Given where you work, I would suggest security is a state of mind. Do not trust what people put forth as "secure". However it is almost certainly not your problem. If it is your problem, then no matter how small or large your instalation is, I have this to say: Hire contarctors to evuate your installation. They need not have real access, in fact they should be able to propose possible vulnerabilities without real access, assuming they can ask questions. So you hire them to ask questions, you take note of the questions they ask. Maybe you hire one or two and maybe you hire none. You have just paid people to ask questions about your system. If it were me, in your shoes, and assuming you have power, I would call back the ones that asked really good questions, and explain to them you want more. And then pay those guys. And then fix your shit. You will end up with some pretty good analysis (first level only) and its on you to decide who you want to invite back. It is OK to initially invite local contractors, but only give out information if they give you a "good vibe".
So back to your original statement "I work at a hospital. Sometimes I wonder whether our computers really are as secure as they should". If you have to ask, then you do not have a qualified team to deal with this. Your second thing is more pointed: "All the computers have AVG installed, but is there something else I can do to check?". I am sorry, if you are really in charge you need to hire someone who can deal with this ASAP. It will take too much time for you to come up to speed. I have many times heard the arguement "but we are small" however you gave the word 'hospital'. Secure your data. If you have lack of funding then get the funding. It seems I cannot stress this enough. You expect the doctors to "do it right", your patients expect your entire facility to "do it right". On a last note: Bringing someone in who knows more than you does not threaten your position, it only means your a decent manager. Also, not to be critical, but you mention "AVG" in the hospital [record?] context. I will not say you have no clue, however you have no idea what your dealing with. The world is far more sinister than you know. AVG is a method of turning a 'blind eye'. If you truelly are involved with IT at a hospital, I would be willing to hook you up with a clinic that has won multiple state and national awards for its handling of IT. They would be willing to help for free, its the way they roll. They do it up right. However, I would have to make sure your for real before I bother them, with you. I am not sure how we would do that, here on slashdot. Tell you what, you give me an inclination via response and I will figure the mechanics out. No hospital (or clinic, or eye doctor) should be without real protection.
Maybe the higher BMI is just a loose indicator of someone who isn't all that brilliant. I mean, genetics asside, being obese doesn't seem like the smartest thing one could do to oneself.
IQ tests seems to measure education. Healthy personal nutrition and lifestyle takes a little education.
Maybe a similar study could be done simply by replacing the BMI qualitative with a measure of how much time the subject spends watching "Cops" etc... You would probably get more clearly defined results.
I couldn't agree more. Your parents will pass away. Your kids will grow up and move away. You're with your spouse for life, or at least that's the plan.
Plus you probably shouldn't tell her "Shuttup and go to your room!", unless its some sort of game I guess.
Besides, it sounds like this guy is puting his career first, and then blaming his career. I have said it once I have said it a thousand times; web developers should not have childeren.
The sad part is, Gibson was right. Is there any valid use for raw sockets in a consumer/business OS?
Testing. I use raw sockets all the time for this. Besides, raw sockets allows you to create custom headers/responses and such, this really only affects the recieving and intermediate stacks. Real security would be to fix broken stacks, but I don't think Gibson would know that. You know, him being a dork and all...
And what exactly did you need to do with raw sockets that you couldn't do with AF_INET?
Handcraft packets.
Is there something so special about your application's packets that you have to hand-craft the TCP/IP headers?
Yes,I need handcrafted headers.
Do you intentionally write DDoS attackers?
Sometimes. You see, I test our network product. I assume its a reasonable thing for me to want to test.
Sorry, but with the number of Windows zombies out there that are screwing up the net, I'd rather have to make one person like you work to regain these "features" than to have them exist for millions of idiots who won't ever need them.
I don't think this is going to help anything. The reason for all those zombies is not due to raw sockets. Its due to poor security in the OS provided as well as vendor provided applications.
never mind that it actually helps improve network security..
I fail to see how.Like I said, the security problem was not the ability to use raw sockets (although priveledging its use seems like a good idea, like in Linux).
and you never did anything with raw sockets anyway?
Nope, not the case.
Oh: Oh, excuse me. I must have forgotten that even Linux doesn't support AF_RAW, because there's still no legitimate use for an end user to have access to raw sockets.
Been using raw sockets on Linux for years. I like to think my uses have been legitimate. I rather think testing network stacks is a good idea. In fact I think testing is such a good idea that I would suggest its a better approach to security than this whole raw socket issue. But maybe its just me.
It expresses not how things are, but how we *want* them to be
Your lieing. I do not want modem speed expressed as "thirty three thousand six hundred bee pee ess bee baybe!". Nore do I want kids saying things like "Wow!, look at the refresh on that laptop!". Especially in the same conversation. And I especially do not want Executive Evil People hiding their super secret plans in a.Trash file where the backup admin might miss it.I generally dont want Evil Executives to be that stupid as it does not speak well of their plans in general. So to sum up, you wish a world where kids don't know shit about what they speak, and Evil Executives are dull in the head. This is starting to sound familiar... I know I have seen this someplace else...
