced attack surface - ie less stuff running to be vulnerable. Same notion behind running a stripped down linux box with just the functions you need installed. Also slightly lower memory, cpu and diskspace requirements.
If they could get server 2008 to work without any gui than that would be really worth it. Maybe for 2012 or whatever. Does dcpromo work without a gui yet?
Windows Server Core, while not completely gui-less everything can be done via powershell. DCPromo works just fine from the command line, and in fact some particular tasks require it.
How is this any different from a website like flightstats.com, and I'm sure there are plenty of other sites like that too. It isn't difficult to figure out where the planes are. The app probably only makes it marginally easier to view this data on a phone. Sounds like much ado about nothing
Because flightstats is giving you an estimate, based on the gate departure time, stated arrival time, and the expected flightpath. In other words is a rough guess and consumers don't know or really need anything better. "Oh look, Daddy's plane is over Chicago now" but he is really still sitting on the Tarmac in Boise.
Do you.. do you really think that the reason why we're not building more hydroelectric dams is because of the Greens?
They have some political power, certainly at the local levels. The oil companies have immense political influence and they stand to lose revenues if alternative energy sources are exploited. If you look up the history of the Grand Coulee dam for example, you'll see that oil and traditional power generation companies almost sank the project.
I didn't say I admired their implementation, just that they are capable of making a decision at the national level to accept short term inconveniences to reap long term benefits. Something that the US has a hard time with. I think that article has at least a little bit of media sensationalize, btw.
Wow, either trolling or you're a complete moron. It's pretty well established that the dams are harming the salmon and preventing them from going back to the way they used to be.
Neither a troll nor moron am I.
I agree that the dams impact the Salmon. It has also been shown that removing existing dams has negligible benefit to populations that have adapted to the restrict spawning area caused by those dams. Watch closely while I cite a source - http://www.nwcouncil.org/history/DamsImpacts.asp. You can also search and find many references that bypass systems such as fish ladders to allow upstream migration and return paths have been show to be fairly effective.
Basically, the short-sighted approach of simply demolishing existing dams as some groups are proposing has no tangible benefit to the migratory fish species and would have a far greater environmental impact.
You're forgetting that the major reason for building some of these dams such as the Grand Coulee dam, was to control flooding. The cheap power generation and source of controlled irrigation waters were secondary benefits.
Of course none of this has much impact on our growing energy demands. The cost of energy doesn't seem to have much effect on that. As an example the tripling of gas prices in recent years had a very minor effect on miles driven.
First, the Iranians were stupid enough to get hit with this, since they apparently didn't have appropriate IT policies in place to prevent malware. Secondly, they apparently didn't have the know-how to figure out what Stuxnet actually did. Finally, several months later, when someone pointed out what it did, they use it as an excuse to arrest some guys that they didn't like.
Triple Fail.
Well our own govt keeps getting hit with quite sophisticated attacks originating in China. The difference appears to be that China is mostly just stealing technology at this point, but if they decide to turn hostile they are probably deep enough into our systems to cause serious infrastructure damage.
It's not just another virus as you surmise. It's designed explicitly to attack SCADA systems that were designed run on embedded Windows based boxes- it uses exploits that're specific to those types of systems to propagate.
It's not a lot of hype. All it takes to screw up a graphite or light water moderated reactor is do the wrong thing at the right time- Chernobyl and Three Mile Island happened because of operator error in overriding things controlled by SCADA like systems. With a SCADA system controlling the processes in a nuclear reactor, you can have all sorts of adverse things happen, including a meltdown.
Interestingly it appears that the code inserted into the controllers was designed to overspin the centrifuges with the goal of destroying them as a specific time (ie all at once). This would effectively destroy Irans capability to refine uranium and set back their nuclear program at least a few years.
It could be worse - the code could have been designed to cause meltdowns at their nuclear facilities with a much higher collateral damage.
Admittedly I didn't know much about Stuxnet until after reading more about it and it seems to me just yet another windows virus that hasn't until now been discovered and mistakenly spread via contractors laptops...Seems to me that this worm wasn't designed for a specific target and is like any other virus.>
Perhaps you should remedy your ignorance then. The Symantec analysis (http://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdf) is pretty detailed and highlights just how sophisticated and targeted this virus is. 60% of the infections were from Iran, the windows virus itself was unusually complex and capable, it targeted and modified the industrial controller programming software running on those computers, and the final target was to install code and a root-kit on industrial controllers that were used in those plants. Nope, it's all just a coincidence..
