I understand how you can include redundant capabilities into a comprehensive view of security, but I don't think that's what the original poster meant when he referred to "security," nor is it what most people would categorize as "security" today.
Aside from that, your view falls apart for other reasons. If, as you seem to believe, the protocols commonly referred to as TCP/IP were "designed to be secure," or to "provide security," then why was packet-level payload encryption only recently (in the 30 years of TCP/IP) added? How did usernames/passwords transmitted across the network in clear-text become the norm, rather than the exception? Why was source routing ever included?
The TCP/IP protocol suite is not, nor has it ever been, about security. It has always been about redundancy, fault-tolerance, and interoperability.
"Security" has until recently been left to the applications themselves. Security has always been an afterthought. If that were not the case, how would the man-in-the-middle attacks, and packet sniffers, ever have posed a security risk?
Our favorite little DARPA project did indeed begin as a defense project, and was primarily to increase our level of national security, but that end was served by providing the mechanisms to route around failures in the network, not in keeping the network traffic safe from prying eyes.
For every hour that an USAF fighter jock, mechanic, paper-pusher, or whatever is in training, that's one less hour they are available to do their real job. And yeah, some people may have enough slack time that this wouldn't be an issue, but I suspect that it's not true for the organization as a whole. You have to look at things like opportunity costs when you're talking about a change over to an entirely new system.
We are talking about changing the back end, not necessarily the client side. The only people that need retraining would be the IT folk, not every Pilot, Mechanic, or Clerk.
Plus you're assuming that the trainers would be military also. I seriously doubt that.
I have no first hand experience with the Air Force in this regard, but I do have first hand experience with the way the Marine Corps does this. Every single instructor at the Marine Corps' Computer Science School is a Marine. Every non-instructor position that made up the rest of the school was either a Marine, or a Purple person (Civilian employees of the Department of Defense). I would be surprised if the same did not hold true for the other branches of Service. (Not terribly surprised... The Marine Corps does a number of things differently than the other branches...)
And, funny thing, this is exactly the same issues that corporations face. After all, they're already paying people for their time, regardless of what they're tasked with. And they're responsible (osteniably) for all job-related training. But the costs - in both time and money - are not insignificant for any company of any size.
And this is what people seem to be misunderstanding about the Military... This is nowhere near the same issue that corporations face. Every decision a corporation makes reflects the bottom line, as corporations exist to turn a profit. The Military is not encumbered by this guiding principle. Sure, they have a budget to work within, but if their requirements change, or the need is great, they get additional funds, and they do what must be done to satisfy requirements that no corporation has to consider.
The purpose of the military is to win wars, and when they make a decision, lives hang in the balance.
Few corporations can make that boast, defense contractors being the most likely exceptions.
If the solution carries a higher pricetag, but saves lives, and better enables the military to communicate effectively and securely, putting the ultimate goal (winning wars) within reach, the cost or effort does not matter. For them, bottom line is not the single most important factor in arriving at a solution, and the profit-motive is non-existant.
You have adequately defined what the Internet was designed for, but you have mislabelled it.
The Internet was not designes to be secure. It was designed to be redundant, or fault tolerant, and the protocols it uses are designed to ensure standards based interoperability.
I whole-hearedly agree with your sentiments regarding Postel and company, though.
I'm not sure you understand the economics of the military...
It does not cost the Air Force anything to retrain, nor to reconfigure.
The Air Force (and the military in general) is already paying for the training of every person that enters the service. It would be a trivial matter for them to re-tool the courses in their Computer Sciences School, so that the students learned some other product or technology. (Besides, it's not like they teach an "NT Systems Administrator" course... They teach basics, like "Computer Programming," or "Computer Operations." The real training occurs on the job, after the E-2 or E-3 posts to his first duty station. In the Marine Corps, I entered as a "Cobol Programmer," and my fist duty billet was in networking (Banyan Vines, Ethernet and Token Ring environments).)
