I was thinking the same thing, but I'm not afraid to name names. I have reported bug after bug and all they ever did was use the bug report as a "support case" and count it against my support allotment then close the case with no resolution. Some issues have been solved after a year or more, but support is unresponsive at best. I can name quite a few known problems, some of which could be potentially exploited for buffer overflows or denial of service attacks.
Just to name a few problems and bugs:
-ssl-vpn prompts the user to upgrade when new software is loaded on the firewall but if a user clicks no it disconnects them. If they click yes it uninstalls the software and fails to rienstall due to permission issues with the teefer driver if the user does not have administrative rights. It cannot be upgraded easily through group policy or windows update local publishing. It is an exe container so group policy is out and publising via local update publisher causes the system to hang at shutdown due to problems related to the driver removal/installation.
-services that use certificate checking fail if dpi is enabled and there is no reasonable workaround (examples: webex, apple itunes and app store). Implementing a realtime host lookup would easily resolve this problem but they only offer a one time hostname lookup which adds the ip to the policy (problematic for just about everything.... yes let's unblock all of akamai, that makes sense!!!)
-sso manager has a memory leak uses huge amounts of resources and eventually stops updating the list of authenticated users until the service is restarted if you have more than 2 domain controllers. We had to schedule a restart of the service every morning to mitigate this and it still uses an insane amount of processor time.
-Version 11.9.1 broke multi-wan pptp so not only is ssl-vpn broken (don't get me started on their poor ipsec support) but now the less secure backup option won't connect...
-expiring or rejecting a ca certificate causes all sites reliant on that certificate to fail to load even if a new certificate is present if dpi is enabled
-email quarantine generates a certificate with the server's ip as the name but links send the user to the hostname thus causing a certificate warning
-a wan connection with a ping monitor will not resume functioning once ping is restored in a multi-wan overflow configuration causing a temporary loss of connectivity to become a permanent one.
-ssl-vpn will not connect over udp in a multi-wan environment
I could go on... but I'll end with a non-bug: -They clearly run modified versions of open source software but fail to release their code changes to customers or distribute the gpl with their software. This is clear simply from the log files and debugging information and has been complained about as far back as 2005: http://lists.gpl-violations.or...
I love (and use) endian, but I can't recommend it to a newbie. Once built it is solid as a rock, but Endian always seems to have some bugs out of the box that can be really frustrating, and the vpn setup is not very user friendly in my experience (but as simple as anything else if you are familiar with open vpn). It has gotten better lately with some long existing bugs being fixed, but it can still be painful out of the box and moving between versions can be hazardous (prepare to install from scratch as a backup plan). That said I do appreciate that most of Endian's bugs are frustrating from a "x doesn't work, y doesn't display properly, z doesn't configure as expected" but the security related bugs seem to much less common than many other open source and commercial firewall/utm solutions.
Isn't it a little questionable to be suggesting a solution that has essentially be taken closed source? Vyatta is great, but unless the vyos community gains some strength it could end up as a dead end in a couple years. That aside, vyatta is a solid solution, so I'm only bringing up the potential negatives here since the vyos maintainers don't seem to have a lot of development/maintenance resources.
Wrong analogy. It is like buying a 1/4 pounder* (where the 1/4 pound is raw weight). Something is lost to cooking (transfer). I'm sure At&t's lawyers already covered their butts. If you read the small print ATM/MPLS overhead is probably included in the bandwidth calculation. Mystery solved Scooby Doo.
Strange, I used windows 64 bit for several years with no problem. That said I built it with components I knew had stable 64-bit drivers. Only problem I had was many browser plugins were 32-bit only but I can't blame Microsoft for that. It was a hell of a lot better than Vista x64 I can tell you that!
Rotate the drives. Works great for small clients that can't afford the tape. Rotate them offsite on a schedule. For larger amounts of data use tape. No reasonable hardware solutions I know of can beat a robotic tape library for longevity, reliability, and safety of the data. Hard disks only win on speed, but it is trivial to do disk to disk and then duplicate to tape. It gives you the best of both worlds.
Ok so they got caught for involvement with internal shenanigans, now someone just needs to look into all of those mailserver logs where linkedin tries to access corporate email accounts using linkedin credentials when they haven't been authorized to...
It isn't even new. I've owned one of these for years. Check out the primus brand pots for example. The idea of putting a heat exchanger in a pot has been around for a long time.
I can attest that they are very efficient though.
It is called a filter. We use them all the time. Add confidential, private, internal only and the email won't leave our domain. Why is it goldman sachs hasn't figured it out?
Not to be supportive of adobe per se (they are miserable too) but that is why dng was developed. Raw is very hard to support from an archival perspective.
