In France it is illegal to have staff answer mail out of office hours. How's that for mandatory free time?

Once you hire someone, they may want to leave because the atmosphere in the workplace isn't what they like, or the pay for their gender or ethnicity seems off compared to others. A large part of why some companies can't seem to get their "diversity" numbers anywhere near what they want them to be, is because they have a reputation that will put certain groups off whether deserved or not.

These are things that are much more important in the long run than just getting candidates in the door that have the right skills on their resume. That part is easy, just advertise and throw money at it. Keeping them and making them fit in the team is the hard part.

SD Cards can be several devices, including wifi cards, so those are just as (un)safe as USB devices if the device they are connected to would be susceptible to hot plugged hardware and have the drivers available for those.

SSL/TLS is plagued with bugs due to the backward compatibility issue. Heartbleed anyone?

Self Signed shouldn't be a problem, providing the device has the pubkey for the CA that was used to self sign present.

Doing a wget on an image requires at least a minimal install like busybox on top of a linux kernel. This is currently one of the most used ways to upgrade firmwares and often there are older version of busybox, the kernel and many other applications on the device. Those are one of the big sources of devices being hacked.

As you see, it's not as simple as it seems. Apart from standard apps being outdated and not validating certificates, a lot of the custom parts of firmware aren't written with any security in mind. Things like old fashioned buffer overflows, SQL/XML injections, XSS and whatnot in user interfaces are much more common than in directly web facing websites these days. With IPv6 around the corner and the end of NAT in sight, plenty of these devices will be connected directly to the internet and we will see a large increase in "things" getting hacked once we get to that point.

http://www.scorpioncomputerservices.com/the_founder.html

He probably is a smart guy, but these claims here would make me not want to hire him. He's so obviously full of himself that he'd probably never admit he might be wrong about something and that is just plain dangerous. So it's not just the hollywood drama, it's based on his on ludicrous claims.

While the actual generation of nuclear power in the plant may not have emitted CO2 or other burn products, you can hardly call this emissions free. Don't forget that mining the uranium ore, transporting the uranium ore and some more steps in the production process is done with fossil fuels. Nuclear waste is also a form of emission. Even if it's not directly related to greenhouse effects, it will cause severe effects on humans and nature if not taken care of (in an expensive way). All things considered, nuclear may or may not be smarter to use than coal or even wind energy, it may emit a lot less greenhouse gasses, but I wouldn't want to claim it to be anywhere near emissions free.

The perv probably didn't have enough money to pay for damages to his victims and you? In some countries the government will actually make sure you get a reasonable compensation for the financial and social losses you had, even if the perpetrator didn't have any.

Windows? It should be called "tiles" now and the amount of people that use it any other way than with whatever app they are running in a maximized window is also negligible since they started with the project.

This doesn't fix the underlying vulnerability; it merely scans for known ways to exploit it. I'm sure some clever people will find a way to thwart these scans and exploit the vulnerability, unless it gets fixed.

The only way this sort of thing can be taken care of is if Google or some governments in countries with a large market share will mandate vendors of phones or their manufacturers to provide security updates for devices for at least the duration of the contract, but preferably for the expected life of the device. Devices tend to keep working for three or four years, so that way Android users would get a similar security experience as iOS users.

Most managers wouldn't want people to have two computers on their desk, since hey, they can save 50% on desk top systems by merging them. As long as system admins do their work, nothing could go wrong, right? I'm a penetration tester by trade and no matter where I go, even thin clients and virtual machine setups aren't properly separated.

People trust way too much in technical capabilities of devices and underestimate the ingenuity and perseverance of intruders to circumvent or penetrate those devices. Sneakernet to transfer data from and to the internal network(s) and not using VLANs for separating them isn't too bad if implemented properly. Computers are way cheaper than people. They are way cheaper than technical solutions to keep networks separated including their maintenance. They are way cheaper than having an incident where your internal IT is compromised. It just looks more expensive on the desktop, which is the only place non-security people tend to look.

Please Google, educate the people and use metric specifications in your projects and requirements

You'd have to wait for the government to declare Brandon Gray an illegal organization or punish them some other way if you want to rely on the criminal part of the law to deal with this. That is why you want obvious criminal actions to be named in your contract as a reason to suspend/stop delivering services or payments.

KVM, Xen and other hypervisors make Linux systems look like IBM mainframes. The whole "Virtual Machine" hype where we have guest operating systems running on hypervisors is just like IBMs Z series.

They have done so in the past and succeeded.

If a company does business in the USA, they can force them to comply or they will lose their business in the USA. If a company has even a single USA employee, they will force the employee or the employee will lose citizenship and/or risk detainment when entering USA territory. They will even arrest and detain foreign employees of companies not complying if they set foot on USA territory for this.

There are actual companies in the EU that will take great care to not have any USA customers or employees or be dependent on USA vendors for their IT infrastructure just because of this. Plenty of EU organizations and companies have chosen or are legally mandated not to use USA vendors for products and services and to not employ USA citizens because of this. If anything the USA is biting themselves in the ankles with this sort of legislation.

If you can buy a new computer that will consume less power to do the same, chances are that within a few years you'd be cheaper off using the new hardware, even if that means that the old machine is written off completely. Scrap value, land fill or whatever happens to it doesn't matter then. I have plenty of old machines that have sentimental or "collector" value standing about my home. I don't power them on and actually buy new hardware (NAS boxes and raspberry pi) or run VMs to do things that the old hardware is more than capable of doing. My power bill has gone down since I started doing that, easily paying back the new hardware in a short amount of time.

Try searching for *anything* on Google search. Over half of the results are commercial, even if you're not looking for a commercial thing. Either they failed, or they are in it for the advertisements after all. If google had balls, they'd blacklist any company that pops up with a commercial result (that they didn't get paid for) for non commercial searches. I suppose it would backlash so hard they don't want to put in the effort, or they actually failed at it.