Should we double-guess what Microsoft tells us in their tech notes, and manually check every single patch? Every patch Tuesday, we get about 8 patches on average, how can any end user co. be expected to test out all these on their production networks?
By planning for it.
How exactly can sysadmins go about checking all these patches themselves?
By testing them.
Does it add to their 'experience' or job value?
Knowing what is on their systems is part of their job. As is maintaining those systems.
I don't think so, and the sysads can't be bothered to verify what Microsoft ought to know.
Yes, there are admins like that out there.
End result - we have a WSUS server which handles all the updates, and that server is set to automatic, sothe sysads get back to their task of configuring new PCs, setting up changed environments based on changing project needs etc.
So you automatically accept and deploy the patches Microsoft sends out... knowing that Microsoft itself tells you that they do NOT test those patches against other company's software.
A separate vetting process and a delay of a week is insane IMO - with zero day attacks and little info. to work on - sysadmins are better off doing Automatic Updates.
My opinion is the opposite. But then, my opinion is based upon my experience with vendors releasing patches that broke systems.
I'm not seeing ANYTHING there aside from melodramatic hyperbole.
"It would be an extremely difficult and laborious process for an organization trying to patch Java Runtime across the enterprise," he said.
WARNING! WARNING! WARNING! WARNING! WARNING!
Wouldn't you just roll it out the same as with any other patch?
Without any more information and judging from comments such as that, I'm going to say that this "threat" will soon be found to be nothing. Just more Internet hype from someone trying to make a name for himself.
Since we know that Disney (and others) will lobby against anything other than their eternal copyrights, we need to plan for that.
If you have have property that you want protected, then you should PAY for that protection after the standard protection period has expired.
99%+ of book titles won't be sold 15 years after their release. So there's no financial incentive for their authors to protect them. But with Disney and others, their "property" is worth millions of dollars. So charge them 5% of the estimated value. Every year.
If you are an author and you want to keep protecting your book, are you willing to pay 5% a year of the sales from the last year? Or should it be 1%?
You get the people for that project. You work to form them into a team that can handle that project.
You adjust the specs as the project evolves until it either dies or hits the target.
Yeah, it's a bit more complicated than that. But that's the basics. Any company that has people juggling multiple projects is going to have problems. The same with any company that forms teams without projects.
And getting together with your co-workers after work just so you can bond? Fuck that. If it happens, it happens. But do NOT try to institutionalize it. All you'll do is end up with a bunch of people waiting for the first person to leave so they can all go home to their families.
Okay, so the FBI collects a WHOLE BUNCH OF INFORMATION about criminals.
If they're able to form a behaviour pattern from that and provide it to the state law enforcement agencies the I say that it would be okay.
As long as the FBI removed any individual identifying info (names, aliases, addresses, etc). Even in their database.
"Each of these initiatives is extremely valuable for investigators, allowing them to analyze and process lawfully acquired information more effectively in order to detect potential criminal activity and focus resources appropriately," Boyd said in a statement.
Fuck you, Boyd. What is "lawfully acquired" varies with the laws passed. When a private person does it, we often refer to that as "stalking" and it is illegal.
Anyway, a race of intelligent squids would probably NEVER be found by us (barring FTL drives). Their environment just would not be able to support the technology needed to communicate with us over inter-stellar distances. They could not send to us, they could not receive from us.
And there aren't many options for them developing a space program of their own.
Given that OUR planet is at least a 2nd generation world (coalesced from a previous sun's death), how many races have gone extinct already?
Just because we can't receive radio signals from them doesn't mean that they aren't out there or were not out there.
If the BSA investigates you, you will have to cough up a LOT of "proof" that your licenses are legal. Even if they all are (and Microsoft makes it very easy to be out of compliance).
Just having the original software isn't enough. That can be faked.
Having the original software AND a receipt is not enough. You could have bought pirated disks and not known it.
You MUST have the receipt from an APPROVED Microsoft reseller. Now, how do YOU know which resellers are approved?
What happens if you don't have the receipts? What if there was a fire or something that destroyed them?
How many people do you have to employ to check that each machine has the software that was purchased for it, and the receipt AND that the license associated with it applies in that case?
Fuck it. Just spend the money and Microsoft will handle the problems for you. The problems that MICROSOFT created by MICROSOFT's demands regarding "proof" of legitimacy.
Meanwhile, Microsoft provides NO OTHER OPTIONS for registering your software with them. NONE. Go ahead. Try to register a copy of Windows with them. You have to "activate" it and run "Windows Genuine Advantage" and so forth... but try to get them to give you the info AFTER your lost the original info.
