Re: Voova should take some heat here...
But, but it's in the cloud.
123 posts • joined 8 Dec 2017
China can do all those things and a lot worse. So whatever you might think of western democracy, it's a hell of a lot better on the rights department then China.
On the other hand, China is not the one shouting from the roof tops that they're the protector if Freedom and Democracy(tm) either.
It's one thing to argue that the Western Allies diplomatic failure in Eastern Europe forced the Soviets to make their own arrangements with Germany. It's another to justify helping to arm the German war machine, while they were fighting Britain and France - particularly stupid given that it was likely to be turned on them next.
It's just as dumb as the British secretly supporting the fascists in Spain during their civil war, while depriving the republicans of the arms to defend themselves. This whole diplomacy thingy is based on opportunism, and that goes for all parties, the western 'Allies' were doing exactly the same. If my future adversary is busy fighting someone else than me, that will give me time to get own house in order when it's my time.
Please spare me the 'holier than thou' attitude.
There is the evidence
Really? Please post some links that do not point to people repeating non-verifiable 'news' from people who have their information from 'reliable sources' or a TLA stating they have 'high confidence' such a thing happened without actually disclosing any real information beyond 'trust me we know, but we can't show you the evidence, because of... eh National Security, yep. National Security'. The very same TLAs that had 'high confidence' about WMDs in Iraq.
I know how many examples to actual evidence you can produce; exactly zero.
It's hearsay and people repeating hearsay and more people thinking that as long as enough people repeat it, it becomes true.
It's possible Assange may have thought he had a deal with Trump, but - like many others before him - he's since realised what that's worth.
Now I am confused, who the conspiracy theorists are supposed to be again?
Is it the ones that think that Assange will be picked up by the US govt, taking into account previous actions from that particular govt like breaking international law by forcing the landing of a diplomatic airplane carrying the Bolivian president, because there was a chance that Edward Snowden was on board... along with an extensive track record of false flags to start conflicts and 'interventions' by toppling foreign democratically elected governments?
Is it the ones peddling the Trump colluded with Wikileaks and Russia, for which we can show the following overwhelming proof ... >sound of crickets<
Nixon should have thought of blaming the Russians when Woodward and Bernstein investigated Watergate. If Watergate would have happened now, both journalists would probably in incarcerated, instead of receiving a Pullitzer.
It sounds like many companies have been paying lip service to the security around their IP
That's because non-technical people have no clue about IT and are not willing to spend money on what appears to work 'just fine' automagically. The whole premise of securing a physical gold storage facility is much easier to understand than setting up proper user authentication.
I am encountering more and more that even people working in IT seem to know the 'magic incantations' to get something done, but have no idea what those incantations actually do, nor what any side effect of those incantations may be. On top of that, they often don't even seem to be actually interested in anything except 'making stuff work'.
Although I agree with the general sentiment, they also could have just grabbed the customer list and listened in on their conversations in the 'traditional' way using a directional microphone and a court order to monitor a person suspected of committing a crime.
This wholesale grab of all data just rubs me the wrong way.
Someone like Snowden could be using this service and with the dutch government bending over backwards to the US interests usually, it wouldn't surprise me if this would be abused.
The issue is probably human error. Probably a misconfiguration or alerts that were ignored or not received at all, because infrastructure is easy and any developer who can bang two lines of Java together automatically knows everything there is to know about infrastructure as well.
That's the Devops way.
fining a company some large percentage of their global takings is a pretty decent incentive.
Fines will be borne by the company, which will translate it into their cost. This means that with the large oligopolies that we're currently having, the customer eventually pays for the f**k-ups of poor management.
I am not saying CTOs should immediately go to jail without any investigation, but if their Security Officer has been warning the CTO time and time again that things need to be improved and the CTO doesn't act, the CTO did not perform his/her 'due diligence'. This should be at the very least a fire-able offence without pay / golden parachute.
The issue I have with this is that even if this happens (it does not), that incompetent previous C-level manager will happily start working somewhere else at the same level, due to his golf-buddies and f**k things up there.
Jail time seems to be the only way to actually get the message across. It doesn't even have to be years (I am actually against long incarceration), but even a few months being deprived of their freedom will quickly change not only their perception of the seriousness of the job, it will also change the perception of the next board looking to hire C-level managers.
