I recently bought a logitech usb keyboard. It had the proper mac labels and puts the keys where they belong (Control-Alt-Command-Space, not control-command-alt)
I've been wondering when the various companies will release cases, since it was done all the time back in the Mac Classic/II days. I even remember seeing an expansion box for a II which went INSIDE the existing case (it took the place of the top lid, then the top lid attached to it.
On another topic, I always thought that a modular case was a neat idea. Start with a basic box. You need another drive bay, you clip a module on. It has an internal pass through for ide/s-ata/firewire/etc. External, but still self contained.
Let's put 8 different versions of OpenOffice Writer on millions of machines (10% of which have defective hardware, viruses, etc), and see how well works.
I'm sure O-O wouldn't tell me the disk is full when the file had too many images in it. Or torch its own file format (yes files become corrupt, office has corrupted more files than every other app I've ever used combined)
Of course, people using word as if it was a page layout program doesn't help either. People expect word to easily handle 1000 but it falls apart instead.
Gold CD-R's are best for archival, but what about DVD's? Single or dual layer?
I have to backup a few large data sets (they're just over the size of a DVD, so I'll have to go dual layer). My plan so far is 3 sets of discs (one loaner, one on site backup, one off-site backup). Might also buy a hard drive and use that instead of one of the DVD sets. But, I've also had drives die if they're not running on a regular basis.
Or is my only option to find a used DLT drive somewhere?
I thought there was an issue with Quark and Classic (never used it myself). It got to the point that Apple actually had to keep available the last G4's which 9 supported, until Quark got their act together.
Adobe PageMaker did run in classic. but it was ugly. Fortunately, my last client switched to InDesign months ago (and with that, the last app from my Applications (MacOS 9) folder disappeared)
Palm is a close second to Quark. Eventually I got it running in classic so that I didn't have to dual boot to hotsync. They took their time porting it. Of course, one of the 10.3 updates killed it so I actually had to offload hotsyncing to a beige G3, and then sync the calendar across the network.
Umax provides the only app I'm still required to use classic for. I bought my scanner around the time of DP4 and they never released a native X driver. I can understand old hardware not being supported, but something a few months old? (of course, their software is garbage so I won't buy one from them again)
Nothing beats Microsoft though. The last version of office to connect to an exchange server is 2001 running in Classic. Office 2004 may have fixed this though.
The reason Windows is so problematic is that it's still largely built on a codebase that was never designed to be connected to an enormous untrusted network like the Internet.
Neither was the classic MacOS. But you never heard of Macs being attacked.
Windows NT (which is what XP and 2000 are based on) was started when? I remember beta testing NT4 back in '96, roughly when Netscape 3 was released. MS got away with it because it was designed to live behind the corporate firewall. But, their long term plan was to make it a residential OS. No firewall there.
Meanwhile the internet was created on unix, and was routinely hacked (sendmail anyone?)
There were a few vendors (*cough*quark*cough*) who took forever in porting their apps over, but we're through that now. Besides, the longer Quark took, the longer InDesign had to take over.
The problem with updates is with corporate machines. While it's better (anyone remember service packs for NT?), I won't (for example) update a box to XP SP2 without running the apps on a test machine. I want the ability to roll the machine back to a configuration I know works.
You'd be suprized. IIRC, the military switched to a Mac web server because it was so hard to crack. Granted, this was back in the OS 9 days before the machines had a command line. You can't hack what isn't there.
There was one contest (might have been the same link) to hack a Mac web server. Someone did win eventually, but through an application hole (Lasso), not the os itself.
Even though Macs are now unix based, there are quite a few differences. (NetInfo, etc)
Compare to windows, which lets all sorts of stuff in. Turn of sharing and there are still admin shares open. Run the IIS lockdown tool, and I've had it royally mess up the server. (probably the fault of the webapp itself, but how many people just don't bother fixing it?) There's really no good reason for buffer exploits anymore, especially boxes dealing with untrusted clients.
