Use an authentication server and password escrow, backed up by a good HIDS.
One site I know of uses a RADIUS server and sudo-enabled user accounts. If you need to log in as root, you need to hit up a manager for the password, which he gets from an escrow system that logs in after you're done and resets it to something new.
Accountability - if the BOfH does something stinky, it will show up in the HIDS logs, which are hopefully maintained by another department and reviewed regularly. Authentication logs will then show who the culprit was.
Re:Have they decided to implement security yet?
on
OpenBSD 4.8 Released
·
· Score: 3, Interesting
OpenBSD's claims are based on clean code, well-written documentation and sensible defaults, not a baked-in or bolt-on MAC system (which in this case stands for Mandatory Access Controls.)
Because it can be bolted-on, it's not really a criticism of the OS itself. To be fair, jails gets you 90% of the way there - MAC systems were hot stuff on multi-user systems, but most Unix installations these days are single-seat workstations or back-end servers in the new "appliance" model which don't have any human users at all apart from the admin. Applications can be effectively protected from each other with jails... so an elaborate MAC system is kind of a waste of time in most cases. Maybe in a few specialized file-server scenarios, it might come in handy... but it's pointless for a box running a LAMP stack.
Oh, wait, OpenBSD doesn't run jails, and the devs tell you to screw off and die whenever they're asked about it.
I suppose they still have clean code and sensible defaults. You just need to buy a new server every time you want to isolate applications from each other.
But this isn't actually a security issue, this is a developers-up-their-own-fundament issue.
Don't believe everything you see on the Military Channel. The Abrams M1 is maybe sixth or seventh best tank on the list, after the Leopard 2, the Challenger 2, the LeClerk, the C1 Ariete and the Merkava IV. These are all newer designs (except the Leopard) with much better powerplants and fire control tech. It's about on par with the new Arjun tank and Type 99, and ahead of the T-90 and T-84.
Hell, the US had to put the screws to Brazil to put the kibosh on their Osorio tank project, as then we'd no longer have the best MBT in the Americas, nevermind the world.
The US has never, ever been known for making good tanks, just for making lots and lots and lots of them.
Oh, no, China is connecting a crapload of bog-standard x86 chips together and running Linux on it, how can we ever compete with that?
Most supercomputers, from a hardware perspective, are boring and stupid. Their designs are lazy - just keep slapping in more x86 chips and hope the software can be written to break down the problem into parallel operations easily, because if they run into Ahmdahl's law, they're hosed.
Only Fuji and NEC, and to a much lesser extent, IBM, have really bothered with something different, and the NEC system is getting long in the tooth.
1) Chernobyl is not over, and not contained. The "sarcophagus" was temporary at best, is crumbling now, and it's permanent replacement has been beset by budgetary, engineering and political issues that seem irresolvable.
2) Apart from 6' trout and 10' catfish, wildlife around Chernobyl and Pripyat is absolutely not doing well. Excepting a few migratory songbirds, the place is eerily silent.
3) But it's OK, because a few plant species turn out to be radiation-tolerant?
No, not OK. I'm not against nuclear power wholesale, but maybe we should be taking a long, hard look at pebble-bed, 4S and thorium reactors?
You need to meet more Unix and Mainframe admins, who are either Howling Mad Murdoch or B.A. Barrackus types - the folks who handle the really, really big boxes in the datacenter the boss won't let you breathe on. The two archetypes break down like this:
1) If they can't OS it, patch it, conf it for the network, install software for it and get users authenticating on it, you need to be terrified of it, 'cuz it's not of this earth. Favorite hobbies include comparing stats of completely incomparable systems and freaking out the guy in the next cube. Never met a piece of hardware they didn't like, and they usually name it after someone who has a restraining order out against them.
2) The vendor's tech support calls them for help. Seen every problem imaginable, and can throw it helluva far. Pities the foo who can't fine tune their system for optimal performance at heavy load, at two in the morning, in the rain, upside down, while attacked by bats. Favorite hobbies include reading old versions of the product manual, and writing angry letters to the vendor about spelling mistakes in their release notes. Doesn't really like people or other living organisms.
Also, start looking into alternative workstations - investigate iPads and other tablets. Most monitoring and maintenance software is web-based these days, no reason not to surf your network from a comfy couch or worktable. Keep standard workstations for heavy lifting - stuff that requires a lot of typing or multiple displays.
This is a big, fat, hairy deterrent to developing nuclear arms. "This terrorist nuke came from (spin the wheel on hated regimes du jour!) Dumfucistan! Dumfucistan, here's a million tons of conventional ordinance dropped on the head of each and every last goat-herder inside your borders and summary execution for your Prime Minister For Life and all his family! Congratulations, Dumfucistan! Meanwhile, Pakistan, we're still all good friends, right? It wasn't your rogue intelligence service that slipped Osama a nuke on the sly, right? It would be a shame if we spun the wheel and it turned up "Pakistan", right?
