The harm is in the production of the images in the first place, not in the viewing of them. The viewing supports the production. Or the production supports the viewing. I am not sure, given that I do not operate in those circles. From what I have read about it, the consensus seems to be that most kiddie porn is produced by family members abusing their younger relatives.
It can probably be argued that the people making the images would continue to make them even if they did not have an audience to share them with. Even so, there is still some social value in discouraging people from consuming the images. If people are interested in the images, that is a form of social acceptance for those who make the images.
It is bad enough that people have these demons that they struggle with. It is terrible that they abuse those who are too young to protect themselves and in most cases, do not even realize how wrong the activities are. The last thing that we need as a society is to encourage others to consume the evidence of that abuse.
For an interesting thought project, work backwards to how much the advertisers must be paying the networks to support those kinds of salaries for the actors. Do not forget to factor in production costs, everyone working below the line, etc.
I read this and get the sense that you do not feel that the person behind the desk is worth the time it would take to treat them like you would treat a friend.
By all means, let's further remove interpersonal communication and support the notion that computers do things better... and people whose jobs have not yet been replaced by computers, should act more like them.
ProTop - The "personality type" that you seem so against is one who can ask simple questions like, "How you are doing today?", genuinely pay attention to the answer, and treat the person who you are dealing with like a person, who has a life outside of work and a larger purpose than taking your credit card in exchange for a room key.
As much as I am not a fan of government regulation, my professional experience has shown me that the only time people get IT anywhere close to right is when there is a risk of financial penalty involved in getting it wrong. Regulation seems to be the only solution to people working for peanuts. The people who work for peanuts make mistakes. If those mistakes cost the company more than the company saves by hiring those people, they will not hire those people.
Out of all of the industries that I have worked with, the financial services industries seem to be the most together. They are not perfect, but the penalties associated with losing customer data makes them more careful.
You bring up a good point. Given the extent out of the impact of the change, they probably should have just declared a disaster and gone with Plan B. Yet, given that they blew a system change and did not have a rollback plan, I am fairly confident that any sort of DR strategy is equally broken and worthless.
Situations like this always put a smile on my face, because I know that my job is secure. If an organization as large as the United States government cannot get these basics right, but I can... I know that I will always be in a position to make improvements somewhere, and will never be faced with a shortage of things to do.
I see the same thing with the major Fortune 50 corporations that I work with. I am thoroughly convinced that from the smallest shops, up to the largest organizations, the majority of IT departments are barely functioning and are just one bad change away from serious down time with no hope of recovering in any sort of reasonable amount of time.
The decision was made before I got here. Most of the Notes functionality was replaced with ServiceNow. Notes was being used for things like IT help desk, inventory (hardware, software, etc) management, and change management.
There were a few administrative centric applications that were replaced by equivalent SharePoint sites (I know, I know...)
We are still going through this where I work. Previously IT was run on a bunch of Lotus Notes / Domino databases. Those have since been replaced by PeopleSoft and ServiceNow.
You have to see the opportunity for what it is. You can have real conversations with the departments about what their real needs are. It is going to take a while, but you will have to produce documents that detail the core application functionalities for all of the applications. Then you will have to map those functions into the ERP system. Once you have done that, you will have your gap analysis and be able to focus your developmental resources. You have to get buy in from across the organization and get people committed to and willing to do things differently. The ERP equivalents of the current applications will not be apples to apples. If you try to do that, you will never get through it and will end up failing. If you are just going to recreate the apps, you might as well not even bother. The key is to focus on the functionality. Focus on the business needs / business cases for the applications.
For something that big, you are going to need at least 3+ full time employees. A project manager to keep everything organized and fight back against scope creep, a senior developer / architect to make the technical decisions and provide guidance to the team of developer(s) who will do the actual work. In all honesty, what you are proposing is a significant investment for the organization and a shift in culture. Each one of those employees is easily a six figure salary, so figure over half a million dollar in salary (plus benefits, etc.) Good developers are hard to find and building a successful development team is a challenge. You will obviously need an executive sponsor who can help you figure out where to position this new group / department in the overall organizational hierarchy.
