Alpha Bet
As in the first bet?
with a google of cash?
Just watch out for someone (hmmmmmmm Zuck?) spinning up an Omegabet.
(dear lord the wordplay available with that ........)
3023 publicly visible posts • joined 18 May 2007
I'll give you the fact that Lewis gets folks jumping on the topic.
Is that necessarily a BAD thing? We are talking about climate change here.
Either AGW is a fact, exists and we (the A in that handy acronym) need to do things to change or there is CC and we're (adding to it/not adding to it) or perhaps we're just seeing weather.
No matter *which* of the above is correct, globally we are going to end up spending substantial portions of our GDPs on the issue, either to correct the warming, to try and correct the warming or to deal with the fallout of the warming. It might just help if more of us were aware of the issue(s) and the complexity so that we can deal with the whitewashing that financially driven interests will MOST DEFINITELY be engaging in - this is not going to be hundreds of thousands of (dollars/pounds/francs/euros/roubles/yen/etc). This will be trillions ..... lets make some wise decisions based on well critiqued scientific data please.
In this case even the trolls could be doing the overall subject lots of good, simply by getting people fired up enough to go out and find the data that disproves the trolls. Possibly, the trolls get folks to dig into this, get new minds to look at the science and contribute to improving the models and data. Who knows, but I for one enjoy seeing both sides of the debate, since more knowledge is more power to make wise decisions.
Indeed it is easy to spot the astroturfer.
"valid insurance" and "Private Hire insurance" are not the same thing. The "check" engaged by Uber (certainly the check engaged on this side of the pond) is a photocopy/scan of a piece of paper.
Uber's famous "we carry $1 million of liability" statement needs to be read in context of the fine print at the end of the contract you signed when you downloaded the app. Over here, that $1 million of liability has vanished outright in at least 4 cases that I've read of, where in the Uber driver was *not* carrying private hire insurance. These cases are now in court as lawsuits.
I, having BEEN a cab driver at one time in my past, can state that private hire insurance is on the order of 7 to 12 times more expensive than standard everyday driver insurance.
Hopefully whomever picks the code up makes the same assurances about integrity - the reason the originators stayed out of the public eye was that anonymity supposedly kept the TLA's from hunting them down and forcing a compromise into the code.... *cough* (thus the paranoia when they left the project). If you can lever it around and get elevated privileges in winders with the TrueCrypt client then well.......... Perhaps there original team saw an exploit in the wild that used those holes, and didn't know where to go with it, panicked and ran?
LUKs has the advantage in my case of keeping several volumes, different passwords, different requirements - and additionally - I am able to hand off unique passwords to (boss/coworker/wife/lawyer) so that in the event of [BUS->] (me) they have some hope of recovering my work, but I can contain who gets to see which bits. As I get it bitlocker can do the (alternate password) bit but can't do "volume" level encryption, it must do the entire disk.
In same boat.
I'm starting to aquire small bits here and there (sink, cabinet fittings, etc) that might work for me in the end (SO thinks I've lost my mind and am turning into a pack rat) - I've not finalized anything but I'm definitely making my own cabinets (no particle board going in this) and possibly might tackle the replacement kitchen table. Whilst I like some of the new HE appliances, I'm seriously wondering what level of stupid is taking over the planet when we've got (2/3/4 year) short lifespan software and electronics in an appliance that should last (based on the prices) 20 years. No thanks, I don't want your "didgital thermal management" (sic) in my goddamn fridge, nor do I want an electronic temperature control on my gas stove, just give me a dial.....
I have a mess of issues with "public cloud" - mostly to do with security issues and mitigation processes. However the single biggest issue in getting from point a to point b is that automation *has* to come into the equation. Part and parcel with automation of application deployment is that "standard deployment" is typically specific to a vendor - so you have to build your deployment tools around a vendor stream - and when you have 40 or 50 software vendors in the feed line it can get *disgustingly* difficult to harmonize your installations to not trip over one another. I've built cfengine kit to deploy *dozens* of apps in a *reasonably* automated fashion (LDAP would have made my life soooo much easier) but regularly get "but our specialist application that needs that wants it installed HERE, not there" (and I've 100% satisfied that set of issues with path functionality on linux, hpux and aix) what gets me *most* about some vendors is how when putting software into a *nix environment they completely and utterly ignore posix standards, os vendor standards and general best practices by assuming that the application will a) run as root, b) own the entire host from top to bottom and c) get to choose its own ports UIDs and GUIDs.
Cloud, by the way, in my books, is nothing but a buzzword for "really damned good automation that works". But even then the automation can still suck.
(why, yes, I *am* arguing with a vendor about what they said in the sales pitch versus what their field engineers are trying to do in my datacentre right now, thanks)
All they can see *right now* is that the code was browsed -- what they *don't* know is *when* this occurred, and what has happened since then - they concede that it is possible compromised code could have been in place at *some* time in the past and since overwritten, removed or restored to non-compromised state.
I like the tone and the fact that they are out front on this.