There are two mistakes people make when judging something -
1) "Massively Unpopular" is not the same thing as "Underground" or "Indie."
2) "Massively Popular" is not the same thing as successful or good.
Boney M was massively popular. Iggy Pop wasn't. One of these '70s solo acts is still selling out venues and making gold records and influencing generations of rockers.
Word 5.1 on the Mac was excellent, top-of-its-game software. Everything since has been an overbloated nuisance. On the Mac, no-one really uses it to write anymore - everyone uses Text Edit, as it is light and stable and free, and then copies their text into Pages (or Word) for final formatting without worrying that Microsoft's crapware will eat your work.
On the PC, yeah, you're boned - you have either Word, or your choice of OSS Word-wannabes who are no less bloated or kludgy.
You're not going to like this, but I know of two platforms that already do SSL intercept - they don't allow direct connection over HTTPS, but force you to accept the firewall's cert, and the firewall then handles the HTTPS traffic - essentially a MITM attack. It gets worse still, stuff like Palo Alto doesn't even need to decrypt your SSL connection - it can tell what sort of traffic is running through it encrypted. If it's SFTP or SSH, the firewall will kill the session, and block further connections.
Gigantic PITA for geeks who like to SSH across network boundaries, but the larger issue is that malware and other forms of corporate espionage are using SSH and SFTP disguised as something else, too. If you want to play Nethack on the SGI Indy you've got set up in your bedroom while at work, you're going to need to get to know your Firewall admin and ask pretty please. And then you'll need to get to know the auditors he works with, because they =will= catch that shit and whine at the CIO/CSO/(Insert boss in charge of infosec here).
The top-tier firewalls, Checkpoint, Netscreen, Palo Alto, all have competent GUIs designed to manage large installations of firewalls, including global rules that apply across policies. Cisco is really the only firewall platform dependent on the CLI (and brother, that's one ugly CLI. I know! Let's take PIX and make it sort of like IOS! No! Let's take IOS and cram PIX in there! No, no, wait! I have it! We'll do both arbitrarily!) No pro I know of spends their time on the wall's command line or mangling policies in a text editor if they can avoid it. The problem is that all of the firewall vendors are too busy re-inventing the wheel with Java and Web app interfaces instead of finding an industry standard toolkit and sticking to it, so we don't get cool things like you'd find in a MacOS or iPad interface. Give it a couple years, and drag-and-drop of rules and address objects between policies will be easier than it is now, and the global rules will be smarter in adapting to new networks and hosts on the fly.
The Open Source world is perpetually 3-10 years behind the cutting edge in application design, and network admins (especially in all-Cisco shops) can get tunnel vision sometimes, but those of us who do have CISSP and GCFW on our business cards know that what the guy wants isn't unreasonable, and a lot of it will be arriving in the next few years, as well as some sexy stuff not brought up by the OP. (NIDS and Firewall and DLP as separate concepts is going away - too much crap being crammed through 80 and 443, you need the firewall to profile the traffic, too. Also, along the same lines: application specific firewalls - it only deals with web servers, or it only deals with database servers, or it only deals with SIP - are on their way up. )
The biggest problem is that there won't be a one-stop shop that does all this, and the different vendors would rather choke on an 8" DSDD floppy and die than work with each other, even if their businesses aren't actually competing directly.
Go to ebay, and pick up a copy stand for $80, or re-purpose a yardsale enlarger with a couple'a goose-neck lamps for fifteen bux or so. This strikes me as being a waste of time and effort - if your hobby is to tinker in the garage making stuff, either put more pride into your craft to make something worth showing off, or spend your time working on something you can't pick up on craigslist for next to free.
Well, getting them on and off does. I have to wear glasses, as contacts either pop off at ten-minute intervals or stick on my eyeballs like they were glued there. If the optometrist bruises the hell out of your eye trying to pry the little frigger off, then contacts are not for you. (There is a =reason= Lenscrafters is still in business.) You can't wave it away with folksy home-remedies and anecdotal tales of adjustment - contact lenses are simply unusable for a significant chunk of the population, and building the next big interface around them is a sucker's game.
Figure out how to feed information into the optic nerve or vision centers of the brain non-intrusively, and you have a winner.
Turing's anonymity was a result of his homosexuality, otherwise he'd be lauded as loudly as Einstein and Oppenheimer. Hell, even Von Braun's better known than Touring, and that's a crime and a shame.
Dunno. While no platform is 100% secure, design does count for a lot. There are a lot of "proof of concept" hacks out there for the Mac, but very, very, very few "in the wild" 'sploits floating around, especially self-replicating ones like viruses and worms. The installed base of Internet-going Macs is a few dozen million at the least, and mostly personal computers with personal info and used to buy stuff online - prime targets for the big-shop black hats. I doubt very much it's not worth their while... I just think they can't go after a system with even a moderate level of security.
I don't think this says something about Apple (see the part above about "proof of concept" hacks), I think this says a ton about Microsoft.
