Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:This has to be a 4chan joke... (Score 1) 904

Woman convinces beta male to have "open relationship" so she can fuck alphas on the side, SHOCKING beta with no game can't score

Exactly my thoughts. (Presumably) attractive woman in Silicon Valley seduces nerd, convinces him he is the "primary" in the relationship and then spends her time fucking other guys.

Comment Re:Shade, eh? (Score 1) 126

They also seem to be trying to appeal to "video and photo professionals". I used to work in Hollywood and I know plenty of 'creative' people. I do not know a single person using Ubuntu, or any Linux distribution, for professional multimedia work.

Beyond that, how many people who are using Gimp because they are too cheap to pay for Photoshop, have $4000+ to spend on one of these laptops?

Comment Re:That much demand for being lied to? (Score 1) 202

To the original point of the OP who stated than an audit is just a CYA piece of paper, I do not think that is true.

While there might not be specific laws requiring the remediation of security deficiencies from an audit, the audit itself is not a get out of jail free card.

Maybe the OP is dealing with incompetent firms, or is just jaded and cynical from having had his findings ignored too many times.

In my experience, there are two types of audits that I deal with. The first are client initiated audits. My organization handles a lot of sensitive data for a number of large, publicly traded corporations. They entrust us with their data, and want to ensure that we have policies and controls (both procedural and technical) in place to safeguard that data. If we do not address items raised in the audit, they will not do business with us.

The second type are the more traditional, IT security focused audits. Those are used by the CISO and the board as a 'second set of eyes' on the security posture. It is not that the security team is slacking off. The reality is that there are new vulnerabilities discovered on a weekly basis, and new strategies being developed every year. The security audits confirm that things really are buttoned down, and if not, provide the security team areas for improvement. Never trust a security guy who claims to have it all under control, yet who balks at an audit.

Comment Re:That much demand for being lied to? (Score 2, Informative) 202

I /think/ that you are slightly over simplifying things.

You have to document the security issue(s) / risk(s) and then decide to act upon them, or not. The decision to not act upon them is perfectly fine, but it is not a free pass. If that risk materializes and it affects the organization, then the person who signed off on it could be facing a 'resume generating event' at best. At worst, there could be some legal liabilities, either for the organization or the individual, depending on the outcome.

I am not an expert in HIPAA or SOX compliance, but I think that there are some pretty serious repercussions for failing to mitigate security risks that result in data breaches or information disclosure.

Am I misguided here?

Comment Missing the Point (Score 3, Insightful) 104

Nobody seems to have keyed into the fact that the article implies Facebook is planning to run content analytics and conceptual clustering algorithms across all of their databases. Databases including "private" conversations.

Having seen first hand what 5+ year old analytics tools can pull out of seeming disparate data sets, I find this both amazing and frightening.

They key quote from the summary is this one...

The "long-term promise of AI," he wrote, is that it can be used used to "identify risks that nobody would have flagged at all...

When you let an "AI" build concept clusters based on linguistic analysis, and then pattern match to find similarities, you will open Pandora's box to all sorts of unexpected correlations.

Comment Re:Toys, toys, toys... (Score 1) 119

This seems pretty disconnected from reality. Any C-suite in a publicly traded corporation with a chief compliance officer is not going to be demanding exceptions from security policies. Those security policies are in place and enforced.

Let's take them one by one.

Full Disk Encryption - No way around that one. Every device has it. Period.

Local Admin Rights - What CEO wants to admin their own device? That is what the help desk / admin assistants are for. Really? C-suite, doing IT grunt work. Hahahahahahaha.

Complex Passwords - For most organizations, enforced by the Default Domain Policy. No way around it. It applies to the entire organization.

MFA - A person who earns six, seven or eight figures a year can handle transcribing a couple of numbers from their smartphone into their desktop / laptop. In fact most of them feel 'high tech' when they do it. Like they are secret agents, protecting supah sekrit datas.

Comment Re:Disconnect = Lack of effective communication (Score 1) 119

Finally, someone who actually has some experience. You are right on point sir.

"Here is the risk. Here is the cost to mitigate the risk. Here is the risk of doing nothing. Let me know which way you want me to go. Please respond via email so that when the risk you decided you didn't want to mitigate materializes, you, me and everyone else understands who made the decision to ignore it."