And you sound like a student who doesn't understand that there are rules for a reason.
You serve the teachers, and you serve the students.
In any organization, all company resources (including computers) are property of the company, and owned by the business owner, not by the end users. Therefore, I serve the owner and anyone delegated to have that responsibility (my local administration). Although I wouldn't have a job without the end users, they're not the ones giving me my paycheque.
Many people don't seem to understand this. It's not your computer. So, no you can't install unlicensed software, you can't download copyrighted files, you can't modify the configuration, etc. If you want to do that at home, go right ahead.
IT isn't being mean or uncooperative. In fact, the owner can be liable for your actions. It's one of the reasons why many businesses have proxy filtering servers in place. Many employers make you sign an AUP when you join. Break it, and you're fired.
What other people's perspective did I miss? The computer is provided as an academic tool for academic reasons. I didn't prevent you from doing anything academic. To be clear: Using messenger is not academic. Hiding it when the teacher is looking is not academic. Uploading 14 Gigs of MP3's, games, videos, unlicensed software, etc are not academic. (and again, WE could be liable for YOUR actions!). Clogging our limited bandwidth is not academic. Non-academic tasks were not supported, and if you were caught resulted in the loss of privileges.
I sympathize with one of the other posts about requiring MP3's for a class. Chances are I would have locked your account initially. But I would have unlocked it once you told me what it was for without removing the files. Network storage wasn't your only option. You could have also burned a CD with your mp3's, or even walked down the hall and talked to me before I locked you. But, while you have a valid reason, the other 99% of students don't. Am I supposed to not run a MP3 scan because it's inconvenient for 1 single user? How am I supposed to know that you are using the files for a class when I manage 1400 student accounts?
As for the rest of your comment, which I won't bother quoting: I will simply say that If you weren't at my school, then you have no reason to flame me. (and if you were, I made an occasional appearance in the building between 8:30 and 4:30. Talk to me, not on/.) You don't understand the various technical and administrative issues I faced. It's a school board and not exactly quick moving (it took me 4 months to order LIGHT BULBS! And I still had to walk down the street and buy them myself)
For example: I was forced to use the standard Windows 98 image, provided by the board IT. Security was basically a set of registry hacks running from the domain login script. Only after I demonstrated that the machines were compromised (with a push from administration) did the software get changed.
With all the tricks that spyware pulls, it's hard enough to keep it off on a locked down 2K/XP box. 98 had no concept of security. Lockdowns are a balance of usability and restrictions. I could easily prevent you from installing software by preventing file downloads. But you'll lose something else. Which is exactly what we did in the next image. It drastically improved the reliability of the workstations and lessened the need for me to image machines. I didn't want to go this far, but it was abused. I'm there to maintain the machines, not to clean up your mess when your downloads cause 5-6 machines in a lab to go down. So, don't comment on my sysadmin abilities.
Unlike the phone/cable companies, the rules were clearly posted in each lab. A few of the rules: Academic use only. Non-academic use may result in a temporary loss of computer access. Do not install software and/or otherwise modif
If you're going to extract passwords from someone using a VPN, wouldn't you have to at least be in a position to sniff their traffic though? In this case physical access, or access to the registry. Wouldn't stop a virus though. Or, if all else fails, pop up an official looking "Outlook Express email login".
When you say, over the phone, do you mean from other people using dial-up connections with the same ISP? A client who forgot their dialup password, and switched machines. Over the phone, I was able to tell her how to extract it.
It's up to the app. It's fully possible to store the password encrypted, but encryption is often broken. Of course, allowing every app to access the registry isn't a good thing either.
Dial up (which includes PPPoE and VPN) can be extracted very easily. I've actually recovered passwords over the phone. I've had some success from various mail clients. The newest versions of Outlook are the most difficult, so far.
I used this exact line in a presentation in my second year softeng class 5 years ago. We were supposed to do a "marketing presentation", including a $100/year maintenance fee.
