First learn to fucking write in English then, next time you post use the preview button and proof read. For your sake I hope you did better on your patent application.
An AMEX must be signed. If there isn't a signature the merchant cannot accept it. On Visa/MC if there is no signature the merchant must check ID and then watch the customer sign the card before letting them use it. If the merchant follows all of the rules the CC company will eat the chargeback for most card present fraud, but the CC companies make these rules because it just makes it easier to force the chargebacks on the merchant.
It amazes me that to this day Circuit CIty and Best Buy are still the number one targets for stolen card fraud and they can't seem to figure out how to stop it. I saw a guy in BB yesterday, they wouldn't take his check because he left his DL in his "other wallet" but they took his CC without even checking the signature.
When in history were slaves ever considered "disposable?" Second class citizens, yes. You wouldn't cry if they died. But no more disposable than a mule. The modern replacement to slaves would be tractors and I don't see farmers throwing them away either. If yo ucan fix up a slave and make him work for another 20 years, why would you just let him die? That would be stupid especialy since his family (also slaves) would probably be the ones helping him and nursing him back to health.
Right. His hand was injured and amputated with a hot peice of metal. The was evidence that the owner of that arm continued to engage in hard lobor for "many years" after the amputation. That doesn't really sound to me like he was a volunteer. You wouldn't kill a slave who was injured but could still work. You cut off his arm and put him back to work. If he dies of infection, who cares.
They went on to claim that the term "back-breaking labor" may have orginated among those building the pyramids because their bones were so racked and broken. I wonder, what would the bones look like if they were slaves?
The stupid assertion that the population of the camp was split among men and women is also stupid. Even the dumbest tyrant knows that an all male slave army only last one generation.
If you want complete redundancy you'll need 2 firewalls with twice as many ports on each as you need. Each segment will then have 2 switches and each firewall will have a connection to each switch. This depends on your firewall being able to have multiple interfaces on the same segment.
If your firewall doesn't support this configuration you can have a seperate switch between each firewall and router and mesh them.
It is also possible to use a redundant load balancer in this position to pass traffic through multiple firewalls. This has the added benefit of allowing you to load balance your firewalls. There's lot's of was it can be done and it is possible to engineer a perfectly redundant network, it's just a bit expensive.
So, if at all possible, do not rely on consultants or contractors, nor on closed source platforms.
What's wrong with consultants and contractors? In my experience enployees are much more likely to have a grudge against the company. There are also more likely to be incompetant since if they weren't, why would you need consultants?
Security is a very specialized field, and if you don't beleive that it's probably because you don't understand real security. Most companies can't afford to keep real dedicated security people on the payroll and so consultants fill that role very well.
I agree with all of your points, and the answer certainly lies in some moderate middle ground. However, I have never seen an environmentalist (by that I mean professionals who dedicate a large portion of their time to being interviewied, lobbying, forming other's opinions, etc. wrt environmental issues) who was in favor of moderation in anything.
Switches can, and do, mangle packets, even when mirroring.
Please explain what you mean by "mangle packets"
By configuring your IDS to be "stealthy", putting the NIC into promiscuous mode, and using a simple hub at the gateway, you can capture all traffic that crosses the network boundary.
What does promiscuous mode have to do with being stealthy. If your NIC isn't promiscuous you don't have NIDS you have HIDS. Hubs suck.
Besides that, why bother putting a layer 2 switch between your firewall interface and your public internet routers?
If you have redundant firewalls or multiple paths to the Internet you already have a switch there so you can connect all the interfaces on a common segment. If you have a single router and a single firewall use a tap. You can still have a full duplex connection and you don't have to worry about the $10 hub crapping out and taking down your internet connection. If you don't care about any of the above, what do you need NIDS for?
Some switches do not receive traffic on mirrored ports, some do. Better ones are configurable.
There are lots of places you can put NIDS and it realy depends on what you want to see. If you only want to see active attacks you could put it only inside your firewall. If you want to see the stuff that your firewall blocks (useful for justification and verification) you put one outside your firewall. If you are worried about internal stuff you put one near your jewels. There is no single setup that wilbe right for every network.
Since, generally, Firewalls, on at least one side, are connected to the Public Internet, your network on that side is not going to be gigE.
Aside from your suggestion of using hubs in a real network just being stupid, how do you know what the connection to my firewall will be? Firewalls come with GigE interfaces you know. They also come built into switch modules like the 6500's from Cisco. Many people have firewalls in facilities that provide Fast or GigEthernet connections to the Internet and charge by the bit.
