Seriously... this would be the first time I ever thought about it, since it's just a few PHP hacks, a definitions file, and a publish script with SSH... makes quick work of a tedious problem, but I never thought of it as a product, per se, and you'd have to understand Bind pretty well to make it work, anyway.
All of which is why I wrote "I got good and comfortable with Bind many years ago"...
When evaluating the success of a product in the marketplace, it's important to note that there are many features of even highly technical products that are not technical in nature, at all.
Linux compares very closely to BSD from a technical standpoint, BSD has a much longer history than Linux, and is arguably better than Linux in many areas. It's definitely had more time to mature. So what feature does Linux have that has everybody talking about Linux?
Its license.
I'm not knocking the excellence that Linus Torvalds has displayed over and over again over the years. He's done a great job and I depend on his efforts every day in running my own business. But as great as Linus has done managing the technology of Linux, it would be hard to say that Theo De Raadt has done any worse. It would be easy to claim that Theo's work is more secure, but both have produced excellent products that are truly world class in nature.
But what has everybody talking about Linux is the license - the share and share alike requirement laid down by the GPL, which turns the Tragedy of the Commons around on its ear so that everybody is pushing the project along together, rather than taking what's convenient and giving nothing back.
Now, Solaris is behind the 8-ball. Even with the same license as Linux, they'd have to show a clear, compelling advantage to cause people to switch their efforts away from Linux. Given just how good Linux is in so many different areas that Solaris can't even touch today, that would be very, very hard to do.
Show me a Solaris supercomputer and I'll show you hundreds of Linux-based supercomputers. Show me a $40 Solaris-based router, or a Solaris phone, or a Solaris-based pocket calculator. Ironically, while Solaris is touted for "big iron", it's a non-starter in the list of the top 500 supercomputers, while Linux is dominant.
By definition, a NAT router effectively creates a "default deny" rule on all new, inbound connections. This makes it qualify nicely as a firewall, and provides a considerable degree of security.
How does this not make sense?
If you were to create a firewall for a public IP address, and reject all inbound connections, that would be "security". That NAT does this by default effectively makes it a "firewall"....
Please explain how NAT provides no security benefit?
Also, you don't need a publicly accessible IP for every workstation or node to use IP telephony - you need only one public IP address. See this site or this site for details on how to make this work.
Once I was making a large order by credit card while on the road. In order to process the order (it was around $12,000 as I recall) they needed a copy of my license, front and rear. I was nowhere near a copier, so I took a photo of it with my phone and sent it to the salesman.
Worked a champ, but it's rare. When I take pictures, it's because I want to remember the special occasion, and the pictures taken by my camera are lousy, at best. So I stick to my $99 Samsumg 4 Mp 4x Optical zoom digital camera if I care about the photo.
I don't use its music player because it doesn't play MP3s, it plays some proprietary Windows-only WMP format. Worse, it cuts sharply into battery life, and requires a special adapter to plug the headphone in. This makes it rather cumbersome to use. So I stick with my $60 Creative Zen MP3 player, which plays MP3s, and also has radio, and records from radio or real life. (none of which the phone does)
It has a calendar feature that's just "clicky" enough to be annoying, and seems to "forget" appointments from time to time.
But it's a phone! And as a phone, it's a great phone! It's durable, reasonable battery life, (it charges on my USB port!) the screen is large enough and clear, it's very compact, performance is reasonably snappy, reception is good, and it fits very nicely in my pocket. It's number recall is good.
So why would I use poorly implemented features that suck? I'd guess these features were built to fill "checkboxes" of feature lists that might compel somebody to buy the phone. But what were the features that made me buy it?
1) Charges on a USB plug (which only works on a Linux computer, so this feature is undocumented, it won't charge on a Mac or Windows PC, but I'm a Linux user)
2) Small, flat form factor,
3) Decent (more than 48 hours) battery life.
4) Send & receive SMS/email messages, to integrate with my network monitor.
None of these features include the camera, the music player, the calendar, the audio recorder, etc. and one of the biggest features is one they tried to disable!
Are you looking for features in a registrar or dns provider? While most registrars also provide DNS service, there's never a requirement that you have to use them. And use them I don't.
I got good and comfortable with Bind many years ago, and have the DNS administration stuff down pat. I have some really nice administration scripts that manage changes by service. Throw in a few variables, some regex, and some DNS boilerplate definition files, and I get the ability to re-ip a service (EG: websites, email, https, dbserver, etc. ad nauseum) for hundreds of domains in 60 seconds flat if you include updating the actual DNS servers with the changes. (I publish 2, I maintain 5 so that I can quickly switch nameservers in case of hardware/network failure)
Other than that, I have all my domains linked to two DNS servers by name, and occasionally I have to move a DNS server. It takes a few minutes.
Show the same casual user the receipt for the 1080p TV at their local Circuit City, and watch that jaw close right back up.
The TV playing behind me right now cost me $65. It's a 19" tube-TV, it's about 4-5 years old, and it has many years of life left in it thanks to the automatic down sampling done by the Dish DVR and the DVD player that gets occasional use. When we watch DVDs, we usually do it on our laptop computers. And even with the dish DVR, we're just as likely to go to digg/slashdot/myspace/youtube or use NetFlix for movies as watch the TV.
The problem with the TV is that it's a limited medium; you sit and watch movies or shows on it. No matter how much you spend on it, the TV is still a TV. But $500 gets you a decent, intro-level laptop.
The laptop can play a movie at comparable resolution to your $4000 "1080i" plasma TV. But, after watching your movie, you can then do some blogging, read the news, chat with a buddy, play a game or two. All on *your* timeline. Think about it... what are you doing right NOW!?!?!
We have a Netflix account, we can get (basically) unlimited DVDs in the mail. But we really don't use it much. We get maybe 2 rounds of DVDs per month, if that. The reason?
Instant downloads.
It's not all movies, and it's not all the latest movies. But with a Netflix account, we can watch a wide selection of movies on demand from the computer. It's fairly simple, it's fast, and it's entertaining. We deal with the loss in quality in order to get convenience. The quality is fair (not great) but not having to worry about scratches on the disk, returning the disk, the disk getting eaten by the dog, forgetting to return it, waiting for the next selection to show up 3 days later, etc. is all worth it.
In our household, physical media is virtually dead.
This is one of the largest, most complex projects ever conceived. By its very nature, it tests the limits of our understanding of the universe, and our ability to engineer within it. There WILL be bugs, there WILL be glitches, and progress will be slow while we work out the mechanics of operating at this level.
That LHC is down isn't surprising, it's expected. Wait 2-5 years, at which point the majority of kinks will be worked out and the LHC will be enjoying its "second wind".