I came up with the idea of "For only $100/year, you get FREE MAINTENANCE! Free maintenance? Yes, FREE MAINTENANCE!".
We were the only group that did well. Maybe I shouldn't have gone into CompSci...
I was an admin at a high school for a year. Some of the fun things I discovered...
I'm sure I found keystroke loggers on a few lab machines. Reimage time.
VNC made it on to the master image. Discovered it as midterm marks were being inputted on the same machines. Of course, there is a paper verification, but still, I had 4 labs of compromised machines with no trusted image.
Caught a student once logging into a teacher area while reviewing the logs. How? He used his own user id, in a place where students don't have access. Instant visit to the administration and a suspension. I had no problem with keeping him locked out for the rest of the year, but I was overruled. Obviously not the brightest... use someone else's account!
Students loved creating shortcuts to the C drive. My daily "shortcut scan" took care of those. 24 hour lockout.
The IT department was either overworked/underpaid, or not actively monitoring things. Students downloaded fun things like kazaa, morpheus, winmx, etc plus associated spyware (before I knew what it was). Yet the board firewall blocked outgoing ssh, so I couldn't update the school's web site from within the building.
Image was broken so students couldn't change their password. So, they wrote down their user id's and assigned alpha-numeric passwords. Of course, that left no accountability ("I didn't download that!")
Teachers were also a part of the problem. I immediately forced everyone's password to expire when I discovered the security problem. I had to reset half of them to "password" with the "do not expire password" flag. No matter how many times I explained why they needed a secure password (it only takes one teacher password to compromise ALL the marks, for example).
I also would have liked to set better lockout policies, including a 1 concurrent login policy. Teachers tended to let students share accounts, instead of sending them to me for a password reset. In some cases, students were already locked out for violations, and the teachers let them "borrow" another student's account!
I had control of my own machine, and I had a group policy denying all student logins on it. I wish I could have set it on the teacher workstations though. I didn't trust some of the teachers to not let students log in on those machines. 1 logger and we're back to the beginning.
One of the IT people said it best. The average demographic of a hacker is a 14-18 year old male. That described half of my students.
they would have to find the user's login and password for the SMTP server
It's not that hard to pull the password out. I have at least one tool to recover dialup passwords.
On a mac, you get a warning if something is trying to access the keychain, and is not authorized. On windows, anything can read from the registry as it wants.
Even better, get an ATI remote wonder. It's RF based, so it doesn't need line of sight - it works anywhere. The only change I've made to the mapping is to run applescripts to change the active playlist
I've had one on my G3 for almost a year (which is basically an iTunes/file server machine now)
One of the macworld keynotes demoed netbooting among other things. First Steve used one iMac pulling data from a server, without a local hard drive. (even going as far as to show he removed the drive)
Then, after saying "1 client, 1 server - you would never do that... Why don't we bring out 50?". The room went nuts as a rack of 49 iMacs rolls out.
I've been on hold for at least 20 minutes with them because their web system rejects my dns servers. Listening to the same 1 song on infinite repeat. I'm sure (if they actually answer) they'll say something like "Your user ID doesn't give you permission to change DNS". Ignoring, of course, that we called two weeks ago to make sure we had the right access. They'll fix it as soon as I send my blood type on fake company letterhead.
The last domain I transfered from them was blocked. When I called them about it, I was basically told to pay for another year, then I can do whatever I want.
Slashdot Mirror
Easy. Next bought Apple.
I recently bought a logitech usb keyboard. It had the proper mac labels and puts the keys where they belong (Control-Alt-Command-Space, not control-command-alt)
It sounds like you need wireless power :-)
I've been wondering when the various companies will release cases, since it was done all the time back in the Mac Classic/II days. I even remember seeing an expansion box for a II which went INSIDE the existing case (it took the place of the top lid, then the top lid attached to it.
On another topic, I always thought that a modular case was a neat idea. Start with a basic box. You need another drive bay, you clip a module on. It has an internal pass through for ide/s-ata/firewire/etc. External, but still self contained.