One thing I don't understand about this argument. An old tree has a lot of carbon in it. At some point the growth of this tree is going to slow, and so will it's CO2 consumption. If I cut down that tree I've made room for a younger faster growing tree that will in turn lock up a bunch more carbon. Assuming I don't burn the tree I've cut down the carbon is still traped. Granted the seedling won't process as much CO2 to start with as the old Oak, but since it's still growing it will probably consume more in total over the next n years. So why exactly are environmentlists so fascinated by leaving old trees in the ground? Old growth forests are also more likely to have out of control fires which leads to more carbon release.
The only problem is that the trees we chop down are usually used for something. Sure we can recycle paper (which uses energy and releases polutants) but would yo want a house built out of recycled wood? Steel and Aluminum are becoming more popular building materials, but those have to come from somewhere. How do you feel about mining? No, we will chop down trees and we will replant. We will mine and we will polute. We will eventually make the Earth uninhabitable for humanity, and then humans will be extinct. "Take only photographs and leave only footprints," may work at Yosemite, but it doesn't scale very well.
It is not unusual for airliners to encounter currents of air rising at considerable speed.
And we aren't talking about airliners here. I don't know of any accounts of airliners going missing in the Bermuda Triangle. Mostly military and light aircraft. These planes may be flying low and may not cruise faster than 150 knots.
Let's see. Suppose you're cruising at 35,000 feet with an air density of 1/4 sea level and a true air speed (TAS) of 500 knots
Stalling has very little to do with speed, it's about angle of attack. A wing moving at 2x Vs with a 90 degree AOA is stalled, no? A sudden 50 knot updraft could result in a 30 degree change in AOA. You could go from straight and level to full stall with no warning, and your nose pointed at the horizon.
I believe I've read of stall warnings activating during severe turbulence.
You've probably also read of planes crasing due to severe turbulence. Wind shear is also a big factor.
Keeping the aircraft under control until it flew out of the bubble (and then re-lighting the flamed-out engines) wouldn't be difficult so long as the pilot was okay; if you got a flammable slug of methane-air mix into the cabin pressurization system, all bets are off.
Again, I don't think we are talking about jetliners fliwn by pilots with thousands of hours of flight time. The most well know cases are small planes and military exercises.
But the bubble of methane would be rising at considerable speed. The resultant updraft would cause a sudden increase in angle of attack almost certainly resulting in a stall. The pilot would probably have no idea what was going on until it was too late. A sudden stall warning during cruise is not a common occurance. The updraft would probably be short lived and by the time the pilot begins the stall recovery he may be out of it. He might wind up in a steep dive and not be able to recover.
Wrong, you can install any version on any PIX with 16MB of flash. When you purchase a PIX with a Support Contract, which Cisco pushes very hard, you get free software upgrades. And the licenses work in the new software.
With some support contracts (SmartNet) you get free software upgrades. With some you don't. You don't get anything simply by virtue of owning the hardware.
Some people buy Cisco hardware used and many people buy Cisco hardware new without support contracts. Those people are not entitled or licensed for any upgrades, just certain bug fixes. If you buy it used you don't have a license for any software at all so you'll have to buy it. In addition if you want to purchase SmartNet on used equipment you'll have to send it to TAC for inspection.
I guess our definition of "free" is different since I don't consider the upgrades you get with a support contract to be free any more than I consider the fries free when I buy an Extra Value Meal at McDonalds.
I'll give you the benefit of the doubt and assume you don't have CCO access. If you ever get software access you'll have to aggree to the license each time you download anything. The license reads in applicable part:
Unless otherwise expressly provided in the documentation, Customer shall use the Software solely as embedded in, for execution on, or (where the applicable documentation permits installation on non-Cisco equipment) for communication with Cisco equipment owned or leased by Customer;
NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT: (1) CUSTOMER HAS NO LICENSE OR RIGHT TO USE ANY SUCH ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER, AT THE TIME OF ACQUIRING SUCH COPY OR UPGRADE, ALREADY HOLDS A VALID LICENSE TO THE ORIGINAL SOFTWARE AND HAS PAID THE APPLICABLE FEE FOR THE UPGRADE; (2) USE OF UPGRADES IS LIMITED TO CISCO EQUIPMENT FOR WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR LESSEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE SOFTWARE WHICH IS BEING UPGRADED; AND (3) USE OF ADDITIONAL COPIES IS LIMITED TO BACKUP PURPOSES ONLY.
In other words you can only install PIX software on PIX hardware. And you can only install the version of PIX software you have a lecense for. No free upgrades and the license in non-transferable so if you sell the hardware the new owner needs to get a new license.
