I remember hearing once that the Army once ran ArcNet over barbed wire fences. I guess the slower speeds allowed it to be a little more noise tolerant. I wonder if you could try your "paint networking" theory with ArcNet and have better results than ethernet.
My wife and I took a Carnival eastern carribean cruise (Bahammas, Puerto Rico, Virgin Islands) in April and the boat had an internet cafe on board. The speed was reasonable but it was like 25 cents/minute I think. The machines were locked down so you couldn't do much but type in an address into the browser. I thought I'd be smart and install a Java SSH client on my server, but the applet took too long to download, I gave up. It's probably best, as the vacation was more important than getting email or working.
Your approach works great for one-time purchases. What if I am selling a service that I need to bill you for every month? Asking you for your information again every month is not a solution.
I think what people are usually missing here is that the only place stored credit cards need to be read is when they are used in the billing cycle.
Lets take an ISP for example. I don't want to encrypt my entire customer database because I'll need to search/query it quite often, and it's hard to sort or query an encrypted database. It's up to me to maintain an information disclosure policy that my customers will accept. I'll definately want to encrypt the credit card information though, but nobody should ever have access to anything (internal or external) that displays the credit card information. The only "process" that ever decrypts the credit card information is the application that processes the automatic payments once a month for those who choose to pay that way. You could even store the private key on a floppy or USB dongle drive and allow access only to those in the accounting department who need it. The public key is good enough just to encrypt the data. Store this on the webserver so customers can sign up, enter in their credit card, it gets encrypted with the public key and stored in the database. If one were to hack into this webserver, they would be able to encrypt data, but not decrypt it.
Perhaps store "xxxxxxxxxxxx4321" in plaintext so you could verify with a customer what card we are using and allow them to change the card number. I don't think storing the last 4 digits like this is that much of a risk, YMMV. This would be an optional feature anyway.
Nobody is obligated to provide this guy with internet service. And those who do provide it are entitled to limit the terms in any way they please.
Having been in the ISP business and the hosting business for quite some time, I can attest to the fact that it's wise to take a very strict approach to spam/spammers. If Verio doesn't cut this guy off, the black hole lists may decide that entire blocks of their IP's should be listed. How would you respond to being blacklisted because your "IP neighbor" thinks he should be allowed to maintain an open relay simply for the sake of the convenience. Verio would loose customers if they didn't act.
According to Verio's AUP (last modified March 9, 2000):
Spamming -- Sending unsolicited bulk and/or commercial messages over the Internet (known as "spamming"). It is not only harmful because of its negative impact on consumer attitudes toward NTT/VERIO, but also because it can overload NTT/VERIO's network and disrupt service to NTT/VERIO subscribers. Also, maintaining an open SMTP relay is prohibited. When a complaint is received, NTT/VERIO has the discretion to determine from all of the evidence whether the email recipients were from an "opt-in" email list.
Yes, all physicam measures can be defeated, but all in a detectable way. Jumpering the CMOS reset, removing the CMOS bettery etc all will require opening the machine. With enough super glue or security stickers, it will be obvious they did so. Including hardware tampering stipulations in the terms of evaluation should cover you in this situation. Something along the lines of "Any tampering with equipment...will be deemed as acceptance of purchace of product. IANAL, but something like this should be acceptable.
Step 2:
Buy a few nice laptops. Configure BIOS to disable floppy, USB, serial, sound, PCMCIA, network, external VGA, external mouse, external keyboard etc. Basically lock down the BIOS completely. Set BIOS passwords. Install Linux, create user account with just enough privelidges to preview your technology. Disable all network capabilities, floppy, USB etc just to be sure. At this point the only way to get data off the machine is to point a video camera at the screen, which would be a pain in the ass. If you can buy tamper detecting tape or glue, use it to lock down the hard drive. You cannot keep them from getting to the drive, but you could tell that they tried. Also, try locking down the runlevels to keep them from getting places they shouldn't. Think about rm/* scripts if tampering is detected.
I have relatively little experience with this type of software, but I have heard that the IBM Homepage Reader is a pretty good product and it's only $100 or so. It takes a while to get used to this kind of web interface though, and many sites are downright impossible to navigate with these kind of readers. I have a few blind friends and this is the only software they recommend.
Let the stat's (and methods) speak for themselves. Any true scientist would never ask "How can I prove that Apache is faster than IIS?" We need to ask "If I compared similar installs of Apache and IIS under the same conditions, how do they perform?" Anything else would be unreasonable.
Let's look at Dell's testing methods. The same hardware is meaningless if they applied tweaks to NT but left the Linux installation to defaults.
To every response whining about "such and such tool doesn't exist" or "Linux isn't as free as they say it is" or any other general sob story:
True, a novice sysadmin (or one interested in expanding his/her knowledge) might need to purchase books for easy, reliable reference. This is a one time purchase unlike the expensive licensing model of Windows or NT.
