As a script kiddie, you may have found a piece of code you don’t understand on the internet, but are nonetheless decided to go to jail.
In all those cases, and surely many others, Pmcma was probably made for you.
I think they mean that if you run Pmcma on code without authorization and get caught you will go to jail. The decision to go to jail? That sounds like a protest. I don’t think that fits with the motive of someone who wants to run scripts in the sense of a “kiddie”. Perhaps it could be translated into French like this:
En tant que pirate adolescent vous voulez tester le logiciel sur Internet et ne se soucient pas d’aller en prison.
Ok, that’s my attempt at Canadian French, but still…I put the emphasis on being unaware of consequences rather than making it a decision to go to jail.
Weinberg says in her blog that: â€œWith a bazillion places online to tell us how badly we sucked, we do take it very personallyâ€. â€œWe scour the sites, cyber-stalking our customers.â€ She isnâ€™t joking about the cyber-stalking.
When they see a negative comment, Weinberg and her team will track the customer through cyber-space to see what other restaurants they frequent and how they have rated them, before determining whether the complaint should be taken seriously. If they get the feeling that something should change, they change it. â€œBoth online comments and in-house feedback usually reflect if the menu needs tweaking,â€ she says.
It sounds like they take the comment seriously because they take the trouble to track the customer. Then they determine whether it is a false positive. What restaurants need like a behavioral index tool. In other words they could save a lot of time if they had a simple reputation engine that gave them a score for an identity based on a list of other restaurants with comments from the same identity. Then they wouldn’t have to take every negative comment seriously, only the ones from identities they “respect”.
Then again this indicates a serious logical fallacy as a filter. It begs the question of how they respond to comments from identities they can recognize even without tracking them. Do they think it’s wise to judge the person before they listen to the message?
What if they designed a filter instead to be based on details of an event? When a commenter gives specific feedback about a taste, a detail that only a real patron could know, then they would know to take the comment seriously. A generic comment would be ignored. The flip side of this is that the restaurant would have to accommodate change in their menu and/or service to allow comments to be unique.
If they serve up a hot dish of key management, so to speak, then they can easily track the day and time the customer ate, and they can focus on the facts of the comment rather than the person writing a comment. A win-win; valuable feedback for restaurants and freedom (from stalkers) for their customers.
And just for reference, here is the restaurant owner’s FAQ, which might give you some insight into what she really thinks when people comment…
Q. Wow, Anna did you notice how big this space is? Thatâ€™s a ton of seats to fillâ€¦
A. Yes a#$%##e I noticed how big it is.
Q: It really doesnâ€™t look like you will be done by September. Or even this year.
A. Yes a###%^^e I noticed we are a little behind.
Q: Isnâ€™t it like, impossible to find this many good staff?
A. Yes a$%$&&hole. Itâ€™s very hard to find good staff these days.
Q: Is that where the bar is going?
A. Yes a$$%%@e, thatâ€™s where the obviously brand spanking new bar is going. Itâ€™s right there in front of you.
The New York Times reports that a human rights advocacy group has filed a complaint in reference to Cisco network surveillance product marketing material.
The groupâ€™s evidence includes documents that the group says were part of Ciscoâ€™s marketing pitch to Chinese organizations and government agencies, including a page from a PowerPoint presentation boasting that Ciscoâ€™s technology can â€œrecognize over 90% of Falun Gong picturesâ€ in e-mail traffic. Another document, which the group says was used by Ciscoâ€™s sales teams, described a broad public security database that would contain information on Chinese citizens, including â€œkey personnel of â€˜Falun Gongâ€™ evil cult organization.â€ That database would in turn be connected to a system of firewalls and monitoring systems that could be used to filter content that the Chinese government considers to be sensitive.
There are many odd details in this case. Why would Cisco make a direct reference to Falun Gong instead of an indirect reference, for example. Did they have to say Falun Gong pictures could be recognized? That seems unusually tailored for a customer pitch. And why would Cisco be headed into this market/sales pitch when they are at the end-of-life for their entire security product line (MARS, ASA, etc) everywhere else? But the much larger question this case raises, beyond any specific presentation or sales pitch, is whether any tech company could be sued on the same basis for selling to the Chinese.
