Actually, you can download the assignment databases from AP-NIC and block quite easily (ditto for the other NIC's.) The list is on ftp.apnic.net. If you have a site / userbase that is US centric, there is no issue with blacklisting entire countries. This is not a viable anti-spam tool for most sites however.
The government had enough information to prevent 911. Some even say they knew about it an let it happen.
And some people still believe ghosts and Bigfoot exist, and that you can cast spells on people. The majority still believe that the government is just totally incompetent, which is much more believable, and much more likely to be true. It's also most likely true that all this government information gathering and other crap really won't impact most people, and that the targets really are the bad guys. That doesn't make OK to spy on innocent American citizens however, or require the anal probe in order to travel to see Aunt Gertrude.
As for wearing seat belts, drinking inspections etc., that doesn't bother me. People ought to have enough sense to wear them and not drive drunk. Recently we had a tragic accident here in our valley involving teenagers. All those in the vehicle wearing seat belts survived mostly uninjured, but one wonderful young lady who did not wear hers was killed.
You totally missed the point I was making. We are dealing with an erosion of rights. First it was drunk driving. Then it was seatbelts. Next will be to check your cellphone call log to make sure you weren't on the phone recently while driving. Then we will start doing random tests for DUI Pot. 20 years from now it will be random strip searches and barcodes on the forehead. I really don't want to go there, do you? RealID is a step towards the barcode. Isn't all that stuff what we were violently against when other governments did it?
Here's the thing. An ID doesn't say that you are NOT a terrorist. Lack of one doesn't mean that you are. I don't know about you, but I would like to know that the person sitting next to me on an airplane was screened for knives, guns, and bombs regardless of whether or not he showed an ID card to someone making 10 bucks an hour.
This whole ID thing at airports for security reasons is bullshit. It's really about the government wanting to know where everyone is. Tracking. Spying on us for no damn reason. They want to know what books you read, who you call, email, what you buy, etc. "Total Information Awareness." They can also pull you over for no other reason than to check whether you are wearing a seatbelt, may have been drinking, etc. at random checkpoints. What part of that doesn't scream "police state?" It's pretty sad that we have let things get this bad. Sheeple.
With my default font, I get 209 on my 20", or 422 if I span both monitors (the 1.5" gap kinda sucks though, which is why I'm looking at a 30" screen.)
209 would be insane for programming, but I'd like to see at least 132 become the standard for email and coding. If you have less wrapped lines, it's more readable. Let's get off the punchcard line length. Wide screens are great for log files, spreadsheets, project management software, etc.
At the current rate of capacity increases / price drops, I bet flash drives will overtake CD/DVD technology. By the time this tech comes to market, I'll be able to buy 500G USB thumb drives that are 100 times faster than today's thumb drives, and cost about $10.
I'm sorry but there is no justification for creating a new law and a new class of crime so that your Asterisk system will work.
That was an example, and one benefit of the law. IMHO the callee, the person being bothered, have a right to know who is calling, just like you have a right to know who someone that is knocking on your door is before you let them in. Why should you be required to open the door to see who it is?
I don't support it for other commercial agencies though, some may not take incoming calls at all.
Tough. Set the callerID to an automated answering service that says so, or even just a number that just isn't answered, but it should be a number that identifies who you are.
In regards to your cell phone service, if such a law existed, there would be business justification for cell phone companies to allow the callerID to be set to the main business number for business customers. Problem solved, your concern addressed.
Again, I don't believe any company of any type has a right to call me at home and be anonymous. Period. You go into business, you obey the laws. Why SHOULD they have the right to be anonymous? This is a phone number, not all the employees social security numbers... With all the business calls, charities, political organizations, automated sales calls (even with my number on the do not call lists) I long ago lost any sympathy for businesses that hide, spoof, etc. callerID.
In regards to your "magic words", I have found that they are RARELY obeyed. First, private citizens can ONLY bring action if they have suffered $50,000 or more in "actual" damages. Furthermore, the fine is only $11,000 per incident. Despite more than 50 complaints to the FTC, I have not had ANY relief and have jack shit to show for my efforts. I suggest you read http://www.ftc.gov/bcp/conline/pubs/buspubs/tsrcom p.shtm especially near the bottom which outlines the fines and who can bring action. Also in this document are regulations that require valid callerID on telemarketing calls. Again, this is ignored since there is nobody who is is able is willing to enforce it, and nobody willing is able.