Have you ever built something big, powerful, and complex? If you have, you'd know that "turning it on" is not a sudden point, it's a gradual process of implementation until it's fully operational, with hundreds or thousands of small, minor issues found and addressed as implementation approaches 100% complete.
Trademark law is designed so that people who take part in it have to be somewhat prick-ish. It's not their fault, they have no choice.
One of the requirements of trademarks is that, once granted, it's only yours so long as it doesn't become a generic term. If you start a company called "globat" that sells pencils, and people start referring to all pencils as "Globats", you have to stop people from using "Globat" in a generic sense when referring to pencils, by legal means if necessary, or lose the rights to the name "Globat".
This is why, when you go to a restaurant, and say: "and gimme a Coke with that" the waiter might ask: "Is Pepsi OK?" - they are required to, by requirements stemming from trademark law.
Google has to be a bit careful: So long as "Google it!" means going to google.com, they are ok. But the instant that "google" becomes synonymous with "search", regardless of what website you go to, the trademark protections that Google enjoys become threatened, and they'll be forced to be "evil" to protect their company name. Watch for it; I have no doubt it will happen as soon as some other search engine is actually more effective than Google.
So, the IOC, once granted trademark to "Olympics", then had to enforce their trademark to ensure that the word "Olympic" doesn't become a generic part of language. If you say "Olympics", it has to refer to the version put forth by the IOC, or they lose their trademark. So, they had to sue anybody and everybody near mount Olympus, etc. Sucks? Maybe. But it's not necessarily a fault of the IOC, they are REQUIRED to enforce their trademark or lose it. (Since "Olympic" has a classic meaning, the trademark is dubious at best, IMHO) But if I create a new company called "DynaStealthzWealthz" and become highly successful, it would seem to me legit to have rights to my company name since it didn't effectively exist prior to my creation of it.
I use PHP every day. I love PHP. It is an awesome, flexible, powerful, responsive rapid application development language for any kind of text processing and "cloud services" need. It's typical for me to write 10-20 lines of simple, elegant PHP code that performs wonders matched only by hundreds of lines of C. I'll put it simply: I've bet my farm on PHP, and it's paid off wonderfully. It's stable, fast, and extremely dense when measured in functionality per line of code.
But my one true beef with PHP - one of two beefs in all - is its inconsistent API.
I mean, WTF? How could I possibly remember the difference between these two almost identical functions with EXACT OPPOSITE PARAMETER ORDER!?!?! So php.net gets hit by me. Daily. Constantly. Zend pays the price for not thinking through the conventions of their API with my daily hits on their website.
I would *LOVE* a fork of PHP where the ordering is consistent. To be fair, the fork would have to be retro-compatible with the existing PHP API so that current PHP scripts don't break. This may be more painful than it's worth; I'd suggest prepending all functions in the alternate API with some special character (eg: "_" or "^" as in _mysql_query($conn, $query); )
My other beef? Lack of thread support. It may be due to the apache process limits of mod_php, but the fact that I can't run several threads inside a single memory space sometimes just drives me NUTS. So when lots of work needs to be done by lots of processors in a very short period of time, I have to fork() like crazy with a PHP script run from a shell call with shmop_* or temporary named pipes all over the place. It's fugly to say the least. Thankfully, the number of problems that won't fit into a single process (sans threading) are small, so the hack level is kept to a minimum - for now.
As processes get bigger, and processors develop ever more cores, this limitation will become increasingly a problem. Already, it's normal for a new, mid-range server to have 16 cores, each running at > 2 Ghz, which means that any single PHP script can only access 1/16 of the total available processing power. With current trends, in another couple years that will jump to 64 cores, and at that level, thread support becomes almost a requirement, even for highly parallel, concurrent activity.
Seriously - who wants to be limited to using only 1/64 of the available processing power? Not me. I hope that PHP 6 handles this.
The cities sysadmin should be fired. Check the referrer, then redirect to the main page when "needed". A couple minutes set up time and *poof* no more "deep linking" from other sites.
You assume a great many things:
1) That the city is wise enough to see the need for a sysadmin. Seriously.
2) That the city was cohesive enough to hire a sysadmin.
3) That the city is large enough to justify hiring a sysadmin. (according to Wikipedia, it's only 50,000 people)
4) That the city, otherwise utterly incompetent at technical issues, was somehow able to hire a sysadmin competently.
5) That a competent sysadmin would care to admin a city website.
6) That said competent sysadmin wouldn't quit within 90 business days due to the utter stab-yourself-in-the-eye kind of boredom that would reign supreme while admining your average city website.
A township this size HAS no admin. It's a small town, with small egos and big drama. Welcome to small town, USA. And worse, the city is, by definition, a government agency, and government agencies are uniquely unqualified to do anything businesslike as well as technical. Governments are POLITICAL organizations.
As a technology provider of services for government-managed agencies, I see it over, and over, and over: political organizations FAIL at dealing with technical issues, or competently hiring people to deal with technical issues. I've seen so many minor small-government fiefdoms ruled by unqualified techies who know how to spout intelligent-sounding techno-babble with extreme jealousy.
These types are fundamentally liars. They are unqualified, they know it. They spend their efforts attempting to disqualify any threats to their "turf", and selling their technical expertise to their co-workers through a combination of oppressive (and ineffective) security "requirements" and policies of limited value. They live in constant fear of being "discovered" and vehemently attack any improvement offered by any outside source.
In a bass-ackwards sort of way, the more draconian and oppressive the measures implemented, the more it appears that the tech weenie is "doing something" and the more likely he/she is to be supported. And thus, we end up with "Mordac, Preventer of Information Services". It's real.
My strategy when dealing with these types is to offer my services through them. Make them the hero for recommending our services, and make very public, deferential statements respecting their expertise.
Setting up an Apache module? Psssht. At this scale, good luck finding somebody who actually knows that Apache isn't just a breed of Native American!
Why let a town build a network with taxpayer money when you can build a network with that same money, then charge them again for using it? It's the classic telco business model.
I think you are missing a very key point, here. It's true that telcos were paid government funds to build a significant part of the telephone network. But it's also true that in the vast majority of cases, those parts are the UNPROFITABLE parts.
Let's say you have a water pumping service, doing business in town, and you're making whatever profits you are making. For this example, we'll ignore the fact that most communities have community water. Business is good, you're expanding to cover more and more houses, starting with the most profitable ones first. (densest neighborhoods)
But then de gubbmint comes in and tell you that you have to do a bunch of stuff in order to continue to do business, because of the benefits to the general health of the community or whatever. For example, since you provide water to some houses in your town, now you have to provide water to ALL houses in your town.
Now, it's not as though you wouldn't love to serve all the houses in the town, but some of those houses are over a mile apart! Just the cost to dig the pipes out that far will cost you over $10,000 per house! Since you are charging $50/month for water service, it's going to take almost 20 YEARS before you even break even on the base cost, nevermind the finance charges you'd incur to borrow the money to deliver the service the gubbmint requires!