The long term benefit to your organization is that you free yourself from the vendor. The risk that you run is that you might end up with incompetent developers or management on the new team and find yourself worse off than before.
Have you considered bringing in another vendor? At the very least, you can use that as leverage to negotiate more favorable conditions with the current vendor.
You should have enough experience with the current vendor to determine how accurate their project quotes are. Use that knowledge when you ask them for quotes on replacing / reproducing the current application functionality. Then compare that to what it will cost your organization to do it in house. It should be clear very early on in the process if you are going to save enough money to justify such a drastic realignment of the management, operation and development of the systems.
If you are working in IT and do not know what an ERP system is, you are playing in the minor leagues. Go back to coding your iOS and web apps and leave the rest of us to solve our business problems.
Good points. The first thing that I thought when I read the summary was that the only way there could be a 100% increase is if the number of previous vulnerabilities was very small. Finding two vulnerabilities in the same period of time in which one was previously found is a 100% increase. Just like finding 60 when the previous amount was 30 is also a 100% increase.
What are you talking about? USB 3.0 is significantly faster than USB 2.0. I work in a business where we have to transfer data on physical media due to the volumes involved. We ship hundreds of drives a month. Our clients refuse to accept anything other than USB 3.0 anymore because the previous generation is too slow.
On a more serious note, a single developer mistake can potentially affect millions of end users (in the case of an application like Windows). Therefore it makes sense to focus on the developers. "With great power comes great responsibility" and all that.
Have no fear./. is collection friendly, with the data being sent in plaintext. They have all of our posts, and sort them for content and categorize them by context.
The kind of environment where the attacker is a sysadmin with access to the box and the ability to do whatever they feel like with BIOS, including enabling USB boot.
The default security posture of most organizations these days is to assume that a trusted insider will exploit the system at some point. Therefore everyone is implementing damage mitigation techniques so that they can respond quickly and understand the scope of the inevitable breach when it does occur.
Everyone is watching everyone else. The security guys get access to the firewalls and the IDS, but cannot touch the servers. The server guys cannot touch the backups. The backup team cannot initiate a restore without two levels of change control approval. It is a serious PITA for everyone involved and a gross inefficiency.
The first time an auditor told me that they cannot trust me, my knee jerk reaction was to tell them to go fuck themselves. Eventually I realized that I am in a very risky position with access to a lot of sensitive information. The key is not that they do not trust me, it is that they CANNOT trust me. While I may be trustworthy, who is to say that someone else in my same position, with my same level of access, is also trustworthy? Just like I have to assume that any executable downloaded from the internet is potentially full of malicious code, the risk management folks have to assume that every sysadmin in the organization is potentially full of malicious intent.
I read the article and while one might question why data is being stored that is almost a decade old, the data itself is not that big of a deal. Basically the airlines store all the information about how he bought the ticket and what his preferences were (seat assignments, meal choices, etc.) The call center agents kept notes on why he called.
All of the information is benign. They kept his credit card information in plain text which is lame, but I have yet to see a story about a CBP breach that led to a bunch of fraud. It could happen, and they should probably encrypt the data in the future, but it is not a massive, conspiracy re-enforcing revelation.
The only disconcerting thing is the length of the data retention. Once it is obvious that the plane did not go down and nobody flying was involved in any subsequent terrorist activities, the data should be purged.
Slashdot Mirror
I am willing to agree that blanket censorship is a bad thing.
How can you be opposed to the censorship of child pornography? Please avoid the slippery slope argument. That one has been played out.
The harm is in the production of the images in the first place, not in the viewing of them. The viewing supports the production. Or the production supports the viewing. I am not sure, given that I do not operate in those circles. From what I have read about it, the consensus seems to be that most kiddie porn is produced by family members abusing their younger relatives.
It can probably be argued that the people making the images would continue to make them even if they did not have an audience to share them with. Even so, there is still some social value in discouraging people from consuming the images. If people are interested in the images, that is a form of social acceptance for those who make the images.
