The application developer pool should not have access to the live production database from a remote location. The developer should be given access to a sanitised database clone.
In many the two are one and the same, and they access the database from halfway around the world. Physical access isn't always compatible with $15/hr, and you can imagine which sounds more important to the typical PHB...
Before looking at the technological failure point I would like to know why that much data is exposed to a vpn connection in such a way that it can be exploited.
Because idiot IT "consultants" generally view the firewall as the only important line of defence. I can't count the number of business I've gone into to clean up a mess, and found the perimeter firewall to be....well...mediocre, and the internal security to be absolutely non-existent. Basically, the assumption is that anything that's on the network is supposed to be there, so you don't set anything up to question it.
I work in a Fortune 500 company, and anybody on a VPN can ping any database server in the company. If they have valid credentials, they can log in. For some servers the application accounts are extended into the database so if you know where the database is you could log in and query the whole thing (ie bypassing the front-end and any business logic it might enforce - hopefully the DB account would be read-only but I wouldn't count on it).
Internal security tends to be very light. Maybe they're running IDS, but I can't vouch for that one way or another.
The flip side of this is that strong security isn't cheap, so it isn't appealing to PHBs. It costs money and tends to slow things down. So, we have lots of perimeter security and a soft, squishy interior.
It's amazing to me how stupid we are in this country that $20K+ per school to react faster to a catastrophe is so much more palatable than helping distressed kids and preventing the catastrophe in the first place.
Amazing, yes. Surprising, no.
Studies have been done on healthcare and factors that impact it.
Being homeless tends to make you sick. If a homeless person gets pneumonia we'll spend tens of thousands of dollars on hospitalization to fix him up and put him back out on the streets to get pneumonia again. What we won't do is spend $500/yr so that he can live in hostel-like conditions in a shelter.
Rotting drywall aggravates asthma. There have been documented cases of people with multiple ER visits to the tune of tens of thousands of dollars due to sever asthma problems. The government will pay for this sort of stuff (or the hospital gets stuck with the bill - people who can't fix their drywall won't pay the bills). The cost to fix their drywall is in the hundreds of dollars, to maybe a few thousand. Again, we're more than happy to pay to fix up people, but heaven forbid somebody without a job gets to live in a house that won't kill them.
Unfortunately it isn't that simple. Mental health is not well understood to start. The treatments aren't well-understood either.
I'll be the first to agree that I think we give too many pills to too many kids. However, I'm not convinced that the best solution is to tell them to just pretend nothing is wrong either.
One thing that I've heard about antidepressants is that they tend to increase motivation. In 99/100 cases that might cause you to finally get out of bed, take a chance on making friends, and get your life straightened out (maybe even to the point that you don't need the pills any more). Maybe in another 1/100 cases it motivates you to get out of bed and kill yourself. The problem is that the 99 successes are hard to measure, but the suicide is easy to measure. Sure, all 100 might live on without the pill, but if you offered me a choice of staying in bed for the rest of my life, or a 1% chance of death but a 99% chance of being happy and productive, I think I'd take the latter. Of course, I don't know the actual numbers, but people make those kinds of choices when electing surgery all the time.
The stuff about bullies is a red herring; school shooters are not significantly more bullied than the average.
I'm not sure how you could even scientifically gather data on bullying without basically spying on everybody without their knowledge all day long.
School shootings are fortunately rare, which means it is hard to do statistics on those as well. It is like trying to do a statistical study on the cause of the Great Depression - if we had a Great Depression three times a year maybe it would be possible, but when you only have one or two, they're black swans.
I'm sure there are many factors that contribute to school shootings, and I would be shocked if bullying wasn't one of them. I never shot anybody while being bullied as a kid, and I know others who went through the same thing and they never shot anybody. However, it doesn't surprise me at all that if you put enough people through that sort of thing you end up with the occasional Columbine. I'm sure hundreds of thousands of kids are bullied every year - probably a few for every school in the country. If you roll the dice often enough...
Pointing out who is right and who is wrong does absolutely nothing to fix the problem, which is that every few years we seem to end up with a dozen or two dead kids somewhere, usually including the shooter. Pointing out that the shooter was a bad person isn't going to make those kids live again, and it won't stop the next person from doing the same thing.
In many of these situations some kid feels like they're all alone and they lash out against everybody. Sure, the other kids who wouldn't be caught dead talking to him didn't deserve to die from it, but that won't help them if the bullets start flying.
Our criminal justice system seems to be built around deterrence - if you treat people who commit crimes harshly then nobody will want to commit a crime. Clearly that isn't going to work in cases of murder-suicide, but we're so attached to our system that we will do ANYTHING else to try to fix the problem before we even think about helping would-be criminals before they become criminals. Heck, last night they interviewed a homeless guy on the radio who was having trouble getting into a shelter before a cold front moved through, and he said that it wasn't a big problem if he didn't get in - he'd just do something to get thrown in jail for the night. Apparently we don't have money for $3/night beds in a shelter but we have plenty of money for kevlar, police cars, and holding cells. I'm sure somebody will come up with the bright idea of putting the holding cells outside in the cold to deter this sort of behavior.
It's still no excuse to start firing guns if the school's mental healthcare system does not support you properly. No matter how fucked up you are mentally, the first and foremost thing we should do is to halt you if you start harming other people.
