Market forces for industries with very high entry costs (like telco, with all the infrastructure needed to provide service) will form monopolies with all the potential abuse of customers that goes along with them.
So unfortunately, in these rare cases, deregulation generally does more harm than good.
I would like to see something like this in place as well. Even cryptography aside, a simple network of friends, friends' friends, friends' friends' friends, etc. would be very helpful.
In EverQuest one of the biggest problems is finding people to play with. A significant amount of time in each playing session is taken up by "looking for a group". Having a ready list of people who are probably compatible players would help a lot.
Surprisingly, Verant has been resisting enhancements to the EverQuest friends system. Apparently searching for lots of people at once is hard on their servers.
Are you folks hiring people in Beaverton/Portland to help work on your linux projects? If so, is there a more efficient way to reach the team recruiters directly rather than sending resumes into IBM's black hole?
I think it's a safe assumption that most gamers have a dual boot system on which to play their games. I'm sure there are some hardcore folks who only play Loki/WineX/xtetris, but the vast majority of the game players I know play on Win32.
The Windows version doesn't work under WineX, and I don't see TransGaming fixing that any time soon.
I was disappointed that The Sims didn't play natively under WineX. I (naively) assumed that since they were advertising it so heavily on the Transagming site that it was one of the more compatible games with WineX.
Just today, as I went to purchase it, I read the fine print in the FAQ and discovered that the Win32 version not only does not run well on WineX-- it doesn't run AT ALL.
And then this topic appeared on slashdot giving me a chance to vent some.;-)
Are you guys going to release The Sims for Linux as a standalone? Right now at $70US, the only way to get it (Mandrake Gaming Edition) is priced $20 more than the Win32 version.
I'm sure this is awfully discouraging to would-be purchasers. (like me)
I'd just like to be able to buy The Sims for Linux for less than $70US. Mandrake (exclusively) sells it bundled with their Linux distribution, but has no standalone version.
Considering that folks can get it (on Win32) for $50US, there's little incentive to buy it except "for the good of the company". After I found out what Loki did with my money, I'm still a bit jaded about paying a premium for Linux games...
----- PGP for Unix, Version 5.0.2 LICENSE COPY OF NETWORK ASSOCIATES PRODUCTS
(Commercial, Executable Version)
Copyright (c) 1990-1998 Network Associates Inc., and its Affiliated Companies. All Rights Reserved.
End User License Agreement for PGP for Unix
IMPORTANT-READ CAREFULLY: This Network Associates End-User License Agreement ("Agreement") is a legal agreement between you (either an individual or a single entity) and Network Associates, Inc. (or "Network Associates") for the Network Associates software product identified above, which includes computer software and may include associated media, printed materials, and "online" or electronic documentation ("Software Product"). By installing, copying, or otherwise using the Software Product, you agree to be bound by the terms of this Agreement. If you do not agree to the terms of this Agreement, you may not install or use the Software Product; you may, however, return it to your place of purchase for a full refund.
The Software Product is owned by Network Associates, Inc. and is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties.
1. GRANT OF LICENSE. Network Associates grants you (the original end-user, except as permitted under 1 (g)) a non-transferable non-exclusive license to put in use by a person or organization that agrees to be bound by the terms of this Agreement, one copy or node of the Software Product. If you purchased this Software Product from a retail store or directly from Network Associates as a retail product for individual users, this license is effective until terminated. If this Software Product was purchased in some other manner than as a retail product, the license may have a term commencing on the Delivery Date of a Product and continuing for an extended period of time as otherwise indicated in your purchase order or as set forth in a separate and complementing Software License Agreement to which this End User License Agreement is subject to.
a. Installation. You may install one copy or node of the Software Product on one Client Device (defined as, any computer, workstation, personal digital assistant, pager, "smart phone" or other digital electronic device for which the software was designed and on which software may be used by an end user in client-mode).
b. Use. You may use one copy or node of the Software Product on one Client Device or Server (except as may be specifically provided below). The Software Product is "in use" when it is loaded into the temporary memory (i.e., RAM) or installed into the permanent memory (e.g., hard disk, CD ROM, or other storage device) of a Client Device for the purpose of being accessible in client-mode by one end user. Though the Server may be connected at any point in time to an unlimited number of workstations or computers operating on one or more networks, you must acquire a separate License for each end user who accesses or otherwise utilizes the services of the Software Product. Any computer, workstation, personal digital assistant, pager, "smart phone" or other digital electronic device on which software may be used by an end user in client-mode shall be referred to as a "Client Device." An end user who uses software on a Client Device that accesses or otherwise uses the Software Product shall be referred to as a "Seat." Each License must be dedicated to one unique Client Device or Seat. It permits that Client Device or Seat to access or utilize the services of any Server running a copy of the Software Product. The services of the Software are considered to be accessed when there is a direct or indirect connection between a Client Device or Seat and a Server. Use of software or hardware that reduces the number of Client Devices or Seats directly accessing or utilizing the Software Products (sometimes called "multiplexing" or "pooling" software or hardware) does not reduce the number of Licenses required (e.g., the required number of Client Access Licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end"). If the number of Seats or Client Devices that can access or use the Software Product can exceed the number of Licenses you have obtained, then you must have a reasonable mechanism or process in place to ensure that the number of Client Devices or Seats accessing or using the Software Product does not exceed the number of Licenses you have obtained.
c. Volume Licenses. If this package is a volume license package (such as a "corporate license" or a "corporate bundle"), you may make and use additional copies or nodes of the Software Product up to the number authorized in this package or in your corporate license agreement, or otherwise indicated at the time of purchase. If the anticipated number of users of the Software Product will exceed the number of applicable licenses, then you must have a reasonable mechanism or process in place to ensure that the number of persons using the Software Product does not exceed the number of licenses you have obtained.
d. Upgrades. If this Software Product is labeled as an upgrade or trade-up from a prior version of a Network Associates product that you were properly licensed to use, Network Associates grants you the right to put in use either the current or prior version of the Software Product, and any prior version license is replaced by this Agreement.