And you can't charge the homeowners, either - they aren't buying anything, they didn't ask for it, and making them pay would be onerous on them, too.
So, in circumstances like these, it's very typical for the private company (your water company) to ask for funding to assist in the problem areas. It often comes as a sort of deal: Your water company enjoys a monopoly status, subject to various regulations that you have to perform, in exchange for funding to cover the plumbing for the unprofitable areas.
So the net effect goes something like this:
1) Your company is now a monopoly that must turn in a Profits and Loss statement, along with proof of regular water testing to the city council every month or so. You cover 100% of the houses in the community, and you have no effective competition. One of your concessions is that the municipality can levy taxes via your bills. You have to calculate this bill, and turn over the tax money to the city quarterly.
2) The city has now satisfied its goal of everybody having 100% availability to clean drinking water. It's paid for costs of plumbing by taking out a bond, secured against a tax raised against people's water bill.
3) Everybody who lives in the community now pays a 5% monthly tax on the water bill to cover the cost of plumbing outlying areas. Financially, it's a raise in your bill if you were already contracted with the water company when it was all private, it still brings benefits such as improved local economy resulting from the improved infrastructure.
He's loving, unless he wants to kill you for whatever minor crime.
He holds you personally accountable for your sins, unless he wants to eliminate your race.
You can talk with him, unless he's not in the mood.
He can heal you, unless you've been amputated. He never heals an amputee, or any kind of serious scar.
He worries about a bunch of guys building a tower to the heavens so much that he creates all the races of mankind, but when we build a spaceship and actually GET to the heavens, nothing much happens.
It's no wonder that Christians fail basic tests of logic...
The truth is that if you canonize a work and believe it to be true, you should canonize your work and believe it to be true. The bible is truly a repulsive, insane, conflicted, and uncivilized work. People who worry about a few swear words or the latest movie should actually pay attention to 'the good book' that they pay homage to every Sunday. In fact, God's behavior in the bible I would expect from a 3 year old child with power. Yuck.
And my mark certainly wasn't praying, unless by "prayer" you mean words generally written as "fsck" or "f--k" in order to avoid bad word filters.
Have you ever watched The Bible is Repulsive? It's a great 15 minutes. Spare it. You won't regret it.
I used this video one time while talking to a fundamentalist. We were downtown, there was a gay rights parade (I'm a left-coaster) and the usual fundamentalist Christians on the other side of the street. Several blocks away, I struck up a conversation with a guy who was hanging around.
I guess it was because I'm obviously hetero, and fairly well-dressed, short hair, etc. because he assumed that I was on the Christian Fundamentalist side. I joshed with him for a while, talked about the wife, the kids, working, paying bills, blah blah blah. I mentioned something about strictly following the good book, and tisked about the guys down the street. He was very adamant that we should "follow the good book".
Having planted that seed, I got the kids into the conversation again a little while later. I started in with how I have lots of kids (I do) and how they sometimes misbehave. He agreed, and then I talked about what do you do about it? How do you keep your kids in line!?!? You have important values you want to teach! and he was with me all the way.
And then I said:
"It's a good thing that the good book thought of this, two. When my oldest son snuck out and smoked a joint with his buddies, I grabbed some bricks and killed him, right there on the spot". I played it perfectly, too! He was speechless. "Yeah, I believe that the good book should be taken literally, and it's pretty clear, right there in the Deuteronomy, when your children misbehave, you stone them to death".
As he cursed and walked away, I hollered out: "And the cops haven't even investigated! It's been 2 years now!"
I don't think I've ever laughed so hard in all my life...
"Cheaper" should not have more weight than "secure".
This betrays almost unthinkable naivete. Cheaper always has weight. It's a question of overall system cost, and people tend to ignore non-obvious risk. Welcome to the human condition.
Ever go to any of those sites that tell you where your dollar bill has been? They have a place where you can put your bill's serial number, and see if anybody else has done the same. It's kinda fun!
But did you notice that there is NO SECURITY WHATSOEVER behind authenticating your possession of the dollar bill? That's OK, because the cost of compromise is unspeakably small - perhaps somebody will be annoyed... The cheapest solution, which is merely asking somebody to type something in, is plenty enough.
There's a formula at work here, something like this:
As long as the left side is "heavier" than the right side, you're doing the right thing. If you institute major security in an area where the cost of compromise is miniscule, you're wasting your money. Go for hookers and blow instead - at least you enjoy it!
If you don't invest significantly in security where the cost of compromise is high, or at least, the likelyhood of compromise is high, then you sure don't deserve your hookers and blow!
So, the right answer is proper risk assessment. Spend your money in areas where it'll do you some good. And be a cheap bastard if it really doesn't matter much!
Your understanding of electricity is what's meaningless.
Volts * Amps = Watts. Watts represent total ability to do work. Sounds simple enough, no?
And on paper it IS simple. Except that we're not talking about the ability to do work, we're talking about the ability to KILL YOU. They are NOT the same. Saying that volts = amps is ludicrous. Why else would power companies build high-voltage lines in the power grid, then step down the voltage later?
It's because by increasing the voltage, they can increase the amount of total power transmitted over a wire that has a maximum amperage carrying capacity. Lowering the voltage and raising the amperage would melt the wire.
As another example, I once had a big, nasty transformer from a 1960's color TV. It stepped up about 3 amps of 110v power to somewhere around 75,000 volts for the main tube. Simple division will tell you how many amps you had at 75kV. But I turned the transformer around - stepping down 110v 3 amps (ish) down to way less than 1 volt at a KAZILLION amps. Worked a treat for some interesting "make it vaporize!" type experiments. I actually blew a hole right though a high-carbon, stainless-steel kitchen knife with that bad boy, and 24-guage copper wire would literally vanish in a puff of smoke. That is, until I ran too many "experiments" in a row and the transformer caught fire from all the heat generated by all that current flow.
It's electrical current flow that cause the danger, not voltage, and to an extent, not wattage. Current flow is measured by amperage.
People tend to dismiss low voltage, while respecting high voltage. But it's not the voltage that kills you, it's the amperage. The only reason you can ignore low voltage is that under about 50 volts, electricity won't break your skin with the presence of salt water. (sweat can sometimes suffice, or some other electrolyte) And while an auto spark coil will often generate 50,000 volts or more, there's not enough amperage to do any significant damage. (you won't forget the feeling, however!)
A car battery throws 12 volts with an large amount of amperage. (50 amps? 100?) This much amperage is enough to melt wedding rings, screwdrivers, and lots more in very short order. To give an analog, your standard wall socket is rated at 15 amps.
Always show respect for the car battery. There's plenty of death in there if you're stupid.
