* 2FA on VPN (RSA Tokens) * Separate Administrative credentials used by IT staff * Dedicated administrative workstations that IT staff do not use to do daily tasks (email, web, etc.) * OR dedicated IT jump box requiring further 2FA to log in to.
Holy fuck a Linux/Unix guy I'd shake hands with. This is the correct answer, folks:P The minute you get into a "get off my lawn" approach to technology is the day you sign your career's death warrant.
Starting with Microsoft Office 2007, the Office Open XML file formats have become the default[3] target file format of Microsoft Office.[4][5] Microsoft Office 2010 provides read support for ECMA-376, read/write support for ISO/IEC 29500 Transitional, and read support for ISO/IEC 29500 Strict.[6] Microsoft Office 2013 additionally supports both reading and writing of ISO/IEC 29500 Strict
http://en.wikipedia.org/wiki/Ooxml
Not to be confused with Open Office XML or Microsoft Office XML formats.
I didn't say Microsoft supported ALL standards, just that they support *some* standards.
Microsoft supports an open document standard, standardized by the ISO, with Office and has for some time, though admittedly not "Strict" support until Office 2013.
We use McAfee at work. With proper coaxing, it works pretty well and is unobtrusive--but it actually requires becoming familiar with the product and its features. It took a lot of trial and error.
One quick way you can help reduce A/V hit on a system is to remove zip file scanning during on-access scans and on-demand scans. Also, setting a file scan time limit can limit the amount of time the AV spends on one particular type of file.
Other antivirus solutions handle this a bit better, but McAfee is workable with the proper implementation.
AAAAAAND furthermore, in a purely technical sense IPv6 should be faster than IPv4 connectivity when it comes to routing.
Current IPv4 implementations actually do two state table tracking. Both the NAT table and the firewall's state table. In a dual stack, native configuration; only the firewall state table is required for IPv6 traffic alone; with no NAT table required. Or, in some cases, minimal NAT tables for specific devices when you wish to deploy IPv6 only and are supporting legacy devices that do not support it.
So, in theory, routing performance should be edged up a bit in IPv6 land. Also including the fact that hosts are now doing traffic fragmentation and the router's only involvement in fragmentation is sending an ICMP response (PACKET-TOO-BIG) rather than queuing and fragmenting traffic itself. Router performance should ultimately go up by quite a bit.
Yes, it does take labor and sometimes duplication of effort, but it doesn't REALLY negatively impact actual routing performance for most people with the exception of situations where routing for v4 is done in ASICs and v6 is done in the CPU, where v6's performance will ultimately be slower than the equivalent in v4 traffic.
However, this is so rare of a hardware configuration these days in most cases. Modern firewalls/routers/edge devices are doing everything in software with powerful enough CPUs to do both, where the performance would be no different than the equivalent increase in IPv4 traffic. Juniper SRX devices run in this configuration (with BSD running as the base OS), and my Ubiquiti device runs a dual core CPU as well.
If you have any questions, why not talk to Comcast? They've deployed IPv6 in a dual stack configuration across nearly their entire residential network (as the OP noted here). Clearly if there were performance problems that negatively impacted the cost of scalability, they wouldn't have made that move.
You are hurting my head, honestly. You're so flat out wrong it's not even funny.
Nobody's saying go "v6 only". We're saying run the two in parallel. When running 'dual stack', v4 and v6 are independent short of DNS resolution where you'll often receive both A and AAAA responses and your application needs to decide which one it prefers. For sockets that aren't v6 compatible, it will just use the A response and ignore the AAAA response completely.
Just because Skype isn't currently v6 compatible should have no bearing on whether or not you actually deploy IPv6.
As another poster stated, this is only on certain international flights originating from certain countries--and in addition to that, I'm sure you can power your phone off once you've powered it on for them.
While this could be for another form of 'tracking' with cell phone tracking technologies (which exist), I feel it would be impossible to know just from cell phone identification what a person intends to do.
So I suspect it's nothing more than "Ensure that the phone is not a bomb in disguise".