I have changed my mind. I now see Hackers as a shrewed commentary on todays society. Be happy, you got your wish.
Its supposed to mean that you cannot priorotize one site or service over another, the fear is that one ISP might prioritize its service over competition, or more importantly, might extort from google using the fear of unsure delivery. So the neutrality suggest that you have to be site neutral, you cannot accidentally lose, or hinder packets from say, competing sources. This all sounds good right? Well the router providers are making the point that this has not been a problem in the past, so why borrow the trouble? I would agree with them if it were not for Bell South.
His install broke, he booted into it anyhow. He broke X, he chooses to reinstall. There is some other stuff but I couldn't read any more of the gruesom details, I suffer from nightmares. Could someone explain what the punchline is? Is this article about Gentoo installation or about this guy being a dork?
I rank Joe at +8 [Alarmist] with a +6 [Cant be trusted with his password] modifier for a final score of 14 [Dork]. I rank Zonk at +4 [asleep at the wheel].
If you look closely, you will notice I wasnt being negative.
Remember, pretty much the only economic engines in Alaska are Oil and Government. Nothing else but a bunch of trees, rocks and the occasional brown bear.
Right, the rather largish fishing industry is nothing, logging/pulp (though government is trying pretty hard to kill this one), tourism, mining (not is big as you might think, but notable), construction and some other more minor stuffs. It just bothers me when people try to depict it as trees and rocks. Its mostly trees, tundra, muskeg, plains, mountains teeming with life, vast coastal waters, lakes, devils club, etc.. and a few people, most of which don't really like Ted Stevens. Oh wait, when you said Alaska did you mean Anchorage?
I have purchased many sagers, we used to run them exclusively at our shop. I also just retired a Sager 3.06 Ghz with 1GB Ram in favor of my new Alienware. I have to say, though my experience with Alienware is still a little limited, I found that the case on a laptop is almost critically important. The keyboard, higher quality display, better ventalation, much better hinge all add up to a far better machine running at the same speed. Also, my hands are somewhat acidic it seems, all the sagers eventually started to discolor under my palms and the last one, which I spent about $3500 on, the paint seperated from the plastic in little flakes it it gave me blisters from some chemical reaction.
The alienware just feels tough and tight, which the sagers never did. I am convinced its worth the money.
What other laughable claims have you heard attributed to encryption,
That a product does not need ssh when telnet can only be enabled by a super_secret web get. I had no usefull response. It was laughable, but I wasn't laughing. Luckily, the things I said were not really intelligible.
t's no wonder, then, that O. bauri ants can launch themselves into the air with a mere snap of their jaws, achieving heights up to 8.3 centimeters and horizontal distances up to 39.6 centimeters. That roughly translates, for a 5-foot-6-inch tall human, into a height of 44 feet and a horizontal distance of 132 feet, an aerial trajectory likely to be the envy of circus acrobats and Olympic athletes.
Ahh, but I am not envious, for I can step on them. That would be the equivilent of a 5-foot-6 man being sat on for a moment by the Empire State building. I bet the ants are jealous of this almost super-ant feat.
...while Americans are still looking for something that looks like a Palm Pilot. It's a shame and a crime that such a wonderful piece of technology, which draws admiring stares whereever I go, isn't more widely available in the U.S.
Its the price. Most people want comparativly stupid devices that either has a large cellphone formfactor, or is fairly cheap, mostly both. A good zuarus will cost you $350 - $750, depending on the model, and the US public want cheap, McDonalds fastfood type devices.
At least thats what I think. I also think the Zaurus is well worth the price. I just wish I could figure out how to get Skype on it. That would be perfect.
Is highbrow "difficult to understand"? Ya, I played that game too, that PGA Golf thing from EA. It was very difficult for me to understand the point, so I am guessing it was highbrow. You know, come to think of it those kinds of games would have to be 'acquired taste', and they are 'pretentious and boring'. Maybe you just invented the Highbrow Game Rating system. Lower is better.
Slashdot Mirror
Given where you work, I would suggest security is a state of mind. Do not trust what people put forth as "secure". However it is almost certainly not your problem. If it is your problem, then no matter how small or large your instalation is, I have this to say:
Hire contarctors to evuate your installation. They need not have real access, in fact they should be able to propose possible vulnerabilities without real access, assuming they can ask questions. So you hire them to ask questions, you take note of the questions they ask. Maybe you hire one or two and maybe you hire none. You have just paid people to ask questions about your system. If it were me, in your shoes, and assuming you have power, I would call back the ones that asked really good questions, and explain to them you want more. And then pay those guys.