It's true that Volts*Amps=Watts, where Watts is a measure of total power. But while high voltage is annoying, high amps will kill you.
I did this with our own web-based product and found out that yes, indeed, we are insecure. It took a few minutes of poking around to find out how to secure our site.
So, for everybody else: if you are using PHP, you need to pay attention to Set_Cookie_Params() . Here's the 1-liner call that we make in order to solve this problem for us, before any calls to session_register():
Does anyone know anything about the "group" that sent them, and is there anything that actually ties it to them?
Notice the name: American Rights Counsel. Have you heard of Scientology's "ARC Triangle"? If not, Google it. I won't pretend that this is proof, but it sure is an interesting fluke event.
See, people like to think that nobody else knows about them. At least, when they don't want anybody to.
But the truth is that when you are in public, there's this horrible electromagnetic vibration generated by a large source (called the "sun") which generates EM radiation. Almost without exception, some of these EM rays will bounce off you and be detectable by other biological units that contain passive EM radiation sensors. (eyes)
Once so recorded by biological units, the information about your whereabouts is thereafter not private at all. Said biological unit might be your wife, who may or may not appreciate the red-head's hand that you are holding at the fancy restaurant you told her last week was "too expensive" for a Friday night date.
Get over it! The problem isn't the PRIVACY of your data but its TRANSPARENCY.
When your county's land ownership is a matter of record as a piece of paper at the county office (circa 1960) the fact that it's "public record" is no big deal, because there's a certain amount of privacy in the fact that, to find out who owns your house, somebody has to physically go to the county office, talk to the extremely overweight clerk (the one in the white sweater with breasts the size of small watermelons) in order to view the deed for your street address, and then write that down to know who you are.
But it's different when there's a website with your house ownership, phone number, social security number, and just about everything else known about you, available with a mouseclick or a google search. I just searched my home address, and found that google dutifully returned my name, and both of my home phone numbers. It took me another 2-3 minutes to search and get my SSN.
Privacy? Fat chance. And anything that uses the airwaves is, by definition, part of a public resource. You are no private with your cell phone, cellular card, or wifi card than you are with the sunlight and your wife.
Get used to it. Decide if it's worth it, and make up your mind.
Using anti-virus to "protect" your computer is like trying to avoid collisions by studying your rear-view mirror. By definition, it only "catches" compromises AFTER THEY ARE SUCCESSFUL.
Then, we have to trust that:
1) The compromise is one of the known viruses, or falls into the realm of "suspsicious activity".
2) The compromise was successfully noticed.
3) All aspects of the virus are known and can be removed.
4) You (the end user) have sufficient system permissions to remove the virus.
5) You (the end user) have all updates applied.
The whole system is woefully fragile and ineffective. Most estimates today seldom put A/V effectiveness above 50% effective, despite the considerable resources consumed by the software. It may be better than poking yourself with a sharp stick, but not by much!
And here's a good example of this: My kids' computer. It's an Athlon XP 3400 with a GB of RAM and an 80 GB HDD. I got sick of reloading the !@#@$ computer every 3 months when it got all horked with god-knows-what so I did the nasty, this time.
I installed ALL O/S patches while hooked up to a private network. I installed AVG antivirus. I let the kids only use the computer as the most limited user available: guest. I installed FF and made it the default browser, along with Open Office and a few legal games. (not warez!) I set WinXP to self-update every single day, and not ask about it. The Windows firewall was on, and the computer is on a NAT network, connected to another highly firewalled DMZ.
Despite all this hassle and inconvenience, the system is STILL behaving rather poorly, 6 months later. Bought me 3 months, but only three more.
Compare/contrast with the Mac. Same kids. Same amount of usage. Same type of usage for the same purposes. Blogging, MySpace, games, homework. All else the same, but I never bothered with antivirus. Yet it works fine! No bogging down. No strange behavior. Same thing with my Linux laptop, which after some 10 years is still using the same/home partition.
Good security isn't something you "band aid", it's something you design from the beginning.
You're not a businessman. To a businessman, implausible and impossible are pretty much the same. I've said many times: "As a Programmer/System Architect/Software Engineer, I work in a realm where just about anything is possible. The question for you, is what's feasible".
To a businessman, "impossible" means "can't happen in a practical way".
Every company needs to identify its core competence, and never, ever give that up or outsource it. On the flip side, every company should seriously consider outsourcing anything that isn't part of their core competence.
If you are a custom-software company, you had better be able to deliver custom software. You hire the programmers, you have good quality equipment for them to use, you have a good marketing team to generate demand for your programming team, etc.
But anything not directly related to custom software should be outsourced. You don't generate your own power, you outsource that to your local power utility. You don't outsource the manufacturing of your computers, you outsource that to an equipment vendor. You don't build operating systems, you outsource that to your vendor or organization of choice. (Redhat/Debian/Microsoft/Apple) An operating system isn't "custom software" - it's a commodity.
Just because, with your crack programming team, you *could* do many of these things in house, doesn't mean you should. Doing these kinds of things distract from your company's core competence, and provide negative value for your investment and increase your long-term cost of operation. (somebody has to *maintain* that operating system extension that you now depend on, etc)
But, when it's your core competence, you should never, ever, EVER give that up. Not for any amount of money, for any reason, whatsoever. Idiots that outsource core competence cause the crash and death of company after company because they can produce some Power Point presentation that has everybody oohing and ahhing about all the money they'll save.
Which is bullshit. The moment you outsource your core competence is the moment that your company ceases to have any reason to exist. From that point forward, it's only market inertia that keeps you alive until consumers realize that you offer no real value.
And while marketing may delay this process, the end is inevitable.
If you are ever in a management position, never, ever, ever give up your core competence. Strengthen it anywhere, everywhere, and anyway you can. Hire the very, very best possible people you can to strengthen it, and get rid of any possible distraction from that core competence.
Be the very best in the world at what you do, and the whole world will look to you for the best. And that's usually a very, very, very profitable position to be in.
Slashdot Mirror
Are you asking for them?
Seriously... this would be the first time I ever thought about it, since it's just a few PHP hacks, a definitions file, and a publish script with SSH... makes quick work of a tedious problem, but I never thought of it as a product, per se, and you'd have to understand Bind pretty well to make it work, anyway.
All of which is why I wrote "I got good and comfortable with Bind many years ago"...
When evaluating the success of a product in the marketplace, it's important to note that there are many features of even highly technical products that are not technical in nature, at all.
Linux compares very closely to BSD from a technical standpoint, BSD has a much longer history than Linux, and is arguably better than Linux in many areas. It's definitely had more time to mature. So what feature does Linux have that has everybody talking about Linux?
Its license.