- Cisco rep a few years ago (or was it 3Com?), explaining their new VOIP system.
If OSS is poor, then non-OSS can be just as bad.
Let's put 8 different versions of OpenOffice Writer on millions of machines (10% of which have defective hardware, viruses, etc), and see how well works.
I'm sure O-O wouldn't tell me the disk is full when the file had too many images in it. Or torch its own file format (yes files become corrupt, office has corrupted more files than every other app I've ever used combined)
Of course, people using word as if it was a page layout program doesn't help either. People expect word to easily handle 1000 but it falls apart instead.
Gold CD-R's are best for archival, but what about DVD's? Single or dual layer?
I have to backup a few large data sets (they're just over the size of a DVD, so I'll have to go dual layer). My plan so far is 3 sets of discs (one loaner, one on site backup, one off-site backup). Might also buy a hard drive and use that instead of one of the DVD sets. But, I've also had drives die if they're not running on a regular basis.
Or is my only option to find a used DLT drive somewhere?
iSync uses Palm's hotsync software, even though it syncs into iCal.
Plus, there's no memo pad conduit, so those go into Palm Desktop.
I thought there was an issue with Quark and Classic (never used it myself). It got to the point that Apple actually had to keep available the last G4's which 9 supported, until Quark got their act together.
Adobe PageMaker did run in classic. but it was ugly. Fortunately, my last client switched to InDesign months ago (and with that, the last app from my Applications (MacOS 9) folder disappeared)
Palm is a close second to Quark. Eventually I got it running in classic so that I didn't have to dual boot to hotsync. They took their time porting it. Of course, one of the 10.3 updates killed it so I actually had to offload hotsyncing to a beige G3, and then sync the calendar across the network.
Umax provides the only app I'm still required to use classic for. I bought my scanner around the time of DP4 and they never released a native X driver. I can understand old hardware not being supported, but something a few months old?
(of course, their software is garbage so I won't buy one from them again)
Nothing beats Microsoft though. The last version of office to connect to an exchange server is 2001 running in Classic. Office 2004 may have fixed this though.
The reason Windows is so problematic is that it's still largely built on a codebase that was never designed to be connected to an enormous untrusted network like the Internet.
Neither was the classic MacOS. But you never heard of Macs being attacked.
Windows NT (which is what XP and 2000 are based on) was started when? I remember beta testing NT4 back in '96, roughly when Netscape 3 was released. MS got away with it because it was designed to live behind the corporate firewall. But, their long term plan was to make it a residential OS. No firewall there.
Meanwhile the internet was created on unix, and was routinely hacked (sendmail anyone?)
There were a few vendors (*cough*quark*cough*) who took forever in porting their apps over, but we're through that now. Besides, the longer Quark took, the longer InDesign had to take over.
The problem with updates is with corporate machines. While it's better (anyone remember service packs for NT?), I won't (for example) update a box to XP SP2 without running the apps on a test machine. I want the ability to roll the machine back to a configuration I know works.
HOWEVER- nobody (hardly) uses macs for webserves.
You'd be suprized. IIRC, the military switched to a Mac web server because it was so hard to crack. Granted, this was back in the OS 9 days before the machines had a command line. You can't hack what isn't there.
There was one contest (might have been the same link) to hack a Mac web server. Someone did win eventually, but through an application hole (Lasso), not the os itself.
Even though Macs are now unix based, there are quite a few differences. (NetInfo, etc)
Compare to windows, which lets all sorts of stuff in. Turn of sharing and there are still admin shares open. Run the IIS lockdown tool, and I've had it royally mess up the server. (probably the fault of the webapp itself, but how many people just don't bother fixing it?) There's really no good reason for buffer exploits anymore, especially boxes dealing with untrusted clients.
This one wins my longest post ever award...
/.) You don't understand the various technical and administrative issues I faced. It's a school board and not exactly quick moving (it took me 4 months to order LIGHT BULBS! And I still had to walk down the street and buy them myself)
You sound just like the admin at my high school.