Comment Re:Toys, toys, toys... (Score 2) 119

That seems like cutting off your nose to spite your face. I went through the same thing, but I shrugged and moved on. I do not know what your desktop support team was like at Ford, but the guys where I am have everything running very well.

Windows 10, plus System Center and dare I say it Office 365 (2016) seem to be a good combination. Security updates are pushed out at the end of the Patch Tuesday (RIP) week. They are using PGP FDE and SSO through there works great. It does suck having to wait 4-6 hours to install some new software, but at the end of the day, the company is paying for my time. If the company can afford to eat the loss of productivity, I am not going to have a conniption fit over it. It is kind of nice not having to be responsible for my own desktop. After over a decade of consulting in the small business market, I enjoy letting someone else handle the headaches of desktop support.

Comment Re:I don't get it. (Score 1) 31

Where did you get the impression that they are providing the licenses for free?

The summary said that they have 'images' pre-configured for SQL Server and Windows. I read that as VMs that have been provisioned based on Microsoft Windows Server ISOs, or Windows Server + SQL. It does not say anything about licensing.

From an Azure perspective, Microsoft lets EA customers double up on their licenses. You can use your internal license in Azure "for free" and just pay for compute.

https://azure.microsoft.com/en...

Disclaimer: I'm neck deep in building out a private + Azure + AWS hybrid cloud infrastructure so I deal with this on a daily basis.

Comment Re:Who's buying? (Score 1) 659

They are setting up the population to view China as the ultimate enemy and further the narrative that the US needs to be involved in Asia.

Everything else is just window dressing. The Middle East is winding down. China is on the rise. The establishment that has spent the last six decades holding the threat of nuclear war over the collective heads of the world now needs a new enemy. The same "containment" policies that were used to justify Vietnam and covert actions in Latin America in the last century are going to be recycled and used to justify encircling China.

What is really, really going on is that the international financiers realize that the American consumer is completely tapped out. China is on par with and in some cases starting to pull ahead of America. They have a population of multiple billions of people. Over the coming decades we are going to see a massive shift of funding away from American corporations and to the Chinese.

The question for this generation is are we going to go down the Soviet path and ruin our economy by attempting to keep our military spending at insanely high levels, or are we going to pivot and invest what capital we have left in our economy and citizens. If history is any indicator, this is going to end with our navy on the bottom of the ocean, millions of dead Americans, and maybe a tactical nuke or two going off.

Comment One "Pirate's" Take On It (Score 4, Interesting) 257

I have a full cable package from Frontier. We get most of the premium channels including HBO, Showtime and Starz. My wife purchases way more DVDs and Blu-ray discs than I want her to. We also go to the theater from time to time to watch movies.

I am not willing to pay for the same content over, and over and over again. I am especially unwilling to continue to pay for content due to wear and tear. For example, my wife has watched Friends and Sex in the City so many times that some of the discs skip or are even completely unwatchable. I have zero qualms with pulling down a torrent of those shows and storing them on the NAS so that she can watch them.

Another example is with HBO content. I am on the west coast. I watched Game of Thrones and Westworld on east coast time plus about 30 minutes. It was more convenient for me torrent a 1080p rip, than to wait until HBO decided it was time for my part of the country to be "allowed" to watch it.

Am I 'stealing' from HBO? Am I 'stealing' from the DVD / blu-ray producer?

I worked in Hollywood for a while. I understand that all of the below the line people have to eat and deserve to make a living wage. I do not endorse out and out, wholesale piracy. Just because "the studios" are turning a profit does not mean that everyone involved in getting content onto the screen is rolling in dough. Most of them are just regular Joe and Jane Doe's, putting in their hours and trying to put food on the table.

On the other hand, I am okay with preserving content that I paid for. Just because I have the technical capability of doing so should not make it wrong. In my eyes, it is no more wrong than a mechanic fixing their own vehicle. Are they 'stealing' from the dealership service departments? They have to buy their tools and parts. I have to buy my computers and storage medium.

Slashdot Top Deals

There are no data that cannot be plotted on a straight line if the axis are chosen correctly.

Working...