e. Support. Subject to U.S. export control laws and regulations, Network Associates may provide you with technical support services relating to the Software Product according to Network Associates' standard support policies and procedures, which may be described in the user manual, in "on line" documentation and/or other materials provided by Network Associates or posted on Network Associate's web site ("Support Services"). Any supplemental software code provided to you as part of the Support Services shall be considered part of the Software Product and subject to the terms and conditions of this Agreement. With respect to technical information you provide to Network Associates as part of the Support Services, Network Associates may use such information for its business purposes, including for product support and development. Network Associates will not utilize such technical information in a form that personally identifies you.
f. Dual Media Software and Multiple Platform Versions. If the package from which you obtained this Software Product contains more than one medium (e.g., both 3 1/2" disks and a CD), you may use only the medium appropriate to your computer. You may not use the other disk(s) on another computer or loan, rent, lease, or transfer them to another user except as permitted under this Agreement or as part of the permanent transfer (as provided above) of all the Software Product and related materials. If the CD or disk(s) on which the Software Product resides contains several copies of the Software Product, each of which is compatible with a different operating system or platform architecture (such as Windows95/NT, Macintosh, one or more versions of Unix, the x86 architecture, or various RISC architectures), then you may install the Software Product for use with any of those architectures up to the number of copies or nodes purchased but in no event may you use any version(s) on another computer or loan, rent, lease, or transfer them to another user except as permitted under this Agreement or as part of a permanent transfer (as provided above).
g. Restrictions.
i) Transfer. The original of this Agreement is your proof of license to exercise the rights granted herein and must be retained by you. You may not rent or lease the Software Product, including all accompanying printed materials.
ii) Other Restrictions. You may not reverse engineer, decompile, disassemble or otherwise translate the Software Product, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation. If this Software Product is labeled "Evaluation Copy," "Not For Resale," "NFR" or to any of those effects, this license only permits use for demonstration, test, or evaluation purposes.
2. COPYRIGHT. The Software Product is licensed, not sold. All right, title and interest in the Software Product (including any images, "applets," photographs, animations, video, audio, music, and text incorporated into the Software Product), accompanying printed materials, and any copies you are permitted to make herein, are owned by Network Associates, Inc. and its affiliated companies or its suppliers, and the Software Product is protected by United States copyright laws and international treaty provisions. Therefore, you must treat the Software Product like any other copyrighted material (e.g., a book or musical recording) except that you may either (a) make one copy of the Software Product solely for backup or archival purposes or (b) transfer the Software Product to a single hard disk, provided you keep the original solely for backup or archival purposes. Such copy shall include Network Associates' copyright and other proprietary notices. You may not copy the printed materials accompanying the Software Product.
3. U.S. GOVERNMENT RESTRICTED RIGHTS LEGEND. The Software Product and documentation are provided to the U.S. Government with RESTRICTED RIGHTS. The U.S. Government acknowledges Network Associates' representation that the Software is "commercial computer software" as that term is defined in 48 C.F.R. 12.212 of the Federal Acquisition Regulations ("FAR") and is "Commercial Computer Software" as that term is defined in 48 C.F.R. 227.7014 (a)(i) of the Department of Defense Federal Acquisition Regulation Supplement ("DFARS"). Use, duplication or disclosure by the U.S. Government is subject to restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer-Restricted Rights clause at FAR 52.227-19 when applicable, or in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013, or at 252.211-7015, or to this commercial license, as applicable, and in similar clauses in the NASA FAR Supplement, as applicable. Contractor/manufacturer is Network Associates, Inc. 2805 Bowers Avenue, Santa Clara, CA 95051-0963.
4. EXPORT LAW. Export of the Software Product may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau of Export Administration, United States Department of Commerce, which restrict the export and re-export of certain products and technical data. If the export of the Software Product is controlled under such rules and regulations, then the Software shall not be exported or re-exported, directly or indirectly, (a) without all export or re-export licenses and governmental approvals required by any applicable laws, or (b) in violation of any applicable prohibition against the export or re-export of any part of the Software.
5. TERMINATION. This Agreement will immediately and automatically terminate without notice if you fail to comply with any term or condition of this Agreement. You agree upon termination to promptly destroy the Software Product together with all of its component parts, prior and replacement versions, and all copies, modifications and merged portions thereof in any form.
6. LIMITED WARRANTY.
a. Limited Warranty. Network Associates warrants that the Software Product will perform substantially in accordance with the accompanying written materials for a period of sixty (60) days from the date of original purchase. To the extent allowed by applicable law, implied warranties on the Software Product, if any, are limited to such sixty (60) day period. Some jurisdictions do not allow limitations on duration of an implied warranty, so the above limitation may not apply to you.
b. Customer Remedies. Network Associates' and its suppliers' entire liability and your exclusive remedy shall be, at Network Associates' option, either (a) return of the purchase price paid for the license, if any or (b) repair or replacement of the Software Product that does not meet Network Associates' limited warranty and which is returned at your expense to Network Associates with a copy of your receipt. This limited warranty is void if failure of the Software Product has resulted from accident, abuse, or misapplication. Any repaired or replacement Software Product will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer. Outside the United States, neither these remedies nor any product support services offered by Network Associates are available without proof of purchase from an authorized international source and may not be available from Network Associates to the extent they are subject to restrictions under U.S. export control laws and regulations.
c. NO OTHER WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR THE LIMITED WARRANTIES SET FORTH HEREIN, THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" AND NETWORK ASSOCIATES AND ITS SUPPLIERS DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, CONFORMANCE WITH DESCRIPTION, TITLE AND NON- INFRINGEMENT OF THIRD PARTY RIGHTS, AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES. THIS LIMITED WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHERS, WHICH VARY FROM JURISDICTION TO JURISDICTION.
d. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL NETWORK ASSOCIATES OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES OR LOST PROFITS WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE PRODUCT OR THE FAILURE TO PROVIDE SUPPORT SERVICES, EVEN IF NETWORK ASSOCIATES HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, NETWORK ASSOCIATES' CUMULATIVE AND ENTIRE LIABILITY TO YOU OR ANY OTHER PARTY FOR ANY LOSS OR DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR ACTIONS ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE PURCHASE PRICE PAID FOR THIS LICENSE. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY, THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.
