You can have the strongest end-to-end encryption you want...it doesn't mean much if you don't know how your private and session keys are handled. It's all down to trusting the vendor that you're supposedly hiding your messages from with "end-to-end" encryption.
The CISO is a much more recent office and typically reports to the CIO. By default the duties of the CISO have fallen to the CIO and only more recently in relative terms been parted out to the CISO.
The CEH is certainly something that looks good on the CV, but I have never met a pen tester or IT Security manager who actually held it in high regard. The OSCP is by all accounts an order of magnitude more difficult, more relevant and more respected. I'm not opposed to multiple choice exams (I have several of the certs mentioned here and am quite proud of it) but for me it just doesn't add up that you can demonstrate a practical skill such as hacking through this form of test.
Yes, I largely agree. I wrote the blurb in haste. What I was trying (unsuccessfully) to alude to was the expected change to legislation to ensure business can continue to exchange data.
Essentially all of the big IT providers are American. Processing and the more contemporary "cloud" services that everything seems to have morphed into mean that your customer data does not have widely-accepted protection under the DPD. If a replacement does not step in we may see repatriating of data and a cleanup exercise. It doesn't seem very likely, but neither did this ruling.
I don't think you've been keeping up with the case. There is no new legislation, but a very simple point in contention. Did the Safe Harbour provision, intended to ensure corporations met European levels of data control, cover state intelligence gathering. The ruling is at this point, no. The Irish Data Protection Commissioner had stated in relation to the European Data Protection Directive that they had no power to look at the scope of Safe Harbour and that in of itself Facebook met the requirements of Safe Harbour.
It is not news that the NSA etc. did not see themselves as constrained by Safe Harbour. In light of the ECJ's rulings an investigation into Facebook's protection of European data seems appropriate.
I had 16MB of RAM and it ran like a champ. It was plenty of RAM even for gaming, I used to blitz through X-Wing Vs. TIE Fighter and plenty of other 3D games without breaking a sweat. Hexen II and Duke 3D were regulars on my PC.
I loved that song and I loved having it on the PC. It blew my mind and it rendered amazingly at the time through my 2MB ATI Video Card. And that really was a video card, not a 3D card.
If you really think the amount of airplay you get in a bar is equivalent to the critically acclaimed musical legacy of this man then I'm not sure what to make of that.
I'm 35 and Neil Young is one of my favourite musicians. I think he's one of the most accomplished songwriters of the past century. I suggest listening to some of his albums rather than waiting on random airplay of one of his "hits".
That is not how Security should function. It's not a matter of being judge, jury and executioner. Your task is to advise of the risk and propose (and possibly enact) controls to mitigate or avoid that risk.
If your job was to be perfectly secure you'd just unplug the network and lock all the doors with the employees outside. The security function must support business operations.
In my experience a broader view pays dividends. That can be achieved through secondment, introduction of new blood or with the best cost/benefit ratio by going through industry certification. Maybe an RHCE for a 25 year Unix sysadmin is questionable, but an Audit certification for your systems auditor will likely provide a view higher-level corporate governance and of course provide the assurance that your C-level suite will require.
Not everyone is working at grunt level for their entire career. Upward mobility typically requires expansion of experience, outlook and qualifications in larger organisations.
Assurance is very important. This thread unsurprisingly is focussing on programming certifications. However, if you hire someone to maintain a system you are indemnifying yourself against any challenges to your decision where you have sought industry-standard certification.
This not a substitute for judgement and a thorough approach. You filter down to the candidates who are enthusiastic enough about their career to actively partake in continual professional development, make your own decision based on your interview and then as I said are largely indemnified where a decision later comes under scrutiny.
They have a limited scope of action and limited deliverables.
Successful or not I was trying to call out the shortcomings of the role rather than the people working in it.
Every day I talk to project managers who probably do an excellent job meeting their deliverables and will be rated very well for doing so. Unfortunately what they do isn't the right thing but what they were asked to do. There's no reward for doing the right thing even if it's value-add. That same point is what I was trying to illustrate with my comment; the output seen here is the perfect manifestation of that kind of attitude.
