A valid point. Note my reference to online banking. The same also applies to identification, company VPN's, access controls, user passwords, etc.
The public outrage will come from a corporation (ok, so my definition of public is a little vague here). MP3's are, whilst in the same grouping, a different point... as far as the user is concerned downloading an MP3 doesn't compromise their security, but having "weak" security on their banking website allows for it.
Experience and history tell us that mob rule is one of the most powerful forces we have. If everyone using everything has encryption, then making it illegal will cause a public outrage. Would you do your banking online if you knew there was breakable encryption on it?
On a point of interest: do the french government use encryption? Or are they an easy target if anyone wanted someone to run away from them...
Having been on the receiving end of some of the larger telcos support system, and considering the "quality" of so-called "AI" systems today, I would have to suggest that it was about the only thing I saw coming;)
Not using PHP actually... and people still generate SQL because sometimes a stored proceedure is not worth the time or they do not know how to write it. Like I said, I am not on the development team, so I really can not comment on their choices...
Something I have noticed with the development team at my current place of work (I'm not on the team thankfully) is that they tend to do jobs in the order they were received... it make's the KPI's look damn good (all jobs are knocked over within x time frame) when in reality they should be setting a priority on each of these jobs.
We recently (1 month ago) had a form in an easily accessible place vulnerable to SQL Injection due to a failure to validate ANY of the data passed to it. This job was only just patched this past week (and all updates have been run). This time frame, as far as I am concerned, is entirely unacceptable for a job that was so easy to fix yet so dangerous to our business.
On disclosure: Add it to the release notes. If you roll out a patch for one problem, then the problem will be described in the release notes. If the release is internal then the problem will (SHOULD) also be documented in the testing plan and proceedure.
You're right, steps 1, 2 and 3 are not a valid test. I wouldn't know, I couldn't get past 1.
On a serious note, we tested your standard stuff, Outlook, Word, opening large attachments, Access, and the like. We also tested with an in house application (don't worry, it scares me too). None of the tests came up any better than the XP tests done at the same time.
Tested on Two IBM Laptops (spec's escape me... but then again, I'm not at work) which were both recently bought (Vista capable stickers and all). About 1GB or RAM where the current school of thought is 2 or 4 depending on where you look. Each of the tests was designed to test how the machine held up under heavy disk load, multi-tasking and the like.
All that aside, one of my colleagues has Vista running on a dual boot XP box and is more than happy with it, then again, all they do is surf the web and maybe write a document or play solitare.
I am a being from the future who runs something commonly referred to as 98. I bid thee warning that your statement will one day proove to be incorrect. Yes, you may laugh now, but we shall see Mr G. we shall see...
There doesn't seem to be an official Slashdot stance on Microsoft either... about the only thing you *do* notice is that most of the windows supporters post as AC's...
Back on topic: Vista tests for my corporation have been far from impressive in both security and performance. I'll stick with the XP Upgrade method I think. "Skin XP to look like Vista... open up the case, remove half the RAM and clock the CPU back a few notches"
I've succeeded in converting a few people to OO. They have gone back to MS Office for one reason: speed. Even with the speed loading tools and a decent machine it still runs slow. I've not looked into it, but OO is done in Java I think (shoot me down if i'm wrong). Fix up the speed, remove the annoying "this is a MS office format you are saving in" and I believe that OO will get a better market share and quicker.
I'd doubt that. I recently had a scan done on a development site I am working on, and got a high vulnerability rating. Based on the weblogs, some simple correlation, and the fact that I quietly remove invalid characters rather than printing an error, my "High" rating of in-security is in fact a low... these guys don't read their work, its just like running Nessus or Nmap without checking your answers, if you don't look hard enough your not going to find the answer.
I for one am looking forward to a national ID card for Australia, now I don't need to steal a wallet and duplicate a Visa, Bankcard, Drivers License, Medicare Card, Private Health Insurance Card, Vehicular Roadside Assistance card and a library card to look so legitimate that they won't check my credentials, I can just forge one card:) Makes my life a hell of a lot easier...
Disgruntled = Forced to use Exchange
Paranoid = Afraid Someone will find out about said exchange
Late = Lack of sleep due to World Of Warcraft / Late night programming session
Argumentative = "We don't need a new gazillion dollar server"
Poor Performer = Did 30 jobs in a week and missed the KPI level by 1 as each job was bigger than the beancounters.
