Re: Omg, what is it with the headliens?
Except that they improved the speed by eliminating delay, so it's faster :)
5770 publicly visible posts • joined 29 May 2007
this is a real pet-peeve of mine.
Not that long ago I had to perform an audit in preparation for a live system migration during the run up to Christmas for a major drinks distributor (yeah yeah - not my idea - but it certainly focuses the mind! :) )
The rack cabling was so bad that at the end of the audit there were four cables which proved totally impossible to trace!
"It is now official: switching off AV software is the first step to securing your system..."
I installed Norton once, I had to leave the room and nuke it through the window. Never again.
I monitor my outbound connectivity and CPU processes for anything suspicious and turn off everything that isn't immediately required in my browser.
I've never had a virus, only the odd bit of adware etc, and those fscking toolbars got installed once when I was in a rush - so I must be getting old. With that in mind I'm moving to a VM based solution and just run a vanilla Vista image to browse the net. If it gets infected it's gone when I shut the thing down.
"Which is a pity as only their involvement is likely to get this done."
Especially since most of these items aren't free. It's as hard to prove a negative today as it was 20 years ago, but at least people know what you mean when you tell them that a breach will cost not just money, but reputation and career advancement as well.
"a burning ambition to get it done. If you lack the last then you are fucked."
Even (especially?) in high risk environments there are those who are more concerned about cost of deployment than the cost of breach (both material and reputation).
These people just consider what they do a 'job' and you could no more extract passion from them than you could the money for the cost of a round of beers for the tech team that save their nuts on a weekly basis for no real benefit.
However, it is possible to inject passion into a project - but it's a draining process and can go off the rails with one well placed internal political manoeuvre from someone looking to make departmental gains.
Sad, but that's the world we live in :(
"Whether the remake can provide anything new to encourage a similar success or if it will simply be an attempt to cash in on the nostalgia of its initial fan base is yet to be seen"
There are *some* games that definitely need to be updated with new graphics, maybe some new things added (as options) but the original gameplay should be kept intact.
For instance, if Nintendo released a machine with updated specs and all they had to run on it was Ocarina of Time (updated) then I would pay good money just for that.
If pretty much the whole developed world is in debt, who owns this debt? The banks?
Since the weeds that are choking the flowers is interest payments, perhaps we need a UN led initiative to allow a certain amount of 'recovery' time to re-stimulate the world economy.
E.g. An interest free year on national debt for ALL countries.
Obviously not going to happen, but perhaps it's time to start thinking of what can be done on a larger scale than trying to sort this out at a national level.
"Interesting article on how the hack was discovered."
Doesn't sound right. Unless the OPM are running a flat network and the computer running the demo software was just plugged into a meeting room ethernet port to run a scan.
Deploying this software into complex environments takes time and planning (aka projects) - I just don't seem someone plugging their laptop into the network and 'discovering' this malware unless that network is completely open - in which case there are more problems to deal with than I could list!
Except this isn't just 'government' - this is real peoples' lives we are talking about here.
What if you had to have this clearance to work on a particular project for a US company and your details ended up in this database? How would you feel then, knowing that your loved ones might be in danger if you know something they want? Or how about the worry of traveling abroad and wondering if you'll get 'snatched'?
Ok, a bit melodramatic perhaps, but it's a possibility. It's also one very good reason I don't actual put information online about what I do, it's just not worth the risk of painting a target on yourself if someone decides they want that information - whether it is another state or a criminal gang.
For some reason I am reminded of the railway workers working on the Jubilee line at Canary Wharf jeering at the now unemployed workers leaving Lehman Brothers with their box of possessions in their arms - none of whom you could ever accuse of being a fat-cat or responsible for the crash - they were just office workers. Not nice.
"Unfortunately most the harvest would have be tossed in the bin as it is asshole."
You know when you look at dog food ingredients and it says 'moisture' - I believe that is produced by pressing waste products, such as asshole, to extract the moisture content.
Sounds worse than my still-suit -->>
Are they (the vegans) advocating that the world actually *wastes* the leather that comes off the back of our food supplies? Now that *would* be a crime.
If we raise and slaughter an animal for food, we at least owe it the respect to make use of every piece of it and not just dump it.
If they are objecting to the recordings of the abuse, then surely someone just needs to lay in wait for the Vogon woman and deliver a good slapping beyond the view of anyone else. Hey presto - no crime was committed because even if someone got it on camera it would have been without permission!
Considering how these agencies are always able to 'know' about someone who ends up performing an act of terror yet unable to do anything due to lack of resources, it's interesting to note that they can instantly deploy 200-250 people to try and plug the gap in their dirty underwear.
Perhaps if these agencies spent more money on actual people, doing actual intelligence, then they might be able to make more of less (data) and not get everyone's arse-hairs in a twist about the massive net they are casting over the populace.
