"third parties have no chance in the USA"...with that attitude, the US itself has no chance
Heres a spoiler: No government in the history of governments has lasted forever. At best, you get a few hundred years before either radical reform or everything crumbles.
What we have has worked pretty well (all things considered) for 200 years, and in that time no 3rd party candidate has come close to winning. If you ACTUALLY want to change things, voting on someone who isnt an option is the wrong way to do so.
Without iSCSI you cant really use shared storage, which means 90% of the features of ESXi cant be used. Kind of dampers the whole "for a lab" thing.
SSDs ARE quite sweet for VMs, Id recommend setting up a VM that serves out a local SSD as iSCSI over an internal ESXi storage network-- thats actually how things were done during my VCP training. I believe they were using FreeNAS (MIGHT have been openfiler) to serve up iSCSI and NFS targets. Its a little buggy but sufficient for a lab.
You live in an apartment and dont plan to be there for 20 years?
I imagine for a lot of people, dumping $40 into each light socket is a losing proposition for you, and a winner for your landlord (who I am sure would greatly appreciate the gift).
https://wiki.mozilla.org/SeaMonkey:Release_History#SeaMonkey_2.3_and_beyond Stable releases will be more frequent (6-week release schedule) but with fewer changes, eliminating the need for minor releases. The aim is to release the stable versions right around a week of the release of the equivalent Firefox and Thunderbird.
You were saying? (and for the record, 2.2 was released a year ago)
Maybe my memory is faulty, but for all the faults Vista had "Aero CPU usage" is not one I recall-- since the ENTIRE POINT was that the desktop was graphics accelerated (hence, no cpu usage).
VNC and RDP are horrible kludges and perform like crap.
I get the feeling youve never used RDP.
And if X11 is so great for network transparency, why does Citrix base all of its terminal stuff on ICA (which RDP is based off IIRC) rather than just using X11's native abilities?
Hello BlackBerry GIVES the government the keys tot he kingdom. ALL your BlackBerry traffic is in the clear unencrypted for the government.
Utterly wrong. If you are using BIS, yes, that probably gets spied on. If youre using BES, it is not technically possible for RIM to hand anything to anyone since they do not have the encryption keys.
That was their BIS system, which is glorified activesync hosted by RIM. You hand your email OWA credentials to RIM, they push email to your blackberry.
It has absolutely zero bearing on their BES security, since with BES they are never in posession of either the master key or the derived device keys.
Its wonderful that ignorance like this gets modded up, however.
Source (among many): http://crackberry.com/rim-encryption-keys The only people capable of such access are the corporate customers in control of the accounts in question, therefore, any Indian government agency requiring lawful access would need to request it from the corporate customers themselves and not RIM directly.
India has been on RIMs case for the last several years to get access to their system. RIM caved and gave them BIS access, but of course cannot grant BES access-- which has india still rather pissed off.
I also have to deal with securing systems going to areas of the world where the gov't is all too happy to forge SSL certs to spy on folks. You can call me paranoid, but these are issues I have to deal with. SSL is a problem, and if you dont understand that you simply havent been paying attention.
I agree with most of your points, I just dont see why users cant have a personal phone and a business phone if they really want a media consumption device. I feel like the idea that one device needs to be great at everything (essentially an impossibility) is slowly ruining the business phone market.
Besides this is a one-time configuration issue and not enough to complain about.
....Unless you need to migrate one user to a different exchange server at a different DNS address.
Everyone here is right that there are ways of dealing with how finicky ActiveSync is, but it is more finicky than BES. It needs to know where the server is, what mailbox to use, what your mailbox password is, and it needs a valid cert. If ANY of that EVER chances, good by syncing.
BES needs none of that. Once its connected, its connected. Justify it all you want, BES is simply less finicky.
I use SSL, but I certainly dont trust if it the entitiy Im worried about is the government. SSL has gigantic flaws that are widely recognized; one is that the signing authorities tend to be incompetent, and one bad authority can completely wreck your day if someone wants to spy on you.
_I_ dont have problems remembering my web password, but apparently you dont do IT support in any capacity that has you dealing with users on a regular basis. Some of them-- particularly those who dont have to care because of their position-- have that problem.
Finally, we see the issue - you have a phone you don' t like, so it must be someone else's fault.
The security issues and the setup issues arent "my phone" problems, theyre inherent problems with active sync. Just because you declare "its not THAT much more finicky or insecure" doesnt get rid of the real issues: Per-device keys are simply better in a corporate environment than SSL which requires you to either remove trusted roots from each device or else trust every public root authority out there. Which, I believe, includes China.
