The current prices are not prohibitive by any means, at least for the Australian store.
I recently priced a 12" 1Ghz powerbook model:
$AUD 2999 for the base system: - 1Ghz G4 processor - 256MB RAM - 30GB HDD - 32MB video card - Airport (wireless) ready - Bluetooth - Firewire 400
Now, about a month later: $AUD 2600 12" 1.33Ghz powerbook: -- price drop $400 - 1.33Ghz G4 processory -- increased - 256MB system memory - 60GB HDD -- doubled - 64MB video card -- doubled - Airport built-in -- added by default - Bluetooth
All this for $AUD 400 cheaper!!!
I ended up getting my powerbook off ebay (12" 1Ghz, 512MB RAM, Airport, Applecare warranty) for $AUD 2800. Can you imagine how shirty I am right now?
Interestingly enough, a local Mac magazine recently compared US prices for a 15" powerbook (previous model) to the local price. Due to the markup that Apple had centrally decided upon at Cupertino, it was cheaper for an Australian to book a return ticket to Hawaii, spend a few nights there, drop into the local Apple store and purchase the powerbook, and still come back with money to spare - than to purchase the same model locally!
So for all I know, Apple may have simply made their markups or prices a little more realistic for us non-US folks.
Anyone know if you can "trade-up" your old powerbooks? I'd sorely like to get a new one now, only had this for 3 weeks!
I had a workmate come up today and start explaining what his issues were with Linux. This guy is a network engineer, who recognises the usefulness of having a free unix system to use on his spare pc's.
His beef was that he had installed Mandrake 9.2 on his system, and went to setup NTP. NTP was not installed. So he started looking for an RPM (he knew what they were!) for NTP for Mandrake. He said that he found one (probably from rpmsearch), but that when he downloaded it - it had additional dependencies that he couldn't find.
Now if it was me, I would've first tried rpmdrake (the distribution's own package management tool), and failing that, built it from source. But this guy was looking at Linux like a tool to be used. He wanted to do something simple (setup NTP), and the software wasn't installed. He found the software package for NTP online. This however required additional packages that were not immediately available. In the end he threw up his hands in disgust and stopped working on his new Linux box.
I ended up showing him a freebsd box I had here, and the ports mechanism for software installation. I then also discussed apt and the problem of too many ways of managing software installations, and none (that he could find) that accomplished the job for him.
So I'm going to bring in a copy of Mandrake 10 community edition for him to try out. In the meantime, I'm waiting for him to wander over one day and say "gosh Linux is great, I installed it and setup NTP in a few button clicks..."
I agree with the post above. My mum has recently started work as a regional manager of a company based in the US, working from a home office. How does she access her corporate email? Via MS remote desktop.
Due to stupid ISP issues, to get her up and running quickly, we had to get her a pre-paid dialup account. I was seriously worried about whether or not she'd be able to do any work, based on my own experiences running X tunneled over SSH from my work system to my home boxes (and VNC across local networks).
However, I was pleasantly suprised - despite being only on a 33.6k connection, she is able to do all of her correspondence, through outlook, over RDP to a server in the US. Looking back at the latency issues in running X across local networks and over the internet, the Xwindows protocol needs some serious work to be even close to accomplishing the same smoothness.
And all this is coming from a hardened Unix geek like myself.:-P
This is the time-old argument of gun's dont kill people, people kill people. Except, it is now being applied against electronic "tools". Another saying comes to mind "if you outlaw xyz, then only outlaws will have xyz".
A decade ago, black-hat hackers and security administrators did not have the same access to information and tools that we have today. Crackers are no longer working in the dark, reverse engineering operating systems and applications/services from scratch. Operating system source code is readily available for both the open-source systems (Linux/BSD), along with most of the commercial variants (HP/Solaris/etc) in the black-hat community. With access to this information, they're able to literally scan the code for bad programming practice (grep sprintf) to quickly identify vulnerabilities.
This open-source transparency has been both a blessing and a curse for the open OS's - in that vulnerabilities can quickly be found by an enterprising auditor, but likewise can be quickly closed by any decent programmer. This is not the case however with the closed platforms, because the source is not available.
Likewise with penetration tools. When a vulnerability comes out, such as the infamous PHF bug, a cracker can within a few minutes put together a crude scanner to identify these systems for exploitation. Likewise a security administrator can and needs to use a similar tool to audit his network for any sign of the vulnerability.
