The moment that cronie's nephew's job isn't dependant on them not realizing it. So about the same time they realize arresting people over smoking flowers (which was also started as a jobs program since the FBN had fuck all to do after prohibition ended) .
This was exactly my thought... there is nothing here to indicate this is an actual problem and not just yet another imaginary issue. We already have seen that the same people who get in accidents while using phones, get in accidents without them at similar rates. So the phone use isn't the cause.
We also know those same people, a subset of the population, manage risk badly, and choose to use their phone in more dangerous situations than most other people. So likely... the majority of the "I do this" people, are like you, and a small minority are those same idiots who were going to cause an accident having an argument on the phone or messing with their radio dial while driving full speed in heavy traffic and tailgating.
Lets not forget the big picture here. While they may be violating IT policy, possibly opening the network up to many infiltration risks, and potentially costing many hours of lost productivity across many departments; this is all true.
The fact is, before internet porn, they were spending their time between meetings giving HR headaches with torrid office affairs and sexual harrasment lawsuits.
Actually when did that stop as a general practice?
I feel like I am just on the cusp at 35 years old where I remember when many, if not most, consumer electronics, that my parents bought when I was a kid, all had schematics. I mean, my father was no electrical engineer, he was one of those guys who knew just enough to avoid the capacitors in the back of the TV, how to identify fuses and how to resolder a bad connection.... but not enough to analyze logic or signals and really fix a non-trivially broken TV or radio.
So I remember, the tools in the basement, the TV, the radio, the refrigerator (he did study HVAC so that he knew better, even had the tools to find leaks and recharge the fridge), turntables, etc.... every single one we opened (either to fix or to satisfy my curiosity)... they all had schematics....often in the form of a pamphlet attached to the back cover, sometimes as a sticker on it, sometimes in the back of the manual.... but they almost all had it included.
I get that in the middle, the switch to SMD devices and other changes that lead to much higher part densities and complexities have seriously raised the bar for the amateur self-educated tinkerers like us to have any usefulness at all.... but I always assumed the schematics were not so much for us as for future repair people 20 years down the road....when did the shift come that such concerns didn't matter?
Perhaps the truth is that if your system relies on more than a fraction of the population to be paying attention then it is flawed. This is why spam fighters fight for opt-in not opt-out. This idea that if you don't take up arms and violently revolt or get a huge constituency together to oppose something, then you consent.....is just bullshit.
I think its more about understanding needs. Don't stop at listening may be better. Listen to what they say "I want drop box" and think what does that mean?. Does it mean "I want some third party to make everything work"..... no it means they want a way to make working with files so seamless that it seems like they have a single global filesystem...without having to think about it.
I want drop box everywhere too. I don't want drop box at all because I don't want some unknown third party who does who knows what and I don't want to run somebodies proprietary code and service for anything that I rely on working...but the underlying "I don't care about the details" functionality.... absolutely, I want it too.
Well as I understood it even they advocated for it to be libertarian....you know...after the people were ready and the dictatorship of the proletariat had made the world so just and fair that it was no longer needed itself anymore and naturally would fade out of existance. (no problem there right?)
Which of course is great until their political masters get a bee in their bonnet and want to score brownie points on some issue....then bang you can't carry tobacco, or alcohol, even in small quantities, and you have home brewers advising eachother to label their beer as biological samples for test (lol!) and debating the legality of things that could be anywhere from a felony to huge cost all for wanting to share a little beer: http://www.brewboard.com/index.php?showtopic=62601
Well really its more about the heat in the areas where the pipes run inside the walls than the heat inside the living space. We can have it nice and toasty and still have a pipe that will freeze because it runs through one spot between the wall and roof that gets too cold.
My cousin, out in the sticks, was ranting about how he was going to rip up every one of his if some tax passed that was going to count the lumber value of his trees in his property value. He still has the trees so I imagine it didn't pass.
Wow, this may be one of the first bitcoin services I had no intention of ever using right out of the gate. I would feel better about.... paying for a murder directly than funding some asshat to go cause mass murders.
Really guys? Can't generate a password hash once and then set it with usermod -p HASH
or even better, when people use that to set a password to an account nobody is supposed to login to directly; when they could just set the hash to something invalid so there is no way to login.
I swear I have heard that argument before.... Bubba? Is that you?
"It depends on what the meaning of the word 'for' is. If 'for' means in the interests of - that is one thing. If it means in the employment of, that was a completely true statement."
> If you never used it, you obviously should not be making bogus claims. Fully locked down and > properly configured SELinux is a nightmare for auditors, not admins.