7. GENERAL . These terms and conditions may not be modified, amended, canceled or in any way altered, nor may they be modified by custom and usage of trade or course of dealing, except by an instrument in writing and signed by a duly authorized officer of Network Associates. THESE TERMS AND CONDITIONS SHALL BE CONSTRUED AND ENFORCED IN ACCORDANCE WITH THE LAWS OF THE STATE OF CALIFORNIA, UNITED STATES OF AMERICA. Any action or proceeding brought by anyone arising out of or related to these terms and conditions shall be brought only in a state or federal court of competent jurisdiction located in the county of Santa Clara, California, and the parties hereby consent to the jurisdiction and venue of said courts. Should any term of these terms and conditions be declared void or unenforceable by any court of competent jurisdiction, such declaration shall have no effect on the remaining terms hereof. These terms and conditions are in the English language, and only the English language version hereof, regardless of the existence of other language translations of these terms and conditions, shall be controlling in all respects. The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. Network Associates reserves the right at any time without liability or prior notice to change the features or characteristics of this Software Product, or its documentation and related materials, or future versions thereof. These terms and conditions constitute the complete and exclusive statement of the agreement between us which supersedes any proposal or prior agreement, oral or written, and any other communication between us relating to the subject matter of these terms and conditions.
Copyright (c) 1990-1998 Network Associates, Inc. and its affiliated companies. All rights reserved. PGP and Pretty Good Privacy are registered trademarks of Network Associates, Inc. and its affiliated companies. The Software Product may use public key algorithms described in U.S. patent numbers 4,200,770, 4,218,582, 4,405,829, and 4,424,414, licensed exclusively by Public Key Partners; the IDEA(tm) cryptographic cipher described in U.S. patent number 5,214,703, licensed from Ascom Tech AG; and the Northern Telecom Ltd., CAST Encryption Algorithm, licensed from Northern Telecom, Ltd. IDEA is a trademark of Ascom Tech AG. The Software Product may also include any of the following; compression code which is provided by Mark Adler and Jean-loup Gailly, used with permission from the free Info-ZIP implementation; LDAP software which is provided courtesy University of Michigan at Ann Arbor, Copyright (c) 1992-1996 Regents of the University of Michigan, All rights reserved; DB 2.0 software which is Copyright (c) 1990, 1993, 1994, 1995, 1996, 1997 Sleepycat Software, Inc., All rights reserved; software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/), Copyright (c) 1995-1997 The Apache Group, All rights reserved. Network Associates, Inc. and its affiliated companies may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or documentation does not give you any license to these patents. Note: Some countries have laws and regulations regarding the use and export of cryptography products; please consult your local government authority for details. Should you have any questions concerning these terms and conditions, or if you desire to contact Network Associates, Inc. for any reason, please write: Network Associates, Inc. Customer Service, 2805 Bowers Avenue, Santa Clara, CA 95051- 0963. http://www.nai.com.
Where did you get the idea that the schools have already signed such a license?
I read the original article and I thought it said that they had this agreement already, but instead it said they were using the cost of an audit as leverage for having the school districts take this agreement.
I was mistaken. It makes a whole lot more sense now.:)
The common thing that all these "rip it out and replace it with XXX" threads are missing is that the license agreement that the schools signed does not count the number of installed copies of MS-Windows. It counts the number of PCs and they pay MS a fixed (lower) price per PC.
So uninstalling MS-Windows and installing linux on 5000 PCs saves them precisely zero dollars.
What they should instead be doing is changing from a "count all PCs and pay us for them" licensing model to a harder-to-manage but cheaper in the long run model of paying only for the MS-Windows copies (and related MS software) they have installed.
I have a new Sony. Unfortunately on my Sony VCR the IR receiver is mounted right in the center of the 6" tall device. There is no way to mount the emitter properly on this.
I tried to draw 'em for you, but the lameness filter hates ASCII-art.
Taking a screenshot is not the same thing as scanning a printed page. A screenshot of text is already in 2 colors whereas a scan is true color.
Perhaps you missed step two of my description where the image gets converted to two colors, making it irrelevant whether the original was 2 color or true color.
Screenshots on both Windows and X-Windows are created at the color depth of your display-- not 2 colors. There may only be 2 of the 16M colors in use, but the raw data is 16M colors. (If you're running your screen at 24bit.)
If you must, feel free to try it with a "real" scan. (But don't forget to do the two color conversion. Sometimes a noise reduction transform is useful beforehand to get rid of small grey dots/blotches before they get converted to black.)
I know exactly what you mean about the National Geographic CD-ROM set. I was very excited about having the complete archives available and was deeply disappointed in the quality of the final product.
Much of the text is completely unreadable because of over-JPEGging. (Is that a word? It is now.)
However, it did teach me to be very careful before plunking down $200+ for online books in the future. Now, I insist on a preview before I buy. (And yes, this does mean that many electronic collections don't get purchased simply because I can't find them in any libraries to view...)
Of course it won't scan this way due to shading, bits of wood chips on the pages, etc. Your image processing software can/should convert it to literally two colors-- black text + background (white). As you can imagine, this kind of "lossy" conversion cuts out a great deal of information and the file size reflects this.
Combined with a lossless compression algorithm which takes these huge areas of the same value and compresses them very tightly and you have a tiny, high-contrast, easy-to-read (or OCR) image.
Now with JPEG, it "loses" information by smoothing (forgive my oversimplification of a complex mapping process). With text you *want* unsmoothed (hard) edges-- it makes things easy to read. The JPEG smoothing process results in hard to read text, so you can't use as much of it before the image degrades too badly to read.
The result, the 2-color conversion with lossless compression gives you a smaller image size for the same relative viewing quality as a JPEG. (Or the flip side, for the same image size, the 2-color image is much more readable than the JPEG.)
Try this-- take a screenshot of some text. (Only text) From the GIMP, convert it to 2 colors and save as PNG. Then save it as a high-quality JPEG and a low-quality JPEG. Check the file sizes versus the clarity of the text.
I'll second this-- the O'Reilley Safari site is wonderful for anyone with a hoard of tech books.
I bet about half of your books are already online.
