Comment Re:How can this be? (Score 1) 613
Stupid users? I would rather say stupid designers who impose stupid constraints on John Doe...
Comment Re:Cognitive Psychology (Score 1) 266
Anderson is ok, but I would also recommend "The Scientist in the Crib" by Allison Gopnik et al. Less formal, but very clear and inspiring.
France Seeks To Push 3-Strikes Law Across Europe 265
quanticle writes "As you may recall, France previously threatened to cut off broadband access for file sharers. However, after lobbying by the public, the legislation failed in the National Assembly. Now, the government of Nicolas Sarkozy is trying to revive the the measure by pushing it as an amendment to the pan-European Telecoms Package. This amendment has the potential to impose 3-strikes across Europe, not just in France."
Collapsed UK Bank Attempts to Censor Wikileaks 230
James Hardine writes "Wikileaks has released a couple of hilarious legal demands over a confidential briefing memo entitled Project Wing — Northern Rock Executive Summary. Northern Rock Bank (UK) collapsed spectacularly late last year on the back of the sub-prime lending crisis and was re-floated by the Bank of England at a cost of over £24bn. The memo was used by the Financial Times, the Telegraph and others. It attracted a number of censorship injunctions, as reported by the Guardian, which only Wikileaks continues to withstand. In their legal demand to Wikileaks, Northern Rock's well-known media lawyers, Schillings, invoke the DMCA & WIPO, claim it'll be 10 years in prison for Wikileaks operators for not following the UK injunction, but then, incredibly, refuse to hand over a copy of the order unless Wikileaks' London lawyers promise not to give it to Wikileaks. Finally they claim copyright and more — on their demands! The letters raise a serious issue about the climate of censorship in the UK, where one can apparently easily obtain a censorship order — a judge made law — that everyone is meant to obey, but no one is meant to know."
The 10 Worst PC Keyboards of All Time 612
Kabz found the 10 Worst PC Keyboards of all time which leads off with the Commodore 64 and takes a trip through PCjr country. Might trigger some nostalgia, or some sort of flashback wrist strain.
Torvalds Puts Support Behind GPL2 Linux 326
Christiangrays writes "Linux creator Linus Torvalds has used an interview being made public by the Linux Foundation to stress that version 2 of the GPL still makes the most sense for the Linux kernel over the newer GPL version 3. GPL 3, which was released last year by the Free Software Foundation (FSF), reflects the FSF's goals while GPL 2 closely matches what Torvalds thinks a licence should do, Torvalds said. "I want to pick the licence that makes the most sense for what I want to do. And at this point in time, Version 2 matches what I think we want to do much, much better than Version 3," said Torvalds, who is now a fellow at the foundation. He was interviewed in late-October by Linux Foundation executive director Jim Zemlin."
Alienware's Curved Monitor 269
ViperArrow writes "Alienware has showcased a curved display prototype supporting a resolution of 2880x900, aimed mainly toward gamers, with a refresh rate of .02ms. This 3-foot-wide DLP with LED illumination will be available by the second half of 2008. The monitor is still showing some flaws, but Alienware assures us that these will be gone by release. No price has been revealed as of yet."
Submission + - Security Isn't Just Avoiding Microsoft
Jay Singala writes: "Article: Security Isn't Just Avoiding Microsoft
http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=291226&source=rss_ news50
Security Isn't Just Avoiding Microsoft
Ben Rothke
May 07, 2007 (Computerworld) We've all heard IT professionals imagine how secure their networks would be if they just didn't have to use any Microsoft products.
I've had to listen to clients kvetch for hours on end about how Microsoft makes their lives miserable and how everything would be better in a Microsoft-free world. Tony Bove wrote a whole book with that theme, Just Say No to Microsoft, and plenty of blogs have taken up the cry.
It's time for all the people who have entertained this fantasy to stop deluding themselves.
How would life without Microsoft be different? It wouldn't be in any meaningful way for those in charge of network security; there would just be a different vendor peddling the dominant operating system.
Networks in a world in which Apple had won the operating systems wars would still be insecure. What's that, you say? The Macintosh has had far fewer bugs reported and patched than Windows? That's true, but it's a consequence of the minuscule market penetration of Mac OS. If the Mac had enjoyed a market share of upwards of 80% for the past couple of decades, it would have been the focus of every hacker and script kiddie on the planet. And you might be lamenting the minuscule market share of that scrappy operating system vendor in Redmond, Wash.
If you put computers on a network and open that network to the outside world via the Internet, you're going to have security problems, regardless of whether you're running Windows, Mac OS, Linux or an operating system you created in your spare time. By all means, we need to run the safest operating system we can, fortify our networks and police the whole thing. But once we've done all that, we're left with one unalterable fact: Users will still make errors galore. Training can help. But for a bit of perspective, consider commercial air transportation. The hardware is about as safe as possible, and pilots are trained as thoroughly as surgeons. But accidents happen, and they're usually the result of pilot error.
