Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:There are good reasons for gvt bureaucracy, rem (Score 1) 275

So for anyone who has worked for the government I've seen this scenario play out dozens of times. So what happens when the IT department can't or simply won't keep up with customer demands? Customers outsource those demands - and these days you really can run all of your essential IT services from various cloud providers. There's even a Gartner term for this - "Shadow IT". So the money gets spent anyhow, without any oversight or governance that their central IT department has mandated as a policy. Worse - when the guy who setup said system moves on - the central IT dept often has to take over and manage this now essential system.

Windows XP working as a file server for license plate cameras? Please - that has shadow IT written all over it. Guy needed a file server, the IT guys told him to fuck off (because they have no money or staff), so he rummaged around for whatever piece of shit would power up and used that. And now thats its a national news article - guess what central IT's next project is? If he really cared about IT governance the file server wouldn't be a single XP box, with internal storage. This could have been a VM using some network storage system for FAR less.

These days any IT dept really needs to do what it takes (and that means having a CIO with the political willpower) to make IT keep pace or at least placate these requests in some way. One thing we would do is go ok - your budget, your servers, but we spec them to our standards, they live in our data center, use our storage systems, our backups and our physical/endpoint security.

Comment Re:Written (Score 3, Informative) 86

PCI Compliance? While I agree its not 100% perfect - having documentation from some compliance officer at your company that you met or exceeded all their baseline recommendations should get you out of hot water if something bad were to happen.

If you work in the medical field - there's HIPAA - which again most hospitals, clinics and labs probably have a compliance person on staff that is supposed to set policy on this sort of thing and audit systems for compliance.

If you google around there's a standard for every single business/market you can think of.

Comment Re:Even more pathetic than that (Score 1) 193

Thats a pretty big deal when your on the hook for actually supporting what you release - at that volume - and maintaining compatibility.

I was working at Adobe ages ago on testing Vista and they let us know the app compatibility toolkit shims (which you can google - its a rather fascinating framework) they were putting in for Acrobat Reader 3 and 4 - to work around a window sizing issue. Reader 3 originally ran on Windows 3.1 and Windows 95 and Reader 4 was really only intended for 95/98/NT/2000 - but both products work just fine on Windows Vista and Windows 7 - if for some insane reason you don't want to upgrade.

I dunno - currently with all the applications we run on Centos, RHEL or Suse - if the vendor says has to run on xyz - I've found that upgrading and patching is a somewhat perilous process.

Comment Re: Oracle's monopoly? (Score 1) 457

APIs are copyrightable.

I think if this is true - you have to wonder what the statute of limitations is on this concept. One could easily argue that Java, C#, AS were all inspired by C/C++ - which was developed by AT&T Bell Labs. I'm sure there's some lawyer who could craft a case that they need to pay royalties now.

Comment Re:More proof... (Score 1) 60

To change the command line in a microsoft signed patch you'd have to edit the patch manifest file (big xml file with installable rules, installed detection rules, etc etc) - which would break the code signing cert on that package.

Again - by default the windows client only installs MS Signed packages - you can set a policy to install packages signed by your own code signing cert, but that's not the default behavior (that action requires domain or local admin).

To bypass that you'd have to exploit MS's "authenticode" checking system, or have the signing password/key for MS's code signing cert or your Enterprises code signing cert. If any one of those 3 things is a thing - you have more serious problems anyhow.

Comment Re:More proof... (Score 1) 60

This article is honestly a lot of fud - it relies on lazy Windows admins (and yes I admit there are far more of them around than lazy unix/linux admins).

Look at the attack vector - you can't just change where Windows checks for updates without local admin, or modifying the policy for the domain the machine is bound to - and you can't update the cert store for the same reasons. Yes privilege escalation attacks exist, but if someone has local admin on your windows box - why bother hacking the windows update service? Mitm attack would have to either exploit some bug in windows certificate trust, or have local admin on the box - and if you have local admin why bother hacking windows update.

And then mitm'ing the sync between WSUS and Microsoft - say you did leave in insecure - and do you download hackyourshit.exe, but its not signed by a root ca your clients recognize - the actual endpoints still won't install it - even if it did come from your update server. WSUS won't deploy non-ms signed updates out of the box fwiw. SUP (System Center's Software Update Point) will, but only if they are signed by a trusted root ca and the vendor is configured on the trusted list on the site server itself.

These guys might as well have written an article about hacking the SCCM Management Point and injecting rogue policies into its clients - its about as feasible tbh (ie not really).

Comment Re:My big hope (Score 2) 321

Learn to powershell?:

To read a variable:

Get-ChildItem Env:
or
$env:Varname

and to set

[environment]::SetEnvironmentVariable("Var","Value","User/Machine")

evening doing this from cmd.exe isn't all that hard - in fact its just like ms-dos was:

SET variable=string

Then

echo %variable%

Seriously - this hasn't changed in 34-35 years.

Comment Re:HR departments (Score 1) 306

Thats the way Adobe thought :) - I had a manager who was enthusiastically telling me how the 15 people they were hiring in Noida were going to be so much more cost effective (15 people - to replace me).

I got laid off, and they managed to lose every account I had - I still don't see the cost savings and that C level director still works there and last I heard everyone really loves him.

Comment Re:...or a publicity stunt (Score 2) 143

I have a friend who is a repo man - and the tracking devices he drops onto cars (like if he doesn't know where the person lives - he'll attach one of these and track it to his/her work and/or living address) are 100 times better packaged and more discrete than this. Properly installed you'd likely have a hard time finding it.

Hence why I thought it was a prank - no way a government agency would be this sloppy and allow it to be found so easily. Who knows though.

Comment Re:Okay, so... (Score 1) 378

The one obese person I work with (also a programmer) - I always see him eating terribly (candy, sugary drinks, chips etc) - the only exercise he gets is walking from his door to his car and from his car to his desk, and he's gaining weight like crazy - easily another hundred pounds since I first met him. He's big enough that when the company sent him to a convention they had to buy two plane tickets for his two seats. At lunch without fail he always picks the worse thing you could get from the various cafe's near by (like if there was a 500 calorie meal and a 1000 calorie meal - he'll always go for the 1000 calories).

I know when I was 20-30 I could eat whatever I liked and I was a skinny beanpole. After 30 though I really do have to watch what I eat - I'm guessing my metabolism slowed down. I do walk or ride my bike to work, and I used to go to the gym for about 2 hours a week (really messed up my shoulder in a bicycling accident...) - but yeah I can't sit there and snack all day without gaining serious weight anymore.

The younger guys who come to work for us - some of them eat like that and over time I've notice them get rounder and rounder as they get older :(.

Comment If only there was a way for Slashdot editors (Score 3, Insightful) 121

To coordinate and block duplicate stories.

Its like they don't even talk to each other.

"Hey do you think this is a good idea for the front page?"... "Nah it was submitted yesterday..."

And in fact it was submitted to /r/technology on reddit like a week ago... Slashdot has become the last piece in the chain for news - which is sad because it puts it below Facebook.

Real Users hate Real Programmers.

Working...