The facts are this, no company can afford to pay someone to 100% lockdown everything nor could they function with everything 100% locked down. There will be things that the security expert will say you should do but you won't want done for either cost or convinience. With the wrong person this can hurt you in two ways.
1) The hacker get pissed that you didn't head the warning (and pay his fee) and will keep the info around for later or trade it with other black hats.
2) The hacker will be in a group of their hacker friends and while just shooting the shit will talk about this "stupid client" they had that didn't want such and such locked down. They won't give a name, but their friends knwo a lot of the places they worked at recently, or after enough beers someone can say so what clients have you had and get the list out of them.
The difference between the first and the second is malicious intent, but they both can have the same affect on you: people who wouldn't have been able to find an achillies heel in your security now have access to that information.
How do I know this can happen, I've been at meeting where people have done the above (the second is much more common than the first, tho).
So, just be careful. A black hat is still a black hat. I believe in reform (having worn a black hat as a teen), so it could be okay to hire someone who has given it up, but it is still a risk. The benefit is, IMO, people who have tried to get exploit security vulnerabilities both have a general better idea of how security works and know the places to get exploit information.
You can't think of servers as fixed cost because the cost of the server is related to the number of clients. Whether you need to support 500 simulatanous users with bursts of 1000 or a department of 25 users intermittently using the system, you buy your servers accordingly.
What? In one case you're talking about putting people out of work for a 100 days, in the other you're talking about not handholding or at worst being uncivil to someone. Now I'm agianst the RTFM mindset for the most part, but I don't think they equate.
the 9-unit is probably the same as 9-pin. Pin printers would have n (in this case, n being 9) little heads arranged vertically in a row. The head would be lifted and dropped to make a matrix of dots (they were called dot matrix printers). 20-pin succeeded 9.
yeah, I kinda thought a lot of people knew it was about a volcano springing up in LA, but that was my bad. I know it's a movie, but it's not so much the things that happen science-wise, but the panic, loss of life, and property damage that I was thinking of. And now it's all possible!:)
RE: the reality, I did parenthesise that it's a movie. And I'd mod you up but I already posted.:P
er, that's what happens on a fault line. Ever heard of the ring of fire? It's not what you get after you eat taco bell. If there is a fault line through LA, then a volcano couldd spring up there (one could anyway, if there is a hot spot like hawaii). The lava follows the path of least resistance and push us through the cracks in the earth.
Now the likelihood of it happening is small, because relatively speaking, LA is just a dot on that line.
Like or hate hollywood megamovies, Volcano was based on the premis of an undiscovered fault line having a molten eruption. Very good insight on what actually could happen given this (but still a movie). Plus it has Tommy Lee Jones.
You should try "The Getaway". It's not as free form as GTA:VC as you have to follow the missions as they are given to you (as opposed to VC, where if a mission is bugging you, there are a few submissions and a bunch of sub tasks you can concentrate on instead). But it has the actual city of London, and a dark plot with great voice acting. I was pretty blown away by this game.
Well, our economic colonization of Iraq has started already, and we aren't even in Bahgdad yet. "Congressman Darrell Issa (R.-Calif.) Wednesday introduced a bill based on a letter to the Pentagon, the U.S. Agency for International Development (USAID) and other lawmakers demanding that the Department of Defense and USAID show favor to CDMA technology made by San Diego-based QUALCOMM". Iraqs current (or is it already former) cellular infrastructure is based on GSM, like their neighbors.
You see this war isn't just about the oil in Iraq and the threatened oil in neighboring countries. It's also about selling our crappy cellular technology standard to a country that would then be incompatitble with every country it borders with. Now this bill hasn't passed, and CDMA hasn't been installed there yet. It's quite possible this bill will be shot down, and even then, the military endorsement might not be enough to outweigh the technology's disavantages. But god damn, this is pretty balsy shit, trying moving our companies in 10 days into the war. And to think that some people wonder how Unocal was awarded 46.5% of the rights in the Afghanistan gas pipeline they wanted for years.
Yeah I'm pissed. But this time I'm not pissed at the present administration. I'm pissed at the millions of American who choose to believe this shit doesn't happen.