User errors have long been the bane of security. In a sense, true security requires a paranoia honed to a fanatical edge, but sometimes even fanaticism isn't enough. After all, no one has surpassed the Nazis when it comes to fanatical paranoia. Yet even the well-trained German soldiers of World War II broke a fundamental rule of cryptography and reused the same keys. That mistake might be the only reason this article wasn't written in German.
So, what needs to be done? You must require users to attend formal information security training and awareness programs. No one should be left out. Set minimum security training and awareness requirements that all workers must meet — even janitors and others who have no system access. Step up the requirements for those who have access to corporate information systems (most workers would fall into this category), and establish exhaustive requirements for employees in computer-related positions of trust, such as security staff and systems programmers.
Your first step, if you haven't already done it, is to write down your information security policies. You can't design an effective training and awareness program without them.
Once you've set up effective training, you have to maintain it. Keep it consistent, and make sure users are up to date. It won't be easy. In fact, it's a lot easier to just blame Microsoft. But don't feel that all that kvetching didn't help. It took lots of people kvetching loudly for many years for Microsoft to realize that it had to do more, and it has made great strides since 2002, when it announced its Trustworthy Computing initiative.
Now it's your turn to do something similar within your own organization.
Ben Rothke, CISSP, is a senior security consultant at International Network Services and the author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill, 2006)."
http://www.computerworld.com/action/article.do?co
Security Isn't Just Avoiding Microsoft
Ben Rothke
May 07, 2007 (Computerworld) We've all heard IT professionals imagine how secure their networks would be if they just didn't have to use any Microsoft products.
I've had to listen to clients kvetch for hours on end about how Microsoft makes their lives miserable and how everything would be better in a Microsoft-free world. Tony Bove wrote a whole book with that theme, Just Say No to Microsoft, and plenty of blogs have taken up the cry.
It's time for all the people who have entertained this fantasy to stop deluding themselves.
How would life without Microsoft be different? It wouldn't be in any meaningful way for those in charge of network security; there would just be a different vendor peddling the dominant operating system.
Networks in a world in which Apple had won the operating systems wars would still be insecure. What's that, you say? The Macintosh has had far fewer bugs reported and patched than Windows? That's true, but it's a consequence of the minuscule market penetration of Mac OS. If the Mac had enjoyed a market share of upwards of 80% for the past couple of decades, it would have been the focus of every hacker and script kiddie on the planet. And you might be lamenting the minuscule market share of that scrappy operating system vendor in Redmond, Wash.
If you put computers on a network and open that network to the outside world via the Internet, you're going to have security problems, regardless of whether you're running Windows, Mac OS, Linux or an operating system you created in your spare time. By all means, we need to run the safest operating system we can, fortify our networks and police the whole thing. But once we've done all that, we're left with one unalterable fact: Users will still make errors galore. Training can help. But for a bit of perspective, consider commercial air transportation. The hardware is about as safe as possible, and pilots are trained as thoroughly as surgeons. But accidents happen, and they're usually the result of pilot error.
User errors have long been the bane of security. In a sense, true security requires a paranoia honed to a fanatical edge, but sometimes even fanaticism isn't enough. After all, no one has surpassed the Nazis when it comes to fanatical paranoia. Yet even the well-trained German soldiers of World War II broke a fundamental rule of cryptography and reused the same keys. That mistake might be the only reason this article wasn't written in German.
So, what needs to be done? You must require users to attend formal information security training and awareness programs. No one should be left out. Set minimum security training and awareness requirements that all workers must meet — even janitors and others who have no system access. Step up the requirements for those who have access to corporate information systems (most workers would fall into this category), and establish exhaustive requirements for employees in computer-related positions of trust, such as security staff and systems programmers.
Your first step, if you haven't already done it, is to write down your information security policies. You can't design an effective training and awareness program without them.
Once you've set up effective training, you have to maintain it. Keep it consistent, and make sure users are up to date. It won't be easy. In fact, it's a lot easier to just blame Microsoft. But don't feel that all that kvetching didn't help. It took lots of people kvetching loudly for many years for Microsoft to realize that it had to do more, and it has made great strides since 2002, when it announced its Trustworthy Computing initiative.
Now it's your turn to do something similar within your own organization.
Ben Rothke, CISSP, is a senior security consultant at International Network Services and the author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill, 2006)."
Boredom Drives Open-Source Developers? 199
Henry McClyde writes "Chris Anderson of The Long Tail posted an article yesterday in which he claims that "spare cycles" — or boredom and the tons of people who wish they had something better to do — is what drives Web 2.0.... and the open source development community. While Web 2.0 in general is driven by "the long tail," NeoSmart seems to have taken up issue with Anderson's claims that open source developers (and other freeware programmers in general) do what they do because they're bored and have nothing better to spend their time on. Same with Wikipedia contributors, and bloggers in general."
Slashdot Top Deals
What good is a ticket to the good life, if you can't find the entrance?
