I agree with nearly everything you said. Especially the Patton quote.
and the 300 Immortals who held off an entire Persian army. I offer a small correction and mostly in the spirit of honoring the dead. The Immortals were the Persian elite, not the Greek. The name of the group you are thinking of is the Spartans who, conservatively, achieved a nearly 20 to 1 kill ratio in that battle. The Immortals were actually sent in against the Spartans on the second day of the battle of Thermopylae and they comprised the majority of the force that walked the hidden mountain path around the pass which ultimately led to the defeat of the Spartans and the Greeks. Which makes your points about anchored flanks and trained defenders resisting the psychological trauma of flanking even more valid. Had the 300 Spartans + 700 Greeks not been outflanked by a traitor, they probably would have held off the 120,000+ strong Persian army.
In the end, the Spartans died to a man (even 1 who missed the battle because he was on orders to secure reinforcements hung himself in shame). However their 3 day delay and manpower and morale impact on the Persian army allowed the rest of the Greeks to assemble a large enough force to push Xerxes out of Greece, both in land and in water. See also the Greek phrase "Molon Labe".
I'll second the OTRS recommend (http://www.otrs.org).
I turned OTRS on where I work (250+ employees, 4 FT IT staff) and couldn't be happier with it. The reporting leaves a bit to be desired, as does the "prettyness" of the web-based UI, but the underlying workflow support is pretty solid. There is a lot of customization that can be done just from the web-UI-based configuration. As for the mail piping, we currently have it pulling from several Exchange mailboxes into specific queuees via POP3. The reporting limitations can be mitigated somewhat, we do it by installing a MySQL datasource on Windows and then piping the results of a SQL query into Excel.
The two major wins for us were the ability to poll an exchange mailbox for incoming tickets (any POP3 will work) and the ability to use an AD LDAP server for a customer database. It also implements a customer-facing interface, that, with the AD LDAP customer source, allows the users to either log in to our system to create tickets using their Windows u/p or send us email. In both cases, they get a tracking number that they and we can use to uniquely reference the issue.
It has been so well received that several other departments are actively figuring out how to wrap OTRS around their workflow and vice-versa.
Where I work, we use Mailscanner (http://www.mailscanner.info/) to filter our internet-facing email before it hits our MS Exchange server. As of yesterday, we started blocking the.DOC extenstion as well as the Microsoft Office filetype as determined by/bin/filetype. Anyone who gets a blocked attachment has the attachment replaced with a small text file that basically says 'Contact IT for your document'. We, IT, then retrieve the blocked documents on demand, open them in OpenOffice and either save them as an RTF and pass them on to the user or just print the document if the user only needs a hardcopy.
Obviously, this is a pretty work-intensive process and I'd really like to refine it. To that end, I'm wondering how other IT departments are responding to this threat.
Make sure you either A. Hold the Shift key down while inserting the drive into your host, clean computer or B. have autorun turned off on the USB drive. I know of several virus's (viruii?) that will write out an autorun.inf to the root of whatever drive they're on for the express purpose of infecting a clean host machine in this process.
Please take my comments as constructive, they are intended as such.
I think these things are not well- and widely-implemented for the same reasons that caused the dichotomy of MS releasing a DRM patch in 3 days but yet a security patch we must wait for while it goes through the "rigorous" testing process ends up corrupting my data.
Many humans do not seem to view security as an advantage; they view it as a (potentially unnecessary in their perspective) hindrance. In other words, there is no percieved profit in implementing security. If it costs you 10$/widget to secure each widget, and you can sell them without securing them, securing them actually cuts into the quarterly bottom line. You would only want to spend the money and time on security when you can't sell your widgets without it (regulation, bad PR, competition, etc). It is my perspective that this is why security, as a general rule, sucks.
Obviously, the rebuttal is that security is an investment, not overhead, and if you don't invest in the security of your widget you will eventually lose much more money than you made by skimping on the security.