It is bad enough that people have these demons that they struggle with. It is terrible that they abuse those who are too young to protect themselves and in most cases, do not even realize how wrong the activities are. The last thing that we need as a society is to encourage others to consume the evidence of that abuse.
For an interesting thought project, work backwards to how much the advertisers must be paying the networks to support those kinds of salaries for the actors. Do not forget to factor in production costs, everyone working below the line, etc.
I read this and get the sense that you do not feel that the person behind the desk is worth the time it would take to treat them like you would treat a friend.
By all means, let's further remove interpersonal communication and support the notion that computers do things better... and people whose jobs have not yet been replaced by computers, should act more like them.
ProTop - The "personality type" that you seem so against is one who can ask simple questions like, "How you are doing today?", genuinely pay attention to the answer, and treat the person who you are dealing with like a person, who has a life outside of work and a larger purpose than taking your credit card in exchange for a room key.
I am always social with the desk clerk. Being friendly with the clerk is the number one way to get a complimentary upgrade.
As much as I am not a fan of government regulation, my professional experience has shown me that the only time people get IT anywhere close to right is when there is a risk of financial penalty involved in getting it wrong. Regulation seems to be the only solution to people working for peanuts. The people who work for peanuts make mistakes. If those mistakes cost the company more than the company saves by hiring those people, they will not hire those people.
Out of all of the industries that I have worked with, the financial services industries seem to be the most together. They are not perfect, but the penalties associated with losing customer data makes them more careful.
You bring up a good point. Given the extent out of the impact of the change, they probably should have just declared a disaster and gone with Plan B. Yet, given that they blew a system change and did not have a rollback plan, I am fairly confident that any sort of DR strategy is equally broken and worthless.
Situations like this always put a smile on my face, because I know that my job is secure. If an organization as large as the United States government cannot get these basics right, but I can... I know that I will always be in a position to make improvements somewhere, and will never be faced with a shortage of things to do.
I see the same thing with the major Fortune 50 corporations that I work with. I am thoroughly convinced that from the smallest shops, up to the largest organizations, the majority of IT departments are barely functioning and are just one bad change away from serious down time with no hope of recovering in any sort of reasonable amount of time.
Rollback plan? What is that?
The decision was made before I got here. Most of the Notes functionality was replaced with ServiceNow. Notes was being used for things like IT help desk, inventory (hardware, software, etc) management, and change management.
There were a few administrative centric applications that were replaced by equivalent SharePoint sites (I know, I know...)
We are still going through this where I work. Previously IT was run on a bunch of Lotus Notes / Domino databases. Those have since been replaced by PeopleSoft and ServiceNow.
You have to see the opportunity for what it is. You can have real conversations with the departments about what their real needs are. It is going to take a while, but you will have to produce documents that detail the core application functionalities for all of the applications. Then you will have to map those functions into the ERP system. Once you have done that, you will have your gap analysis and be able to focus your developmental resources. You have to get buy in from across the organization and get people committed to and willing to do things differently. The ERP equivalents of the current applications will not be apples to apples. If you try to do that, you will never get through it and will end up failing. If you are just going to recreate the apps, you might as well not even bother. The key is to focus on the functionality. Focus on the business needs / business cases for the applications.
For something that big, you are going to need at least 3+ full time employees. A project manager to keep everything organized and fight back against scope creep, a senior developer / architect to make the technical decisions and provide guidance to the team of developer(s) who will do the actual work. In all honesty, what you are proposing is a significant investment for the organization and a shift in culture. Each one of those employees is easily a six figure salary, so figure over half a million dollar in salary (plus benefits, etc.) Good developers are hard to find and building a successful development team is a challenge. You will obviously need an executive sponsor who can help you figure out where to position this new group / department in the overall organizational hierarchy.
The long term benefit to your organization is that you free yourself from the vendor. The risk that you run is that you might end up with incompetent developers or management on the new team and find yourself worse off than before.
