School Tricks Pupils Into Installing a Root CA
The important lesson you are about to learn is this: Pick your battles.
This is a battle you cannot possibly win.
Why not? Because you're still a pupil.
Virtually every argument you can come up with for why that certificate shouldn't be there - no matter how well-reasoned - is going to be dismissed by staff. Even if you can come up with a well-reasoned argument that no sensible adult would counter (you probably can't; there are very good reasons for a school to want to monitor everything that are likely to be perceived as overriding any concerns you have about privacy), you'll be crushed.
At this level, arguments like this inevitably wind up being less about who is technically right or wrong and more about who has the power. As far as the school is concerned, the person who wins the argument has the power - and there is no way they will ever let a pupil win such an argument because it means conceding power to a pupil.
In your position, I'd install some sort of plugin that allowed me to verify that my HTTPS session was using the "right" certificate - and if not, I'd tether my laptop to a personal mobile phone.
BPAS Appeals £200,000 Fine Over Hacked Website
Replying to myself, but.... £200,000 is a pretty big fine by ICO standards.
Reading the report, it seems that while the BPAS did everything right once the breach was discovered, the circumstances that led to it happening in the first place were caused by pretty blatant incompetence. They knew (or should have known) that the details of people who wanted to use their services would be confidential information, they sacked the firm that built the website over concerns for their ability but they kept the site without ever auditing it.
The fine isn't just based on how flagrant the data breach was, it's also based on how much the organisation being fined can afford without causing undue hardship.
I'm not surprised the CEO wants to appeal the fine. The circumstances that led to it suggest gross incompetence at several levels; if she doesn't appeal or the appeal is unsuccessful, I imagine her job is on the line.
BPAS Appeals £200,000 Fine Over Hacked Website
That's not how ICO fines work.
The way they work is this: If you suffer a data breach that the ICO hears off, they'll investigate.
Once the investigation is complete, they'll do a few things:
1. Write a beautifully-worded press release explaining exactly what you did wrong and put it on the news wires.
2. Write an equally beautifully-worded report explaining what you did wrong in explicit detail.
3. Issue a thumping great fine.
It's important to note that they don't have to take an organisation to court to raise this fine. It's the other way around - if your organisation gets fined, it's down to you to raise an appeal.
Bitcoin Plunges After Mt. Gox Exchange Halts Trades
Virtually anything you might buy or sell derives at least some of its value from faith, and currencies are no exception to this. In other words, as long as a sufficient number of people believe that 1BTC is worth ~$680, then 1BTC is indeed worth ~$680.
This is even true of gold to a certain extent - its value goes up and down too, though it's seldom as volatile because it has other uses beyond currency.
When something happens to shake that faith, the value drops. When something happens to strengthen that faith, the value rises.
Any currency that isn't backed by something tangible (eg. a precious metal) by definition derives more-or-less all its value from faith. This isn't usually a big deal - most countries came off the gold standard decades ago - but one side-effect is that if your country's government is unstable, there's a very good chance your currency will follow suit in short order. For extreme examples, see Zimbabwean dollars, Afghan Afghanis and German Papiermarks.
Algorithm Aims To Predict Fiction Bestsellers
It's already been done - though only in fiction.
Roald Dahl wrote about a machine called the Great Automatic Grammatizator. A machine that you plug in various parameters - such as type of book, characters, proportions of violence/sex/humour - and it churns out something that's pretty much guaranteed to be a bestseller according to those parameters in fifteen minutes flat. Being a writer himself - and a somewhat dark one at that - the end result was a dystopian universe in which writers were forced to give up writing and just license their name to the man with the machine, simply because the machine brought the cost of production down so much that this was the only way to earn a living as a writer.
Reverse Engineering a Bank's Security Token
Now, had he figured out a way to divine the secret device ID from the generated codes, well now that would be bad.
Worse than "bad".
Looking at the (admittedly obfuscated) screen grabs and the comments that say the bank provide RSA hardware tokens if anyone wants one - I reckon it's a software implementation of an RSA SecurID token, probably bought in directly from RSA. And if it's bought in from a third party, it follows that anyone else who's bought in the same product would almost certainly be vulnerable to the same issues.
DRM Has Always Been a Horrible Idea
There seems to be this idea - and I've been guilty of it myself - that the world is black and white.
In this case, the argument is DRM either works 100% or it works not at all. As "working 100%" is obviously wrong, it follows that it does not work at all and is in fact a stupendous waste of money on the part of the people who commission ever-more-complex DRM systems.
But what if DRM was never meant to work 100%? What if it was only ever meant to slow things down - for instance, to ensure that you can't find a good quality version of a new movie on the Pirate Bay the first weekend it's in the cinema? To ensure you can't pirate a game on the day it's released in stores - and for maybe a couple of weeks after?
