It wasn't even *close* to cheap (either in implementation or ongoing support) but we added OIM (Oracle Identity Manager) to our existing Oracle suite of products (we have tons of databases, and Oracle owned "Health Sciences" apps, so we were already in bed with the devil to begin with)
It uses SOA for workflows and approvals, and we built a series of templates for system access. Employee A starts the company as a Tech Writer? Automatically provision AD, OID, exchange, home directory, 5 shared folders, 3 sharepoint sites, and the QA logging application. (You get the idea)
It also has the ability to provide self service, so if the previously mentioned user wants access to the Oracle Health Sciences cluster, he clicks the button next to it on the menu... and the OHS Admin, and his manager get emails with links to approve.
Getting buy in from the business for this kind of spend took almost 2 years, and 9+ months to implement (defining workflow, approvers etc takes waaaay longer then you think it will!) The legal dept is also in love with the idea they can now request access reports for users, which makes the process of external audits go from days or information gathering.... to an automated email. At least for us (medium sized company, ~10,000 employees, currently growing at a rate of 75 a week) this has been a long trip... its not something you can simply bang out over a weekend with a 6 pack of Mtn. Dew and a spare server.
Correct, the first rule of playing Global Thermonuclear War isn't "not playing" (in this case that ship has long ago sailed) its: "not showing your enemies what capabilities you have."
That missing Malaysia airlines jet? You know at least 2 countries have realtime satellite data of nearly every square inch of earth, and could have tracked the image of the plane to where it crashed... but did they? No. That would have displayed what resolution objects could have been identified at.
Its fully possible that every Skype call, cell call, and land line ends up as a.wav file on some fansy-pants NSA storage cluster but it will be a cold day in heck before Joe Q Public Cop would have know of its existence, let alone be able to submit a request for use.
I would also settle for something that several of my (way old) Compaq servers had... a second BIOS, SoftPAQ screw up your servers BIOS? Set a jump and boot from the factory fresh second BIOS (then re-flash the primary BIOS with a known good copy.) In modern systems just leave the default BIOS upgradeable (or a least require a PIN to update / trusted CA cert for enterprise deployments) and have a hardware button inside that can write the v1.0 BIOS code over the current chip. In this example the v1.0 BIOS can be hardware read-only (ROM-BIOS) as well.
I can picture the situation quite clearly:
"I'm very sorry Mr. Surface Pro 5 Owner, but with the current release cycle your hardware will no longer be supported at the end of this year... and we do not offer subscriptions for legacy hardware."
At least with Windows XP, Mac OS 10.5.x, etc "sunsetted" OSs can continue to be used (albeit with increased security risk) perpetually. Will Microsoft offer this same policy with 365 users as feature and requirements outstrip aging hardware? I think not.
... and if you have to download a web browser+IDE to build a "webapp" because you're "confused" about all the choices... perhaps you should not be building a webapp in the first place?
Anyone remember Netscape Gold? How long will we have to wait for email client, news reader, and Kitchen Sink(tm) to be bundled back in?
So much for a lightweight browser and codebase (Firefox has already marched past that line in the sand, but this is a monumental increase to the marching speed) Not to mention the potential security implications for managed desktops.
Assuming you have managed switches a simple crontab entry pointing to a shell script can open a connection to the switch an admin down the port that its plugged into. If you want to get really fancy you can have the outbound traffic going via a transparent squid proxy / iptables so you can tell when the port is in use, and keep logs of the connection state.
You can also go with a non-NAT firewall (bridge mode), which will block incoming connections while the device / people on the inside wont know anything is there.
Honestly a timer on an unmanaged switch isn't a bad solution, it takes any technical skill out of the equation, its (assuming the timer doesn't fail) hack proof, and does not require and maintenance / patching to keep secure.
It will be interesting to see what happens then the global supply of helium runs out in a few years, apparently we have about 25 to 35 years left.