And you sound like a student who doesn't understand that there are rules for a reason.
You serve the teachers, and you serve the students.
In any organization, all company resources (including computers) are property of the company, and owned by the business owner, not by the end users. Therefore, I serve the owner and anyone delegated to have that responsibility (my local administration). Although I wouldn't have a job without the end users, they're not the ones giving me my paycheque.
Many people don't seem to understand this. It's not your computer. So, no you can't install unlicensed software, you can't download copyrighted files, you can't modify the configuration, etc. If you want to do that at home, go right ahead.
IT isn't being mean or uncooperative. In fact, the owner can be liable for your actions. It's one of the reasons why many businesses have proxy filtering servers in place. Many employers make you sign an AUP when you join. Break it, and you're fired.
What other people's perspective did I miss? The computer is provided as an academic tool for academic reasons. I didn't prevent you from doing anything academic. To be clear:
Using messenger is not academic. Hiding it when the teacher is looking is not academic. Uploading 14 Gigs of MP3's, games, videos, unlicensed software, etc are not academic. (and again, WE could be liable for YOUR actions!). Clogging our limited bandwidth is not academic. Non-academic tasks were not supported, and if you were caught resulted in the loss of privileges.
I sympathize with one of the other posts about requiring MP3's for a class. Chances are I would have locked your account initially. But I would have unlocked it once you told me what it was for without removing the files. Network storage wasn't your only option. You could have also burned a CD with your mp3's, or even walked down the hall and talked to me before I locked you. But, while you have a valid reason, the other 99% of students don't. Am I supposed to not run a MP3 scan because it's inconvenient for 1 single user? How am I supposed to know that you are using the files for a class when I manage 1400 student accounts?
As for the rest of your comment, which I won't bother quoting: I will simply say that If you weren't at my school, then you have no reason to flame me. (and if you were, I made an occasional appearance in the building between 8:30 and 4:30. Talk to me, not on
For example: I was forced to use the standard Windows 98 image, provided by the board IT. Security was basically a set of registry hacks running from the domain login script. Only after I demonstrated that the machines were compromised (with a push from administration) did the software get changed.
With all the tricks that spyware pulls, it's hard enough to keep it off on a locked down 2K/XP box. 98 had no concept of security. Lockdowns are a balance of usability and restrictions. I could easily prevent you from installing software by preventing file downloads. But you'll lose something else. Which is exactly what we did in the next image. It drastically improved the reliability of the workstations and lessened the need for me to image machines. I didn't want to go this far, but it was abused. I'm there to maintain the machines, not to clean up your mess when your downloads cause 5-6 machines in a lab to go down. So, don't comment on my sysadmin abilities.
Unlike the phone/cable companies, the rules were clearly posted in each lab. A few of the rules:
Academic use only. Non-academic use may result in a temporary loss of computer access.
Do not install software and/or otherwise modif
If you're going to extract passwords from someone using a VPN, wouldn't you have to at least be in a position to sniff their traffic though?
In this case physical access, or access to the registry. Wouldn't stop a virus though. Or, if all else fails, pop up an official looking "Outlook Express email login".
When you say, over the phone, do you mean from other people using dial-up connections with the same ISP?
A client who forgot their dialup password, and switched machines. Over the phone, I was able to tell her how to extract it.
It's up to the app. It's fully possible to store the password encrypted, but encryption is often broken. Of course, allowing every app to access the registry isn't a good thing either.
Dial up (which includes PPPoE and VPN) can be extracted very easily. I've actually recovered passwords over the phone. I've had some success from various mail clients. The newest versions of Outlook are the most difficult, so far.
I used this exact line in a presentation in my second year softeng class 5 years ago. We were supposed to do a "marketing presentation", including a $100/year maintenance fee.
I came up with the idea of "For only $100/year, you get FREE MAINTENANCE! Free maintenance? Yes, FREE MAINTENANCE!".