I'm not knocking the excellence that Linus Torvalds has displayed over and over again over the years. He's done a great job and I depend on his efforts every day in running my own business. But as great as Linus has done managing the technology of Linux, it would be hard to say that Theo De Raadt has done any worse. It would be easy to claim that Theo's work is more secure, but both have produced excellent products that are truly world class in nature.
But what has everybody talking about Linux is the license - the share and share alike requirement laid down by the GPL, which turns the Tragedy of the Commons around on its ear so that everybody is pushing the project along together, rather than taking what's convenient and giving nothing back.
The sad truth? "More free" isn't always better. Just like "less government regulation" isn't always a good idea, you can often get a better mix for everybody by limiting people's freedom to screw each other.
Now, Solaris is behind the 8-ball. Even with the same license as Linux, they'd have to show a clear, compelling advantage to cause people to switch their efforts away from Linux. Given just how good Linux is in so many different areas that Solaris can't even touch today, that would be very, very hard to do.
Show me a Solaris supercomputer and I'll show you hundreds of Linux-based supercomputers. Show me a $40 Solaris-based router, or a Solaris phone, or a Solaris-based pocket calculator. Ironically, while Solaris is touted for "big iron", it's a non-starter in the list of the top 500 supercomputers, while Linux is dominant.
Go Tux!
By definition, a NAT router effectively creates a "default deny" rule on all new, inbound connections. This makes it qualify nicely as a firewall, and provides a considerable degree of security.
How does this not make sense?
If you were to create a firewall for a public IP address, and reject all inbound connections, that would be "security". That NAT does this by default effectively makes it a "firewall"....
Please explain how NAT provides no security benefit?
Also, you don't need a publicly accessible IP for every workstation or node to use IP telephony - you need only one public IP address. See this site or this site for details on how to make this work.
Once I was making a large order by credit card while on the road. In order to process the order (it was around $12,000 as I recall) they needed a copy of my license, front and rear. I was nowhere near a copier, so I took a photo of it with my phone and sent it to the salesman.
Worked a champ, but it's rare. When I take pictures, it's because I want to remember the special occasion, and the pictures taken by my camera are lousy, at best. So I stick to my $99 Samsumg 4 Mp 4x Optical zoom digital camera if I care about the photo.
I don't use its music player because it doesn't play MP3s, it plays some proprietary Windows-only WMP format. Worse, it cuts sharply into battery life, and requires a special adapter to plug the headphone in. This makes it rather cumbersome to use. So I stick with my $60 Creative Zen MP3 player, which plays MP3s, and also has radio, and records from radio or real life. (none of which the phone does)
It has a calendar feature that's just "clicky" enough to be annoying, and seems to "forget" appointments from time to time.
But it's a phone! And as a phone, it's a great phone! It's durable, reasonable battery life, (it charges on my USB port!) the screen is large enough and clear, it's very compact, performance is reasonably snappy, reception is good, and it fits very nicely in my pocket. It's number recall is good.
So why would I use poorly implemented features that suck? I'd guess these features were built to fill "checkboxes" of feature lists that might compel somebody to buy the phone. But what were the features that made me buy it?
1) Charges on a USB plug (which only works on a Linux computer, so this feature is undocumented, it won't charge on a Mac or Windows PC, but I'm a Linux user)
2) Small, flat form factor,
3) Decent (more than 48 hours) battery life.
4) Send & receive SMS/email messages, to integrate with my network monitor.
None of these features include the camera, the music player, the calendar, the audio recorder, etc. and one of the biggest features is one they tried to disable!
BTW: My phone is a Motorola Razr.
Are you looking for features in a registrar or dns provider? While most registrars also provide DNS service, there's never a requirement that you have to use them. And use them I don't.
I got good and comfortable with Bind many years ago, and have the DNS administration stuff down pat. I have some really nice administration scripts that manage changes by service. Throw in a few variables, some regex, and some DNS boilerplate definition files, and I get the ability to re-ip a service (EG: websites, email, https, dbserver, etc. ad nauseum) for hundreds of domains in 60 seconds flat if you include updating the actual DNS servers with the changes. (I publish 2, I maintain 5 so that I can quickly switch nameservers in case of hardware/network failure)
Other than that, I have all my domains linked to two DNS servers by name, and occasionally I have to move a DNS server. It takes a few minutes.
Is this what you are looking for?
Yes but by the time those other ships were able to report to you the ships that they see that you can't, you can see those other ships, too.
Show the same casual user the receipt for the 1080p TV at their local Circuit City, and watch that jaw close right back up.
The TV playing behind me right now cost me $65. It's a 19" tube-TV, it's about 4-5 years old, and it has many years of life left in it thanks to the automatic down sampling done by the Dish DVR and the DVD player that gets occasional use. When we watch DVDs, we usually do it on our laptop computers. And even with the dish DVR, we're just as likely to go to digg/slashdot/myspace/youtube or use NetFlix for movies as watch the TV.
The problem with the TV is that it's a limited medium; you sit and watch movies or shows on it. No matter how much you spend on it, the TV is still a TV. But $500 gets you a decent, intro-level laptop.
The laptop can play a movie at comparable resolution to your $4000 "1080i" plasma TV. But, after watching your movie, you can then do some blogging, read the news, chat with a buddy, play a game or two. All on *your* timeline. Think about it... what are you doing right NOW!?!?!
I hate to say it, but once the price becomes reasonable, the long tail beats mass media every time.
We have a Netflix account, we can get (basically) unlimited DVDs in the mail. But we really don't use it much. We get maybe 2 rounds of DVDs per month, if that. The reason?
Instant downloads.
It's not all movies, and it's not all the latest movies. But with a Netflix account, we can watch a wide selection of movies on demand from the computer. It's fairly simple, it's fast, and it's entertaining. We deal with the loss in quality in order to get convenience. The quality is fair (not great) but not having to worry about scratches on the disk, returning the disk, the disk getting eaten by the dog, forgetting to return it, waiting for the next selection to show up 3 days later, etc. is all worth it.
In our household, physical media is virtually dead.
This is one of the largest, most complex projects ever conceived. By its very nature, it tests the limits of our understanding of the universe, and our ability to engineer within it. There WILL be bugs, there WILL be glitches, and progress will be slow while we work out the mechanics of operating at this level.
That LHC is down isn't surprising, it's expected. Wait 2-5 years, at which point the majority of kinks will be worked out and the LHC will be enjoying its "second wind".
Have you ever built something big, powerful, and complex? If you have, you'd know that "turning it on" is not a sudden point, it's a gradual process of implementation until it's fully operational, with hundreds or thousands of small, minor issues found and addressed as implementation approaches 100% complete.
Trademark law is designed so that people who take part in it have to be somewhat prick-ish. It's not their fault, they have no choice.
