Comment Re:Conway? (Score 3, Funny) 241
What, you never landed on the "you've had a baby, collect presents" block?
I suppose there wasn't a loop from selling the kids to having the kids go to "start".
What, you never landed on the "you've had a baby, collect presents" block?
I suppose there wasn't a loop from selling the kids to having the kids go to "start".
Wow. So "your" failure to secure your network is killing people (given the scenario above), and you would still refuse to hand over the password to people trying to stop the attack and therefore save lives??
If your stance is that extreme even in the face of an example that extreme, then you may have just changed my mind on this legislation. Clearly we need it. I would have thought anyone out there, when faced with something beyond their capability, would ask for help if it was really important. Guess not.
I would also suspect you'd end up in jail for criminal negligence / negligent homicide / etc.
And also, IANAL, but I think the statement about essential services is not correct. I believe there are legal avenues for essential services to be forced to be provided. (remember the Air Traffic Controller strike, Reagan ordered them back to work, and they had to comply)
It's absolutely data mining, but it's far from worthless.
Every time you go to Amazon and it recommends something to you, guess what, that's data mining using basically the same techniques that this service will use. And as you might expect, that equates to big $$$ for them (or else they wouldn't be bothering).
Many many fields use the technology, particularly the medical fields for analyzing the relationships between a large number of input variables (which may or may not be correlated) and some desired output variable. Spam filters, Google Search itself... all data mining algorithms. Nah, no money to be made there...
Now, the reality isn't as simple as 'upload the data, training the model, and generate predictions' normally. It takes time to figure out what factors to include, ETL'ing the training data from the actual source(s), plugging in algorithm parameters, and carefully validating your output model. Most models I've worked have taken several iterations to get right as you learn more about your input data relationships as you use the model.
And your second sentence is sadly true, if management wants a certain output, then the endeavor is pointless. But when used appropriately (and it's on the experts to explain the limitations of the tech to the users), this stuff is really powerful.
But will a lot of businesses be willing to send their 10 year history of accepted/declined credit card transactions with all the related demographic data to the cloud? Or their medical scenarios with the medical details of each patient? I think not. The type of data most mining projects use is critically sensitive. So I predict this will be limited to experimental users 'playing around', nothing more.
Or just block DNS ports except from their approved servers.
Just like most ISP's do already for SMTP.
as mentioned elsewhere, setting to other DNS servers can be defeated.
But... leasing dedicated servers is cheap (now), and VPS even cheaper.
Set one up as a VPN/Proxy server, and route your connection through there. The major server hosting farms can't (edit: won't) do any re-direction tricks as they would gain little/nothing from it.
That will effectively get you your direct access (with a latency/bandwidth penalty) without some insane cost.
Alternatively, business packages from the same ISP -may- have a different setup, but at a higher cost.
...crappy software.
Would you really rather have that $500,000 piece of equipment running DOS 2.0 move to Windows Vista?
When was the last time your DOS 2.0 machine needed a security patch, or rebooted itself randomly, to for that matter did anything unexpected?
Simple... yes
Outdated... yes
Crappy... not so much.
...I still can't help but yawn at this news.
True, but the interesting thing I think is that the people that the developer has the contract with took the suggestion, ran it through a government staff, and got the idea approved. A staff that gains nothing (directly) by giving the code away, has to take the time to understand the implications of their decision (since they'll be on CNN and fired if they do something dumb), and would normally consider something like this a security risk by default.
So I think it's fairly groundbreaking for a government bureacracy. And it gives the rest of government a precedent to use when having a similar discussion with their bosses.
Um, yes.
If anyone is basing their decision on who should be the leader of the world's largest economy/military/nuclear stockpile based on whether they use Drupal for their website and release any source their team creates, then... FAIL.
Doesn't mean it's not a good idea that shows action behind words.
In another ominous development, the phone company is planning to release a compiled document containing every name, address, and phone number of all their wired clients. The books will be published by region but be available globally. They'll be called by the disturbing name "White Pages".
They also will provide a charge-per-call service wherein on a request from not only government agencies but also private citizens, they will mining their data stores nationally in search of a particular individuals detailed info. While there is no clear consensus on this point, it appears this service will either be called 'Information' or mysteriously... just '411'.
They claim there will be an 'opt-out' option, but it will not be enabled by default, and there will be an extra charge for it's use.
Just some perspective to apply, not really meant as humor. This issue is about as dangerous as the phone book IMHO. You've got (or should have) an option in your router to hide your SSID. If you aren't using it, then you are BROADCASTING it. If someone tracking this information centrally really concerns you, change your SSID randomly every 30 days, and the MAC of your router. If your router doesn't support changing it's MAC, get a better one.
