This is about more than just pirated software. Depending on where the Beijing office got the software, it could be carrying a malware payload that handed over back doors to all of their computers. China is well known for using corporate (and other) espionage to further their political agenda. Hooking into company systems to exfiltrate any possibly valuable data is far too common.

Quite right. Given my druthers, the first and most important thing I'd do is strip them of any and all administrative rights and, most importantly, re-Ghost the boxes nightly or run them as thin clients. The security situation is so poor in-country that you shouldn't even consider letting the local staff manage their own stuff if we're talking about such a tiny little office. Five guys wouldn't warrant a separate sysadmin in the states, and it still doesn't abroad when you've seen malfeasance on this level and are operating in a country with a massive corporate espionage problem. Again I say, strip them of their rights.

Make sure you have a couple of spare, online, patched workstations ready to go for when one fails 'cause you don't want them to have to have local admin rights. Grab yourself an IP-KVM, too and make sure you have two ISPs running into the office, even if the second is just some dinky little 256kbps line. That'll give you the capability of having them jack a KVM-enabled computer into a switch or firewall for diagnostic purposes if one of the two networks goes down and you can't remote into those devices. Likewise, it'll give you the capability of taking a peak at a bad NIC prior to having them swap a workstation out for one of the spares. Having Ghost on the network or something like it would be useful at that time to allow you to replace the no-longer-spare equipment you've had to have them put into use.

If I could get approval to do so, I might also lock down their workstation's USB ports and optical media to the point of uselessness and drop a monitor-less *NIX box with good AV software somewhere in the office with a ton of USB ports and DVD-ROM drives to remotely scan and introduce anything they think they might need onto the network myself. This should, of course, also be paired with an HTTP proxy that blocks any sort of executable code beyond the stuff that's used to render a normal webpage from coming in. I'd then set up MAC address whitelisting on all networks, wired and wireless. This would be a PITA, but it would give you an extremely high level of control over the network there, going far beyond what you have now, and limiting any practical attack vectors to hardware based attacks (keyloggers) and viral attacks embedded in flash apps, PDFs, etc. I don't think I'd bother with this step back home, but it seems worth it in China. Of course, this carries with it some rather dramatic drawbacks if your "design" shop is doing software engineering, and probably shouldn't be considered. Seems perfectly reasonable if we're just talking about artists or a bunch of people running AutoCAD.

Protecting your proprietary knowledge is probably well worth the level of hassle you'd be subjecting everyone to, yourself included, by doing the above.

You forget that neither of our parties tows a truly conservative party line anymore, and that the newly nationalistic neo-conservative Republican party recently adopted an anti-immigration theme as one of its core messages. We wouldn't be having this conversation if the H-1B employees had just been employed overseas.

They may not be paid, but editors of the German "de" Wikipedia do almost exactly the same thing through their use of MediaWiki's "FlaggedRevisions" feature. Not something I'd ever endorse a thriving wiki to do, but something that can and has been done, and something that's being proposed right now on the English wiki.

Or they maintain rigid change control practices in the home. If we were to hear her side of this story, I'm willing to put down cold hard cash that she requires that changes to non-sysadmin household policies (switching milk brands at the grocery market or moving from Netflix to Blockbuster) be preceded by three forms and two meetings. You wouldn't believe the number of consultants they hired to write specifications and the amount of capital they raised for the separate fund site before they decided to order their very own test tube baby.

>Quota is about money headaches, not infrastructure headaches. Google can't help you with that.

No, it's about infrastructure. They allow for users to "apply" for more if the app is cool enough, and presumably award some free access to a higher quota - Read the grandparent post link. Google does at least offer to consider helping. Regardless, though, money buys and maintains infrastructure, and that's all that really is the issue here even if they are trying to milk most developers that use the service of a bit of cash.

I still say they shouldn't raise the level cap. The game is pretty off-balance at the current one, and I hit it with a third of the map unexplored and four-six more hours left in the primary quest. I wish they'd just drop the level of experience gained, across the board.

If nothing else, it suggests a benign, free, easily found device that can be used to distract oneself after digging up those memories. May not be particularly profound, but it was worth writing up - Not everything is particle physics. Science that is easily understood by the public at large carries an inherent value well worth pursuing.

  You just shouldn't take it to extremes. Sure knows how to pick 'em, eh?