Likewise, the cost of reconfiguring all of the systems they've already purchased is also free. They have a labor force that they are already paying (that they have to pay, twice monthly, regardless of what they are tasked with), so why not "upgrade" all of the mail systems. It will not affect their costs at all.
This is a luxury that most of Microsoft's customers do not have, but is a very real, very possible option for the Armed Forces.
Well actually, as a veteran (see my Bio) with an IT Specialty, I do actually have some insight as to the requirements for Information Technology in the military. Since I left the service, I've supported myself as a consultant it this industry, so yes, I do have a good grasp of why Microsoft is a bad choice.
The Air Force is waving it's $6 Billion annual budget at Microsoft, and saying to them that if their shoddy, unsecure software does not dramatically improve, these dollars will be going to your competitors.
That's called "Economic Pressure," and in the free market, it's the single greatest motivator ever, and it always will be.
To put it in democratic terms, the Air Force has issued fair warning that it intends to "vote with it's feet."
You know, when a customer that has $6B dollars a year to spend on technology say jump, Microsoft had better damn well be asking "How High?"
I'm kind of disappointed that the Air Force is using Exchange in the first place. I hope that when they realize that Microsoft is not ever going to be able to meet the somewhat unique requirements of the DoD (For them, lives do hang in the balance), that they are willing to take their business elsewhere.
While I admit that a lot of the mail you may be recieving is SPAM, compared to the bandwidth that other services such as HTTP, FTP, or P2P, are using, it's probably not enough to justify another T-1 on it's own.
Let's be honest... Your enterprise is not AOL, and you don't have 25M+ users.
I'll concede that legitimate mail traffic, especially when factoring in attachments, can be significant, but that's not what the spammers are sending you.
They send 2k messages, usually about 30% of which is plain text, and the remainder is HTML formatted, echoing the same thing. If you get 40 such spam messages a day, that's 80k. Let's double it and round up... Call it 200k. Does it even consume the amount of bandwidth to load the Slashdot front page one time, with all of the graphics, etc? Does it even come close to the amount of traffic used in loading a topic page with some 150-200 comments?
Sure... If you have 2000 users, it adds up, but again, with that many users, you're probably considering adding another T-1 anyway.
What's the protocol breakdown of the traffic running across your company's pipe(s)?
(Please don't take this out of context... I hate spam just the same as you do, and it'd be nice if was gone. I just don't think that we should always rely of government to solve our problems. They're already far too caught up in our business as it is. Let's stop inviting them!)
I'm not saying that the Federal Government hasn't interceded into matters that do not concern them.
I'm saying that it isn't their place.
Aside from the propriety of such a course, look at it from a pragmatic standpoint.
Are you content to move at the speed of Government, or might you be better served by using the readily available tools at your disposal here, and now, to deal with the problem on your own?
...band together to get the single governing body in place with representatives from ALL people around the world.
That is the worst fscking idea I have ever heard. I certainly do not want the unwashed masses of the world, where free speech and the right of conscience don't exist, represented in a one-world government that has power over me.
While I'm certain that this is inevitable at some point in the future, I will be working to stall it, rather than hurrying it along. Much of the world has a lot of growing up to do before I set a place for it at my table.
Is that too Americentric a viewpoint for you? Kiss my Big-Mac enhanced ass.
Try to connect the dots, in a figurative, if not literal, sense.
My point is that we, as a nation (and the same can be said of the rest of the world), are far better served by avoiding these dense pockets of population, or industry.
Sam Kinison once told a joke about starving Ethiopians... His solution to their plight was for them to "Go Where The Food Is!"
We, both people and corporations, should "Go Where The Space Is."
(And to answer your question, yes, I have been to Silicon Valley, and having once been a bay Area resident (I can spell BART), I know full well that San Francisco is not part of it.)
While I share your sentiment that people need to go about their business, and the world's "threat" level has remained the same (people are simply aware of it now), the previous poster is correct.
The best way to reduce the threat to any given location is to dilute the target's attractiveness to would-be terrorists.
