Oops. Missed one.

Oh, you need to have one dedicated hardware box for every project - no VMs in your IT paradise.

Why not? There's nothing preventing a VM's hard drive from being encrypted, and if somebody gets and keeps kernel access to a server long enough to find the keys in memory, you're in deep crap anyway.

I thought your whole point was to not have shared credentials that can be used to expand access beyond a single box. If you're going to run the boxes in VMs, then the hypervisor has privileged access to many boxes. If you want to be able to move VMs around in a cluster (which is how just about everybody does it) then that basically means you have a single point of access into every VM in your company. At that point, why not actually take advantage of centralized administration, since you've already denied yourself the benefits of a distributed model?

The purpose was to limit what an outside attacker can do, not what an employee can do. For protecting against outside attackers, you should be able to largely mitigate threats to the hypervisor by not configuring any network connections in the host OS itself (except while patching remote zero-day holes in the kernel or the hypervisor), and by strictly limiting what people can download and run while running in the host OS to... well basically nothing except the VM software.

You can't do nearly as much to prevent attacks by your employees, but with that said, the more confidential the content, the less appropriate a VM would be, and the more locally controlled the server should be, with fewer people having access. Giving access to random IT people significantly increases your exposure.

You have a kiosk on a manufacturing floor. Do you propose having 14 kiosks at each location in the event that there are 14 different employees who have to use it? Or are you suggesting that employees should carry laptops around all the time? Not every employee works at a desk.

That's certainly a fair argument, at least in the context of relatively low-tech parts of certain businesses. However, it is also unlikely that such systems will have vast amounts of intellectual property that anyone would want to steal. In the context of a business that makes movies, by contrast, it is perfectly reasonable for every employee to have a laptop.

And what about support calls? IT workers may need access to lots of PCs, especially since your solution precludes the use of any kind of push-driven automated software management system.

Teach your employees to actually maintain their systems properly, and that ceases to be an issue. If your employees can't handle that, they shouldn't be working in a highly tech-centric business. Again, we're not talking about a factory floor here. We're talking about people who are using computers to create movies.

You cut out the part I responded to. Are you backing up the workstations or not? If not, why do you need all those backup external hard drives at each workstation? If you are, then how are you protecting them against fire? Or are you proposing just spending lots of money on the appearance of having backups, without providing actual data security?

Yes, you should back up the workstations, but not necessarily in a way that would guard against fires. The overwhelming majority of data loss is caused by either failure of hard drives or unlucky random data corruption that eats large swaths of your directory structure. By comparison, fires are orders of magnitude less common, so it isn't entirely out of the question to simply conclude that this known risk isn't worth protecting against, particularly if most of your really critical information lives on servers anyway, and your workstations only contain recent changes to projects or whatever. If the cost of a loss times the probability of that loss is less than the cost of protection, you're better off skipping the fireproofing. It all depends on how many days or weeks of effort you would lose if you did have a fire.

Ok, so instead of breaking into your AD server or whatever with credentials for every employee in the company, you break into the self-service HR website which has credentials for every employee in the company?

You can partially mitigate that risk by using email addresses as the username on the HR website. You can further mitigate that by telling users to use different passwords on confidential project servers than they use for other purposes (including the HR website).

Suppose you need to defend yourself in a court case and an email between two employees who are no longer with the company sent 2 years ago is important? Or suppose you laid off half a department? Your solution is analogous to just letting everybody just use their gmail accounts to do work - no centralized access to email.

What would you do if their only communication were in the form of physical meetings? There's really no difference. And there's also a decent chance that the continued existence of that email evidence will get you into trouble, in which case you're better off if the evidence no longer exists. At some point, it becomes a bit of a coin toss. With that said, there's nothing inherently preventing you from having central archives, so long as public key encryption is used to limit access to the data in that archive, and that the private key is kept in a safe place (ideally, offline).

Great. Where do you keep all the backup decryption keys? How do you test to ensure that the list is always current, and that all your backups still work?

I'd typically expect you to use a multi-stage scheme in which any of several admins' login credentials can unlock an encrypted store that contains the private key. And I'd expect that encrypted store to be backed up to the same server as the data. But that's just me.

How are you going to distinguish the browser telling you something from the piece of malware on the client from telling you the same thing?

This is one of those situations where security through obscurity actually provides some benefit.

I pointed out the issue with this in the part you didn't quote. You're advocating every company building its own IDS. Most won't do that well.

It doesn't have to be great; it just has to be unique.

So, if somebody compromises the network identity database they only get access to the servers, which is where all the important data is? I don't get the point in not using network credentials on the clients if you're already using it on all the systems that really matter.