I think you are right, it is long past time that we have effective, intuitive and 'just works' security in our F/OSS offerings. I think the reason we have not seen it yet is detailed in my third paragraph. I have no idea how to resolve these difficulties.
Perhaps you could ask your girlfriend what could have been done to make her to care about the issue before it hit her? Is a physical demonstration the only method of convincing?
It seems this is the biggest hurdle to educating citizens about things that manage their rights (not just DRM). They seem to have the idea that it won't happen to them (I buy all my media, I don't have anything to hide, it works for me, etc). If you are fortunate to intimately know someone intelligent who had this attitude and then was "slapped" in the face with it; it seems that it is of massive value to ask them how they could have been shown the (very real) danger and consequenes of their actions without actually experiencing those consequences.
Reading my post back, it seems this is a fundamental problem of humanity...
The ticketing and asset pieces aren't integrated and you might be able to get GLPI and OCS to work with a barcode scanner if the scanner will dump to a text field in the web page. I haven't had your specific needs but I thought I'd tout what worked for me, since I haven't seen them mentioned.
You sound confused, so I'd like to help you out on why we in the US are worried about this.
While you are correct that MS and Windows are under intense scrutiny from a number of security professionals who would love to see their name in lights as the person who discovered a major 'OMG Windoze is reporting to USGMT!' scandal; the issue here is that the Homeland Security is recommending a PATCH. This means that, currently, Windows does NOT have the fuctionality that resides in this patch, by virtue of it being an (unapplied) patch. It then follows that if this patch would cause Windows to report users' actions to the govt, Windows doesn't currently do this (Otherwise why patch?). As such, these masses of security professionals could not discover this ability because it doesn't exist yet.
In summary, you are probably correct in your belief. Today. However, by patching the system, it is a completely new system and must be re-analyzed from the ground up because we don't understand the patch. (enter closed source vs open source argument) As a result, you will only see this scandal AFTER the patch has been released/leaked.
The truth is the people, the voters, are in control.
Maybe you missed this and the following backslash, slashdot articles about voting fraud. We *might* be in control, but we don't know. If someone wanted to rig an election, the infrastructure is all there. It is now possible that stupid crap gets through because the method of removing stupid crap (voting) is neutered.
Without clicking through - openvoting claims to have found a simple (jumper setting on mobo) method to cause voting machines to boot from unverified and uncertified images.
Nobody in their right mind is going to rely on a software project that is somebody's hobby.
What is the criteria for any open source project leaving 'hobby' status? To put it another way, when did people of 'right mind' start using Linux, which started out as Linus' hobby?
I have this exact setup and it works very well with both the builtin EDGE connectivity and as a USB modem dialing up Speakeasy. This is all under WinXP, no experience with it under Linux. I also use it as a cheap MP3 player; I dump podcasts to it automatically before I wake up (its a removable storage device OR a usb modem, switchable in the phone UI) and listen to them on the way in to work.
May I direct your attention to the crusades? How is what they did in the name of christ different then what present-day muslims are doing in the name of allah?
If any country was a christian theocracy and ruled by the scripture in the same way that islamic theocracies are ruled by the sharia, christians would be slaying non-believers at rates comparable to the muslim protestors/freedom fighters/terrorists of today.
This is the inherent problem with anything based on religion or belief; it always lacks a logical base of right and wrong.
Re:Web 2.0 says no friggin way
on
Spam is Dead
·
· Score: 1
Mod Parent Up.
I host several personal blogs for friends of mine, and I've had to tell them to turn off the 'recent referrers' sidebar because of bots hitting it with commercial referral pages that have nothing to do with the content of the blogs. It isn't traditional googlebombing, as the link text is just the URL, but they are still annoying.
At least they haven't started to write their own comments with links back to their own sites. Yet.
Slashdot Mirror
Who is your mom-and-pop ISP?
There are a LOT of Speakeasy customers who want an alternative (myself included), so please don't skimp on the references.
