Umm....yeah...except hams aren't broadcasters. It's realt-time point-to-point communications between people. That's like saying "On the bright side, it'll be easier for people with cell phones to migrate to podcasting or internet radio stream.." It's a statement that completely mischaracterizes amateur radio communications.
According to a story this morning on NPR, this will support only Windows Media Player and only Windows. They've specifically said that OS X and iPods aren't supported. That sounds like great marketing, sell a service to the group that is the most prolific at buying iPods and don't support iPods.
Yeah, it's weird. I get three channels that allegedly show music (MTV, MTV2, and Fuse) and only one (Fuse) shows videos before 1AM. Of course, the only videos that MTV seems to show are rap and hip hop. Perhaps it's no great loss that they don't show them before 1AM.
IMHO, the problem is two-fold. If they do their jobs well, the Security Department is essentially invisible as things hum along. The second aspect is that most people only hear from the Security Department in a negative connotation. Whether it's explaining why using FTP to outside folks is a bad idea, explaining why emailing an Excel spreadsheet with a password protection is a bad idea, or explaining why a user can't have access over a VPN to any port on any internal machine, it's evident that most people only hear from Security in the context of "you can't," "you shouldn't," or "you must." Right, wrong, or indifferent, that's just part of the job.
Having been a server admin before doing security, I can tell you that the two jobs are very similar. When things are done correctly, the suits rarely know who you are, what you do, or why your job is important. Because of that, it can be extremely difficult to explain why you need $100k for firewalls or $50k for new servers. C'est la vie.
Hey, let's follow that logic to another conclusion. When I'm walking down the public street, it would be perfectly within my rights to walk up to a car with a loud, thumping bass and destroy the speakers. I think you're mistaken that your right to be in a public venue gives you the right to alter or detroy the property of others.
Exactly what part of negative.NET press on Slashdot surprises you? C'mon, this is _Slashdot_, anti-MS opinions (whether they are accurate or not) are the norm. It's not right, it's not wrong, it's just the way it is.
Umm, not meaning to start a flame war, but how does Windows have productivity out of the box? If it shipped with Office as part of the install, then I could see it. But, not as it currently is. Windows is only useful for corporate environments after the Office Suite is applied to it.
How would the admin be worse? If one setup unattended or semi-unattended installs, in a similar manner to Kickstart, and allowed key-based SSH from a specific group of management servers, it seems like it'd be relatively easy. Setup your own apt repository, much like setting up a Red Hat Satellite Server, have the desktops use it for updates, and use scripts to spray out updates as needed. Make sure the user's data is stored on network mounts, use LDAP and/or NIS/Kerberos for authentication and management, and enjoy.
*sigh* Now, if only I didn't work in a horribly Windows-centric shop....
I think they're on the right track, but their reasoning isn't very good. To me, the big reasons to ban external IM and unauthorized VoIP are based solely on information disclosure. The various laws (SOX, GLBA, HIPAA, etc.) are heavily-geared towards protecting information from disclosure to unauthorized sources. Allowing external IM, where possibly sensitive information goes through someone else's servers unencrypted, and unauthorized VoIP (same reasons) can be serious risks.
I completely disagree with the comment that, "There is zero value added by closing IM, Skpe[sic] and other holes in the M$ strainer." Using that logic, why even worry about closing any inbound or outbound ports in the firewall? Why even have one? Don't let your dislike of MS software cloud your judgement concerning other products.
Actually, IM is harder to block than one would expect. This is especially true of MSN. The system uses a number of systems for login and those IPs seem to change relatively regularly. The client will try to use the MSN-specific ports to make an outbound connection and, failing that, will fall back to port 80. The only way that I've found to block it reliably is with an IDS system that can find the signature of MSN traffic, then send TCP resets to kill the connections.
BTW, it is somewhat possible to see the traffic traversing the network. The Skype traffic seems to be based on STUN. The firewall can't block it, but the IDS is able to pick it up.
The best method I know of for stopping this traffic is to use a multi-pronged approach. Start with a corporate policy against IM, unauthorized VoIP, etc. Use IDS and/or firewall logs to see someone using the software. After detection, turn the person in to mgt./HR for policy violations and have them terminated. After a few people become examples, this behaviour will decrease immensely. It sounds heavy-handed, but there are industries that cannot risk disclosure of data (think HIPAA and GLBA).
Doesn't the infrastructure in TN help him "get to work?" If there were no utilities in Nashville, then he couldn't telecommute. By that same logic, shouldn't the company contribute to the the infrastructure in TN?
Isn't that the problem? Like you said, "as far as New York is concerned this guy is working in their manor and drawing an income from their economy and is therefore liable for their taxes." This is true, but he's physically in New York 25% of the time. If he's not personally using the public facilities of the state (roads, fire, police, emergency, etc.) 75% of the time, then why should he be liable for the cost?