It's not so much that anyone should believe this "report".
They're in the business of whoring themselves out to whomever has the biggest wallet.
That they're turning on Microsoft says more than their reports ever will. If they don't sell "reports", they don't get paid. So are more people looking to buy "reports" that do NOT favour Microsoft now? Has the market changed that much?
SOMEONE is a little sensitive.
on
Firefox Quickies
·
· Score: 1, Troll
Hey, don't get mad at ME if this "Firefox exploit" depends upon IE being insecure.
An application is only as secure as the system it runs on.
I'll stick to Ubuntu where I have a choice.
If that offends you, too bad. Get a life and stop trying to make a religious war out of an OS.
So do I. For ones I absolutely have to trust.
on
Firefox Quickies
·
· Score: 2
Normally, I'm surfing with Firefox and NoScript and AdBlock and....
It keeps me safe.
If a site doesn't work with that, then fuck them. I only need IE for some work related sites that have stupid ActiveX controls.
Doesn't it require IE first?
on
Firefox Quickies
·
· Score: 1, Informative
From TFA:
The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web.
Sorry, can't try it right now as I'm on Ubuntu (Feisty Fawn). But I'll look into it tomorrow when I get to work.
Hey! That's just good mathematical practice. Once you're reduced a problem to a previously solved equation, you quit.:)
No, I'm just kidding.
There's an old quote about being sorry for writing such a long letter, but not having the time to shorten it. And it works the other way, too. Having too little content because it's easier to link to something else than write it up yourself.
So we end up with what should be authoritative site referencing other comments. When (and this is particularly true of a commercial product) the person maintaining the authoritative site should be writing up the material (and correcting the errors) that are referred to in the other sites.
You KB example. It's the "Knowledge Base" for that. If you aren't going to spend the time and keep it updated, at least release all the material under a license that allows someone else to maintain it. After all, isn't it about getting the correct information out?
Get people from each group, give them the requirements and 5 different dollar amounts.
Let each team setup their systems how ever they want at each price point. Some will go with clustered servers. Some will go a single monster server. They know their products best so they'll be the ones best suited to choosing the configuration.
Then run the benchmarks. And keep hammering on them until AFTER the next patch release.
Yeah, it might run fast, but still be a bitch to patch/upgrade.
At $5,000 you might find that a cluster of MySQL boxes beats everything.
At $10,000 maybe something else is best.
$25,000
$50,000
$100,000
etc.
And finally, break it. Break it bad. What happens when something goes wrong? Oracle might cost a lot, but if they can come through with your data they might just be worth it.
If nothing else, you'll get the "best practices" nicely demonstrated by each group.:)
You cannot compare benchmarks without SOMETHING standard between them.
Okay, if they can't match the hardware (why not?) then focus on price points. I notice that they're looking at "$65,500 for the hardware". That's a LOT of hardware at today's prices.
I'm sure MySQL would (and will) come back with a "benchmark" on hardware costing $10,000.
Freedom is not security, security is not freedom. Freedom is pretty much the absence of security, and security is the absence of freedom.
And I noticed that you completely avoided my example of Soviet Russia.
Their citizens could be monitored anytime for any reason. By your "logic" they should have had more security than the US citizens of the time. But they did not. They had less.
What is efficient law enforcement? That's when the cops catch bad guys with a minimum of fuss and a minimum of disruption to the lives of the ordinary citizenry.
The way I look at it, if you could catch one more "bad guy" a day... just by skipping some of the procedures and processes that we have to protect our Rights... how many people would support that?
Lots.
As opposed to Ben Franklin's:
That it is better 100 guilty Persons should escape than that one innocent Person should suffer, is a Maxim that has been long and generally approved.
They'd rather follow Otto Bismark's opinion:
It is better that ten innocent men suffer than one guilty man escape.
The problem is that it is the Government that chooses what "crime" and what "evidence" will be used to charge a person.
And the Government is composed of people. Sometimes honourable. Many times petty and vindictive if not outright criminals. Which is why our country was founded upon the belief that you cannot trust the Government. That we had to limit the Government's authority and protect the Rights of the People.
It's all about how you view Rights and whether you are with Franklin or Bismark.
But a web address often has a 1-to-1 corespondence with its contents. Knowing the address is one simple - and undetectable - step from knowing the contents.
Exactly.