However, there should be some industry self-policing going on regarding the public release of certain tools. For example, if a vulnerability emerges and you want to scan and actively "test" whether you are vulnerable (instead of soley checking a service banner - you try to exploit the vulnerability), the test does not need to grant you uid 0. Instead, you can release a binary tool which simply created a root-owned file on the server, in / , called "YOU_ARE_VULN_TO_X". Both tools will confirm whether or not you are vulnerable - but one is significantly less vulnerable to abuse (by the average script kiddy) than the other.
However, in the long run, the security industry is a very profitable one, and one way to get a head start is to be prolific and vocal in releasing high-quality exploits (and hoping to get noticed by a security company). This is as much about ego as it is about getting a cool job, and while that attraction is there, you're going to keep seeing security tools with no restrictions emerge.
Tcpdump for quickly checking whether data is getting through and what ports its using. For any application-level analysis of the packet, save a capture and copy it back to my desktop for analysis with Ethereal.
Unfortunately there's no really effective mechanisms for monitoring multiple sites at a time from one location without opening additional windows.
You don't need to actually do a login and start up tcpdump process manually. You can do something like this:
$ ssh -l user host/usr/sbin/tcpdump -ni blah
from the command-line. Saves a bit of time. You can even script it.:-)
I ended up dropping out of university and moving into the computer security industry full time, and haven't looked back since. Off and on, I've had to write some code for a work-related project, but not that often (usually use commerical security solutions).
I suspect some of these security guys who have been around a long time, whether they know it or not - develop an ivory tower complex. Nobody knows how to do anything better than they can, because they've seen it all - or you have to prove yourself by being an honours student or something.
Bah! I say... I'm making more money than you smelly students anyway!;-)
Well as we've seen, the Firefox/Firebird/whatever-it-is-this-month project has no qualms about regular name changes. These guys should go ahead and change it too!;)
If you read above, I was complaining about the lack of a windows port for FW Builder (see link above), because this would encourage more enterprises to consider an openbsd pf/carp solution.
When I speak to my colleagues about open source programs, their first questions are on - how easy is it to manage, and how easy is it to deploy. For something that requires configuration changes multiple times a day on multiple servers, responding that "you manage it from the command line" is not a valid option.
This is why I felt I had scored a major coup in getting internal support for deploying snort in our environment - because distributed management could be handled by IDS Policy Manager (free), and viewing/analysing alerts could be handled through ACID. Both functions (management and analysis of events) could have been done at the command-line, but the ability to do them via a centralised application and a web server meant that less time would be spent performing routine tasks - and secured management (boss) support.
Just tried installing Gentoo 2004.0 for sparc64 onto a Netra T1 yesterday. Unfortunately, someone seems to have forgotten that some systems are designed without a keyboard/monitor, and is hanging on INIT respawning tty's too fast.
I've also got a bunch of ISO's here at present for BSD (Net/Open/Free) on sparc64, so my next thought is to try out FreeBSD. This article therefore is a welcome and timely suprise.;)
I'm very aware that I could put together my own 'deployment' script with a combination of ssh/scp and rsync.
If you need a GUI and FW admin is your day job, I have to wonder why you're bothering with FW admin.
I do not need a GUI. My colleagues do not need one either (we previously used PIX... shudder). But when you start dealing with a large number of firewalls (we have over 25 deployed), and not simply firewall rules, but NAT, PAT, authentication and VPN's - having a GUI frontend that ties all that information up together and provides it in an easy to manage way, is a lot better than grepping and trawling through long configuration files to make additions or changes.
Yes any capable firewall admin should be able to implement rules once they read documentation for ipfilter/iptables/pf/ipfw/etc - but they shouldn't necessarily have to. The people I work with aren't stupid, they just don't want to have to work at the command-line across multiple systems to implement a single rule.
...and this looks really attractive to me. Our environment comprises of Nokia IPSO-based firewalls running Checkpoint, so I'm very familiar with VRRP.
However, as excellent as this looks, I can only shudder in horror at the thought of migrating any of our existing rulesets across to openbsd/pf, let alone distributed management of policies across several 'clusters' of firewalls we have.
Yes my friends. I'm asking for a GUI. FW Builder is a good start, but it still needs work (porting to Windows would be a good start). Migration tools from Checkpoint (or other commercial firewalls) would be another good addition.
PS, I ask for Windows support not for my sake, but so that my co-workers would be able to use it. However, this criticism is levelled at FW Builder.
OpenBSD/pf/CARP has provided a brilliant technical starting block, but it needs these additional tools to make inroads into enterprise organisations.