If businesses would stop perpetuating the myth that their legitimacy in the marketplace is dependany upon their maintaining a corporate presence [in|on] [Silicon Valley|Madison Avenue|the Technology Corridor|Wall Street], these locations would be less attractive to terrorist organizations.
Aside from the "security" mindset that has resulted from 9/11/01, it simply makes good business sense for corporations to move, or at least expand into, less populated, less developed areas, as the article points out. (How this "data" could be interpreted as anything other than "obvious," I'll never understand.)
Gateway figured it out quite a while ago... In this interconnected age of unrestricted communication, corporate web-prescence, on-line ordering, and overnight shipping, does it matter in the slightest where you happen to be in the meat-space? Hell no. It all looks the same through a web browser.
Build your campus where the land is cheap, bring the bandwidth in, and relish the low cost of living, and the 10 minute commute.
If anything, this aritcle should be modded "redundant."
You should already have a Dual-tuner PVR... The Hughes DirecTivo units are given away for free with a number of promotional deals, and cost around $100.00 even in commercial outlets.
Are you saying that ICMP, or UDP, traffic is unable to utilize this tunnel?
That is certainly not correct. Just as PPP carries all of your IP traffic (any protocol) between your home and your ISP, a PPP over SSH tunnel will also carry whatever you need it to.
You see, this is a fundamental difference between Canada (Not to mention most of Europe) and the United States, and the respective citizens of each. (I hope the other children are paying attention.)
You, as a Canadian citizen, believe that your rights exist because your government codified them. They were given you by Charter.
I, as a United States citizen, believe that my rights exist in nature, as a self-evident function of the human condition. The "Bill of Rights," the first 10 Amendments to our Consitution, simply list a number of rights which will be rigidly observed by the Federal government, and goes on to say that this brief list does not articulate all of our rights, and that the remainder are reserved for the States, and/or the People themselves.
If you concede that your rights have been extended to you by your government, then you must also concede that they may be revoked by that same government. If your government happens to function as some form of democracy, you are still not safe. Your perfectly legal "chartered" activity can be made illegal come the next election. (i.e. People named "Steve" can no longer own property... All of us non-Steves have agreed to it!)
A perfect example, particularly for Canada, would be free speech. Go ahead and write an editorial for your local newspaper, saying something "hateful" about people of a certain race, religion, sexual preference, or some other ridiculously defined protected class. Your right to free speech is a sham... You cannot express what you really believe, or even play devil's advocate, because it might hurt someone's feelings.
Is it your belief that there are no such thing as fundamental, inherent human rights? (Are you allowed to answer that question?)
If you feel that "everyone should have free speech, and the right to live an otherwise free life," but you don't feel at all superior to people or nations which are inherently against such freedoms, then praytell, what are the depths of your convictions?
If you, as a westerner, cannot look at a government like the one that recently controlled Afghanistan (used as an example only because of people's now universal awareness), their policies toward women, their xenophobia, their scorn for other religions and human history (the destruction of the Budda statues), and not feel any sense of superiority, then you do a tremendous disservice to your forebears, and all of the hard fought progress humankind has made throughout the ages.
That would be like watching the police drag some wife-beater out of a trailer on "Cops," and not feeling like you were looking at a scumbag. According to you, "who am I to judge this wife-beater? His values have equal weight with my own."
I'm with you, but I cannot allow the squishy hearted among us to boldy proclaim that there will be no proclaimations... Imagine thinking yourself so enlightened that you deliberately turn your back on your ability to reason, and judge?
The ability to reason is Man's principle tool of survival. We cannot fly... We haven't sharp teeth or claws... We are not particularly fast...
It is infuriating to me when a person questions his own right to question, and denies himself the use of the one tool that we, as a species, have at our disposal.
(Of course, this thread now has some 600ish posts, and few people will even take the time to load it.)
If a man shouts from a Soap-box, but nobody is around to hear it, do his feet still end up clean?
