Ahem...I hate to nitpick, but Diffie-Hellman does not belong in the same category as RSA and DSA. It is an algorithm for symmetric key exchange. Public key cryptosystems, by definition, use asymmetric keys...not to mention that they can be used to encrypt and/or sign data, which Diffie-Hellman does not do.
Also arguably, this was more useful to me than rote-learning the proof of the quadratic formula.
The "proof" of the quadratic formula is completing the square. It is a simple method that does not require rote-learning, and can be applied to many other problems. I guess this all depends on how you define "useful". If "useful" means improving your skills in BASIC coding at the expense of learning a simple mathematical technique (which is quite elegant, btw) in a fraction of the time, then yes, writing your pseudo-rootkit was useful. To many, math is a means to an end, but to others it is high art. It is unfortunate that you stand on the the side of the former.
I started reading this thread thinking, "Hey, wouldn't it be cool to get some practical insight into how to deploy a microwave link across hundreds of miles of open air, under the pressure of being in a war zone, no less". But what I have read instead are lame excuses for why they should use something else. Hell, I guess they could even use dial-up with AOL if they still have working telephone lines. I hate to be the insensitive, semi-autistic brat in the crowd, but can someone with experience setting up these kind of connections please get the spotlight?
No, GNU-slash-Linux is not a distinction...it is a moniker he asks people to use because he rightfully wants the GNU Project to get the recognition it deserves. When people colloquially refer to "Linux", they are referring to a complete operating system (i.e. GNU-slash-Linux). The entire concept of a free-as-in-speech operating system was pioneered by Stallman. The GPL was created by Stallman. Linux (the kernel) would not have been free if the GPL hadn't come first. People (except the Debian folks) drop the GNU/ because it doesn't roll off the tounge quite so well as just saying "Linux". And others, such as our friends at Canonical, drop the word "Linux" altogether. None of this changes the reality of what Stallman created.
Many (nay, most) native English speakers would be stumped by:
'Do you have a family history of hypertension or cardiac arrhythmia?'
That's why doctors say "high blood pressure" and "irregular heartbeat". And those who have trouble understanding terms like these will have trouble with more than just ordering sandwiches. You can't, for instance, just point to a driver's license application and say, "I want this".
Let's be practical here...move 170 multilingual people to another country and you can make the exact same claim. This really seems like overkill for any practical purpose.
Most laws of this nature are indeed left intentionally vague...as they should be. This is so as to not put an onerous burden on companies trying to implement good security practices, not to favor one specific security vendor over another, and to maintain the flexibility needed for vendors to adapt to changes in technology.
Protecting against SQL injection attacks is much easier than making sure that all storage devices and network connections are encrypted. To use the Hitchhikers' Guide to the Galaxy analogy, encryption is like a towel. If your data is encrypted then people (sometimes rightfully) assume you've already got everything else you need to protect your customer's data from the crackers of the universe. These guys, however, clearly had none of the above.
If Google and their like can't implement IPv6 transparently without issues, and are forced to create "experimental" websites, then what hope does the typical admin have?
Forget about Google; What hope do admins have when Cisco and Juniper can't implement IPv6 transparently? I'm not sure if it was specifically their hardware that the military had problems with, but they're mentioned in the article so that would be the implication.
As long as they're applying this across the board and not playing favorites (at least not without a damn good in-writing reason), I'm okay with this.
Not quite. The rule only applies to network hardware vendors who sell to the military, of which there are a very small number. Also, they're not doing this in the interest of public welfare. They are doing it because they're being sold hardware that hasn't been adequately tested and thus tends to break down on them. This is a very sad excuse for quality assurance, and begs the question of whether the military should switch vendors regardless of whether these companies roll out IPv6 on their private networks or not.
I find it ironic that you would use, as your example, a game series (GTA) that is well known for containing sexual content, albeit not explicit nudity. Check out the Leisure Suit Larry series for examples of much more overt sexual content being allowed. When evaluating a game like this, you need to consider the context and quantity of sexual content used in the game. References to prostitution and sex acts are often allowed. Even partial nudity is sometimes permissible. However, there is a big difference between something that contains sexual content and something that is nothing but porn.
