IT: MS Security Chief Says Windows is Safer Than Linux....
I think that's because it's generally so full of worms, that you can't fit any more exploits into your average box. In that respect this actually makes Windows more secure because it makes it more likely that you box will be too infected for any given virus to be able to do anything.
It's the standard fight... The sales geeks don't think that the tech geeks do any real work (they spend their whole time thinking), and the tech geeks think the same about sales (all they seem to do is go for lunch!). Problem is that the sales geeks are far better at selling what they're doing as important to the company (hey, it's their job).
You may not be good at it, and you may not even like it, but it's time for you to actually sell what your department is doing for the company. I tell my students that the job of a really good IT department is to be all but invisible to the end users. That makes the job of selling it's value a bit more of a catch-22 -- it's almost easier to prove the value and necessity of a badly-run IT department.
And what should they do the first time OpenOffice doesn't open a document from an uber important customer properly?
It's called heterogeneous systems. There's nothing wrong with keeping a couple of dual-boot machines, or even a couple of machines which run Wintendos full-time. Crossover office is also a possibility for those who don't want the risk of any native Windows machines on their net (or who are just too lazy to dual boot or hunt down the dedicated box).
you can sell the old servers on ebay if you don't need them and you company allows.
Remember to sanitize the disks before you do this. The easiset way is to boot into something like
Knoppix and running something like "shred/dev/hda". If you don't want to trash partition and bad-block info,/proc/partitions will list the available partitions that you can trash individually.
There have been a few cases in the past where people bought boxes off of ebay and found 'interesting' info on the drives (including internal bank databases).
Remember that just deleting the files or doing a high-level format only clears the descriptors but leaves the raw data in place.
Although you can't get money back on the extra server licenses, it does save you the cost of ongoing licensing and support for the retired machines, as well as the rack costs of the machines (if they're hosted remotely). You can also consolidate them into the two most recent boxes, and thus avoid the possibility of the older machines dying sometime soon.
If you're using pure GPS (no ground station), then 3M is probably about as good as you can depend on -- and even that depends on the US military being in a good mood.
Try doing a pure GPS measurement the next time they declare an orange alert. I wouldn't be surprised if it was off by 10s of metres. Probably the same situation if you're in the vicinity of Iraq (or any other 'hot' zone).
I know that the US has promised to not mess with the civilian system any more, but I wouldn't be surprised to find that you're on the limits of the error allowance in delicate locations/times.
The keys are large enough to realistically take decades to brute-force, and they change them very frequently.
Even so, you don't want to tempt fate, and 1million geeks working at it part-time are far more likely to find a way to game the system (if there is one) than 25 high-security spooks working in Moscow.
There's nothing you could do about the 25 spooks in Moscow, but if giving the 1million geeks a 'good enough' toy to play with is enough to keep them at bay, it's really cheap insurance (and good PR to boot).
My guess is that the reason for having SPS unencrypted is that it makes it not worthwhile to do the work of decrypting PPS. If PPS were the only available service, decoding it woulda been a/. article long long time ago.
Ye olde slight-of-hand standard: Keep their eyes on the obvious stuff, and they won't notice where the real work occurs.
Lighthouses have a number of uses. Manned lighthouses provide local emergency services. If your boat sinks, a lighthouse will indicate the general direction of the shore (very useful when your GPS is 50 feet underwater). Also, of course, useful when your GPS has died all of a sudden.
This reminds me of the parable:
Acolyte: Father, what is the difference between knowledge and faith?
Priest: Knowledge is like the Sun. Faith is like a candle.
Acolyte: But I thought that faith was more important than knowledge. How can that be, the Sun is far brighter than any candle!
Priest: Come back and ask me again at midnight.
I'm not saying that all commercial software is inferior. The original poster seemed to imply that he recognized that the OS alternatives to at least some of his commercially-used suggestions were better, but he was recommending the (inferior) proprietary alternative because it afforded a level of finger-pointing that the OS did not.
And you're welcome for the year I spent in Iraq for you. And you're welcome for the year I spent in Iraq for you.
Nobody's slamming you for the year you spent in Iraq. (I'll slam Bush for the year you spent in Iraq, but I'm not going to slam the low schmoes who have to deal with the dust and the bombs -- unless they personally do something really damaging and/or stupid... but that's a different discussion).
What this points to is not that OS isn't appropriate to the DOD, but rather that the DOD hasn't come up with a general plan for employing open source where it's more useful than proprietary software.
Paying $100K/year just to have someone on the other end of a phone say "have you tried re-installing" seems like both a waste of time and money -- whether it's in the military or the government.
Just because most of his tools are open source doesn't mean that he's not willing to use commercial products... He just doesn't seem to have found many of them that are better than the open source equivalents.
Asking for comments on what's out there that's better than Open Source is one way to broaden your horizon. (and what better place to ask than SlashDot, where you'll probably get comments from people who work for, and/or use, much of the proprietary competition).