Catalytic converters take the toxic products of unburned fuel and convert them into CO2 + H2O + N2... If we want more CO2, the last thing we need to do is ban Catalytic converters...
Except that creating those catalytic converters has other, potentially greater, environmental impacts by way of mining the toxic metals and the industrial pollution in their manufacture. Most modern engines run pretty clean nowadays anyways so they are not as beneficial as they once were.
China operates like the Orwellian nightmare of a business, uprooting people and destroying history and nature in its relentless march forward, hoping to get where its going before something irrevocably breaks.
If you're referring to China relocating entire villages for the 3 Gorges Dam project, I admire them for that decision. They had the balls to make a decision, that relocating 0.3% of their population was a good trade off for the major improvement in their ability to generate clean energy and not rely on foreign imported oil.
I wish our country had those balls again, instead being slave to a few twats who insist that a few species of fish _might_ be helped by tearing down existing hydro dams. Being on the foreign oil teat is why the US is dicking around and pouring trillions into the Middle East conflicts.
Slashdot Mirror
Then the correct policy is "Don't haphazardly store personal data on machines without considering what you are doing". There is no reason to barge into Dr. Smith's office, who's madly creating his slides for the conference next week while trying to babysit a supercomputer at Berkeley while fending off emails from his students, and insist in a very bureaucratic tone that you have to scan his workstation, the RAID, his other computer, his student's computer, and the two computers used to monitor various instruments (which the other students are taking data on) for SSN's.
Unfortunately, Dr Smith is taking his laptop to the conference. He's much too busy to go on travel without taking all of his data with him on the laptop, such as his students grading info (SSNs) or info on the other proprietary projects he's working on. He he's too important to worry about such trivialities such as data protection policies issued by those idiots on the Board of Directors. After all drive encryption slows things down too much he hears, but in truth he doesn't know how to set it up. Of course his laptop gets stolen and now the University has to report that data was compromised. Suddenly Dr Smith is no longer an asset to the university but rather a liability.
Sorry, but anyone who has worked in IT or even law enforcement knows damn well that users will ignore written policies unless there is some level of monitoring and enforcement. Just scroll up a bit and you'll see examples of those guys posting stuff like "just store the ssn as an integer so they scripts don't find it".
so what you are saying is that i need to be storing socials as integers rather than strings, so they don't look like socials?
No it means you need to be storing the data in an encrypted file/folder. Believe it or not, doing it right is sometimes easier than trying to hide what is arguably illegal activity.
I have a feeling AOL just spend $1,000,000 on something they didn't really need as well.
They admitted as much in the article. They decided that it was cheaper to improve the hardware throughput than to spend the money on developers to try to trim the demand. They were also probably losing money by not meeting SLAs and a quick fix was cheaper in the long run. They also reduced power and cooling requirements as well, so there may be some long term payback there as well. The free publicity certainly didn't hurt either
It sounds like they are looking to catch accidental leaks.
I would like to know if they have examined their policies to reduce over-collection of unnecessary data.
If they never collect it in the first place, then they never have to worry about losing control of it later on.
Most leaks aren't accidental. It's laptops which never should have had the data saved locally getting stolen, or systems getting hacked into. First step is understanding where the data is, the second step is removing it from where it shouldn't be, and third providing adequate protection for the areas it must remain (ie encryption).
You have an excellent point about it being overcollected in the first place. Technically the way most institutions use SSNs isn't legal anyway. In the US its only legal to use it for taxation purposes, so businesses claim they need it to file some tax paperwork. Of course then using it as your primary ID is retarded.
And a) is the reason my department does not trust IT cowboys with any of our data. This is data that cost actual money to generate, not some shit we downloaded off BitTorrent for fun. I hope you get fired.
Well are you an arrogant and self-important little bugger. The fact is that improperly retaining and losing privacy act data costs money and reputation too (just ask the Veterans Administration). Potentially a lot more than some professors grading data where he stupidly tracks students by their full soc number. Or the sociology researcher keeping a huge database of personal info on their test subjects. The mandate for this action did not originate with the IT folks, but they were tasked to implement the policy. Stop being a little prick and try to understand the bigger picture.
Besides the article didn't say it was going to delete the data. It said "cleanup" which could be anything from a script that pops up when it detects questionable data, or even maybe it just moves it off of theft-prone laptops and desktops onto a central file server.
Many institutions are going the route of encryption. Hard drives are encrypted, and anything stored onto removeable media gets encrypted. A pain in the ass to be sure, but it does allow management to claim that no data was compromise if a laptop disappears.