If a tool doesn't exist, and you are technically inclined enough to REALLY need it, you should be technically inclined enough to write your own. I challenge you to write the same kind of utility for NT, with a non-open OS and a non-open filesystem.
In summary, the benefits of Linux cover far more than initial cost, they stem from an operating system, file system, windowing environment and utilities that are all open source. If you can't understand that this kind of environment allows one to create one's own tool and modifications to allow the system to do WHATEVER ones heart desires, then you better fdisk, format and install NT because the open source movement has just passed you by.
We just rebuilt our entire network including 3 white-boxes with Enlight cases. They are very nice with dual hot-swap power supplies, RAID capable hot-swap drive enclosures etc. They will cost a couple hundred $$, but they are worth the money.
I think the message that the "Geek Community" has been preaching has been one of reasonable preparedness. We didn't know what was going to happen, therefore we didn't want to take any chances. And yes, the fact that there weren't any more problems is definitely a testament to the "Geek Community". I personally upgraded many customers from old Xenix systems on 386's to more modern PII SCO and Linux boxes. Without my help they would all have been dead in the water.
It wasn't just the stupid general population freaking out either. I had several fairly intelligent friends stockpile water and toilet paper as well. They just saw everyone else doing it on TV and thought they were missing out on something. The media needed a story, and they exaggerated our warnings. Plain and simple.
I agree. While I can definitely see a time and place for this methodology, it's not for everyone and it's not for every situation.
In fact looking back on my last handful of projects I can't think of one instance where this technique would have helped in any way. I'm not trying to bash the ideas presented, I think they have some merit. Can we hear from the trenches at all? Anyone using this effectively?
I went to the UT-210 Unicenter Basics course and was VERY unimpressed with the product. The developers couldn't see the forest for the trees. I think they tried to make it too complex a system while they disregarded basic reliability, the cornerstone of any good network management/monitoring suite.
After 15 minutes of poking around, Unicenter crashed. I had to switch machines because the instructor said a total reinstall of NT and Unicenter was needed. I'm good but not that good, I mean 15 minutes and I didn't change a single setting!!!
The software constantly showed incorrect network settings. Machines were up/down when they weren't. I had my dead machine off for 3 hours before Unicenter noticed.
My company is a CA VAR, and even with our great pricing I can't recommend Unicenter.
I am always impressed when a couple of young guys can have the foresight to look out for the reader instead of looking out for their own pocket books. You guys could have held out until you became filthy rich but you didn't because you want to provide the best content you could and for that I am quite impressed. Thanks for giving us the best site on the internet!
Slashdot Mirror
I remember hearing once that the Army once ran ArcNet over barbed wire fences. I guess the slower speeds allowed it to be a little more noise tolerant. I wonder if you could try your "paint networking" theory with ArcNet and have better results than ethernet.
My wife and I took a Carnival eastern carribean cruise (Bahammas, Puerto Rico, Virgin Islands) in April and the boat had an internet cafe on board. The speed was reasonable but it was like 25 cents/minute I think. The machines were locked down so you couldn't do much but type in an address into the browser. I thought I'd be smart and install a Java SSH client on my server, but the applet took too long to download, I gave up. It's probably best, as the vacation was more important than getting email or working.
Your approach works great for one-time purchases. What if I am selling a service that I need to bill you for every month? Asking you for your information again every month is not a solution.
I think what people are usually missing here is that the only place stored credit cards need to be read is when they are used in the billing cycle.
Lets take an ISP for example. I don't want to encrypt my entire customer database because I'll need to search/query it quite often, and it's hard to sort or query an encrypted database. It's up to me to maintain an information disclosure policy that my customers will accept. I'll definately want to encrypt the credit card information though, but nobody should ever have access to anything (internal or external) that displays the credit card information. The only "process" that ever decrypts the credit card information is the application that processes the automatic payments once a month for those who choose to pay that way. You could even store the private key on a floppy or USB dongle drive and allow access only to those in the accounting department who need it. The public key is good enough just to encrypt the data. Store this on the webserver so customers can sign up, enter in their credit card, it gets encrypted with the public key and stored in the database. If one were to hack into this webserver, they would be able to encrypt data, but not decrypt it.
Perhaps store "xxxxxxxxxxxx4321" in plaintext so you could verify with a customer what card we are using and allow them to change the card number. I don't think storing the last 4 digits like this is that much of a risk, YMMV. This would be an optional feature anyway.
Nobody is obligated to provide this guy with internet service. And those who do provide it are entitled to limit the terms in any way they please.
Having been in the ISP business and the hosting business for quite some time, I can attest to the fact that it's wise to take a very strict approach to spam/spammers. If Verio doesn't cut this guy off, the black hole lists may decide that entire blocks of their IP's should be listed. How would you respond to being blacklisted because your "IP neighbor" thinks he should be allowed to maintain an open relay simply for the sake of the convenience. Verio would loose customers if they didn't act.
According to Verio's AUP (last modified March 9, 2000):
Spamming -- Sending unsolicited bulk and/or commercial messages over the Internet (known as "spamming"). It is not only harmful because of its negative impact on consumer attitudes toward NTT/VERIO, but also because it can overload NTT/VERIO's network and disrupt service to NTT/VERIO subscribers. Also, maintaining an open SMTP relay is prohibited. When a complaint is received, NTT/VERIO has the discretion to determine from all of the evidence whether the email recipients were from an "opt-in" email list.
Yes, all physicam measures can be defeated, but all in a detectable way. Jumpering the CMOS reset, removing the CMOS bettery etc all will require opening the machine. With enough super glue or security stickers, it will be obvious they did so. Including hardware tampering stipulations in the terms of evaluation should cover you in this situation. Something along the lines of "Any tampering with equipment...will be deemed as acceptance of purchace of product. IANAL, but something like this should be acceptable.
Step 1:
/* scripts if tampering is detected.
Hire lawyers. As many as you need.
Step 2:
Buy a few nice laptops. Configure BIOS to disable floppy, USB, serial, sound, PCMCIA, network, external VGA, external mouse, external keyboard etc. Basically lock down the BIOS completely. Set BIOS passwords. Install Linux, create user account with just enough privelidges to preview your technology. Disable all network capabilities, floppy, USB etc just to be sure. At this point the only way to get data off the machine is to point a video camera at the screen, which would be a pain in the ass. If you can buy tamper detecting tape or glue, use it to lock down the hard drive. You cannot keep them from getting to the drive, but you could tell that they tried. Also, try locking down the runlevels to keep them from getting places they shouldn't. Think about rm
I have relatively little experience with this type of software, but I have heard that the IBM Homepage Reader is a pretty good product and it's only $100 or so. It takes a while to get used to this kind of web interface though, and many sites are downright impossible to navigate with these kind of readers. I have a few blind friends and this is the only software they recommend.
-Nate
Let the stat's (and methods) speak for themselves. Any true scientist would never ask "How can I prove that Apache is faster than IIS?" We need to ask "If I compared similar installs of Apache and IIS under the same conditions, how do they perform?" Anything else would be unreasonable.
Let's look at Dell's testing methods. The same hardware is meaningless if they applied tweaks to NT but left the Linux installation to defaults.
True, a novice sysadmin (or one interested in expanding his/her knowledge) might need to purchase books for easy, reliable reference. This is a one time purchase unlike the expensive licensing model of Windows or NT.
If a tool doesn't exist, and you are technically inclined enough to REALLY need it, you should be technically inclined enough to write your own. I challenge you to write the same kind of utility for NT, with a non-open OS and a non-open filesystem.
In summary, the benefits of Linux cover far more than initial cost, they stem from an operating system, file system, windowing environment and utilities that are all open source. If you can't understand that this kind of environment allows one to create one's own tool and modifications to allow the system to do WHATEVER ones heart desires, then you better fdisk, format and install NT because the open source movement has just passed you by.
We just rebuilt our entire network including 3 white-boxes with Enlight cases. They are very nice with dual hot-swap power supplies, RAID capable hot-swap drive enclosures etc. They will cost a couple hundred $$, but they are worth the money.
~Nate
I think the message that the "Geek Community" has been preaching has been one of reasonable preparedness. We didn't know what was going to happen, therefore we didn't want to take any chances. And yes, the fact that there weren't any more problems is definitely a testament to the "Geek Community". I personally upgraded many customers from old Xenix systems on 386's to more modern PII SCO and Linux boxes. Without my help they would all have been dead in the water.
It wasn't just the stupid general population freaking out either. I had several fairly intelligent friends stockpile water and toilet paper as well. They just saw everyone else doing it on TV and thought they were missing out on something. The media needed a story, and they exaggerated our warnings. Plain and simple.
~Nate
In fact looking back on my last handful of projects I can't think of one instance where this technique would have helped in any way. I'm not trying to bash the ideas presented, I think they have some merit. Can we hear from the trenches at all? Anyone using this effectively?
~Nate
I went to the UT-210 Unicenter Basics course and was VERY unimpressed with the product. The developers couldn't see the forest for the trees. I think they tried to make it too complex a system while they disregarded basic reliability, the cornerstone of any good network management/monitoring suite.
After 15 minutes of poking around, Unicenter crashed. I had to switch machines because the instructor said a total reinstall of NT and Unicenter was needed. I'm good but not that good, I mean 15 minutes and I didn't change a single setting!!!
The software constantly showed incorrect network settings. Machines were up/down when they weren't. I had my dead machine off for 3 hours before Unicenter noticed.
My company is a CA VAR, and even with our great pricing I can't recommend Unicenter.
I am always impressed when a couple of young guys can have the foresight to look out for the reader instead of looking out for their own pocket books. You guys could have held out until you became filthy rich but you didn't because you want to provide the best content you could and for that I am quite impressed. Thanks for giving us the best site on the internet!