Just to be clear, I never said that their reasons for letting users administer their own machines were security-related. I merely was using that example to counter the argument that it is infeasible for a large organization of moderately tech-savvy people to allow users to administer their own workstations, using only local account databases. People who were less tech savvy quickly got to know the folks around them who were more tech savvy, and any problems not involving the network infrastructure itself tended to work themselves out pretty quickly without having to send an IT person over from another building.

I wasn't ignorant about electricity then. I just screwed up when disconnecting the flyback from the picture tube. (I don't remember why I was disconnecting the flyback; it was too long ago.)

And FWIW, I'm not worried about getting shocked by three or four volts—I've touched bare batteries often enough that they don't really concern me. I'm worried about using tools around them, though, for several reasons:

• A screwdriver or soldering iron can slip and short out the battery, and the resulting rapid discharge can cause a lithium fire.
• A screwdriver or soldering iron can slip and puncture the battery, causing a lithium fire.
• A soldering iron can push the battery into thermal runaway, causing a lithium fire.

Lithium fires are not much fun to think about.

I think the differences in outcomes between what we'd have likely seen from a Gore Administration and what we actually got from GWB are self-evident.

But you're comparing two specific individuals, not two random samplings of the parties. Gore would probably have paid more attention to Al Qaeda, and *maybe* 9/11 would have been stopped, but probably not. We probably wouldn't have gone to war with Iraq, but that was in large part because of George W. Bush's personal grudge against Iraq's former leader for attempting to assassinate his father. If the Bush family had been Democrats, George W. Bush probably would have behaved in much the same way on Iraq, because he still would have had the same motivation.

With that said, make no mistake; I'm not saying that there aren't *any* important differences between the two parties—on economic issues, the Republicans are just plain out to lunch, whereas the Democrats are only dining in their cubicles. A better way to sum up my views is:

• Many of the differences between parties are only differences in lip service, not in actual behavior.
• Both parties are considerably less than ideal, albeit to different degrees and in different areas.
• Both parties' positions represent a relatively narrow range of views, and we'd be much better off if our representatives were considerably more diverse, both in their political views and in their personal backgrounds.
• Both parties, but particularly the Republicans, need considerably fewer people who are off their meds.

With a little effort, you can read middle English from 600 years ago. Before that, it's really tough, and even that can be problematic. 500 years is about the limit. The last time English really changed radically was after the Norman invasion of 1066, which brought a strong French and Latin influence, rapidly changing English from an almost purely Germanic language into a hybrid Germanic and Romance (Latinate) language. At this point, modern English is widespread enough that it is probably unlikely to suffer that fate again.

However, even as late as six or seven hundred years ago, English was still a very different language than it is today. As spelling became standardized in the 15th and 16th centuries, pronunciation changed quite a bit, resulting in both the great vowel shift and the transition from Middle English to Modern English. Those changes were mostly finished by the late 1500s (though the vowel shift continued into the 1600s), and since then, the core of the language has been pretty close to constant.

I mean yes, English has changed a bit since Shakespeare—a few slangy secondary meanings of words have fallen into disuse, causing certain bawdy puns to no longer be funny, some pronouns (e.g. thee and thou) have fallen into disuse, causing them to seem archaic (but still widely understood), and we had a big spelling simplification in the U.S., mostly in an act of rebellion against Britain, but otherwise the core of the language basically hasn't evolved at all. Instead, the language has mostly just added new words for new concepts that didn't exist previously and borrowed words from other cultures to describe local foods, clothing, and so on.

Why? Three things really cemented the language in place: the strength of the British Empire (not getting taken over again), the advent of the printing press, and the resulting rise in literacy. It is likely that the rise of global communication will slow the evolution of language even more, as standardization improves (though one might look at a typical Facebook post and argue the exact opposite, but I digress).

So assuming we discovered a way to freeze somebody for 500 years, there's a lot of things they'd be confused by, but I'd be very surprised if the English language were one of them, notwithstanding minor spelling changes and new words for things that haven't been invented yet. I doubt they'd even be shocked by people's accents in 500 years, much less have trouble understanding the words. After all, the rise of audiovisual recordings is likely to nail down pronunciation in much the same way that the Gutenberg press nailed down spelling and grammar.

LEDs are voltage-operated devices, if the voltage sags, odds are you're not going to keep the LED lit. 3.7v nominal li-ion cell drops below 3v (most white LEDs require 3v minimum) and it's simply not going to work any longer.

But we're talking about a laptop battery pack, which is probably wired in groups of 4 cells. The laptop will tolerate down to... maybe 11.4V (12V - 5%) and the highest voltage the pack will ever produce is about 16V. If you naïvely design a light using four LEDs in series, then yes, it would die about when a laptop would (assuming the LED array draws enough current to cause a voltage drop in the first place).