I would have thought these were the traits of a GOOD sysadmin...
Besides which, I spent too much time building the damned thing to the point it is at... the only destruction I'm doing when I leave is going to be taking a cattle prod to a few users. The BOFH is my God...
We run it nation wide... yes a single point of failure, but considering our network security and the fact that a "malicious user" only has a Terminal to try and inject a virus into the system locally we're pretty safe.
Now all we need is Telscum to get their shit together and stop disconnecting us between site.
I remember my first 8 rejections ever. I was/am a self trained programmer, having a few years of experience and proving (through a single course) that I was more than up to the task. But, like many others, I went in nervous, and I screwed up. They were looking for a developer who could be put up on the stage. I wasn't told how I did, or where to improve.
My 9th Interview, at the end of it, I asked what they thought I could improve, just in case I didn't go back. The interview panel were surprised, but gave me a few pointers which I hastily scribbled into a notebook. I was called back for my second interview, and made sure that I took all those points into account. I got the job and worked quite happily with the team.
If it wasn't for the interview team telling me where they thought I could do better, I would probably still be hacking code on IRC and bumming off my parents.
About the only other thing I can say is this: If your worried about the legal ramifications, and the bloke (or girl) you tell screwed up wants to press charges about it, you probably wouldn't want them working for you anyway...
Slashdot Mirror
A valid point. Note my reference to online banking. The same also applies to identification, company VPN's, access controls, user passwords, etc.
The public outrage will come from a corporation (ok, so my definition of public is a little vague here). MP3's are, whilst in the same grouping, a different point... as far as the user is concerned downloading an MP3 doesn't compromise their security, but having "weak" security on their banking website allows for it.
Experience and history tell us that mob rule is one of the most powerful forces we have. If everyone using everything has encryption, then making it illegal will cause a public outrage. Would you do your banking online if you knew there was breakable encryption on it?
On a point of interest: do the french government use encryption? Or are they an easy target if anyone wanted someone to run away from them...
didn't see that one coming, did ya!
;)
Having been on the receiving end of some of the larger telcos support system, and considering the "quality" of so-called "AI" systems today, I would have to suggest that it was about the only thing I saw coming
Not using PHP actually... and people still generate SQL because sometimes a stored proceedure is not worth the time or they do not know how to write it. Like I said, I am not on the development team, so I really can not comment on their choices...
Something I have noticed with the development team at my current place of work (I'm not on the team thankfully) is that they tend to do jobs in the order they were received... it make's the KPI's look damn good (all jobs are knocked over within x time frame) when in reality they should be setting a priority on each of these jobs.
We recently (1 month ago) had a form in an easily accessible place vulnerable to SQL Injection due to a failure to validate ANY of the data passed to it. This job was only just patched this past week (and all updates have been run). This time frame, as far as I am concerned, is entirely unacceptable for a job that was so easy to fix yet so dangerous to our business.
On disclosure: Add it to the release notes. If you roll out a patch for one problem, then the problem will be described in the release notes. If the release is internal then the problem will (SHOULD) also be documented in the testing plan and proceedure.
My $0.02.
To (pseudo) quote: "The person is smart, people are dumb stupid creatures"... that pretty much sums it up for me at least...
Next time try plaster-of-paris. I promise you won't have that problem...
You're right, steps 1, 2 and 3 are not a valid test. I wouldn't know, I couldn't get past 1.
On a serious note, we tested your standard stuff, Outlook, Word, opening large attachments, Access, and the like. We also tested with an in house application (don't worry, it scares me too). None of the tests came up any better than the XP tests done at the same time.
Tested on Two IBM Laptops (spec's escape me... but then again, I'm not at work) which were both recently bought (Vista capable stickers and all). About 1GB or RAM where the current school of thought is 2 or 4 depending on where you look. Each of the tests was designed to test how the machine held up under heavy disk load, multi-tasking and the like.
All that aside, one of my colleagues has Vista running on a dual boot XP box and is more than happy with it, then again, all they do is surf the web and maybe write a document or play solitare.