An album of Congolese artists is being produced by DRC Music, led by UK musician Damon Albarn. It seems to be in the vein of similar efforts such as Paul Simon’s Running with the Saints or David Byrne’s O Samba.
The question is thus whether Tout Puissant Mukalo, Jupiter and the Okwess International, Bokatola System, Evala Litongo, Nelly Liyemge and others will achieve greater international recognition, or is this really about Albarn? He did not use remote collaboration or cloud for the work and instead traveled in person with a huge crew to sit face-to-face and record and produce local sound in the Congo.
One of the strangest things I find is that Albarn lays down his fairly simplistic beats before Congolese sounds are layered over them. This is like an American executive from McDonalds traveling to France and telling a chef that they are going to “collaborate” on a meal by using the chef’s sauce on two all beef patties with a sesame seed bun. Albarn’s production crew could work on producing sounds and poetry on top but why take away the most important elements of Congolese music?
So the boring Gorillaz style of beat is what turns me away from the example above. Nelly Liyemge sounds awesome but totally out of place with the low-energy slow beat. Here’s another sample:
Boom, chick, boom, chick? The timeline should fade into the beat, not be the beat. It gets better after 30 seconds but still sounds watered down from the beats straight out of the DRC.
The above songs will be released on an album called Kinshasa One Two by Warp Records next month (October 3rd). They are said to be a benefit for Oxfam. Too bad Oxfam could not just release Congolese music directly to the world as a benefit. I wonder if they have to cover the costs of “production” by a large group traveling in person to Kinshasa, DRC.
Here’s a wonderfully complex soukous beat that Albarn misses completely in the above examples:
…not to mention street beats. Just about every song in the following compilation video, recorded live, puts Albarn’s production to shame. 5:18 is perhaps the most comparable style but on a whole different level:
Maybe Albarn just didn’t know what to do when he heard Congolese rhythms like the following drum line or maybe the project is really just about him being only slightly influenced by them:
[Kirk Smith, a professor of global environmental health at the University of California, Berkeley] said the results of the study do provide further evidence that coal causes significant health problems and should be replaced by other fuel sources. “Coal can’t be burned cleanly…it should be banned from all household use,” he told Reuters Health.
This question comes up a lot lately: how is HIPAA enforced? The U.S. Department of Health and Human Services (HHS) has a page that gives a nice flow chart for the answer.
But that does not seem to answer what people are really asking. I think what entities really want to know is what will trip a HIPAA violation and generate a fine — what should they really worry about. An excellent source of insight for that answer comes from the Case Examples and Resolutions Agreements. The UCLA agreement just two months ago (July 6, 2011) to “settle potential violations of the HIPAA Privacy and Security Rules for $865,500”, for example, details their mistakes.
On June 5, 2009 and June 30, 2009, HHS began investigations of two separate complaints alleging that the Covered Entity was in violation of the Privacy and/or Security Rules. The investigations indicated that the following conduct occurred (â€œCovered Conductâ€):
(i) During the period from August 31, 2005 to November 16, 2005, numerous Covered Entity workforce members repeatedly and without a permissible reason examined the electronic protected health information of Covered Entity patients, and during the period from January 31, 2008 to February 2, 2008, numerous Covered Entity workforce members repeatedly and without a permissible reason examined the electronic protected health information of a Covered Entity patient.
(ii) During the period 2005-2008, a workforce member of Covered Entity employed in the office of the Director of Nursing repeatedly and without a permissible reason examined the electronic protected health information of many patients.
(iii) During the period 2005-2008, Covered Entity did not provide and/or did not document the provision of necessary and appropriate Privacy and/or Resolution Agreement/Corrective Action Plan 08-82727 and 08-83510 (University of California Los Angeles Health System) Security Rule training for all members of its workforce to carry out their function within the Covered Entity.
(iv) During the period 2005-2008, Covered Entity failed to apply appropriate sanctions and/or document sanctions on workforce members who impermissibly examined electronic protected health information.