That depends. What is the definition of "reasonable". In this day and age we are massively Internet connected with a great many software developers . Software dev is one of the highest paid professions today. "Big data", "cloud", "Hadoop", all are used for correlating this data.
It's reasonable to assume a LOT of people not only know they're being spied upon but are actively participating in this process.
So to me, a "reasonable" person should be able to infer they're being tracked by every thing they do online. Google and Facebook have made no attempt to hide it.
I think you're underestimating just how easily it is to collect data on you or how much data is actually collected.
You're assuming there are many hands in the pot, so to speak. That is, the information your wife and your doctor find can be different.
What if I told you that the wife and the doctor are storing the stuff they find in the same database, and are acting as both your wife AND your doctor?
Let me ask you this question: Can you list every single company that runs the rewards programs at various retail outlets? Grocery stores? Pharmacies? Who owns who? Who was purchased by who? etc.
You can't, you ignore it, it's too complex to figure out--but I guarantee you they have already shared every bit of data on you that is humanly possible to collect. And you do it all in the name of saving $0.10 on a box of cereal.
For what it's worth, the government has yet to use any of the information to actually destroy lives, at least lives of people that it wasn't coming to. At least nobody I know has ever been negatively affected by these systems. In fact, most people around where I live, where the DOD and US Government are primary IT employers, benefit from the existence of these programs and the careers they provide in "Cyber Security" and "Information Systems".
I think you're unduly putting a lot of weight to the 'government' argument when in reality the most pressing issue for a good 80% of the populace is what can private organizations do with this data?
A single entity can gain the contract for wireless in all of a particular operator's malls. Say, the Mills malls. That's say, 4 malls in the Maryland region for which one operator could potentially connect. The wireless operator scores a contract to install wifi. They can work out a deal where the wireless operator can work with the mall to provide coupons for various stores inside of the mall and work as a central mall hub. They can make it appear like it's helping the shopper out! "Sign up for a Mills Account to earn great deals during your shopping experience today!"
Next thing you know, this vendor is keeping tabs on your authentication to MAC address storage. Even when you visit other malls where you might not have an account in that mall, they can still track your whereabouts because hey--they have your MAC on file. Got a different phone? No big deal. As soon as you sign back in to your "Mills Account" from the new phone, the tracking starts anew with a new device.
Then start using some of those coupons...
Before you know it, they've collected a massive database of your shopping habits. AT the very least, location tracking. At worst, intimate knowledge of which stores you like to purchase from.
Let's not forget what can then be done by analysts with access to that data. Like to shop at Spencer's and Victoria's Secret? I bet you're a freaky girl in touch with her sexuality, not conservative.
Think the UNICRU test that Best Buy employed for personality-based hiring to the extreme. A complete profile that you've built for yourself through all of the websites you have visited with "SHARE THIS!" links (Even if you don't actually share it, they're tracking.)
However, since most people think of computing as the magic box with voodoo magic that makes my cell phone use wireless, they wrongfully assume that there's some sort of inherent "protection" of this data. What we are seeing on Internet forums everywhere are people kind of peeling back the onion layers of how the technology works and they're getting frightened by what they see.
Well, I don't necessarily separate tracking for LEO purposes (and by extension, government agencies from top to bottom) and privatized tracking for "marketing" when I think of how we should proceed with privacy laws. More importantly, it's hard to apply the "spirit" of the law when there was never really a precedent for which the laws could have even begun to apply.
If you limit the scope of your privacy arguments to Constitutional protections, you may find at one point in the next 10-20 years your employer may know every bit of your shopping, browsing, buying, and daily habits at the request of a "background check". We're not too far off from this reality, credit bureaus are already using the credit reports of your Facebook connections to adjust your credit score.
So yes, LEO may be prevented from listening to your conversation--but every person in your HR organization knows exactly the type of person you are and can build a personality profile on you, and keep track of that. And if you think "privacy settings" on Facebook mean jack shit, I've got a mean boat in the desert to sell you.