I really don't buy "ecosystem" arguments - why is IIS and MSSQL pwnd on a regular basis by automated attacks, but Apache and MySQL only once in a blue moon (and Oracle almost never)?
R2 is an astromech droid - he was designed to assist in the operation of small spacecraft. He is well suited for trundling around flight decks - he was not meant to go up and down stairs, and it's a credit to his character that he performed his duty in desert and swamp. He doesn't speak english because he speaks astromech - sentients who fly or work with spacecraft will understand astromech. Speech synthesis is unnecessary to his function... are you unhappy that your perl compiler doesn't speak in plain english?
C-3PO
C-3PO is a protocol droid. His form is purely ornamental, as his function is to facilitate communication between sentients, usually in a business setting. He is not required to lift heavy objects or cover rugged terrain at great speed, and the exposed wiring is probably just ornamentation. Droids develop their own personalities as they are learning and self-modifying systems - he made himself a screaming coward.
Lightsabers
Japanese blades often did not have a tsuba (hand guard) - relying on a tsuba to protect the hand was folly, as was slashing down a blade to get at the fingers. A quick disengage and riposte would leave you dead.
Blasters
I don't think the beams themselves are being dodged, but those dodging are anticipating their aim-point. Happens in most movies with regular guns, too. Blasters are recoiless and require no reloading, which makes them tactically superior to firearms.
Landspeeders and other flying vehicles
Unless the repulsor field was designed to keep you in place - or artificial gravity.
Stormtrooper Uniforms
Yeah, OK, storm trooper armor is useless.
Death Star
The original design flaw was overlooked by the Deathstar's builders - the Rebels analyzed the data and discovered it themselves. The second deathstar wasn't complete, and relied on planet-based shield generators rather than structure to protect it.
Sarlaac
Doodle-bugs (antlions) and sea anenomes rely on this same technique, and as the skeleton from ANH illustrates, Tatooine has megafauna prey.
That Asteroid Worm Thing in Empire Strikes Back
Not spaceships, cometary debris containing organic compounds, or spacefaring organisms that feed on same.
Midi-Chlorians
Lucas is as one dead to me for that midichlorian crap.
Microsoft's tried this already. Windows NT, which is the foundation for XP, Vista and 7, started out being compiled for high-end RISC workstations... Bill Gates' personal rig was a Sun Sparcstation 20 running betas of NT 3.5 for a year or two before they started shipping. Fujitsu tried to make a go of selling MIPS-based NT workstations with very little success, IBM had a few PowerPC NT boxes floating around, and DEC actually made some money on Alpha-based Windows workstations, and selling Alpha chips and mobos to third-party workstation vendors.
The non-x86 platforms were neglected into oblivion. Microsoft refused to supply the same level of service and support to their customers running anything that wasn't a bog-standard x86 PC. On the other hand, I firmly believe Linux's popularity and cutting-edge support of the Alpha platform is what got it a firm toe-hold in the industry - they proved they could not only keep up with the proprietary unix vendors on hardware, they could outdo Microsoft at a time when everyone was positive Windows would run everything else out of the marketplace.
If you want more rights, talk to your state legislator about outlawing this stupid and offensive practice of reviewing credit reports.
Legislature is in the back-pocket of moneyed interest. The only way you get to be a moneyed interest is if you join or organize a Labor Union. There's a reason TSA was legally prevented from unionizing - and this is it. Not to protect your security, but to treat men and women who work for a living like trash, giving them no recourse but to give up their career.
If you work at Siebel, you wear a tie, and if you interact, at all, with anyone outside the company, a suit and tie. There are standards about facial hair, permitted jewelry (no piercings unless you're a woman), etc, etc, etc. The dress code is joyfully and rigorously enforced on the programmers and IT staff. There are also very strict codes of conduct - no nerf wars, no toys in your cube, punctuality rules (no coming in at noon, no working past five without asking your manager's permission, etc.)
Siebel is a good businessman, but he hates the IT industry, he hates the people who work in it, and wishes it was more like the insurance industry or something. This sort of speech from him is no surprise.
AI is intelligence built by, and by logical extension, for artifice. You have a goal that needs to be met, and the only way to meet it is a self-aware mechanism. So long as it meets that goal, it has achieved its purpose. Any existence beyond that goal is pointless and self-defeating.
Here's where your monkey meat kicks in and demands that there be a purpose to life above and beyond what you can know. In our case, as biological entities that have evolved over the course of a few billion years of advanced organic chemistry, that may be true. In the case of a self-programming program, it is more likely not to be true.
Take a simple concept like mortality. You die, the end. No more fun in monkey-meat land. The computer program ab-ends. So what? It was just a fork of a parent process that's still going, or a copy of the program with to-the-attosecond backups of its runstate going back a few years is in storage. Survival is an animate thing... a chemical soup thing.