The slashdot crowd roots for the 'underdog', in this case it's Apple vs Microsoft (and others who try to clone the iPod interface).
We bitch and moan about Microsoft because of the behemoth it is. Apple has 'slashdot-cred' because they produce cool stuff (OS X, iPods, powerbooks... drool).
I have an Ultra5 here at home that I test things out with from time to time. At one stage I envisionged being able to use it as a server running Open/Net/FreeBSD.
NetBSD (1.6.1) had the crashing issues with installer, and once I finally got it installed I too had issues with packages compiling.
So I decided to skip instead ot OpenBSD 3.4. Got that installed, only to discover that the applications it supports in its ports tree is smaller and not up to date.
I then looked into FreeBSD. Now I have an external monitor I use with my Ultra5, and both recently (5.2) and a while back (5.1 or 5.0) I simply couldn't navigate past the initial boot screen to complete the install. The problem with FreeBSD on sparc is that it retains its curses-based install GUI, which renders in some horrible way (term is fucked up) when using a monitor. There are 4 options you can try when using installing, and none of them worked to give me a readable screen. To date I haven't tried installing via console, which could be the key.
Either way, OpenBSD has proved to be the easiest and most stable for installing on Ultrasparc to date, so that's what I'm recommending at present to people at work (have it on a few Ultra 5's and E220's).
This is a good idea, and both Windows and to a lesser extent OS X have it already.
However, the issue in implementing it on Linux distributions is the diverse nature of package management: 1) RPM (RedHat, Mandrake) 2) Deb (Debian, erm... not sure who else uses this) 3) Portage (Gentoo) 4) tar.gz (Slackware?) 5) ports (FreeBSD and OpenBSD's differs) 6) pkgsrc (NetBSD's offering)
Linux vendors need to come together and define a future-proof, reliable, standardised method of package management that at MINIMUM can support the same features that Windows XP/2000 has today.
Similarly the lower-level developers of application libraries (glibc, openssl, gtk, qt, etc) need to ensure that they provide backwards compatibility in new versions of their software. This will of course lead to bloat (the downside) as newer libraries have to retain support for older applications.
Finally, kernel developers need to provide standardised, backwards compatible interfaces for device drivers and so forth, so that the commercial, closed binary for video driver 'x' will still run on kernel 2.8.9 in two years time.
This all requires a radical rethink in how software is designed in Linux (and other open source) distributions. Think back to commercial applications released a year or more back (Soldier of Fortune demo for Linux for example). Would they run on a newly released distribution or not?
My day job is managing firewalls, specifically Checkpoint FW-1 NG on IPSO. Here's my impressions:
Upgrade cycle: Too short. We've taken a year to migrate all our firewalls to FP3/Provider-1 from a combination of 4.1 and FP1/FP2. Now we are being pushed to move to AI. Checkpoints firewall rule migration "tools" to move to Provider-1 were self-admittedly broken, and we ended up hiring a temp to do the mind-numbing job of copying and pasting hundreds of objects and nat rules across!
The GUI (smartdashboard/smartviewer): Needs a redesign. A common request for me is, "please tell me what hosts are in the group 'x' ". So, in order to complete such a request, I have to open up the group to see what "node objects" are members of the group, then I have to manually look-up each of the nodes to identify their IP. There is no way to drill down any deeper.
Another issue is the lack of being able to copy/paste a rule across to a policy editor for another management station/CMA. At present you can skip this if you have Provider-1 installed (put the rule into a global rule - or define the hosts/groups/services globally to speed things up).
The log viewer also has a MAJOR MAJOR issue, which is that it doesn't have the ability to display/log the three-way handshake for TCP connections. So for example, someone has a connectivity issue, we look into the firewall and see that the connection has been "accepted". All this shows is that the initial SYN packet was received on one of the firewall interfaces, checked against the ruleset, and allowed. But the problem still exists. We have no idea whether the remote host responded, whether we routed out the wrong interface, or whether the syn-ack response got lost somewhere. So we always have to check to see 1) is it hitting a rule and being allowed, 2) log onto the master firewall (we use VRRP), and perform a tcpdump on the appropriate interfaces. Multiple steps for something which should be being answered by the log viewer!
Licensing: The amount of manhours dealing with licensing for checkpoint firewalls is a bloody pain in the arse. Who wants to spend 2 hours trying to figure out why a license "expires" for no known reason, and trying to navigate through both Provider-1's obtuse license manager and checkpoints online site to find something valid just to get a firewall up and running again. GRRRRR.