1) I guess it goes down until it can be fixed under warranty (same or next day depending on purchase option). Redundancy is expensive. What happens when your single instance of AWS goes down with an "oops amazon is having problems with a datacenter" message?
2)Good job, you have identified why Netflix uses AWS.
3) Reserved instance is cheaper, but at that price still more than a dedicated server and the server typically comes with a 3 year warranty and will likely last past that (Dell will warranty for 6 years). Assuming it only lasts 3 your cost for running on AWS is nearly 3 times higher even when figuring in an improved warranty and OS licensing. I concede that short duration projects or very spiky loads are a great use for the cloud, but long running relatively even loads simply don't make sense form a cost perspective, nevermind the fact that you now lose access to your database if your wan connection goes down (unless you build out multi-wan, but there is yet another expense).
Use OSPF and use pricing as one of the variables for cost calculation? Wouldn't take a rocket scientist and pretty sure any decent sized network does this already... We are't talking spot market here - most of these costs are negotiated in long-term contracts, but no reason we couldn't design it like the energy markets (though not sure you would want to).
Try it yourself. You might find out that to be successful at it requires skill and education. I have family there that are one of two families left in a several hundred mile radius that are still farming successfully. All the rest gave up or gave out. Between droughts, harsh winters and fluctuations in feed prices it isn't as easy as watch some cows munch grass, and yes, they are educated and have dedicated fiber running straight to the farm that far surpasses the quality of dsl I can get in the city here in Florida.
Right, and how is the firmware on the drive for your non-magnetic media holding up after that EMP blast? You did remember to load a copy of the firmware onto a disk too, right? Oh, and the bios for the computer you were planning on restoring to, and the hard-drive firmware and other various chipset firmwares? I think come an EMP blast you had better set the computer aside and know how to be a dirt farmer before you starve. Even if you get your own files restored it is unlikely you will be able to do much else unless you plan on helping the telco reprogram all their equipment to get the network back up etc. In the meantime, you starve.
Car analogy: I told the used car dealer to stop selling that garbage and just send all his vehicles to the dump. I mean they were all from like 2007 or before! I mean seriously, who uses a car that old (except for all the retro ones that were sold up until 2012 - and those suck too. They aren't hip at all)? They don't have the latest rear view cameras and other safety equipment or anything. It is no secret if you buy the after market warranty you can get your crappy old car fixed, but if you don't it isn't my problem you can't get parts when you need them because you are a dumb poopy pants. I throw everything away because there is a newer model that surely must be better because new and shiny!
That is a terrible policy. I spent a long night at an office of a fortune 500 company for that very reason. They didn't see any reason to apply bios patches because they were just to add support for newer hardware, not to fix any sort of vulnerability. Fair enough. Several years went by and their terminal server had a processor go finicky on them. They determined the available spares included processors that were compatible. I asked "has the bios been updated to support the newer processors?" I was assured that they do regular patching and it would not be a problem. I arrive on site, install the new processors and get no post. A bit of troubleshooting and we determine it doesn't recognize the processors because the bios was out of date. Really long story shortened - we had to shutdown another server, pull the processors, install them in the problem server, boot, patch the bios, shut down move the processors back in the donor server, and then reinstall the new processors. Of course this was in a server room that was an overstuffed shoe box so a number of acrobatics were required to get the servers extended to a point they could be worked on.
So what should have been a 10-15 minute processor replacement ended up causing several hours of downtime and the unscheduled shutdown of another server.
Don't be lazy!
That said, as someone else stated, I usually wait a couple months to patch (especially HP) unless it is considered a critical issue or I have a straightforward fail-over plan. HP has screwed my arrays etc. more than once with their quality updates.
No, you don't understand. All the little internet connected things in your life like your thermostat with infrared sensor and tv with camera and xbox with 3d imager and phone with gps and toilet with butt activated hemorrhoid sensor all send their little bits of data back to the big intelligence in the cloud.
This way the great data architects of Fort Meade know you need some anal cream, a diet, and some new pants. They might also recognize that you are a danger to yourself if you continue to play WoW.
But if you stop playing you might be upset about your surroundings and be a danger to others, so you get a new online friend to help you play even more hours each day.
I think the Internet of Things is quite Intelligently Designed. In fact, I think everyone else who supports it should all spread the word by using a hashtag for intelligently designed internet of things #IDIoT
Yes, changing it to say "alpha" would be putting it nicely. It WAS beta quality until they hired bing developers to pretty it up. Now it doesn't work on my mac, pc or android phone.
And this is why you should always outsource your data backup and security. 3rd parties are way more experienced and equipped at losing your data than you ever could be! It's like the cloud, but for paper records and tape backups!
Slashdot Mirror
I was thinking the same thing, but I'm not afraid to name names. I have reported bug after bug and all they ever did was use the bug report as a "support case" and count it against my support allotment then close the case with no resolution. Some issues have been solved after a year or more, but support is unresponsive at best. I can name quite a few known problems, some of which could be potentially exploited for buffer overflows or denial of service attacks.