Now, there are possible ways to get the IP addresses that you connect to WITHOUT getting any more information than that (and such information is just about useless).
But I don't trust the government to put any effort into protecting MY Freedoms and privacy when it is so much easier for them to abuse such.
By planning for it.
By testing them.
Knowing what is on their systems is part of their job. As is maintaining those systems.
Yes, there are admins like that out there.
So you automatically accept and deploy the patches Microsoft sends out
My opinion is the opposite. But then, my opinion is based upon my experience with vendors releasing patches that broke systems.
WARNING! WARNING! WARNING! WARNING! WARNING!
Wouldn't you just roll it out the same as with any other patch?
Without any more information and judging from comments such as that, I'm going to say that this "threat" will soon be found to be nothing. Just more Internet hype from someone trying to make a name for himself.
Since we know that Disney (and others) will lobby against anything other than their eternal copyrights, we need to plan for that.
If you have have property that you want protected, then you should PAY for that protection after the standard protection period has expired.
99%+ of book titles won't be sold 15 years after their release. So there's no financial incentive for their authors to protect them. But with Disney and others, their "property" is worth millions of dollars. So charge them 5% of the estimated value. Every year.
If you are an author and you want to keep protecting your book, are you willing to pay 5% a year of the sales from the last year? Or should it be 1%?
Otherwise it falls into the Public Domain.
You get the project.
You get the people for that project. You work to form them into a team that can handle that project.
You adjust the specs as the project evolves until it either dies or hits the target.
Yeah, it's a bit more complicated than that. But that's the basics. Any company that has people juggling multiple projects is going to have problems. The same with any company that forms teams without projects.
And getting together with your co-workers after work just so you can bond? Fuck that. If it happens, it happens. But do NOT try to institutionalize it. All you'll do is end up with a bunch of people waiting for the first person to leave so they can all go home to their families.
If they're able to form a behaviour pattern from that and provide it to the state law enforcement agencies the I say that it would be okay.
As long as the FBI removed any individual identifying info (names, aliases, addresses, etc). Even in their database.
Fuck you, Boyd. What is "lawfully acquired" varies with the laws passed. When a private person does it, we often refer to that as "stalking" and it is illegal.
But that's just because I think Cthulhu is cool.
Anyway, a race of intelligent squids would probably NEVER be found by us (barring FTL drives). Their environment just would not be able to support the technology needed to communicate with us over inter-stellar distances. They could not send to us, they could not receive from us.
And there aren't many options for them developing a space program of their own.
Given that OUR planet is at least a 2nd generation world (coalesced from a previous sun's death), how many races have gone extinct already?
Just because we can't receive radio signals from them doesn't mean that they aren't out there or were not out there.
There's a difference between
a. You being correct
b. Someone else being wrong
Claiming that someone else said something is no excuse nor justification.
If the BSA investigates you, you will have to cough up a LOT of "proof" that your licenses are legal. Even if they all are (and Microsoft makes it very easy to be out of compliance).
... but try to get them to give you the info AFTER your lost the original info.
Just having the original software isn't enough. That can be faked.
Having the original software AND a receipt is not enough. You could have bought pirated disks and not known it.
You MUST have the receipt from an APPROVED Microsoft reseller. Now, how do YOU know which resellers are approved?
What happens if you don't have the receipts? What if there was a fire or something that destroyed them?
How many people do you have to employ to check that each machine has the software that was purchased for it, and the receipt AND that the license associated with it applies in that case?
Fuck it. Just spend the money and Microsoft will handle the problems for you. The problems that MICROSOFT created by MICROSOFT's demands regarding "proof" of legitimacy.
Meanwhile, Microsoft provides NO OTHER OPTIONS for registering your software with them. NONE. Go ahead. Try to register a copy of Windows with them. You have to "activate" it and run "Windows Genuine Advantage" and so forth
They won't.
It's not so much that anyone should believe this "report".
They're in the business of whoring themselves out to whomever has the biggest wallet.
That they're turning on Microsoft says more than their reports ever will. If they don't sell "reports", they don't get paid. So are more people looking to buy "reports" that do NOT favour Microsoft now? Has the market changed that much?
Hey, don't get mad at ME if this "Firefox exploit" depends upon IE being insecure.
An application is only as secure as the system it runs on.
I'll stick to Ubuntu where I have a choice.
If that offends you, too bad. Get a life and stop trying to make a religious war out of an OS.
Normally, I'm surfing with Firefox and NoScript and AdBlock and ....
It keeps me safe.