If a society does not allow a person to exercise their right of conscience, to articulate a belief or a point of view that runs contrary to sanctioned doctrine, or to engage in self-determination, then that society is wrong, and no amount of double-thinking left-leaning uber-tolerance changes that fact.
Nobody is talking about forcing Chinese citizens to abandon their long-held culture, or turn them into good little capitalist consumers like the rest of us. If they choose to live in impoverished little communes, renouncing all forms of material wealth, so be it.
What we are talking about is giving them a choice.
Is a Chinese person less entitled to pornography than you? Are they less entitled to worship the God of their choosing? How about deciding for themselves if they can or can't support several children, more than one of which might be female? (Perish the thought...)
In short, get out of the classroom, get a goddamn job, and take a fucking stand for something, even if it is only here on Slashdot.
Unquestionably, you are a qualified candidate for such a position from a technological perspective. Technology is only half (perhaps less than half) of the equation, though...
Please describe your views on economics to the greatest extent possible, and the influences that helped you to form these views.
I would particularly like to know what you think regarding monopolies, artificially created and sustained, or naturally occurring, and how you believe consumers (and the marketplace) are affected by them, and under what circumstances consumers may benefit, or be harmed, by them.
Slashdot Mirror
Aside from that, your view falls apart for other reasons. If, as you seem to believe, the protocols commonly referred to as TCP/IP were "designed to be secure," or to "provide security," then why was packet-level payload encryption only recently (in the 30 years of TCP/IP) added? How did usernames/passwords transmitted across the network in clear-text become the norm, rather than the exception? Why was source routing ever included?
The TCP/IP protocol suite is not, nor has it ever been, about security. It has always been about redundancy, fault-tolerance, and interoperability.
"Security" has until recently been left to the applications themselves. Security has always been an afterthought. If that were not the case, how would the man-in-the-middle attacks, and packet sniffers, ever have posed a security risk?
Our favorite little DARPA project did indeed begin as a defense project, and was primarily to increase our level of national security, but that end was served by providing the mechanisms to route around failures in the network, not in keeping the network traffic safe from prying eyes.
The purpose of the military is to win wars, and when they make a decision, lives hang in the balance .
Few corporations can make that boast, defense contractors being the most likely exceptions.
If the solution carries a higher pricetag, but saves lives, and better enables the military to communicate effectively and securely, putting the ultimate goal (winning wars) within reach, the cost or effort does not matter. For them, bottom line is not the single most important factor in arriving at a solution, and the profit-motive is non-existant.
You have adequately defined what the Internet was designed for, but you have mislabelled it.
The Internet was not designes to be secure. It was designed to be redundant, or fault tolerant, and the protocols it uses are designed to ensure standards based interoperability.
I whole-hearedly agree with your sentiments regarding Postel and company, though.
It does not cost the Air Force anything to retrain, nor to reconfigure.
The Air Force (and the military in general) is already paying for the training of every person that enters the service. It would be a trivial matter for them to re-tool the courses in their Computer Sciences School, so that the students learned some other product or technology. (Besides, it's not like they teach an "NT Systems Administrator" course... They teach basics, like "Computer Programming," or "Computer Operations." The real training occurs on the job, after the E-2 or E-3 posts to his first duty station. In the Marine Corps, I entered as a "Cobol Programmer," and my fist duty billet was in networking (Banyan Vines, Ethernet and Token Ring environments).)
Likewise, the cost of reconfiguring all of the systems they've already purchased is also free. They have a labor force that they are already paying (that they have to pay, twice monthly, regardless of what they are tasked with), so why not "upgrade" all of the mail systems. It will not affect their costs at all.
This is a luxury that most of Microsoft's customers do not have, but is a very real, very possible option for the Armed Forces.
Great post though, really. Keep 'em coming.
The Air Force is waving it's $6 Billion annual budget at Microsoft, and saying to them that if their shoddy, unsecure software does not dramatically improve, these dollars will be going to your competitors.
That's called "Economic Pressure," and in the free market, it's the single greatest motivator ever, and it always will be.
