I hear that, as a way of dodging spam and other salacious web-based material, this firewall will operate from a "dark class" IP range. The IP class will "appear and disappear" under the control of some fancy router that will make the whole country appear momentarily to send/receive from the Internet, but then hide them again so that the outside world can't "see" them. Sounds weird, maybe just a bad story, but maybe some truth if you also read the story about the way spammers hide, from www.securityfocus.com.
I once sat in a room (about 1977) with 23 Enigmas set up to show off to visiting spooks and spook-wannabees in Ottawa, Canada. They were of various models and capabilities, but MANY were 4-wheel models! Some worked, but some looked in poor repair. All had their wheels and spares - some with paper tapes and (German) operating manuals!
Apparently most came off of captured WW2 submarines that were towed into Halifax harbour and disassembled for intelligence info. Canada kept the Enigmas but didn't bother to tell anyone. (They ended up at CSE in Ottawa.)
This always seems to be a black or white issue - either nuclear is wrong and bad, or nuclear is great and everyone else is wrong.
But I take exception to the "nuclear is better than all the pollution-producing, inefficient coal and natural gas plants" view.
Since when does the radioactive waste from nuclear power suddenly become inert, non-polluting residue? Last I heard, that crap will be with us for about 200,000 years before it decays into something less harmful!
You had broken glass? We had to sleep on bits of splintered wood and pretend that it was broken glass. And our Mom would shout at us all night long to keep us awake so the rats wouldn't eat us alive...
When you visit the local voice/data satellite uplink that the carriers have here in Bermuda, you will see a lot of old buildings out back, no longer in use [we hope!]. There are caves and tunnels leading down under the ocean where the NSA's cables were pulled up, routed to the local US air base and encrypted with rooms of god-awful big machines. (The old computer room even hads the remains of wall-mounted gun racks!)
When the US closed their bases in Bermuda, they pulled out all the interesting stuff, but lots of "infrastructure", including TEMPEST vaults and old computer rooms, nuclear decontamination showers, etc. remain...
Never attack the site. Never badmouth the winner when you are the loser. Never "demonstrate" the lame security and security breaches to them, because they will know that you had to have tried it already (thus possibly breaking local or federal laws).
Better you send it a trusted third party, like the people you currently use to do your company's external audit. Tell them to approach the client on your behalf. They will know who to talk to at the appropriate management level in the food chain, and let them know what a lame choice they made for developers. The lost client can then be gently redirected to look back in your direction after the twerp who hired the dummies is called to account for their bad decision. The external consultant is then doing their job as "the messenger delivering the bad news", and you are seen as the company who can solve their BIG problem and do it properly, as it should have been done in the first place.
It should all look like a properly managed business decision, not a techno-shoot-out between rivals. Hope this helps...
Persinger's (now patented) "God Helmet" referred to in the NS story also, when the electromagnets are fired in a decelerating sequence around the head, gives the wearer the sensation that time is slowing down quite drastically. Apparently the brain "refreshes" consciousness every 10 milliseconds by sweeping a pulse of electricity over the brain. When you tinker with this, your consciousness seems to slow down, then collapse!
Persinger is one of the more interesting researchers and has a _LOT_ of books and papers published to support his theories. Worth checking out...
I hope that by 2003, all the.com bombs, M$ court rulings, and continuing network security debacles will refresh our short memories on why we should just get out of this ratrace and get a real job growing food, healing the sick and treading lightly on the planet. *sigh* I'm sick of it all...
I've been told by a Bell Canada manager in their ISP division (promoting xDSL services) that the break even payback on DSL doesn't happen for 7 years. Plant upgrades and help support services are very costly. So, unless you're in it for the really long haul, the chances of making money fast are very small.
Not that our Un*x boxen are inherently any better. We just seem to "care" more about knowing what our servers are actually doing. NT Admins are usually too busy doing everything from installing Service Pack n and cleaning the CEO's mouse to keep on top of what they were expected to be doing in the first place. Or perhaps its also a "s/he who lives by the Install Wizard dies by the Wizard" situation. It's too easy to do a "lazy install" on a Winserver.
I feel sorry for 'em, and hope this scare finally wakes up some of the CEO's who believe their IT shops will run by themselves because Bill Gates' marketeers told them a Windows server is just as service-free as their PC is. So they have one poor soul doing 5 peoples' IT jobs. *sigh*
Most of these bug-realted comments have had a "I wonder how they did it?" subtext to them. Universities don't teach engineers how to be criminals, they teach them how to use principles of physics to aid and improve our lives.
We need more curious, well-educated youth to make the next big advances in our world, and new engineers will help to make that happen.
The UBC engineers do something similar every year. I tried to find an online pic of the Beetle they hung from the Vancouver Lion's Gate Bridge about 20 years ago, but didn't see any...
Other than the stealth, logistics, and "balls of steel" this wasn't that hard - they have had many years to perfect the engineering part of the stunt on other bridges.
Hopefully it motivates some young kids to go into Engineering...
Does this mean that if I name my software product "Sssssh!" or maybe even "Sshhhh!" (as in "BE QUIET!"), that I'm going to be sued because it has the letters ssh (TM) in the name?;-))
VMware's software is just another implementation of IBM's original "VM/370" resource manager OS from the 1970's.
Back in the 1970's, we ran intelligence systems under IBM's VM/370 Virtual Machine architecture for the same resaons. Worked great security-wise, as long as you didn't then connect your mainframe to the outside world...
IBM recently demoed (Slashdotted too as I recall?) 45,000 seperate copies of Linux running in seperate virtual machines on one mainframe using their VM OS.