Its not just used for your kids birthday balloons (in fact that gas is likely second-hand / reused gas in the first place) it used to cool MRI machines.
Time to buy a couple of tankers and invest in a long term profit:)
Having jumped this morning on the download train, I think I've now got everything back up and running, Parallels v7 required a reinstall (it uses kernel extensions so I'm not surprised that it needed an over-the-top reinstall) The odd one was Firefox not allowing me to download anything (even with a control-click save-as) the solution to that one was to clear my download history (why that fixed it... I have not idea)
Fink is proving to be a total pain in the ass to get working again, not to mention xcode apparently now requires a developer-enabled apple account to download and install the command line tools via the GUI (you can still download the tools via the developer website)
Ah the fun of running a new.0 release of software on the day it comes out:)
As others have mentioned, I would as your local power company, our local provider (Duke Energy) offers something called StrikeStop (http://www.duke-energy.com/strikestop/) which offers whole-house protection (and they install it on the power meter, which is a nice bonus) at ~160$ installed it was a no-brainer decision for me considering it offers insurance along with it.
Speculating here... since the only people that can have unlimited are the ones that have been grandfathered into it, and that was over two years ago (I think) my guess is that everyone in that group is now legally in the clear to pack up their stuff and walk to the exit whenever they want to.
I hope that this service is backwards compatible with their existing Kindle devices, making it Amazon Tablet (aPad?) only is going to anger their existing customer base...
These are not the only batteries that have firmware as well, Google "Pandora Battery PSP" it was one of the original ways to un-brick a Sony PSP back in the day:)
to: <em:minVersion>2.0</em:minVersion>
<em:maxVersion>9.0.*</em:maxVersion>
Restart firefox, and re-enable your google toolbar.
Note: this only works if you upgraded to 5.0 with the toolbar already installed, if its not already installed (and disabled) this wont work. I think 9.0 should keep me safe for at least 2 more months of firefox updates!:)
There are several different options (all enforceable from the BES server, some are end user selectable depending on applied device policy)
These range from (in level of paranoia)
Simple password (device backups are in plain text) Wipe after n-number of failed passwords (default 10 tries) Encrypt device (requires the above two options, and requires password on powerup and USB connection / file access mode) Wipe on power loss. (the "I hate my helpdesk staff" option!) you pull the battery, or let the charge go to zero... the device will wipe on power up Wipe on n-number of hours with no communication with BES server (another option with limited appeal, but useful in some cases I guess)
And of course the ever popular remote Nuke option from the BES:)
It looks like some of the formatting problems with the CSS and replying to threads have been squashed, however it seems to be utterly broken on my Blackberry's built in browser, doesn't seem to scale down width-wise very well.
At least with Blackberry devices, I can configure my users devices to wipe when:
Contact with the server has been lost for n hours Battery level drops to 5% Battery has been removed Unlock password has be tried n times
along with several other options, there is a reason that these devices have been issued to Government agencies for years:) they can be locked down, and fully encrypted.
So simply removing the device from the network is not good enough.
As for my users, the devices have minatory passwords and locking options, and the device will happily self-wipe after 10 incorrect password guesses.
Its always a little sad to me that in this day and age, a neat idea can't happen not because of a technical reason, but because of a licensing / legal problem.
Slashdot Mirror
It wasn't even *close* to cheap (either in implementation or ongoing support) but we added OIM (Oracle Identity Manager) to our existing Oracle suite of products (we have tons of databases, and Oracle owned "Health Sciences" apps, so we were already in bed with the devil to begin with) It uses SOA for workflows and approvals, and we built a series of templates for system access. Employee A starts the company as a Tech Writer? Automatically provision AD, OID, exchange, home directory, 5 shared folders, 3 sharepoint sites, and the QA logging application. (You get the idea) It also has the ability to provide self service, so if the previously mentioned user wants access to the Oracle Health Sciences cluster, he clicks the button next to it on the menu ... and the OHS Admin, and his manager get emails with links to approve.