Here's a good litmus test for the "family friendly" moniker: Just ask yourself if its a game you could play while your parents/kids/relatives are sitting in the same room. If the game is a first-person shooter, the answer is probably "yes". If it's a game that involves fondling a virtual stripper with one hand while masturbating with the other, then the answer is probably "no". See the difference?
Actually, in Leisure Suit Larry MCL for the original X-box, you could unlock fully nude models (both photographed and CG-modelled) of the female characters in the game. It was very Playboy-esque though; There was no penetration or close-up shots of lady parts. Also, you wouldn't buy the game just for the nudes. You had to play for a very long time before you got to see any of that stuff.
According to Wikipedia, the game was released in 2004 with an M/AO rating. By contrast, the latest edition (I haven't played this one) for the X-box 360 was released in 2009 with a M/17+ rating, so I'm guessing that the unlockable nudes are out. It's hard to say whether or not this indicates a policy-reversal by Microsoft (or others), but I suspect that the reason this game was permitted on the console to begin with is because it was more about tounge-in-cheek bathroom humor than pure sexual arousal. Likewise, I'm sure that a game depicting graphic torture for a purely sadistic appeal would be banned as well. The decision to restrict a game like this clearly has a lot more to do with context, quality and intended audience than the subject matter taken by itself.
Wow. I never thought of Google as a knife-weilding maniac before. But analogies don't lie so I've made up my mind...I'm switching to Hosted Exchange!!!
That is, unless you think that GoDaddy guy looks like Hannibal Lecter. No...wait...he doesn't wear glasses. OMG, its Benjamin Linus from Lost!!! No, wait...it's Agent Smith!
Shit, they cut the hard line! Get out...It's a trap!!!!
Well, what can I say?...Sometimes I forget that/. has a global audience. I guess I need a new acronym for this:
IANAAL (I Am Not An Austrian Lawyer)
By the way, IIRC, I read somewhere that information security policies in Palestine require a gunman armed with an AK-47 to stand outside the entrance to your data center. I'm sure they have their legitimate reasons too.:-}
I got pretty tired of arguing about this Ask Slashdot question in a complete vacuum so I checked out DiniZuli's profile to try to glean some extra info. It didn't take long to fing his original submission from almost 2 weeks ago on the same subject. Read it. It provides a lot more information, and (drumroll please) confirms that at least two of the concerns from my previous comment were legitimate.
<rant>Before I go any further, I have to mention that this guy deserves the douche of the month award. He posted the same story to/. twice, got accepted and never bothered to respond to the numerous requests for extra info that were posted on here by people genuinely trying to help him. And I'm guessing he's just been sitting on his hands on this project since his first submission, and will continue to do so until...who knows when?</rant>
That being said...let's settle this. I'm not posting on this thread again...this is my last attempt to persuade you on this. Take it or leave it. Here goes:
Login to a random box and show that account expiration and lockout have been set below the 90 day limit, and show that no users have passwords older than that. It takes more time to write it up here than it does to do it. That's as much as an auditor would want.
Though I have never worked for a company that was audited, I did have the chance to speak with someone at a security firm who was hired go in and fix the network of a company who had suffered a security breach and thus had to go through a mandatory audit. The amount of money they had to spend to bring their systems up to par (nevermind the fines) was at least 50 times the cost of a couple servers. Granted, it was a largish company, but it proves my point that auditors expect more than you just saying, "Hey, check out this one workstation that has password expiration enabled!"
Furthermore, according to DiniZuli's original submission, they rotate their staff at least every year, could possibly expand to 30 employees, and have frequent visitors that need to access their network. I suppose you could jury-rig some system to handle this as opposed to using an off-the-shelf solution that would want you to use a central directory service, but dude...let's get real. I'm mostly familiar with AD, but I understand that Red Hat has a good offering and, IIRC, somebody told me that Solaris does too. What is so wrong with this?
10% of their network dedicated to authentication?