In the end, the Spartans died to a man (even 1 who missed the battle because he was on orders to secure reinforcements hung himself in shame). However their 3 day delay and manpower and morale impact on the Persian army allowed the rest of the Greeks to assemble a large enough force to push Xerxes out of Greece, both in land and in water. See also the Greek phrase "Molon Labe".
http://en.wikipedia.org/wiki/Battle_of_Thermopyla
I'll second the OTRS recommend (http://www.otrs.org).
I turned OTRS on where I work (250+ employees, 4 FT IT staff) and couldn't be happier with it. The reporting leaves a bit to be desired, as does the "prettyness" of the web-based UI, but the underlying workflow support is pretty solid. There is a lot of customization that can be done just from the web-UI-based configuration. As for the mail piping, we currently have it pulling from several Exchange mailboxes into specific queuees via POP3. The reporting limitations can be mitigated somewhat, we do it by installing a MySQL datasource on Windows and then piping the results of a SQL query into Excel.
The two major wins for us were the ability to poll an exchange mailbox for incoming tickets (any POP3 will work) and the ability to use an AD LDAP server for a customer database. It also implements a customer-facing interface, that, with the AD LDAP customer source, allows the users to either log in to our system to create tickets using their Windows u/p or send us email. In both cases, they get a tracking number that they and we can use to uniquely reference the issue.
It has been so well received that several other departments are actively figuring out how to wrap OTRS around their workflow and vice-versa.
From my own experience, I highly recommend a mix of both vices and virtues when 'unwinding'.
I love cracking open a nice cold microbrew after a long run after a hard day at work.
Um, scan it for what? There is no signature for the exploit.
Where I work, we use Mailscanner (http://www.mailscanner.info/) to filter our internet-facing email before it hits our MS Exchange server. As of yesterday, we started blocking the .DOC extenstion as well as the Microsoft Office filetype as determined by /bin/filetype. Anyone who gets a blocked attachment has the attachment replaced with a small text file that basically says 'Contact IT for your document'. We, IT, then retrieve the blocked documents on demand, open them in OpenOffice and either save them as an RTF and pass them on to the user or just print the document if the user only needs a hardcopy.
Obviously, this is a pretty work-intensive process and I'd really like to refine it. To that end, I'm wondering how other IT departments are responding to this threat.
Thanks!
Make sure you either A. Hold the Shift key down while inserting the drive into your host, clean computer or B. have autorun turned off on the USB drive. I know of several virus's (viruii?) that will write out an autorun.inf to the root of whatever drive they're on for the express purpose of infecting a clean host machine in this process.
Autorun is the devil.
Please take my comments as constructive, they are intended as such.
I think these things are not well- and widely-implemented for the same reasons that caused the dichotomy of MS releasing a DRM patch in 3 days but yet a security patch we must wait for while it goes through the "rigorous" testing process ends up corrupting my data.
Many humans do not seem to view security as an advantage; they view it as a (potentially unnecessary in their perspective) hindrance. In other words, there is no percieved profit in implementing security. If it costs you 10$/widget to secure each widget, and you can sell them without securing them, securing them actually cuts into the quarterly bottom line. You would only want to spend the money and time on security when you can't sell your widgets without it (regulation, bad PR, competition, etc). It is my perspective that this is why security, as a general rule, sucks.
Obviously, the rebuttal is that security is an investment, not overhead, and if you don't invest in the security of your widget you will eventually lose much more money than you made by skimping on the security.
I think you are right, it is long past time that we have effective, intuitive and 'just works' security in our F/OSS offerings. I think the reason we have not seen it yet is detailed in my third paragraph. I have no idea how to resolve these difficulties.
Perhaps you could ask your girlfriend what could have been done to make her to care about the issue before it hit her? Is a physical demonstration the only method of convincing?
It seems this is the biggest hurdle to educating citizens about things that manage their rights (not just DRM). They seem to have the idea that it won't happen to them (I buy all my media, I don't have anything to hide, it works for me, etc). If you are fortunate to intimately know someone intelligent who had this attitude and then was "slapped" in the face with it; it seems that it is of massive value to ask them how they could have been shown the (very real) danger and consequenes of their actions without actually experiencing those consequences.