Also, for your compression you should NOT use JPEG. JPEG is optimized for smooth tones and will badly blur hard edges like text. On the other hand, JPEG performs relatively poorly at compressing large areas of the same color (i.e. white backgrounds.) [Note for the nit-pickers, both of these JPEG issues will be reduced/eliminated in JPEG2000.]
I scan documents to either compressed TIFF (tend to be large), PNG, or (*shudder*) GIF.
A general rule is to store scanned images to JPEG and store computer-generated pictures (like diagrams etc.) to GIF. The exception is if you scan in grayscale, then use GIF. Never scan pictures as lineart. If acceptable from a file size perspective use the highest possible quality setting for JPEG.
I suggest never using JPEG. The quality loss for printed words is just terrible relative to the compression you get. Also, just substitute PNG for GIF and the above works.
I actually believe them as well. HP historically has had excellent support on their high-end products (i.e. UNIX servers, enterprise disk arrays, etc.) (Don't get me started on their PC support, though.)
The shift to the new products likely will be done over about a three year period, since that seems to be the preferred (max) length of an HP support agreement.
For all the uproar this aquisition created it sure looks like they are executing on it nicely so far. (I.e. no BS about how layoffs won't happen, nice and up-front on what products will go away, etc.) I find their honesty strangely refreshing given what I've seen in many other aquisitions.
Now if they'd just start calling it an aquisition instead of a merger, then they would really get my respect.;-)
Is anyone else impressed that they even posted all this information in such a short and concise manner? How many merger/aquisitions have we seen where nobody admits to letting ANY products die for fear of losing the last two customers using it?
At least they're pretty much laying it down for us rather than letting everyone find out when it's time to upgrade. (Oh, that? Nah, we don't make that any more...)
I figured that since he was talking about a security audit that he had already done damage control. Clearly the first step is to fix/block the holes that have already been exploited.
I disagree that a third-party penetration test is appropriate for this stage. He *knows* that people can get in.
This would be the perfect time to get the CEO's signature on a security policy. I bet he/she already knows about the problem and is more than willing to do what it takes to get it solved. This signature/buy-in will save the sysadmin/operations staff days or weeks of arguments and petty internal squabbles later on when people balk at the security improvements that were needed to keep the hackers out.
After plugging the already exploited holes and possibly (if you can) slapping in some draconian network security (i.e. block EVERY port but port 80 to your servers and let the other applications suffer for a day or two...) the VERY NEXT STEP should be that security policy.
If people drag their feet, remind them that they won't be 100% operational until it gets done.
Don't skip it-- it's important. Really. In a worst-case scenario you might be forced to REMOVE your security a month or two down the line when the threat seems to have diminished. Instead of spending hours and hours in meetings trying to justify the security each time someone has to learn a new way of doing something that "used to be easy", you can refer people to the policy.
JamesSharman hit the nail on the head-- if you don't get your sysadmin staff up on security and get management's buy-in then you'll be needing an audit every day just to keep things secure.
The first step (really!) is to get a security policy in place. This really doesn't have to be anything special-- but it does need the buy-in of ALL groups affected (sysadmins, developers, marketing, sales, executives, etc.) That's really the only hard part.
Probably the quickest way to get started is to head to the SANS security policy project and adapt their sample policies to your company. This is one of those rare cases where it's more important to get something in than it is to get it right the first time. Policies can be changed fairly easily-- but you don't want to go to all the trouble to implement a secure environment only to have someone on the inside fighting you every step of the way.
Now the fun part-- actually securing your systems. Here are some pointers on places to start:
3) Make sure your firewall rules are set up with the security best practice of "minimum access to get the job done". Far too many firewalls allow traffic they shouldn't.
4) Get NMAP, a network mapper, port scanner, and OS identifier and run it from the Internet to your exposed (i.e. DMZ) hosts. Also run it from your exposed hosts to your internal network to validate that only the traffic that should get in can get in. (The traffic allowed back in from your DMZ should be very little, preferably none.) If you find anything that is inconsistent with what you think should be happening, check your firewall rules again.
5) Grab a copy of the Nessus security scanner and run it against your newly secured systems. If it finds anything, read the description of the problem and see if it's something you can fix. You can bet that everything you find here will also show up on your "security audit" since most "audits" are just someone running a tool like this and then feeding the output to the consultants to make it all pretty for management.
6) You should have most of the obvious, widespread holes plugged by now. This would be a good time to get some sysadmins out to some classes. Verisign has a number of excellent general Internet security classes. I'm sure there are lots of other good places, too. I was pleased with Verisign because of their Internet focus. Too many security classes only concentrate on host security and neglect network security.
7) Get the application developers at your site to read and follow Dave Wheeler's writing secure programs guidelines. This is a lower priority than OS/network security since these holes are likely to be specific to your site only. Only a determined hacker is likely to find and exploit them-- however exploiting application bugs/holes can severely disrupt your business. What happens when an electronic data interchange transaction gets bogus data inserted? How far will that bogus information make it in before it's detected? In the worst case these bugs could result in people getting free products/subscriptions, stealing credit card info, or destroying data inside your systems.
8) Now it's time to get that audit. They will be able to tell you what you missed in the previous 7 steps. Why wait so long? Most places will keep looking until they find something to report. If you do this too soon, the subtle security problems will be lost in the noise of all the obvious problems the previous 7 steps would have fixed. If you do this last, only the "hard" problems are left for them to find.
Remember above all that this is an ongoing process. Keep current on your patches, and repeat all the above steps regularly to keep all the bad guys away.
Slashdot Mirror
Market forces for industries with very high entry costs (like telco, with all the infrastructure needed to provide service) will form monopolies with all the potential abuse of customers that goes along with them.
So unfortunately, in these rare cases, deregulation generally does more harm than good.
I would like to see something like this in place as well. Even cryptography aside, a simple network of friends, friends' friends, friends' friends' friends, etc. would be very helpful.
In EverQuest one of the biggest problems is finding people to play with. A significant amount of time in each playing session is taken up by "looking for a group". Having a ready list of people who are probably compatible players would help a lot.
Surprisingly, Verant has been resisting enhancements to the EverQuest friends system. Apparently searching for lots of people at once is hard on their servers.