When your brief is simply sell and your output is "Ah sure no one should use pens any more, buy our product" you can either stand over it or recognise the base nature of what you've done. Your argument about creativity really can't reasonably apply here. The output is by nature not of substantial creativity but rather the narrowly interpreted result of a functional requirement.
I've never considered the sales and marketing people to be the smartest part of any organisation. They have a limited scope of action and limited deliverables. Calling this out is right. I wonder if they also think children should stop learning maths as we all have calculators - or more likely that we all have calc.exe.
I feel like you haven't been reading many of these articles over the past 13-14 years here on/.
The problem is conflicting jurisdictions. The PATRIOT act requires US businesses to hand over data stored when requested, even if it is outside of the US. Twitter are subject to those requests.The EU have strict laws regarding data protection but the fundamental issue is Twitter are breaking somebody's law whichever they choose to comply with.
Let's paint the picture - a request for data on an EU citizen, posted from Europe through a European datacentre but on a service owned by an American company. The American government request data but European law prohibits it. What do the American company do? Whose law do they break?
Storing the data under a non-American subsidiary puts at least some buffer in there. I'm not sure how effective this will really be but that is the intention.
Let's see you couple that battery directly to a wheel and see how far that gets you moving before you wish you had moving parts between them. I am looking forward to electric cars being more common but blind optimism doesn't help, the fact is you still need an electric motor and batteries have too small a charge, too short a life and too much environmental impact.
You still have maintenance on the electric motor, you still have a motor and you still have toxic emissions albeit they are now suspended until the battery replacement.
That's exactly how I feel, but moreover logically that is why these medicines are prescription only.
As a European I was horrified to see that prescription medicines are routinely and frequently advertised on television in the USA instructing the viewer to ask their doctor to prescribe the medicine.
Slashdot Mirror
You can have the strongest end-to-end encryption you want...it doesn't mean much if you don't know how your private and session keys are handled. It's all down to trusting the vendor that you're supposedly hiding your messages from with "end-to-end" encryption.
Janeway used gedit, Sisko used Kate but Archer used Windows Notepad.
The big thing is critical mass. The RPi has that and it's a hub for community projects.
A set of shims would be nice, quiet, cheap AND fast.
The CISO is a much more recent office and typically reports to the CIO. By default the duties of the CISO have fallen to the CIO and only more recently in relative terms been parted out to the CISO.
The CEH is certainly something that looks good on the CV, but I have never met a pen tester or IT Security manager who actually held it in high regard. The OSCP is by all accounts an order of magnitude more difficult, more relevant and more respected. I'm not opposed to multiple choice exams (I have several of the certs mentioned here and am quite proud of it) but for me it just doesn't add up that you can demonstrate a practical skill such as hacking through this form of test.
Yes, I largely agree. I wrote the blurb in haste. What I was trying (unsuccessfully) to alude to was the expected change to legislation to ensure business can continue to exchange data.
Essentially all of the big IT providers are American. Processing and the more contemporary "cloud" services that everything seems to have morphed into mean that your customer data does not have widely-accepted protection under the DPD. If a replacement does not step in we may see repatriating of data and a cleanup exercise. It doesn't seem very likely, but neither did this ruling.
I don't think you've been keeping up with the case. There is no new legislation, but a very simple point in contention. Did the Safe Harbour provision, intended to ensure corporations met European levels of data control, cover state intelligence gathering. The ruling is at this point, no. The Irish Data Protection Commissioner had stated in relation to the European Data Protection Directive that they had no power to look at the scope of Safe Harbour and that in of itself Facebook met the requirements of Safe Harbour.
It is not news that the NSA etc. did not see themselves as constrained by Safe Harbour. In light of the ECJ's rulings an investigation into Facebook's protection of European data seems appropriate.
I had 16MB of RAM and it ran like a champ. It was plenty of RAM even for gaming, I used to blitz through X-Wing Vs. TIE Fighter and plenty of other 3D games without breaking a sweat. Hexen II and Duke 3D were regulars on my PC.
That's exactly why - if you got a page to finally load, you didn't let it go easily.