OMFG...How do you not seem to grasp that a network consists of more than workstations and directory servers? At the very least you need cabling to hook them up! (not installed according to original submission) Then you need switches (admittedly they already have one), routers, firewalls, wireless access points, (and in this particular case) web servers, a VoIP PBX server and a high-end file/media server...and I'm sure there's more.
there are a million questions that need to be asked
...and yet you've mocked me for asking just a few of them.
but you've assumed the answer that suits you, and used it to justify your position, with no evidence at all.
It's hard to find evidence/statistics to the effect of, "X out of 10 IT Pro's prefer using central directory services for network authentication instead of [whatever insane method you are proposing]", because that's not a question that ever gets asked!
This conversation is just too unreal and I'm beginning to think you are just fucking with me. Have the last word if you like. I'm done here.
I suspect you missed this comment in which I elaborated greatly on my argument and asked you twice to provide examples to back up your claims, which you have not supplied.
I've been advocating use of Google Apps in the enterprise to various people for nearly three years, for no other reason than that I like the service and hate Outlook. Frankly, I'm getting pretty tired of dealing with the same closed-minded prejudices over and over again, so this will be my last post on the subject. Feel free to have the last word if you must and consider yourself the victor in this debate. Peace.
Perfect answer...covers the basics and lets the guy who asked the question work out the details (i.e. do his job). I've read a lot of crazy stuff on this thread and your concise comment is the refreshing oasis of sanity amongst it all.
OK, lemme get this straight...you want to take an accounting (i.e. not IT) standard that was written by accountants, for accountants, that pre-dates the web, is not actually codified into law, and invoke it as a reason for why gmail is inadequate for corporate correspondence? Let me know if I missed something here.
Slashdot Mirror
Ahem...I hate to nitpick, but Diffie-Hellman does not belong in the same category as RSA and DSA. It is an algorithm for symmetric key exchange. Public key cryptosystems, by definition, use asymmetric keys...not to mention that they can be used to encrypt and/or sign data, which Diffie-Hellman does not do.
Also arguably, this was more useful to me than rote-learning the proof of the quadratic formula.
The "proof" of the quadratic formula is completing the square. It is a simple method that does not require rote-learning, and can be applied to many other problems. I guess this all depends on how you define "useful". If "useful" means improving your skills in BASIC coding at the expense of learning a simple mathematical technique (which is quite elegant, btw) in a fraction of the time, then yes, writing your pseudo-rootkit was useful. To many, math is a means to an end, but to others it is high art. It is unfortunate that you stand on the the side of the former.
I started reading this thread thinking, "Hey, wouldn't it be cool to get some practical insight into how to deploy a microwave link across hundreds of miles of open air, under the pressure of being in a war zone, no less". But what I have read instead are lame excuses for why they should use something else. Hell, I guess they could even use dial-up with AOL if they still have working telephone lines. I hate to be the insensitive, semi-autistic brat in the crowd, but can someone with experience setting up these kind of connections please get the spotlight?
No, GNU-slash-Linux is not a distinction...it is a moniker he asks people to use because he rightfully wants the GNU Project to get the recognition it deserves. When people colloquially refer to "Linux", they are referring to a complete operating system (i.e. GNU-slash-Linux). The entire concept of a free-as-in-speech operating system was pioneered by Stallman. The GPL was created by Stallman. Linux (the kernel) would not have been free if the GPL hadn't come first. People (except the Debian folks) drop the GNU/ because it doesn't roll off the tounge quite so well as just saying "Linux". And others, such as our friends at Canonical, drop the word "Linux" altogether. None of this changes the reality of what Stallman created.
Many (nay, most) native English speakers would be stumped by:
'Do you have a family history of hypertension or cardiac arrhythmia?'
That's why doctors say "high blood pressure" and "irregular heartbeat". And those who have trouble understanding terms like these will have trouble with more than just ordering sandwiches. You can't, for instance, just point to a driver's license application and say, "I want this".
English & Spanish != 170 languages
Let's be practical here...move 170 multilingual people to another country and you can make the exact same claim. This really seems like overkill for any practical purpose.
I often call to complain that my neighbor's DSL isn't set up correctly...oh, wait.