We have a medium sized data center in wyoming and are working to build a large one. We cannot find qualified staff, no one will take the lower pay (no state income tax) or even move up here, it is a serious problem.
Aren't you supposed to figure these things out before you decide to build a data center?
From the article: " and she likes the fact that the firm hires U.S.-based people, even if they have no background in IT. " Seems they still want to hire unqualified people to do IT-type phone support. This quote also means they're not paying squat either "For example, new hires at CrossUSA typically make 30 to 40 percent less than what they earned in their previous IT job. "
What exactly is so incredibly and overwhelmingly evil about a corporate owned photocopier that is able to enforce the "CONFIDENTIAL DO NOT PHOTOCOPY" marks on important documents? A locksmith will refuse to cut a key that says "DO NOT DUPLICATE". Is this more evil than that? Less? Same?
Exactly. It's a means of preventing or detecting if employees are printing or illicitly photocopying controlled or sensitive documents. I'm pretty sure the DOD would be interested in controlling the copying or printing of classified documents on an unclassified printer for example. The obvious key words would be confidential, limited distributions, etc.
Don't get wrapped up thinking this is censorship because you can't xerox your kids boy scout flyers using company equipment and paper.
what about cfengine or the newer stuff like chef, puppet, bcnf2 ?
They are making good inroads into centralized management. On the plus side they do have client packages for a wide range of OSs. In my opinion, they still lack the depth and ease of use of ActiveDirectory.
"Yet another example of why I am sooooooo glad I don't own a smartphone and won't be buying one soon."
I can't shift into drive in my vehicle unless I have my foot on the brake. By your logic I should do without all the good reasons to own a vehicle and walk everywhere instead.
Er no. You can't shift out of park without your foot on the brake. A subtle but important difference. If you can't understand the difference, then having that interlock in there is a good thing.
Microsoft's Group Policy also recently got a Recycle Bin of its own, allowing certain deletions to be undone. I haven't tinkered with it in depth yet, so I don't know its full limitations, but some form of state retrieval would be helpful for both GUIs and CLIs.
Yeah. Prior to the AD recycle bin it was very easy to make a major fuckup using the GUI that required command line prowess to recover from. Of course, usually it was a result of the wrong guy even having the permissions in the first place.
If you write a script, you're certain that the changes made will be identical on each box.
If you put in in a GPO, then it goes to all the boxes whenever they happen to be available. It'll even configure new boxes that you put online. Sure beats sitting there cursing that your script won't run on an offline box.
Linux still has a long way to go in the arena of centralized management of desktops. Most centralized Linux management schemes I've seen were cobbled together unique solutions that only one guy actually knew how it worked. That guy was usually oh-so proud that it almost worked as well as AD. At least an experienced Windows admin can generally walk from one Active Directory environment to another and immediately be productive instead of wondering what the previous admin ginned up with highly customized scripts. Note I said experienced not MS certified as that's still a joke.
Why would you even want Server 2008 to run without a GUI? The windows command line tools are dodgy and it only takes up like 64MB of your 16GB server memory.
Mostly for reduced attack surface - ie less stuff running to be vulnerable. Same notion behind running a stripped down linux box with just the functions you need installed. Also slightly lower memory, cpu and diskspace requirements.
If they could get server 2008 to work without any gui than that would be really worth it. Maybe for 2012 or whatever. Does dcpromo work without a gui yet?
Windows Server Core, while not completely gui-less everything can be done via powershell. DCPromo works just fine from the command line, and in fact some particular tasks require it.
How is this any different from a website like flightstats.com, and I'm sure there are plenty of other sites like that too. It isn't difficult to figure out where the planes are. The app probably only makes it marginally easier to view this data on a phone. Sounds like much ado about nothing
Because flightstats is giving you an estimate, based on the gate departure time, stated arrival time, and the expected flightpath. In other words is a rough guess and consumers don't know or really need anything better. "Oh look, Daddy's plane is over Chicago now" but he is really still sitting on the Tarmac in Boise.
Do you.. do you really think that the reason why we're not building more hydroelectric dams is because of the Greens?
They have some political power, certainly at the local levels. The oil companies have immense political influence and they stand to lose revenues if alternative energy sources are exploited. If you look up the history of the Grand Coulee dam for example, you'll see that oil and traditional power generation companies almost sank the project.