Make it criminal as WELL as civil, and allow direct citizen action in all cases. Then we will see compliance.
If you get all your lines piped into your office via a T1, then you are in control of the device that sets the Caller ID name and number and can set it whatever you like.
Yes and no. Depending on the provider, you may be limited to only setting your callerid to a number in your DID block.
Why is everyone refusing to read the damn bill? It allows you to legitimately set the callerID to any number that refers to you or your business, which allows ALL of the legitimate usage of spoofing. It also allows you to choose to be anonymous which handles all your privacy concerns. It simply prevents you from fraudulently pretending that you are someone else.
I don't agree with how the term "nanny state" is being applied here.
"Nanny State" to ME means laws to protect YOU from YOURSELF. Not laws to protect YOU from OTHERS.
I'm all for laws that are designed to protect me from abusive behavior of others. I am against laws like seatbelts, helmets, smoking pot, etc. that apply to adults (children is OK since they don't have the experience to make the right judgment calls.)
I'm also fine with limiting liability of insurance companies or public assistance to those who hurt themselves because they weren't wearing a seatbelt for example. As long as you don't impact others physically, financially, etc., feel free to do whatever the hell you want. Just don't come crying to me when you fuck yourself up, lose your job, etc.
I HAVE read the legislation. It simply makes it unlawful "to transmit misleading or inaccurate caller identification information." It also gives you an out: "Nothing in this subsection may be construed to prevent or restrict any person from blocking the capability of any caller identification service to transmit caller identification information." That means you can choose to be anonymous and still be legal.
As long as you transmit a number, it needs to be a number that somehow identifies you or your company and not a number that belongs to someone else or that is fake (not a real number.)
There is nothing currently illegal about spoofing caller ID. This bill makes it illegal "to transmit misleading or inaccurate caller identification information". The person / company still has the option of not transmitting ANYTHING, but now callerID's such as 408-000-0000 will be banned, along with other random crap I see on a regular basis.
IMHO, this bill does not go far enough. It should require all non-residential (consumer-level) service to transmit correct, accurate information - anonymous should not be an option. The CEO of a company doesn't need his personal extension (DID) transmitted, just the company's main number, but it SHOULD transmit something valid that identifies the company it came from. There is no VALID reason for companies to be "anonymous".
Collection agencies claim otherwise, but they are a big part of the problem anyway - especially if some idiot you don't know is giving our YOUR number and then doesn't pay his / her bills. I received about 50 calls for "Patricia" in the past year. despite constantly telling these annoying people that there has never been a "Patricia" at this number in at least 15 years since I've had it, and to remove the number from their records, and asking to have the info relayed to the creditor, the calls still keep coming. Worse, it's on my home-office business line that I don't want to do any phone-system filtering on.
Asterisk does a great job of keeping unwanted calls off my home line, but to work best it needs valid callerID info.
While this FA may not be the right one, there are others that debunk the second report too. Links are in the last/. story on it. In short, the guy is a PR tool, and anyone that buys into the report is either naive in the extreme or just plain witless.
I believe he's referring to the thought that just because it's open source means that someone not on actively working on the project will fix it. You are obviously working on an active project, so there is some hope for support. The problem is, there probably isn't a guaranteed contract of support. In nearly all cases, you don't get support for inactive COMMERCIAL software either. In fact, what happens more often than not is that a vendor will REFUSE to fix a bug, support contract or not. Been there. MS is notorious for this. They just mark a bug low-priority or low-impact. With open source you have the option of fixing it yourself, or contracting with someone else to fix it. With commercial software that you don't have the source to, you don't.
If there are 2 million lines of code (not including whitespace and comments) and a bug/vulnerability might exist somewhere in those 2 million lines, is that disclosed? Don't be dense. I'm obviously referring to the development process, with open bug trackers, development mailing lists, etc. Development, bugs, etc. are open for all to see and all known flaws are disclosed.