I have no problem with competent managers being compensated properly. I have a problem with bumbling fools being elevated above their capabilities, f**king up things for all employees in the company, then move on to the next one using their golden parachute.
Now, if the *developer* was to go to jail for errant and grossly negligent practices (i.e. using off-the-shelf code and libraries, externally hosted or not, with zero understanding or care of the potential implications), then perhaps these f**k-ups wouldn't happen at all.
Most of these f**k-ups only happen, because with every IT project, corners are being cut to meet arbitrary dead-lines (often linked with bonuses for management for finishing early/under budget).
As it stands we have a market flooded by f**k-ups who think they're able to manage a project, who are paid well over £600/day, but are too moronic to listen to the highly paid experts when they tell them not to cut any corners. Only a poor crafts-man blames his tools.
If you somehow think imposing this level of penalty would magically make everyone write every line of code from scratch, including the OS, and CPU microcode, to ensure every single byte has been thoroughly inspected, then you misunderstand how business works.
Of course it would would not magically happen, it would require real work. Things 'magically happen' because someone else will take care of it is the current way of thinking, where C-level management is absolved from any wrong-doing, because they're 'not able' to control what everyone else in the company is doing.
The key term here is 'due diligence'. Right now a lot of top management has no interest in ensuring they do a good job, since they are able to hide behind the excuse that they can't control what's happening on the lower rungs in the company.
misunderstand how business works.
I understand very well how businesses (and their internal politics) currently work and I also understand quite well what it would take to make them work well. You however don't seem to understand human nature.
Without an incentive to actually get off their ass, nothing will happen. Since larger and larger carrots don't seem to work, maybe it's time to apply the stick.
No-one in their right mind would take a CTO job if this was the case.
You mean, nobody who doesn't know anything about security, how to enforce it and check that subordinates are indeed implementing said security would take the job.
And that's exactly the purpose.
Someone who cannot ensure that subordinates are doing what they're supposed to be doing should not be in any position of power. C-level management requires a person to have leadership skills, not being best golf-buddies with members of the board.
We take the protection of our customers’ data very seriously.
They just leave out the bit ', but not enough to spend any serious money on it, since damage control if something happens is still cheaper for us than actually making sure your data is secure'.
These things will not change until C-level management is made directly responsible if things like this go wrong.
Data breach? CTO goes to jail.
Problem will fix itself within the next 6 months.
My thoughts exactly.
What are the chances that any of the embedded security people gets cut off at the knees when complaining about a security issue that needs to be fixed that endangers the delivery date of a new feature?
Without a direct connection to C-level management, any push for security will be doomed to fail.
Literally, the signal-to-noise of what they want plummets the second that you capture ordinary people in the loop
That presumes that the real reason is an attempt to capture the 'bad guys'. Problem with that again is thay the definition of 'bad guys'is constantly shifting.
Can't imagine why anyone would have a negative view of Putin
It's just that a lot of people are tired as fsck about articles with a lot of whataboutery. For some reason, you don't see similar articles about US run sites like CERT, which for instance completely lacks any mention of where Student originates from (who'd have thunk it), but you don't see articles being written pointing this out (and that's good, because it would be just as useful as an article pointing out that water is wet).
Everybody already knows that each government has their own intelligence machine and their own political motivations to point out what their 'enemies' are doing because they're evil.
Please keep technical articles technical.
And btw; insinuating that anyone complaining about this sort of this is a putinbot is so last year.
if you don't understand the difference between a freely elected government and a government ran by a pseudo-dictatorship which invades a peaceful nation and runs hundreds of thousands of people out of their home at gunpoint.. then I believe you have a lot of research and self-reflection to do.
Indeed, the false choice in the US between a turd-sandwich and a shit-bagle can't actually be called a democracy.
Along with their lang-standing tradition of overthrowing democratically elected governments in other countries they don't like, they should be stripped of their veto power in the UN.
Or is that not exactly what you had in mind?
Aside from the fact that you're still giving your data to a US company, I hope the Finnish government is actually taxing Google, instead of giving ridiculous tax breaks.
Google is using the highly skilled workforce and public infrastructure, which is all paid for through taxes. At the very least they should contribute to Finnish society in the form of taxes, instead of leeching off of public infrastructure paid for by Finnish citizens, while moving profits to a tax haven.