Well spotted. I had forgotten where I heard that, but you are correct. The craptop was it.
I am a being from the future who runs something commonly referred to as 98. I bid thee warning that your statement will one day proove to be incorrect. Yes, you may laugh now, but we shall see Mr G. we shall see...
They're going to use a Hammer and a Chisel... I thought these pieces of equipment were highly delicate...
Apparantly they're more like IBM computers...
There doesn't seem to be an official Slashdot stance on Microsoft either... about the only thing you *do* notice is that most of the windows supporters post as AC's...
Back on topic: Vista tests for my corporation have been far from impressive in both security and performance. I'll stick with the XP Upgrade method I think. "Skin XP to look like Vista... open up the case, remove half the RAM and clock the CPU back a few notches"
I've succeeded in converting a few people to OO. They have gone back to MS Office for one reason: speed. Even with the speed loading tools and a decent machine it still runs slow. I've not looked into it, but OO is done in Java I think (shoot me down if i'm wrong). Fix up the speed, remove the annoying "this is a MS office format you are saving in" and I believe that OO will get a better market share and quicker.
My $0.02 AU.
One of those things I have trouble detecting in real life, let alone in a /. post.
And yes I am dead serious about that... I'm a geek, don't expect me to have social skills!
I'd doubt that. I recently had a scan done on a development site I am working on, and got a high vulnerability rating. Based on the weblogs, some simple correlation, and the fact that I quietly remove invalid characters rather than printing an error, my "High" rating of in-security is in fact a low... these guys don't read their work, its just like running Nessus or Nmap without checking your answers, if you don't look hard enough your not going to find the answer.
I for one am looking forward to a national ID card for Australia, now I don't need to steal a wallet and duplicate a Visa, Bankcard, Drivers License, Medicare Card, Private Health Insurance Card, Vehicular Roadside Assistance card and a library card to look so legitimate that they won't check my credentials, I can just forge one card :) Makes my life a hell of a lot easier...
Disgruntled = Forced to use Exchange
Paranoid = Afraid Someone will find out about said exchange
Late = Lack of sleep due to World Of Warcraft / Late night programming session
Argumentative = "We don't need a new gazillion dollar server"
Poor Performer = Did 30 jobs in a week and missed the KPI level by 1 as each job was bigger than the beancounters.
I would have thought these were the traits of a GOOD sysadmin...
Besides which, I spent too much time building the damned thing to the point it is at... the only destruction I'm doing when I leave is going to be taking a cattle prod to a few users. The BOFH is my God...
I was going to suggest a Month Of Office Bugs to the lists, but the only way I can see it working is if we have 8 bugs a day for a year...
We run it nation wide... yes a single point of failure, but considering our network security and the fact that a "malicious user" only has a Terminal to try and inject a virus into the system locally we're pretty safe.
Now all we need is Telscum to get their shit together and stop disconnecting us between site.
You missed the time loop idea...
Stargate: The temple of Stargate: The temple of Stargate: The temple of...
I remember my first 8 rejections ever. I was/am a self trained programmer, having a few years of experience and proving (through a single course) that I was more than up to the task. But, like many others, I went in nervous, and I screwed up. They were looking for a developer who could be put up on the stage. I wasn't told how I did, or where to improve.
My 9th Interview, at the end of it, I asked what they thought I could improve, just in case I didn't go back. The interview panel were surprised, but gave me a few pointers which I hastily scribbled into a notebook. I was called back for my second interview, and made sure that I took all those points into account. I got the job and worked quite happily with the team.
If it wasn't for the interview team telling me where they thought I could do better, I would probably still be hacking code on IRC and bumming off my parents.
About the only other thing I can say is this: If your worried about the legal ramifications, and the bloke (or girl) you tell screwed up wants to press charges about it, you probably wouldn't want them working for you anyway...
There's a difference between fitting and being forced to fit into something ;)
Sooo that missile silo that just retracted its cover is obviously non-exis... hey, WHO'S PLAYING GAMES ON WOPR AGAIN?!
You just hang people in the office??? Does that motivate people? How do you get rid of the corpses? Do you work for the KKK?
In order: Sure do. You bet it does. We cut them into small pieces and feed them to the wild kangaroo's out the back. Welcome to Australian IT.