Don't argue with me about whether or not this license is legal because I don't care. That's just the way it is.
This software is not free as in beer, nor is it free as in speech.
It is free as in bundled. You can buy the iDVD 2.1 upgrade, but you still need to have iDVD 2 and a Superdrive.
Of course the cost of this has been figured into the hardware. That's exactly why they only license it for use with their hardware. That's what they are pissed about. If these folks want to sell someone else's hardware and bundle it with someone else's software Apple woudn't care. Instead they are bundling someone else's hardware with Apple's software and providing a crack to make it work in clear violation of the software's license.
Your point that you can't buy the software seems to strengthen Apple's argument that the software is only for use with their drives. Apple does sell DVD Movie Pro that you can use with any drive.
This software is just a key logger and screen scraper that emails the log to someone at spcified intervals or when it sees keywords. It doesn't matter what encryption or email program you use.
iDVD is given away for free with the Apple's Superdrives and licensed for use only with those drives.
If you want to use Apple DVD burning software with someone else's drive Apple will happily sell it to you, but you may not use the free version of iDVD. Apple (not being stupid) actually wrote code into iDVD to check that you are using a Superdrive with the software.
These folks are selling third party DVD burners with a crack that allows you to use Apple's free software in violation of the license.
This is a patch to Apple's well-written program to allow it to work on non-Apple DVD burners.
Patches fix bugs. This is not a bug. Apple designed this behavior as a security measure to prevent people from using this free software in a way whixh is contrary to the license it is distributed under.
Therefore this software is not a "patch" it is a "crack".
We know that we can prevent MS from getting to our computers and we know we cam prevent our computers from getting to MS. Would doing so violate the EULA? Maybe, but who cares?
Does anyone think MS is going to start suing companies for properly configuring their firewalls? What the End User agrees to is completly irrelevant as far as practical security and HIPPA is concerned. If MS can't get to it they can't get to it. End of story.
How do you know they aren't doing it already? Closed source backdoors are evil! OMG all my boxes are belong to Microsoft! If you are an administrator and your boxes are doing something without your knowledge you should be looking for a job. Just because you don't know how to solves a problem doesn't mean it isn't a solved problem. Firewalls that restirct outbound access, proxies, HIDS, your probelm is not a problem.
As other's have stated the technical part of this is a non-issue. The only question is the legal one. IANAL, but if you are HIPPA compliant you can't legally agree to Microsoft's EULA. Since I seriously doubt that MS is going to sue you for breach when you don't give them unfetered access I think that is a non-issue as well.
Slashdot Mirror
Yes. Terminal Velocity The girl in the trunk was Nastassja Kinski.
First learn to fucking write in English then, next time you post use the preview button and proof read. For your sake I hope you did better on your patent application.
An AMEX must be signed. If there isn't a signature the merchant cannot accept it. On Visa/MC if there is no signature the merchant must check ID and then watch the customer sign the card before letting them use it.
If the merchant follows all of the rules the CC company will eat the chargeback for most card present fraud, but the CC companies make these rules because it just makes it easier to force the chargebacks on the merchant.
It amazes me that to this day Circuit CIty and Best Buy are still the number one targets for stolen card fraud and they can't seem to figure out how to stop it. I saw a guy in BB yesterday, they wouldn't take his check because he left his DL in his "other wallet" but they took his CC without even checking the signature.
When in history were slaves ever considered "disposable?" Second class citizens, yes. You wouldn't cry if they died. But no more disposable than a mule. The modern replacement to slaves would be tractors and I don't see farmers throwing them away either. If yo ucan fix up a slave and make him work for another 20 years, why would you just let him die? That would be stupid especialy since his family (also slaves) would probably be the ones helping him and nursing him back to health.
Right. His hand was injured and amputated with a hot peice of metal. The was evidence that the owner of that arm continued to engage in hard lobor for "many years" after the amputation. That doesn't really sound to me like he was a volunteer. You wouldn't kill a slave who was injured but could still work. You cut off his arm and put him back to work. If he dies of infection, who cares.
They went on to claim that the term "back-breaking labor" may have orginated among those building the pyramids because their bones were so racked and broken. I wonder, what would the bones look like if they were slaves?
The stupid assertion that the population of the camp was split among men and women is also stupid. Even the dumbest tyrant knows that an all male slave army only last one generation.
If you want complete redundancy you'll need 2 firewalls with twice as many ports on each as you need. Each segment will then have 2 switches and each firewall will have a connection to each switch. This depends on your firewall being able to have multiple interfaces on the same segment.