Right during 3.5, it had more than
a dozen remote holes being fixed
Part of the nature of ethereal is that just about any hole is going to be a remot hole, since it is pretty much only dealing with remote (network) data. This is made worse by the fact that it's usually run as root and has no privelege separation (that I know of). OBSD, on the other hand has the luxury of separating remote holes from local holes when they carp about OpenBSD's security.
This, however, does not excuse the ethereal community's somewhat lackadasical attitude towards security. Quite to the contrary, you could argue that it makes security in the design all the more important.
Heh, recommending a security tool that OpenBSD removed because the Ethereal team does not care about security
I was just thinking about structural ways to work around this in ethereal (like priv sep) -- in the meantime, I would point out that the biggest difference between ethereal and it's commercial equivalents is is that, with ethereal, you find out about the security problems quickly -- whereas with commercial equivalents, you might
not find out for a while (if ever), and you'll probably end up paying for the upgrade to make it secure.
Another point is that it's most often the newer disectors that contain the holes. If you're worried about security and working in a 'hostile' environment, you're probably best to disable any disector that you're not intending to use. -- in fact, that might be a good idea to do in Ethereal, generally: Disable all but the most common dissectors and wait for the user to enable them explicitly.
I would use commercial software. Why? Because if something does go wrong, it is the vendors fault and not yours.
grunt: Admiral! There's a missile comming our way, and the defence systems have just blue screened!
admiral: Thank god I can blame Microsoft for this!
missile: BOOM!
So you'd use inferior software just because you can point the finger at someone else when the software fails??? Wouldn't you rather use the best software for the job (even if it's cheaper)??
I mean, it's not like most commercial vendors take any responsibility for their software, anyways -- have you read your EULA's recently?
At least with open source software, you have the option of fixing any bugs yourself if the vendor refuses to. With Proprietary code, your only choice is to grin, bend over and wait for your bill.
Longhorn isn't going to 'break' compatibility with current software. Your old programs are still going to work on it...
Well, kinda... But if you want it to work properly, well sell you a new version of your (otherwise perfectly working) software for a mere $500 a copy.
Microsoft thrives on non-interoperability. You remembe the debacle of word'97? It couldn't save properly in word5 format. Once you bought one copy of word '97 you had to upgrade every copy of word in your company or deal with unusable copies of various documents interrupting the work flow all over the place.
(yeah.. they fixed that problem a year later but by that time, most companies had paid Microsoft the billions of dollars in upgrade fees, which was the entire intention.
(it might have been word '95 that did this, but you get my point)
In any case, Longhorn is going to be different enough from current windows that it's probably going to be just about as nasty (and expensive) to 'upgrade' to the arbitrary restrictions of Longhorn as it will be to upgrade to Linux and Open Software.
actually I can't even think of one person I know who is a conservative.
As a former Edmontonian now living in Vancouver, I can only come up with one explanation:
All things are relative. If you can't think of anybody in Edmonton who you'd consider a conservative then chances are that you're waaay out there.
To make things less ambiguous, the 'is' after 'myself' should be after 'everyone'
As others have said, a POST does NOT tell you about hardware incompatabilities. In order to ensure that all the hardware will play nice together, you need more than a POST and a quick BIOS test.
That's where a customized KNOPPIX disk comes in (or a USB boot fob). It's probably easier than trusting Windows to not bail on you.
Slashdot Mirror
I think that's because it's generally so full of worms, that you can't fit any more exploits into your average box. In that respect this actually makes Windows more secure because it makes it more likely that you box will be too infected for any given virus to be able to do anything.
but then where will i get my illicit viagra that i so desparately need, apparently??
(Insert Windows uptime joke here)
You may not be good at it, and you may not even like it, but it's time for you to actually sell what your department is doing for the company. I tell my students that the job of a really good IT department is to be all but invisible to the end users. That makes the job of selling it's value a bit more of a catch-22 -- it's almost easier to prove the value and necessity of a badly-run IT department.
Good luck.
It's called heterogeneous systems. There's nothing wrong with keeping a couple of dual-boot machines, or even a couple of machines which run Wintendos full-time. Crossover office is also a possibility for those who don't want the risk of any native Windows machines on their net (or who are just too lazy to dual boot or hunt down the dedicated box).
Remember to sanitize the disks before you do this. The easiset way is to boot into something like Knoppix and running something like "shred /dev/hda". If you don't want to trash partition and bad-block info, /proc/partitions will list the available partitions that you can trash individually.
There have been a few cases in the past where people bought boxes off of ebay and found 'interesting' info on the drives (including internal bank databases). Remember that just deleting the files or doing a high-level format only clears the descriptors but leaves the raw data in place.
Although you can't get money back on the extra server licenses, it does save you the cost of ongoing licensing and support for the retired machines, as well as the rack costs of the machines (if they're hosted remotely). You can also consolidate them into the two most recent boxes, and thus avoid the possibility of the older machines dying sometime soon.