Just to name a few problems and bugs:
-ssl-vpn prompts the user to upgrade when new software is loaded on the firewall but if a user clicks no it disconnects them. If they click yes it uninstalls the software and fails to rienstall due to permission issues with the teefer driver if the user does not have administrative rights. It cannot be upgraded easily through group policy or windows update local publishing. It is an exe container so group policy is out and publising via local update publisher causes the system to hang at shutdown due to problems related to the driver removal/installation.
-services that use certificate checking fail if dpi is enabled and there is no reasonable workaround (examples: webex, apple itunes and app store). Implementing a realtime host lookup would easily resolve this problem but they only offer a one time hostname lookup which adds the ip to the policy (problematic for just about everything.... yes let's unblock all of akamai, that makes sense!!!)
-sso manager has a memory leak uses huge amounts of resources and eventually stops updating the list of authenticated users until the service is restarted if you have more than 2 domain controllers. We had to schedule a restart of the service every morning to mitigate this and it still uses an insane amount of processor time.
-Version 11.9.1 broke multi-wan pptp so not only is ssl-vpn broken (don't get me started on their poor ipsec support) but now the less secure backup option won't connect...
-expiring or rejecting a ca certificate causes all sites reliant on that certificate to fail to load even if a new certificate is present if dpi is enabled
-email quarantine generates a certificate with the server's ip as the name but links send the user to the hostname thus causing a certificate warning
-a wan connection with a ping monitor will not resume functioning once ping is restored in a multi-wan overflow configuration causing a temporary loss of connectivity to become a permanent one.
-ssl-vpn will not connect over udp in a multi-wan environment
I could go on... but I'll end with a non-bug:
-They clearly run modified versions of open source software but fail to release their code changes to customers or distribute the gpl with their software. This is clear simply from the log files and debugging information and has been complained about as far back as 2005: http://lists.gpl-violations.or...
I love (and use) endian, but I can't recommend it to a newbie. Once built it is solid as a rock, but Endian always seems to have some bugs out of the box that can be really frustrating, and the vpn setup is not very user friendly in my experience (but as simple as anything else if you are familiar with open vpn). It has gotten better lately with some long existing bugs being fixed, but it can still be painful out of the box and moving between versions can be hazardous (prepare to install from scratch as a backup plan). That said I do appreciate that most of Endian's bugs are frustrating from a "x doesn't work, y doesn't display properly, z doesn't configure as expected" but the security related bugs seem to much less common than many other open source and commercial firewall/utm solutions.
Isn't it a little questionable to be suggesting a solution that has essentially be taken closed source? Vyatta is great, but unless the vyos community gains some strength it could end up as a dead end in a couple years. That aside, vyatta is a solid solution, so I'm only bringing up the potential negatives here since the vyos maintainers don't seem to have a lot of development/maintenance resources.
Wrong analogy. It is like buying a 1/4 pounder* (where the 1/4 pound is raw weight). Something is lost to cooking (transfer). I'm sure At&t's lawyers already covered their butts. If you read the small print ATM/MPLS overhead is probably included in the bandwidth calculation. Mystery solved Scooby Doo.
Strange, I used windows 64 bit for several years with no problem. That said I built it with components I knew had stable 64-bit drivers. Only problem I had was many browser plugins were 32-bit only but I can't blame Microsoft for that. It was a hell of a lot better than Vista x64 I can tell you that!
Rotate the drives. Works great for small clients that can't afford the tape. Rotate them offsite on a schedule. For larger amounts of data use tape. No reasonable hardware solutions I know of can beat a robotic tape library for longevity, reliability, and safety of the data. Hard disks only win on speed, but it is trivial to do disk to disk and then duplicate to tape. It gives you the best of both worlds.
Yep. Saw this too and it passes the KISS test. Not sure why everyone thinks they were hauling giant boulders around.
Ok so they got caught for involvement with internal shenanigans, now someone just needs to look into all of those mailserver logs where linkedin tries to access corporate email accounts using linkedin credentials when they haven't been authorized to...
It isn't even new. I've owned one of these for years. Check out the primus brand pots for example. The idea of putting a heat exchanger in a pot has been around for a long time. I can attest that they are very efficient though.
It is called a filter. We use them all the time. Add confidential, private, internal only and the email won't leave our domain. Why is it goldman sachs hasn't figured it out?
RSS.
Not to be supportive of adobe per se (they are miserable too) but that is why dng was developed. Raw is very hard to support from an archival perspective.
1) I guess it goes down until it can be fixed under warranty (same or next day depending on purchase option). Redundancy is expensive. What happens when your single instance of AWS goes down with an "oops amazon is having problems with a datacenter" message?