I agree checkpoint is a useful tool for an enterprise network security framework, but sometimes it causes much more headaches than it is worth. If you're investigating implementing a new firewall infrastructure, explore multiple vendors and don't be overwhelmed by the marketing...
I'm in my early twenties, and have been working full time almost 5 years. The irony of the situation is that today, I can purchase a top of the line PC and a few games each week - but the time availability and interest isn't the same.
I am a hardcore gamer who spends > 40 hours per week on games. Ranging from Dark Age of Camelot (an MMORPG), Call of Duty, America's Army and C&C Generals, depending on what mood I'm in. On top of this I try to get some programming in as well.
Today I have less time to invest 'dedicated' to one particular game, which is frustrating because you develop friends in the online gaming community that you lose when you move on. To me its saddening, and I'm clawing on to keep at the level I used to be at, but it isn't working.:(
Oh well, time to find a girlfriend, get married, and put the money spent on computers and games into a home deposit!
I work in Chatswood, a CBD area north of Sydney. Due to Chatswood being a major business/community "hub" (major train and bus terminals), we have large numbers of schoolchildren passing through each day, and a lot of office workers passing through at lunchtime.
There are around four to five inet cafe's I'm aware of, predominantly run by Koreans. There is a large population of asians in the area too, which contributes to the various cafe's success.
Most of them are strictly gaming-oriented, and are successful due to large numbers of teenage males playing games in the afternoons after school. This means that they can play with their 'clanmates', games such as CS, Warcraft 3 and Diablo 2. I usually go there at lunchtime occassionally to tune out playing a game of C&C Generals.
As to the locking down/etc, I think these days most cafe's would make a killing selling the cheapest keyring USB drives they could. The gimmick factor would probably make them an attractive purchase.
This won't be able to work with publically accessable services. Internal->Internal or alternatively, remote administration requests, this can work.
Oh, and there's no way this is going to work with closed source environments..
Unless, you were able to implement in windows for example (definitely feasible on open source systems), an IP stack wrapper (or shim? not sure what they call it) that intercepts outgoing requests, looks to see whether they are headed to a known 'knock-required' box, prompt or automatically generate the appropriate knock, and pass through the initial request.
It'd be an interesting project. But as others have posted, it's an administrators worst nightmare. Implement this on your home network, and maybe a baby test environment at the office. This isn't going to be nice to troubleshoot when it fails.
It's not just statute of limitations, but rather where they exist and if they exist.
In my younger days I did some mischief along those lines, but considering the number of countries that I traversed in my electronic travels, I'd be a little concerned if any of them raised any flags.
Especially since some of them that "old" folks like me used to traverse have less than pleasant human rights records.
at home on a DVD legally purchased in a retail store today. Amusingly enough, the film has only recently started showing at cinema's here in Australia...
Slashdot Mirror
The current prices are not prohibitive by any means, at least for the Australian store.
I recently priced a 12" 1Ghz powerbook model:
$AUD 2999 for the base system:
- 1Ghz G4 processor
- 256MB RAM
- 30GB HDD
- 32MB video card
- Airport (wireless) ready
- Bluetooth
- Firewire 400
Now, about a month later:
$AUD 2600 12" 1.33Ghz powerbook: -- price drop $400
- 1.33Ghz G4 processory -- increased
- 256MB system memory
- 60GB HDD -- doubled
- 64MB video card -- doubled
- Airport built-in -- added by default
- Bluetooth
All this for $AUD 400 cheaper!!!
I ended up getting my powerbook off ebay (12" 1Ghz, 512MB RAM, Airport, Applecare warranty) for $AUD 2800. Can you imagine how shirty I am right now?
Interestingly enough, a local Mac magazine recently compared US prices for a 15" powerbook (previous model) to the local price. Due to the markup that Apple had centrally decided upon at Cupertino, it was cheaper for an Australian to book a return ticket to Hawaii, spend a few nights there, drop into the local Apple store and purchase the powerbook, and still come back with money to spare - than to purchase the same model locally!
So for all I know, Apple may have simply made their markups or prices a little more realistic for us non-US folks.
Anyone know if you can "trade-up" your old powerbooks? I'd sorely like to get a new one now, only had this for 3 weeks!
I had a workmate come up today and start explaining what his issues were with Linux. This guy is a network engineer, who recognises the usefulness of having a free unix system to use on his spare pc's.
His beef was that he had installed Mandrake 9.2 on his system, and went to setup NTP. NTP was not installed. So he started looking for an RPM (he knew what they were!) for NTP for Mandrake. He said that he found one (probably from rpmsearch), but that when he downloaded it - it had additional dependencies that he couldn't find.