Except when the admins are doing the system integration and expected to make it work, with no expectation of time allocated for integration (afterall the vendor said it worked) for whatever arbitary software package they brought in? As far as I can tell, I wasn't working anywhere special in those regards.
> No offense, but your second sentence contradicts your first claim. Is it not more likely that > where he was working they were not using a properly configured access control system? System > being architecture, implementation, and auditing to ensure people don't break things.
Sorry, I don't follow, that was along the lines of what I thought I was saying. My statement was that, I would change password hashes and avoid knowing passwords but that a sysadmin wouldn't HAVE to have that ability. Hell that wouldn't even require SELinux, just use an external auth mechanism that he doesn't have access to make changes to.
However, with selinux, it should be possible to disallow direct updates to the password database even by sysadmins.
However yes, it is more likely there were few to no controls at all, I was only pointing out that they could have them if they bothered...and of course...as NSA contractors when the NSA developed SELinux, well, looks like facially mounted egg to me.
> SELinux is the answer, but it's time consuming to get right and takes a dedicated regular staff of > good auditors and admins to maintain.
On this at least, we completely agree. I would have totally recommended using it if I thought it realistic that we would have either of those.... or even the ability to push back on customers who want everything and want their software to just work even with no time allocated to integration work.
sure I have, but not since I was doing desktop support.
Actually my favorite wasn't those. It was the post-it notes where someone had my direct phone line on it. They were not supposed to be calling me directly but the tech I replaced had been pretty loose with it.... a few times I waited till the user wasn't looking and then shoved the post-it with my number on it in my pocket:)
Of course, back then, the user password was a 5 character upper case alphanumeric string, generated by an internal system, which couldn't be changed; so it was kind of a joke anyway.
What org was it that wrote the SELinux extentions? Oh right the NSA.
I took an SELinux class a while back, it is not necessarily the case that this is true. Its true in all my environments, but, I have never seen any environment where SELinux was actually used.
The default policy on most distros the "Targeted" policy is pretty light weight. Its the horror movie equivalent of scream. Fully locked down SELinux is more like....faces of death.
It is entirely possible to have a system administrator who does NOT have that kind of access under the NSAs mandatory access control model. That doesn't mean they have it implemented that way, but, it is possible that they could, the tools exist; and they wrote them.
As someone who has been a sysadmin for years, I can say, unequivocally, I never ask people for their passwords. If I need access to your account, I can have it. If I really need to do an end to end test, I can probably do it by swapping out your password hash and then restoring it so I never need your password. If that can't be done, i will change it and then reset it so you have to change it again.
Yet... despite this... from time to time people just.... send me their passwords.
"Account X on machine Y with password Z can't login, can you check it?"
> I can't recognize the features those descriptions supposedly refer to.
No you are just missing the point....it isn't YOUR password. If you could match them up, then it wouldn't be secure.
The security of the system rests on the ability of a person who described a bunch of ink blots to match their own descriptions back up to the pictures they chose. You can think of it as a trick to use visual memory to help a person pick a random password and remember it.
There was some research a while back that showed people were actually really good at this sort of thing and could make the same decisions based on the same prompts consistently even if there was no clue that would tell anyone else what decision they would likely make.
Imagine a system where images from hot or not were shown side by side and you pick which picture you find more attractive. Likely if you and I both do it, even with the same set of pictures, we will be unlikely to come up with the same selection string. However, if given the same set tomorrow, we could each likely come up with the same string we came up with today.
This would, of course, be unweildly with enough pictures and some pairs would be easily guessable by attackers (oh a pictures of jessica alba next to jessica tandy.... yah I think I can guess the probability on that bit)
These abstract dot fields fix that by letting you project mental images onto the pictures.... its a trick for generating a password and encoding it into memory....all in one.
Nah those first couple were actually me (failed at life is pretty subjective, and I don't think so, shit today is my 5th wedding anniversary) and I would never make such a stupid rule.
I suspect it goes a bit the other way....they are the people who saw kids being picked on, and wanted to do something, but didn't speak up. Or they are former bullies who feel so much guilt over what they did that they feel some need to "make up for it". (and I know that happens, when I met the bully from school years later, the guy hugged me and started crying)
Slashdot Mirror
....is a bad idea too.
damn I should fire my editor, he sucks.
The moment that cronie's nephew's job isn't dependant on them not realizing it. So about the same time they realize arresting people over smoking flowers (which was also started as a jobs program since the FBN had fuck all to do after prohibition ended) .
No you didn't, you changed it to a statement which, based on my interpretation of the evidence at hand, is false.