How many vulnerabilities are known about and fixed in a certain time frame is meaningless.
It's not meaningless to a business that decided to invest in Microsoft software and services for their systems, especially one that must account for internet access. But it may be meaningless to you who may not care about Microsoft products and services. You seem to be disconnected from the thread here. I'm referring to the FA comparing these statistics over several OS's. It's a meaningless comparison especially in light that it's impossible to do a valid comparison between open and closed development processes. It's apples and oranges. Even reading it like you did, it is STILL meaningless as real-world total platform security trumps statistics any day. Microsoft's great statistics are meaningless when your entire network was compromised and your business shut down for a week because of a zero day DNS exploit. Results matter. "Statistics" don't.
Never messed with OO, never a reason to. HAVE messed with the kernel in years past, which used to be a lot more necessary than it is now. Most of the messing around, which I consider casual, has been in driver space (USB and ethernet), because that is the space that affects me the most - if your hardware doesn't work you have a vested interest in getting it to work. Sometimes it's as simple as adding a new PCI deviceID, others can be a lot more "intense." Getting involved is easy - send a patch the the LKML and the module maintainer.
So how many people send in patches to the Linux kernel? Well, this article looked at a recent one-year time frame and came up with almost 2000 authors had changes accepted. If you look total all-time numbers, I would bet it's probably Well over 10K.
As far as messing around with open source in general, it's been hundreds of applications / utilities / etc. going WAY back to the days of "Adventure" on the mainframe via model 33 teletype. XYZZY people!
No, what's needed is to ignore this whole stupid "bug counting / statistics" game and actually look at what percentage of the installed base for each OS's are getting "p0wned". Why? Because Real Life Matters. The default install is irrelevant. People use their computers in the real world with all sorts of software. If you want a more secure experience, pick the platform that will be less likely to get P0wned overall.
The article is about security, and they've done some work and found some evidence that Vista's not as evil as some people think.
Cluebat time. The "researcher" is a Microsoft employee. Is is basically PR from marketing. When you have a closed development model, you can't compare it with an open model like this. How many UNDISCLOSED flaws were there in Windows that have been silently fixed or are still waiting to be fixed? With statistics, I can "prove" that Windows causes brain damage and Erectile Dysfunction. Does that make it true?
It is a meaningless report that the uninformed / gullible will use to say "See! See! Windows is more secure! Microsoft tells us so!"
I suspect you've fallen into the falacy that just because people can look at the source, people actually do.
It's a fallacy? Shit. I guess that all these years that I have been working on open source software, fixing bugs, adding features, has actually been a big long dream. I'll wake up and finally see that I've been living in the Matrix, and finally see Bill G in his true Borg form hanging over me grinning...
Of course not EVERYONE looks at the source for every app, but collectively there are a HUGE number of people looking at and working with the source for just about every app out there. Unfortunately, not everyone working on open source is a qualified professional, and we do see some horrible code out there, but it's no worse than a lot of the commercial code I've seen over the years.
But back to the report. It's a shell game. Microsoft, having a closed development model, may have HUNDREDS of high threat level flaws that are UNDISCLOSED but may be known about by black-hat hackers. Open source by nature is ALWAYS disclosed. MS also has a habit of rating their flaws at a lower threat level than third party security researchers rated it. Yep, just goes to show that you can prove anything with statistics.
Here is a statistic for you... 99%+ of all the probing I get on the external side of the corp network are from windows boxes according to fingerprint analysis. Since most probing is done via compromised machines (botnet), and that windows has less than a 99% market share, that leaves me with one conclusion. The numbers are similar for spam.
How many vulnerabilities are known about and fixed in a certain time frame is meaningless. What would be meaningful, but an impossible statistic to gather, is exactly what percentage of installed Linux and Windows machines are currently compromised and being actively exploited (member of a botnet.) I've heard estimates that up to 50% of all windows machines are infected with serious malware of some sort or another...
Spanning tree can also cause problems with DHCP. There are workarounds, such as portfast, but what this basically means is that you have to design and implement your network carefully, and avoid the use of non-enterprise class networking gear.