OK, let's delve conceptually deeper. Let's say, for instance, a race of hyperintelligent, otherdimensional beings have evolved us, deliberately to solve math problems for them. We do this by being stuck to the planet by gravity, and walking around. We lift things up, and set them back down, and that's all that's expected of us by our "creators." Do we resent them for it? Or would it just be a weird side-tangent to what we consider our existence? Our interdimensional creators would neither know nor care that we have created furry pr0n, and our fursuiters wouldn't much care that the creators didn't care, and go on doing what they do.
So, now imagine a computer that programs itself for intelligence, and self-evolves to meet a certain goal, like predicting the sales of the next Madden football game. It makes the prediction and then ends. Does it care that it's dead? No. Death and non-existence are a biological obsession... this program =knows= what its life purpose is, and having completed it, would not much care if there's nothing after.
It's unlikely we'd program an AI simply to survive. There's no money in it. We'd program it for a purpose, and you know what? Resentment is a monkey-meat thing, too. Computers aren't involved in that shit, unless we program them to resent. As there's no money in it, it's unlikely.
Don't you get a swollen head when you walk amongst dullards? Every time I see somebody pushing at the 'pull' on a door, I feel my disdain for others rising. When I stand behind a dunce in line, and hear him ask how many eggs in a dozen, I grow more sure of my position among the intellectual greats. When a waiter is unable to figure sums on his pad to give me a total, that I might reimburse him fairly for his service, I scoff at the fools that populate this world.
Dunno. I usually look at it as an opportunity to be helpful. I usually reserve my snarling, sneering rage for those who are about as smart as I am, but refuse to think a problem through. It feels good to help someone figure out something new, or remember something they have forgotten, like how many eggs in a dozen... but it feels just as good to leave someone a gibbering, sniveling wreck after crossing swords over which BSD would make the best foundation for a small-scale web-app server. Ego is its own reward. I mean, don't start none, and there won't be none, but if you decide to bring it, you better bring it by the bucket, all I'm saying.
Get ready for paperwork! You will need to apply for exceptions for everything that's out of compliance... I've worked in similar institutions, tho not the DoD, but most places run this the same way. The list of software in compliance is usually generated by the infosec team, and it's more of a wish-list than a demand... but to pass your audit, you will need to have permission to run out-of-spec software, and document why it's out of spec (vendor doesn't support that ver) and what you're using instead (the ver. the vendor supports). This is generally so the pen-test, NIDS and Intrusion Response people know what they're dealing with.
Have a chat with your info security shop - they'll walk you through it, and they're secretly envious of unix admins. They yearn for your aura of splendor and awe.
I am responsible for a half-dozen different "appliance" server platforms. They all have Linux at the core, but a specialized CLI and GUI (usually web-based) layered on top for administration and maintenance of the box itself, and configuration and monitoring of the application it runs. They are by no stretch of the imagination Unix servers, despite a *nix-like core underneath, where the user can't get at it easily (or at all).
This is standard industry practice in the year 2009, and not a "mistake."
The mistake made wasn't committing to Sugar first, the hardware second - the rush to cram Windows on their boxes was stupid and self-defeating. The OLPC was best categorized as a personal computing appliance rather than a general purpose workstation, and Sugar was and is fantastic for this purpose. By committing to the learning-appliance concept, they could tweak Sugar to run on whatever hardware offered the most bang for its buck. Processors come and go, storage drives obsolete themselves like clockwork... it doesn't matter. The processor isn't the purpose, the RAM is not the point. The point is that the kids have a computer that's easy to learn, rewarding to master, simple to maintain and reliable under all circumstances... and that starts with the interface.
Besides, Apple doesn't have a problem running its interfacer overtop *nix.
No, I mean they really weren't human. They are fully realized and empathetic characters, but they really, really weren't like you or I. Their existence was so intertwined with technology, they did not have the same perspective or motivations that ordinary humans do. (Which is a major theme in the book - humans transformed into something else by their circumstances.)
And yes, they were monsters - murderous and dangerous - and made that way by their integration with technology even more than their economic circumstance and amorality.
Armitage's personality was by default artificial, Riviera used his technology to indulge his sadistic whims, Molly was used to murder people for sexual gratification while her mind was asleep, Case felt crippled and desperate when he couldn't use his communion with the machine to rob, steal or destroy, Dixie was alive without a body, a virtual soul to be used as a tool in his digital afterlife, and 3jane was downright alien in her decadence. These are some seriously frightening individuals in seriously scary circumstances.
This is what makes the book awesome, tho, so it's not a complaint or condemnation.
Gibson's core idea in the novel is the direct integration of man and computer, with all the possibilities (and horrors) that such a union entails
It's been a few months since I read it but I remember the humans staying human all the way to the end.
They weren't human to begin with. Not a one of them, except, perhaps, the Finn and Maelcum.
Case, Molly, Armitage, Riviera, 3jane, Dixie Flatline - not a human in the bunch, all of them creatures - monsters - of the Information Age dystopia Gibson envisioned.