If your firewall doesn't support this configuration you can have a seperate switch between each firewall and router and mesh them.
It is also possible to use a redundant load balancer in this position to pass traffic through multiple firewalls. This has the added benefit of allowing you to load balance your firewalls. There's lot's of was it can be done and it is possible to engineer a perfectly redundant network, it's just a bit expensive.
So, if at all possible, do not rely on consultants or contractors, nor on closed source platforms.
What's wrong with consultants and contractors? In my experience enployees are much more likely to have a grudge against the company. There are also more likely to be incompetant since if they weren't, why would you need consultants?
Security is a very specialized field, and if you don't beleive that it's probably because you don't understand real security. Most companies can't afford to keep real dedicated security people on the payroll and so consultants fill that role very well.
I agree with all of your points, and the answer certainly lies in some moderate middle ground. However, I have never seen an environmentalist (by that I mean professionals who dedicate a large portion of their time to being interviewied, lobbying, forming other's opinions, etc. wrt environmental issues) who was in favor of moderation in anything.
Switches can, and do, mangle packets, even when mirroring.
Please explain what you mean by "mangle packets"
By configuring your IDS to be "stealthy", putting the NIC into promiscuous mode, and using a simple hub at the gateway, you can capture all traffic that crosses the network boundary.
What does promiscuous mode have to do with being stealthy. If your NIC isn't promiscuous you don't have NIDS you have HIDS. Hubs suck.
Besides that, why bother putting a layer 2 switch between your firewall interface and your public internet routers?
If you have redundant firewalls or multiple paths to the Internet you already have a switch there so you can connect all the interfaces on a common segment. If you have a single router and a single firewall use a tap. You can still have a full duplex connection and you don't have to worry about the $10 hub crapping out and taking down your internet connection. If you don't care about any of the above, what do you need NIDS for?
Some switches do not receive traffic on mirrored ports, some do. Better ones are configurable.
There are lots of places you can put NIDS and it realy depends on what you want to see. If you only want to see active attacks you could put it only inside your firewall. If you want to see the stuff that your firewall blocks (useful for justification and verification) you put one outside your firewall. If you are worried about internal stuff you put one near your jewels. There is no single setup that wilbe right for every network.
Since, generally, Firewalls, on at least one side, are connected to the Public Internet, your network on that side is not going to be gigE.
Aside from your suggestion of using hubs in a real network just being stupid, how do you know what the connection to my firewall will be? Firewalls come with GigE interfaces you know. They also come built into switch modules like the 6500's from Cisco. Many people have firewalls in facilities that provide Fast or GigEthernet connections to the Internet and charge by the bit.
1. This doesn't work on quality switches.
2. Unless all the network folks are asleep at the wheel this doesn't qualify as stealthy.
One thing I don't understand about this argument. An old tree has a lot of carbon in it. At some point the growth of this tree is going to slow, and so will it's CO2 consumption. If I cut down that tree I've made room for a younger faster growing tree that will in turn lock up a bunch more carbon. Assuming I don't burn the tree I've cut down the carbon is still traped. Granted the seedling won't process as much CO2 to start with as the old Oak, but since it's still growing it will probably consume more in total over the next n years. So why exactly are environmentlists so fascinated by leaving old trees in the ground? Old growth forests are also more likely to have out of control fires which leads to more carbon release.
The only problem is that the trees we chop down are usually used for something. Sure we can recycle paper (which uses energy and releases polutants) but would yo want a house built out of recycled wood? Steel and Aluminum are becoming more popular building materials, but those have to come from somewhere. How do you feel about mining?
No, we will chop down trees and we will replant. We will mine and we will polute. We will eventually make the Earth uninhabitable for humanity, and then humans will be extinct. "Take only photographs and leave only footprints," may work at Yosemite, but it doesn't scale very well.
It is not unusual for airliners to encounter currents of air rising at considerable speed.
And we aren't talking about airliners here. I don't know of any accounts of airliners going missing in the Bermuda Triangle. Mostly military and light aircraft. These planes may be flying low and may not cruise faster than 150 knots.
Let's see. Suppose you're cruising at 35,000 feet with an air density of 1/4 sea level and a true air speed (TAS) of 500 knots
Stalling has very little to do with speed, it's about angle of attack. A wing moving at 2x Vs with a 90 degree AOA is stalled, no? A sudden 50 knot updraft could result in a 30 degree change in AOA. You could go from straight and level to full stall with no warning, and your nose pointed at the horizon.