However, if you know the packs are likely to have a bad cell, I doubt you'd design it that way. Instead, you'd probably use a voltage regulator to pull the voltage down to 9V, and then wire two or three LEDs in series instead (3–4.5V). That way, the source voltage can sag like there's no tomorrow—as much as 25% below nominal or 44% below peak—and your LEDs will still light. :-)

I got thrown across the room by a picture tube's hot lead when I was about that age. So you'll forgive me for being overly cautious. :-)

Personally, I prefer not to use a soldering iron around electronics while they're carrying electricity. Maybe it's just me.

But yes, you can do that. Very few people do.

If you're discarding laptop batteries while they can still hold a charge, not only are you doing it wrong, there is something very seriously wrong with you.

The problem with Lithium ion batteries is that their failure mode is often really obnoxious. When one cell in a pack fails, the battery ceases to be usable as a laptop battery, because as soon as you discharge down below some arbitrary fraction of its capacity, the voltage suddenly plummets below the operating threshold for your hardware, and the machine shuts itself off unceremoniously, with no opportunity to save your work or shut down cleanly. If the failure percentage is 5%, a few people will put up with it, and make a mental note not to let it get too low. If the battery drops dead at 60%, or if the failure point is a bit more variable, then you have to be pretty seriously hardcore to keep using the battery, because you risk losing all your data if you do.

However, under a lighter current draw, those same batteries will behave much better. The voltage probably won't sag at all, because (if I understand the problem correctly) there's enough time for the charge to properly redistribute itself across the entire pack even with a single, high-resistance (bad) cell. And even if it does sag, a voltage sag on an LED light would just make it put out less light, which isn't a big deal. For that matter, if they're cracking open the packs, they could probably fully utilize most of the cells for years before they would fail, so long as they toss the cells that have failed.

Sorry, you wanted the numbers rendered on your ordered list? Wrong site.

Funny, they show up fine on my screen. Then again, I browse using a custom stylesheet that overrides that particular bit of Slashdot brain damage. :-D

When I was young, I either had to have a job, or move back in with my parents ...

The fact is that you were more mobile when you were young. You could take a job a hundred miles away, and move to the job. If things didn't work out, you had your parents, and you could move back in with them. It might not have been an option that you'd have wanted to use, but was an option.

When you're older, at some point your parents won't be around anymore. And when you have kids of your own, you become more tied down, because you don't want to keep moving your kids around from place to place and disrupting their development. This means if you lose your job, your choices are more limited geographically. Additionally, there are fewer jobs for senior people, and getting them is harder. As a result, the older you get, the longer you tend to stay unemployed when you lose your job.

And although it is true that if you're earning excess income, you can and should save that money to provide yourself with a safety margin, not everybody earns a six-figure salary; most people are not in a position where blowing their income on an overpriced house or a Porsche is even possible. For the other 99% of workers, job security and stability are crucial.

Every desktop has individual credentials for the local user, and except when unavoidable, you don't grant any network users (LDAP, etc.) any access.

This means no central provisioning of user accounts/etc. That is a non-starter in any big company.

Lots of big companies do this. It isn't a non-starter except in the minds of people who have always done it in a particular way.

Anytime anybody needs access to another PC you have to send out an IT guy to grant access.

Why would anyone ever need access to another PC? Each employee should have a machine, and nobody else should be touching it unless that employee leaves the company, in which case the exit interview should require them to set their password to something and give it to their manager. So the only time you have to send an IT person out to grant access is when an employee dies suddenly.

Oh good - so that when the building catches on fire you lose the backup too. If the PC doesn't contain anything valuable, it doesn't need backup. If it does need backup, it needs something better than an external hard drive. Security isn't just about denying access to strangers - it is also about ensuring access to those who need it.

Fires are exceptionally rare, and the truly high-value assets should be on servers, which as I mentioned, should be backed up off-site, in an individually encrypted fashion. You can do this for desktops, too, if you'd prefer, but in practice, this really isn't needed.

This is a big company. Everything is a shared project, and everything needs all that backup anyway. Now the user has to remember multiple sets of credentials since they need a different password for every thing they work on since there are no network credentials in your firewalled paradise.

There's no reason you can't use the same password. That's really no different than using a shared credential, security-wise, except that a shared credential database represents a single server that you can target to obtain information for all servers, whereas per-server credential databases contain a smaller subset of accounts, which means that cracking one machine and stealing its password database will gain you access to fewer machines than cracking that central password server would.

Oh, you need to have one dedicated hardware box for every project - no VMs in your IT paradise.

Why not? There's nothing preventing a VM's hard drive from being encrypted, and if somebody gets and keeps kernel access to a server long enough to find the keys in memory, you're in deep crap anyway.

Looks like you need a dedicated backup box for each one too, since we don't want to have one backup box with credentials to thousands of servers. I guess the guys who change the tapes keep a big paper list of all the backup server passwords. Oh, and I guess you buy an LTO tape drive for each server too. :)

Nope. I specifically said that you should encrypt the backup data. The backups can all be stored remotely on a single server, or pushed to a single tape drive, just so long as the data is encrypted by the machine that is being backed up. That's the only way to prevent your backup system from being a single attack surface that gains you access to everything.