2)Good job, you have identified why Netflix uses AWS.
3) Reserved instance is cheaper, but at that price still more than a dedicated server and the server typically comes with a 3 year warranty and will likely last past that (Dell will warranty for 6 years). Assuming it only lasts 3 your cost for running on AWS is nearly 3 times higher even when figuring in an improved warranty and OS licensing. I concede that short duration projects or very spiky loads are a great use for the cloud, but long running relatively even loads simply don't make sense form a cost perspective, nevermind the fact that you now lose access to your database if your wan connection goes down (unless you build out multi-wan, but there is yet another expense).
Use OSPF and use pricing as one of the variables for cost calculation? Wouldn't take a rocket scientist and pretty sure any decent sized network does this already... We are't talking spot market here - most of these costs are negotiated in long-term contracts, but no reason we couldn't design it like the energy markets (though not sure you would want to).
Try it yourself. You might find out that to be successful at it requires skill and education. I have family there that are one of two families left in a several hundred mile radius that are still farming successfully. All the rest gave up or gave out. Between droughts, harsh winters and fluctuations in feed prices it isn't as easy as watch some cows munch grass, and yes, they are educated and have dedicated fiber running straight to the farm that far surpasses the quality of dsl I can get in the city here in Florida.
Right, and how is the firmware on the drive for your non-magnetic media holding up after that EMP blast? You did remember to load a copy of the firmware onto a disk too, right? Oh, and the bios for the computer you were planning on restoring to, and the hard-drive firmware and other various chipset firmwares? I think come an EMP blast you had better set the computer aside and know how to be a dirt farmer before you starve. Even if you get your own files restored it is unlikely you will be able to do much else unless you plan on helping the telco reprogram all their equipment to get the network back up etc. In the meantime, you starve.
Car analogy: I told the used car dealer to stop selling that garbage and just send all his vehicles to the dump. I mean they were all from like 2007 or before! I mean seriously, who uses a car that old (except for all the retro ones that were sold up until 2012 - and those suck too. They aren't hip at all)? They don't have the latest rear view cameras and other safety equipment or anything. It is no secret if you buy the after market warranty you can get your crappy old car fixed, but if you don't it isn't my problem you can't get parts when you need them because you are a dumb poopy pants. I throw everything away because there is a newer model that surely must be better because new and shiny!
because the spf records don't pass but the recipient recognizes the sender?
That is a terrible policy. I spent a long night at an office of a fortune 500 company for that very reason. They didn't see any reason to apply bios patches because they were just to add support for newer hardware, not to fix any sort of vulnerability. Fair enough. Several years went by and their terminal server had a processor go finicky on them. They determined the available spares included processors that were compatible. I asked "has the bios been updated to support the newer processors?" I was assured that they do regular patching and it would not be a problem. I arrive on site, install the new processors and get no post. A bit of troubleshooting and we determine it doesn't recognize the processors because the bios was out of date. Really long story shortened - we had to shutdown another server, pull the processors, install them in the problem server, boot, patch the bios, shut down move the processors back in the donor server, and then reinstall the new processors. Of course this was in a server room that was an overstuffed shoe box so a number of acrobatics were required to get the servers extended to a point they could be worked on.
So what should have been a 10-15 minute processor replacement ended up causing several hours of downtime and the unscheduled shutdown of another server.
Don't be lazy!
That said, as someone else stated, I usually wait a couple months to patch (especially HP) unless it is considered a critical issue or I have a straightforward fail-over plan. HP has screwed my arrays etc. more than once with their quality updates.
No, you don't understand. All the little internet connected things in your life like your thermostat with infrared sensor and tv with camera and xbox with 3d imager and phone with gps and toilet with butt activated hemorrhoid sensor all send their little bits of data back to the big intelligence in the cloud. This way the great data architects of Fort Meade know you need some anal cream, a diet, and some new pants. They might also recognize that you are a danger to yourself if you continue to play WoW. But if you stop playing you might be upset about your surroundings and be a danger to others, so you get a new online friend to help you play even more hours each day. I think the Internet of Things is quite Intelligently Designed. In fact, I think everyone else who supports it should all spread the word by using a hashtag for intelligently designed internet of things #IDIoT
It's already in use by the administrative share.
This is 60 minutes we're talking about here... don't get too demanding!
Yes, changing it to say "alpha" would be putting it nicely. It WAS beta quality until they hired bing developers to pretty it up. Now it doesn't work on my mac, pc or android phone.
Sounds great! Who do you recommend. Maybe Amazon or perhaps Softlayer/The Planet?
And this is why you should always outsource your data backup and security. 3rd parties are way more experienced and equipped at losing your data than you ever could be! It's like the cloud, but for paper records and tape backups!