Hmmmmm. Letting people edit the OS using DML - that sounds like a Really Good Idea! How many people know how to "edit" an "ordinary" OS kernel like Linux without pulling the rug out from underneath themselves in the process? We used to do this on Lisp-based OS's like Smalltalk, and yes it was cool, but also dangerous if you broke the wrong pipe or shorted the wrong wire to ground...
Yes, this is correct. When I worked in Ottawa for the "Security Services" division of R.C.M.P., I was sent on a COMSEC course at the Communications Security Establishment. They had a "museum" with somewhere between 25 and 30 of them sitting in rows. Many had been pulled out of subs in WW2.
They kept them secret and locked up because, at that time, many poorer countries still used Enigmas for encrypting traffic between foreign consulates and The Mother Ship back home...
I rember an article in Popular Electronics several eon ago that used a speaker with a tiny mirror glued to the center to project light beams in sync with the music beat, a la "color organ." Perhaps something like that would work, as long as the laser didn't "miss" the mirror and cut a hole in the speaker!;-))
While I agree with the Author's comments, others like Lotus Notes also do the "strip and screw" dance on mail messages/attachments that don't come from their own system.
The moral of the story is to only use apps that have a "real" standard that they stick to.
Slashdot Mirror
Apparently most came off of captured WW2 submarines that were towed into Halifax harbour and disassembled for intelligence info. Canada kept the Enigmas but didn't bother to tell anyone. (They ended up at CSE in Ottawa.)
A lot of Linux security info is relevent to Mac OS X. Anything BSD-related will map to OS X...
But I take exception to the "nuclear is better than all the pollution-producing, inefficient coal and natural gas plants" view.
Since when does the radioactive waste from nuclear power suddenly become inert, non-polluting residue? Last I heard, that crap will be with us for about 200,000 years before it decays into something less harmful!
When the US closed their bases in Bermuda, they pulled out all the interesting stuff, but lots of "infrastructure", including TEMPEST vaults and old computer rooms, nuclear decontamination showers, etc. remain...
*sigh* I feel so depressed...
Never attack the site. Never badmouth the winner when you are the loser. Never "demonstrate" the lame security and security breaches to them, because they will know that you had to have tried it already (thus possibly breaking local or federal laws).
Better you send it a trusted third party, like the people you currently use to do your company's external audit. Tell them to approach the client on your behalf. They will know who to talk to at the appropriate management level in the food chain, and let them know what a lame choice they made for developers. The lost client can then be gently redirected to look back in your direction after the twerp who hired the dummies is called to account for their bad decision. The external consultant is then doing their job as "the messenger delivering the bad news", and you are seen as the company who can solve their BIG problem and do it properly, as it should have been done in the first place.
It should all look like a properly managed business decision, not a techno-shoot-out between rivals. Hope this helps...
Back to assembler and PICO-like editors, I say!
And, for the girlie-man programmers, let them eat FORTRAN or (object-oriented) COBOL...
Persinger is one of the more interesting researchers and has a _LOT_ of books and papers published to support his theories. Worth checking out...
Not that our Un*x boxen are inherently any better. We just seem to "care" more about knowing what our servers are actually doing. NT Admins are usually too busy doing everything from installing Service Pack n and cleaning the CEO's mouse to keep on top of what they were expected to be doing in the first place. Or perhaps its also a "s/he who lives by the Install Wizard dies by the Wizard" situation. It's too easy to do a "lazy install" on a Winserver.
I feel sorry for 'em, and hope this scare finally wakes up some of the CEO's who believe their IT shops will run by themselves because Bill Gates' marketeers told them a Windows server is just as service-free as their PC is. So they have one poor soul doing 5 peoples' IT jobs. *sigh*
Most of these bug-realted comments have had a "I wonder how they did it?" subtext to them. Universities don't teach engineers how to be criminals, they teach them how to use principles of physics to aid and improve our lives.
We need more curious, well-educated youth to make the next big advances in our world, and new engineers will help to make that happen.
Sorry my comments got your shorts in a knot.
Other than the stealth, logistics, and "balls of steel" this wasn't that hard - they have had many years to perfect the engineering part of the stunt on other bridges.
Hopefully it motivates some young kids to go into Engineering...
Does this mean that if I name my software product "Sssssh!" or maybe even "Sshhhh!" (as in "BE QUIET!"), that I'm going to be sued because it has the letters ssh (TM) in the name? ;-))
VMware's software is just another implementation of IBM's original "VM/370" resource manager OS from the 1970's. Back in the 1970's, we ran intelligence systems under IBM's VM/370 Virtual Machine architecture for the same resaons. Worked great security-wise, as long as you didn't then connect your mainframe to the outside world... IBM recently demoed (Slashdotted too as I recall?) 45,000 seperate copies of Linux running in seperate virtual machines on one mainframe using their VM OS.
I think good sex is definitely non-zero-sum, for both participants.
Hmmmmm. Letting people edit the OS using DML - that sounds like a Really Good Idea! How many people know how to "edit" an "ordinary" OS kernel like Linux without pulling the rug out from underneath themselves in the process? We used to do this on Lisp-based OS's like Smalltalk, and yes it was cool, but also dangerous if you broke the wrong pipe or shorted the wrong wire to ground...
They kept them secret and locked up because, at that time, many poorer countries still used Enigmas for encrypting traffic between foreign consulates and The Mother Ship back home...
I rember an article in Popular Electronics several eon ago that used a speaker with a tiny mirror glued to the center to project light beams in sync with the music beat, a la "color organ." Perhaps something like that would work, as long as the laser didn't "miss" the mirror and cut a hole in the speaker! ;-))
While I agree with the Author's comments, others like Lotus Notes also do the "strip and screw" dance on mail messages/attachments that don't come from their own system.
The moral of the story is to only use apps that have a "real" standard that they stick to.
-OW.