Email scanning is needed on inbound because of "autoexecute" behavior. The only way you can stop this is to view all messages as text ONLY. We continually see cross site scripting problems with HTML, webbugs, and flaws in image handling resulting in remote exploits. Of course in the corporate world, email scanning is done on the mail server and not on the client. All to many ISP's and small businesses don't do ANY scanning at all leaving it up to the client.
I haven't used NAV06 (stopped using symantec NAV products a couple years ago due to all the problems with it,) but I do know for a fact that other versions DID break authentication because the authentication is NOT passed on. I'm not talking encrypted, just authenticated. Watch it with ethereal. If Symantec FINALLY fixed it, good, but as you stated it doesn't fix SSL/TLS transactions at all, however it's not due to proxying, but due to the TYPE of proxy (transparent.)
Inbound AND outbound scanning over TLS SHOULD be able to be done via a well designed proxy. A well designed proxy could allow configuration where the MUA (client such as OE) is configured to talk to the local proxy via an unauthenticated and unencrypted connection, and have the proxy do auth and TLS to the POP/IMAP/SMTP servers. But that's not what they do because AV companies decided on stupid broken transparent proxies which can't POSSIBLY work in the modern world.
The same kind of smart proxy should be done for web browsers as well. That's how corporate systems work and it would work very well for personal systems too.
An example of the "unspeakable things" is outbound email scanning, where they add a proxy layer on smtp transactions. Only one big problem: this breaks authenticated SMTP. The only fix is to disable it. Inbound scanning is even more pathetic, only supporting VERY few email clients, such as Outhouse and Outhouse Express due to the implementation.
Um, you DO realize that this spammer, like most, uses zombie machines too. A fact of life is that not all zombie machines are listed with spamhaus. Anyway, good luck and enjoy your future dramatic increase in spam. Also be aware that your email address may also be used in spam "Joe Job's" (If you don't know what a joe job is, I suggest you look it up.)
FYI, American football has both cardio AND strength training. Wide receivers (for example) would be pretty useless if they didn't have the stamina to run (sprint) at top speed time and time again. Bottom line is that both types of "football" players are going to be in very good physical shape with the exception of perhaps some of the linebackers... Tedy Bruschi (a linebacker) is an example of a top-notch, NFL player in EXCELLENT physical shape who had a stroke due to a hole in his heart.
OK, I have mod points at the moment but am posting instead... This is why meta-moderation exists and why it is important. Meta-mod frequently and the bad moderators won't get points as often.
And by the soccer qualifier in your statement, are you saying that American Football (NFL style) players are immune from heart attacks? Becuase that would be a very silly thing to say.
That doesn't work on all DVD spindle nub designs. Some are solid and don't push. I have a handful of DVD cases with that type. Some careful shaving of the nub with an exacto blade generally solves the problem.
I just tear off those stupid little latches on some DVD cases. The case stays shut without them just fine. Now if I can just get the DVD off the !*&@#^ nub without the DVD snapping in half, I would be happy!
That's a good question. Are all pens, shoes, screws, lightbulbs, etc. used in the process of manufacturing iso certified??? No. Iso certification of your quality process does not require that all third party equipment and supplies used in the process ALSO be ISO 9001:2000 certified. That would be an impossibility.
Buy your drive from Fry's, and it's quite likely to have someone elses shite on it. Some dealers do all sorts of shady things with returns, such as re-shrinkwrapping merchandise and selling it as new.
There are many applications which require macros to be present in Word documents.
True, but how many are emailed around outside the company? Probably very few. You can probably define a proceedure that would allow "trusted" users to email you such documents.
There are quite a few Web 1.5 sites that critically depend on JS, Flash, Java, etc.
This is VERY true, more for JS than others... I use noscript in FF, and it's AMAZING how many stupid sites out there have many or all of their links be javascript actions, or deliver a fucked up HTML if the JS browser detection code can't run. By disabling JS completely, you would probably be locked out of large portion of the internet. It seems as though corporate sites are much more likely to be JS dependant than personal - maybe as high as 40% by my guestimate.
I see things differently. While it may be illegal, it's NOT unethical IMHO. If anything is unethical, it's the botnet itself and the apathetic clueless user running a botnetted machine.
When I had my driveway repaved, I took some left over asphalt and patched a few potholes in the street without the city's permission. Technically, that was probably illegal, but was it unethical or was it a public service? My neighbors were happy.
That works only in the smallest and most simplistic installations. In the real business world, you usually have more than one switch, and they most likely sit in a rack in a closet or server room, and not on a shelf in an office. Hell, I even use a rack in the basement of my HOUSE.
The REAL answer, in a comment by another user, is to run Snort (or other IDS) on a bridge.
Unfortunatly, the process for combining Californium and Calcium (which is called "Californication") has already been patented by the Red Hot Chili Peppers.
