Comment Re:What a nightmare (Score 1) 332
I dunno man, have you ever seen Vin Diesel say anything in a different manner across every movie he's ever been in?
I dunno man, have you ever seen Vin Diesel say anything in a different manner across every movie he's ever been in?
I wasn't talking about the technology at all. I mean, generally, its so far off TOS it just doesn't even make sense at all. I would give them leeway to make it look cool and facilitate some story elements, but they're just off in lala land. Its a completely different universe.
What I was talking about is more the character development, the message, etc.
There's too much in the canon and too many people who love it to just burn it. It's just stupid, you might as well just start a new canon if you want freedom.
The thing is, even if you're OK with them burning the canon so they can do whatever they want, what they did with that freedom is make shitty action movies with horrible dialogue and no plot. Someone else mentioned that none of the movies really lived up to the TV show, and that's probably true, but the new stuff is just shit. How they've handled Spock's character is just pathetic....his scenes are basically unwatchable.
The technology is all way off too. It doesn't jive with the original in any possible way. I realize this is a geeky thing to say but its fucking *Star Trek* if we can't be geeky about that, we can't be geeky about anything.
I agree about McCoy. He does a good job. If the writing weren't so patronizing I think he would pull off the character really well.
First Abrams' complete disregard for the history and the message of every previous Star Trek in favor of everything superficial and minor that has ever been in the series, and now they bring in this guy, of all people? They should just have Vin Diesel play Kirk and put the series out of its misery.
I actually wouldn't have minded the 2 newest Star Trek movies as mediocre sci-fi films, *if* they weren't labelled "Star Trek". The lens flare bullshit and the incompetent/inconsistent portrayal of Spock are things I could get past, but not as a Star Trek movie.
My shrink told me she doesn't do social media because all her patients tell her how horrible it is.
"if we don't do X, we going to get pwned" into "if we don't spend X$ and Y man-hours, we are exposing our business to $Z,000,000 -sized liability".
Um.
This sounds a lot like risk management.
Risk management is for COMMUNISTS.
Never do a risk assessment when you start a new project, it will just bring up uncomfortable information and make everyone feel sad.
In the case of security, it falls into this classification of 'technical things nobody even wants to understand' and also into the classification of 'preventative measures that people will not recognize the importance of, until after it bites them in the ass.' You tell people that it's a bad idea to use "password" as your password, and they'll blow you off. The more you stress the point, the more annoyed the'll become-- all the way up until someone malicious gains access to their accounts. Once they've been hacked, they'll come back angry, demanding, "Why didn't anyone tell me it was a bad idea."
Until there's an actual security breach, people think you're chicken little. They'll tell you, "I've been using 'password' for my password for 10 years and I've never had a problem."
Face that kind of attitude for a several years, and you get awfully tired of warning people.
Exactly right.
Security professionals have had to be budget-minded for a while now. We're not telling you this because we want to bankrupt the business, we're telling you this because it is a reasonable precaution to take, in line with standards and industry norms, and will save your ass and pay for itself 100x over if there is a breach. People view their own internal security department as the enemy, rather than someone who is on the same side trying to get people to do things properly. We get that there's a margin and a budget, but if you always decide in favor of, "get it done now, as cheaply as possible, we don't have time to do it right" eventually it will catch up with you.
Adversarial is the key word here. Business doesn't view security as an entity trying to protect them from liability, get them on par with industry norms, and maybe even create some efficiency and ease support burdens, they view security as an impediment to signing the contract. Your own security team is just trying to save you from yourself...arguing with them as a proxy for the customer doesn't get you anywhere but into even more trouble.
I was in college just at the cusp of people starting to take notes on laptops. It never appealed to me. Even today in meetings, the information just doesn't sink in like it does with hand writing notes. I take notes in meetings that I know I will never read, just because it helps pound it into my memory.
I can never keep notes on the computer organized either. Not that my paper notes are super organized, but at least there is an indestructible (unless I rip pages out) linear timeline to everything. You know everything is there somewhere and if you can't remember where the other things you were taking notes on at the time can help you zero in.
Only in theory, not in practice. Without ranked voting, a vote for a 3rd party candidate is effectively a vote against whoever your second choice is, so voters are often faced with voting for the lesser of 2 evils. In the past 4 presidential elections, the only time a 3rd party candidate managed to get more than 1% of the popular vote (yet still 0% of the electoral votes) was in 2000 when Nader had 2.78% of the popular vote and if a fraction of his votes had gone to Gore, George W Bush wouldn't have made it to the white house.
I agree that ranked voting would be a much better option and would make third parties more viable.