It's quite easy to setup conference room and other public access that allows corp users to access the full corp network and guests to access a much smaller restricted net (simple guest file server, printer, internet.) It's done via a special DHCP server looking for registered corp mac addresses, and scripting which reconfigures the switchport on the fly - joining it to one VLAN or another. Is it perfect security? No, but it stops all the casual "hacking."
The reason wireless is more of an issue is that you can point a cantenna at a building blocks away and have access. With wired you have to be physically present.
Not to mention bandwidth. I touch on that on a post above. I have no problem with wireless either. I do have a problem with ONLY wireless - it's totally inappropriate in a business environment.
Absolutely. You can easily stream HD content over wireless IF you are only streaming from a VERY small number of nodes.. Like 1 or 2. One of the things that many people don't "get" with wireless is that it's SHARED BANDWIDTH. There are VERY few channels that can work together (3 in the US on 2.4G) without interference, so your total backbone bandwidth is pretty small (150Mb max theoretical on a standard G network.) In a Real production network with dozens of AP's in a building and hundreds of users all using encryption (like WPA2), accessing file servers, databases, etc., expect piss poor performance. It's not unusual to only get 5Mb rates with fairly high latency (due to constant retransmits) in a moderately busy environment on a G network. You may still be able to effectively surf the web, but I certainly would NEVER EVER run a business that way.
Follow "best practices," which is to hardwire everything possible and leave wireless to cases where wired is not feasible, such as PDA type devices and notebooks in conference rooms (although we've always had cables and power outlets on out conference tables...)
Anyone remember Sprint's failed Broadband Direct? I had it back in the late 90's in San Jose. It was basically cablemodem type speeds over wireless, but the latency was HORRIBLE, and so was the reliability. Let's see if they can do wireless internet RIGHT this time...
This is why I explicitly said "reject" and not "bounce." In order to do this scanning, it MUST be done at the DATA phase and not at the RCPT. You don't have the content to scan yet at RCPT! Any totally broken host that ignores the 5xx error and attempts redelivery of the same message (keyed off the Message-ID) get's firewalled for 1 hour. There are a number of totally broken MTA's out there that warrant limited-time firewalling for bad aggressive behavior.
Just a few years ago, you could get by with a fairly simple ACL in your MTA. Now the ACL is an entire application that links to multiple content scanners, and is quite complex. It needs to be in order for email to remain viable - especially for those of us with email addresses that haven't changed in 10 - 15 years. We are on every spammers list.
Slashdot Mirror
Actually, you can download the assignment databases from AP-NIC and block quite easily (ditto for the other NIC's.) The list is on ftp.apnic.net. If you have a site / userbase that is US centric, there is no issue with blacklisting entire countries. This is not a viable anti-spam tool for most sites however.
The government had enough information to prevent 911. Some even say they knew about it an let it happen.
And some people still believe ghosts and Bigfoot exist, and that you can cast spells on people. The majority still believe that the government is just totally incompetent, which is much more believable, and much more likely to be true. It's also most likely true that all this government information gathering and other crap really won't impact most people, and that the targets really are the bad guys. That doesn't make OK to spy on innocent American citizens however, or require the anal probe in order to travel to see Aunt Gertrude.
As for wearing seat belts, drinking inspections etc., that doesn't bother me. People ought to have enough sense to wear them and not drive drunk. Recently we had a tragic accident here in our valley involving teenagers. All those in the vehicle wearing seat belts survived mostly uninjured, but one wonderful young lady who did not wear hers was killed.
You totally missed the point I was making. We are dealing with an erosion of rights. First it was drunk driving. Then it was seatbelts. Next will be to check your cellphone call log to make sure you weren't on the phone recently while driving. Then we will start doing random tests for DUI Pot. 20 years from now it will be random strip searches and barcodes on the forehead. I really don't want to go there, do you? RealID is a step towards the barcode. Isn't all that stuff what we were violently against when other governments did it?
Here's the thing. An ID doesn't say that you are NOT a terrorist. Lack of one doesn't mean that you are. I don't know about you, but I would like to know that the person sitting next to me on an airplane was screened for knives, guns, and bombs regardless of whether or not he showed an ID card to someone making 10 bucks an hour.