Are you folks hiring people in Beaverton/Portland to help work on your linux projects? If so, is there a more efficient way to reach the team recruiters directly rather than sending resumes into IBM's black hole?
Just today, as I went to purchase it, I read the fine print in the FAQ and discovered that the Win32 version not only does not run well on WineX-- it doesn't run AT ALL.
And then this topic appeared on slashdot giving me a chance to vent some. ;-)
Are you guys going to release The Sims for Linux as a standalone? Right now at $70US, the only way to get it (Mandrake Gaming Edition) is priced $20 more than the Win32 version.
I'm sure this is awfully discouraging to would-be purchasers. (like me)
I'd just like to be able to buy The Sims for Linux for less than $70US. Mandrake (exclusively) sells it bundled with their Linux distribution, but has no standalone version.
Considering that folks can get it (on Win32) for $50US, there's little incentive to buy it except "for the good of the company". After I found out what Loki did with my money, I'm still a bit jaded about paying a premium for Linux games...
For example:
http://www.lawguru.com/faq/19.5.html
For your reading pleasure:
-----
PGP for Unix, Version 5.0.2
LICENSE COPY OF NETWORK ASSOCIATES PRODUCTS
(Commercial, Executable Version)
Copyright (c) 1990-1998 Network Associates Inc., and its Affiliated Companies.
All Rights Reserved.
End User License Agreement for PGP for Unix
IMPORTANT-READ CAREFULLY: This Network Associates End-User License Agreement
("Agreement") is a legal agreement between you (either an individual or a single
entity) and Network Associates, Inc. (or "Network Associates") for the Network
Associates software product identified above, which includes computer software
and may include associated media, printed materials, and "online" or electronic
documentation ("Software Product"). By installing, copying, or otherwise using
the Software Product, you agree to be bound by the terms of this Agreement. If
you do not agree to the terms of this Agreement, you may not install or use the
Software Product; you may, however, return it to your place of purchase for a
full refund.
The Software Product is owned by Network Associates, Inc. and is protected by
copyright laws and international copyright treaties, as well as other
intellectual property laws and treaties.
1. GRANT OF LICENSE. Network Associates grants you (the original end-user,
except as permitted under 1 (g)) a non-transferable non-exclusive license to put
in use by a person or organization that agrees to be bound by the terms of this
Agreement, one copy or node of the Software Product. If you purchased this
Software Product from a retail store or directly from Network Associates as a
retail product for individual users, this license is effective until terminated.
If this Software Product was purchased in some other manner than as a retail
product, the license may have a term commencing on the Delivery Date of a
Product and continuing for an extended period of time as otherwise indicated in
your purchase order or as set forth in a separate and complementing Software
License Agreement to which this End User License Agreement is subject to.
a. Installation. You may install one copy or node of the Software Product on
one Client Device (defined as, any computer, workstation, personal digital
assistant, pager, "smart phone" or other digital electronic device for which the
software was designed and on which software may be used by an end user in
client-mode).
b. Use. You may use one copy or node of the Software Product on one Client
Device or Server (except as may be specifically provided below). The Software
Product is "in use" when it is loaded into the temporary memory (i.e., RAM) or
installed into the permanent memory (e.g., hard disk, CD ROM, or other storage
device) of a Client Device for the purpose of being accessible in client-mode by
one end user. Though the Server may be connected at any point in time to an
unlimited number of workstations or computers operating on one or more networks,
you must acquire a separate License for each end user who accesses or otherwise
utilizes the services of the Software Product. Any computer, workstation,
personal digital assistant, pager, "smart phone" or other digital electronic
device on which software may be used by an end user in client-mode shall be
referred to as a "Client Device." An end user who uses software on a Client
Device that accesses or otherwise uses the Software Product shall be referred to
as a "Seat." Each License must be dedicated to one unique Client Device or Seat.
It permits that Client Device or Seat to access or utilize the services of any
Server running a copy of the Software Product. The services of the Software are
considered to be accessed when there is a direct or indirect connection between
a Client Device or Seat and a Server. Use of software or hardware that reduces
the number of Client Devices or Seats directly accessing or utilizing the
Software Products (sometimes called "multiplexing" or "pooling" software or
hardware) does not reduce the number of Licenses required (e.g., the required
number of Client Access Licenses would equal the number of distinct inputs to
the multiplexing or pooling software or hardware "front end"). If the number of
Seats or Client Devices that can access or use the Software Product can exceed
the number of Licenses you have obtained, then you must have a reasonable
mechanism or process in place to ensure that the number of Client Devices or
Seats accessing or using the Software Product does not exceed the number of
Licenses you have obtained.
c. Volume Licenses. If this package is a volume license package (such as a
"corporate license" or a "corporate bundle"), you may make and use additional
copies or nodes of the Software Product up to the number authorized in this
package or in your corporate license agreement, or otherwise indicated at the
time of purchase. If the anticipated number of users of the Software Product
will exceed the number of applicable licenses, then you must have a reasonable
mechanism or process in place to ensure that the number of persons using the
Software Product does not exceed the number of licenses you have obtained.
d. Upgrades. If this Software Product is labeled as an upgrade or trade-up
from a prior version of a Network Associates product that you were properly
licensed to use, Network Associates grants you the right to put in use either
the current or prior version of the Software Product, and any prior version
license is replaced by this Agreement.
e. Support. Subject to U.S. export control laws and regulations, Network
Associates may provide you with technical support services relating to the
Software Product according to Network Associates' standard support policies and
procedures, which may be described in the user manual, in "on line"
documentation and/or other materials provided by Network Associates or posted on
Network Associate's web site ("Support Services"). Any supplemental software
code provided to you as part of the Support Services shall be considered part of
the Software Product and subject to the terms and conditions of this Agreement.