I believe I've read of stall warnings activating during severe turbulence.
You've probably also read of planes crasing due to severe turbulence. Wind shear is also a big factor.
Keeping the aircraft under control until it flew out of the bubble (and then re-lighting the flamed-out engines) wouldn't be difficult so long as the pilot was okay; if you got a flammable slug of methane-air mix into the cabin pressurization system, all bets are off.
Again, I don't think we are talking about jetliners fliwn by pilots with thousands of hours of flight time. The most well know cases are small planes and military exercises.
But the bubble of methane would be rising at considerable speed. The resultant updraft would cause a sudden increase in angle of attack almost certainly resulting in a stall. The pilot would probably have no idea what was going on until it was too late. A sudden stall warning during cruise is not a common occurance. The updraft would probably be short lived and by the time the pilot begins the stall recovery he may be out of it. He might wind up in a steep dive and not be able to recover.
If you read the article before going to the comments page then you won't have that problem. Or, don't use Netscape.
Wrong, you can install any version on any PIX with 16MB of flash. When you purchase a PIX with a Support Contract, which Cisco pushes very hard, you get free software upgrades. And the licenses work in the new software.
With some support contracts (SmartNet) you get free software upgrades. With some you don't. You don't get anything simply by virtue of owning the hardware.
Some people buy Cisco hardware used and many people buy Cisco hardware new without support contracts. Those people are not entitled or licensed for any upgrades, just certain bug fixes. If you buy it used you don't have a license for any software at all so you'll have to buy it. In addition if you want to purchase SmartNet on used equipment you'll have to send it to TAC for inspection.
I guess our definition of "free" is different since I don't consider the upgrades you get with a support contract to be free any more than I consider the fries free when I buy an Extra Value Meal at McDonalds.
In other words you can only install PIX software on PIX hardware. And you can only install the version of PIX software you have a lecense for. No free upgrades and the license in non-transferable so if you sell the hardware the new owner needs to get a new license.
Don't argue with me about whether or not this license is legal because I don't care. That's just the way it is.
This software is not free as in beer, nor is it free as in speech.
It is free as in bundled. You can buy the iDVD 2.1 upgrade, but you still need to have iDVD 2 and a Superdrive.
Of course the cost of this has been figured into the hardware. That's exactly why they only license it for use with their hardware. That's what they are pissed about. If these folks want to sell someone else's hardware and bundle it with someone else's software Apple woudn't care. Instead they are bundling someone else's hardware with Apple's software and providing a crack to make it work in clear violation of the software's license.
Your point that you can't buy the software seems to strengthen Apple's argument that the software is only for use with their drives. Apple does sell DVD Movie Pro that you can use with any drive.
This software is just a key logger and screen scraper that emails the log to someone at spcified intervals or when it sees keywords. It doesn't matter what encryption or email program you use.
iDVD is given away for free with the Apple's Superdrives and licensed for use only with those drives.
If you want to use Apple DVD burning software with someone else's drive Apple will happily sell it to you, but you may not use the free version of iDVD. Apple (not being stupid) actually wrote code into iDVD to check that you are using a Superdrive with the software.
These folks are selling third party DVD burners with a crack that allows you to use Apple's free software in violation of the license.
This is a patch to Apple's well-written program to allow it to work on non-Apple DVD burners.
Patches fix bugs. This is not a bug. Apple designed this behavior as a security measure to prevent people from using this free software in a way whixh is contrary to the license it is distributed under.
Therefore this software is not a "patch" it is a "crack".
Did you read what I wrote? I mean seriously.
We know that we can prevent MS from getting to our computers and we know we cam prevent our computers from getting to MS. Would doing so violate the EULA? Maybe, but who cares?
Does anyone think MS is going to start suing companies for properly configuring their firewalls? What the End User agrees to is completly irrelevant as far as practical security and HIPPA is concerned. If MS can't get to it they can't get to it. End of story.
How do you know they aren't doing it already? Closed source backdoors are evil! OMG all my boxes are belong to Microsoft! If you are an administrator and your boxes are doing something without your knowledge you should be looking for a job. Just because you don't know how to solves a problem doesn't mean it isn't a solved problem. Firewalls that restirct outbound access, proxies, HIDS, your probelm is not a problem.
As other's have stated the technical part of this is a non-issue. The only question is the legal one. IANAL, but if you are HIPPA compliant you can't legally agree to Microsoft's EULA. Since I seriously doubt that MS is going to sue you for breach when you don't give them unfetered access I think that is a non-issue as well.