Yah, a cheapo thermometer IS less expensive, but can it send you an SMS on the weekend when your airconditioner dies? No. It can't. A monitoring solution and a thermometer are as different as a dump truck and a honda accord. A honda accord is a really crappy way of hauling 18 cubic yards of rock. Or were you just trolling?
There are many room temperature monitoring solutions out there, but the OP is on a budget. Easiest way to handle it is to NOT have the server auto-reboot on power restore. I wouldn't do that for the main web server (which should probably be at a colo anyway) but for a general office server, it would be fine. The OP could also have the server auto-shutdown when the INTERNAL temperature (such as CPU temp) gets too high (may want to do that anyway).
Yeah - it's brutal to fsck a 1T array, or even just mkfs a partition that large with ext3. XFS and JFS are MUCH MUCH faster. So besides just huge filesystems, what else is better about ext4?
X-windows existed well before Microsoft windows. Microsoft did NOT coin the term "windows" when refering to rectangular regions on a screen, or to a windowing system (The original Windows was not an OS, but just a GUI layer on top of DOS - much like X-windows is a GUI layer on Unix.
And what does he use for the other end of the tunnel? Are you donating a datacenter full of ssh servers and a few OC192 pipes for all the universities to tunnel through?
Having a good football program probably does more to attract good students to your campus then good parking, bandwith, and competent instuctors combined.
Actually, the "good football team" is all about alumni dollars and administration prestige and NOT about students.
A site I work with is not a slashdot / geek demographic. It's a combination of government use (primary), non-profits, education, and business (in that order of heaviest to least % of users.) This site gets on average a million page views / day. Looking at the month of September, 76% IE, 16.3% firefox, 1.9% safari, Opera 0.2%. Back in March, it was 81% IE, 6.3% FF, 2% safari, Opera 0.2%. From my viewpoint, FF has jumped HUGE in that time frame. (Yes, the numbers don't add up to 100% - unknown and other browsers are the remainder.)
who really wants to have to pop open a VOB file to watch a movie? Um, someone who want's to bypass all the non-skipable trailers (commercials), FBI warnings, and other crap and just play the friggin movie??? If you have a child, you know how fsking obnoxios disney movies are. Yep, rip em down to Mpeg4 and play via Mythtv.
Slashdot Mirror
You forgot the:
Everyone: Gah! Still only one mouse button!
Email scanning is needed on inbound because of "autoexecute" behavior. The only way you can stop this is to view all messages as text ONLY. We continually see cross site scripting problems with HTML, webbugs, and flaws in image handling resulting in remote exploits. Of course in the corporate world, email scanning is done on the mail server and not on the client. All to many ISP's and small businesses don't do ANY scanning at all leaving it up to the client.
I haven't used NAV06 (stopped using symantec NAV products a couple years ago due to all the problems with it,) but I do know for a fact that other versions DID break authentication because the authentication is NOT passed on. I'm not talking encrypted, just authenticated. Watch it with ethereal. If Symantec FINALLY fixed it, good, but as you stated it doesn't fix SSL/TLS transactions at all, however it's not due to proxying, but due to the TYPE of proxy (transparent.)
Inbound AND outbound scanning over TLS SHOULD be able to be done via a well designed proxy. A well designed proxy could allow configuration where the MUA (client such as OE) is configured to talk to the local proxy via an unauthenticated and unencrypted connection, and have the proxy do auth and TLS to the POP/IMAP/SMTP servers. But that's not what they do because AV companies decided on stupid broken transparent proxies which can't POSSIBLY work in the modern world.
The same kind of smart proxy should be done for web browsers as well. That's how corporate systems work and it would work very well for personal systems too.
An example of the "unspeakable things" is outbound email scanning, where they add a proxy layer on smtp transactions. Only one big problem: this breaks authenticated SMTP. The only fix is to disable it. Inbound scanning is even more pathetic, only supporting VERY few email clients, such as Outhouse and Outhouse Express due to the implementation.
Um, you DO realize that this spammer, like most, uses zombie machines too. A fact of life is that not all zombie machines are listed with spamhaus. Anyway, good luck and enjoy your future dramatic increase in spam. Also be aware that your email address may also be used in spam "Joe Job's" (If you don't know what a joe job is, I suggest you look it up.)
FYI, American football has both cardio AND strength training. Wide receivers (for example) would be pretty useless if they didn't have the stamina to run (sprint) at top speed time and time again. Bottom line is that both types of "football" players are going to be in very good physical shape with the exception of perhaps some of the linebackers... Tedy Bruschi (a linebacker) is an example of a top-notch, NFL player in EXCELLENT physical shape who had a stroke due to a hole in his heart.
OK, I have mod points at the moment but am posting instead... This is why meta-moderation exists and why it is important. Meta-mod frequently and the bad moderators won't get points as often.
