Bill Gates called it, way back in 2004. And Bill Gates is never wrong about ANYTHING. So it's pretty obvious that whatever we've all been receiving in our inboxes since 2006 that looks like spam isn't. Probably, we're all just overwhelmed by all of the legitimate emails we're getting from our many, many friends nowadays, who really are just trying to tell us about some aweS0me dea1z on r0lexxes, and we just can't decide which of the incredible bargains to choose from. And it's actually Google and Yahoo's fault for not having deprecated their spam filters, even though spam now is a thing of the past (trying to make MS look bad, of course). So they keep catching your friends' emails as spam. But it can't be spam, because it's 2010 already. And Bill Gates said.

You went from the above in your original post, to whistleblower employees playing Spy vs. Spy in your latest. I humored your first reply by pointing out ways that you can actually layer your security to prevent most data protection breaches, instead of resigning yourself to the fact that users prefer to make their passwords "password", and it's not like there's anything you can do about that... But come on, you're kind of changing the subject here... I specifically said that nothing is 100% effective. I realize that cognitive marvels can memorize things. Or write them down on a notepad. I wasn't talking about that, but then neither were you initially.

Whether you want to acknowledge it or not, in many, many cases and environments, the weakest link is absolutely the sysadmin, who throws up his hands in the midst of his end-users, and does nothing. Rather than the end-users themselves, the vast majority of whom are more likely to click on a random executable than to want to sell the secret formula of New Coke to the highest bidder.

I couldn't disagree with you more. Most of the point of IT security is to make it harder for anyone to exploit the user, that user included... so hard that it isn't worth the effort.

If the sysadmin fails to implement counter-measures, it's he who is the weakest link. Because whatever its true effectiveness is, there's ALWAYS a counter-measure. I can think of an industry-standard counter to every single scenario you and others have alluded to here; you had to downshift into a pretty specific hypothetical about someone who willfully chooses to leak data, in order to support your original assertion. It doesn't make it any less misguided to let the sysadmin asleep in the corner off the hook.

Feel free to give yourself the last word here.

No measure or countermeasure is ever 100%, but in your disgruntled employee scenario, if you know what the confidential information is, you could use some mix of Rights Management Software... as well as the blocking of file types (say, .png, .jpg, .gif screenshots) from exiting the internal network... as well as preventing USB drive access, etc... and a lock on the computer case. So now the disgruntled employee would have to walk out the door with the computer in order to realistically take the confidential info with him/her. Again, it might not be 100%, but depending on how many 9's you need to put next to your certainty that no confidential data can leave the network, and how much the business is willing to pay to implement it, you can have a fair amount of data protection. You're definitely not helpless to the whims and malice of your users.

In a sense, though, the weakest link is actually the sysadmin, who isn't enforcing appropriate password complexity, length, age, etc... As well as, in a corporate context, not locking-down the network and machine and user profile, so that keylogging executables aren't so much of a problem. Even if the business and/or customers complain about "impact", there's always a way to win the argument for establishing and enforcing IT policies that make sense. You have to be willing to save users from themselves.

Quoting: "Internet service providers should have authority to block subscribers from sharing music and other files without permission of the copyright owner, the RIAA said."

I don't think highway operators in this country have ever been compelled or encouraged to stop grand theft auto, or interstate smuggling of stolen goods... Or that phone companies have been expected to prevent con artists from swindling people out of their money to buy "beach-side" Florida swamp land. Et cetera. This would appear to be unprecedented.

Quote from the article:

"I thought it was the phone -- 'Maybe this phone is just weird and does magical, horrible things and I have to get rid of it...'"

...Anybody know where I can find the sysrq key on it? :)

What exactly would need to be ripped out and replaced? Certainly not the physical layer, which deals in 1s and 0s. Nor the routers, which can route, for instance, IP and IPX. Nor hosts, which can have both an IPv4 and IPv6 address, and which also resolve, for example, DNS and WINS names. Protocols are deprecated as they outlive their usefulness. Hardly anything ever has to be ripped out to be replaced by something else.

I did not know that... Reading slashdot without the scores is like looking at a whole new world. Thanks for the tip. :)

Feel free not to quote numbers then, and just declare to everyone your "feelings" about things instead. And leave the numbers to people who are actually interested in facts and accuracy, not just in overstating those numbers to win arguments or make vague points about "oil-rich" countries, or Google, or whatever. I, for one, am definitely more interested in looking at the actual data than someone's exaggerated estimations of it. And I think I'm probably in good company on /. with such a disposition. But by all means, continue replying to posts with the hope of getting modded up as "interesting". As opposed to "informative". Which is different. As they say, it takes all kinds, the Datas, the Kirks, all welcome. :)

Nowhere in the links provided is "almost 30%" a number. From the above wikipedia source, "The 2006 American Community Survey conducted by the United States Census Bureau found that 19.5 percent of the population had attended college but had no degree, 7.4 percent held an associate's degree, 17.1 percent held a bachelor's degree, and 9.9 percent held a graduate or professional degree." Even if you decide to sum bachelor's degrees and graduate or professional degrees (since it's entirely feasible that the Census Bureau considers the latter to be a subset of the former), you still come away with 27%. If the country had 300 million people as of 2006, you just overestimated by 9 million residents. And 23% (Arab states) versus 27% (US?) is a mere 4% difference.

I'm not entirely sure what the poster's point was in comparing somewhat inflated/rounded-up numbers of US college graduates with other global regions, and how that makes them dime-a-dozen or whatever, but the actual percentages sourced appear to be closer than they were editorialized to be, in any event.

I bet the herbal supplements industry is hoping its customers will forget all about this report eventually... :)

In five or ten years, a fair guess is that virtually all music and movies will be purchased in various on-demand subscription models. It's what consumers want. The companies which understand this are going to thrive. The declines mentioned in the article only seem like industry-wide problems because some of the players still haven't figured it out, and would rather prosecute their customers than adapt to a permanently-changed economic landscape. These latter companies are not long for this world.

Yes, there will probably always be physical and "owned" media revenues of some kind (collector's editions, etc.). But I think the tech is very close to being able to deliver subscriber streams to the the home on a ubiquitous scale, with mobile devices not far behind. The price points are the only things somewhat remaining to be determined.

I offer an important caveat to an otherwise spot-on perspective: You must offer what the customer wants... at a price they ARE WILLING TO PAY.

And what do you think the SUSClientID is based on, which causes it to be a duplicate in the WSUS database in the first place? It's the SID. The SUSClientID registry value doesn't exist until a computer is pointed at WSUS and made a WSUS client. WSUS bases the uniqueness of clients on the SID, because what else could it use, and why else would you ever have duplicate SUSClientID's if it weren't basing the initial database entry on the SID? Ipso facto, duplicate SIDs are the root cause of clients not appearing uniquely in WSUS.

But yes... for anyone who's taking their IT advice from /. posts... in a scenario in which two or more computers have identical SID's, even after you change those SIDs, if you've already introduced those computers to WSUS, you will still need to delete the SUSClientID and then run wuauclt.exe /resetauthorization /detectnow, and all will be well. Also, if you are one of these sysadmins who follows or has already followed the above steps, I applaud you for seeking to address the root cause of the problem, rather than just working around it. You will likely go far in your career with this approach. In fact, you're probably working a lot harder than some of your co-workers, and should talk to your boss about a raise. :)