It depends on the industry. If it's mortgage records, it's the life of the loan + (IIRC) 30 years. If it's other financial records in banking, it's 7 years (including credit card records). If you're dealing with corporate financial records, I've heard SOX auditors mention 7 years (though most seem to say 3-5). If it's HIPAA data, there doesn't seem to be a clear directive, but it may be a _long_ time for treatment of lifelong illnesses. With the various interpreations of the various laws (SOX, GLBA, HIPAA, etc.), I wouldn't assume that 5 years is enough.
What exactly is preventing you now from saving your work, uploading it to a GMail message, sending it to your own account, and then downloading it at home? That's how I transfer files to and from home when they're too big to email using the corp servers.
It's also not "fortunate" if gov't regulations exist about the privacy and protections of your data. Symantec make think you're "fortunate" but HIPAA, Gramm-Leach-Bliley, and Sarbanes-Oxley may disagree.
Would it even need 10 hours? It's alleged that Slammer hit 75,000 machines in 10 minutes. Think of writing a multifacted worm, say some combination of the methods of Sobig, Blaster, Slammer, Zotob, etc., base its main exploit on a zero-day vulnerability (but including others to attack what it can), and configure it to wipe the BIOS and force a reboot at a certain time (say 4-5 hours after the release time). The tine to patch and protect is miniscule, yet the impact to those infected is massive. It wouldn't get the writer the infamy desired, as the time-to-live for the worm would be small, but the impact of this could be huge.
I'm not trying to shift the discussion from OS X, but it's not the only OS with that potential user issue. How often does a Linux user click on a program on their desktop that asks for a password? This is a user education issue, just like the "don't click on files that you weren't expecting" Windows problem. Unfortunately, it's darn-near impossible to protect the user from his/her own stupidity, regardless of the operating system they're on.
Your statment was that the acquisition cost was zero and said, "Meaning you can test the software, decide whether it fits your needs and do this for no cost." That wasn't stated as TCO, it was stated as acquisition cost.
You are correct that it costs nothing to actually get the software, but it doees cost something to my employer for me to test it. The time of those who are doing the actual testing is not free, even though the cost of the software is.
I would disagree that "Writing the damned software does finish the project." I would think that writing coherent documentation for the software would finish the project. It (a) makes it more useful for others if there are good docs and (b) makes is easier for the developer to re-visit the project later, should they need to extend, enhance, etc.
Slashdot Mirror
Umm....yeah...except hams aren't broadcasters. It's realt-time point-to-point communications between people. That's like saying "On the bright side, it'll be easier for people with cell phones to migrate to podcasting or internet radio stream.." It's a statement that completely mischaracterizes amateur radio communications.
According to a story this morning on NPR, this will support only Windows Media Player and only Windows. They've specifically said that OS X and iPods aren't supported. That sounds like great marketing, sell a service to the group that is the most prolific at buying iPods and don't support iPods.
Yeah, it's weird. I get three channels that allegedly show music (MTV, MTV2, and Fuse) and only one (Fuse) shows videos before 1AM. Of course, the only videos that MTV seems to show are rap and hip hop. Perhaps it's no great loss that they don't show them before 1AM.
Following along the lines of the FSF, don't you mean Berkely/vi versus MIT/Emacs?
IMHO, the problem is two-fold. If they do their jobs well, the Security Department is essentially invisible as things hum along. The second aspect is that most people only hear from the Security Department in a negative connotation. Whether it's explaining why using FTP to outside folks is a bad idea, explaining why emailing an Excel spreadsheet with a password protection is a bad idea, or explaining why a user can't have access over a VPN to any port on any internal machine, it's evident that most people only hear from Security in the context of "you can't," "you shouldn't," or "you must." Right, wrong, or indifferent, that's just part of the job.
Having been a server admin before doing security, I can tell you that the two jobs are very similar. When things are done correctly, the suits rarely know who you are, what you do, or why your job is important. Because of that, it can be extremely difficult to explain why you need $100k for firewalls or $50k for new servers. C'est la vie.
Hey, let's follow that logic to another conclusion. When I'm walking down the public street, it would be perfectly within my rights to walk up to a car with a loud, thumping bass and destroy the speakers. I think you're mistaken that your right to be in a public venue gives you the right to alter or detroy the property of others.
Exactly what part of negative .NET press on Slashdot surprises you? C'mon, this is _Slashdot_, anti-MS opinions (whether they are accurate or not) are the norm. It's not right, it's not wrong, it's just the way it is.
Umm, not meaning to start a flame war, but how does Windows have productivity out of the box? If it shipped with Office as part of the install, then I could see it. But, not as it currently is. Windows is only useful for corporate environments after the Office Suite is applied to it.
How would the admin be worse? If one setup unattended or semi-unattended installs, in a similar manner to Kickstart, and allowed key-based SSH from a specific group of management servers, it seems like it'd be relatively easy. Setup your own apt repository, much like setting up a Red Hat Satellite Server, have the desktops use it for updates, and use scripts to spray out updates as needed. Make sure the user's data is stored on network mounts, use LDAP and/or NIS/Kerberos for authentication and management, and enjoy.