One of the requirements of trademarks is that, once granted, it's only yours so long as it doesn't become a generic term. If you start a company called "globat" that sells pencils, and people start referring to all pencils as "Globats", you have to stop people from using "Globat" in a generic sense when referring to pencils, by legal means if necessary, or lose the rights to the name "Globat".
This is why, when you go to a restaurant, and say: "and gimme a Coke with that" the waiter might ask: "Is Pepsi OK?" - they are required to, by requirements stemming from trademark law.
Google has to be a bit careful: So long as "Google it!" means going to google.com, they are ok. But the instant that "google" becomes synonymous with "search", regardless of what website you go to, the trademark protections that Google enjoys become threatened, and they'll be forced to be "evil" to protect their company name. Watch for it; I have no doubt it will happen as soon as some other search engine is actually more effective than Google.
Examples in history of trademarks that were threatened include: Xerox, Kleenex, and Band-Aid. All had to resort to legal means to protect their trademarks. And, some trademarks have been lost, or "genericized". EG: Aspirin was lost by Bayer in the early 1900s.
So, the IOC, once granted trademark to "Olympics", then had to enforce their trademark to ensure that the word "Olympic" doesn't become a generic part of language. If you say "Olympics", it has to refer to the version put forth by the IOC, or they lose their trademark. So, they had to sue anybody and everybody near mount Olympus, etc. Sucks? Maybe. But it's not necessarily a fault of the IOC, they are REQUIRED to enforce their trademark or lose it. (Since "Olympic" has a classic meaning, the trademark is dubious at best, IMHO) But if I create a new company called "DynaStealthzWealthz" and become highly successful, it would seem to me legit to have rights to my company name since it didn't effectively exist prior to my creation of it.
Or 1 line of perl.
Except that I can *read* my 10-20 lines after the fact... and so can somebody else!
I use PHP every day. I love PHP. It is an awesome, flexible, powerful, responsive rapid application development language for any kind of text processing and "cloud services" need. It's typical for me to write 10-20 lines of simple, elegant PHP code that performs wonders matched only by hundreds of lines of C. I'll put it simply: I've bet my farm on PHP, and it's paid off wonderfully. It's stable, fast, and extremely dense when measured in functionality per line of code.
But my one true beef with PHP - one of two beefs in all - is its inconsistent API.
For example:
Here's one that drives me nuts to no end: in_array($needle, $haystack); vs strstr($haystack, $needle);
Here's another that makes x-platform DB stuff a serious pain: mysql_query($query, $db_connection); compared to pg_query($db_connection, $query);
I mean, WTF? How could I possibly remember the difference between these two almost identical functions with EXACT OPPOSITE PARAMETER ORDER!?!?! So php.net gets hit by me. Daily. Constantly. Zend pays the price for not thinking through the conventions of their API with my daily hits on their website.
I would *LOVE* a fork of PHP where the ordering is consistent. To be fair, the fork would have to be retro-compatible with the existing PHP API so that current PHP scripts don't break. This may be more painful than it's worth; I'd suggest prepending all functions in the alternate API with some special character (eg: "_" or "^" as in _mysql_query($conn, $query); )
My other beef? Lack of thread support. It may be due to the apache process limits of mod_php, but the fact that I can't run several threads inside a single memory space sometimes just drives me NUTS. So when lots of work needs to be done by lots of processors in a very short period of time, I have to fork() like crazy with a PHP script run from a shell call with shmop_* or temporary named pipes all over the place. It's fugly to say the least. Thankfully, the number of problems that won't fit into a single process (sans threading) are small, so the hack level is kept to a minimum - for now.
As processes get bigger, and processors develop ever more cores, this limitation will become increasingly a problem. Already, it's normal for a new, mid-range server to have 16 cores, each running at > 2 Ghz, which means that any single PHP script can only access 1/16 of the total available processing power. With current trends, in another couple years that will jump to 64 cores, and at that level, thread support becomes almost a requirement, even for highly parallel, concurrent activity.
Seriously - who wants to be limited to using only 1/64 of the available processing power? Not me. I hope that PHP 6 handles this.
Oh... go PHP.net!
The cities sysadmin should be fired. Check the referrer, then redirect to the main page when "needed". A couple minutes set up time and *poof* no more "deep linking" from other sites.
You assume a great many things:
1) That the city is wise enough to see the need for a sysadmin. Seriously.
2) That the city was cohesive enough to hire a sysadmin.
3) That the city is large enough to justify hiring a sysadmin. (according to Wikipedia, it's only 50,000 people)
4) That the city, otherwise utterly incompetent at technical issues, was somehow able to hire a sysadmin competently.
5) That a competent sysadmin would care to admin a city website.
6) That said competent sysadmin wouldn't quit within 90 business days due to the utter stab-yourself-in-the-eye kind of boredom that would reign supreme while admining your average city website.
A township this size HAS no admin. It's a small town, with small egos and big drama. Welcome to small town, USA. And worse, the city is, by definition, a government agency, and government agencies are uniquely unqualified to do anything businesslike as well as technical. Governments are POLITICAL organizations.
As a technology provider of services for government-managed agencies, I see it over, and over, and over: political organizations FAIL at dealing with technical issues, or competently hiring people to deal with technical issues. I've seen so many minor small-government fiefdoms ruled by unqualified techies who know how to spout intelligent-sounding techno-babble with extreme jealousy.
These types are fundamentally liars. They are unqualified, they know it. They spend their efforts attempting to disqualify any threats to their "turf", and selling their technical expertise to their co-workers through a combination of oppressive (and ineffective) security "requirements" and policies of limited value. They live in constant fear of being "discovered" and vehemently attack any improvement offered by any outside source.
In a bass-ackwards sort of way, the more draconian and oppressive the measures implemented, the more it appears that the tech weenie is "doing something" and the more likely he/she is to be supported. And thus, we end up with "Mordac, Preventer of Information Services". It's real.
My strategy when dealing with these types is to offer my services through them. Make them the hero for recommending our services, and make very public, deferential statements respecting their expertise.
Setting up an Apache module? Psssht. At this scale, good luck finding somebody who actually knows that Apache isn't just a breed of Native American!
Why let a town build a network with taxpayer money when you can build a network with that same money, then charge them again for using it? It's the classic telco business model.
I think you are missing a very key point, here. It's true that telcos were paid government funds to build a significant part of the telephone network. But it's also true that in the vast majority of cases, those parts are the UNPROFITABLE parts.
Let's say you have a water pumping service, doing business in town, and you're making whatever profits you are making. For this example, we'll ignore the fact that most communities have community water. Business is good, you're expanding to cover more and more houses, starting with the most profitable ones first. (densest neighborhoods)
But then de gubbmint comes in and tell you that you have to do a bunch of stuff in order to continue to do business, because of the benefits to the general health of the community or whatever. For example, since you provide water to some houses in your town, now you have to provide water to ALL houses in your town.