With respect to technical information you provide to Network Associates as part
of the Support Services, Network Associates may use such information for its
business purposes, including for product support and development. Network
Associates will not utilize such technical information in a form that personally
identifies you.
f. Dual Media Software and Multiple Platform Versions. If the package from
which you obtained this Software Product contains more than one medium (e.g.,
both 3 1/2" disks and a CD), you may use only the medium appropriate to your
computer. You may not use the other disk(s) on another computer or loan, rent,
lease, or transfer them to another user except as permitted under this Agreement
or as part of the permanent transfer (as provided above) of all the Software
Product and related materials. If the CD or disk(s) on which the Software
Product resides contains several copies of the Software Product, each of which
is compatible with a different operating system or platform architecture (such
as Windows95/NT, Macintosh, one or more versions of Unix, the x86 architecture,
or various RISC architectures), then you may install the Software Product for
use with any of those architectures up to the number of copies or nodes
purchased but in no event may you use any version(s) on another computer or
loan, rent, lease, or transfer them to another user except as permitted under
this Agreement or as part of a permanent transfer (as provided above).
g. Restrictions.
i) Transfer. The original of this Agreement is your proof of license
to exercise the rights granted herein and must be retained by you.
You may not rent or lease the Software Product, including all
accompanying printed materials.
ii) Other Restrictions. You may not reverse engineer, decompile,
disassemble or otherwise translate the Software Product, except and
only to the extent that such activity is expressly permitted by
applicable law notwithstanding this limitation. If this Software
Product is labeled "Evaluation Copy," "Not For Resale," "NFR" or to
any of those effects, this license only permits use for
demonstration, test, or evaluation purposes.
2. COPYRIGHT. The Software Product is licensed, not sold. All right, title
and interest in the Software Product (including any images, "applets,"
photographs, animations, video, audio, music, and text incorporated into the
Software Product), accompanying printed materials, and any copies you are
permitted to make herein, are owned by Network Associates, Inc. and its
affiliated companies or its suppliers, and the Software Product is protected by
United States copyright laws and international treaty provisions. Therefore,
you must treat the Software Product like any other copyrighted material (e.g., a
book or musical recording) except that you may either (a) make one copy of the
Software Product solely for backup or archival purposes or (b) transfer the
Software Product to a single hard disk, provided you keep the original solely
for backup or archival purposes. Such copy shall include Network Associates'
copyright and other proprietary notices. You may not copy the printed materials
accompanying the Software Product.
3. U.S. GOVERNMENT RESTRICTED RIGHTS LEGEND. The Software Product and
documentation are provided to the U.S. Government with RESTRICTED RIGHTS. The
U.S. Government acknowledges Network Associates' representation that the
Software is "commercial computer software" as that term is defined in 48 C.F.R.
12.212 of the Federal Acquisition Regulations ("FAR") and is "Commercial
Computer Software" as that term is defined in 48 C.F.R. 227.7014 (a)(i) of the
Department of Defense Federal Acquisition Regulation Supplement ("DFARS"). Use,
duplication or disclosure by the U.S. Government is subject to restrictions set
forth in subparagraphs (a) through (d) of the Commercial Computer-Restricted
Rights clause at FAR 52.227-19 when applicable, or in subparagraph (c)(1)(ii) of
the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013,
or at 252.211-7015, or to this commercial license, as applicable, and in similar
clauses in the NASA FAR Supplement, as applicable. Contractor/manufacturer is
Network Associates, Inc. 2805 Bowers Avenue, Santa Clara, CA 95051-0963.
4. EXPORT LAW. Export of the Software Product may be subject to compliance
with the rules and regulations promulgated from time to time by the Bureau of
Export Administration, United States Department of Commerce, which restrict the
export and re-export of certain products and technical data. If the export of
the Software Product is controlled under such rules and regulations, then the
Software shall not be exported or re-exported, directly or indirectly, (a)
without all export or re-export licenses and governmental approvals required by
any applicable laws, or (b) in violation of any applicable prohibition against
the export or re-export of any part of the Software.
5. TERMINATION. This Agreement will immediately and automatically terminate
without notice if you fail to comply with any term or condition of this
Agreement. You agree upon termination to promptly destroy the Software Product
together with all of its component parts, prior and replacement versions, and
all copies, modifications and merged portions thereof in any form.
6. LIMITED WARRANTY.
a. Limited Warranty. Network Associates warrants that the Software Product
will perform substantially in accordance with the accompanying written materials
for a period of sixty (60) days from the date of original purchase. To the
extent allowed by applicable law, implied warranties on the Software Product, if
any, are limited to such sixty (60) day period. Some jurisdictions do not allow
limitations on duration of an implied warranty, so the above limitation may not
apply to you.
b. Customer Remedies. Network Associates' and its suppliers' entire
liability and your exclusive remedy shall be, at Network Associates' option,
either (a) return of the purchase price paid for the license, if any or (b)
repair or replacement of the Software Product that does not meet Network
Associates' limited warranty and which is returned at your expense to Network
Associates with a copy of your receipt. This limited warranty is void if
failure of the Software Product has resulted from accident, abuse, or
misapplication. Any repaired or replacement Software Product will be warranted
for the remainder of the original warranty period or thirty (30) days, whichever
is longer. Outside the United States, neither these remedies nor any product
support services offered by Network Associates are available without proof of
purchase from an authorized international source and may not be available from
Network Associates to the extent they are subject to restrictions under U.S. export
control laws and regulations.
c. NO OTHER WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,
AND EXCEPT FOR THE LIMITED WARRANTIES SET FORTH HEREIN, THE SOFTWARE AND
DOCUMENTATION ARE PROVIDED "AS IS" AND NETWORK ASSOCIATES AND ITS SUPPLIERS
DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE, CONFORMANCE WITH DESCRIPTION, TITLE AND NON-
INFRINGEMENT OF THIRD PARTY RIGHTS, AND THE PROVISION OF OR FAILURE TO PROVIDE
SUPPORT SERVICES. THIS LIMITED WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU
MAY HAVE OTHERS, WHICH VARY FROM JURISDICTION TO JURISDICTION.
d. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, IN NO EVENT SHALL NETWORK ASSOCIATES OR ITS SUPPLIERS BE LIABLE FOR ANY
INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES OR LOST
PROFITS WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS
PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER
PECUNIARY LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE PRODUCT
OR THE FAILURE TO PROVIDE SUPPORT SERVICES, EVEN IF NETWORK ASSOCIATES HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, NETWORK ASSOCIATES'
CUMULATIVE AND ENTIRE LIABILITY TO YOU OR ANY OTHER PARTY FOR ANY LOSS OR
DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR ACTIONS ARISING OUT OF OR RELATING
TO THIS AGREEMENT SHALL NOT EXCEED THE PURCHASE PRICE PAID FOR THIS LICENSE.
BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF
LIABILITY, THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.
7. GENERAL . These terms and conditions may not be modified, amended,
canceled or in any way altered, nor may they be modified by custom and usage of
trade or course of dealing, except by an instrument in writing and signed by a
duly authorized officer of Network Associates. THESE TERMS AND CONDITIONS SHALL
BE CONSTRUED AND ENFORCED IN ACCORDANCE WITH THE LAWS OF THE STATE OF
CALIFORNIA, UNITED STATES OF AMERICA. Any action or proceeding brought by anyone
arising out of or related to these terms and conditions shall be brought only in
a state or federal court of competent jurisdiction located in the county of
Santa Clara, California, and the parties hereby consent to the jurisdiction and
venue of said courts. Should any term of these terms and conditions be declared
void or unenforceable by any court of competent jurisdiction, such declaration
shall have no effect on the remaining terms hereof. These terms and conditions
are in the English language, and only the English language version hereof,
regardless of the existence of other language translations of these terms and
conditions, shall be controlling in all respects. The failure of either party to
enforce any rights granted hereunder or to take action against the other party
in the event of any breach hereunder shall not be deemed a waiver by that party
as to subsequent enforcement of rights or subsequent actions in the event of
future breaches. Network Associates reserves the right at any time without
liability or prior notice to change the features or characteristics of this
Software Product, or its documentation and related materials, or future versions
thereof. These terms and conditions constitute the complete and exclusive
statement of the agreement between us which supersedes any proposal or prior
agreement, oral or written, and any other communication between us relating to
the subject matter of these terms and conditions.
Copyright (c) 1990-1998 Network Associates, Inc. and its affiliated companies. All
rights reserved. PGP and Pretty Good Privacy are registered trademarks of
Network Associates, Inc. and its affiliated companies. The Software Product may
use public key algorithms described in U.S. patent numbers 4,200,770, 4,218,582,
4,405,829, and 4,424,414, licensed exclusively by Public Key Partners; the
IDEA(tm) cryptographic cipher described in U.S. patent number 5,214,703,
licensed from Ascom Tech AG; and the Northern Telecom Ltd., CAST Encryption
Algorithm, licensed from Northern Telecom, Ltd. IDEA is a trademark of Ascom
Tech AG. The Software Product may also include any of the following; compression
code which is provided by Mark Adler and Jean-loup Gailly, used with permission
from the free Info-ZIP implementation; LDAP software which is provided courtesy
University of Michigan at Ann Arbor, Copyright (c) 1992-1996 Regents of the
University of Michigan, All rights reserved; DB 2.0 software which is Copyright
(c) 1990, 1993, 1994, 1995, 1996, 1997 Sleepycat Software, Inc., All rights
reserved; software developed by the Apache Group for use in the Apache HTTP
server project (http://www.apache.org/), Copyright (c) 1995-1997 The Apache
Group, All rights reserved. Network Associates, Inc. and its affiliated
companies may have patents and/or pending patent applications covering subject
matter in this software or its documentation; the furnishing of this software or
documentation does not give you any license to these patents. Note: Some
countries have laws and regulations regarding the use and export of cryptography
products; please consult your local government authority for details. Should you
have any questions concerning these terms and conditions, or if you desire to
contact Network Associates, Inc. for any reason, please write: Network
Associates, Inc. Customer Service, 2805 Bowers Avenue, Santa Clara, CA 95051-
0963. http://www.nai.com.
I was mistaken. It makes a whole lot more sense now. :)
The common thing that all these "rip it out and replace it with XXX" threads are missing is that the license agreement that the schools signed does not count the number of installed copies of MS-Windows. It counts the number of PCs and they pay MS a fixed (lower) price per PC.
So uninstalling MS-Windows and installing linux on 5000 PCs saves them precisely zero dollars.
What they should instead be doing is changing from a "count all PCs and pay us for them" licensing model to a harder-to-manage but cheaper in the long run model of paying only for the MS-Windows copies (and related MS software) they have installed.
Any signs this is happening?
I tried to draw 'em for you, but the lameness filter hates ASCII-art.
I prefer the flat surface mount kind like these Smarthome emitters.
Nah, that's nothing. How about this 35,800 foot deep link.
It would seem that they were trying to set things up exactly to do the sorts of things they prevented "smashed" from doing.
Getting the aim right can be tricky. I found that it actually works better when they're fairly far away from the box, which can be inconvenient.
I've seen paste-on emitters with other products which seem to work better, but these aren't what came with the TiVo.
You just might be able to get some useful pointers to prior art which could be used in your counter-suit.
Screenshots on both Windows and X-Windows are created at the color depth of your display-- not 2 colors. There may only be 2 of the 16M colors in use, but the raw data is 16M colors. (If you're running your screen at 24bit.)
If you must, feel free to try it with a "real" scan. (But don't forget to do the two color conversion. Sometimes a noise reduction transform is useful beforehand to get rid of small grey dots/blotches before they get converted to black.)
I know exactly what you mean about the National Geographic CD-ROM set. I was very excited about having the complete archives available and was deeply disappointed in the quality of the final product.
Much of the text is completely unreadable because of over-JPEGging. (Is that a word? It is now.)
However, it did teach me to be very careful before plunking down $200+ for online books in the future. Now, I insist on a preview before I buy. (And yes, this does mean that many electronic collections don't get purchased simply because I can't find them in any libraries to view...)
Scanned text pages should be black and white.
Of course it won't scan this way due to shading, bits of wood chips on the pages, etc. Your image processing software can/should convert it to literally two colors-- black text + background (white). As you can imagine, this kind of "lossy" conversion cuts out a great deal of information and the file size reflects this.
Combined with a lossless compression algorithm which takes these huge areas of the same value and compresses them very tightly and you have a tiny, high-contrast, easy-to-read (or OCR) image.