(v) During the period from 2005-2009, Covered Entity failed to implement security measures sufficient to reduce the risks of impermissible access to electronic protected health information by unauthorized users to a reasonable and appropriate level.
The words “reasonable and appropriate level” are the key to this enforcement agreement. It might seem vague at first glance but clearly a Covered Entity has to manage authentication and authorization. An appropriate level of access would be based on a need-to-know basis. In other words, no need means no authorization for a user.
And while the $865,500 fine could be called large, it reflects four years of authorization management deficiencies and information exposures to numerous “workforce members”. Compare it to the $1,000,000 fine handed to Massachusetts General Hospital earlier this year after a single authorized workforce member accidentally left billing papers on a subway on the way to work.
The documents were not in an envelope and were bound with a rubber band. Upon exiting the train, the MGH employee left the documents on the subway train and they were never recovered. These documents contained the PHI of 192 individuals.
I suspect these fine amounts prompt risk managers to wonder how a long-term and repeated exposure of information, which cites weak privacy management and hints at neglect and negligence, could get a lower fine than a one-time accidental disclosure by a single person.
Perhaps documents left on the subway are considered by HHS a Tier D act, but it doesn’t sound like it from their agreement. Maybe I’m underestimating the importance regulators place on an envelope and rubber band, or on special circumstances of the case. The HITECH enforcement exception was the first thing that jumped to my mind after I read the agreement, but there must have been some other compelling evidence of privacy neglect:
…prohibition on the imposition of penalties for any violation that is corrected within a 30-day time period, as long as the violation was not due to willful neglect
I spend almost every day now reviewing breach data and analyzing threats to deconstruct vulnerabilities. Some of my more popular work recently has been to convince IT management that they need to improve their analysis of threats to understand them better.
Although there are many frustrating examples of negligence and ignorance when it comes to security, no one should feel satisfied to always blame the victim after an attack. That is why the security industry can help with more balanced risk analysis instead of pounding only on customer vulnerabilities and writing-off every threat as “sophisticated”.
After a presentation on cloud penetration testing at VMworld this week I was asked by a customer of a provider why their instance was constantly being broken into. First, I went over how they should pinpoint the threat and not just the vulnerability in their particular instance. That was because, second, I explained that if you have a nice house with big windows and live in a dangerous neighborhood when you can afford to move to a better neighborhood…the choices become more obvious when translated to a more familiar risk context.
There are some people who should not get a flu vaccine without first consulting a physician. These include:
People who have had a severe reaction to an influenza vaccination.
In the same vein (pun not intended) I strongly recommend to anyone interested in the study of information security and the interruption of threats (to protect the vulnerable) that they watch this movie:
For years Chicago’s El Rukns seemed like the average urban street gang, dabbling in racketeering, narcotics sales and the occasional murder. But El Rukns (Arabic for “the cornerstone”) was far more ambitious than that. Last week a federal jury convicted five members of conspiring to commit terrorist acts against the U.S. The plotters, prosecutors said, expected to receive $2.5 million from Libya’s Colonel Muammar Gaddafi for bombing buildings and airplanes and assassinating American politicians.
In the late ’70s, the 100-member organization turned to political militancy and religion. The leader, Jeff Fort, 40, regularly presided over meetings from an immense, high-backed throne atop a pedestal, surrounded by outsize posters of himself and Gaddafi.
The daughter of this guy is now trying to stop the violence. I would point you to a Wikipedia reference so you could read all about this amazing and inspirational woman — Ameena Mathews — who has dedicated her life to saving so many others, but a Wikipedia administrator — Fastily — has just decided to delete her page.
This page has been deleted. The deletion and move log for the page are provided below for reference.
00:03, 29 August 2011 Fastily (talk | contribs) deleted “Ameena Mathews” â€Ž (Expired PROD, concern was: Does not meet notability guidelines. Lacks citations to significant coverage in reliable sources.)
…youâ€™ve been meeting up with similar groups across America. How has that been?
We met up with a lot of groups that replicated the model. Thereâ€™s a lot of people out there doing a lot of great things, helping the war on poverty, getting kids in school so they can put the guns down.