NSA Says It Foiled Plot To Destroy US Economy Through Malware
More often than not these things get named by the antivirus vendors when they hit the wild and not before, which is why there isn't a name for it.
Standardized Laptop Charger Approved By IEC
Hint to manufacturers: there's a portion of the market that likes nice things, or at least not bottom-of-the-barrel cheap things.
There is, but when you've spent thirty years turning PCs into commodity items the habits become ingrained and hard to change.
Then you discover that the word "commodity" has a number of connotations, most of which are pretty bad for your business.
Is Bruce Schneier Leaving His Job At BT?
In which case, it makes a lot of sense from Schneier's point of view to leave. Why would you want to hang around a company that's so heavily tainted when your entire CV is based on your being a guru in the field of security?
Why Cloud Infrastructure Pricing Is Absurd
I know this because I just inherited one of these. My predecessor promised cheap, I'm stuck with managing expensive (and am moving the #$@! thing back into our existing colo space as soon as I can practically do so...)
Sounds like your predecessor fell for a scam that's existed since time immemorial. Outsourcing isn't always cheaper. How can it be when the company you're outsourcing to faces the exact same costs as you do but needs to make a profit on top?
Oh, sure, it is under some specific circumstances. But the idea that it always is is downright lazy management.
Why Cloud Infrastructure Pricing Is Absurd
'Course it isn't.
Oh, sure, someone like Amazon can probably get a better price on the hardware than you or I. But they still need to buy it, power it and arrange bandwidth, same as anyone else.
Where they come into their own is in a few very particular (and for that matter very common) use cases:
- Where you don't need the power of a whole server and can get by just fine on a tenth that amount.
- Where your requirements may spike occasionally - but the keyword is "occasionally". They don't spike often enough to merit building out a system based upon theses spikes.
- Where you don't have the credit to be able to buy a shedload of new equipment on some sort of leasing agreement and you don't have the cash to pay for the whole lot up front.
Something similar is true of any outsourcing-type arrangement.
Google's Plan To Kill the Corporate Network
The idea of a secure network and a VPN to get into it if you're working away from the office is all very fine, but the list of problems it throws up is huge - and it just gets bigger as your company expands:
- You almost invariably wind up with a two-tier experience. People who are in the office and get nice fast access to everything and people who are out of the office and everything's dog slow. Oh, sure, you can reduce this problem somewhat by putting servers in a colo, but now you've got to engineer systems so you don't wind up with everyone getting the dog slow experience. (I'm particularly looking at legacy file servers here; SMB was never really designed for use over a slow, high-latency link, though I understand newer versions of Windows Server have mostly cracked this).
- You don't gain an enormous amount of security. Even with a heavily locked-down perimeter firewall it's seldom that difficult to figure out a way to get information out, as long as you can get something nefarious in. And that really isn't difficult with a little light social engineering.
- Expanding beyond one office gets very expensive very fast. You need to be looking into Terminal Server, very fast (=expensive) links or have branch offices put up with terrible application performance. IT as an industry automatically assumes that multiple branches = huge business with a huge budget that takes IT very seriously (seriously, throw that bit of information into any proprietary system you're pricing up and watch the price skyrocket). I can tell you now that every single town has loads of small businesses spread across multiple branches that don't have a huge budget, don't feel the need to dedicate enormous resources to IT and they are absolutely loving the various web-based products such as espoused by Google.
Oh, sure, there's a lot of business applications that are designed on the assumption that you're a company in just one office - or if you have several offices, you have gigabit links between them - but I don't think Google really need to care too much about those.
RF Safe-Stop Shuts Down Car Engines With Radio Pulse
He doesn't need to.
A car with power steering has MUCH heavier steering when the power steering's failed versus an equivalent model that never had power steering fitted in the first place. To the point where even steering a moving vehicle is damn hard work.
Ask Slashdot: Why Are Tech Job Requirements So Specific?
We have very specific requirements that the engineer must experience with. vBlock, EMC, VMWare, Brocade, Cisco MDS, Commvault, Avamar, data center migrations, and Azure and/or Amazon glacier and a few other specifics that would be nice. Any single one of those we will let slide but not more than one.
That's a lot of very specific technologies there. Many people with all of them out there?
BlackBerry's CFO, CMO, and COO Leave Company
But Apple and Google provided so much, the top executives demanded their IT departments support these devices. When it was no longer the exclusive mobile email provider for corporations, it had nothing else to offer. It just withered.
The writing was on the wall long before then.
Blackberry's biggest selling point was half-decent email integration. At the time, nobody had a mobile IMAP client worth a damn - and even if they did, Blackberry offered features that weren't possible with IMAP (eg. remote wipe, policy enforcement).
