This is now sir.

I agree whole-heartedly, except the throne I thought about first is only about 3 feet tall and made of porcelain - color to match decor obviously.

Dig down second, Call-before-you-dig first. Dial 811.

Having recently been working for a Fortune X company, I know there are legal concerns with 'knowing' about vulnerabilities. Where my mind went reading this wasn't to SPAM type laws but to companies' current direction (especially after Target) of opting to 'not know' about security vulnerabilities versus 'knowing but not fixing' vulnerabilities.

I believe the direction is that you can prove you are being 'due diligent' by patching your systems...but if you scan for missing patches, or in this case subscribe to a newsletter telling you about security vulnerabilities and know about them...by not patching "them all" you are "negligent". Since our legal and governance bodies typically don't understand the complexity around currency and the fact that past business decisions have left companies in a difficult patch/break cycle, we're being directed to a 'don't know, don't tell' mentality.

Perhaps, by subscribing to RSS feeds rather than email notifications (more discoverable on corporate servers) versus a reaching out and pulling down of RSS feeds on an individual basis is (a) reason that Microsoft is driving in this direction. Seems strange they would restrict distributing information for the sake of other organizations, but nonetheless could be (a) determining consideration.

Being a security professional I disagree with this mindset and hope our legal systems recognizes that ignorance is not defensible and attempting to keep technology current and identifying risks where that cannot be accomplished is a must better security posture than 'not knowing'.

So my first comment relates to your companies security policy. Being someone who works on the 'other' side of that policy, and probably to the err of most of the poster's on /. (let the hate/trolling begin) it is extremely difficult to protect a business's information assets with current technology/solutions/policies/etc. as it is, let alone if users were able to setup experimental solutions outside of a dedicated lab environment. I won't go into much more detail than that, because those that get it understand, and those that don't - won't - no matter what I say.

My second comment relates to the 'copy-cat environment'. While my current and past employers get benefits from the money I have invested in my equipment at home, ultimately it is for my pleasure and benefit, as I will explain. My decision to respond is being based solely on the fact that today I made such an investment. I decided that to really expand my network and do the things I wanted to do, I needed (yes NEEDED) a new switch. My non-managed Netgear 5 port gig switch and 4 port Asus wireless router with DD-WRT just isn't cutting it. Instead I opted for a Cisco SG300-20, why? because the layer 3 routing, 20 gig ports, backplane capacity/speed, etc. will allow me to not only tinker but have a really great home network. Cost $330. Sure I could have expanded with another $50-80 non-managed switch, and I know many people cannot justify it as I do.

Why? reallywhy? Well because it directly translates into my ultimate success. I cannot believe how many times I've been able to directly relate the things I have/done at home into work scenarios. When we're talking to DBA's, Network Engineers, InfoSec, App/Dev, Senior Execs, Consultants, Vendors, etc. etc. having a wide pool of experience not only buys me credibility in the conversations, but often lends to better solutions. Starting a few months ago at a new Fortune 100 company from a small employer background, I was able to hit the ground running and gain the respect of my co-workers extremely quick. My previous employers actually had small labs, but finding time to tinker in them was next to impossible. Investing around $1000-$1500 per year in my knowledge is a small price to pay for the successful career I've had. And that is on top of the training and tuition assistance i have received from my employer. It's give and takeand for me, it's paid off handsomely. When I interview candidates (as I did three this week) who have been in the IT field for 12+ years and they know about as much as entry level candidates, or work with co-workers who don't understand why I'm pulled into all the high-profile projects I know it's because I've made investments like the switch I just bought.

BTW, Hadoop is my next install we are getting ready to put it in at work and I definitely want to be in-the-know.

Computers, Printers, Routers, Cell Phones, ATMs, Home Security Systems"... and none can be updated because of compatibility issues.


Great isn't it?

I'm not a software developer, but when I write code, its ALWAYS in production.

That's why I don't like the idea. Strictly speaking personally, I think outside the box with this kinda thing. While great to lower premiums and such, I think about what else they can do with that data that I might not like. Things I can think about today, or even worse, things I can't. Would I really care if they analyzed the data and sent me Starbucks offers everyday because I drive by three of them on my way to work? Probably not... but what if they decide to raise my rates because I drive through an area of town that is more prone to accidents? Every so many years I read about the top 10 worse roads, one of which is by me. Will they raise rates if I take that route to work? While these things 'may be' far from what will happen with my data today, tomorrow is a different story. I would rather stay away from those sorts of systems, whereas others might not mind. Just preference I guess (with a hint of paranoia).

> "Run X like a business" is simplistic bullshit unless the goal is to make money supplying something someone needs.

So you agree then, the goal is not something we need?

In which case good sense would imply they should atleast TRY to turn a profit? and not be funded with taxpayer money that could go to solve more basic and funamental NEEDS right now anyway... until there is excess in which case 'extra-cirricular' programs like this could add value.

...with a business model...
...with goods and services...
...and other sorts of incomes...
...like Patent Royalties on all the great discoveries they've made.
I sleep on 'space age' NASA foam every night!


Then they can spend what they make and get the government out of the space business, except again, to aquire goods and services which NASA could provide.

Saving so much money and getting so much more time to do other things has never been so much easier for myself, or my family consisting of a stay-at-home mom and three children. We have a Win7 Media Center PC with a USB OTA tuner for recording basic stuff...which we don't mind watching commercials anymore 'if' we watch live as opposed to recorded. All our kids DVD's ripped down to the NAS. We've also got an XBMC system upstairs with OTA live for night-time viewing. The only negative side-effect in that time has been last Christmas we didn't know what to get the kids because they never say "I want that". (seriously!) Since they've seen all their shows before, asking them to stop or pause to go do something is rarely an issue... unless we are at Grandmom's when they go into Zombie mode in front of the tube watching the HORRIBLE programming. The money we've saved has paid for a top-of-the-line NAS with tons of storage, all the media centers, and everything. The great thing is, we're now on the positive side of the investment (had some trial and error purchases) but have assets to show for it rather than wasting hundreds or more per year paying for commercials.

Now with everyone leaving paid television, I'm just waiting for our 'Internet only' cable bill to go up!

Thanks for your opinion and obvious superior knowledge of what people think and say. Why have polls? They should just ask you! You could be like an 'Oracle'... except your name would be "Frosty Piss".

(suitable)

So we first started out using signs of the zodiac for our server names. Of course this became a problem after we got to 13...so we decided to move to constellations since the zodiac names would still fit. When it came to naming a server for which we had a particular software product that constantly gave us more problems then we could deal with (company initials started with 'CA')...we decided to use something to distinguish it amongst the others AND relate our frustrations. We chuckled long and hard...but the chuckling came to a full blown roar when months later we were all sitting in a room with a lead developer from said company that was onsite to rebuild their software on the server because we (and them) could never get it working right. Those present included our senior management and the local, regional and divisional representation from said company (with the initials 'CA'). It isn't too hard to image what came next... yup, in the steps to rebuild the server, their SME refers to the server as 'Cancer'... one of the FUNNIEST days of my career.

It's a high grade fertilizer called Chernobylium

Studies have shown that accurate numbers aren't any more useful than ones you make up."


http://1.bp.blogspot.com/_oqH68z1KYWk/SCMhkz0851I/AAAAAAAAAGQ/7hQDeVNcikA/s1600-h/5652.strip.print.gif