Most laws of this nature are indeed left intentionally vague...as they should be. This is so as to not put an onerous burden on companies trying to implement good security practices, not to favor one specific security vendor over another, and to maintain the flexibility needed for vendors to adapt to changes in technology.
Protecting against SQL injection attacks is much easier than making sure that all storage devices and network connections are encrypted. To use the Hitchhikers' Guide to the Galaxy analogy, encryption is like a towel. If your data is encrypted then people (sometimes rightfully) assume you've already got everything else you need to protect your customer's data from the crackers of the universe. These guys, however, clearly had none of the above.
If Google and their like can't implement IPv6 transparently without issues, and are forced to create "experimental" websites, then what hope does the typical admin have?
Forget about Google; What hope do admins have when Cisco and Juniper can't implement IPv6 transparently? I'm not sure if it was specifically their hardware that the military had problems with, but they're mentioned in the article so that would be the implication.
Perfect! Just hold on a sec while I forward your post to the Joint Chiefs....there! Done and done.
As long as they're applying this across the board and not playing favorites (at least not without a damn good in-writing reason), I'm okay with this.
Not quite. The rule only applies to network hardware vendors who sell to the military, of which there are a very small number. Also, they're not doing this in the interest of public welfare. They are doing it because they're being sold hardware that hasn't been adequately tested and thus tends to break down on them. This is a very sad excuse for quality assurance, and begs the question of whether the military should switch vendors regardless of whether these companies roll out IPv6 on their private networks or not.
I find it ironic that you would use, as your example, a game series (GTA) that is well known for containing sexual content, albeit not explicit nudity. Check out the Leisure Suit Larry series for examples of much more overt sexual content being allowed. When evaluating a game like this, you need to consider the context and quantity of sexual content used in the game. References to prostitution and sex acts are often allowed. Even partial nudity is sometimes permissible. However, there is a big difference between something that contains sexual content and something that is nothing but porn.
Here's a good litmus test for the "family friendly" moniker: Just ask yourself if its a game you could play while your parents/kids/relatives are sitting in the same room. If the game is a first-person shooter, the answer is probably "yes". If it's a game that involves fondling a virtual stripper with one hand while masturbating with the other, then the answer is probably "no". See the difference?
Want to show a pair of breasts? Not cool.
Actually, in Leisure Suit Larry MCL for the original X-box, you could unlock fully nude models (both photographed and CG-modelled) of the female characters in the game. It was very Playboy-esque though; There was no penetration or close-up shots of lady parts. Also, you wouldn't buy the game just for the nudes. You had to play for a very long time before you got to see any of that stuff.
According to Wikipedia, the game was released in 2004 with an M/AO rating. By contrast, the latest edition (I haven't played this one) for the X-box 360 was released in 2009 with a M/17+ rating, so I'm guessing that the unlockable nudes are out. It's hard to say whether or not this indicates a policy-reversal by Microsoft (or others), but I suspect that the reason this game was permitted on the console to begin with is because it was more about tounge-in-cheek bathroom humor than pure sexual arousal. Likewise, I'm sure that a game depicting graphic torture for a purely sadistic appeal would be banned as well. The decision to restrict a game like this clearly has a lot more to do with context, quality and intended audience than the subject matter taken by itself.
Showing someone getting their head blown off at point-blank range with a shotgun? That's alright, just make sure it's realistic.
Obligatory link :-)
[...] and generally waste everybody's time and money. I should know, that's what I do for a living...
Right, right, but what *software* do you use for this? And how may we contact you to inquire about obtaining a cost estimate for your services?
Are you fucking kidding?
Yes, I think it's quite clear that he is. Good day and a fine "woosh" to you, sir!
Wow. I never thought of Google as a knife-weilding maniac before. But analogies don't lie so I've made up my mind...I'm switching to Hosted Exchange!!!
That is, unless you think that GoDaddy guy looks like Hannibal Lecter. No...wait...he doesn't wear glasses. OMG, its Benjamin Linus from Lost!!! No, wait...it's Agent Smith!
Shit, they cut the hard line! Get out...It's a trap!!!!
