The servers are isolated on a separate physical network. We use multiple layers of protection, including the use of Linux fileservers instead of Windows fileservers, wireless security in each location, daily LogWatch's which tell me which shares on which servers everyone accessed the previous day (and which shares you attempted to access but were denied either because they didn't exist or you didn't have permission), an AV policy which automatically removes infected machines from the network (and prevents them from reconnecting), a 24-hour-monitored red zone, and others. We work with the principle of least security for everyone with the exception of domain admins (by definition).
Some of this is accomplished through software, some through group policy, some through contracts with third parties.
Every month or so we get a salesperson's laptop filled with crapware (so far as I know they have to be local admins to install print drivers) and because of our policies they can't get on the network, so they physically ship it to us for a wipe & reinstall. At one time the AV solution was the weak point -- we went with Trend instead of Symantec which seems to be working well (in place for several years now). There is more but I can't go into too many details, hope you understand.
Palladium was definitely not started "from a customer request", and to imply it shows you're just trolling.
Do you even read what you type?
...be able to load an image over the LAN and be sure it wasn't tampered with while in transit so we can get rid of these expensive and failure prone local disks in our servers and workstations
So you want to get rid of local disks in servers and instead set them up to use LAN traffic? Are you serious? We have secure protocols for that sort of thing without using Palladium, thanks.
The industry has already discussed, hashed and rehashed why Palladium is a bad idea. Sorry no one sent you a card to let you know. I'll fight it every step of the way.
Oh, and BTW, when someone gets physical access to your machine, regardless of whatever "encryption" you think you have, it's useless if they want the info badly enough. You're fooling yourself thinking otherwise.
Maybe you want it, but the rest of us certainly do not. Palladium was designed to prevent you from accessing your data in the case that the publisher changed their mind, or revoked your license, etc. You lose all control of your data. I recall the outrage when it was first slipped into the media. I will refer you to a previous Slashdot article on the topic; there are countless other articles available if you take a couple of minutes to Google them. http://yro.slashdot.org/yro/03/02/17/1740211.shtml?tid=109
A much smarter alternative to sensitive data is simply not to store it on user machines. Many government agencies use this policy with success. Of course if you're concerned with "secure boot from LAN" there are many other alternatives to something as draconian as Palladium.
Be careful how quickly you give up rights to your own data. With "Trusted Computing" it's very quickly someone else who gets to make your decisions for you. Don't be naive.
I would absolutely never use a Microsoft server exposed directly to the internet. That includes any Microsoft server which attempts to act as a "firewall".
If you're relying on Windows Updates for "security", you're doing it wrong. I've been doing this for longer than I care to admit and I'm not concerned because I know what protections are in place and I know they're working -- if they ever stopped working, the systems fail "safe" and my team would be notified immediately. You have no idea.
Mod parent up. Why do GUI's suck for a seasoned admin? Because we can do things in a shell that aren't possible using the GUI. And we can automate them.
Mod parent up. Some of us have written scripts to manage files that do the same basic thing (only my scripts typically remove files older than xx days from certain folders regardless of size). Put it in cron and forget about it.
LOL a time where "I am intrigued and wish to subscribe to your newsletter" is apropos. Too true, but the weak ones only attract the weak-minded men.
There are some of us who would *welcome* finding the right girl who also supported (in an emotional sense; i.e. not being constantly jealous and / or uninterested) our computing habit. But too many women in this area (Palm Beach, FL area) are more concerned with what car you drive than what's in your head... perhaps that cuts both ways.
Makes for a frustrating dating experience for a mid-thirties guy with 3 kids... "flashy" was in my salad days.
The lack of the blue screen, as well as the "automatic reboot" is supposedly a feature in Microsoft-speak.
Red Hat sees it differently, RHEL is designed not to break (unless you really try to break it). That tends to work better in the long run. That's one reason we moved our critical systems to RHEL 3 (and later to RHEL 5) and didn't look back. Others running the same software compiled for Windows are dealing with vendor-suggested monthly reboots. No thanks.
For those of us who are not Microsoft partners, we'd rather spend the time developing new things or streamlining current processes than pestering vendors for support on an unreleased OS.