This whole ID thing at airports for security reasons is bullshit. It's really about the government wanting to know where everyone is. Tracking. Spying on us for no damn reason. They want to know what books you read, who you call, email, what you buy, etc. "Total Information Awareness." They can also pull you over for no other reason than to check whether you are wearing a seatbelt, may have been drinking, etc. at random checkpoints. What part of that doesn't scream "police state?" It's pretty sad that we have let things get this bad. Sheeple.
With my default font, I get 209 on my 20", or 422 if I span both monitors (the 1.5" gap kinda sucks though, which is why I'm looking at a 30" screen.)
209 would be insane for programming, but I'd like to see at least 132 become the standard for email and coding. If you have less wrapped lines, it's more readable. Let's get off the punchcard line length. Wide screens are great for log files, spreadsheets, project management software, etc.
I agree.
At the current rate of capacity increases / price drops, I bet flash drives will overtake CD/DVD technology. By the time this tech comes to market, I'll be able to buy 500G USB thumb drives that are 100 times faster than today's thumb drives, and cost about $10.
I'm sorry but there is no justification for creating a new law and a new class of crime so that your Asterisk system will work.
m p.shtm especially near the bottom which outlines the fines and who can bring action. Also in this document are regulations that require valid callerID on telemarketing calls. Again, this is ignored since there is nobody who is is able is willing to enforce it, and nobody willing is able.
That was an example, and one benefit of the law. IMHO the callee, the person being bothered, have a right to know who is calling, just like you have a right to know who someone that is knocking on your door is before you let them in. Why should you be required to open the door to see who it is?
I don't support it for other commercial agencies though, some may not take incoming calls at all.
Tough. Set the callerID to an automated answering service that says so, or even just a number that just isn't answered, but it should be a number that identifies who you are.
In regards to your cell phone service, if such a law existed, there would be business justification for cell phone companies to allow the callerID to be set to the main business number for business customers. Problem solved, your concern addressed.
Again, I don't believe any company of any type has a right to call me at home and be anonymous. Period. You go into business, you obey the laws. Why SHOULD they have the right to be anonymous? This is a phone number, not all the employees social security numbers... With all the business calls, charities, political organizations, automated sales calls (even with my number on the do not call lists) I long ago lost any sympathy for businesses that hide, spoof, etc. callerID.
In regards to your "magic words", I have found that they are RARELY obeyed. First, private citizens can ONLY bring action if they have suffered $50,000 or more in "actual" damages. Furthermore, the fine is only $11,000 per incident. Despite more than 50 complaints to the FTC, I have not had ANY relief and have jack shit to show for my efforts.
I suggest you read http://www.ftc.gov/bcp/conline/pubs/buspubs/tsrco
Make it criminal as WELL as civil, and allow direct citizen action in all cases. Then we will see compliance.
If you get all your lines piped into your office via a T1, then you are in control of the device that sets the Caller ID name and number and can set it whatever you like.
Yes and no. Depending on the provider, you may be limited to only setting your callerid to a number in your DID block.
Why is everyone refusing to read the damn bill? It allows you to legitimately set the callerID to any number that refers to you or your business, which allows ALL of the legitimate usage of spoofing. It also allows you to choose to be anonymous which handles all your privacy concerns. It simply prevents you from fraudulently pretending that you are someone else.
Read the damn bill. The meat is all of about 3 sentences. It allows you to do exactly what you want to do, and forbids deceptive practices.
I don't agree with how the term "nanny state" is being applied here.
"Nanny State" to ME means laws to protect YOU from YOURSELF. Not laws to protect YOU from OTHERS.
I'm all for laws that are designed to protect me from abusive behavior of others. I am against laws like seatbelts, helmets, smoking pot, etc. that apply to adults (children is OK since they don't have the experience to make the right judgment calls.)
I'm also fine with limiting liability of insurance companies or public assistance to those who hurt themselves because they weren't wearing a seatbelt for example. As long as you don't impact others physically, financially, etc., feel free to do whatever the hell you want. Just don't come crying to me when you fuck yourself up, lose your job, etc.