What most people don't realize about Barb Wire is that it is a modern day adaptation of Casablanca (or maybe people do realize it, but I never heard about it. I'm just a Bogart fan and recognized it by the time her old boyfriend showed up). Watch Casablanca, and then Barb Wire right after it. It's almost like Gus Van Sant directed it.
Hmm, that's pretty high praise in my estimation (Lawrence of Arabia being the third VHS tape and first DVD I bought, well before I even had a DVD player). I haven't seen Groundhog Day, thinking it was just an average comedy, but I might have to buy it because of this.
I'm not a Scientologist. I hate the things that scientology does. I liked Battlefield Earth. There really wasn't much Scientology in there except belief in extraterrestrials and the power for the human mind. It's more of a "pro-america" than a scientology movie.
The U.S. announced the Walt Eisner Protection Act, extending copyright to life plus 100-years and allowing the government to charge royalties on public domain works. When asked about it, representatives said that it was to keep copyright laws in sync with Mexico. U.S. officials along with the RIAA are now waiting for another country to pass even more restrictive copyright laws for them to sync to.
It's going to be very hard in your present situation. A ping pong table or lunches aren't going to cure the problem: that you've been laying off in stages, causing people to believe that more stages are yet to come. My only suggestion is to open the books a lot, to let people know that you are cash flow positive and that they don't have anything to worry about. If you aren't cash flow positive, then make another cut, but cut very deeply, deeply enough to get the company in a survivable state, and then open the books.
If you can't cut, then you'll need to readjust salaries. DON'T OVERPROMISE. Don't say things like "you'll take a cut here, but when things get good you'll get this kind of bonus" and then later make projections like "we'll be doing well by 3Q03." People remember this shit and when you don't follow through, every promise you make is suspect.
If you don't do something drastic, what will happen is this: the best developers will find a new job fairly quickly for today's economy (about two months). You'll be stuck with the worst ones: the inarticulate, the inexperienced, and the difficult to work with. And then your company will really suffer.
EJBs aren't bad, but entity beans have problems. They work by having you find a collection of keys and then requering each key to get the data:
select pk from table where field3 = ? then many
select field1, field2 from table where pk=? Given n rows, and m returned rows by the query, (and you have an index that lets you find the data in log(n)) this takes O(log(n)+m+ m*log(n)) time.
The order analysis shows that this is worse than directly finding the data:
select field1, field2 from table field3 = ? which takes O(log(n)+m) time.
There is a pattern called FatKey that can get this boost back by doing
select pk, field1, field2 from table field3 = ? and then the ejbLoad just initializes from the key, but this can be dangerous if you change a bean before the fatkey is loaded (you will overwrite the changes).
There are other problems depending on your transaction settings. It's not uncommon for a call to a getter to open a new transaction, casue a bean to load, and then store at the end. The ValueObject pattern is there to stop this, as is SessionFacade (as the session bean creates the transaction, and, in theory, you'll only have one load and store for all the calls to a single entity).
Entity beans have their place, particularily in providing a canonical object for people to talk through. In addition, proper caching and use of standard patterns can eliminate much of their speed issues, but you have to be careful.
Session beans rock though, and in the next EJB version will rock more as any method on them will be a web service (as will the onMessage for MDBs as well).
Because of the way debian handles projects, the man page will be written even if the author of the tool didn't provide it (even if they speak all the languages debian supports).
And it's easy to make your own deb files (and even apt-get hosts) to install a tool that isn't supported. The poster was just talking about the official debs you get from the debian servers.
Hmmm, I was reading it more as Gorilla's can eat magic mushrooms, but they can't really communicate to each other "damn that was fun!" and it's also possible that without the creativity gene, psychedelics aren't as fun for gorillas as they are for humans. Humans, having developed creativity and language, got more out of magic mushrooms and were able to comminicate what they had gotten from them. Thus human use of psychedelics was a result of being able to have culture, rather than the cause of being able to have culture.
Slashdot Mirror
You look pretty damn round to me, porky.
The facts are this, no company can afford to pay someone to 100% lockdown everything nor could they function with everything 100% locked down. There will be things that the security expert will say you should do but you won't want done for either cost or convinience. With the wrong person this can hurt you in two ways.
1) The hacker get pissed that you didn't head the warning (and pay his fee) and will keep the info around for later or trade it with other black hats.