We were the only group that did well.
Maybe I shouldn't have gone into CompSci...
I was an admin at a high school for a year. Some of the fun things I discovered...
I'm sure I found keystroke loggers on a few lab machines. Reimage time.
VNC made it on to the master image. Discovered it as midterm marks were being inputted on the same machines. Of course, there is a paper verification, but still, I had 4 labs of compromised machines with no trusted image.
Caught a student once logging into a teacher area while reviewing the logs. How? He used his own user id, in a place where students don't have access. Instant visit to the administration and a suspension. I had no problem with keeping him locked out for the rest of the year, but I was overruled. Obviously not the brightest... use someone else's account!
Students loved creating shortcuts to the C drive. My daily "shortcut scan" took care of those. 24 hour lockout.
The IT department was either overworked/underpaid, or not actively monitoring things. Students downloaded fun things like kazaa, morpheus, winmx, etc plus associated spyware (before I knew what it was). Yet the board firewall blocked outgoing ssh, so I couldn't update the school's web site from within the building.
Image was broken so students couldn't change their password. So, they wrote down their user id's and assigned alpha-numeric passwords. Of course, that left no accountability ("I didn't download that!")
Teachers were also a part of the problem. I immediately forced everyone's password to expire when I discovered the security problem. I had to reset half of them to "password" with the "do not expire password" flag. No matter how many times I explained why they needed a secure password (it only takes one teacher password to compromise ALL the marks, for example).
I also would have liked to set better lockout policies, including a 1 concurrent login policy. Teachers tended to let students share accounts, instead of sending them to me for a password reset. In some cases, students were already locked out for violations, and the teachers let them "borrow" another student's account!
I had control of my own machine, and I had a group policy denying all student logins on it. I wish I could have set it on the teacher workstations though. I didn't trust some of the teachers to not let students log in on those machines. 1 logger and we're back to the beginning.
One of the IT people said it best. The average demographic of a hacker is a 14-18 year old male. That described half of my students.
they would have to find the user's login and password for the SMTP server
It's not that hard to pull the password out. I have at least one tool to recover dialup passwords.
On a mac, you get a warning if something is trying to access the keychain, and is not authorized. On windows, anything can read from the registry as it wants.
Even better, get an ATI remote wonder. It's RF based, so it doesn't need line of sight - it works anywhere. The only change I've made to the mapping is to run applescripts to change the active playlist
I've had one on my G3 for almost a year (which is basically an iTunes/file server machine now)
One of my recent spams was:
Subject: [Bulk] Message subject
To: notme@myisp.com
%CHILL
%DICK
%CONTACT http://%URL/d/1.php
%BYE
%ASSHOLE y
--
How would I even attempt to buy the product (if I wanted to) or flood the spammer?
SpamAssassin always catches them though, simply because of all the RBL's.
They never used "///" again, or any roman numeral above it.
The first Mac I used was an LC3.
One of the macworld keynotes demoed netbooting among other things. First Steve used one iMac pulling data from a server, without a local hard drive. (even going as far as to show he removed the drive)
:)
Then, after saying "1 client, 1 server - you would never do that... Why don't we bring out 50?". The room went nuts as a rack of 49 iMacs rolls out.
Now, if it was Microsoft, we'd see 50 BSoD's...
I have a nice DX4 magnet to go with the memory keychain.
Should have been a +5 Informative...
I've been on hold for at least 20 minutes with them because their web system rejects my dns servers. Listening to the same 1 song on infinite repeat. I'm sure (if they actually answer) they'll say something like "Your user ID doesn't give you permission to change DNS". Ignoring, of course, that we called two weeks ago to make sure we had the right access. They'll fix it as soon as I send my blood type on fake company letterhead.
The last domain I transfered from them was blocked. When I called them about it, I was basically told to pay for another year, then I can do whatever I want.
KLondike 5-3226
- Mr. Plow
KL5 = 555, the TV fake number exchange.