I HAVE read the legislation. It simply makes it unlawful "to transmit misleading or inaccurate caller identification information." It also gives you an out: "Nothing in this subsection may be construed to prevent or restrict any person from blocking the capability of any caller identification service to transmit caller identification information." That means you can choose to be anonymous and still be legal.
As long as you transmit a number, it needs to be a number that somehow identifies you or your company and not a number that belongs to someone else or that is fake (not a real number.)
This is a good law, unlike so many others.
There is nothing currently illegal about spoofing caller ID. This bill makes it illegal "to transmit misleading or inaccurate caller identification information". The person / company still has the option of not transmitting ANYTHING, but now callerID's such as 408-000-0000 will be banned, along with other random crap I see on a regular basis.
IMHO, this bill does not go far enough. It should require all non-residential (consumer-level) service to transmit correct, accurate information - anonymous should not be an option. The CEO of a company doesn't need his personal extension (DID) transmitted, just the company's main number, but it SHOULD transmit something valid that identifies the company it came from. There is no VALID reason for companies to be "anonymous".
Collection agencies claim otherwise, but they are a big part of the problem anyway - especially if some idiot you don't know is giving our YOUR number and then doesn't pay his / her bills. I received about 50 calls for "Patricia" in the past year. despite constantly telling these annoying people that there has never been a "Patricia" at this number in at least 15 years since I've had it, and to remove the number from their records, and asking to have the info relayed to the creditor, the calls still keep coming. Worse, it's on my home-office business line that I don't want to do any phone-system filtering on.
Asterisk does a great job of keeping unwanted calls off my home line, but to work best it needs valid callerID info.
While this FA may not be the right one, there are others that debunk the second report too. Links are in the last /. story on it. In short, the guy is a PR tool, and anyone that buys into the report is either naive in the extreme or just plain witless.
It's not meaningless to a business that decided to invest in Microsoft software and services for their systems, especially one that must account for internet access. But it may be meaningless to you who may not care about Microsoft products and services. You seem to be disconnected from the thread here. I'm referring to the FA comparing these statistics over several OS's. It's a meaningless comparison especially in light that it's impossible to do a valid comparison between open and closed development processes. It's apples and oranges. Even reading it like you did, it is STILL meaningless as real-world total platform security trumps statistics any day. Microsoft's great statistics are meaningless when your entire network was compromised and your business shut down for a week because of a zero day DNS exploit. Results matter. "Statistics" don't.
Never messed with OO, never a reason to. HAVE messed with the kernel in years past, which used to be a lot more necessary than it is now. Most of the messing around, which I consider casual, has been in driver space (USB and ethernet), because that is the space that affects me the most - if your hardware doesn't work you have a vested interest in getting it to work. Sometimes it's as simple as adding a new PCI deviceID, others can be a lot more "intense." Getting involved is easy - send a patch the the LKML and the module maintainer.
So how many people send in patches to the Linux kernel? Well, this article looked at a recent one-year time frame and came up with almost 2000 authors had changes accepted. If you look total all-time numbers, I would bet it's probably Well over 10K.
As far as messing around with open source in general, it's been hundreds of applications / utilities / etc. going WAY back to the days of "Adventure" on the mainframe via model 33 teletype. XYZZY people!
No, what's needed is to ignore this whole stupid "bug counting / statistics" game and actually look at what percentage of the installed base for each OS's are getting "p0wned". Why? Because Real Life Matters. The default install is irrelevant. People use their computers in the real world with all sorts of software. If you want a more secure experience, pick the platform that will be less likely to get P0wned overall.
The article is about security, and they've done some work and found some evidence that Vista's not as evil as some people think.
Cluebat time. The "researcher" is a Microsoft employee. Is is basically PR from marketing. When you have a closed development model, you can't compare it with an open model like this. How many UNDISCLOSED flaws were there in Windows that have been silently fixed or are still waiting to be fixed? With statistics, I can "prove" that Windows causes brain damage and Erectile Dysfunction. Does that make it true?
It is a meaningless report that the uninformed / gullible will use to say "See! See! Windows is more secure! Microsoft tells us so!"
I suspect you've fallen into the falacy that just because people can look at the source, people actually do.
