"The kind of hack that takes control of a car and disables the brakes is not an accident. It is like someone cutting the brake lines. And we don't require car manufacturers to make brake lines out of triply reinforced kevlar and steel so that people can't maliciously cut through them, nor require automakers to wrap the car in fireproof material in case somebody douses it in gasoline and sets fire to it. They just need to be enough to make it through standard operating conditions, not outright attacks. "

I don't think this is a good comparison. A better comparison would be that the car company puts a little green button on the outside of the door of your car which triggers the breaks to lock in the car and not asking if this green button might not be a smart or safe thing to have on the outside of the car. Then while you are driving on the highway, a gang of hooligans comes along and presses that button out of their window causing you to lock up your breaks, swerve and crash into a barrier killing you.

Sure all these technical advances are fun and can make or improve the experience you have while in the car. But if are adding little green buttons and you don't have a good grasp behind the little green button technologies, then the onus is on you to speak to expert in that specific field. and if you don't, then the fault and liability if on you.

Sounds like a fun game except when you realize that to do that means taking down tons of non-infringing stuff.
so to make a point and an example of Universal, you are basically going to affect who knows how many non-related entities which
would not be found to be infringing.

its like saying "we agree with you that your stuff is not infringing but we want to make an example of universal so we are going to do damage to you by removing all your non-infringing work from our search results"

Hopefully your organization is going to have a list of apps that people use that need to work in order to get shit done. That stuff gets tested. If your software isn't on the list, then you are SOL. That is why companies try to control what gets installed on user systems.

Also, as far as the finance department, they are behind another very strictly control network policy to limit which data gets in and out of that network. In most cases, this upgrade happens separately from the upgrade for the normal users. It probably gets tested for longer and more thoroughly to make sure that the apps that need to run in that environment continue to run. Since finances computer systems are usually not accessible from even the rest of the corporate network, its usually not as much of a problem to wait on this part of the upgrade. Also, any security policy that's worth anything is going to make sure that you aren't running weird third party apps on the machines that directly access and manipulate the financial data.

More than just best practices, this is really the most basic obvious shit that you should know if you work this part of the security field.

agreed.
I think the goal is really to limit the impact of a user being stupid and being compromised.
A good security policy with very tightly monitored separation of duties and least privilege is a good starting point.

This is why estimates are used. Because these costs do need to be calculated. This is the job of a security architect. Everything can be calculated to a reasonable proximity and accurateness. You aren't going to calculate everything to the last dime. You want to give the management team an idea of what they are going to lose if they decide on a certain course in relation to security. Then the management ultimately makes the decision.

SSO.. eeew no.

Single point of failure. If your one password is compromised, then every single service you use with SSO is them compromised.
Its great if you are in a corporate environment with plenty of corporate protection.

Also, from the sounds of it, these "experts" may be well versed in a specific domain but not really expert in everything related to online security.
With websites being hacked daily, you pick the websites you want to deal with based on some set of trust relationship. You wouldn't go to a sketchy looking website and put in your social security number and all your banking information. We a REAL security expert is going to determine whether a website is trustworthy and probably assign it some value as to its relative safety.

1. Do I think this website may be in itself malicious?
2. if the website isn't malicious, does the technology they use to protect their users meet a minimum standard for security to prevent any information i may put on there from possibly being stolen.
3. if the security meets the standards, is it safe for me to share personal information? what does this company do with the information that is shared. From a corporate standpoint, does their business model focus on selling or manipulating user information?. Is information shared outside the company with or without my permission?
4. Should an online entity or company be asking for this (some level of) personal information from me that has nothing do with the the service they offer me or the business relationship we have?

Oh and password managers... for the lazy. Again single point of failure. If a large company like Amazon and Microsoft be hacked with probably some of the more advanced security infrastructures for online businesses, then some piddly little company website is not going to be a match for a determined hacker and then it again becomes a single point of failure.

Use a password locker application on your desktop. Never something you have to connect to remotely.
You should trust and work to make sure the security within your own network and on your desktop meets your standards which should be better than any website you would think twice before sharing information with.

And the cloud... marketing drivel. if you are putting your personal information that you specifically dont want other people to have access too. putting your safety and security in the hands of a third party with unknown ability, motives or skills, then you by definition are an idiot. Services and machines are hacked everyday.

And just so we are clear, 100% of online identity fraud happens because of information about you that makes its way online. Identity fraud numbers have skyrocketed in the past few years. And It mostly correlates time wise with the rapid adoption of facebook and other social networking services.

I can see your point and I don't disagree with it. I don't think that was the point of the headline though.
I imagine the headline was intended to be a reflection of the time in which the company existed.
This is because there was a perception back then that women (ie:housewives) as the cultural roles has pin-holed them into were incapable of working or succeeding in these male dominated roles at the time.

We know that isn't true and those perceptions are not nearly as stark now as we have years and years of shifts in our cultural ideas under our belts since then.
And Vector Graphics definitely had an affect on the PC market at the time that irreparably changed the design and also the notion of the use of PCs. They weren't the only ones to have an affect and the amount of affect they had is debatable. But they most certainly had an affect.

The headline points more to sort of a odd nostalgic look at the 70s and the idea that "Hey look at what these housewives can accomplish."
It would be offensive today to refer to women in the workplace as housewives. A lot of things have changed since the 70s. And for the better.

TLDR; back in the 70's there was a very pronounced perception that housewives were housewives because they were incapable of doing anything else. They were wrong. the headline reflects a retrospective nostalgia of the thinking in the 1970s.