Youll note that India doesnt seem to have issues with ActiveSync email spying; its only Blackberry theyre getting pissed off at, because you simply cannot intercept BES traffic.
Its also interesting that people loudly proclaim how great Android is, then when I point out how laughably bad the Motorola Admiral (touted as a business phone) is, they say "well, all OTHER androids are great". Wonderful, so is there some whitelist of the Android phones that DONT suck at business use?
Google maps on my blackberry worked just fine. Im really not sure what their issue was. Its honestly more infuriating on my Android because it doesnt have keyboard shortcuts for next/previous turn -- only touch screen controls-- which makes it kind of hard/dangerous to use while driving. And actually my old blackberry retained a lock better since they also used tower triangulation. My android tends to lose its lock sometimes, unless I stick it on my dashboard.
As for messaging, they mentioned social networking. Oh boo hoo, how will business proceeed without facebook? Blackberry absolutely crushes android in email messaging and anyone who says otherwise either has odd definitions of usability, or else has never used a blackberry.
Like any other news organization, NYTimes occasionally makes boneheadd statements. Blackberries are still the best device from an IT standpoint; whether the users like them or not SHOULD be irrelevant, because their job isnt to like their business phone, its to do business.
But they dont. Android and iPhone utterly crush the BB in "business email".
Absolute nonsense. Lets do a comparison. And btw, Im sure ill get called a shill for this, but I post it because Im absolutely furious that I traded my bold 9650 for a Motorola Admiral, which might be the worst business phone ever despite having 2.3.7 android and a full qwerty keyboard.
Setup Blackberry, the IT staff does their magic (basically, just auths a user's email address and generates a code). The user enters their email address, and a one time code. Thats it. Blackberry email is activated. Never have to worry about password changes, or SSL certs. Never have to worry about whether DNS name or email server changes (a refresh of the BES services will fix that immediately). ActiveSync: User needs all sorts of stupid info: mail server address, mailbox name (some phones), mail password (a problem for some users who honestly dont know it), whether to use SSL, what parts of the mailbox to sync, retention period, etc. Also, it uses SSL, so if the cert is selfsigned or expired, have fun getting the phone to work. Also, will stop syncing when users password changes. Also, will stop syncing if you ever need to migrate email servers or change DNS name.
Usage Blackberry: Has qwerty shortcuts for basically everything, so basically anything can be done one-handed. Recognizes phone numbers AND extensions in basically any context for rapid dialing. Hardware buttons for answering phone. Android: Wants you to use touch for EVERYTHING (even if qwerty keyboard is present), which means 2-handed use. Has basically no keyboard shortcuts (for compose, reply, etc). Has problems with some extensions depending on vendor (my admiral can only recognize extensions with ###-###-####; ### format, which absolutely noone uses). Software buttons for answering phone-- which means input lag can cause you to miss your call (has happened several times to me).
Security Blackberry: Uses per-device AES encryption. Devices support full storage and memory encryption. Only way to compromise a device is to get into that device, or else compromise the BES itself. Android: Uses ActiveSync, which means SSL. Simply getting a CA to sign you a bogus cert for mail.targetcompany.com and doing some DNS poisoning is sufficient to perform a MITM on any and all phones for that organization. Bonus points when you go and check out what entities are on the trusted root authority list on all of those androids you deployed.
There are areas that Blackberry fails, I understand that; but in its core competencies Android is a poor replacement for Blackberry. Its problem is that it has accepted the mantra "touch input good, physical bad", which is great from a consumer media content but terrible from a "lets be productive" standpoint.
Level of caring is minimal. Im conservative, so I dont want the government doing a lot, but I would prefer those things that it DOES do (law enforcement) are actually effective.
If they can fund themselves catching people breaking the law, honestly more power to them.
Now you can claim that we should have all cops be undercover, wiretap everyone in the country, and put hidden video cameras everywhere, let every crime happen that's going to happen, and then throw all the criminals in jail.
Thats a strawman, and you know it. Undercover cops violate NO constitutional nor statutory protections that I am aware of, since they are in a public space as you are. Wiretaps, video, etc are all entirely different animals. It may suprise you to know that my worldview is not black and white, but Im certainly not going to handcuff the ability of the cops to actually catch people simply because I might happen to get caught breaking the law.