They don't seem to be able to comprehend public opinion; at least they certainly don't give it any credence or respect - and it is that attitude that is distancing themselves from having any kind of popular support.
Fucking idiots if you ask me. Which you didn't :)
You've just reminded me about the massive Police operation in Suffolk last week where several forces combined and deployed APNR and spot checks etc. to "disrupt the criminal community".
Brilliant, you might think. What they actually did was nail about 60 people for using mobile phones or not wearing their seatbelts, a few of those they pulled were driving without insurance.
Not sure how much the whole operation cost (>100 Police) but the "criminal community" are apprently so scared now that some of them have stolen some hands-free kits to slip the net next time.
I'm not aware of anyone in either the for or against camp that is advocating that GCHQ stop monitoring communications. To suggest otherwise is just a straw-man argument.
I would, however, like there to be a lot more scrutiny and oversight as to what they are up to.
After all, if we get saddled with an oppressive extreme left/right wing government and want to organise a protest you might want some freedom to express yourself.
Or, you might come up with a new way to harness energy that could change the world - except that knock on the door at 3am with you and all your research notes being bundled into the back of a van courtesy of corporate interests who know what you are up to.
You never know.
"IT remains a ludicrous and most lucrative speciality which resists all attempts at commoditization"
I used to think that about firewalls in general, and I suppose it has taken a long time for the youngsters to be nipping at my heels (I should have been feeling that 10 years ago!) but I think the tools will become more streamlined and integrated, allowing lower skill levels to at least take part, if not excel.
" are they fully deserving of the penalties that result from not having the best that is available."
If this were just some international company then they could live or die by their decisions and only their stakeholders and employees would be in the firing line. Unfortunately the impact of a serious hack on this particular client could have knock-on effects to us all in more ways that I can contemplate. Think half a dozen boulders thrown into a very deep lake of irregular shape, the ripples would be felt for some time. I can only advise however, not dictate, but I continue to resist all attempts at shoddy solutions in the face of extreme bureaucracy :)
"a stroll on the other side of the fence"
I spend a lot of time thinking of ways to break in to my solutions, including leveraging my privileged access and knowledge. As long as I can stop myself breaking in and nicking all the cookies it should stand a reasonable chance against an outsider, assuming they are not a state player of course - I make no such assumptions on that score ;)
I started out in network software and then that became 'commoditized' by the tcp/ip stack being bundled with windows.
I moved into networking and that went the same way, but this time by the process of time and number of people getting CCNA certs with their breakfast cereal.
So I moved into security and I have been noticing the same kind of process happening again.
However, the further down this path we go, the more conceptual some of the actual details and the harder it is to just throw bodies at the equation (well you can, but the quality goes down).
So, the next level appears to be security intelligence - the application of security in complex environments - which requires specialist tools and knowledge - neither of which come cheap.
I'm currently involved in deploying some security products for a large client and they are all starting to talk to one another and to logging/alerting systems and it's all looking pretty good - but we are still at the stage where we are bolting all these things together and bending virtual wires with our brains to make them into the shapes we want - and the software licences aren't exactly cheap either.
For example, a multi-billion profit organisation is penny pinching and trying to cut as many corners as possible to deploy all this kit. All told it will be about $10m up to testing and BAU handover.
The problems really start then, because you need specialists to manage all this equipment and there are no 'experts' yet - so we become experts in the process of building it all and normalising the client network etc., but this means that the high level support that will prevent all this stuff turning into shelf-ware will cost about $1m/year.
Doesn't sound that much considering the assets it will be protecting, but this multi-billion dollar profit organisation is quibbling and considering outsourcing a lot of it just to save a couple of hundred $k.
So, if we have big organisations deploying expensive tools that need specialists to bolt it all together and keep it working (think of a team of racing car mechanics) trying to pinch a penny - what is the likelihood of smaller organisations a)buying the stuff in the first place and b)spending the money to make it run properly?
"SDN could allow a change in network configuration that is transparent to the attacker"
..and also transparent to the owners of the network until it is too late perhaps? Or not at all if they don't have the real-time tools to tell them what is going on and to ensure a gaping hole hasn't just been punched through their network.
Still, the more people do this kind of stuff, the more of a market it creates for people like me, but I shudder to think of how much will get broken before this level of the security tree gets commoditized.
"head right back to Skyrim"
I've just started playing Skyrim (recently saw the whole lot on special offer).
Gotta say I'm enjoying it. Knowing from past experience you can only experience these things for the first time once I am going steady and not rushing through anything.
At one point I used the restoration potion upgrade cheat to get buffed equipment and magical items etc. but I'm selling all that stuff off now as it made things too easy, no sense of fear :)