If a site doesn't work with that, then fuck them. I only need IE for some work related sites that have stupid ActiveX controls.
Sorry, can't try it right now as I'm on Ubuntu (Feisty Fawn). But I'll look into it tomorrow when I get to work.
I'm not trying to be snippish or anything. But are there any vendors that you know of that do have such?
Particularly with the new Samba on the horizon.
Yep, Samba is a major project.
But more to the point, LOTS of vendors re-package Samba and sell it as NAS's and such.
Hey! That's just good mathematical practice. Once you're reduced a problem to a previously solved equation, you quit. :)
No, I'm just kidding.
There's an old quote about being sorry for writing such a long letter, but not having the time to shorten it. And it works the other way, too. Having too little content because it's easier to link to something else than write it up yourself.
So we end up with what should be authoritative site referencing other comments. When (and this is particularly true of a commercial product) the person maintaining the authoritative site should be writing up the material (and correcting the errors) that are referred to in the other sites.
You KB example. It's the "Knowledge Base" for that. If you aren't going to spend the time and keep it updated, at least release all the material under a license that allows someone else to maintain it. After all, isn't it about getting the correct information out?
You believe that someone else having complete control of you is "Security".
If your captor wishes to deprive you of food, there is nothing you can do about it. Your "Security" is the whim of your captor.
Your "Security" is the whim of your captor.
Freedom is Security.
Get people from each group, give them the requirements and 5 different dollar amounts.
:)
Let each team setup their systems how ever they want at each price point. Some will go with clustered servers. Some will go a single monster server. They know their products best so they'll be the ones best suited to choosing the configuration.
Then run the benchmarks. And keep hammering on them until AFTER the next patch release.
Yeah, it might run fast, but still be a bitch to patch/upgrade.
At $5,000 you might find that a cluster of MySQL boxes beats everything.
At $10,000 maybe something else is best.
$25,000
$50,000
$100,000
etc.
And finally, break it. Break it bad. What happens when something goes wrong? Oracle might cost a lot, but if they can come through with your data they might just be worth it.
If nothing else, you'll get the "best practices" nicely demonstrated by each group.
You cannot compare benchmarks without SOMETHING standard between them.
Okay, if they can't match the hardware (why not?) then focus on price points. I notice that they're looking at "$65,500 for the hardware". That's a LOT of hardware at today's prices.
I'm sure MySQL would (and will) come back with a "benchmark" on hardware costing $10,000.
There is nothing "real" about this "benchmark".
Why would one have to "worry about one's physical and mental well being" if one had Freedom?
The only way to have less Security is to either choose such or to not have the Freedom to choose more.
Freedom is Security.
And I noticed that you completely avoided my example of Soviet Russia.
Their citizens could be monitored anytime for any reason. By your "logic" they should have had more security than the US citizens of the time. But they did not. They had less.
Freedom is Security.
Does anyone believe that the average citizen in Soviet Russia had any more security than the average US citizen?
Despite the near total and constant surveillance?
The Government watching you does not make you any more secure.
Freedom is Security.
The way I look at it, if you could catch one more "bad guy" a day
Lots.
As opposed to Ben Franklin's:
They'd rather follow Otto Bismark's opinion:
The problem is that it is the Government that chooses what "crime" and what "evidence" will be used to charge a person.
And the Government is composed of people. Sometimes honourable. Many times petty and vindictive if not outright criminals. Which is why our country was founded upon the belief that you cannot trust the Government. That we had to limit the Government's authority and protect the Rights of the People.
It's all about how you view Rights and whether you are with Franklin or Bismark.
Exactly.
Now, there are possible ways to get the IP addresses that you connect to WITHOUT getting any more information than that (and such information is just about useless).
But I don't trust the government to put any effort into protecting MY Freedoms and privacy when it is so much easier for them to abuse such.
There is a huge difference between knowing that I connected to 66.35.250.150 on port 80
and
Knowing that I connected to http://yro.slashdot.org/comments.pl?sid=247095&ci
People died for the Freedom that too many of us seem willing to trade away.
If the worst thing that happens to you is some jail time because you refused to reveal your keys, consider yourself ahead of the game.
Fascism begins when the efficiency of the Government becomes more important than the Rights of the People.
With a "pen register" all they get is the phone number you called.
That would be analogous to the IP address that you connected to (and maybe the port).
The question is how are they capturing the IP addresses? If they're capturing the packets, that's the same as a wiretap.
Encryption. Learn it. Love it. Live it.