I know a lot of people whom like to put on their tinfoil hats and cry about government surveillance at every chance, but the reality is that we have never actually defined what is or isn't private in the digital age. The Internet is an amazingly complicated set of patents, protocols, technologies, and developments over the past 30-40 years of computing.
All of this is boiling over to what exactly is considered "YOUR" information in the digital age? Nobody seems to be asking this question. What information on your digital phone device belongs to you? And what information can the company/provider share with whomever they want?
Tracking your IMEI, Wifi MAC Address, and other tools is considered part of the network operations. The providers routinely keep logs of all of this information and use it to track you for a whole host of reasons. It's correlated across the organizations that control the hot spots. Companies do this all of the time, in perhaps significantly more intrusive ways than LEO using their "stingray" system, which no doubt is something that is a targeted-type application. Whereas the LEO will utilize these systems to target specific groups, events, or behaviors--marketing companies will track you and your device until the end of time. And, at the behest of a warrant, will provide as much information on your whereabouts, shopping habits, and intimate information as quickly as they can.
Slashdot Mirror
* 2FA on VPN (RSA Tokens)
* Separate Administrative credentials used by IT staff
* Dedicated administrative workstations that IT staff do not use to do daily tasks (email, web, etc.)
* OR dedicated IT jump box requiring further 2FA to log in to.
You have to be going about 10km/h over before anyone would pull you over (from my experiences and communications with locals).
They have signs on QEW that say 50km/h over = license revoked and car towed. They don't play around.
For us Americans, that's about 30 miles per hour over the speed limit. It'd be like doing 85 in a 55, 100 in a 70, etc.
Is it? I kind of guessed. Due to the km/h being so small on my speedometer and not aligning properly, It appears to be about 64 on my mph.
That said, nobody's going to pull you over going 3km over the speed limit--so.
I am surprised this is a thing. I cross into Canada regularly at both Fort Erie and 87/A-15 and it's funny to watch.
In Ontario, the signs say 100km/h = 60mph. This isn't quite true but it's a good safe number if you want to prevent speeding.
In Quebec, their signs say 100km/h != 60mph.
It's much closer to about 64mph. Bust people end up speeding anyway.
Holy fuck a Linux/Unix guy I'd shake hands with. This is the correct answer, folks :P The minute you get into a "get off my lawn" approach to technology is the day you sign your career's death warrant.
You still have to license RHEL if you intend to have support. I suppose if you don't mind going at it your own...
You assume that people actually pay attention to these key mismatches and don't automatically click "yes" to them.
;)
Would be worth a social experiment just to prove you idiots wrong
I wish you'd post as a logged-in user, your comments are some of the only intelligent ones in this thread.
I have long said we need import tariffs/taxes on imported labor. We already do this for goods.
Starting with Microsoft Office 2007, the Office Open XML file formats have become the default[3] target file format of Microsoft Office.[4][5] Microsoft Office 2010 provides read support for ECMA-376, read/write support for ISO/IEC 29500 Transitional, and read support for ISO/IEC 29500 Strict.[6] Microsoft Office 2013 additionally supports both reading and writing of ISO/IEC 29500 Strict
http://en.wikipedia.org/wiki/Ooxml
Not to be confused with Open Office XML or Microsoft Office XML formats.
I didn't say Microsoft supported ALL standards, just that they support *some* standards.
What are you talking about?
http://en.wikipedia.org/wiki/Ooxml
http://blogs.msdn.com/b/dmahugh/archive/2010/04/06/office-s-support-for-iso-iec-29500-strict.aspx
http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=61798
Microsoft supports an open document standard, standardized by the ISO, with Office and has for some time, though admittedly not "Strict" support until Office 2013.
Which, amusingly, could be ported over to Linux as well rather easily--given it's running within the user's context.
We use McAfee at work. With proper coaxing, it works pretty well and is unobtrusive--but it actually requires becoming familiar with the product and its features. It took a lot of trial and error.