2) The hacker will be in a group of their hacker friends and while just shooting the shit will talk about this "stupid client" they had that didn't want such and such locked down. They won't give a name, but their friends knwo a lot of the places they worked at recently, or after enough beers someone can say so what clients have you had and get the list out of them.
The difference between the first and the second is malicious intent, but they both can have the same affect on you: people who wouldn't have been able to find an achillies heel in your security now have access to that information.
How do I know this can happen, I've been at meeting where people have done the above (the second is much more common than the first, tho).
So, just be careful. A black hat is still a black hat. I believe in reform (having worn a black hat as a teen), so it could be okay to hire someone who has given it up, but it is still a risk. The benefit is, IMO, people who have tried to get exploit security vulnerabilities both have a general better idea of how security works and know the places to get exploit information.
So how do you prevent a black hat on the wireless network from owning one of the wireless clients and then getting back into your network via the VPN?
You can't think of servers as fixed cost because the cost of the server is related to the number of clients. Whether you need to support 500 simulatanous users with bursts of 1000 or a department of 25 users intermittently using the system, you buy your servers accordingly.
What? In one case you're talking about putting people out of work for a 100 days, in the other you're talking about not handholding or at worst being uncivil to someone. Now I'm agianst the RTFM mindset for the most part, but I don't think they equate.
her gift went on my personal credit card rather than a company card
and then you get slapped with a sexual harassment charge because you are buying gifts for a female co-worker against company policy
the 9-unit is probably the same as 9-pin. Pin printers would have n (in this case, n being 9) little heads arranged vertically in a row. The head would be lifted and dropped to make a matrix of dots (they were called dot matrix printers). 20-pin succeeded 9.
yeah, I kinda thought a lot of people knew it was about a volcano springing up in LA, but that was my bad. I know it's a movie, but it's not so much the things that happen science-wise, but the panic, loss of life, and property damage that I was thinking of. And now it's all possible! :)
:P
RE: the reality, I did parenthesise that it's a movie. And I'd mod you up but I already posted.
er, that's what happens on a fault line. Ever heard of the ring of fire? It's not what you get after you eat taco bell. If there is a fault line through LA, then a volcano couldd spring up there (one could anyway, if there is a hot spot like hawaii). The lava follows the path of least resistance and push us through the cracks in the earth.
Now the likelihood of it happening is small, because relatively speaking, LA is just a dot on that line.
Still would suck for a lot of people, though.
Like or hate hollywood megamovies, Volcano was based on the premis of an undiscovered fault line having a molten eruption. Very good insight on what actually could happen given this (but still a movie). Plus it has Tommy Lee Jones.
You should try "The Getaway". It's not as free form as GTA:VC as you have to follow the missions as they are given to you (as opposed to VC, where if a mission is bugging you, there are a few submissions and a bunch of sub tasks you can concentrate on instead). But it has the actual city of London, and a dark plot with great voice acting. I was pretty blown away by this game.
Well, our economic colonization of Iraq has started already, and we aren't even in Bahgdad yet. "Congressman Darrell Issa (R.-Calif.) Wednesday introduced a bill based on a letter to the Pentagon, the U.S. Agency for International Development (USAID) and other lawmakers demanding that the Department of Defense and USAID show favor to CDMA technology made by San Diego-based QUALCOMM". Iraqs current (or is it already former) cellular infrastructure is based on GSM, like their neighbors.
You see this war isn't just about the oil in Iraq and the threatened oil in neighboring countries. It's also about selling our crappy cellular technology standard to a country that would then be incompatitble with every country it borders with. Now this bill hasn't passed, and CDMA hasn't been installed there yet. It's quite possible this bill will be shot down, and even then, the military endorsement might not be enough to outweigh the technology's disavantages. But god damn, this is pretty balsy shit, trying moving our companies in 10 days into the war. And to think that some people wonder how Unocal was awarded 46.5% of the rights in the Afghanistan gas pipeline they wanted for years.
Yeah I'm pissed. But this time I'm not pissed at the present administration. I'm pissed at the millions of American who choose to believe this shit doesn't happen.
Underrated Charlie Sheen movie - Hot Shots! Part Deux. Much better than the first.