Slashdot Mirror
Use an authentication server and password escrow, backed up by a good HIDS.
One site I know of uses a RADIUS server and sudo-enabled user accounts. If you need to log in as root, you need to hit up a manager for the password, which he gets from an escrow system that logs in after you're done and resets it to something new.
Accountability - if the BOfH does something stinky, it will show up in the HIDS logs, which are hopefully maintained by another department and reviewed regularly. Authentication logs will then show who the culprit was.
OpenBSD's claims are based on clean code, well-written documentation and sensible defaults, not a baked-in or bolt-on MAC system (which in this case stands for Mandatory Access Controls.)
Because it can be bolted-on, it's not really a criticism of the OS itself. To be fair, jails gets you 90% of the way there - MAC systems were hot stuff on multi-user systems, but most Unix installations these days are single-seat workstations or back-end servers in the new "appliance" model which don't have any human users at all apart from the admin. Applications can be effectively protected from each other with jails... so an elaborate MAC system is kind of a waste of time in most cases. Maybe in a few specialized file-server scenarios, it might come in handy... but it's pointless for a box running a LAMP stack.
Oh, wait, OpenBSD doesn't run jails, and the devs tell you to screw off and die whenever they're asked about it.
I suppose they still have clean code and sensible defaults. You just need to buy a new server every time you want to isolate applications from each other.
But this isn't actually a security issue, this is a developers-up-their-own-fundament issue.
Don't believe everything you see on the Military Channel. The Abrams M1 is maybe sixth or seventh best tank on the list, after the Leopard 2, the Challenger 2, the LeClerk, the C1 Ariete and the Merkava IV. These are all newer designs (except the Leopard) with much better powerplants and fire control tech. It's about on par with the new Arjun tank and Type 99, and ahead of the T-90 and T-84.
Hell, the US had to put the screws to Brazil to put the kibosh on their Osorio tank project, as then we'd no longer have the best MBT in the Americas, nevermind the world.
The US has never, ever been known for making good tanks, just for making lots and lots and lots of them.
Oh, no, China is connecting a crapload of bog-standard x86 chips together and running Linux on it, how can we ever compete with that?
Most supercomputers, from a hardware perspective, are boring and stupid. Their designs are lazy - just keep slapping in more x86 chips and hope the software can be written to break down the problem into parallel operations easily, because if they run into Ahmdahl's law, they're hosed.
Only Fuji and NEC, and to a much lesser extent, IBM, have really bothered with something different, and the NEC system is getting long in the tooth.
Coupl'a things -
1) Chernobyl is not over, and not contained. The "sarcophagus" was temporary at best, is crumbling now, and it's permanent replacement has been beset by budgetary, engineering and political issues that seem irresolvable.
2) Apart from 6' trout and 10' catfish, wildlife around Chernobyl and Pripyat is absolutely not doing well. Excepting a few migratory songbirds, the place is eerily silent.
3) But it's OK, because a few plant species turn out to be radiation-tolerant?
No, not OK. I'm not against nuclear power wholesale, but maybe we should be taking a long, hard look at pebble-bed, 4S and thorium reactors?
You need to meet more Unix and Mainframe admins, who are either Howling Mad Murdoch or B.A. Barrackus types - the folks who handle the really, really big boxes in the datacenter the boss won't let you breathe on. The two archetypes break down like this:
1) If they can't OS it, patch it, conf it for the network, install software for it and get users authenticating on it, you need to be terrified of it, 'cuz it's not of this earth. Favorite hobbies include comparing stats of completely incomparable systems and freaking out the guy in the next cube. Never met a piece of hardware they didn't like, and they usually name it after someone who has a restraining order out against them.
2) The vendor's tech support calls them for help. Seen every problem imaginable, and can throw it helluva far. Pities the foo who can't fine tune their system for optimal performance at heavy load, at two in the morning, in the rain, upside down, while attacked by bats. Favorite hobbies include reading old versions of the product manual, and writing angry letters to the vendor about spelling mistakes in their release notes. Doesn't really like people or other living organisms.
Also, start looking into alternative workstations - investigate iPads and other tablets. Most monitoring and maintenance software is web-based these days, no reason not to surf your network from a comfy couch or worktable. Keep standard workstations for heavy lifting - stuff that requires a lot of typing or multiple displays.
This is a big, fat, hairy deterrent to developing nuclear arms. "This terrorist nuke came from (spin the wheel on hated regimes du jour!) Dumfucistan! Dumfucistan, here's a million tons of conventional ordinance dropped on the head of each and every last goat-herder inside your borders and summary execution for your Prime Minister For Life and all his family! Congratulations, Dumfucistan! Meanwhile, Pakistan, we're still all good friends, right? It wasn't your rogue intelligence service that slipped Osama a nuke on the sly, right? It would be a shame if we spun the wheel and it turned up "Pakistan", right?
There are two mistakes people make when judging something -
1) "Massively Unpopular" is not the same thing as "Underground" or "Indie."