To put it in democratic terms, the Air Force has issued fair warning that it intends to "vote with it's feet."
I'm kind of disappointed that the Air Force is using Exchange in the first place. I hope that when they realize that Microsoft is not ever going to be able to meet the somewhat unique requirements of the DoD (For them, lives do hang in the balance), that they are willing to take their business elsewhere.
Let's be honest... Your enterprise is not AOL, and you don't have 25M+ users.
I'll concede that legitimate mail traffic, especially when factoring in attachments, can be significant, but that's not what the spammers are sending you.
They send 2k messages, usually about 30% of which is plain text, and the remainder is HTML formatted, echoing the same thing. If you get 40 such spam messages a day, that's 80k. Let's double it and round up... Call it 200k. Does it even consume the amount of bandwidth to load the Slashdot front page one time, with all of the graphics, etc? Does it even come close to the amount of traffic used in loading a topic page with some 150-200 comments?
Sure... If you have 2000 users, it adds up, but again, with that many users, you're probably considering adding another T-1 anyway.
What's the protocol breakdown of the traffic running across your company's pipe(s)?
(Please don't take this out of context... I hate spam just the same as you do, and it'd be nice if was gone. I just don't think that we should always rely of government to solve our problems. They're already far too caught up in our business as it is. Let's stop inviting them!)
I'm saying that it isn't their place.
Aside from the propriety of such a course, look at it from a pragmatic standpoint.
Are you content to move at the speed of Government, or might you be better served by using the readily available tools at your disposal here, and now, to deal with the problem on your own?
That is the worst fscking idea I have ever heard. I certainly do not want the unwashed masses of the world, where free speech and the right of conscience don't exist, represented in a one-world government that has power over me.
While I'm certain that this is inevitable at some point in the future, I will be working to stall it, rather than hurrying it along. Much of the world has a lot of growing up to do before I set a place for it at my table.
Is that too Americentric a viewpoint for you? Kiss my Big-Mac enhanced ass.
How is it the responsibility of the Federal Government to keep you spam free?
Spammers have a right to say whatever they want... They do not have the right to ensure that you listen. To that end:
Install Postfix, subscribe to a RBL, and get on with your life.
The last thing we need these days are more regulations.
My point is that we, as a nation (and the same can be said of the rest of the world), are far better served by avoiding these dense pockets of population, or industry.
Sam Kinison once told a joke about starving Ethiopians... His solution to their plight was for them to "Go Where The Food Is!"
We, both people and corporations, should "Go Where The Space Is."
(And to answer your question, yes, I have been to Silicon Valley, and having once been a bay Area resident (I can spell BART), I know full well that San Francisco is not part of it.)
I take that back. My intent is to nitpick.
RFC 1918 sets aside:
- 10.x.x.x (Class A)
- 172.16-32.x.x (Class B)
- 192.168.x.x (Class C)
as "private address space."The best way to reduce the threat to any given location is to dilute the target's attractiveness to would-be terrorists.
If businesses would stop perpetuating the myth that their legitimacy in the marketplace is dependany upon their maintaining a corporate presence [in|on] [Silicon Valley|Madison Avenue|the Technology Corridor|Wall Street], these locations would be less attractive to terrorist organizations.
Aside from the "security" mindset that has resulted from 9/11/01, it simply makes good business sense for corporations to move, or at least expand into, less populated, less developed areas, as the article points out. (How this "data" could be interpreted as anything other than "obvious," I'll never understand.)
Gateway figured it out quite a while ago... In this interconnected age of unrestricted communication, corporate web-prescence, on-line ordering, and overnight shipping, does it matter in the slightest where you happen to be in the meat-space? Hell no. It all looks the same through a web browser.
Build your campus where the land is cheap, bring the bandwidth in, and relish the low cost of living, and the 10 minute commute.
If anything, this aritcle should be modded "redundant."
Mod this up...
You should already have a Dual-tuner PVR... The Hughes DirecTivo units are given away for free with a number of promotional deals, and cost around $100.00 even in commercial outlets.