It *is* easy to validate one's in place code to verify that it is in sync with the signed, known good code. << I typoed that on first pass. known good coed. I think I'll get in trouble with the SO for that >>
A friday that will be long for a few out there - but I've not got Ceph in *my* systems - I do know about 12 admins that are playing with it in other wings of the company - they'll be having a long weekend dotting Tees and crossing Is.
Exchange hosts configured to use tivoli to send users notifications when the mail server instance was about to go down.
Exchange not configured to ignore DL's in the 'active user' list.
Queue MS patching at 3 am. 5 days before christmas when about 30% of the folks are already on holidays.
2:45 am. notification sent ....
Poor bugger who started that one had to defer the actual patching for three weeks since the server(s) in scope were too busy delivering the sh!tstorm to shut down, and the next day started a "seasonal change freeze"
******
The teacher kept the clock. When the principal and a police officer pulled Ahmed out of sixth period, he suspected he wouldn’t get it back.
They led Ahmed into a room where four other police officers waited. He said an officer he’d never seen before leaned back in his chair and remarked: “Yup. That’s who I thought it was.”
Ahmed felt suddenly conscious of his brown skin and his name — one of the most common in the Muslim religion. But the police kept him busy with questions.
*****
Nope no racially biased kneejerk "muslim terririst bomber" reaction on THAT police jerk.
The only way out of this mess is for the Irving Police Department to dismiss this cop. Clearly labelling his actions as racial profiling.
Samsung SIIx(t989) - CM 5.1.1 (Tesla kit) - not affected
a) no cut and paste on the password screen so my numbers are ..... rough - but at ~36k characters with camera running it did not crap out - that took 11 minutes with 'faked' bluetooth keyboard device to generate the string
b) interestingly - from the logs, CM *might* be throwing the characters after the 257th is typed, will try again later with more time on my hands and an improvement to the fake keyboard script.
Sadly manglement and legal pitbulls will get hold of it and turn it into dataminable "historical data" for "reference" and "analysis"
a) mac addresses *can* be altered at the device. End of Line.
The above statement makes the software as proposed INVALID. What more can be said? as a legal tool this is now invalid. Now, don't get me wrong - it makes it possible to *locate a specific mac* if that mac is active - I get that -
i) find missing hardware that was (lost/stolen/dropped off a cliff)
ii) find (runaway teen/missing small that has phone/altzheimer patient carrying panic device etc, heck even stolen cars)
iii) give insurance companies (are you hearing yet?) SOMETHING to recoup losses on stolen devices ... (I suspect this will be the lever that will be applied to make my original proposition occur)
are all possible, but the consequent data:
i) which mac addresses were at what location at what times on which date
ii) which mac addresses were connected to known networks (are you hearing yet) at which location at what time on which day.
iii) what (dramatic event) ensued within x time of y event when the above devices were connected to THAT network.....
(i.e you are developing a data pool that will result in witch hunts hours after (dramatic event)s occur that will trash the civil liberties of a substantial number of innocents.)
I think that the data usage, tracking of said data, and resisting compilation of that data must be written into the baseline proposition before we let the authorities start running this anywhere.
And good luck on the patent front - I've no less that three utilities that do precisely this.
If admin creds are getting stolen you have issues with your admins not keeping things tidy. If your admins have these issues, I don't wanna know what else is going down the toilet.
I've had a couple of days where security has called me because I've been WFH, gone out for lunch and had to pop on to sort a quick issue, usually from a hotspot - this pops a bell in the VPN logs. How hard is that? Is this not a starting point? I can imagine that an admin loosing control of a laptop/work desktop is one thing ...... I suspect it would get *me* at least *fired* if I got some sort of viral infection on my work laptop.
I'm sorry DAM. I've been an SA - specifically tasked with *doing the new stuff* for 12 years - I've met in that time exactly 3 developers that gave one rats a$$ about security - Typically I'm the one jumping up and down and waving security policy documents around and screaming at idiots that try to 777 entire data stores. Given the latest flock of DEVOPS twats I'm meeting -- most of whom have less than 5 years in IT, I'm feeling like I'm drowning. I DO tend to blame it on "developers trying to do everything" - mind you I'll agree that its typically because the demands of management include "give us new $hiney $hiney for < last weeks coffee budget"
And I've found the that the only way to get 'maintenance' done is to let the 3P pen testers red flag all the "This version might be active in your environment and might be vulnerable" items - it at least gets us outage windows to do things to fix issues. Even if we're updated past "this version" and don't even have "this application" installed.
Its getting worse rather than better as we start rolling out "application in a box" appliances. Jesus murphy.
Electronics things have to be recycled. In fact, we now pay (on certain items) a pre loaded recycling fee for this. And... we have to *take* the recyclables on which we pay this pre loaded fee *to* the recycler.
Recycling around here is apparently *very* good business. (Yes it includes computers -- ODDLY - only when bought by an individual person - if you have a GST # you don't pay the fee, since you are thus a company)
*blink* *blink*
And I'll guarantee that those things we do this with STILL end up getting broken down by 10 year old kids in a garbage dump in china.