However, this transfers the responsibility for the sad state of affairs in which we find ourselves to the government. There is nothing stopping people from voting third party. If people are serious about their dissatisfaction with the government, they need to vote third party and not for the, "lesser of two evils". We bear the responsibility for the situation we're in.
To further complicate things, when we transfer that responsibility to the government, i.e. electoral process reform, we are transferring the responsibility to the one entity with a vested interest in maintaining the status quo. Washington has no interest in enabling third parties or democracy, and they have attacked them at every possible opportunity.
Bottom line, the responsibility lies with the citizens whether we like it or not and whether we choose to accept that responsibility or not.
No one listens to the security group no matter how badly they get hammered. This is just dumb shit. If I ran the world everyone who was involved with implementing this would be fired immediately.
Remote access for customer support is a great thing...just build it right. It's really not that hard at all to build it right...probably even easier than building it this stupid ass way.
Right, so when someone writes a worm that exploits this, NBD!
The PC is here to stay. What we are seeing is a longer life cycle. There is no need to update the hardware these days, there's plenty of power and storage for people writing the odd letter/email, social media and most games. Unless you're a developer or working with huge amounts of media data, PC users aren't going to notice a shit load of RAM, loads of cores CPU and a GPU capable of real-time Avatar level of rendering.
This is exactly what I was going to reply. There haven't been significant advancements in processing power, or in applications which require that increased power. Everyone has what they need. They'll replace them when they break or maybe upgrade them once in a while, but there's no need for the turnover we used to see...we've reached a point of diminishing returns where upgrading every 2 years or less just isn't worth it.
The big problem is that the database uses a shared hosting plan and a shared database server run by my ISP. I have no control over whether the database is encrypted on disk or in transit between the shared hosting server and the database server.
You're freaking out over nothing. Hosting providers are not going to leave people high and dry. Actually, it would be nice if they started encrypting their databases. Shared hosting will live on and solutions will be generated.
In order to add that protection, I would have to crank my hosting plan up to a dedicated server at a monthly cost that is equivalent to several years on my current hosting plan and buy a multi-subdomain SSL cert that also costs (annually) as much as several years worth of service.
You're being extremely, extremely silly. SSL certs can be had for next to nothing. Do they provide as much assurance as better certs? No, but they encrypt the traffic and the root cert is trusted by common platforms. Depending on the law you could use self signed certs as well.
Everything you're saying here is hyperbole.
And then, because I cannot possibly dedicate the time to manage my own server on an ongoing basis (hence the shared hosting plan as opposed to a VPS for the web server side), I would have to hire someone to manage that on an ongoing basis.
So if this law is not very narrowly tailored to sites that contain SSNs, financial information, and medical information, I'll have no choice but to shut my site down. I can't afford to personally spend potentially many thousands of dollars each year to run a website out of the goodness of my heart.
Even if everything you're saying here about the requirements of certs and VPSes is true (which its not), you're still wildly inflating the costs. I run a site with a cert and a fully managed VPS that I can take as much interest in or leave up to support as I want. The cost is under $400/year for the hosting and like...I think like 6 bucks a year for the cert? That's super high, because I am a bit picky and because I run a site that needs a bit of performance overhead, but the service is actually amazing.
In my experience, any security practice that is not onerous also has little effect on security.
Then your experience is extremely limited.
Physical theft of spinning storage is an exceptionally rare cause of data breaches.
Which is why I didn't cite that among my reasons for supporting this.
However, data theft caused by attackers remotely cracking into servers overshadows both of those loss mechanisms by orders of magnitude.
Right, and to restate, depending on how the encryption is implemented (database/table/row level) this may help with that...especially with breaches resulting from the installation of malware.
Because remote data compromises are completely unaffected by encrypting the database on disk,
You're looking at one particular type of very common breach. There are others.
There are already laws that require encryption for anything that could be considered high-risk. HIPAA has strict requirements for how health-related data can be stored.
Actually, no it doesn't. There is no requirement to encrypt data at rest within HIPAA. Have you even read the reg, or are you just making assumptions based on what seems like it must be true? (Hint: you're making the assumptions)
PCI DSS compliance requires encryption of credit card data.
Sigh. I feel like I'm writing an email at my job.
PCI is an industry regulation, not a government one. Compliance with it can be very subjective, and auditing of compliance can also be very subjective. Actually, no external audit is even required if you're under a certain number of transactions per year, and auditors vary greatly in quality. There can be some overlap with local regs, which is absolutely a good thing...so lets have more local regs. The fear of legal consequences is usually more motivating than the fear of failing an audit conducted internally.
And so on. Any company that sanely should be required to use database encryption is already compelled by law to do these things.
You're just not correct at all, sorry.
To the systems programmer, users and applications serve only to provide a test load.
