Comment Re:But they got TAX BREAKS (Score 1) 189
who do you think MAKES the laws?
Comment Re:Marketing Wins Again (Score 1) 168
[citation needed]
Comment Re:Old news (Score 1) 308
I work in security, and we tried this where I work. It worked very well for most things - specifically browser pages. But there are a number of third party apps that use SSL, and they expect to see their cert in the client on the end user desktop. They check for this, and when it doesn't exist, they break. Things like stock trading clients, etc., along with some business apps for business process that we outsource. The appliance we use also gives us the option to NOT inspect HTTPS traffic banking and financial institutions.
We ended up turning off HTTPS inspection, as it was too much hassle. We lost the ability to inspect HTTPS transfers for malicious content, but we can (and do) still block based on the category of the destination domain - that blocking is still protocol independent.
Comment Re:Aarghhhh (Score 1) 267
for all that is holy, you (along with this thought process) are the root of the problem. lemme guess: you work in sales?
*sigh*
Comment coffee? so what... (Score 1) 620
What really kills me is the REAL perks getting eliminated - bonuses, my whole 401k match is gone now, health insurance cost going through the roof, etc. THAT hurts my bottom line, coffee does not.
I understand that they cut the 401k match and increased the health insurance premium to try to save a few jobs - but jesus, looking at the bloat in some of the organizations here, lay off a few of them (sales, I'm looking at you. You spend ALL DAY on youtube. Yes, I can prove it), you'd think you could cut some of them, and keep the match.
SarBox Lawsuit Could Rewrite IT Compliance Rules 124
dasButcher notes that the Supreme Court will hear arguments next week brought by a Nevada accounting firm that asserts the oversight board for the Sarbanes-Oxley Act is unconstitutional. If the plaintiffs are successful, it could force Congress to rewrite or abandon the law used by many companies to validate tech investments for security and compliance. "Many auditing firms have used [Sarbanes-Oxley Section] 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners. SOX security compliance has proven effective for vendors and solution providers, as it forces regulated enterprises to spend billions of dollars on technology that, many times, doesn’t prevent security incidents but does make them compliant with the law."
Do You Hate Being Called an "IT Guy?" 736
An anonymous reader writes "The phrase 'IT' is so overused, I'm not sure what it means any more. OK, maybe it's an ego thing, but I spent a lot of years in grad school, lots of years getting good at creating software, and lots of years getting good at creating technical products and I don't want the same label as the intern who fixes windoze. I'm looking at a tech management job at a content company that is trying to become a software company, and they refer to everything about software development, data center operations, and desktop support as 'IT.' I'd like to tell the CEO before I take the job that we have to stop referring to all these people as 'IT people' or I'm not going to be able to attract and retain the top-tier talent that is required. Am I just being petty? Should I just forget it? Change it slowly over time? These folks are really developing products, but we don't normally call software creators 'product developers.' Just call them the 'Tech Department' or the 'Engineering Deptartment?'"
Massachusetts Police Can't Place GPS On Autos Without Warrant 194
pickens writes "The EFF reports that the Supreme Court of Massachusetts has held in Commonwealth v. Connolly that police may not place GPS tracking devices on cars without first getting a warrant, reasoning that the installation of the GPS device was a seizure of the suspect's vehicle. Search and seizure is a legal procedure used in many civil law and common law legal systems whereby police or other authorities and their agents, who suspect that a crime has been committed, do a search of a person's property and confiscate any relevant evidence to the crime. According to the decision, 'when an electronic surveillance device is installed in a motor vehicle, be it a beeper, radio transmitter, or GPS device, the government's control and use of the defendant's vehicle to track its movements interferes with the defendant's interest in the vehicle notwithstanding that he maintains possession of it.' Although the case only protects drivers in Massachusetts, another recent state court case, People v. Weaver in the State of New York, also held that because modern GPS devices are far more powerful than beepers, police must get a warrant to use the trackers, even on cars and people traveling the public roads."