If it REALLY concerns you, don't use WiFi! There are much more nefarious things that can be done against WiFi than just logging an SSID/MAC that might actually be worth worrying about (again, IMHO).
Absolutely! Not having a contract at all is asking for trouble. In my first free-lance, I couldn't afford a lawyer, but I still wrote up a basic contract that covered who 'owned' what. Maybe it could have been chopped down in court in the event of a lawsuit, but the point of the contract was to AVOID lawsuits by ensuring our understanding of the terms of work was at least close to the same.
While a number of the possible variations have been discussed, in my opinion here's the basic questions the contract would need to cover...
1- Does the customer even receive any source code as a deliverable?
2- If so, does the customer receive source code to all libraries coded by the programmer, or just those libraries with custom code made solely for that customer (IE as mentioned, many of us have built a common DLL framework that we re-use in other projects, do they get that code?)
3- Does the customer have complete and total rights to the source code?
4- If so, does the original programmer retain any rights to the source code? (IE do you have to delete any code you made from your own systems after delivery)
5- Can the customer resell the binaries?
6- Can the customer resell the source code?
7- Can the programmer resell the source code/binaries? If so, to whom (IE not to competitors)
8- Does the customer's license ever expire?
In my case, I granted an non-exclusive non-expiring license to the "code", which included all binaries, and source code for custom code developed just for them (but not my utility libraries). They could not resell at all, and I couldn't resell to competitors. We were both happy and it was clear up front with no need for delays, just a 15 minute conversation with their tech lead, the CEO, and assistant CEO. With a larger company, I'm sure they would have wanted a legal review, but in that case I would have ensure we agreed on principle before starting requirements development, and go ahead and let the lawyers re-phrase the language to be more rock-solid as long as the general principles didn't change. I suppose it really depends on the level of trust you've got in that company.
"If you have to ask, it's hopeless"
Seriously??
Pretty much any major scientific endeavor started off with individuals with only a vague clue how to accomplish the task they wanted to complete. While I'm sure sometimes scientists slave away in private, most commonly they collaborate with their peers/co-workers to bounce ideas and seek inspiration.
I would say:
"If you don't have to ask, you aren't reaching high enough"
And actually there have been a couple plausible suggestions floated here, so it'd definitely not impossible (RLL/MFM HDD, floppies, custom firmware)
Because in the cases of fraudulent charges, the banks have to suck up the losses if they can't chargeback to the vendor.
Also, the amount of anticipated charge-backs change the VISA surchange the vendor has to pay. If a vendor collects physical signatures on groceries, then the surcharge will be lower than an online 'video' site that collects nothing but the CC number/expiration date. That's even if the site is completely legitimate, they want to profile how many 'problem' transactions a site may have.
Plus, post-9/11, there are a number of new laws concerning collecting financial data that may be affecting this. I recently cashed a large check from a title company, physically at the bank that the title company banks with (so it was essentially their check), and they wanted an obscene amount of info from me to comply with 'new' anti-laundering laws. I suspect something similar may be involved.
And finally, remember that really, the vendor isn't charging 'you'. The bank is charging your VISA, and then gives the vendor a percent. They are the man-in-the-middle.
Like others here, I'm not convinced. DoD is a very big place, and to say that was a 'joint' validation is odd... who was this joint organization who specializes in trash recycling within DoD? Probably one exists someplace (next to the agency researching favorite alien ice cream flavours), but what's telling is that the article doesn't mention who they are.
And the 'link' referred to doesn't have any mention of DoD in it either. Since the PDF has PES watermarks and was authored by Word 2010 (which the DoD won't be using), it's 99% likely it's not a 3rd party document. I suppose it might be based on a 3rd party report, but why not just include the test report? A government test report like this should be public info.
I've said it before, but if Google's investigation points to Chinese government IPs, they must tread on careful ground because they have employees in China that could go to gulag if Google gets too curious.
Involving the NSA allows them a certain level of deniability/immunity, and let's face it, the NSA probably has been tracking Chinese Gov't IP's a lot longer than anyone, so I think it's not a question of 'better' experts, it more a question of experts experienced in doing what Google wants.
I still believe that Google is still holding cards to their chest. I mean, how many other corporate hacks have occurred where the corporation has publicly requested the assistance of the NSA?? I'm not aware of any (though I'm sure someone will post a link showing how little I know!). So I think Google already has very good evidence that the Chinese Gov't was behind it, but is afraid to make that information public.
"Given the choice between accomplishing something and just lying around, I'd rather lie around. No contest." -- Eric Clapton