And of course there are no central credentials of any kind, and likely no way to recover lost keys for all those encrypted emails.

Realistically, why would you ever need to do that? Any internal email of value is, by definition, in the account of more than one person. The chances of an entire department dying in a catastrophic accident are very, very low.

There is a reason that no big company has policies like these.

The last company I worked for had many of these policies, minus the email encryption, with network credentials for servers *only*, and without the aggressive network monitoring. Its market cap is larger than the annual budget of many entire countries. So what I've suggested isn't really that much of a stretch.

And a zero-day exploit is very much a possibility all the same, which would mean that the hackers are the only people who can actually remotely administer all your PCs.

A remote zero-day exploit is remarkably rare. Realistically, zero-day exploits almost invariably involve bringing in outside content, and you have the ability to filter outside content. Either way, the means in which I proposed to restrict communications is such that it would only rarely affect users, but it would quickly detect any command-and-control channels so that they can be closed in a timely manner.

I don't mean to pick on you. It just sounds like you're proposing putting an end to social engineering attacks by removing all the telephones from the workplace. The reason those computers are all networked in the first place is that they help everybody to get work done.

Not at all. More like putting an end to social engineering by noticing that ten employees were called by an unknown number, and asking the employee who it was. But even that isn't quite accurate. Unlike with a phone system, in practice, computers in a workplace are almost never accessible from the outside world without a VPN connection. So by definition, any command-and-control communication channel must be opened from the inside to an external server. And you should be able to determine whether the user initiated that communication with a fairly high degree of certainty by making the browser tell you. Given how few distinct servers an average computer communicates with beyond the user's knowledge (mostly limited to automatic updates), it should be very easy to identify any command-and-control connections, because they're the connections that the browser didn't initiate, but that go to a server you don't recognize.

I am willing to bet that the ages of those who resigned were all over 55. That some of the adaptations were things like rewarding skill not seniority. That new hires might actually be paid as much as someone with 20+ years.

One big problem with focusing solely on skill is that there will always be someone younger, who has more energy. The older you get, the more crucial job security and stability become. So policies that don't take into account seniority tend to attract that younger crowd. Unfortunately, young people are fickle. When you're in your early twenties, most folks are willing to drop a job and pick up a new one like it's a hat. It is difficult to maintain a consistent voice and a consistent style when the people keep changing, and worse, lots of institutional knowledge simply disappears when that happens.

The only way to be successful in the long term is to keep a decent percentage of your senior people around. If you don't do this, your organization is screwed. Unfortunately, the self destruction usually doesn't happen immediately; it is a slow rot that progressively degrades the quality of the final product, resulting in a gradual decline of sales. As a result, the people who promote such shortsighted thinking rarely get the blame that they deserve.

The U.S. considers those who espouse totalitarianism to be outside of the main stream.

Nothing to do with totalitarianism. Outside of a few social issues, the U.S. has almost no liberal politicians, and the U.S. also has essentially no fiscally conservative politicians. Instead, both parties are fiscally liberal, with the Republicans being the most fiscally liberal (spend money and don't worry about raising taxes to pay for it). Both parties are socially fairly conservative, with very few progressives or socialists even on the Democrat side of the aisle. The only real differences between the two parties are that:

1. They're backed by different groups of corporations, so the policies they create favor different corporations.
2. The Republicans tend to be backed more by the wealthy, so they tend to lower taxes on the wealthy while borrowing from Social Security that mostly benefits the poor and middle class, whereas the Democrats tend to be backed by more of the upper middle class, so they do the opposite.
3. The Republicans have a significantly higher percentage of people whose view of reality is so distorted that it can only be described as a mental illness.
4. They differ in their views on when people should be killed by others; Democrats are pro-choice and anti-death penalty; the Republicans are anti-choice and pro-death penalty.
5. The Republicans tend to have more people who think deregulation will magically improve things, despite the fact that those regulations were invariably put in to curb actual abuses, which invariably start happening again the moment the regulations are overturned. See also #3.
6. The Democrats tend to create social programs, then forget to check up on them to see if they're actually working as intended, and just assume that they are. The Republicans also tend to not check up on them, but complain that they're not working as intended, even if they are.

In short, the differences are mostly a lot of empty rhetoric, full of sound and fury....

... Objective C is too verbose.

Other than a handful of obvious edge cases (the worst of which were fixed with fast enumeration and string and number constants), I'd argue that it mostly isn't Objective-C that is too verbose, but rather the Cocoa APIs themselves. And you'll be using those same ginormous scrubtheKitchenSink:withBrilloPad:andCleanser:byHand:usingExcessiveForce: methods in Swift, just with slightly different punctuation....