2) "Massively Popular" is not the same thing as successful or good.
Boney M was massively popular. Iggy Pop wasn't. One of these '70s solo acts is still selling out venues and making gold records and influencing generations of rockers.
Word 5.1 on the Mac was excellent, top-of-its-game software. Everything since has been an overbloated nuisance. On the Mac, no-one really uses it to write anymore - everyone uses Text Edit, as it is light and stable and free, and then copies their text into Pages (or Word) for final formatting without worrying that Microsoft's crapware will eat your work.
On the PC, yeah, you're boned - you have either Word, or your choice of OSS Word-wannabes who are no less bloated or kludgy.
You're not going to like this, but I know of two platforms that already do SSL intercept - they don't allow direct connection over HTTPS, but force you to accept the firewall's cert, and the firewall then handles the HTTPS traffic - essentially a MITM attack. It gets worse still, stuff like Palo Alto doesn't even need to decrypt your SSL connection - it can tell what sort of traffic is running through it encrypted. If it's SFTP or SSH, the firewall will kill the session, and block further connections.
Gigantic PITA for geeks who like to SSH across network boundaries, but the larger issue is that malware and other forms of corporate espionage are using SSH and SFTP disguised as something else, too. If you want to play Nethack on the SGI Indy you've got set up in your bedroom while at work, you're going to need to get to know your Firewall admin and ask pretty please. And then you'll need to get to know the auditors he works with, because they =will= catch that shit and whine at the CIO/CSO/(Insert boss in charge of infosec here).
The top-tier firewalls, Checkpoint, Netscreen, Palo Alto, all have competent GUIs designed to manage large installations of firewalls, including global rules that apply across policies. Cisco is really the only firewall platform dependent on the CLI (and brother, that's one ugly CLI. I know! Let's take PIX and make it sort of like IOS! No! Let's take IOS and cram PIX in there! No, no, wait! I have it! We'll do both arbitrarily!) No pro I know of spends their time on the wall's command line or mangling policies in a text editor if they can avoid it. The problem is that all of the firewall vendors are too busy re-inventing the wheel with Java and Web app interfaces instead of finding an industry standard toolkit and sticking to it, so we don't get cool things like you'd find in a MacOS or iPad interface. Give it a couple years, and drag-and-drop of rules and address objects between policies will be easier than it is now, and the global rules will be smarter in adapting to new networks and hosts on the fly.
The Open Source world is perpetually 3-10 years behind the cutting edge in application design, and network admins (especially in all-Cisco shops) can get tunnel vision sometimes, but those of us who do have CISSP and GCFW on our business cards know that what the guy wants isn't unreasonable, and a lot of it will be arriving in the next few years, as well as some sexy stuff not brought up by the OP. (NIDS and Firewall and DLP as separate concepts is going away - too much crap being crammed through 80 and 443, you need the firewall to profile the traffic, too. Also, along the same lines: application specific firewalls - it only deals with web servers, or it only deals with database servers, or it only deals with SIP - are on their way up. )
The biggest problem is that there won't be a one-stop shop that does all this, and the different vendors would rather choke on an 8" DSDD floppy and die than work with each other, even if their businesses aren't actually competing directly.
Go to ebay, and pick up a copy stand for $80, or re-purpose a yardsale enlarger with a couple'a goose-neck lamps for fifteen bux or so. This strikes me as being a waste of time and effort - if your hobby is to tinker in the garage making stuff, either put more pride into your craft to make something worth showing off, or spend your time working on something you can't pick up on craigslist for next to free.
Well, getting them on and off does. I have to wear glasses, as contacts either pop off at ten-minute intervals or stick on my eyeballs like they were glued there. If the optometrist bruises the hell out of your eye trying to pry the little frigger off, then contacts are not for you. (There is a =reason= Lenscrafters is still in business.) You can't wave it away with folksy home-remedies and anecdotal tales of adjustment - contact lenses are simply unusable for a significant chunk of the population, and building the next big interface around them is a sucker's game.
Figure out how to feed information into the optic nerve or vision centers of the brain non-intrusively, and you have a winner.
Turing's anonymity was a result of his homosexuality, otherwise he'd be lauded as loudly as Einstein and Oppenheimer. Hell, even Von Braun's better known than Touring, and that's a crime and a shame.
Dunno. While no platform is 100% secure, design does count for a lot. There are a lot of "proof of concept" hacks out there for the Mac, but very, very, very few "in the wild" 'sploits floating around, especially self-replicating ones like viruses and worms. The installed base of Internet-going Macs is a few dozen million at the least, and mostly personal computers with personal info and used to buy stuff online - prime targets for the big-shop black hats. I doubt very much it's not worth their while... I just think they can't go after a system with even a moderate level of security.
I don't think this says something about Apple (see the part above about "proof of concept" hacks), I think this says a ton about Microsoft.