Now, it's not as though you wouldn't love to serve all the houses in the town, but some of those houses are over a mile apart! Just the cost to dig the pipes out that far will cost you over $10,000 per house! Since you are charging $50/month for water service, it's going to take almost 20 YEARS before you even break even on the base cost, nevermind the finance charges you'd incur to borrow the money to deliver the service the gubbmint requires!
And you can't charge the homeowners, either - they aren't buying anything, they didn't ask for it, and making them pay would be onerous on them, too.
So, in circumstances like these, it's very typical for the private company (your water company) to ask for funding to assist in the problem areas. It often comes as a sort of deal: Your water company enjoys a monopoly status, subject to various regulations that you have to perform, in exchange for funding to cover the plumbing for the unprofitable areas.
So the net effect goes something like this:
1) Your company is now a monopoly that must turn in a Profits and Loss statement, along with proof of regular water testing to the city council every month or so. You cover 100% of the houses in the community, and you have no effective competition. One of your concessions is that the municipality can levy taxes via your bills. You have to calculate this bill, and turn over the tax money to the city quarterly.
2) The city has now satisfied its goal of everybody having 100% availability to clean drinking water. It's paid for costs of plumbing by taking out a bond, secured against a tax raised against people's water bill.
3) Everybody who lives in the community now pays a 5% monthly tax on the water bill to cover the cost of plumbing outlying areas. Financially, it's a raise in your bill if you were already contracted with the water company when it was all private, it still brings benefits such as improved local economy resulting from the improved infrastructure.
Ok, let's see.
God is consistent. Except he isn't.
He's loving, unless he wants to kill you for whatever minor crime.
He holds you personally accountable for your sins, unless he wants to eliminate your race.
You can talk with him, unless he's not in the mood.
He can heal you, unless you've been amputated. He never heals an amputee, or any kind of serious scar.
He worries about a bunch of guys building a tower to the heavens so much that he creates all the races of mankind, but when we build a spaceship and actually GET to the heavens, nothing much happens.
It's no wonder that Christians fail basic tests of logic...
The truth is that if you canonize a work and believe it to be true, you should canonize your work and believe it to be true. The bible is truly a repulsive, insane, conflicted, and uncivilized work. People who worry about a few swear words or the latest movie should actually pay attention to 'the good book' that they pay homage to every Sunday. In fact, God's behavior in the bible I would expect from a 3 year old child with power. Yuck.
And my mark certainly wasn't praying, unless by "prayer" you mean words generally written as "fsck" or "f--k" in order to avoid bad word filters.
Have you ever watched The Bible is Repulsive? It's a great 15 minutes. Spare it. You won't regret it.
I used this video one time while talking to a fundamentalist. We were downtown, there was a gay rights parade (I'm a left-coaster) and the usual fundamentalist Christians on the other side of the street. Several blocks away, I struck up a conversation with a guy who was hanging around.
I guess it was because I'm obviously hetero, and fairly well-dressed, short hair, etc. because he assumed that I was on the Christian Fundamentalist side. I joshed with him for a while, talked about the wife, the kids, working, paying bills, blah blah blah. I mentioned something about strictly following the good book, and tisked about the guys down the street. He was very adamant that we should "follow the good book".
Having planted that seed, I got the kids into the conversation again a little while later. I started in with how I have lots of kids (I do) and how they sometimes misbehave. He agreed, and then I talked about what do you do about it? How do you keep your kids in line!?!? You have important values you want to teach! and he was with me all the way.
And then I said:
"It's a good thing that the good book thought of this, two. When my oldest son snuck out and smoked a joint with his buddies, I grabbed some bricks and killed him, right there on the spot". I played it perfectly, too! He was speechless. "Yeah, I believe that the good book should be taken literally, and it's pretty clear, right there in the Deuteronomy, when your children misbehave, you stone them to death".
As he cursed and walked away, I hollered out: "And the cops haven't even investigated! It's been 2 years now!"
I don't think I've ever laughed so hard in all my life...
"Cheaper" should not have more weight than "secure".
This betrays almost unthinkable naivete. Cheaper always has weight. It's a question of overall system cost, and people tend to ignore non-obvious risk. Welcome to the human condition.
Ever go to any of those sites that tell you where your dollar bill has been? They have a place where you can put your bill's serial number, and see if anybody else has done the same. It's kinda fun!
But did you notice that there is NO SECURITY WHATSOEVER behind authenticating your possession of the dollar bill? That's OK, because the cost of compromise is unspeakably small - perhaps somebody will be annoyed... The cheapest solution, which is merely asking somebody to type something in, is plenty enough.
There's a formula at work here, something like this:
$CostOfCompromise*$LikelyhoodOfCompromise <> $CostofSecurity*$ReductionOfLikelyhood.
As long as the left side is "heavier" than the right side, you're doing the right thing. If you institute major security in an area where the cost of compromise is miniscule, you're wasting your money. Go for hookers and blow instead - at least you enjoy it!
If you don't invest significantly in security where the cost of compromise is high, or at least, the likelyhood of compromise is high, then you sure don't deserve your hookers and blow!
So, the right answer is proper risk assessment. Spend your money in areas where it'll do you some good. And be a cheap bastard if it really doesn't matter much!
Your understanding of electricity is what's meaningless.
Volts * Amps = Watts. Watts represent total ability to do work. Sounds simple enough, no?
And on paper it IS simple. Except that we're not talking about the ability to do work, we're talking about the ability to KILL YOU. They are NOT the same. Saying that volts = amps is ludicrous. Why else would power companies build high-voltage lines in the power grid, then step down the voltage later?
It's because by increasing the voltage, they can increase the amount of total power transmitted over a wire that has a maximum amperage carrying capacity. Lowering the voltage and raising the amperage would melt the wire.
As another example, I once had a big, nasty transformer from a 1960's color TV. It stepped up about 3 amps of 110v power to somewhere around 75,000 volts for the main tube. Simple division will tell you how many amps you had at 75kV. But I turned the transformer around - stepping down 110v 3 amps (ish) down to way less than 1 volt at a KAZILLION amps. Worked a treat for some interesting "make it vaporize!" type experiments. I actually blew a hole right though a high-carbon, stainless-steel kitchen knife with that bad boy, and 24-guage copper wire would literally vanish in a puff of smoke. That is, until I ran too many "experiments" in a row and the transformer caught fire from all the heat generated by all that current flow.
It's electrical current flow that cause the danger, not voltage, and to an extent, not wattage. Current flow is measured by amperage.
People tend to dismiss low voltage, while respecting high voltage. But it's not the voltage that kills you, it's the amperage. The only reason you can ignore low voltage is that under about 50 volts, electricity won't break your skin with the presence of salt water. (sweat can sometimes suffice, or some other electrolyte) And while an auto spark coil will often generate 50,000 volts or more, there's not enough amperage to do any significant damage. (you won't forget the feeling, however!)