Have you considered bringing in another vendor? At the very least, you can use that as leverage to negotiate more favorable conditions with the current vendor.
You should have enough experience with the current vendor to determine how accurate their project quotes are. Use that knowledge when you ask them for quotes on replacing / reproducing the current application functionality. Then compare that to what it will cost your organization to do it in house. It should be clear very early on in the process if you are going to save enough money to justify such a drastic realignment of the management, operation and development of the systems.
If you are working in IT and do not know what an ERP system is, you are playing in the minor leagues. Go back to coding your iOS and web apps and leave the rest of us to solve our business problems.
Good points. The first thing that I thought when I read the summary was that the only way there could be a 100% increase is if the number of previous vulnerabilities was very small. Finding two vulnerabilities in the same period of time in which one was previously found is a 100% increase. Just like finding 60 when the previous amount was 30 is also a 100% increase.
What are you talking about? USB 3.0 is significantly faster than USB 2.0. I work in a business where we have to transfer data on physical media due to the volumes involved. We ship hundreds of drives a month. Our clients refuse to accept anything other than USB 3.0 anymore because the previous generation is too slow.
I swear we saw an identical article a few months ago.
Go away.
We do not want your advertisements. Nobody wants your old gear. I pay you guys to haul it away, not sell it back to me on Slashdot.
Of course they get measured. In the long term if they deliver too many screwed up projects, their superiors stop giving them projects.
Ultimately it is the developer's responsibility to push back against stupid managers and give them honest feedback about what can and cannot be done.
On a more serious note, a single developer mistake can potentially affect millions of end users (in the case of an application like Windows). Therefore it makes sense to focus on the developers. "With great power comes great responsibility" and all that.
The world hates putting up with buggy code.
Trust but verify.
Have no fear. /. is collection friendly, with the data being sent in plaintext. They have all of our posts, and sort them for content and categorize them by context.
Now THIS is the level of paranoia that I like to see.
You you realize that you forgot to fnord that and they can totally see what you wrote, right?
The kind of environment where the attacker is a sysadmin with access to the box and the ability to do whatever they feel like with BIOS, including enabling USB boot.
The default security posture of most organizations these days is to assume that a trusted insider will exploit the system at some point. Therefore everyone is implementing damage mitigation techniques so that they can respond quickly and understand the scope of the inevitable breach when it does occur.
Everyone is watching everyone else. The security guys get access to the firewalls and the IDS, but cannot touch the servers. The server guys cannot touch the backups. The backup team cannot initiate a restore without two levels of change control approval. It is a serious PITA for everyone involved and a gross inefficiency.
The first time an auditor told me that they cannot trust me, my knee jerk reaction was to tell them to go fuck themselves. Eventually I realized that I am in a very risky position with access to a lot of sensitive information. The key is not that they do not trust me, it is that they CANNOT trust me. While I may be trustworthy, who is to say that someone else in my same position, with my same level of access, is also trustworthy? Just like I have to assume that any executable downloaded from the internet is potentially full of malicious code, the risk management folks have to assume that every sysadmin in the organization is potentially full of malicious intent.
This...
Last I heard, Verizon was scaling back / had stopped expanding their FiOS network. Is that still the case?
While this is great news for current FiOS subscribers, it means fuck all to the rest of us who do not, and likely will not ever have, FiOS.
I read the article and while one might question why data is being stored that is almost a decade old, the data itself is not that big of a deal. Basically the airlines store all the information about how he bought the ticket and what his preferences were (seat assignments, meal choices, etc.) The call center agents kept notes on why he called.
All of the information is benign. They kept his credit card information in plain text which is lame, but I have yet to see a story about a CBP breach that led to a bunch of fraud. It could happen, and they should probably encrypt the data in the future, but it is not a massive, conspiracy re-enforcing revelation.
The only disconcerting thing is the length of the data retention. Once it is obvious that the plane did not go down and nobody flying was involved in any subsequent terrorist activities, the data should be purged.