Linux (what became Slackware) started on the PC and ran exclusively on PC hardware for a very long time before it was ported to anything else. I still have the original floppy disks with that very early code to prove it. Once linux started to gain popularity, then it was ported to other platforms. But this was not for years after linux was running on pc hardware.

Credentials : old guy.

I think it would be great if they reigned in the whole shadow-banning nonsense to only allow it in the case of spam. if something is spam and it is verified to be spam, then the post goes away. But no longer allowing shadow-banning for anything else. even if that something else is vile or repugnant. There are other ways to deal with that content.

Maybe the mods in a group can't delete a vile comment but they can moderate it down below a threshold that will cause it to not be visible by default unless the user wishes to read below that threshold.
maybe that threshold would be -100 so it would take a great many normal users to get a message below the threshold.
Just a thought. there may be some pitfalls with this approach also. It is more favorable than the approach they seem to be taking though.

This is not a troll. Ive been on /. for a very long time. I left /. for a very long time and came back more recently. /. has a niche. even with that people still complain about the moderation system here.
Are you guys (and gals) seriously implying that reddit should basically be turned into /.
Aside from the stupidity that they are currently embroiled in, I can't see another way to more effectively destroy reddit than to try to implement the /. principles there.
Reddit is a social site first and then a news and information site second. To leave moderation in the hands of a few select people takes most of the social aspects away from people.

The strength of reddit is in the community and not in the content. there is probably as much or more garbage that goes through reddit as good and interesting content. The benefit is that the worst of it is obscured through a subscription model where you only subscribe to the groups that you are interested in.
Moderators already have to much power and pull there. and The shadowbanning nonsense, while i can understand the original intent, is being abused by people with power to silence people they disagree with.

Im a member of both of these communities. What reddit does now is going to determine whether they go the way of the dodo (Digg) or they continue to be a viable social community for discussion of any topics of interest to people. Hate groups can stay in their little silos and feel like they can have their free expression as long as it doesn't trickle out into unrelated groups. Subscribing to those groups should come with a stern warning or two to make sure that people with sensibilities know to avoid it.

I cant stand the hate and vitriol. The hate groups are a blemish on the internet and the world. But if people start banning that speech, that means they have the power to ban other unpopular speech or even people they disagree with.

too many secrets

ill have some of that world peace about now.

If the company is mismanaged, has bad policies or has employees that do wrong or bad things, who should be held accountable? Just because the person might want to be helpful, it doesn't change the fact that company is doing something wrong. Should the victim of that bad behavior bear the brunt of it and just accept it as part of normal business? Should they be forced to change their phone number and all the other things that go along with that including updating all their accounts and making sure anyone who might want to contact them for the foreseeable future is aware of the number change. Where does the burden here lie?

If a company is not willing to address problems in their organization in a timely professional manner, then they need to be held accountable and face the consequences for that.

In this case, the person was being harassed. People have a legal right to not be harassed. Harassment is a pretty specific thing with a pretty strict definition. And this definitely falls under that definition. Is it good enough to just say, don't be a dick to people and you probably wont run into these types of issues.
 

I've heard this nonsense before. There is a big difference between penalizing someone for an honest mistake and holding someone accountable for breaking the law or doing something which was obviously wrong or bad. Screwing over the customer should have consequences. For the business and for the person who is responsible for making the decision to do it.

I work for another company that has been doing this sort of thing for a long time. But instead of laying off employees and bringing on H1B's, they are bringing on recent college graduates that are also only H!B's and then making working conditions unbearable until the old timers here just leave out of frustration. There is such a high turn over rate here that we have all but stopped acknowledging when people leave. I am currently training 2 people and an expecting a third and I have to do this in addition to all other tasks that are assigned to me.

I miss the days when I could go to a first round in-person interview and get the job before walking out of the door. I am looking, but I am not having so much luck.

I think the problem is that many silicon Valley companies are employing these same sorts of strategies. Driving down wages by bringing in H1B's. Its like the management team reads in a business journal how all their competitors are doing this and they think that they have to do it too to keep up with the jones'. I think this is unethical and at worst, probably of questionable legality. theH1b program was designed to provide workers to supplement the workforce here because there weren't enough engineers to fill available positions. Now, the system is being used to replace engineers here with cheaper labor. This is not consistent with the intent of the provisions of H1b.

When you say that PC gamers don't have higher quality hardware, I have to assume you are talking about children.

What do you think is the primary driver for new PC hardware purchases? The answer is games as it has been for at least a decade.
People don't buy the newest most expensive hardware to run their word processors on or to watch youtube videos. They don't buy it to run their spreadsheets on or to browse the web. People who are serious PC gamers are the ones that drive the demand for newer and better hardware. Unless you are running some serious server infrastructure out of your home, if you are buying the best and newest hardware, there is a very good chance that it is for gaming.

People that complain that PC gamers don't have better hardware than the current flock of consoles really don't know what they are talking about. It may be that their friends are not as serious about gaming or maybe their friends aren't old enough to have jobs that allow them to be able to afford hardware upgrades. That being said, the last PC I had ran more than 5 years without any hardware changes at all and there was not a moment in time during those 5 years when any available console at the time could keep up with it. I ended up upgrading my system when my GTX280 finally game out.

Not a hater here. For a while I also bought every console that came out. Recently, I decided that since I was hardly playing any console games. My PS3 is mostly a dvd/blueray player and my wife and I played dr mario on the wii-u until we got bored of it. The xbox 360 gets powered one maybe twice a year because one of our friends kids want to play on it. That, in addition to the fiasco around the camera/always on listening devices nonsense that happened at release time solidified the idea that I didn't need the newer generation of consoles.