Thereâ€™s purple hearts for those that are wounded in Afghanistan, but not much for those who do our work.
Hey Wikipedia, get a f-ing clue. The Interrupters and their work to stop threats should be the very definition of notability. Let this be yet another giant blinking warning sign of why you should not automatically trust the supposedly well-intentioned administrators of cloud services to do some basic checks before they act, let alone care about risk and the security of information.
Late in the evening of Aug. 3, a security guard, employed by Purcell Security, saw what turned out to be a female polar bear walking down the Endicott causeway and headed for an employee housing area. The guard flashed his vehicle lights at the bear, honked his horn and sounded his siren but the bear would not leave the area and instead approached the vehicle and began to act aggressively.
The guard pulled out his 12-guage shotgun and fired what he thought was a bean bag round at the bear. The less-lethal ammunition is designed to hit the bear in the hind quarters and drive it away.
The bear did run off at that point and BP reported the incident to the Fish and Wildlife Service, as required.
But a few days later, the bear returned, swimming off to the west and ending up on a shallow island area near the four-mile long causeway and 30-acre gravel drilling pad.
BP workers could see the bear through binoculars and continued to monitor it. But sometime between the night of Sunday, Aug. 14 and Monday morning, Aug. 15, they realized the bear was dead.
Such a lethal and high-profile mistake has led BP to say it will now consider ways to avoid making another one.
[BP Alaska spokesman Steve] Rinehart said all ammunition will now be clearly marked by its type, with specific packaging colors and labels.
A “back-up bear hazer” also will be required to be on hand and verify that the correct ammunition for the level of hazing is about to be used, he said.
“We want to make completely sure that whatever guard is involved in a hazing incident knows exactly what type of hazing round is being used if it comes to that,” Rinehart said.
The solutions indicate confusion over ammunition type (lethal/nonlethal) and doubt from a single-source. In other words, they did not anticipate any harm from grabbing a lethal charge by accident; and they did not have any method setup for independent verification after a lethal accident. Both seem highly irresponsible management of risk when handling lethal force.
Here’s a good question for the investigators. At what point after shooting an endangered animal should a shooter inventory their ammunition and confirm that they did not harm the animal? Should they wait until it is dead? Was the facility manager looking through the binoculars and saying “Yup, she’s dead. I guess that means it was one of the lethal rounds…”?
It’s unfortunate that BP management demonstrates they will allow a lethal accident to happen before they take even simple measures to reduce the risk of that accident, let alone maintain controls (e.g. responsibility) for high-risk decisions.
You might think BP, a company full of environmental and mechanical engineers, could design and build a camp-site that is passively resistant to bears and therefore not threatened by them so easily. Perhaps instead they did a quick calculation and found it far less expensive to kill endangered animals in their way and just claim a lack of awareness?
…a 24-hour programming competition, encourages students and faculty to develop customized applications that advance the search and discovery process of scientific information.
So you might be thinking there would be some cool new scientific tools being developed. Maybe students have added perspective and a new way of thinking about problems, based on data discovery? No, instead the winner is a Google modification — a search engine that ranks scientific papers based on reputation.
First place: Zhao Shanheng and Zhong Zhi, of NUS, developed the iRank Apps, an application which ranks institutes by the number of papers returned in the top search results. This tool can help students decide where to apply for their PhD or pursue postdoctoral research in their chosen field.
Google’s reputation-based system has advantages, but it also has risks. It requires you to trust external sources of verification — the peer-review system depends on the quality of the peers. That seems highly unscientific. It’s a second-person or even third-person view of data.
So the first place award goes to an app that tells you what the search engines tell you about what the peers tell you about papers from institutes. It is a popularity contest app that is at least three steps removed from an actual review of source material.
The huge irony, of course, is that the contest appears to have had a controlled/trusted system to determine the winner. How quaint. Perhaps they should have instead thrown the apps into public search engines and let the one that hits the top search results win. Otherwise, I would say their decision to review and vote for iRank App in a closed system contradicts the mission of the iRank App…