Well, what can I say?...Sometimes I forget that /. has a global audience. I guess I need a new acronym for this:
IANAAL (I Am Not An Austrian Lawyer)
By the way, IIRC, I read somewhere that information security policies in Palestine require a gunman armed with an AK-47 to stand outside the entrance to your data center. I'm sure they have their legitimate reasons too. :-}
I got pretty tired of arguing about this Ask Slashdot question in a complete vacuum so I checked out DiniZuli's profile to try to glean some extra info. It didn't take long to fing his original submission from almost 2 weeks ago on the same subject. Read it. It provides a lot more information, and (drumroll please) confirms that at least two of the concerns from my previous comment were legitimate.
<rant>Before I go any further, I have to mention that this guy deserves the douche of the month award. He posted the same story to /. twice, got accepted and never bothered to respond to the numerous requests for extra info that were posted on here by people genuinely trying to help him. And I'm guessing he's just been sitting on his hands on this project since his first submission, and will continue to do so until...who knows when?</rant>
That being said...let's settle this. I'm not posting on this thread again...this is my last attempt to persuade you on this. Take it or leave it. Here goes:
Login to a random box and show that account expiration and lockout have been set below the 90 day limit, and show that no users have passwords older than that. It takes more time to write it up here than it does to do it. That's as much as an auditor would want.
Though I have never worked for a company that was audited, I did have the chance to speak with someone at a security firm who was hired go in and fix the network of a company who had suffered a security breach and thus had to go through a mandatory audit. The amount of money they had to spend to bring their systems up to par (nevermind the fines) was at least 50 times the cost of a couple servers. Granted, it was a largish company, but it proves my point that auditors expect more than you just saying, "Hey, check out this one workstation that has password expiration enabled!"
Furthermore, according to DiniZuli's original submission, they rotate their staff at least every year, could possibly expand to 30 employees, and have frequent visitors that need to access their network. I suppose you could jury-rig some system to handle this as opposed to using an off-the-shelf solution that would want you to use a central directory service, but dude...let's get real. I'm mostly familiar with AD, but I understand that Red Hat has a good offering and, IIRC, somebody told me that Solaris does too. What is so wrong with this?
10% of their network dedicated to authentication?
OMFG...How do you not seem to grasp that a network consists of more than workstations and directory servers? At the very least you need cabling to hook them up! (not installed according to original submission) Then you need switches (admittedly they already have one), routers, firewalls, wireless access points, (and in this particular case) web servers, a VoIP PBX server and a high-end file/media server...and I'm sure there's more.
there are a million questions that need to be asked
...and yet you've mocked me for asking just a few of them.
but you've assumed the answer that suits you, and used it to justify your position, with no evidence at all.
It's hard to find evidence/statistics to the effect of, "X out of 10 IT Pro's prefer using central directory services for network authentication instead of [whatever insane method you are proposing]", because that's not a question that ever gets asked!
This conversation is just too unreal and I'm beginning to think you are just fucking with me. Have the last word if you like. I'm done here.
I have seen your previous posts.
I suspect you missed this comment in which I elaborated greatly on my argument and asked you twice to provide examples to back up your claims, which you have not supplied.
I've been advocating use of Google Apps in the enterprise to various people for nearly three years, for no other reason than that I like the service and hate Outlook. Frankly, I'm getting pretty tired of dealing with the same closed-minded prejudices over and over again, so this will be my last post on the subject. Feel free to have the last word if you must and consider yourself the victor in this debate. Peace.
Perfect answer...covers the basics and lets the guy who asked the question work out the details (i.e. do his job). I've read a lot of crazy stuff on this thread and your concise comment is the refreshing oasis of sanity amongst it all.
Gee, I wonder how long your company's firewall would hold up if the nation of motherfucking China decided they wanted to take it down?
P.S. I know that's not actually how the attack went but I think you get the point
OK, lemme get this straight...you want to take an accounting (i.e. not IT) standard that was written by accountants, for accountants, that pre-dates the web, is not actually codified into law, and invoke it as a reason for why gmail is inadequate for corporate correspondence? Let me know if I missed something here.