Exchange 2003 - yes, 2003 - integrated ActiveSync. Now, while there weren't any ActiveSync capable phones worth a damn either - and wouldn't be for some years - the technology had promise:
- No need for a third-party server, it's integrated with Exchange.
- No need to be tied to a particular handset manufacturer.
- No need for email to pass through the black box that is BES.
Granted, it wasn't as featureful as Blackberry Enterprise Server - but except for very specific industries, how many companies really care about being able to turn on or off every damn feature the phone offers?
It was only a matter of time before someone introduced a smartphone that spoke ActiveSync without functioning like complete arse. Did Blackberry recognise this and look for ways to make their products stand out regardless? Did they hell.
Study Suggests Link Between Dread Pirate Roberts and Satoshi Nakamoto
I've been saying something very similar for a few weeks.
Governments have a habit of disliking things that involve vast amounts of money flowing around that they can neither control nor tax. Yet Bitcoin is the perfect currency for allowing uncontrolled, untaxed transactions worth billions. The instability might be a bit of a problem, but if I'm going to top up a Bitcoin wallet now and use it to pay for goods within the hour, I don't really care what it's doing a week next Tuesday.
How it'll ultimately play out I don't know - I can see pressure being put on the likes of Paypal, Visa, Mastercard, SWIFT et al to block any transactions to Bitcoin processors, ultimately making it very difficult to get money out of Bitcoin - which wouldn't do the value any favours at all.
Ask Slashdot: Can You Trust Online Tax Software?
Both you and the poster you're replying to have a point.
Certainly in the UK (and I wouldn't be surprised to find it in the US, for similar reasons), the accountancy industry is in bit of a panic. Software that does 90% of what they do has finally become cheap and accessible enough for pretty much anyone.
All of a sudden, Dave down the street starts offering accountancy services at a 40% discount (which he makes possible by having the cheapest kid fresh out of school punch numbers into a computer - or even outsource punching numbers into a computer to someone in a much cheaper country). Your accountant is stuck with a problem: How does he persuade his clients that it's worth using him rather than going to Dave down the street? As far as his clients are concerned, both people are doing the exact same job, it's just that one is much cheaper.
Copying Dave and cutting prices is only going to go one way - all other things being equal, clients will choose one or other of them more-or-less at random and they'll be sharing a much smaller pie. Which is only going to get smaller as the software becomes more sophisticated and the clients think "Why do I need an accountant at all? I can sign up to use the software and do it myself". But accountants are subject to the same foibles as anyone else, so there's no shortage of them doing exactly this.
Some accountants aren't doing this. They're looking at providing business advice and using ever more inventive ways of twisting tax law to save their clients money. They're not cutting their fees at all - instead, they're looking to do more things that justify their fees and even jacking them up. It's dead easy to charge a client £4,000 if you've just saved them £10,000.
People like your good self clearly see the value in this. Lots of people don't see this value - either because they have simpler lives and hence the value doesn't exist or because they're quite short-sighted.
Time For a Warrant Canary Metatag?
Precisely my thinking.
There's two possible scenarios if you set up such a canary, these are:
1. You wind up in front of a judge. The judge shrugs his shoulders, says "He's got a point. Nothing in the law that says he's obliged to continue updating that "canary", as he calls it, and nothing in your letter that explicitly demanded he do that either". You walk free.
2. The judge says "Whoah. Hang on a minute. The whole point of this law is to ensure that these letters are kept secret. I can see what he's doing - he's trying to come up with a clever way of following the letter of the law while totally ignoring the spirit. Well, that doesn't wash with me. Give me a couple of weeks - I need to read through the sentencing options to see what I'm gonna do with this guy. What should you do with your man? Oh, throw him in a cell, he'll be okay there. I'll call you back next month".
Think it won't happen? The judge's job is to interpret the law and apply it as best he can. Sometimes there will be scenarios which the law as written doesn't entirely cater for - which is where the idea of the spirit of the law comes in. It can happen, and even with a clever lawyer fighting your corner, there's every possibility it will happen. If you're taking ideas from sites like this and plan on using them to keep you out of prison - well, sooner you than me.
Microsoft Donates Windows 8.1 To Nonprofit Organizations
Absolutely right. Over the last decade or so, much of Microsoft's sales & marketing hasn't actually been done by Microsoft at all.
They haven't needed to.
"We're starting to receive files in formats we can't open" does it for them.
Historically, that resulted in Office upgrades; they're now using that leverage to push other upgrades (Office 2013 requires Windows 7 and Outlook 2013 requires Exchange 2007 or later). In the process, they're losing customers - Office 2013 starts to look like quite an expensive upgrade when you suddenly need to rip out your entire infrastructure