EVERY rightsholder supply free copies (or hashes) of EVERY copyrighted work to EVERY Web site?
Free copies? No, not free. Anyone who's required to implement these measures can probably buy a solution with a hit ratio of 1%, with a forced subscription model to ensure the signature database is updated at regular intervals.
Why else do you think MS would pay 7.5 billion USD?
This'll teach you to use any service that's owned by a US company.
With the rise of huge mega corps in the US, your data is not safe if it's stored with any US company. Even if the data is not directly stored in the US.
Stop shooting yourself in the foot and go somewhere that does take privacy seriously.
Compulsive liars, need to prove they're not lying this time.
Interestingly, this was immediately attributed to North Korea, while if you check for Stuxnet on the same site, there's not a single link that implicates the US and/or Israel.
For some reason it looks like 'technical' statements from US Cert are highly politicised, and that should already be a reason to take anything they say with a grain of salt.
UN has pretty much been crippled by politics and made meaningless for a long time.
Yes it has, but the value of the UN and active participation is seriously hampered by the few countries that have 'veto' rights. This essentially means that as a non-veto country the only way you can pass any significant changes is if you make sure any proposal you want to pass is in the interest of the countries that do have veto rights.
The only way to fix this is to remove veto rights completely.
ruthless but selfish minorities.
Of course, if you look at history, it's always the minority groups with no power who abuse said lack of power.
Some people who see 'evil terrorists' in every nook and cranny, don't seem to understand how power corrupts selfish humans who should be working for the good of general population.
'using the cloud' is nothing more than putting your balls in someone else's vice and hoping they know which way to twist the handle,
Utter brilliant; I'll definitely be ripping off your comment and will randomly throwing it into polite conversation.
"Most of our ideas suck," he said, attributing the quote to software consultant Jeff Patton (though any cynic, unbidden, will say as much).
"But some of them are amazing," he added. "If we can try enough of these ideas out, we can play a numbers game. We can find that ideas that will really help our customers."
Isn't this essentially the same idea that if you put enough monkeys in a room with typewriters that eventually one will create a master piece?
So what does that say about developers that are proponents of this idea?
Surely they need full access to the target users computer not just the target's email account.
No, just having an email file itself allows an attacker to modify it, resend it and have (part of) the encrypted content fed back to the attacker as a URL that attempts to connect to an HTTP capable service owned by the attacker, due to the way that some email clients handle poorly formatted HTML in emails.
This is however only possible if the email client actively connects to URLs embedded in emails to retrieve content and the attacker must already have access to the emails, which mean either access to a user's account or access to a mail server.
The main group at risk of this, may be whistle blowers and political activists targeted by nations states who have access to email servers that contain a copy of the mail with encrypted content already and then only if they are using one of the affected email clients that allow retrieval of dynamic content in HTLM formatted mail.
why should the US burden itself by taking refugees who are unskilled from "sh*thole" countries - such as Haiti
Maybe because the US is one of the greatest 'contributors' of turning countries into 'shitholes'. Either by bombing them back to the stone age or overthrowing democratically elected governments, because their interests conflict with the interests of the US.
I do know that I never saw a non-distribution provided init script that handled correctly the basic of corner cases – service already running
This only shows that you don't have much real life experience managing lots of hosts.
like application double forking when it shouldn't
If this is a problem in the init script, this should be fixed in the init script. If this is a problem in the application itself, it should be fixed in the application, not worked around by the init mechanism. If you're suggesting the latter, you should not be touching any production box.
"La, la, la, sysv is working fine on my machine, thankyouverymuch" is not what you can call "participating in discussion".
Shoving down systemd down people's throat as a solution to a non-existing problem, is not a discussion either; it is the very definition of 'my way or the highway' thinking.
now in the real world, people that have to deal with init systems on daily basis
Indeed and having a bunch of sub-par developers, focused on the 'year of the Linux desktop' to decide what the best way is for admins to manage their enterprise environment is not helping.
"the dogs may bark, but the caravan moves on"
Indeed. It's your way or the highway; I thought you were just complaining about the people complaining about systemd not wanting to have a discussion, while all the while it's systemd proponents ignoring and dismissing very valid complaints.
Biting the hand that feeds IT © 1998–2019