See, I dont MIND getting ticketed for going 5 over the limit if it meant that that behavior were actually curbed, because then we could actually do something about bad speed limits knowing that when it says "70mph", people will actually have to follow that. What we have now is utter chaos; you can be arbitrarily ticketed depending on flow of traffic and how pissed off a cop is, which is generally a terrible system for everyone-- and its all because the laws are fuzzy because noone actually follows them. My level of sympathy someone who gets ticketed for speeding? Pretty low.
Just because something is illegal doesn't mean it should be. I apologize in advance for the following Godwin, but were we supposed to applaud when the SS arrested people for being Jewish?
I have yet to hear any reason why speed limits are in need of non-violent protest. Is there some human right to speed that Im unaware of here? Or some other moral issue at stake?
Or is this just a case of "I dont like the particular limits society has set, so Im going to ignore them"?
The fact is that they are a lot lower if the cops are unmarked.
Perhaps cop helicopters should be marked with hot pink, so you can see them too in an emergency. Never mind how remote the odds of that happening are, right?
Thats ridiculous, and you know it is. The cop will likely see you before you see them, assuming one nearby hasnt already been radio'd from 911. If you are neglecting to dial 911 because you assume you can just flag a cop down, youre doing everyone in the emergency a huge injustice and theres a good chance you could get hit with negligence. We have a 911 system for a reason, and if its a true emergency the response time will be like 2-4 minutes.
I imagine by the 5th ticket that month they would get the message. At some point, they will either get the message or run out of money.
I really dont get the problem people have with this. The deterrent effect is supposed to come from the law and its threatened penalty. The cops job is to actually CATCH people violating the law, not to be a deterrent, and undercover cops are simply more effective at catching people.
"third parties have no chance in the USA" ...with that attitude, the US itself has no chance
Heres a spoiler: No government in the history of governments has lasted forever. At best, you get a few hundred years before either radical reform or everything crumbles.
What we have has worked pretty well (all things considered) for 200 years, and in that time no 3rd party candidate has come close to winning. If you ACTUALLY want to change things, voting on someone who isnt an option is the wrong way to do so.
President is the wrong office to be voting for if you really want to change the voting system in place, as he has 0 power to change it.
Without iSCSI you cant really use shared storage, which means 90% of the features of ESXi cant be used. Kind of dampers the whole "for a lab" thing.
SSDs ARE quite sweet for VMs, Id recommend setting up a VM that serves out a local SSD as iSCSI over an internal ESXi storage network-- thats actually how things were done during my VCP training. I believe they were using FreeNAS (MIGHT have been openfiler) to serve up iSCSI and NFS targets. Its a little buggy but sufficient for a lab.
You live in an apartment and dont plan to be there for 20 years?
I imagine for a lot of people, dumping $40 into each light socket is a losing proposition for you, and a winner for your landlord (who I am sure would greatly appreciate the gift).
https://wiki.mozilla.org/SeaMonkey:Release_History#SeaMonkey_2.3_and_beyond
Stable releases will be more frequent (6-week release schedule) but with fewer changes, eliminating the need for minor releases. The aim is to release the stable versions right around a week of the release of the equivalent Firefox and Thunderbird.
You were saying? (and for the record, 2.2 was released a year ago)
I dont always do WSIWYG HTML, but when I do, I prefer Seamonkey
FTFY
Maybe my memory is faulty, but for all the faults Vista had "Aero CPU usage" is not one I recall-- since the ENTIRE POINT was that the desktop was graphics accelerated (hence, no cpu usage).
VNC and RDP are horrible kludges and perform like crap.
I get the feeling youve never used RDP.
And if X11 is so great for network transparency, why does Citrix base all of its terminal stuff on ICA (which RDP is based off IIRC) rather than just using X11's native abilities?
I will repeat: Your post displays ignorance about BIS vs BES, and how blackberries work in general.
The ONLY emails they have access to are the ones you are EXPLICITLY giving them the login details to. That is, NOT BES.
Hello BlackBerry GIVES the government the keys tot he kingdom. ALL your BlackBerry traffic is in the clear unencrypted for the government.
Utterly wrong. If you are using BIS, yes, that probably gets spied on. If youre using BES, it is not technically possible for RIM to hand anything to anyone since they do not have the encryption keys.
That was their BIS system, which is glorified activesync hosted by RIM. You hand your email OWA credentials to RIM, they push email to your blackberry.
It has absolutely zero bearing on their BES security, since with BES they are never in posession of either the master key or the derived device keys.