A car battery throws 12 volts with an large amount of amperage. (50 amps? 100?) This much amperage is enough to melt wedding rings, screwdrivers, and lots more in very short order. To give an analog, your standard wall socket is rated at 15 amps.
Always show respect for the car battery. There's plenty of death in there if you're stupid.
It's true that Volts*Amps=Watts, where Watts is a measure of total power. But while high voltage is annoying, high amps will kill you.
I did this with our own web-based product and found out that yes, indeed, we are insecure. It took a few minutes of poking around to find out how to secure our site.
So, for everybody else: if you are using PHP, you need to pay attention to Set_Cookie_Params() . Here's the 1-liner call that we make in order to solve this problem for us, before any calls to session_register():
Session_Set_Cookie_Params(720, '/', $_SERVER['SERVER_NAME'], true);
Parameters:
1) 720: Our sessions timeout after 2 hours.
2) '/': the cookie applies to all paths within our site.
3) $_SERVER['SERVER_NAME']: applies only to the specific domain name originally called. (we use subdomains, so this is important)
4) true: (the most important one), this means that the cookies can only be used over SSL.
Does anyone know anything about the "group" that sent them, and is there anything that actually ties it to them?
Notice the name: American Rights Counsel. Have you heard of Scientology's "ARC Triangle"? If not, Google it. I won't pretend that this is proof, but it sure is an interesting fluke event.
See, people like to think that nobody else knows about them. At least, when they don't want anybody to.
But the truth is that when you are in public, there's this horrible electromagnetic vibration generated by a large source (called the "sun") which generates EM radiation. Almost without exception, some of these EM rays will bounce off you and be detectable by other biological units that contain passive EM radiation sensors. (eyes)
Once so recorded by biological units, the information about your whereabouts is thereafter not private at all. Said biological unit might be your wife, who may or may not appreciate the red-head's hand that you are holding at the fancy restaurant you told her last week was "too expensive" for a Friday night date.
Get over it! The problem isn't the PRIVACY of your data but its TRANSPARENCY.
When your county's land ownership is a matter of record as a piece of paper at the county office (circa 1960) the fact that it's "public record" is no big deal, because there's a certain amount of privacy in the fact that, to find out who owns your house, somebody has to physically go to the county office, talk to the extremely overweight clerk (the one in the white sweater with breasts the size of small watermelons) in order to view the deed for your street address, and then write that down to know who you are.
But it's different when there's a website with your house ownership, phone number, social security number, and just about everything else known about you, available with a mouseclick or a google search. I just searched my home address, and found that google dutifully returned my name, and both of my home phone numbers. It took me another 2-3 minutes to search and get my SSN.
Privacy? Fat chance. And anything that uses the airwaves is, by definition, part of a public resource. You are no private with your cell phone, cellular card, or wifi card than you are with the sunlight and your wife.
Get used to it. Decide if it's worth it, and make up your mind.
Using anti-virus to "protect" your computer is like trying to avoid collisions by studying your rear-view mirror. By definition, it only "catches" compromises AFTER THEY ARE SUCCESSFUL.
Then, we have to trust that:
1) The compromise is one of the known viruses, or falls into the realm of "suspsicious activity".
2) The compromise was successfully noticed.
3) All aspects of the virus are known and can be removed.
4) You (the end user) have sufficient system permissions to remove the virus.
5) You (the end user) have all updates applied.
The whole system is woefully fragile and ineffective. Most estimates today seldom put A/V effectiveness above 50% effective, despite the considerable resources consumed by the software. It may be better than poking yourself with a sharp stick, but not by much!
And here's a good example of this: My kids' computer. It's an Athlon XP 3400 with a GB of RAM and an 80 GB HDD. I got sick of reloading the !@#@$ computer every 3 months when it got all horked with god-knows-what so I did the nasty, this time.
I installed ALL O/S patches while hooked up to a private network. I installed AVG antivirus. I let the kids only use the computer as the most limited user available: guest. I installed FF and made it the default browser, along with Open Office and a few legal games. (not warez!) I set WinXP to self-update every single day, and not ask about it. The Windows firewall was on, and the computer is on a NAT network, connected to another highly firewalled DMZ.
Despite all this hassle and inconvenience, the system is STILL behaving rather poorly, 6 months later. Bought me 3 months, but only three more.
Compare/contrast with the Mac. Same kids. Same amount of usage. Same type of usage for the same purposes. Blogging, MySpace, games, homework. All else the same, but I never bothered with antivirus. Yet it works fine! No bogging down. No strange behavior. Same thing with my Linux laptop, which after some 10 years is still using the same /home partition.
Good security isn't something you "band aid", it's something you design from the beginning.
Implausable to crack != Impossible to crack.
You're not a businessman. To a businessman, implausible and impossible are pretty much the same. I've said many times: "As a Programmer/System Architect/Software Engineer, I work in a realm where just about anything is possible. The question for you, is what's feasible".
To a businessman, "impossible" means "can't happen in a practical way".
Every company needs to identify its core competence, and never, ever give that up or outsource it. On the flip side, every company should seriously consider outsourcing anything that isn't part of their core competence.
If you are a custom-software company, you had better be able to deliver custom software. You hire the programmers, you have good quality equipment for them to use, you have a good marketing team to generate demand for your programming team, etc.
But anything not directly related to custom software should be outsourced. You don't generate your own power, you outsource that to your local power utility. You don't outsource the manufacturing of your computers, you outsource that to an equipment vendor. You don't build operating systems, you outsource that to your vendor or organization of choice. (Redhat/Debian/Microsoft/Apple) An operating system isn't "custom software" - it's a commodity.
Just because, with your crack programming team, you *could* do many of these things in house, doesn't mean you should. Doing these kinds of things distract from your company's core competence, and provide negative value for your investment and increase your long-term cost of operation. (somebody has to *maintain* that operating system extension that you now depend on, etc)
But, when it's your core competence, you should never, ever, EVER give that up. Not for any amount of money, for any reason, whatsoever. Idiots that outsource core competence cause the crash and death of company after company because they can produce some Power Point presentation that has everybody oohing and ahhing about all the money they'll save.
Which is bullshit. The moment you outsource your core competence is the moment that your company ceases to have any reason to exist. From that point forward, it's only market inertia that keeps you alive until consumers realize that you offer no real value.
And while marketing may delay this process, the end is inevitable.
If you are ever in a management position, never, ever, ever give up your core competence. Strengthen it anywhere, everywhere, and anyway you can. Hire the very, very best possible people you can to strengthen it, and get rid of any possible distraction from that core competence.
Be the very best in the world at what you do, and the whole world will look to you for the best. And that's usually a very, very, very profitable position to be in.