Are you saying that ICMP, or UDP, traffic is unable to utilize this tunnel?
That is certainly not correct. Just as PPP carries all of your IP traffic (any protocol) between your home and your ISP, a PPP over SSH tunnel will also carry whatever you need it to.
You, as a Canadian citizen, believe that your rights exist because your government codified them. They were given you by Charter.
I, as a United States citizen, believe that my rights exist in nature, as a self-evident function of the human condition. The "Bill of Rights," the first 10 Amendments to our Consitution, simply list a number of rights which will be rigidly observed by the Federal government, and goes on to say that this brief list does not articulate all of our rights, and that the remainder are reserved for the States, and/or the People themselves.
If you concede that your rights have been extended to you by your government, then you must also concede that they may be revoked by that same government. If your government happens to function as some form of democracy, you are still not safe. Your perfectly legal "chartered" activity can be made illegal come the next election. (i.e. People named "Steve" can no longer own property... All of us non-Steves have agreed to it!)
A perfect example, particularly for Canada, would be free speech. Go ahead and write an editorial for your local newspaper, saying something "hateful" about people of a certain race, religion, sexual preference, or some other ridiculously defined protected class. Your right to free speech is a sham... You cannot express what you really believe, or even play devil's advocate, because it might hurt someone's feelings.
Is it your belief that there are no such thing as fundamental, inherent human rights? (Are you allowed to answer that question?)
If you feel that "everyone should have free speech, and the right to live an otherwise free life," but you don't feel at all superior to people or nations which are inherently against such freedoms, then praytell, what are the depths of your convictions?
If you, as a westerner, cannot look at a government like the one that recently controlled Afghanistan (used as an example only because of people's now universal awareness), their policies toward women, their xenophobia, their scorn for other religions and human history (the destruction of the Budda statues), and not feel any sense of superiority, then you do a tremendous disservice to your forebears, and all of the hard fought progress humankind has made throughout the ages.
That would be like watching the police drag some wife-beater out of a trailer on "Cops," and not feeling like you were looking at a scumbag. According to you, "who am I to judge this wife-beater? His values have equal weight with my own."
Get off the fence.
The ability to reason is Man's principle tool of survival. We cannot fly... We haven't sharp teeth or claws... We are not particularly fast...
It is infuriating to me when a person questions his own right to question, and denies himself the use of the one tool that we, as a species, have at our disposal.
(Of course, this thread now has some 600ish posts, and few people will even take the time to load it.)
If a man shouts from a Soap-box, but nobody is around to hear it, do his feet still end up clean?
You are wrong.
If a society does not allow a person to exercise their right of conscience, to articulate a belief or a point of view that runs contrary to sanctioned doctrine, or to engage in self-determination, then that society is wrong, and no amount of double-thinking left-leaning uber-tolerance changes that fact.
Nobody is talking about forcing Chinese citizens to abandon their long-held culture, or turn them into good little capitalist consumers like the rest of us. If they choose to live in impoverished little communes, renouncing all forms of material wealth, so be it.
What we are talking about is giving them a choice.
Is a Chinese person less entitled to pornography than you? Are they less entitled to worship the God of their choosing? How about deciding for themselves if they can or can't support several children, more than one of which might be female? (Perish the thought...)
In short, get out of the classroom, get a goddamn job, and take a fucking stand for something, even if it is only here on Slashdot.
You forgot "no shut", unless the internet0 interface is a loopback...
And what's with that Host mask? You're going to take up global routing table space for a single host?
Good luck getting your upstream BGP peers to accept a /32 prefix...
Please describe your views on economics to the greatest extent possible, and the influences that helped you to form these views.
I would particularly like to know what you think regarding monopolies, artificially created and sustained, or naturally occurring, and how you believe consumers (and the marketplace) are affected by them, and under what circumstances consumers may benefit, or be harmed, by them.
I have to do a double-take myself. I much prefer the old comment numbering too...