Try doing a pure GPS measurement the next time they declare an orange alert. I wouldn't be surprised if it was off by 10s of metres. Probably the same situation if you're in the vicinity of Iraq (or any other 'hot' zone).
I know that the US has promised to not mess with the civilian system any more, but I wouldn't be surprised to find that you're on the limits of the error allowance in delicate locations/times.
Yeah... That's pretty much what it was like for the astronaut inbetween takes. (You do believe this guy, don't you?)
Try and ell me that when you're in the water, and the nearest coast guard station is 40 miles away... Then reread the parable in my previous post.
Even so, you don't want to tempt fate, and 1million geeks working at it part-time are far more likely to find a way to game the system (if there is one) than 25 high-security spooks working in Moscow.
There's nothing you could do about the 25 spooks in Moscow, but if giving the 1million geeks a 'good enough' toy to play with is enough to keep them at bay, it's really cheap insurance (and good PR to boot).
It does bring me to the obvious question: what is there to view this under Linux? mplayer works for some things Apple, but does it work for this???
I'd really like to know the answer to that question before I contribute to the slashdotting of their server.
Ye olde slight-of-hand standard: Keep their eyes on the obvious stuff, and they won't notice where the real work occurs.
This reminds me of the parable:
That's not a 'free' service in my book.
Yep... It's dead alright.
I'm not saying that all commercial software is inferior. The original poster seemed to imply that he recognized that the OS alternatives to at least some of his commercially-used suggestions were better, but he was recommending the (inferior) proprietary alternative because it afforded a level of finger-pointing that the OS did not.
Nobody's slamming you for the year you spent in Iraq. (I'll slam Bush for the year you spent in Iraq, but I'm not going to slam the low schmoes who have to deal with the dust and the bombs -- unless they personally do something really damaging and/or stupid. .. but that's a different discussion).
What this points to is not that OS isn't appropriate to the DOD, but rather that the DOD hasn't come up with a general plan for employing open source where it's more useful than proprietary software.
Paying $100K/year just to have someone on the other end of a phone say "have you tried re-installing" seems like both a waste of time and money -- whether it's in the military or the government.
Asking for comments on what's out there that's better than Open Source is one way to broaden your horizon. (and what better place to ask than SlashDot, where you'll probably get comments from people who work for, and/or use, much of the proprietary competition).
Part of the nature of ethereal is that just about any hole is going to be a remot hole, since it is pretty much only dealing with remote (network) data. This is made worse by the fact that it's usually run as root and has no privelege separation (that I know of). OBSD, on the other hand has the luxury of separating remote holes from local holes when they carp about OpenBSD's security.
This, however, does not excuse the ethereal community's somewhat lackadasical attitude towards security. Quite to the contrary, you could argue that it makes security in the design all the more important.
I was just thinking about structural ways to work around this in ethereal (like priv sep) -- in the meantime, I would point out that the biggest difference between ethereal and it's commercial equivalents is is that, with ethereal, you find out about the security problems quickly -- whereas with commercial equivalents, you might not find out for a while (if ever), and you'll probably end up paying for the upgrade to make it secure.
Another point is that it's most often the newer disectors that contain the holes. If you're worried about security and working in a 'hostile' environment, you're probably best to disable any disector that you're not intending to use. -- in fact, that might be a good idea to do in Ethereal, generally: Disable all but the most common dissectors and wait for the user to enable them explicitly.
I mean, it's not like most commercial vendors take any responsibility for their software, anyways -- have you read your EULA's recently?
At least with open source software, you have the option of fixing any bugs yourself if the vendor refuses to. With Proprietary code, your only choice is to grin, bend over and wait for your bill.
Well, kinda... But if you want it to work properly, well sell you a new version of your (otherwise perfectly working) software for a mere $500 a copy.
Microsoft thrives on non-interoperability. You remembe the debacle of word'97? It couldn't save properly in word5 format. Once you bought one copy of word '97 you had to upgrade every copy of word in your company or deal with unusable copies of various documents interrupting the work flow all over the place.
(yeah.. they fixed that problem a year later but by that time, most companies had paid Microsoft the billions of dollars in upgrade fees, which was the entire intention.
(it might have been word '95 that did this, but you get my point)
In any case, Longhorn is going to be different enough from current windows that it's probably going to be just about as nasty (and expensive) to 'upgrade' to the arbitrary restrictions of Longhorn as it will be to upgrade to Linux and Open Software.
Send an email to the head of computer science at the U of C. Tell him what you think!
As a former Edmontonian now living in Vancouver, I can only come up with one explanation:
All things are relative. If you can't think of anybody in Edmonton who you'd consider a conservative then chances are that you're waaay out there.
To make things less ambiguous, the 'is' after 'myself' should be after 'everyone'
That's where a customized KNOPPIX disk comes in (or a USB boot fob). It's probably easier than trusting Windows to not bail on you.