*sigh* Now, if only I didn't work in a horribly Windows-centric shop....
Are you wearing a sleeveless flannel shirt and beat-up ball cap? If not, it's not quite authentic.
I think they're on the right track, but their reasoning isn't very good. To me, the big reasons to ban external IM and unauthorized VoIP are based solely on information disclosure. The various laws (SOX, GLBA, HIPAA, etc.) are heavily-geared towards protecting information from disclosure to unauthorized sources. Allowing external IM, where possibly sensitive information goes through someone else's servers unencrypted, and unauthorized VoIP (same reasons) can be serious risks.
I completely disagree with the comment that, "There is zero value added by closing IM, Skpe[sic] and other holes in the M$ strainer." Using that logic, why even worry about closing any inbound or outbound ports in the firewall? Why even have one? Don't let your dislike of MS software cloud your judgement concerning other products.
Actually, IM is harder to block than one would expect. This is especially true of MSN. The system uses a number of systems for login and those IPs seem to change relatively regularly. The client will try to use the MSN-specific ports to make an outbound connection and, failing that, will fall back to port 80. The only way that I've found to block it reliably is with an IDS system that can find the signature of MSN traffic, then send TCP resets to kill the connections.
BTW, it is somewhat possible to see the traffic traversing the network. The Skype traffic seems to be based on STUN. The firewall can't block it, but the IDS is able to pick it up.
The best method I know of for stopping this traffic is to use a multi-pronged approach. Start with a corporate policy against IM, unauthorized VoIP, etc. Use IDS and/or firewall logs to see someone using the software. After detection, turn the person in to mgt./HR for policy violations and have them terminated. After a few people become examples, this behaviour will decrease immensely. It sounds heavy-handed, but there are industries that cannot risk disclosure of data (think HIPAA and GLBA).
Nah, you don't owe any state income taxes to TN. There isn't one.
Doesn't the infrastructure in TN help him "get to work?" If there were no utilities in Nashville, then he couldn't telecommute. By that same logic, shouldn't the company contribute to the the infrastructure in TN?
Isn't that the problem? Like you said, "as far as New York is concerned this guy is working in their manor and drawing an income from their economy and is therefore liable for their taxes." This is true, but he's physically in New York 25% of the time. If he's not personally using the public facilities of the state (roads, fire, police, emergency, etc.) 75% of the time, then why should he be liable for the cost?
It depends on the industry. If it's mortgage records, it's the life of the loan + (IIRC) 30 years. If it's other financial records in banking, it's 7 years (including credit card records). If you're dealing with corporate financial records, I've heard SOX auditors mention 7 years (though most seem to say 3-5). If it's HIPAA data, there doesn't seem to be a clear directive, but it may be a _long_ time for treatment of lifelong illnesses. With the various interpreations of the various laws (SOX, GLBA, HIPAA, etc.), I wouldn't assume that 5 years is enough.
No, we can't. It'd be too perilous.
Wait, you do realize that this is Slashdot? It makes no difference if the problem is in the OS or a 3rd-party app, MS will get blamed anyway.
What exactly is preventing you now from saving your work, uploading it to a GMail message, sending it to your own account, and then downloading it at home? That's how I transfer files to and from home when they're too big to email using the corp servers.
Exactly how is OpenBSD "hopelessly obsolete?"
It's also not "fortunate" if gov't regulations exist about the privacy and protections of your data. Symantec make think you're "fortunate" but HIPAA, Gramm-Leach-Bliley, and Sarbanes-Oxley may disagree.
Would it even need 10 hours? It's alleged that Slammer hit 75,000 machines in 10 minutes. Think of writing a multifacted worm, say some combination of the methods of Sobig, Blaster, Slammer, Zotob, etc., base its main exploit on a zero-day vulnerability (but including others to attack what it can), and configure it to wipe the BIOS and force a reboot at a certain time (say 4-5 hours after the release time). The tine to patch and protect is miniscule, yet the impact to those infected is massive. It wouldn't get the writer the infamy desired, as the time-to-live for the worm would be small, but the impact of this could be huge.
I'm not trying to shift the discussion from OS X, but it's not the only OS with that potential user issue. How often does a Linux user click on a program on their desktop that asks for a password? This is a user education issue, just like the "don't click on files that you weren't expecting" Windows problem. Unfortunately, it's darn-near impossible to protect the user from his/her own stupidity, regardless of the operating system they're on.
Your statment was that the acquisition cost was zero and said, "Meaning you can test the software, decide whether it fits your needs and do this for no cost." That wasn't stated as TCO, it was stated as acquisition cost.
You are correct that it costs nothing to actually get the software, but it doees cost something to my employer for me to test it. The time of those who are doing the actual testing is not free, even though the cost of the software is.
I would disagree that "Writing the damned software does finish the project." I would think that writing coherent documentation for the software would finish the project. It (a) makes it more useful for others if there are good docs and (b) makes is easier for the developer to re-visit the project later, should they need to extend, enhance, etc.