This was exactly my thought... there is nothing here to indicate this is an actual problem and not just yet another imaginary issue. We already have seen that the same people who get in accidents while using phones, get in accidents without them at similar rates. So the phone use isn't the cause.
We also know those same people, a subset of the population, manage risk badly, and choose to use their phone in more dangerous situations than most other people. So likely... the majority of the "I do this" people, are like you, and a small minority are those same idiots who were going to cause an accident having an argument on the phone or messing with their radio dial while driving full speed in heavy traffic and tailgating.
Just leave the blast doors cracked open, seriously improves the signal.
Lets not forget the big picture here. While they may be violating IT policy, possibly opening the network up to many infiltration risks, and potentially costing many hours of lost productivity across many departments; this is all true.
The fact is, before internet porn, they were spending their time between meetings giving HR headaches with torrid office affairs and sexual harrasment lawsuits.
Believe it or not, this is cheaper.
Actually when did that stop as a general practice?
I feel like I am just on the cusp at 35 years old where I remember when many, if not most, consumer electronics, that my parents bought when I was a kid, all had schematics. I mean, my father was no electrical engineer, he was one of those guys who knew just enough to avoid the capacitors in the back of the TV, how to identify fuses and how to resolder a bad connection.... but not enough to analyze logic or signals and really fix a non-trivially broken TV or radio.
So I remember, the tools in the basement, the TV, the radio, the refrigerator (he did study HVAC so that he knew better, even had the tools to find leaks and recharge the fridge), turntables, etc.... every single one we opened (either to fix or to satisfy my curiosity)... they all had schematics....often in the form of a pamphlet attached to the back cover, sometimes as a sticker on it, sometimes in the back of the manual.... but they almost all had it included.
I get that in the middle, the switch to SMD devices and other changes that lead to much higher part densities and complexities have seriously raised the bar for the amateur self-educated tinkerers like us to have any usefulness at all.... but I always assumed the schematics were not so much for us as for future repair people 20 years down the road....when did the shift come that such concerns didn't matter?
Perhaps the truth is that if your system relies on more than a fraction of the population to be paying attention then it is flawed. This is why spam fighters fight for opt-in not opt-out. This idea that if you don't take up arms and violently revolt or get a huge constituency together to oppose something, then you consent.....is just bullshit.
I think its more about understanding needs. Don't stop at listening may be better. Listen to what they say "I want drop box" and think what does that mean?. Does it mean "I want some third party to make everything work"..... no it means they want a way to make working with files so seamless that it seems like they have a single global filesystem...without having to think about it.
I want drop box everywhere too. I don't want drop box at all because I don't want some unknown third party who does who knows what and I don't want to run somebodies proprietary code and service for anything that I rely on working...but the underlying "I don't care about the details" functionality.... absolutely, I want it too.
Well as I understood it even they advocated for it to be libertarian....you know...after the people were ready and the dictatorship of the proletariat had made the world so just and fair that it was no longer needed itself anymore and naturally would fade out of existance. (no problem there right?)
Which of course is great until their political masters get a bee in their bonnet and want to score brownie points on some issue....then bang you can't carry tobacco, or alcohol, even in small quantities, and you have home brewers advising eachother to label their beer as biological samples for test (lol!) and debating the legality of things that could be anywhere from a felony to huge cost all for wanting to share a little beer: http://www.brewboard.com/index.php?showtopic=62601
Well really its more about the heat in the areas where the pipes run inside the walls than the heat inside the living space. We can have it nice and toasty and still have a pipe that will freeze because it runs through one spot between the wall and roof that gets too cold.
Free? No it has value, that can be taxed.
My cousin, out in the sticks, was ranting about how he was going to rip up every one of his if some tax passed that was going to count the lumber value of his trees in his property value. He still has the trees so I imagine it didn't pass.
Yup, and now they want donations for it too.
Wow, this may be one of the first bitcoin services I had no intention of ever using right out of the gate. I would feel better about.... paying for a murder directly than funding some asshat to go cause mass murders.
My personal favorite are scripts like
adduser foo
echo "r34lSecr3tstuff\nr34lSecr3tstuff\n" | passwd foo
Really guys? Can't generate a password hash once and then set it with usermod -p HASH
or even better, when people use that to set a password to an account nobody is supposed to login to directly; when they could just set the hash to something invalid so there is no way to login.
Genocide denier eh?
http://www.chomsky.info/onchomsky/1985----.htm
did you really think an excerpt from 1980 wouldn't have been answered by now?
I swear I have heard that argument before.... Bubba? Is that you?