Its wonderful that ignorance like this gets modded up, however.
Source (among many):
http://crackberry.com/rim-encryption-keys
The only people capable of such access are the corporate customers in control of the accounts in question, therefore, any Indian government agency requiring lawful access would need to request it from the corporate customers themselves and not RIM directly.
India has been on RIMs case for the last several years to get access to their system. RIM caved and gave them BIS access, but of course cannot grant BES access-- which has india still rather pissed off.
I also have to deal with securing systems going to areas of the world where the gov't is all too happy to forge SSL certs to spy on folks. You can call me paranoid, but these are issues I have to deal with. SSL is a problem, and if you dont understand that you simply havent been paying attention.
Im having to worry about it on a current project and its a gigantic hassle. If they had been using blackberries we wouldnt have to deal with it.
BES doesnt use certificates, it uses per-device keys.
No, I cannot think of a good reason to be using end-user devices as my server monitoring system.
Great post, thanks.
I agree with most of your points, I just dont see why users cant have a personal phone and a business phone if they really want a media consumption device. I feel like the idea that one device needs to be great at everything (essentially an impossibility) is slowly ruining the business phone market.
Besides this is a one-time configuration issue and not enough to complain about.
....Unless you need to migrate one user to a different exchange server at a different DNS address.
Everyone here is right that there are ways of dealing with how finicky ActiveSync is, but it is more finicky than BES. It needs to know where the server is, what mailbox to use, what your mailbox password is, and it needs a valid cert. If ANY of that EVER chances, good by syncing.
BES needs none of that. Once its connected, its connected. Justify it all you want, BES is simply less finicky.
Assuming they havent gutted the keyboard-centric OS, there will still be reasons to use it-- just not security ones.
I use SSL, but I certainly dont trust if it the entitiy Im worried about is the government. SSL has gigantic flaws that are widely recognized; one is that the signing authorities tend to be incompetent, and one bad authority can completely wreck your day if someone wants to spy on you.
_I_ dont have problems remembering my web password, but apparently you dont do IT support in any capacity that has you dealing with users on a regular basis. Some of them-- particularly those who dont have to care because of their position-- have that problem.
Finally, we see the issue - you have a phone you don' t like, so it must be someone else's fault.
The security issues and the setup issues arent "my phone" problems, theyre inherent problems with active sync. Just because you declare "its not THAT much more finicky or insecure" doesnt get rid of the real issues: Per-device keys are simply better in a corporate environment than SSL which requires you to either remove trusted roots from each device or else trust every public root authority out there. Which, I believe, includes China.
Youll note that India doesnt seem to have issues with ActiveSync email spying; its only Blackberry theyre getting pissed off at, because you simply cannot intercept BES traffic.
Its also interesting that people loudly proclaim how great Android is, then when I point out how laughably bad the Motorola Admiral (touted as a business phone) is, they say "well, all OTHER androids are great". Wonderful, so is there some whitelist of the Android phones that DONT suck at business use?
Overcharging, potentially illegal actions? Pfft, who cares.
Whats that, you say its bad at displaying maths and science? Someone get the firing squad.
Seriously, what on earth do its shortcomings have to do with whether the government needs to take action?
Google maps on my blackberry worked just fine. Im really not sure what their issue was. Its honestly more infuriating on my Android because it doesnt have keyboard shortcuts for next/previous turn -- only touch screen controls-- which makes it kind of hard/dangerous to use while driving. And actually my old blackberry retained a lock better since they also used tower triangulation. My android tends to lose its lock sometimes, unless I stick it on my dashboard.
As for messaging, they mentioned social networking. Oh boo hoo, how will business proceeed without facebook? Blackberry absolutely crushes android in email messaging and anyone who says otherwise either has odd definitions of usability, or else has never used a blackberry.
Like any other news organization, NYTimes occasionally makes boneheadd statements. Blackberries are still the best device from an IT standpoint; whether the users like them or not SHOULD be irrelevant, because their job isnt to like their business phone, its to do business.
But they dont. Android and iPhone utterly crush the BB in "business email".
Absolute nonsense. Lets do a comparison. And btw, Im sure ill get called a shill for this, but I post it because Im absolutely furious that I traded my bold 9650 for a Motorola Admiral, which might be the worst business phone ever despite having 2.3.7 android and a full qwerty keyboard.
