The policy of escorting employees off the property is SOP nowadays due to HR's fear of vindictive ex-employees causing havoc/damage to the company. Sure it is somewhat humiliating, especially if you've been employed for a long time and put alot of yourself into the organization. However, I understand the reasoning. And while I haven't had this happen to me exactly, I have had my admin privileges revoked when I was laid off. Sure it pissed me off at the time, especially as I'd been there for a long time and people should have known better than fear my retaliation. But, had I been vindictive, I could have caused a great deal of damage and idled a large number of people given a couple of minutes continued admin access to the systems, so I understand the reasoning and the necessity.
OK, it's a pet peeve, but I hate it when people use "fired" for people let go through no fault of their own. One gets "fired" for fucking up, one is "laid off" due to someone else fucking up.
If you have physical access to the machine, it doesn't matter. You can rewrite the BIOS. And then, yes, it is an advantage to malware authors if there's only a couple of kinds of BIOS, because their malware only has to support those kinds. So yes, reuse of code becomes a "problem" for the rest of us if viewed from that perspective. It's not clear though that life would be any better for users overall if there were more kinds of BIOS. As bad as Phoenix, Award et al can be at making BIOS that works, I shudder when I imagine vendors rolling their own. I'll live with the disease, thanks.
Yeah, I agree with with regards to the physical access vector. I have a background doing IT in a DOD TS/SCI environment for three years and a TS environment for eight with DOE. Our (those of use who knew what we were doing) had the philosophy that if you had physical access to a system then you could pwn it. AT DOE it wasn't our duty to design systems with any consideration of the "insider threat" unless it was for the use of FORNATs. Systems for US use relied mostly upon personnel and site physical security.
I do disagree that a greater number of targets being more burdensome for the black hats outweighs the security benefits of supporting a smaller code base. The former is merely supposed security through obscurity. A basic rule of thumb of security is to minimize the attack surface. One of the primary strategies to accomplish this with regard to information security in a software environment is to reduce the amount of code running.
Manufacturers/vendors don't write their own BIOSs; they license them from the likes of Phoenix Technologies and Insyde. These licensors don't write a completely new BIOS and bits for each licensee, let alone for each motherboard and their variants. As such, of course there is code reuse. Imagine the probable security issues there would be if each Vendor, let alone motherboard, received a BIOS that was written from scratch. QA would be a nightmare, as would the security of the code.
The problem isn't the reuse of code. The problem is that the code that was reused had security vulnerabilities.
The text of the article refers to follow-up visits and adjustments to the device, presumably including the ability to enable/ disable the device.
Here's a link http://www.fda.gov/NewsEvents/... to an announcement for an obesity treatment that modifies the signals of the Vagus nerve via a surgically implanted device. The study implanted the device into two groups of patients, but was only actually activated for one group, though both groups thought it was for both. I'd say that was the use of the placebo effect via surgery.
Three months is long enough to produce a code monkey, not a software developer, let alone a computer scientist. I venture the result of such a regimen would be someone who is ready for an apprenticeship, not produce anything on their own.
The OA uses the term "Linux backdoor," but then goes on to describe it as a add-in kernel module. It's not a backdoor, but rather a rogue kernel module someone has written. The module in question, ipt_ip_udp, isn't part of the Linux kernel. It's merely a module some black hat wrote to provide remote access to an already compromised system. This is just FUD and self-promotion by NCC Group to make what they found sound much more important than it really was, no doubt to increase their client base. What crap.
To sum up, it isn't a Linux back door and it isn't a vulnerability in the Linux kernel source code. It's merely a rootkit.
So, they introduced a backdoor into software that can be/is used to secure US nuclear secrets, in the hopes only they would be able to take advantage of it? This is just another variant of "security through obscurity." Really, really fucking stupid!
+1 for the clit. I first learned to work the clit when I bought a Toshiba Satellite Pro 2400CT back in '94 that had a green clit. I totally fell in love with the clit as it allowed me to mouse around without the need for a hand to leave the keyboard, which I'd think a great deal of touch-typists would appreciate. I loved it so much I went out and bought an IBM keyboard with a nice red clit that cost me over a $100; which back then was 1/3 of a month's rent. Since then every Intel PC keyboard that has been attached to a system I used regularly has had one. It kinda annoyed some of my co-workers as I'd always get the KVM keyboards replaced with clit-endowed ones; praise be to the ergonomics fad which makes it easier to justify.
Unfortunately, the clit has fallen on disfavor and is mostly only available on business-class laptops. You can, however, still buy nice IBM Model M-type mechanical-keyed keyboards with a clit from the company who bought IBM's IP for their keyboard technology and the factory in which they were manufactured - Unicomp. www.unicomp.com
Niven's Law: "There is a technical, literary term for those who mistake the opinions and beliefs of characters in a novel for those of the author. The term is "idiot."
I have seen no evidence that Heinlein believed that the idea of Citizenship in ST should be realized. If you can cite some credible, non-fiction source where Heinlein advocates the realization of the governmental form for found in ST, I would be most interested. I believe Heinlein was a strong believer in one realizing the existence of, and paying one's debts to society, and nothing more.
Secondly, you err in your statement re: ST "That only those who serve in the military and commit violence...." Full-Citizenship afforded one the opportunity to vote, hold elected office, and teach the high school History and Moral Philosophy course. Obtaining this required NATIONAL SERVICE of some sort, the form of which was based upon the needs of society and the aptitude and skills of the individual in question. There was ABSOLUTELY NO requirement that one serve in the military nor participate in some form of violence (war?) in the name of their country. You are incorrectly trying to tie the requirement of jingoistic beliefs with citizenship requirements in Starship Troopers. Perhaps you should go back and read it again.
Thirdly, the article is about the MOVIE by Paul Verhoeven, not Heinlein novel. The movie does indeed poke fun at jingoistic ideals, portrays a fascist government, etc. whose military intelligence service wears SS-like uniforms, has a national news service that uses heavy-handed propaganda techniques. I had not read any of the critiques of the movie upon its release, and am surprised that these obvious themes and messages weren't remarked upon.
I guess by my 'nick you can guess I'm a bit of a Heinlein fan.
Life in Russia sucks, and it doesn't surprise me at all that this was developed there and gained such widespread use. I bet the rural population was hit particularly hard by this drug.
I also won't be surprised if it finds a receptive userbase in US cities.
Your attitude is typical of egocentric anarchistic coders with zero sense of social responsibility. Thankfully the majority of Western civilization believes and acts otherwise in relation to their fellow humans. Else we'd live entirely in a 'might makes right' society.
I hope your lack of a sense of professional responsibility extends to those professions upon which you rely, and that you do not expect them to act out of anything other than base mercenary motivations. And I hope you accept personal responsibility for all ill that comes your way in life. After all, it isn't anyone else's fault than your own that you don't have limitless resources and time to spend to prevent it.
...but not disclosing it to the vendor first and giving them a chance to release a fix is both unprofessional and irresponsible. Add in the fact that this is coming from a Google employee makes it inexcusable, and reflects poorly on Google. If I were his manager he would certainly receive a reprimand.
Aha! Russia has retaliated for our meteor strike over Chelyabinsk!!
In case you don't get the reference: