Slashdot Mirror


User: jbolden

jbolden's activity in the archive.

Stories
0
Comments
13,627
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,627

  1. Chiropractic care on Trick or Treatment · · Score: 1

    The review is good it is a pity it skips the chapter on Chiropractic care. There results are mixed, especially for lower back pain.

    As for why these are popular.... alternative medicine providers offer a much higher level of customer service and focus on customer satisfaction. They work hard to make sure their patients are happy with the treatment regimen and spend time with them.

  2. Re:The wild wild west on What Restrictions Should Student Laptops Have? · · Score: 1

    See my other posts in this thread. You want a lock down system you don't buy generic hardware. You buy generic hardware you gave up on a lock down system. So I think we agree.

    As for reporting back, that's where the router issue comes in. But I don't see kids doing hardware bypasses. The kids that know how to do that already have a computer.

  3. Re:I don't get it on Vista To XP Upgrade Triples In Price, Now $150 · · Score: 1

    Sorry for the delayed response, this slashdot notification ended up in the junk folder for some reason (most of them go through fine).

    You example of web browsing is unusual because I would that a very processor and memory intensive task. You often have twice wrapped virtual environments with multimedia content. Have you looked at browser requirements lately?

    But more importantly to the thread, under your scenario why would they even want to install Vista? The original point was about Vista being not good because it doesn't run on a wide range of hardware. Email and porn work fine under XP.

  4. Re:heh on Tech Firms Oppose Union Organizing · · Score: 1

    Most unions have little interest in keeping bad employees providing firing is not used as a way to reduce head count in general. If you had a board consisting of say 3 union members, 3 managers and 1 exec which tried cases of misconduct the union would not object particularly if the firing just opened up a new line slot.

    Again work with the union not against it.

  5. Re:Physical access on What Restrictions Should Student Laptops Have? · · Score: 1

    JAMF will know if it's not reporting in, because the system is booted from CD or DVD.

    How does the administrator distinguish that from the system being off at home? JAMF doesn't know if the computer was booted from CD.

    Kid A goes home uses the system admin gets a report
    Kid B goes home boots from CD uses the system, admin gets no report
    Kid C goes home doesn't use the system
    Kid D has reconfigured /System/Library/LaunchDaemons/com.jamfsoftware.task.*
    to launch only when he executes a script.

    How does the admin tell Kid B from Kid C from Kid D?

    This isn't a game of trying to make it impossible to hack the system. Just to know when it's been done, and JAMF (and other monitoring software) can easily do that.

    So far you haven't presented anyway it can know that. And looking at their website it seems to assume a pretty friendly environment. I can swap /etc/jamf.conf in and out using dozens of programs which legitimately have setuid. Moreover using SE features I can prohibt jamf from seeing what is going on.

    I don't even own this software, I haven't had a chance to see how flaws and I'm already noticing problems. Like is operating at the Darwin and not the SE level and/or kernel level.

    So no, I don't see how you would know. Maybe the reason you think it is working so well is because you are getting bogus reports from hacked jamf.

  6. Re:heh on Tech Firms Oppose Union Organizing · · Score: 1

    Which car company pays an average fully loaded cost of $75/hr? I don't know many autoworkers making that kind of money. Anyway I'll agree to say $48 as an average, and yes that is high. And again the auto companies could have offered a options/stock & wages mix to get concessions on things like layoffs. That's how bad management compounded the problems with an aggressive union.

    But lets be clear, it is not the unions which decided to stop innovating
    It is not the unions that pushed a policy of built in obsolescence
    It is not the unions which decided to drive down quality
    It is not the unions which had bad warranty policies
    It is not the unions which indebted the companies while paying high dividends

    The unions would have been and still would be thrilled with an innovative auto industry, using employee ownership.

  7. Re:Physical access on What Restrictions Should Student Laptops Have? · · Score: 1

    Once the student is in as root they alter the admin software. Software can't tell if it is running on virtual or physical hardware without a TPM chip. That is why they were invented. Moreover JAMF isn't going to see things like a CD Booted OS. I don't know the details of JAMF but do you really think something this simple is going to hold up?

    IBM, Microsoft, Intel... didn't invent a custom chip, CPU, OS solution to provide moderate security (still relatively easy to beat with specialized equipment as IBM is always quick to say) because 3rd party software does the job.

    As for "this is education" that is one of the worst. They have: unlimited time, strong incentives, lots of communication with each other, are going through a rebellious stage, and have all sorts of outside resources to assist in circumvention.

  8. Re:Physical access on What Restrictions Should Student Laptops Have? · · Score: 1

    Root can alter the open firmware password. Also it can be done via hardware pretty easily. Open firmware will stop someone in a monitored environment he doesn't have one of those.

  9. Re:How, indeed. on How Apple Could Survive Without Steve Jobs · · Score: 1

    The advantage of tight integration over loose integration (Microsoft model) is what Apple is selling. It is the their core product.

  10. Re:Inevitable on How Apple Could Survive Without Steve Jobs · · Score: 1

    The iPod was incredible. But Apple has gone from 10-2% to 8% PC marketshare (and in terms of profits better than 50%). The first company to real make that kind of a comeback. That came from vision and the ability to get the whole company working together i.e. leadership. Visionary leaders are rare.

  11. Re:The wild wild west on What Restrictions Should Student Laptops Have? · · Score: 1

    Attempted intrusions into root access should be detectable, monitored, and enforced

    How?

    1) Take laptop home
    2) Set home router to not accept connection from MAC address of school computer
    3) Do what I want

    That isn't hard.

    And (2) can be replaced with
    2') Go somewhere there isn't internet access.

  12. Re:I would be interested to know on What Restrictions Should Student Laptops Have? · · Score: 1

    I'm with you, I think he's fooling himself. I've written a computer designed to allow someone to use the system but still hide data from someone with physical access and a screw driver from being able to copy it (for about 2 days) and that system was very very custom. No way could it run any piece of software what-so-ever we didn't custom compile for it.

  13. Re:It can be done. on What Restrictions Should Student Laptops Have? · · Score: 1

    nd our students are not, in fact, either bypassing our controls

    How would you know?

  14. Re:Norton Ghost is your friend- really. on What Restrictions Should Student Laptops Have? · · Score: 1

    You are forgetting unlimited physical access with privacy. This isn't a school lab or library where the kids can't do an hour long take over. Deep freeze, anti-executable.. work well as long as the software is installed or not crippled.

  15. Re:People in glass houses... on What Restrictions Should Student Laptops Have? · · Score: 1

    How do you get those logs and how do you get the right ones on a compromised system?

  16. Re:Physical access on What Restrictions Should Student Laptops Have? · · Score: 1

    I agree with everything you wrote. Good advice and a realistic perspective. Macs remote reimaging form open firmware, you could have a website + instructions and just give the kids the URL.

    2.) If your goal is teaching computer science, Macs (and to a slightly lesser degree, Windows PCs) are NOT the way to go. Both MS and Apple hide the workings of a computer from the user to a degree that makes it almost useless for this purpose. Kids( and teachers for that matter) will not learn how computers work through osmosis. Of course it is fairly unrealistic to expect US public/private schools to put linux in the classroom but one can dream.

    OSX architecture may hide things, as you say. Darwin on the other hand is a BSD. Pretty much everything you wanted to do with Linux in a curriculum you can do with the Mac macports. Don't get me wrong, I think kids would learn way more from say at 10th grade having to reimage to a Linux from scratch and work it up to the point it runs Open Office but I can't see most HS computer level teachers being able to teach that.
    Really any modern OS, Linux included sucks for understanding computers, they are just too complicated. A virtual OS built on top of a Lisp is much better. Getting the stupid thing to be able to do eval((3+4) * 6) will take some deep understanding.

  17. Re:They'll just use their own laptops. on What Restrictions Should Student Laptops Have? · · Score: 1

    Macs don't have BIOSes at all they have OpenFirmware which is way cooler (it has some built in servers for example). Yes, you can put a password in the OpenFirmware and that will prevent it from booting from anything but the harddrive and prevent things like single user mode.

    But.... root has write to OpenFirmware so one hole anywhere in any app which is installed and game over. Also, there are other ways to compromise open firmware by screwing with the hardware.

  18. Re:none on What Restrictions Should Student Laptops Have? · · Score: 1

    The problem is the knowledgeable will tell all of his friends and a "how to" will be on myspace within a week.

  19. Re:Physical access on What Restrictions Should Student Laptops Have? · · Score: 1

    I responded to some of those others on this thread. The problem is your are monitoring a system in hostile hands where the hacker has unlimited physical access.

  20. command-s on What Restrictions Should Student Laptops Have? · · Score: 1

    Take your macbook and hold command-s during boot. Tell me how secure the system feels now.

    For windows/Linux users: that is the "reboot to single user mode command".

  21. Re:Physical access on What Restrictions Should Student Laptops Have? · · Score: 1

    I think you are missing the point. Kaseya and most tools are designed around letting administrators access systems where the person on the other end is cooperating. He's dealing with the situation where the person on the other end is not necessary cooperating.

    I agree Kaseya solves the cable/phone company not allowing incoming connections problem. But that's only one problem. Lets start with some scenarios for Kaseya (and do they even make a Mac client):

    1) Computer is off.
    2) Computer is on but unplugged from ethernet
    3) Service is disabled so client is not running
    4) Kaseya IP/port is blocked on home router (intentionally)
    5) Kaseya (if it uses DNS) is remapped via (c:\System32\Drivers\Etc on windows or /etc/hosts to say 127.0.0.1)

    etc...

    How is he going to tell which of these is going on? All he gets is no ability to monitor the system.

    Even if I were to grant that the kids have to have the system on and be connected then he could be facing Kaseya client is running on a VM or chrooted environment and can't see the actual hardware, just the visualized hardware. Remember they have unlimited physical access. This is a completely compromised machine from a security standpoint.

    Some of what he is aiming for can be done using trusted computing (but again that doesn't exist for Mac). But then he is talking much more expensive machines. And then either the machines are completely locked down, which means high administrative costs or its pretty easy to carve off an environment the main OS can't see.

    Going back to mac for a second, we aren't talking about anything terrible tricky here. -s on boot and the kids are in single user mode on the macbook.

    Now normally in a company this wouldn't be such a big deal. But these are teenagers which means one of them will know how to do this and he'll tell everyother kid via myspace. You can secure school computers in the school, at the home forget it. Best to just admit it can't be done and move on. Particularly since what he is trying to secure them against is stuff they can do easily dozens of other ways.

  22. Re:Physical access on What Restrictions Should Student Laptops Have? · · Score: 1

    That solves the connection problem. But it doesn't let him distinguish between:

    1) computer is off
    2) computer is not on the internet
    3) outgoing port is blocked on computer
    4) outgoing port is blocked on home router
    5) signal is redirected (to say 127.0.0.1) ....

    I'm not sure what your monitoring is designed for, but it wouldn't seem to solve his issue.

  23. Panasonic tough books on What Restrictions Should Student Laptops Have? · · Score: 1

    Panasonic makes a line of notebooks designed for light abuse: tough book
    or nasty treatement.

  24. Physical access on What Restrictions Should Student Laptops Have? · · Score: 3, Informative

    You don't stand a chance. The kids have physical access and you need to be able to run mainstream software. That means any knowledgeable kid can get administrative access in a heartbeat . Then 11+ year olds will tell each other how. You are done. As for remote monitor, they are on their home routers. They phone / cable company firewall is not going going to accept a TCP/IP connection you establish which means you can't do it.

    The first thing you need to do is get realistic expectations or start constructed a much more secure system, which is not going to be a macbook you are talking encrypted drives, TPM chips, access keys on some pager which need to be plugged in for the system to work.... trusted computing group website.

    Schools aren't going to pay for that sort of stuff. What you do is you set expectations reasonably, lock the system down badly, filter the minimum and have an easy way to re-image and that's it.

  25. Re:heh on Tech Firms Oppose Union Organizing · · Score: 1

    No it isn't damning. American companies go under all the time. The years between the 1st and 2nd Chrysler bailouts were devastating for American manufacturing. As for "screwing" the creditors they got paid not screwed. The credit swap was to their advantage.

    To show what you want to show about unions you would need to show that in similar industries union employment did far worse than non unions. And given the wage differential that might still not be enough from an NPV standpoint for the employees.

    What the government did was act the way creditors do in a bankruptcy.