Excuse or not, it will still happen. It is great and all that we can hang people in the public square after they've killed 47 people, but if you don't want those 47 people to die in the first place it isn't enough. Somebody with mental health issues really doesn't care that you just hung somebody else up in the public square last week - in fact that might further motivate them to commit the crime.
Lecturing the guilty about their guilt also isn't likely to do too much to actually fix the problem.
And I suppose a high calibre machine gun is no more dangerous than a fucking letter opener or cocktail stick?
There's a reason we give soldiers rifles instead.
Because they're usually fighting enemies that have rifles, too.
That is hardly the reason. Soldiers are always armed with the most effective weapons for their mission regardless of the expected resistance. When they're storming a building full of terrorists holding hostages at clubpoint they don't bring swords - they bring flashbangs, grenades, and assault rifles.
Sure, you can kill somebody with a knife, but it isn't NEARLY as effective. To start, range is a big challenge - maybe you surprise one person but after that everybody is going to start running. At that point it is going to be hard to kill anybody with a knife. Even if you have a bunch of kids confined to a room and you're standing in the doorway, it would be difficult to actually catch somebody and hurt them, and you'd be at serious risk of counterattack - heck a roomful of people throwing books at you is going to be a problem.
If knives were anywhere near as effective as guns for doing anything you'd want to do with a gun, then nobody would be upset about gun control. I do get that there are valid arguments against gun control, but this doesn't really strike me as one of them.
And suppose a person already HAS guns. Maybe they are a hunter, and love hunting. Because they are afraid of loosing their favorite recreation, they AVOID seeking mental help. Is that a great idea?
The FAA does the same thing to pilots. If you go to a shrink, you'll probably lose your job. So, you don't go to a shrink. Now everybody is safer, right?
The US is like an experiment in mental torture. We make it easy to lose your job, hard to survive without a job, stressful to keep your job, and extremely expensive to get help in dealing with any of the above (either physically, emotionally, or intellectually). But, when somebody inevitably breaks down and shoots a bunch of people, we've got a great tort system and capital punishment so that lots of lawyers can get rich off of the event and so that the families of the victims can spend the rest of their lives pursing vengeance in various ways as a substitute for receiving some kind of care to help them to actually cope with an event they shouldn't have had to experience in the first place. We've refined "passing the buck" into an art.
There are other options than Amazon, have a look at Madrill
Amazon wasn't my first choice. I tried using some service that turned out to use reachmail, and I got a lot of bouncing. Since I can't bounce my mail through amazon anyway, my outgoing volume ends up being super-low and so the costs aren't that high. I send most of my mail through gmail - it is really only things like mail aliases and server messages that don't go to myself that go out through Amazon.
Yup, Verizon has been talking about blocking outbound 25 for ages. I send all my outgoing mail through Amazon as a result, on 587. It is a real pain though as they don't support bouncing mail from other domains in this way (useful for mail forwarding, and of course for lists). Anti-SPAM measures tend to be hard on both of those use cases.
Even if Verizon didn't block outbound port 25, chances are everybody else is going to block it on the incoming side if you're coming from a dynamic pool, unless you're authenticated.
Stripping out STARTTLS may mean that you can't authenticate to the mail server --- which is frequently required --- over an encrypted channel. Some unfortunate individuals set (or don't unset) an option that tells their e-mail clients that encryption is preferred, but not required, which they assume to be sufficient --- because they know that their mail server supports encryption.
I do this simply because many services don't accept TLS connections if the certificate isn't trusted. I still want to use TLS whenever somebody is willing to do so.
It is a bit frustrating because right now I'm sending almost 100% of my mail unencrypted over POP3 along with credentials simply because Google refuses to use SSL with a self-signed certificate. Sure, somebody could MITM me if they did accept self-signed certificates, but now they can not only MITM me, but they can also just passively intercept everything.
There is no cookie-cutter formula.
If you're hiring a guy who you want to come up with really good technical designs, then by all means hire the guy who is absolutely brilliant and lock him up so that nobody has to talk to him. If you're hiring a sales position by all means hire the frat boy whose main skill is getting people to smile.
Most jobs will fall in-between, and as you've seen the technical skills aren't always the most important ones.
Like a majority of the job postings we don't list the salary range. We only get to that part after the interview process which is why I know salary isn't the reason we are not receiving candidates.
I set up an online storefront selling popular consumer products for "great great prices!" and I can't understand why nobody is ordering them. There must not be anybody buying TVs these days. I know it isn't because our prices are too high because under each ad we clearly state that you can drive on down to our showroom and after a 3 hour sales pitch we'll tell you the price.
Decent job candidates aren't going to humor you to find out if you're willing to pay them what they're expecting. If your greatest fear is that you might end up paying somebody what they think they're worth, then you might want to just advertise for minimum wage and hire anybody who walks in the door.
I agree that networking is a skill set. however if you choose not to network, you need to learn how to write resumes and cover letters that satisfy the job description.
No argument that this is what it takes to get hired in a big company - I work in one. However, I do think that big companies short change themselves with their processes. It is a bit like large democratic governments. You select the candidates based on their success at doing one job, and then you give them a completely different job. Then you wonder why they spend their entire time in their office campaigning for re-election. Simple, that is what they're good at.
The problem companies have is that the skills needed to get hired are NOT the skills needed to get the job done, despite all the outward appearance of the company trying to make it so.
"Plastic gun. Ingenious. More coffee, please." -- The Phantom comics