>your project purposely obscures the code.

Interesting allegation, but could you be more specific?

Or, and this should have been done by default when it shipped (although agree with the grandparent post - Great slightly-better-than-Mac style GUI):

Drag the print icon from the shared Office menu (what you get from the top-left corner) into the title bar of the application, for easy access. PITA the first time, fine all subsequent times.

http://www.engadget.com/2008/12/03/asus-eee-box-b204-b206-grows-an-hdmi-port-handles-high-def-ma/

Like that?

Considering that we're talking about a tiny little handheld device without a video-out port, it's a bit ridiculous to expect proper HDMI screen resolutions. It'll definitely be interesting, however, to see how well this works on the B204/B206 series of HDMI-enabled, Radeon-powered Eees.

I had much the same set of problems and found decent universities in Tampere, Finland, Luleå, Sweden, and Accra Ghana that all participated in the ISEP program. My school offered a couple of different programs, but this one was notable insofar as it didn't require you to pay hardly anything extra. Unlike programs that expect you to pay massive chunks of cash for their own overhead and then full rate for tuition abroad, this one (and others like it?) just have the student pay tuition and room and board at the local university. They then get the same stuff from the receiving university.

On a related note, I ended up in Luleå which had the strongest English language CS program I'd ever seen. They also had a rather sizable community of foreign exchange students and a well-developed Swedish language program.

On a slightly less related note, no matter where you go you should make sure to take some non-engineering/non-CS courses. Studying international organizations and management abroad, even if only briefly, looks far better on a resume and will give you far more than any single engineering course. Be sure to make time for it.

Quite - Of all the news sites not to make the distinction....

The population distribution in most of the US is simply not geared toward passenger rail except possibly at the local level

That's not really true. It rarely makes sense to extend light-rail systems beyond the densely packed urban centers, but you're ignoring the old heavy traffic. The layout of our towns, highways, etc are all heavily determined by the paths that the railroads took 150-75 years ago. This hasn't changed, as many of our Interstates were built along similar pathways.

Now, Amtrak may suck, but it's not like there's good competition available. Driving takes every bit as long and already costs far more, and our piss-poor airlines with worse food than a Flying J: Don't even get me started on the Fly America Act and even greater sins our government commits in their favor.

If we had new rail-systems and new stations (with ZipCar and other car rental companies etc. colocated thereupon), they might very well be able to perform profitably. Let foreigners run 'em, too, so that the food doesn't taste worse than the truck stop food you'd get when driving (which is still better than the nothing-to-ramen spectrum on American air carriers), and this may very well be worthwhile. If speedy rail systems can be built that are fast enough and substantially more environmentally sound, we might even consider taxing competing air routes to subsidize them in an effort to meet soon-to-be-adopted CO2 emissions goals. Of course you may wish to hold off until after opening them up to all comers to knock the price down an equivalent amount.

Regardless, I'd assert that there is a market for a competently run Amtrak with maglevs et al or, better yet, multiple competing private firms. We just don't see it right now because the Amtrak service is (marginally) worse than the (insanely bad) domestic airlines. If we can restore service to all the cities over the million-person mark, I think they'd do just fine.

They just can't compete as long as:

1: They're as slow as a car
2: They serve worse food than truck stops (like the airlines)
3: They fail to advertise and compete aggressively due to lack of real market pressure
4: They fail to service many large cities

Still, that's half the point of the above. Look beyond light rail - The car manufacturers can make a lot of money regearing to deal with the above issues. If they're going to be bailed out with taxpayer money anyway, perhaps we should lead them in this cheaper and more fuel-efficient direction.

So then brute force attacks would be preceded by an open port check?

Unless you use some kind of port knocking attempt, that wouldn't solve much of anything for long.

Two points:
1: Port knocking or single-packet authentication really paired with the aforementioned port change really is a remarkably effective solution.

2: The article is discussing attempts to break into a large mass of computers, not targeted attacks on a single box. To add the considerable increase in overhead and visibility inherent in running port scans over a public network would be quite expensive, both in terms of the decrease in the number of boxes you can hit per minute and the risk of nodes in the botnet being cleaned up and removed sooner than they might otherwise have been. The former is doubly troubling to a botnet owner when you consider the cost of trying to identify the protocol in use on all the open ports other than 22, or of wasting an attempt to open a TCP connection on each of the ports.