Comment Re:mixed feelings (Score 1) 101
3.is not a financial/medical/etc company or something that contains what one may deem as sensitive data.
PII (Personally Identifiable Information) is considered sensitive, and several states (MA and NV in particular) have strict laws on the books about protecting that information.
Granted, you GIVE that info to Facebook, mostly for the express purpose of putting it out there for others to find, but the laws are on the books.
Facebook Releases Open Source Web Server 113
Dan Jones writes "Ah the irony. The week Facebook is being asked to cough up source code to satisfy an alleged patent infringement, the company releases an open source Web server. The Web server framework that Facebook will offer as open source is called Tornado, was written in the Python language and is designed for quickly processing thousands of simultaneous connections. Tornado is a core piece of infrastructure that powers FriendFeed's real-time functionality, which Facebook maintains. While Tornado is similar to existing Web-frameworks in Python, it focuses on speed and handling large amounts of simultaneous traffic."
Amazon Confirms EC2/S3 Not PCI Level 1 Compliant 157
Jason writes "After months of digging though speculation and polar opposite opinions from PCI experts, I finally sent a direct request to Amazon's AWS sales team asking if they are in fact PCI compliant and will provide documentation attesting that they are as is required by PCI guidlines. I fully expecting them to dodge the question and refer me to a QSA, but to my relief, they replied with a refreshingly honest and absolute confirmation that it is currently impossible to meet PCI level 1 compliance using AWS services for card data storage. They also very strong suggest that cardnumbers never be stored on EC2 or S3 as those services are inherently noncompliant. For now at least, the official verdict is if you need to process credit cards, the Amazon cloud platform is off the table."
Comment someone post this to /b/ (Score 4, Interesting) 1164
...and that'll blow the uni off the net for a while, i think
Open Source Textbook For Computer Literacy? 95
dcollins writes "The college where I work has decided to forego ordering a textbook for the computer class that I teach this fall. Does anyone know of a free, open-source textbook for basic computer literacy concepts (overview of hardware, software, operating systems, and file systems)?"
Feds At DefCon Alarmed After RFIDs Scanned 509
FourthAge writes "Federal agents at the Defcon 17 conference were shocked to discover that they had been caught in the sights of an RFID reader connected to a web camera. The reader sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks. The 'security enhancing' RFID chips are now found in passports, official documents and ID cards. 'For $30 to $50, the common, average person can put [a portable RFID-reading kit] together,' said security expert Brian Marcus, one of the people behind the RFID webcam project. 'This is why we're so adamant about making people aware this is very dangerous.'"
Expedition To Explore an Alaska-Sized Plastic "Island" 325
Peace Corps Online writes "An expedition called Project Kaisei has departed bound for the Great Pacific Garbage Patch — a huge 'island' of plastic debris in the Pacific Ocean estimated to be the size of Alaska (some estimates place it at ten times that size). The expedition will study the impact of the waste on marine life, and research methods to clean up the vast human-created mess in the Pacific. The BBC quotes Ryan Yerkey, the project's chief of operations: 'Every piece of trash that is left on a beach or ends up in our rivers or estuaries and washes out to the sea is an addition to the problem, so we need people to be the solution.' The garbage patch occupies a large and relatively stationary region of the North Pacific Ocean bound by the North Pacific Gyre, a remote area commonly referred to as the horse latitudes. The rotational pattern created by the North Pacific Gyre draws in waste material from across the North Pacific Ocean, including the coastal waters off North America and Japan. As material is captured in the currents, wind-driven surface currents gradually move floating debris toward the center, trapping it in the region. 'You are talking about quite a bit of marine debris but it's not a solid mass,' says Yerkey. 'Twenty years from now we can't be harvesting the ocean for trash. We need to get it out but we need to also have people make those changes in their lives to stop the problem from growing and hopefully reverse the course.'"