And then fix your shit. You will end up with some pretty good analysis (first level only) and its on you to decide who you want to invite back. It is OK to initially invite local contractors, but only give out information if they give you a "good vibe".
So back to your original statement "I work at a hospital. Sometimes I wonder whether our computers really are as secure as they should". If you have to ask, then you do not have a qualified team to deal with this. Your second thing is more pointed: "All the computers have AVG installed, but is there something else I can do to check?". I am sorry, if you are really in charge you need to hire someone who can deal with this ASAP. It will take too much time for you to come up to speed. I have many times heard the arguement "but we are small" however you gave the word 'hospital'. Secure your data. If you have lack of funding then get the funding. It seems I cannot stress this enough. You expect the doctors to "do it right", your patients expect your entire facility to "do it right".
On a last note: Bringing someone in who knows more than you does not threaten your position, it only means your a decent manager.
Also, not to be critical, but you mention "AVG" in the hospital [record?] context. I will not say you have no clue, however you have no idea what your dealing with. The world is far more sinister than you know. AVG is a method of turning a 'blind eye'.
If you truelly are involved with IT at a hospital, I would be willing to hook you up with a clinic that has won multiple state and national awards for its handling of IT. They would be willing to help for free, its the way they roll. They do it up right. However, I would have to make sure your for real before I bother them, with you.
I am not sure how we would do that, here on slashdot. Tell you what, you give me an inclination via response and I will figure the mechanics out.
No hospital (or clinic, or eye doctor) should be without real protection.
--dant
Maybe the higher BMI is just a loose indicator of someone who isn't all that brilliant. I mean, genetics asside, being obese doesn't seem like the smartest thing one could do to oneself.
IQ tests seems to measure education. Healthy personal nutrition and lifestyle takes a little education.
Maybe a similar study could be done simply by replacing the BMI qualitative with a measure of how much time the subject spends watching "Cops" etc... You would probably get more clearly defined results.
I couldn't agree more. Your parents will pass away. Your kids will grow up and move away. You're with your spouse for life, or at least that's the plan.
Plus you probably shouldn't tell her "Shuttup and go to your room!", unless its some sort of game I guess.
Besides, it sounds like this guy is puting his career first, and then blaming his career. I have said it once I have said it a thousand times; web developers should not have childeren.
The sad part is, Gibson was right. Is there any valid use for raw sockets in a consumer/business OS?
Testing. I use raw sockets all the time for this. Besides, raw sockets allows you to create custom headers/responses and such, this really only affects the recieving and intermediate stacks.
Real security would be to fix broken stacks, but I don't think Gibson would know that. You know, him being a dork and all...
And what exactly did you need to do with raw sockets that you couldn't do with AF_INET?
Handcraft packets.
Is there something so special about your application's packets that you have to hand-craft the TCP/IP headers?
Yes,I need handcrafted headers.
Do you intentionally write DDoS attackers?
Sometimes. You see, I test our network product. I assume its a reasonable thing for me to want to test.
Sorry, but with the number of Windows zombies out there that are screwing up the net, I'd rather have to make one person like you work to regain these "features" than to have them exist for millions of idiots who won't ever need them.
I don't think this is going to help anything. The reason for all those zombies is not due to raw sockets. Its due to poor security in the OS provided as well as vendor provided applications.
never mind that it actually helps improve network security..
I fail to see how.Like I said, the security problem was not the ability to use raw sockets (although priveledging its use seems like a good idea, like in Linux).
and you never did anything with raw sockets anyway?
Nope, not the case.
Oh:
Oh, excuse me. I must have forgotten that even Linux doesn't support AF_RAW, because there's still no legitimate use for an end user to have access to raw sockets.
Been using raw sockets on Linux for years. I like to think my uses have been legitimate. I rather think testing network stacks is a good idea. In fact I think testing is such a good idea that I would suggest its a better approach to security than this whole raw socket issue.
But maybe its just me.
It expresses not how things are, but how we *want* them to be
.Trash file where the backup admin might miss it.I generally dont want Evil Executives to be that stupid as it does not speak well of their plans in general.
Your lieing. I do not want modem speed expressed as "thirty three thousand six hundred bee pee ess bee baybe!". Nore do I want kids saying things like "Wow!, look at the refresh on that laptop!". Especially in the same conversation.
And I especially do not want Executive Evil People hiding their super secret plans in a
So to sum up, you wish a world where kids don't know shit about what they speak, and Evil Executives are dull in the head.
This is starting to sound familiar... I know I have seen this someplace else...
I have changed my mind. I now see Hackers as a shrewed commentary on todays society. Be happy, you got your wish.
--dilvish
Its supposed to mean that you cannot priorotize one site or service over another, the fear is that one ISP might prioritize its service over competition, or more importantly, might extort from google using the fear of unsure delivery. So the neutrality suggest that you have to be site neutral, you cannot accidentally lose, or hinder packets from say, competing sources.