And by the soccer qualifier in your statement, are you saying that American Football (NFL style) players are immune from heart attacks? Becuase that would be a very silly thing to say.
Your giant padded hamster ball is useless without my patented vocal muffler and harness system which you will be forced to license from me!
Muhahahah!
That doesn't work on all DVD spindle nub designs. Some are solid and don't push. I have a handful of DVD cases with that type. Some careful shaving of the nub with an exacto blade generally solves the problem.
I just tear off those stupid little latches on some DVD cases. The case stays shut without them just fine. Now if I can just get the DVD off the !*&@#^ nub without the DVD snapping in half, I would be happy!
That's a good question. Are all pens, shoes, screws, lightbulbs, etc. used in the process of manufacturing iso certified??? No. Iso certification of your quality process does not require that all third party equipment and supplies used in the process ALSO be ISO 9001:2000 certified. That would be an impossibility.
Buy your drive from Fry's, and it's quite likely to have someone elses shite on it. Some dealers do all sorts of shady things with returns, such as re-shrinkwrapping merchandise and selling it as new.
There are many applications which require macros to be present in Word documents.
True, but how many are emailed around outside the company? Probably very few. You can probably define a proceedure that would allow "trusted" users to email you such documents.
There are quite a few Web 1.5 sites that critically depend on JS, Flash, Java, etc.
This is VERY true, more for JS than others... I use noscript in FF, and it's AMAZING how many stupid sites out there have many or all of their links be javascript actions, or deliver a fucked up HTML if the JS browser detection code can't run. By disabling JS completely, you would probably be locked out of large portion of the internet. It seems as though corporate sites are much more likely to be JS dependant than personal - maybe as high as 40% by my guestimate.
I see things differently. While it may be illegal, it's NOT unethical IMHO. If anything is unethical, it's the botnet itself and the apathetic clueless user running a botnetted machine.
When I had my driveway repaved, I took some left over asphalt and patched a few potholes in the street without the city's permission. Technically, that was probably illegal, but was it unethical or was it a public service? My neighbors were happy.
That works only in the smallest and most simplistic installations. In the real business world, you usually have more than one switch, and they most likely sit in a rack in a closet or server room, and not on a shelf in an office. Hell, I even use a rack in the basement of my HOUSE.
The REAL answer, in a comment by another user, is to run Snort (or other IDS) on a bridge.
Its' STILL gigawatts, but the first "G" is pronounced like "George."
Unfortunatly, the process for combining Californium and Calcium (which is called "Californication") has already been patented by the Red Hot Chili Peppers.
Yah, a cheapo thermometer IS less expensive, but can it send you an SMS on the weekend when your airconditioner dies? No. It can't. A monitoring solution and a thermometer are as different as a dump truck and a honda accord. A honda accord is a really crappy way of hauling 18 cubic yards of rock. Or were you just trolling?
There are many room temperature monitoring solutions out there, but the OP is on a budget. Easiest way to handle it is to NOT have the server auto-reboot on power restore. I wouldn't do that for the main web server (which should probably be at a colo anyway) but for a general office server, it would be fine. The OP could also have the server auto-shutdown when the INTERNAL temperature (such as CPU temp) gets too high (may want to do that anyway).
Yeah - it's brutal to fsck a 1T array, or even just mkfs a partition that large with ext3. XFS and JFS are MUCH MUCH faster. So besides just huge filesystems, what else is better about ext4?
X-windows existed well before Microsoft windows. Microsoft did NOT coin the term "windows" when refering to rectangular regions on a screen, or to a windowing system (The original Windows was not an OS, but just a GUI layer on top of DOS - much like X-windows is a GUI layer on Unix.
And what does he use for the other end of the tunnel? Are you donating a datacenter full of ssh servers and a few OC192 pipes for all the universities to tunnel through?
Having a good football program probably does more to attract good students to your campus then good parking, bandwith, and competent instuctors combined.
Actually, the "good football team" is all about alumni dollars and administration prestige and NOT about students.
A site I work with is not a slashdot / geek demographic. It's a combination of government use (primary), non-profits, education, and business (in that order of heaviest to least % of users.) This site gets on average a million page views / day. Looking at the month of September, 76% IE, 16.3% firefox, 1.9% safari, Opera 0.2%. Back in March, it was 81% IE, 6.3% FF, 2% safari, Opera 0.2%. From my viewpoint, FF has jumped HUGE in that time frame. (Yes, the numbers don't add up to 100% - unknown and other browsers are the remainder.)
who really wants to have to pop open a VOB file to watch a movie?
Um, someone who want's to bypass all the non-skipable trailers (commercials), FBI warnings, and other crap and just play the friggin movie??? If you have a child, you know how fsking obnoxios disney movies are. Yep, rip em down to Mpeg4 and play via Mythtv.