redfox

After reading this article, I had a few dissenting thoughts, maybe someone will provide their perspective?

The article suggests not running critical workloads virtually based on a failure scenario of the hosting environment (such as ransomware on hypervisor).

That does allow using the 'all your eggs in one basket' phrase, so I agree that running at least one instance of a service physically could be justified, but threat actors will be trying to time execution of attacks against both if possible. Adding complexity works both ways here.

I don't really agree with the comments about not patching however. The premise that the physical workload or instance would be patched or updated more than the virtual one seems unrelated. A hesitance to patch systems is more about up time vs downtime vs breaking vs risk in my opinion.

Is your organization running critical workloads virtual like anything else, combination physical and virtual, or combination of all previous plus cloud solutions (off prem)?

Not sure if this was already posted.

The article describes the referenced court case, and the artist's views and intentions.

Personally, I both loved and hated the idea at first. The more I think about it, the more I find it valuable in some way.

This article outlines an opinion that organizations either tried skills based hiring and reverted to degree required hiring because it was warranted, or they didn't adapt their process in spite of executive vision.

Since this article is non industry specific, what are your observations or opinions of the technology sector? What about the general business sector?

Should first world employees of businesses be required to obtain degrees if they reasonably expect a business related job?

Do college experiences and academic rigor reveal higher achieving employees?

Is undergraduate education a minimum standard for a more enlightened society? Or a way to hold separation between classes of people and status?

Is a masters degree the new way to differentiate yourself where the undergrad degree was before?

Edit: multiple typos, I guess that's proof that I should have done more college 😄

On July 25, 2023, the states of Missouri, Arkansas, and Iowa, along with intervenors American Water Works Association and National Rural Water Association, petitioned the Eighth Circuit to review the EPA’s new rule. This rule requires states to review and report cybersecurity threats to their public water systems (PWS).

The states’ brief argues that the EPA’s Cybersecurity Rule unlawfully imposes new legal requirements on states and PWSs. It also contends that the rule exceeds the EPA’s statutory authority by ignoring congressional actions that limit cybersecurity requirements to large PWSs and by changing the criteria for sanitary surveys through a memorandum

And then there a bunch of PLCs at water utilities compromised:

https://www.politico.com/news/2023/11/28/federal-government-investigating-multiple-hacks-of-us-water-utilities-00128977

https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems

https://apnews.com/article/water-utilities-hackers-cybersecurity-1c475f5d2ef3b5d52410c93bdeab3aad

https://www.bleepingcomputer.com/news/security/hackers-breach-us-water-facility-via-exposed-unitronics-plcs/

So many more...

Now, I can understand arguments about jurisdictions, but would the exact same requirements coming from CISA instead of the EMP have been OK, or where these places just whining about any kind of oversight? At the end of the day, they look a little foolish.

This episode of Security Now covered Google's plan to deprecate third party cookies and the reaction from advertising organizations and websites.

The articles and the opinions of the show hosts are that it may have negative or unintended consequences as rather than relying on Google's proposed ad selection scheme being run on the client side (hiding information from the advertiser), instead they are demanding first party information from the sites regarding their user's identification.

The article predicts that rather than privacy increasing, a majority of websites may demand user registration so they can collect personal details and force user consent to provide that data to advertisers.

What's your opinion of website advertising, privacy, and data collection?

• Would you refuse to visit websites that force registration even if the account is free?
• What's all the fuss about, you don't care?
• Is advertising a necessary evil in fair trade for content?
• Would this limit your visiting of websites to only a narrow few you are willing to trade personal details for?
• Is this a bad thing for the internet experience as whole, or just another progression of technology?
• Is this no different from using any other technology platform that's free (If it's free, you're the product)?
• Should website owners just accept a lower revenue model and adapt their business, rather than seeking higher / unfair revenues from privacy invasive practices of the past?