This all sounds good right? Well the router providers are making the point that this has not been a problem in the past, so why borrow the trouble?
I would agree with them if it were not for Bell South.
His install broke, he booted into it anyhow. He broke X, he chooses to reinstall. There is some other stuff but I couldn't read any more of the gruesom details, I suffer from nightmares.
Could someone explain what the punchline is? Is this article about Gentoo installation or about this guy being a dork?
it asks you exactly what it is that you want it to do, and then does precisely and only that
Was there something else you wanted it to do?
Oops, I was wrong, this looks like it might be an issue. For some people anyhow. Premature flame.
Won't happen again. Today.
I rank Joe at +8 [Alarmist] with a +6 [Cant be trusted with his password] modifier for a final score of 14 [Dork].
I rank Zonk at +4 [asleep at the wheel].
If you look closely, you will notice I wasnt being negative.
Its so horrible to see, yet hard to look away from. Its like a clown car wreck.
What we really meant to say is you 'Randomly look Suspucious'.
Have a nice flight.
I was thinking the same thing. For that matter Google is hardly an upstart.
Oh wait, maybe he meant "Uppity".
Remember, pretty much the only economic engines in Alaska are Oil and Government. Nothing else but a bunch of trees, rocks and the occasional brown bear.
Right, the rather largish fishing industry is nothing, logging/pulp (though government is trying pretty hard to kill this one), tourism, mining (not is big as you might think, but notable), construction and some other more minor stuffs. It just bothers me when people try to depict it as trees and rocks. Its mostly trees, tundra, muskeg, plains, mountains teeming with life, vast coastal waters, lakes, devils club, etc.. and a few people, most of which don't really like Ted Stevens.
Oh wait, when you said Alaska did you mean Anchorage?
I have purchased many sagers, we used to run them exclusively at our shop. I also just retired a Sager 3.06 Ghz with 1GB Ram in favor of my new Alienware. I have to say, though my experience with Alienware is still a little limited, I found that the case on a laptop is almost critically important. The keyboard, higher quality display, better ventalation, much better hinge all add up to a far better machine running at the same speed.
Also, my hands are somewhat acidic it seems, all the sagers eventually started to discolor under my palms and the last one, which I spent about $3500 on, the paint seperated from the plastic in little flakes it it gave me blisters from some chemical reaction.
The alienware just feels tough and tight, which the sagers never did. I am convinced its worth the money.
If you want value and performance custom built is the way to go, not prebuilt crap.
Just how many custom built laptops do you own?
the term cat and mouse game implies that there is a chance for the big media companies to win.
Maybe they meant it in the Tom and Jerry sense.
What other laughable claims have you heard attributed to encryption,
That a product does not need ssh when telnet can only be enabled by a super_secret web get.
I had no usefull response. It was laughable, but I wasn't laughing. Luckily, the things I said were not really intelligible.
t's no wonder, then, that O. bauri ants can launch themselves into the air with a mere snap of their jaws, achieving heights up to 8.3 centimeters and horizontal distances up to 39.6 centimeters. That roughly translates, for a 5-foot-6-inch tall human, into a height of 44 feet and a horizontal distance of 132 feet, an aerial trajectory likely to be the envy of circus acrobats and Olympic athletes.
Ahh, but I am not envious, for I can step on them. That would be the equivilent of a 5-foot-6 man being sat on for a moment by the Empire State building. I bet the ants are jealous of this almost super-ant feat.
...while Americans are still looking for something that looks like a Palm Pilot. It's a shame and a crime that such a wonderful piece of technology, which draws admiring stares whereever I go, isn't more widely available in the U.S.
Its the price. Most people want comparativly stupid devices that either has a large cellphone formfactor, or is fairly cheap, mostly both. A good zuarus will cost you $350 - $750, depending on the model, and the US public want cheap, McDonalds fastfood type devices.
At least thats what I think. I also think the Zaurus is well worth the price. I just wish I could figure out how to get Skype on it. That would be perfect.
I especially like the bar graph indicating when the majority of new nations were introduced.
I don't know what they are doing with that, I'm not sure they do either. They made that bed. Now they're sleeping in it.
They plan to do it by making "standards improvements" a big part of IE7.
Get it? Standards improvements? Ok, its not that funny but it wont supprise me at all when it happens.
"Becouse I am also a turtle".
When I heard it, I thought if I ever had a chance to use it in general disussion I would. And what do you know...
Is highbrow "difficult to understand"?
Ya, I played that game too, that PGA Golf thing from EA. It was very difficult for me to understand the point, so I am guessing it was highbrow. You know, come to think of it those kinds of games would have to be 'acquired taste', and they are 'pretentious and boring'.
Maybe you just invented the Highbrow Game Rating system. Lower is better.