I'm perfectly happy to let people like you test the waters, spend time, money and energy on sorting out all the bugs, and wait for everybody else to get their 2 cents in before I spend a dime. I'm not in the minority, especially in this recession.
The day we migrate to Windows 7 (which will require hundreds of new PC's) will be the day we can't get XP anymore. Support doesn't matter, it's a known evil and we've already vetted it. Same reason we're not upgrading servers from Windows 2000. Even moving SQL Server to Windows 2003 Server caused needless problems. I'll keep the VM's alive forever if I need to without the waste of time, money and effort, thank you very much.
You have to sign a contract with Monsanto to purchase their seeds. Did you ever stop to think that this contract may prohibit testing and/or releasing public information in regards to that testing? These researchers might be trying to find a loophole, where the results were published elsewhere and they are aggregating them.
Although I agree that multiple year teasts [sic] should be performed, and organ damage checked for.
That idea is what differentiates you from Monsanto, a highly litigious company with a history of suppressing negative results.
I think GM products should be identified on the label, and regular testing should absolutely be required before the products are made available for human consumption.
The alternative is to expect that Monsanto has my health in highest concern, which makes me laugh. Monsanto is in it for the money, period. They would do anything to keep the cash flowing. (Cue the Dune quotes)
A logical response would be to take the information at face value, using that to investigate further, rather than to simply blow it off because you don't recognize the credentials of the parties involved in the research.
If I were a biochemist that's what I would do. Unfortunately I'm just a coder, so I have to depend on others to examine this and determine its accuracy.
Unfortunately I agree the 2 parties are more similar than different. That's why we need more parties. But first there has to be a change in the way Americans think -- in the current situation, too many people blindly inherit the party of their parents which is typically one of the 2 major parties. Independents aren't given any real chance, let alone any of the other possibilities.
We are ruled by corporations instead of ruling ourselves. Some of us want a real change, real choices, and while Obama's on the right path in some ways, the widespread corruption we've seen IN BOTH PARTIES since Reagan is sickening.
They seem more concerned with profits than the effects of their decisions on humans.
So maybe their goal isn't to kill humans, but if it's a side effect of a profitable product, they don't seem to care. Fighting the release of the information just makes it look like a cover-up.
Haven't we all seen movies where some misguided soul creates a monster, which has to be dealt with by some third party? Ergo this.
Dilution of Apple's reputation -- i.e. throwing unapproved / unofficial products with a copy of an OS tweaked specifically for the approved / official products could be seen as an attack against Apple.
Regardless of your viewpoint on this issue, your viewpoint on Apple products, etc, you have to agree that Apple was forced to defend their reputation.
It would be like someone slapping a Ferrari logo on a Ford because you had swapped the engine with the Ferrari version. It's not made the same, it won't do the same, it's not made to work together the same. Ferrari would be furious, and so is Apple in this situation.
You don't get to pick and choose which conditions of the software contract you want to follow, it's take it or leave it -- and that same force (contract law) which keeps the contract in effect also protects the GPL / LGPL from those who would subvert it for their own means.
Picky, picky. You are looking for this: http://en.wikipedia.org/wiki/Amusia . Using that term would not have gotten my point across as most people would not recognize it.
I saw BIG! in the IMAX theater at West Palm Beach Cityplace. 2 of my kids complained the IMAX screen was too large and the theater way too loud (the younger putting her hands over her ears in several parts). They see "regular" movies often. We sat in the center of the theater.
As a nearly-tone-deaf person who reads lips, even I found the volume excessively loud.
The tickets cost me $36 just to walk in the door -- the 15-year-old was an "adult" according to Muvico. It was a noontime movie. 3 sodas, a popcorn, and a couple boxes of candy was another $24.
No thanks, we will stay at home next time and rent a movie. We can order pizza and breadsticks and still save $35.
Slashdot Mirror
Or the shorter version: Pimp yourself, because there's always someone else willing to do more for the same buck. Everyone does it so you should too.
Of course you can't change anything if you're always bent over, but hey why not fall in line with the rest of them?
I guess I'm lucky that I've never had to sacrifice my values and ideals for a paycheck. You'd find me in a new line of work first.
Perhaps if you had been around at the time, you would remember the brouhaha and therefore understand the statement.