What most people don't realize about Barb Wire is that it is a modern day adaptation of Casablanca (or maybe people do realize it, but I never heard about it. I'm just a Bogart fan and recognized it by the time her old boyfriend showed up). Watch Casablanca, and then Barb Wire right after it. It's almost like Gus Van Sant directed it.
Hmm, that's pretty high praise in my estimation (Lawrence of Arabia being the third VHS tape and first DVD I bought, well before I even had a DVD player). I haven't seen Groundhog Day, thinking it was just an average comedy, but I might have to buy it because of this.
Hmm, that's the version I saw, but I was in Canada at the time. *shrug*
I'm not a Scientologist. I hate the things that scientology does. I liked Battlefield Earth. There really wasn't much Scientology in there except belief in extraterrestrials and the power for the human mind. It's more of a "pro-america" than a scientology movie.
And the rat thing was hilarious.
You don't have to be Kreskin to see that art is dying.
The U.S. announced the Walt Eisner Protection Act, extending copyright to life plus 100-years and allowing the government to charge royalties on public domain works. When asked about it, representatives said that it was to keep copyright laws in sync with Mexico. U.S. officials along with the RIAA are now waiting for another country to pass even more restrictive copyright laws for them to sync to.
It's going to be very hard in your present situation. A ping pong table or lunches aren't going to cure the problem: that you've been laying off in stages, causing people to believe that more stages are yet to come. My only suggestion is to open the books a lot, to let people know that you are cash flow positive and that they don't have anything to worry about. If you aren't cash flow positive, then make another cut, but cut very deeply, deeply enough to get the company in a survivable state, and then open the books.
If you can't cut, then you'll need to readjust salaries. DON'T OVERPROMISE. Don't say things like "you'll take a cut here, but when things get good you'll get this kind of bonus" and then later make projections like "we'll be doing well by 3Q03." People remember this shit and when you don't follow through, every promise you make is suspect.
If you don't do something drastic, what will happen is this: the best developers will find a new job fairly quickly for today's economy (about two months). You'll be stuck with the worst ones: the inarticulate, the inexperienced, and the difficult to work with. And then your company will really suffer.
EJBs aren't bad, but entity beans have problems. They work by having you find a collection of keys and then requering each key to get the data:
select pk from table where field3 = ?
then many
select field1, field2 from table where pk=?
Given n rows, and m returned rows by the query, (and you have an index that lets you find the data in log(n)) this takes O(log(n)+m+ m*log(n)) time.
The order analysis shows that this is worse than directly finding the data:
select field1, field2 from table field3 = ?
which takes O(log(n)+m) time.
There is a pattern called FatKey that can get this boost back by doing
select pk, field1, field2 from table field3 = ?
and then the ejbLoad just initializes from the key, but this can be dangerous if you change a bean before the fatkey is loaded (you will overwrite the changes).
There are other problems depending on your transaction settings. It's not uncommon for a call to a getter to open a new transaction, casue a bean to load, and then store at the end. The ValueObject pattern is there to stop this, as is SessionFacade (as the session bean creates the transaction, and, in theory, you'll only have one load and store for all the calls to a single entity).
Entity beans have their place, particularily in providing a canonical object for people to talk through. In addition, proper caching and use of standard patterns can eliminate much of their speed issues, but you have to be careful.
Session beans rock though, and in the next EJB version will rock more as any method on them will be a web service (as will the onMessage for MDBs as well).
Because of the way debian handles projects, the man page will be written even if the author of the tool didn't provide it (even if they speak all the languages debian supports).
And it's easy to make your own deb files (and even apt-get hosts) to install a tool that isn't supported. The poster was just talking about the official debs you get from the debian servers.
:) I thought that too (the FoxDie connection, not the alien thing). Of course, that makes us both geeks.
some argue this makes your brain illegal
Well, here in America, it's not your brain that's illegal, it's using your brain that's illegal.
Hmmm, I was reading it more as Gorilla's can eat magic mushrooms, but they can't really communicate to each other "damn that was fun!" and it's also possible that without the creativity gene, psychedelics aren't as fun for gorillas as they are for humans. Humans, having developed creativity and language, got more out of magic mushrooms and were able to comminicate what they had gotten from them. Thus human use of psychedelics was a result of being able to have culture, rather than the cause of being able to have culture.