"It depends on what the meaning of the word 'for' is. If 'for' means in the interests of - that is one thing. If it means in the employment of, that was a completely true statement."
Except....if statement 2 is true, then statement 1 isn't.
> If you never used it, you obviously should not be making bogus claims. Fully locked down and
> properly configured SELinux is a nightmare for auditors, not admins.
Except when the admins are doing the system integration and expected to make it work, with no expectation of time allocated for integration (afterall the vendor said it worked) for whatever arbitary software package they brought in? As far as I can tell, I wasn't working anywhere special in those regards.
> No offense, but your second sentence contradicts your first claim. Is it not more likely that
> where he was working they were not using a properly configured access control system? System
> being architecture, implementation, and auditing to ensure people don't break things.
Sorry, I don't follow, that was along the lines of what I thought I was saying. My statement was that, I would change password hashes and avoid knowing passwords but that a sysadmin wouldn't HAVE to have that ability. Hell that wouldn't even require SELinux, just use an external auth mechanism that he doesn't have access to make changes to.
However, with selinux, it should be possible to disallow direct updates to the password database even by sysadmins.
However yes, it is more likely there were few to no controls at all, I was only pointing out that they could have them if they bothered...and of course...as NSA contractors when the NSA developed SELinux, well, looks like facially mounted egg to me.
> SELinux is the answer, but it's time consuming to get right and takes a dedicated regular staff of
> good auditors and admins to maintain.
On this at least, we completely agree. I would have totally recommended using it if I thought it realistic that we would have either of those.... or even the ability to push back on customers who want everything and want their software to just work even with no time allocated to integration work.
sure I have, but not since I was doing desktop support.
Actually my favorite wasn't those. It was the post-it notes where someone had my direct phone line on it. They were not supposed to be calling me directly but the tech I replaced had been pretty loose with it.... a few times I waited till the user wasn't looking and then shoved the post-it with my number on it in my pocket :)
Of course, back then, the user password was a 5 character upper case alphanumeric string, generated by an internal system, which couldn't be changed; so it was kind of a joke anyway.
What org was it that wrote the SELinux extentions? Oh right the NSA.
I took an SELinux class a while back, it is not necessarily the case that this is true. Its true in all my environments, but, I have never seen any environment where SELinux was actually used.
The default policy on most distros the "Targeted" policy is pretty light weight. Its the horror movie equivalent of scream. Fully locked down SELinux is more like....faces of death.
It is entirely possible to have a system administrator who does NOT have that kind of access under the NSAs mandatory access control model. That doesn't mean they have it implemented that way, but, it is possible that they could, the tools exist; and they wrote them.
As someone who has been a sysadmin for years, I can say, unequivocally, I never ask people for their passwords. If I need access to your account, I can have it. If I really need to do an end to end test, I can probably do it by swapping out your password hash and then restoring it so I never need your password. If that can't be done, i will change it and then reset it so you have to change it again.
Yet... despite this... from time to time people just.... send me their passwords.
"Account X on machine Y with password Z can't login, can you check it?"
So no shock at all here.
> I can't recognize the features those descriptions supposedly refer to.
No you are just missing the point....it isn't YOUR password. If you could match them up, then it wouldn't be secure.
The security of the system rests on the ability of a person who described a bunch of ink blots to match their own descriptions back up to the pictures they chose. You can think of it as a trick to use visual memory to help a person pick a random password and remember it.
There was some research a while back that showed people were actually really good at this sort of thing and could make the same decisions based on the same prompts consistently even if there was no clue that would tell anyone else what decision they would likely make.
Imagine a system where images from hot or not were shown side by side and you pick which picture you find more attractive. Likely if you and I both do it, even with the same set of pictures, we will be unlikely to come up with the same selection string. However, if given the same set tomorrow, we could each likely come up with the same string we came up with today.
This would, of course, be unweildly with enough pictures and some pairs would be easily guessable by attackers (oh a pictures of jessica alba next to jessica tandy.... yah I think I can guess the probability on that bit)
These abstract dot fields fix that by letting you project mental images onto the pictures.... its a trick for generating a password and encoding it into memory....all in one.
Nah those first couple were actually me (failed at life is pretty subjective, and I don't think so, shit today is my 5th wedding anniversary) and I would never make such a stupid rule.
I suspect it goes a bit the other way....they are the people who saw kids being picked on, and wanted to do something, but didn't speak up. Or they are former bullies who feel so much guilt over what they did that they feel some need to "make up for it". (and I know that happens, when I met the bully from school years later, the guy hugged me and started crying)