Getting buy in from the business for this kind of spend took almost 2 years, and 9+ months to implement (defining workflow, approvers etc takes waaaay longer then you think it will!) The legal dept is also in love with the idea they can now request access reports for users, which makes the process of external audits go from days or information gathering .... to an automated email. At least for us (medium sized company, ~10,000 employees, currently growing at a rate of 75 a week) this has been a long trip... its not something you can simply bang out over a weekend with a 6 pack of Mtn. Dew and a spare server.
Correct, the first rule of playing Global Thermonuclear War isn't "not playing" (in this case that ship has long ago sailed) its: "not showing your enemies what capabilities you have." That missing Malaysia airlines jet? You know at least 2 countries have realtime satellite data of nearly every square inch of earth, and could have tracked the image of the plane to where it crashed ... but did they? No. That would have displayed what resolution objects could have been identified at.
Its fully possible that every Skype call, cell call, and land line ends up as a .wav file on some fansy-pants NSA storage cluster but it will be a cold day in heck before Joe Q Public Cop would have know of its existence, let alone be able to submit a request for use.
I would also settle for something that several of my (way old) Compaq servers had ... a second BIOS, SoftPAQ screw up your servers BIOS? Set a jump and boot from the factory fresh second BIOS (then re-flash the primary BIOS with a known good copy.) In modern systems just leave the default BIOS upgradeable (or a least require a PIN to update / trusted CA cert for enterprise deployments) and have a hardware button inside that can write the v1.0 BIOS code over the current chip. In this example the v1.0 BIOS can be hardware read-only (ROM-BIOS) as well.
I can picture the situation quite clearly: "I'm very sorry Mr. Surface Pro 5 Owner, but with the current release cycle your hardware will no longer be supported at the end of this year... and we do not offer subscriptions for legacy hardware." At least with Windows XP, Mac OS 10.5.x, etc "sunsetted" OSs can continue to be used (albeit with increased security risk) perpetually. Will Microsoft offer this same policy with 365 users as feature and requirements outstrip aging hardware? I think not.
I'm sorry, I don't rent my operating systems. Or my applications for that matter. Now get off my lawn. :)
One example: F16 + 1 Bird = 30+ Million dollar hole in the ground :)
https://www.youtube.com/watch?...
... and if you have to download a web browser+IDE to build a "webapp" because you're "confused" about all the choices ... perhaps you should not be building a webapp in the first place?
Anyone remember Netscape Gold? How long will we have to wait for email client, news reader, and Kitchen Sink(tm) to be bundled back in?
So much for a lightweight browser and codebase (Firefox has already marched past that line in the sand, but this is a monumental increase to the marching speed) Not to mention the potential security implications for managed desktops.
Assuming you have managed switches a simple crontab entry pointing to a shell script can open a connection to the switch an admin down the port that its plugged into. If you want to get really fancy you can have the outbound traffic going via a transparent squid proxy / iptables so you can tell when the port is in use, and keep logs of the connection state.
You can also go with a non-NAT firewall (bridge mode), which will block incoming connections while the device / people on the inside wont know anything is there.
Honestly a timer on an unmanaged switch isn't a bad solution, it takes any technical skill out of the equation, its (assuming the timer doesn't fail) hack proof, and does not require and maintenance / patching to keep secure.
It will be interesting to see what happens then the global supply of helium runs out in a few years, apparently we have about 25 to 35 years left.
:)
Its not just used for your kids birthday balloons (in fact that gas is likely second-hand / reused gas in the first place) it used to cool MRI machines.