Now with JPEG, it "loses" information by smoothing (forgive my oversimplification of a complex mapping process). With text you *want* unsmoothed (hard) edges-- it makes things easy to read. The JPEG smoothing process results in hard to read text, so you can't use as much of it before the image degrades too badly to read.
The result, the 2-color conversion with lossless compression gives you a smaller image size for the same relative viewing quality as a JPEG. (Or the flip side, for the same image size, the 2-color image is much more readable than the JPEG.)
Try this-- take a screenshot of some text. (Only text) From the GIMP, convert it to 2 colors and save as PNG. Then save it as a high-quality JPEG and a low-quality JPEG. Check the file sizes versus the clarity of the text.
What, you never heard of "igrep"? ;-)
I bet about half of your books are already online.
Also, for your compression you should NOT use JPEG. JPEG is optimized for smooth tones and will badly blur hard edges like text. On the other hand, JPEG performs relatively poorly at compressing large areas of the same color (i.e. white backgrounds.) [Note for the nit-pickers, both of these JPEG issues will be reduced/eliminated in JPEG2000.]
I scan documents to either compressed TIFF (tend to be large), PNG, or (*shudder*) GIF.
From the Project Gutenberg "Making Etexts from Paper Originals" paper": (You can bet these guys know how to scan...)
I suggest never using JPEG. The quality loss for printed words is just terrible relative to the compression you get. Also, just substitute PNG for GIF and the above works.I actually believe them as well. HP historically has had excellent support on their high-end products (i.e. UNIX servers, enterprise disk arrays, etc.) (Don't get me started on their PC support, though.)
;-)
The shift to the new products likely will be done over about a three year period, since that seems to be the preferred (max) length of an HP support agreement.
For all the uproar this aquisition created it sure looks like they are executing on it nicely so far. (I.e. no BS about how layoffs won't happen, nice and up-front on what products will go away, etc.) I find their honesty strangely refreshing given what I've seen in many other aquisitions.
Now if they'd just start calling it an aquisition instead of a merger, then they would really get my respect.
Is anyone else impressed that they even posted all this information in such a short and concise manner? How many merger/aquisitions have we seen where nobody admits to letting ANY products die for fear of losing the last two customers using it?
At least they're pretty much laying it down for us rather than letting everyone find out when it's time to upgrade. (Oh, that? Nah, we don't make that any more...)
Excellent point, Minga!
I figured that since he was talking about a security audit that he had already done damage control. Clearly the first step is to fix/block the holes that have already been exploited.
I disagree that a third-party penetration test is appropriate for this stage. He *knows* that people can get in.
This would be the perfect time to get the CEO's signature on a security policy. I bet he/she already knows about the problem and is more than willing to do what it takes to get it solved. This signature/buy-in will save the sysadmin/operations staff days or weeks of arguments and petty internal squabbles later on when people balk at the security improvements that were needed to keep the hackers out.
After plugging the already exploited holes and possibly (if you can) slapping in some draconian network security (i.e. block EVERY port but port 80 to your servers and let the other applications suffer for a day or two...) the VERY NEXT STEP should be that security policy.
If people drag their feet, remind them that they won't be 100% operational until it gets done.
Don't skip it-- it's important. Really. In a worst-case scenario you might be forced to REMOVE your security a month or two down the line when the threat seems to have diminished. Instead of spending hours and hours in meetings trying to justify the security each time someone has to learn a new way of doing something that "used to be easy", you can refer people to the policy.
The first step (really!) is to get a security policy in place. This really doesn't have to be anything special-- but it does need the buy-in of ALL groups affected (sysadmins, developers, marketing, sales, executives, etc.) That's really the only hard part.
Probably the quickest way to get started is to head to the SANS security policy project and adapt their sample policies to your company. This is one of those rare cases where it's more important to get something in than it is to get it right the first time. Policies can be changed fairly easily-- but you don't want to go to all the trouble to implement a secure environment only to have someone on the inside fighting you every step of the way.
Now the fun part-- actually securing your systems. Here are some pointers on places to start:
1) Review the SANS "top 10" security vulnerabilities and make sure they're covered.
2) Review Lance Spitz's excellent collection of host security information and make sure to follow his recommendations.
3) Make sure your firewall rules are set up with the security best practice of "minimum access to get the job done". Far too many firewalls allow traffic they shouldn't.
4) Get NMAP, a network mapper, port scanner, and OS identifier and run it from the Internet to your exposed (i.e. DMZ) hosts. Also run it from your exposed hosts to your internal network to validate that only the traffic that should get in can get in. (The traffic allowed back in from your DMZ should be very little, preferably none.) If you find anything that is inconsistent with what you think should be happening, check your firewall rules again.
5) Grab a copy of the Nessus security scanner and run it against your newly secured systems. If it finds anything, read the description of the problem and see if it's something you can fix. You can bet that everything you find here will also show up on your "security audit" since most "audits" are just someone running a tool like this and then feeding the output to the consultants to make it all pretty for management.
6) You should have most of the obvious, widespread holes plugged by now. This would be a good time to get some sysadmins out to some classes. Verisign has a number of excellent general Internet security classes. I'm sure there are lots of other good places, too. I was pleased with Verisign because of their Internet focus. Too many security classes only concentrate on host security and neglect network security.
7) Get the application developers at your site to read and follow Dave Wheeler's writing secure programs guidelines. This is a lower priority than OS/network security since these holes are likely to be specific to your site only. Only a determined hacker is likely to find and exploit them-- however exploiting application bugs/holes can severely disrupt your business. What happens when an electronic data interchange transaction gets bogus data inserted? How far will that bogus information make it in before it's detected? In the worst case these bugs could result in people getting free products/subscriptions, stealing credit card info, or destroying data inside your systems.
8) Now it's time to get that audit. They will be able to tell you what you missed in the previous 7 steps. Why wait so long? Most places will keep looking until they find something to report. If you do this too soon, the subtle security problems will be lost in the noise of all the obvious problems the previous 7 steps would have fixed. If you do this last, only the "hard" problems are left for them to find.
Remember above all that this is an ongoing process. Keep current on your patches, and repeat all the above steps regularly to keep all the bad guys away.