I guess ignorance is bliss, huh?
The servers are isolated on a separate physical network. We use multiple layers of protection, including the use of Linux fileservers instead of Windows fileservers, wireless security in each location, daily LogWatch's which tell me which shares on which servers everyone accessed the previous day (and which shares you attempted to access but were denied either because they didn't exist or you didn't have permission), an AV policy which automatically removes infected machines from the network (and prevents them from reconnecting), a 24-hour-monitored red zone, and others. We work with the principle of least security for everyone with the exception of domain admins (by definition).
Some of this is accomplished through software, some through group policy, some through contracts with third parties.
Every month or so we get a salesperson's laptop filled with crapware (so far as I know they have to be local admins to install print drivers) and because of our policies they can't get on the network, so they physically ship it to us for a wipe & reinstall. At one time the AV solution was the weak point -- we went with Trend instead of Symantec which seems to be working well (in place for several years now). There is more but I can't go into too many details, hope you understand.
Do you even read what you type?
...be able to load an image over the LAN and be sure it wasn't tampered with while in transit so we can get rid of these expensive and failure prone local disks in our servers and workstations
So you want to get rid of local disks in servers and instead set them up to use LAN traffic? Are you serious? We have secure protocols for that sort of thing without using Palladium, thanks.
The industry has already discussed, hashed and rehashed why Palladium is a bad idea. Sorry no one sent you a card to let you know. I'll fight it every step of the way.
Oh, and BTW, when someone gets physical access to your machine, regardless of whatever "encryption" you think you have, it's useless if they want the info badly enough. You're fooling yourself thinking otherwise.
The industry mocks you and your ignorance. Jeers!
Maybe you want it, but the rest of us certainly do not. Palladium was designed to prevent you from accessing your data in the case that the publisher changed their mind, or revoked your license, etc. You lose all control of your data. I recall the outrage when it was first slipped into the media. I will refer you to a previous Slashdot article on the topic; there are countless other articles available if you take a couple of minutes to Google them. http://yro.slashdot.org/yro/03/02/17/1740211.shtml?tid=109
A much smarter alternative to sensitive data is simply not to store it on user machines. Many government agencies use this policy with success. Of course if you're concerned with "secure boot from LAN" there are many other alternatives to something as draconian as Palladium.
Be careful how quickly you give up rights to your own data. With "Trusted Computing" it's very quickly someone else who gets to make your decisions for you. Don't be naive.
I would absolutely never use a Microsoft server exposed directly to the internet. That includes any Microsoft server which attempts to act as a "firewall".
If you're relying on Windows Updates for "security", you're doing it wrong. I've been doing this for longer than I care to admit and I'm not concerned because I know what protections are in place and I know they're working -- if they ever stopped working, the systems fail "safe" and my team would be notified immediately. You have no idea.
Mod parent up. Why do GUI's suck for a seasoned admin? Because we can do things in a shell that aren't possible using the GUI. And we can automate them.
Mod parent up. Some of us have written scripts to manage files that do the same basic thing (only my scripts typically remove files older than xx days from certain folders regardless of size). Put it in cron and forget about it.
Lesbian doesn't matter. I wish there were more women techies around here (Slashdot and otherwise). Some of my best female friends were bi or lesbian.
LOL a time where "I am intrigued and wish to subscribe to your newsletter" is apropos. Too true, but the weak ones only attract the weak-minded men.
There are some of us who would *welcome* finding the right girl who also supported (in an emotional sense; i.e. not being constantly jealous and / or uninterested) our computing habit. But too many women in this area (Palm Beach, FL area) are more concerned with what car you drive than what's in your head... perhaps that cuts both ways.
Makes for a frustrating dating experience for a mid-thirties guy with 3 kids... "flashy" was in my salad days.
The lack of the blue screen, as well as the "automatic reboot" is supposedly a feature in Microsoft-speak.
Red Hat sees it differently, RHEL is designed not to break (unless you really try to break it). That tends to work better in the long run. That's one reason we moved our critical systems to RHEL 3 (and later to RHEL 5) and didn't look back. Others running the same software compiled for Windows are dealing with vendor-suggested monthly reboots. No thanks.