Time to buy a couple of tankers and invest in a long term profit
Having jumped this morning on the download train, I think I've now got everything back up and running, Parallels v7 required a reinstall (it uses kernel extensions so I'm not surprised that it needed an over-the-top reinstall) The odd one was Firefox not allowing me to download anything (even with a control-click save-as) the solution to that one was to clear my download history (why that fixed it ... I have not idea)
.0 release of software on the day it comes out :)
Fink is proving to be a total pain in the ass to get working again, not to mention xcode apparently now requires a developer-enabled apple account to download and install the command line tools via the GUI (you can still download the tools via the developer website)
Ah the fun of running a new
address bar -> about:config
... I have no idea.
find the: browser.newtabpage.enabled setting and set it to false
It will grant you the nice clean, fast white page for new tabs.
Why there's not a checkbox somewhere for it
As others have mentioned, I would as your local power company, our local provider (Duke Energy) offers something called StrikeStop (http://www.duke-energy.com/strikestop/) which offers whole-house protection (and they install it on the power meter, which is a nice bonus) at ~160$ installed it was a no-brainer decision for me considering it offers insurance along with it.
Speculating here ... since the only people that can have unlimited are the ones that have been grandfathered into it, and that was over two years ago (I think) my guess is that everyone in that group is now legally in the clear to pack up their stuff and walk to the exit whenever they want to.
I hope that this service is backwards compatible with their existing Kindle devices, making it Amazon Tablet (aPad?) only is going to anger their existing customer base...
Yeah, I missed the low UID boat by a mile because I didn't want another password to remember back then :)
These are not the only batteries that have firmware as well, Google "Pandora Battery PSP" it was one of the original ways to un-brick a Sony PSP back in the day :)
Invite sent
What I ended up doing is this:
:)
First quit firefox
Next (depending on platform) find your Mozilla preferences folder, next find the {3112ca9c-de6d-4884-a869-9855de68056c} folder (google toolbar)
Inside there should be a install.rdf file, open with your text editor of choice.
Change
<em:minVersion>2.0</em:minVersion>
<em:maxVersion>4.0.*</em:maxVersion>
to:
<em:minVersion>2.0</em:minVersion>
<em:maxVersion>9.0.*</em:maxVersion>
Restart firefox, and re-enable your google toolbar.
Note: this only works if you upgraded to 5.0 with the toolbar already installed, if its not already installed (and disabled) this wont work. I think 9.0 should keep me safe for at least 2 more months of firefox updates!
There are several different options (all enforceable from the BES server, some are end user selectable depending on applied device policy)
These range from (in level of paranoia)
Simple password (device backups are in plain text) ... the device will wipe on power up
Wipe after n-number of failed passwords (default 10 tries)
Encrypt device (requires the above two options, and requires password on powerup and USB connection / file access mode)
Wipe on power loss. (the "I hate my helpdesk staff" option!) you pull the battery, or let the charge go to zero
Wipe on n-number of hours with no communication with BES server (another option with limited appeal, but useful in some cases I guess)
And of course the ever popular remote Nuke option from the BES :)
Without PS3 or AppleTV support I doubt I'll be making much use of this service (speaking as both an existing Prime member and a Netflix member)
It looks like some of the formatting problems with the CSS and replying to threads have been squashed, however it seems to be utterly broken on my Blackberry's built in browser, doesn't seem to scale down width-wise very well.
At least with Blackberry devices, I can configure my users devices to wipe when:
Contact with the server has been lost for n hours
Battery level drops to 5%
Battery has been removed
Unlock password has be tried n times
along with several other options, there is a reason that these devices have been issued to Government agencies for years :) they can be locked down, and fully encrypted.
So simply removing the device from the network is not good enough.
As for my users, the devices have minatory passwords and locking options, and the device will happily self-wipe after 10 incorrect password guesses.
Its always a little sad to me that in this day and age, a neat idea can't happen not because of a technical reason, but because of a licensing / legal problem.
Not sure which distro's this is turned on by default on, but you'll have to echo a 1 to /proc/sys/kernel/sysrq before you can try this out :)
alt + sysrq + o is 'Off' for most laptops
+h should give you help options as well.