Reading my post back, it seems this is a fundamental problem of humanity...
... http://otrs.org/ for ticketing, http://ocsinventory.sourceforge.net/ for hardware tracking and http://glpi-project.org/?lang=en for software license tracking.
The ticketing and asset pieces aren't integrated and you might be able to get GLPI and OCS to work with a barcode scanner if the scanner will dump to a text field in the web page. I haven't had your specific needs but I thought I'd tout what worked for me, since I haven't seen them mentioned.
No, no, they're tracking the revived Jon Benet case.
You sound confused, so I'd like to help you out on why we in the US are worried about this.
While you are correct that MS and Windows are under intense scrutiny from a number of security professionals who would love to see their name in lights as the person who discovered a major 'OMG Windoze is reporting to USGMT!' scandal; the issue here is that the Homeland Security is recommending a PATCH. This means that, currently, Windows does NOT have the fuctionality that resides in this patch, by virtue of it being an (unapplied) patch. It then follows that if this patch would cause Windows to report users' actions to the govt, Windows doesn't currently do this (Otherwise why patch?). As such, these masses of security professionals could not discover this ability because it doesn't exist yet.
In summary, you are probably correct in your belief. Today. However, by patching the system, it is a completely new system and must be re-analyzed from the ground up because we don't understand the patch. (enter closed source vs open source argument) As a result, you will only see this scandal AFTER the patch has been released/leaked.
The truth is the people, the voters, are in control.
Maybe you missed this and the following backslash, slashdot articles about voting fraud. We *might* be in control, but we don't know. If someone wanted to rig an election, the infrastructure is all there. It is now possible that stupid crap gets through because the method of removing stupid crap (voting) is neutered.
Without clicking through - openvoting claims to have found a simple (jumper setting on mobo) method to cause voting machines to boot from unverified and uncertified images.
Nobody in their right mind is going to rely on a software project that is somebody's hobby.
What is the criteria for any open source project leaving 'hobby' status? To put it another way, when did people of 'right mind' start using Linux, which started out as Linus' hobby?
I am reminded of a really smart guy who once said, "An eye for an eye makes the whole world blind."
Gonads and strife, gonads and strife!!
I have this exact setup and it works very well with both the builtin EDGE connectivity and as a USB modem dialing up Speakeasy. This is all under WinXP, no experience with it under Linux. I also use it as a cheap MP3 player; I dump podcasts to it automatically before I wake up (its a removable storage device OR a usb modem, switchable in the phone UI) and listen to them on the way in to work.
May I direct your attention to the crusades? How is what they did in the name of christ different then what present-day muslims are doing in the name of allah?
If any country was a christian theocracy and ruled by the scripture in the same way that islamic theocracies are ruled by the sharia, christians would be slaying non-believers at rates comparable to the muslim protestors/freedom fighters/terrorists of today.
This is the inherent problem with anything based on religion or belief; it always lacks a logical base of right and wrong.
Mod Parent Up.
I host several personal blogs for friends of mine, and I've had to tell them to turn off the 'recent referrers' sidebar because of bots hitting it with commercial referral pages that have nothing to do with the content of the blogs. It isn't traditional googlebombing, as the link text is just the URL, but they are still annoying.
At least they haven't started to write their own comments with links back to their own sites. Yet.
FTFA...
"...Douglas Altshuler, a researcher at California Institute of Technology."
and
"People in the ID community have said that we don't even know how bees fly," Altshuler said.
So uh, yeah, the researchers (Altshuler) did do it to disprove parts of ID. Which is why it is included in the summary.
What are they?
Isn't Slashdot now guilty of DMCA violation for providing information on how to circumvent Sony's DRM of Sony's copyrighted, protected content?
It's called 'doublespeak', maybe you've heard of it?
Blizzard used BitTorrent for the World of Warcraft Open Beta downloader.