For those of us who are not Microsoft partners, we'd rather spend the time developing new things or streamlining current processes than pestering vendors for support on an unreleased OS.
I'm perfectly happy to let people like you test the waters, spend time, money and energy on sorting out all the bugs, and wait for everybody else to get their 2 cents in before I spend a dime. I'm not in the minority, especially in this recession.
The day we migrate to Windows 7 (which will require hundreds of new PC's) will be the day we can't get XP anymore. Support doesn't matter, it's a known evil and we've already vetted it. Same reason we're not upgrading servers from Windows 2000. Even moving SQL Server to Windows 2003 Server caused needless problems. I'll keep the VM's alive forever if I need to without the waste of time, money and effort, thank you very much.
Son, you won't ever bed a girl with that attitude.
One word: Palladium.
Is that really what you want?
Information is power, and whomever controls the flow of information is very powerful.
You have to sign a contract with Monsanto to purchase their seeds. Did you ever stop to think that this contract may prohibit testing and/or releasing public information in regards to that testing? These researchers might be trying to find a loophole, where the results were published elsewhere and they are aggregating them.
Although I agree that multiple year teasts [sic] should be performed, and organ damage checked for.
That idea is what differentiates you from Monsanto, a highly litigious company with a history of suppressing negative results.
I think GM products should be identified on the label, and regular testing should absolutely be required before the products are made available for human consumption.
The alternative is to expect that Monsanto has my health in highest concern, which makes me laugh. Monsanto is in it for the money, period. They would do anything to keep the cash flowing. (Cue the Dune quotes)
A logical response would be to take the information at face value, using that to investigate further, rather than to simply blow it off because you don't recognize the credentials of the parties involved in the research.
If I were a biochemist that's what I would do. Unfortunately I'm just a coder, so I have to depend on others to examine this and determine its accuracy.
Pedantry will get you nowhere... oh right, this is Slashdot. You'll probably be modded insightful or something.
Unfortunately I agree the 2 parties are more similar than different. That's why we need more parties. But first there has to be a change in the way Americans think -- in the current situation, too many people blindly inherit the party of their parents which is typically one of the 2 major parties. Independents aren't given any real chance, let alone any of the other possibilities.
We are ruled by corporations instead of ruling ourselves. Some of us want a real change, real choices, and while Obama's on the right path in some ways, the widespread corruption we've seen IN BOTH PARTIES since Reagan is sickening.
They seem more concerned with profits than the effects of their decisions on humans.
So maybe their goal isn't to kill humans, but if it's a side effect of a profitable product, they don't seem to care. Fighting the release of the information just makes it look like a cover-up.
Haven't we all seen movies where some misguided soul creates a monster, which has to be dealt with by some third party? Ergo this.
Dilution of Apple's reputation -- i.e. throwing unapproved / unofficial products with a copy of an OS tweaked specifically for the approved / official products could be seen as an attack against Apple.
Regardless of your viewpoint on this issue, your viewpoint on Apple products, etc, you have to agree that Apple was forced to defend their reputation.
It would be like someone slapping a Ferrari logo on a Ford because you had swapped the engine with the Ferrari version. It's not made the same, it won't do the same, it's not made to work together the same. Ferrari would be furious, and so is Apple in this situation.
You don't get to pick and choose which conditions of the software contract you want to follow, it's take it or leave it -- and that same force (contract law) which keeps the contract in effect also protects the GPL / LGPL from those who would subvert it for their own means.
Picky, picky. You are looking for this: http://en.wikipedia.org/wiki/Amusia . Using that term would not have gotten my point across as most people would not recognize it.
I saw BIG! in the IMAX theater at West Palm Beach Cityplace. 2 of my kids complained the IMAX screen was too large and the theater way too loud (the younger putting her hands over her ears in several parts). They see "regular" movies often. We sat in the center of the theater.
As a nearly-tone-deaf person who reads lips, even I found the volume excessively loud.
The tickets cost me $36 just to walk in the door -- the 15-year-old was an "adult" according to Muvico. It was a noontime movie. 3 sodas, a popcorn, and a couple boxes of candy was another $24.
No thanks, we will stay at home next time and rent a movie. We can order pizza and breadsticks and still save $35.
Tor <----