They've chose to put people's lives at risk over a poorly considered project. China: cracks in the Three Gorges Dam, so 300,000 people can wave goodbye to their homes
I didn't say I admired their implementation, just that they are capable of making a decision at the national level to accept short term inconveniences to reap long term benefits. Something that the US has a hard time with. I think that article has at least a little bit of media sensationalize, btw.
Wow, either trolling or you're a complete moron. It's pretty well established that the dams are harming the salmon and preventing them from going back to the way they used to be.
Neither a troll nor moron am I.
I agree that the dams impact the Salmon. It has also been shown that removing existing dams has negligible benefit to populations that have adapted to the restrict spawning area caused by those dams. Watch closely while I cite a source - http://www.nwcouncil.org/history/DamsImpacts.asp. You can also search and find many references that bypass systems such as fish ladders to allow upstream migration and return paths have been show to be fairly effective.
Basically, the short-sighted approach of simply demolishing existing dams as some groups are proposing has no tangible benefit to the migratory fish species and would have a far greater environmental impact.
You're forgetting that the major reason for building some of these dams such as the Grand Coulee dam, was to control flooding. The cheap power generation and source of controlled irrigation waters were secondary benefits.
Of course none of this has much impact on our growing energy demands. The cost of energy doesn't seem to have much effect on that. As an example the tripling of gas prices in recent years had a very minor effect on miles driven.
First, the Iranians were stupid enough to get hit with this, since they apparently didn't have appropriate IT policies in place to prevent malware. Secondly, they apparently didn't have the know-how to figure out what Stuxnet actually did. Finally, several months later, when someone pointed out what it did, they use it as an excuse to arrest some guys that they didn't like.
Triple Fail.
Well our own govt keeps getting hit with quite sophisticated attacks originating in China. The difference appears to be that China is mostly just stealing technology at this point, but if they decide to turn hostile they are probably deep enough into our systems to cause serious infrastructure damage.
Why is there any Windows OS connected to a mission critical system. That seems pretty stupid to me.
Because the software used to develop the code for the SCADA hardware controllers only exists on Windows.
It's not just another virus as you surmise. It's designed explicitly to attack SCADA systems that were designed run on embedded Windows based boxes- it uses exploits that're specific to those types of systems to propagate.
It's not a lot of hype. All it takes to screw up a graphite or light water moderated reactor is do the wrong thing at the right time- Chernobyl and Three Mile Island happened because of operator error in overriding things controlled by SCADA like systems. With a SCADA system controlling the processes in a nuclear reactor, you can have all sorts of adverse things happen, including a meltdown.
Interestingly it appears that the code inserted into the controllers was designed to overspin the centrifuges with the goal of destroying them as a specific time (ie all at once). This would effectively destroy Irans capability to refine uranium and set back their nuclear program at least a few years.
It could be worse - the code could have been designed to cause meltdowns at their nuclear facilities with a much higher collateral damage.
Admittedly I didn't know much about Stuxnet until after reading more about it and it seems to me just yet another windows virus that hasn't until now been discovered and mistakenly spread via contractors laptops...Seems to me that this worm wasn't designed for a specific target and is like any other virus.>
Perhaps you should remedy your ignorance then. The Symantec analysis (http://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdf) is pretty detailed and highlights just how sophisticated and targeted this virus is. 60% of the infections were from Iran, the windows virus itself was unusually complex and capable, it targeted and modified the industrial controller programming software running on those computers, and the final target was to install code and a root-kit on industrial controllers that were used in those plants. Nope, it's all just a coincidence..
Catalytic converters take the toxic products of unburned fuel and convert them into CO2 + H2O + N2... If we want more CO2, the last thing we need to do is ban Catalytic converters...
Except that creating those catalytic converters has other, potentially greater, environmental impacts by way of mining the toxic metals and the industrial pollution in their manufacture. Most modern engines run pretty clean nowadays anyways so they are not as beneficial as they once were.
China operates like the Orwellian nightmare of a business, uprooting people and destroying history and nature in its relentless march forward, hoping to get where its going before something irrevocably breaks.
If you're referring to China relocating entire villages for the 3 Gorges Dam project, I admire them for that decision. They had the balls to make a decision, that relocating 0.3% of their population was a good trade off for the major improvement in their ability to generate clean energy and not rely on foreign imported oil.
I wish our country had those balls again, instead being slave to a few twats who insist that a few species of fish _might_ be helped by tearing down existing hydro dams. Being on the foreign oil teat is why the US is dicking around and pouring trillions into the Middle East conflicts.