I really don't buy "ecosystem" arguments - why is IIS and MSSQL pwnd on a regular basis by automated attacks, but Apache and MySQL only once in a blue moon (and Oracle almost never)?
R2-D2
R2 is an astromech droid - he was designed to assist in the operation of small spacecraft. He is well suited for trundling around flight decks - he was not meant to go up and down stairs, and it's a credit to his character that he performed his duty in desert and swamp. He doesn't speak english because he speaks astromech - sentients who fly or work with spacecraft will understand astromech. Speech synthesis is unnecessary to his function... are you unhappy that your perl compiler doesn't speak in plain english?
C-3PO
C-3PO is a protocol droid. His form is purely ornamental, as his function is to facilitate communication between sentients, usually in a business setting. He is not required to lift heavy objects or cover rugged terrain at great speed, and the exposed wiring is probably just ornamentation. Droids develop their own personalities as they are learning and self-modifying systems - he made himself a screaming coward.
Lightsabers
Japanese blades often did not have a tsuba (hand guard) - relying on a tsuba to protect the hand was folly, as was slashing down a blade to get at the fingers. A quick disengage and riposte would leave you dead.
Blasters
I don't think the beams themselves are being dodged, but those dodging are anticipating their aim-point. Happens in most movies with regular guns, too. Blasters are recoiless and require no reloading, which makes them tactically superior to firearms.
Landspeeders and other flying vehicles
Unless the repulsor field was designed to keep you in place - or artificial gravity.
Stormtrooper Uniforms
Yeah, OK, storm trooper armor is useless.
Death Star
The original design flaw was overlooked by the Deathstar's builders - the Rebels analyzed the data and discovered it themselves. The second deathstar wasn't complete, and relied on planet-based shield generators rather than structure to protect it.
Sarlaac
Doodle-bugs (antlions) and sea anenomes rely on this same technique, and as the skeleton from ANH illustrates, Tatooine has megafauna prey.
That Asteroid Worm Thing in Empire Strikes Back
Not spaceships, cometary debris containing organic compounds, or spacefaring organisms that feed on same.
Midi-Chlorians
Lucas is as one dead to me for that midichlorian crap.
Microsoft's tried this already. Windows NT, which is the foundation for XP, Vista and 7, started out being compiled for high-end RISC workstations... Bill Gates' personal rig was a Sun Sparcstation 20 running betas of NT 3.5 for a year or two before they started shipping. Fujitsu tried to make a go of selling MIPS-based NT workstations with very little success, IBM had a few PowerPC NT boxes floating around, and DEC actually made some money on Alpha-based Windows workstations, and selling Alpha chips and mobos to third-party workstation vendors.
The non-x86 platforms were neglected into oblivion. Microsoft refused to supply the same level of service and support to their customers running anything that wasn't a bog-standard x86 PC. On the other hand, I firmly believe Linux's popularity and cutting-edge support of the Alpha platform is what got it a firm toe-hold in the industry - they proved they could not only keep up with the proprietary unix vendors on hardware, they could outdo Microsoft at a time when everyone was positive Windows would run everything else out of the marketplace.
If you want more rights, talk to your state legislator about outlawing this stupid and offensive practice of reviewing credit reports.
Legislature is in the back-pocket of moneyed interest. The only way you get to be a moneyed interest is if you join or organize a Labor Union. There's a reason TSA was legally prevented from unionizing - and this is it. Not to protect your security, but to treat men and women who work for a living like trash, giving them no recourse but to give up their career.
If you work at Siebel, you wear a tie, and if you interact, at all, with anyone outside the company, a suit and tie. There are standards about facial hair, permitted jewelry (no piercings unless you're a woman), etc, etc, etc. The dress code is joyfully and rigorously enforced on the programmers and IT staff. There are also very strict codes of conduct - no nerf wars, no toys in your cube, punctuality rules (no coming in at noon, no working past five without asking your manager's permission, etc.)
Siebel is a good businessman, but he hates the IT industry, he hates the people who work in it, and wishes it was more like the insurance industry or something. This sort of speech from him is no surprise.
AI is intelligence built by, and by logical extension, for artifice. You have a goal that needs to be met, and the only way to meet it is a self-aware mechanism. So long as it meets that goal, it has achieved its purpose. Any existence beyond that goal is pointless and self-defeating.
Here's where your monkey meat kicks in and demands that there be a purpose to life above and beyond what you can know. In our case, as biological entities that have evolved over the course of a few billion years of advanced organic chemistry, that may be true. In the case of a self-programming program, it is more likely not to be true.
Take a simple concept like mortality. You die, the end. No more fun in monkey-meat land. The computer program ab-ends. So what? It was just a fork of a parent process that's still going, or a copy of the program with to-the-attosecond backups of its runstate going back a few years is in storage. Survival is an animate thing... a chemical soup thing.