Setup
Blackberry, the IT staff does their magic (basically, just auths a user's email address and generates a code). The user enters their email address, and a one time code. Thats it. Blackberry email is activated. Never have to worry about password changes, or SSL certs. Never have to worry about whether DNS name or email server changes (a refresh of the BES services will fix that immediately).
ActiveSync: User needs all sorts of stupid info: mail server address, mailbox name (some phones), mail password (a problem for some users who honestly dont know it), whether to use SSL, what parts of the mailbox to sync, retention period, etc. Also, it uses SSL, so if the cert is selfsigned or expired, have fun getting the phone to work. Also, will stop syncing when users password changes. Also, will stop syncing if you ever need to migrate email servers or change DNS name.
Usage
Blackberry: Has qwerty shortcuts for basically everything, so basically anything can be done one-handed. Recognizes phone numbers AND extensions in basically any context for rapid dialing. Hardware buttons for answering phone.
Android: Wants you to use touch for EVERYTHING (even if qwerty keyboard is present), which means 2-handed use. Has basically no keyboard shortcuts (for compose, reply, etc). Has problems with some extensions depending on vendor (my admiral can only recognize extensions with ###-###-####; ### format, which absolutely noone uses). Software buttons for answering phone-- which means input lag can cause you to miss your call (has happened several times to me).
Security
Blackberry: Uses per-device AES encryption. Devices support full storage and memory encryption. Only way to compromise a device is to get into that device, or else compromise the BES itself.
Android: Uses ActiveSync, which means SSL. Simply getting a CA to sign you a bogus cert for mail.targetcompany.com and doing some DNS poisoning is sufficient to perform a MITM on any and all phones for that organization. Bonus points when you go and check out what entities are on the trusted root authority list on all of those androids you deployed.
There are areas that Blackberry fails, I understand that; but in its core competencies Android is a poor replacement for Blackberry. Its problem is that it has accepted the mantra "touch input good, physical bad", which is great from a consumer media content but terrible from a "lets be productive" standpoint.
Doesnt AMD have 12-core solutions? I thought like a year or two ago they had some 12-core procs (Magny-Cours?)
Level of caring is minimal. Im conservative, so I dont want the government doing a lot, but I would prefer those things that it DOES do (law enforcement) are actually effective.
If they can fund themselves catching people breaking the law, honestly more power to them.
Now you can claim that we should have all cops be undercover, wiretap everyone in the country, and put hidden video cameras everywhere, let every crime happen that's going to happen, and then throw all the criminals in jail.
Thats a strawman, and you know it. Undercover cops violate NO constitutional nor statutory protections that I am aware of, since they are in a public space as you are. Wiretaps, video, etc are all entirely different animals. It may suprise you to know that my worldview is not black and white, but Im certainly not going to handcuff the ability of the cops to actually catch people simply because I might happen to get caught breaking the law.
See, I dont MIND getting ticketed for going 5 over the limit if it meant that that behavior were actually curbed, because then we could actually do something about bad speed limits knowing that when it says "70mph", people will actually have to follow that. What we have now is utter chaos; you can be arbitrarily ticketed depending on flow of traffic and how pissed off a cop is, which is generally a terrible system for everyone-- and its all because the laws are fuzzy because noone actually follows them. My level of sympathy someone who gets ticketed for speeding? Pretty low.
Just because something is illegal doesn't mean it should be. I apologize in advance for the following Godwin, but were we supposed to applaud when the SS arrested people for being Jewish?
I have yet to hear any reason why speed limits are in need of non-violent protest. Is there some human right to speed that Im unaware of here? Or some other moral issue at stake?
Or is this just a case of "I dont like the particular limits society has set, so Im going to ignore them"?
The fact is that they are a lot lower if the cops are unmarked.
Perhaps cop helicopters should be marked with hot pink, so you can see them too in an emergency. Never mind how remote the odds of that happening are, right?
Thats ridiculous, and you know it is. The cop will likely see you before you see them, assuming one nearby hasnt already been radio'd from 911. If you are neglecting to dial 911 because you assume you can just flag a cop down, youre doing everyone in the emergency a huge injustice and theres a good chance you could get hit with negligence. We have a 911 system for a reason, and if its a true emergency the response time will be like 2-4 minutes.
I imagine by the 5th ticket that month they would get the message. At some point, they will either get the message or run out of money.
I really dont get the problem people have with this. The deterrent effect is supposed to come from the law and its threatened penalty. The cops job is to actually CATCH people violating the law, not to be a deterrent, and undercover cops are simply more effective at catching people.