One quick way you can help reduce A/V hit on a system is to remove zip file scanning during on-access scans and on-demand scans. Also, setting a file scan time limit can limit the amount of time the AV spends on one particular type of file.
Other antivirus solutions handle this a bit better, but McAfee is workable with the proper implementation.
AAAAAAND furthermore, in a purely technical sense IPv6 should be faster than IPv4 connectivity when it comes to routing.
Current IPv4 implementations actually do two state table tracking. Both the NAT table and the firewall's state table. In a dual stack, native configuration; only the firewall state table is required for IPv6 traffic alone; with no NAT table required. Or, in some cases, minimal NAT tables for specific devices when you wish to deploy IPv6 only and are supporting legacy devices that do not support it.
So, in theory, routing performance should be edged up a bit in IPv6 land. Also including the fact that hosts are now doing traffic fragmentation and the router's only involvement in fragmentation is sending an ICMP response (PACKET-TOO-BIG) rather than queuing and fragmenting traffic itself. Router performance should ultimately go up by quite a bit.
Ah, looks like100% of their broadband network is dual stack. Nice achievement for those folks.
"Dual stack takes more resources and complexity."
Yes, it does take labor and sometimes duplication of effort, but it doesn't REALLY negatively impact actual routing performance for most people with the exception of situations where routing for v4 is done in ASICs and v6 is done in the CPU, where v6's performance will ultimately be slower than the equivalent in v4 traffic.
However, this is so rare of a hardware configuration these days in most cases. Modern firewalls/routers/edge devices are doing everything in software with powerful enough CPUs to do both, where the performance would be no different than the equivalent increase in IPv4 traffic. Juniper SRX devices run in this configuration (with BSD running as the base OS), and my Ubiquiti device runs a dual core CPU as well.
If you have any questions, why not talk to Comcast? They've deployed IPv6 in a dual stack configuration across nearly their entire residential network (as the OP noted here). Clearly if there were performance problems that negatively impacted the cost of scalability, they wouldn't have made that move.
You are hurting my head, honestly. You're so flat out wrong it's not even funny.
Nobody's saying go "v6 only". We're saying run the two in parallel. When running 'dual stack', v4 and v6 are independent short of DNS resolution where you'll often receive both A and AAAA responses and your application needs to decide which one it prefers. For sockets that aren't v6 compatible, it will just use the A response and ignore the AAAA response completely.
Just because Skype isn't currently v6 compatible should have no bearing on whether or not you actually deploy IPv6.
Go study for your CCNA.
As another poster stated, this is only on certain international flights originating from certain countries--and in addition to that, I'm sure you can power your phone off once you've powered it on for them.
While this could be for another form of 'tracking' with cell phone tracking technologies (which exist), I feel it would be impossible to know just from cell phone identification what a person intends to do.
So I suspect it's nothing more than "Ensure that the phone is not a bomb in disguise".
That depends. What is the definition of "reasonable". In this day and age we are massively Internet connected with a great many software developers . Software dev is one of the highest paid professions today. "Big data", "cloud", "Hadoop", all are used for correlating this data.
It's reasonable to assume a LOT of people not only know they're being spied upon but are actively participating in this process.
So to me, a "reasonable" person should be able to infer they're being tracked by every thing they do online. Google and Facebook have made no attempt to hide it.
I think you're underestimating just how easily it is to collect data on you or how much data is actually collected.
You're assuming there are many hands in the pot, so to speak. That is, the information your wife and your doctor find can be different.
What if I told you that the wife and the doctor are storing the stuff they find in the same database, and are acting as both your wife AND your doctor?
Let me ask you this question: Can you list every single company that runs the rewards programs at various retail outlets? Grocery stores? Pharmacies? Who owns who? Who was purchased by who? etc.
You can't, you ignore it, it's too complex to figure out--but I guarantee you they have already shared every bit of data on you that is humanly possible to collect. And you do it all in the name of saving $0.10 on a box of cereal.