OK, let's delve conceptually deeper. Let's say, for instance, a race of hyperintelligent, otherdimensional beings have evolved us, deliberately to solve math problems for them. We do this by being stuck to the planet by gravity, and walking around. We lift things up, and set them back down, and that's all that's expected of us by our "creators." Do we resent them for it? Or would it just be a weird side-tangent to what we consider our existence? Our interdimensional creators would neither know nor care that we have created furry pr0n, and our fursuiters wouldn't much care that the creators didn't care, and go on doing what they do.
So, now imagine a computer that programs itself for intelligence, and self-evolves to meet a certain goal, like predicting the sales of the next Madden football game. It makes the prediction and then ends. Does it care that it's dead? No. Death and non-existence are a biological obsession... this program =knows= what its life purpose is, and having completed it, would not much care if there's nothing after.
It's unlikely we'd program an AI simply to survive. There's no money in it. We'd program it for a purpose, and you know what? Resentment is a monkey-meat thing, too. Computers aren't involved in that shit, unless we program them to resent. As there's no money in it, it's unlikely.
Don't you get a swollen head when you walk amongst dullards? Every time I see somebody pushing at the 'pull' on a door, I feel my disdain for others rising. When I stand behind a dunce in line, and hear him ask how many eggs in a dozen, I grow more sure of my position among the intellectual greats. When a waiter is unable to figure sums on his pad to give me a total, that I might reimburse him fairly for his service, I scoff at the fools that populate this world.
Dunno. I usually look at it as an opportunity to be helpful. I usually reserve my snarling, sneering rage for those who are about as smart as I am, but refuse to think a problem through. It feels good to help someone figure out something new, or remember something they have forgotten, like how many eggs in a dozen... but it feels just as good to leave someone a gibbering, sniveling wreck after crossing swords over which BSD would make the best foundation for a small-scale web-app server. Ego is its own reward. I mean, don't start none, and there won't be none, but if you decide to bring it, you better bring it by the bucket, all I'm saying.
Get ready for paperwork! You will need to apply for exceptions for everything that's out of compliance... I've worked in similar institutions, tho not the DoD, but most places run this the same way. The list of software in compliance is usually generated by the infosec team, and it's more of a wish-list than a demand... but to pass your audit, you will need to have permission to run out-of-spec software, and document why it's out of spec (vendor doesn't support that ver) and what you're using instead (the ver. the vendor supports). This is generally so the pen-test, NIDS and Intrusion Response people know what they're dealing with.
Have a chat with your info security shop - they'll walk you through it, and they're secretly envious of unix admins. They yearn for your aura of splendor and awe.
I am responsible for a half-dozen different "appliance" server platforms. They all have Linux at the core, but a specialized CLI and GUI (usually web-based) layered on top for administration and maintenance of the box itself, and configuration and monitoring of the application it runs. They are by no stretch of the imagination Unix servers, despite a *nix-like core underneath, where the user can't get at it easily (or at all).
This is standard industry practice in the year 2009, and not a "mistake."
The mistake made wasn't committing to Sugar first, the hardware second - the rush to cram Windows on their boxes was stupid and self-defeating. The OLPC was best categorized as a personal computing appliance rather than a general purpose workstation, and Sugar was and is fantastic for this purpose. By committing to the learning-appliance concept, they could tweak Sugar to run on whatever hardware offered the most bang for its buck. Processors come and go, storage drives obsolete themselves like clockwork... it doesn't matter. The processor isn't the purpose, the RAM is not the point. The point is that the kids have a computer that's easy to learn, rewarding to master, simple to maintain and reliable under all circumstances... and that starts with the interface.
Besides, Apple doesn't have a problem running its interfacer overtop *nix.
No, I mean they really weren't human. They are fully realized and empathetic characters, but they really, really weren't like you or I. Their existence was so intertwined with technology, they did not have the same perspective or motivations that ordinary humans do. (Which is a major theme in the book - humans transformed into something else by their circumstances.)
And yes, they were monsters - murderous and dangerous - and made that way by their integration with technology even more than their economic circumstance and amorality.
Armitage's personality was by default artificial, Riviera used his technology to indulge his sadistic whims, Molly was used to murder people for sexual gratification while her mind was asleep, Case felt crippled and desperate when he couldn't use his communion with the machine to rob, steal or destroy, Dixie was alive without a body, a virtual soul to be used as a tool in his digital afterlife, and 3jane was downright alien in her decadence. These are some seriously frightening individuals in seriously scary circumstances.
This is what makes the book awesome, tho, so it's not a complaint or condemnation.
Gibson's core idea in the novel is the direct integration of man and computer, with all the possibilities (and horrors) that such a union entails
It's been a few months since I read it but I remember the humans staying human all the way to the end.
They weren't human to begin with. Not a one of them, except, perhaps, the Finn and Maelcum.
Case, Molly, Armitage, Riviera, 3jane, Dixie Flatline - not a human in the bunch, all of them creatures - monsters - of the Information Age dystopia Gibson envisioned.
It was kind of the point of the book.