It's a fallacy? Shit. I guess that all these years that I have been working on open source software, fixing bugs, adding features, has actually been a big long dream. I'll wake up and finally see that I've been living in the Matrix, and finally see Bill G in his true Borg form hanging over me grinning...
Of course not EVERYONE looks at the source for every app, but collectively there are a HUGE number of people looking at and working with the source for just about every app out there. Unfortunately, not everyone working on open source is a qualified professional, and we do see some horrible code out there, but it's no worse than a lot of the commercial code I've seen over the years.
But back to the report. It's a shell game. Microsoft, having a closed development model, may have HUNDREDS of high threat level flaws that are UNDISCLOSED but may be known about by black-hat hackers. Open source by nature is ALWAYS disclosed. MS also has a habit of rating their flaws at a lower threat level than third party security researchers rated it. Yep, just goes to show that you can prove anything with statistics.
Here is a statistic for you... 99%+ of all the probing I get on the external side of the corp network are from windows boxes according to fingerprint analysis. Since most probing is done via compromised machines (botnet), and that windows has less than a 99% market share, that leaves me with one conclusion. The numbers are similar for spam.
How many vulnerabilities are known about and fixed in a certain time frame is meaningless. What would be meaningful, but an impossible statistic to gather, is exactly what percentage of installed Linux and Windows machines are currently compromised and being actively exploited (member of a botnet.) I've heard estimates that up to 50% of all windows machines are infected with serious malware of some sort or another...
Spanning tree can also cause problems with DHCP. There are workarounds, such as portfast, but what this basically means is that you have to design and implement your network carefully, and avoid the use of non-enterprise class networking gear.
It's quite easy to setup conference room and other public access that allows corp users to access the full corp network and guests to access a much smaller restricted net (simple guest file server, printer, internet.) It's done via a special DHCP server looking for registered corp mac addresses, and scripting which reconfigures the switchport on the fly - joining it to one VLAN or another. Is it perfect security? No, but it stops all the casual "hacking."
The reason wireless is more of an issue is that you can point a cantenna at a building blocks away and have access. With wired you have to be physically present.
Not to mention bandwidth. I touch on that on a post above. I have no problem with wireless either. I do have a problem with ONLY wireless - it's totally inappropriate in a business environment.
Absolutely. You can easily stream HD content over wireless IF you are only streaming from a VERY small number of nodes.. Like 1 or 2. One of the things that many people don't "get" with wireless is that it's SHARED BANDWIDTH. There are VERY few channels that can work together (3 in the US on 2.4G) without interference, so your total backbone bandwidth is pretty small (150Mb max theoretical on a standard G network.) In a Real production network with dozens of AP's in a building and hundreds of users all using encryption (like WPA2), accessing file servers, databases, etc., expect piss poor performance. It's not unusual to only get 5Mb rates with fairly high latency (due to constant retransmits) in a moderately busy environment on a G network. You may still be able to effectively surf the web, but I certainly would NEVER EVER run a business that way.
Follow "best practices," which is to hardwire everything possible and leave wireless to cases where wired is not feasible, such as PDA type devices and notebooks in conference rooms (although we've always had cables and power outlets on out conference tables...)
Anyone remember Sprint's failed Broadband Direct? I had it back in the late 90's in San Jose. It was basically cablemodem type speeds over wireless, but the latency was HORRIBLE, and so was the reliability. Let's see if they can do wireless internet RIGHT this time...
This is why I explicitly said "reject" and not "bounce." In order to do this scanning, it MUST be done at the DATA phase and not at the RCPT. You don't have the content to scan yet at RCPT! Any totally broken host that ignores the 5xx error and attempts redelivery of the same message (keyed off the Message-ID) get's firewalled for 1 hour. There are a number of totally broken MTA's out there that warrant limited-time firewalling for bad aggressive behavior.
Just a few years ago, you could get by with a fairly simple ACL in your MTA. Now the ACL is an entire application that links to multiple content scanners, and is quite complex. It needs to be in order for email to remain viable - especially for those of us with email addresses that haven't changed in 10 - 15 years. We are on every spammers list.
Content scanning. I maintain a regex blacklist of known collateral damage "notifications".