I loved that song and I loved having it on the PC. It blew my mind and it rendered amazingly at the time through my 2MB ATI Video Card. And that really was a video card, not a 3D card.
Why not use DKMS and let it fix itself. Even better!
England?
If you really think the amount of airplay you get in a bar is equivalent to the critically acclaimed musical legacy of this man then I'm not sure what to make of that.
I'm 35 and Neil Young is one of my favourite musicians. I think he's one of the most accomplished songwriters of the past century. I suggest listening to some of his albums rather than waiting on random airplay of one of his "hits".
That is not how Security should function. It's not a matter of being judge, jury and executioner. Your task is to advise of the risk and propose (and possibly enact) controls to mitigate or avoid that risk.
If your job was to be perfectly secure you'd just unplug the network and lock all the doors with the employees outside. The security function must support business operations.
In my experience a broader view pays dividends. That can be achieved through secondment, introduction of new blood or with the best cost/benefit ratio by going through industry certification. Maybe an RHCE for a 25 year Unix sysadmin is questionable, but an Audit certification for your systems auditor will likely provide a view higher-level corporate governance and of course provide the assurance that your C-level suite will require.
Not everyone is working at grunt level for their entire career. Upward mobility typically requires expansion of experience, outlook and qualifications in larger organisations.
Assurance is very important. This thread unsurprisingly is focussing on programming certifications. However, if you hire someone to maintain a system you are indemnifying yourself against any challenges to your decision where you have sought industry-standard certification.
This not a substitute for judgement and a thorough approach. You filter down to the candidates who are enthusiastic enough about their career to actively partake in continual professional development, make your own decision based on your interview and then as I said are largely indemnified where a decision later comes under scrutiny.
They have a limited scope of action and limited deliverables.
Successful or not I was trying to call out the shortcomings of the role rather than the people working in it.
Every day I talk to project managers who probably do an excellent job meeting their deliverables and will be rated very well for doing so. Unfortunately what they do isn't the right thing but what they were asked to do. There's no reward for doing the right thing even if it's value-add. That same point is what I was trying to illustrate with my comment; the output seen here is the perfect manifestation of that kind of attitude.
But "not being the smartest" is not the same thing as "being the dumbest". No one said they were idiots.
When your brief is simply sell and your output is "Ah sure no one should use pens any more, buy our product" you can either stand over it or recognise the base nature of what you've done. Your argument about creativity really can't reasonably apply here. The output is by nature not of substantial creativity but rather the narrowly interpreted result of a functional requirement.
I've never considered the sales and marketing people to be the smartest part of any organisation. They have a limited scope of action and limited deliverables. Calling this out is right. I wonder if they also think children should stop learning maths as we all have calculators - or more likely that we all have calc.exe.
I feel like you haven't been reading many of these articles over the past 13-14 years here on /.
The problem is conflicting jurisdictions. The PATRIOT act requires US businesses to hand over data stored when requested, even if it is outside of the US. Twitter are subject to those requests.The EU have strict laws regarding data protection but the fundamental issue is Twitter are breaking somebody's law whichever they choose to comply with.
Let's paint the picture - a request for data on an EU citizen, posted from Europe through a European datacentre but on a service owned by an American company. The American government request data but European law prohibits it. What do the American company do? Whose law do they break?
Storing the data under a non-American subsidiary puts at least some buffer in there. I'm not sure how effective this will really be but that is the intention.
OMG RFC PONIES!!!
No moving parts, no maintenance
Let's see you couple that battery directly to a wheel and see how far that gets you moving before you wish you had moving parts between them. I am looking forward to electric cars being more common but blind optimism doesn't help, the fact is you still need an electric motor and batteries have too small a charge, too short a life and too much environmental impact.
You still have maintenance on the electric motor, you still have a motor and you still have toxic emissions albeit they are now suspended until the battery replacement.
That's exactly how I feel, but moreover logically that is why these medicines are prescription only.
As a European I was horrified to see that prescription medicines are routinely and frequently advertised on television in the USA instructing the viewer to ask their doctor to prescribe the medicine.