For what it's worth, the government has yet to use any of the information to actually destroy lives, at least lives of people that it wasn't coming to. At least nobody I know has ever been negatively affected by these systems. In fact, most people around where I live, where the DOD and US Government are primary IT employers, benefit from the existence of these programs and the careers they provide in "Cyber Security" and "Information Systems".
I think you're unduly putting a lot of weight to the 'government' argument when in reality the most pressing issue for a good 80% of the populace is what can private organizations do with this data?
Do you really think there are expenses?
A single entity can gain the contract for wireless in all of a particular operator's malls. Say, the Mills malls. That's say, 4 malls in the Maryland region for which one operator could potentially connect. The wireless operator scores a contract to install wifi. They can work out a deal where the wireless operator can work with the mall to provide coupons for various stores inside of the mall and work as a central mall hub. They can make it appear like it's helping the shopper out! "Sign up for a Mills Account to earn great deals during your shopping experience today!"
Next thing you know, this vendor is keeping tabs on your authentication to MAC address storage. Even when you visit other malls where you might not have an account in that mall, they can still track your whereabouts because hey--they have your MAC on file. Got a different phone? No big deal. As soon as you sign back in to your "Mills Account" from the new phone, the tracking starts anew with a new device.
Then start using some of those coupons...
Before you know it, they've collected a massive database of your shopping habits. AT the very least, location tracking. At worst, intimate knowledge of which stores you like to purchase from.
Let's not forget what can then be done by analysts with access to that data. Like to shop at Spencer's and Victoria's Secret? I bet you're a freaky girl in touch with her sexuality, not conservative.
Think the UNICRU test that Best Buy employed for personality-based hiring to the extreme. A complete profile that you've built for yourself through all of the websites you have visited with "SHARE THIS!" links (Even if you don't actually share it, they're tracking.)
What the hell do you think "big data" is?
This is absolutely, technically true.
However, since most people think of computing as the magic box with voodoo magic that makes my cell phone use wireless, they wrongfully assume that there's some sort of inherent "protection" of this data. What we are seeing on Internet forums everywhere are people kind of peeling back the onion layers of how the technology works and they're getting frightened by what they see.
Well, I don't necessarily separate tracking for LEO purposes (and by extension, government agencies from top to bottom) and privatized tracking for "marketing" when I think of how we should proceed with privacy laws. More importantly, it's hard to apply the "spirit" of the law when there was never really a precedent for which the laws could have even begun to apply.
If you limit the scope of your privacy arguments to Constitutional protections, you may find at one point in the next 10-20 years your employer may know every bit of your shopping, browsing, buying, and daily habits at the request of a "background check". We're not too far off from this reality, credit bureaus are already using the credit reports of your Facebook connections to adjust your credit score.
So yes, LEO may be prevented from listening to your conversation--but every person in your HR organization knows exactly the type of person you are and can build a personality profile on you, and keep track of that. And if you think "privacy settings" on Facebook mean jack shit, I've got a mean boat in the desert to sell you.
I know a lot of people whom like to put on their tinfoil hats and cry about government surveillance at every chance, but the reality is that we have never actually defined what is or isn't private in the digital age. The Internet is an amazingly complicated set of patents, protocols, technologies, and developments over the past 30-40 years of computing.
All of this is boiling over to what exactly is considered "YOUR" information in the digital age? Nobody seems to be asking this question. What information on your digital phone device belongs to you? And what information can the company/provider share with whomever they want?
Tracking your IMEI, Wifi MAC Address, and other tools is considered part of the network operations. The providers routinely keep logs of all of this information and use it to track you for a whole host of reasons. It's correlated across the organizations that control the hot spots. Companies do this all of the time, in perhaps significantly more intrusive ways than LEO using their "stingray" system, which no doubt is something that is a targeted-type application. Whereas the LEO will utilize these systems to target specific groups, events, or behaviors--marketing companies will track you and your device until the end of time. And, at the behest of a warrant, will provide as much information on your whereabouts, shopping habits, and intimate information as quickly as they can.