Now if it was me, I would've first tried rpmdrake (the distribution's own package management tool), and failing that, built it from source. But this guy was looking at Linux like a tool to be used. He wanted to do something simple (setup NTP), and the software wasn't installed. He found the software package for NTP online. This however required additional packages that were not immediately available. In the end he threw up his hands in disgust and stopped working on his new Linux box.
I ended up showing him a freebsd box I had here, and the ports mechanism for software installation. I then also discussed apt and the problem of too many ways of managing software installations, and none (that he could find) that accomplished the job for him.
So I'm going to bring in a copy of Mandrake 10 community edition for him to try out. In the meantime, I'm waiting for him to wander over one day and say "gosh Linux is great, I installed it and setup NTP in a few button clicks..."
I agree with the post above. My mum has recently started work as a regional manager of a company based in the US, working from a home office. How does she access her corporate email? Via MS remote desktop.
:-P
Due to stupid ISP issues, to get her up and running quickly, we had to get her a pre-paid dialup account. I was seriously worried about whether or not she'd be able to do any work, based on my own experiences running X tunneled over SSH from my work system to my home boxes (and VNC across local networks).
However, I was pleasantly suprised - despite being only on a 33.6k connection, she is able to do all of her correspondence, through outlook, over RDP to a server in the US. Looking back at the latency issues in running X across local networks and over the internet, the Xwindows protocol needs some serious work to be even close to accomplishing the same smoothness.
And all this is coming from a hardened Unix geek like myself.
Some sleepy thoughts before I crash...
This is the time-old argument of gun's dont kill people, people kill people. Except, it is now being applied against electronic "tools". Another saying comes to mind "if you outlaw xyz, then only outlaws will have xyz".
A decade ago, black-hat hackers and security administrators did not have the same access to information and tools that we have today. Crackers are no longer working in the dark, reverse engineering operating systems and applications/services from scratch. Operating system source code is readily available for both the open-source systems (Linux/BSD), along with most of the commercial variants (HP/Solaris/etc) in the black-hat community. With access to this information, they're able to literally scan the code for bad programming practice (grep sprintf) to quickly identify vulnerabilities.
This open-source transparency has been both a blessing and a curse for the open OS's - in that vulnerabilities can quickly be found by an enterprising auditor, but likewise can be quickly closed by any decent programmer. This is not the case however with the closed platforms, because the source is not available.
Likewise with penetration tools. When a vulnerability comes out, such as the infamous PHF bug, a cracker can within a few minutes put together a crude scanner to identify these systems for exploitation. Likewise a security administrator can and needs to use a similar tool to audit his network for any sign of the vulnerability.
However, there should be some industry self-policing going on regarding the public release of certain tools. For example, if a vulnerability emerges and you want to scan and actively "test" whether you are vulnerable (instead of soley checking a service banner - you try to exploit the vulnerability), the test does not need to grant you uid 0. Instead, you can release a binary tool which simply created a root-owned file on the server, in / , called "YOU_ARE_VULN_TO_X". Both tools will confirm whether or not you are vulnerable - but one is significantly less vulnerable to abuse (by the average script kiddy) than the other.
However, in the long run, the security industry is a very profitable one, and one way to get a head start is to be prolific and vocal in releasing high-quality exploits (and hoping to get noticed by a security company). This is as much about ego as it is about getting a cool job, and while that attraction is there, you're going to keep seeing security tools with no restrictions emerge.
Tcpdump for quickly checking whether data is getting through and what ports its using. For any application-level analysis of the packet, save a capture and copy it back to my desktop for analysis with Ethereal.
/usr/sbin/tcpdump -ni blah
:-)
Unfortunately there's no really effective mechanisms for monitoring multiple sites at a time from one location without opening additional windows.
You don't need to actually do a login and start up tcpdump process manually. You can do something like this:
$ ssh -l user host
from the command-line. Saves a bit of time. You can even script it.
I ended up dropping out of university and moving into the computer security industry full time, and haven't looked back since. Off and on, I've had to write some code for a work-related project, but not that often (usually use commerical security solutions).
I suspect some of these security guys who have been around a long time, whether they know it or not - develop an ivory tower complex. Nobody knows how to do anything better than they can, because they've seen it all - or you have to prove yourself by being an honours student or something.
Bah! I say... I'm making more money than you smelly students anyway! ;-)
We need a 'scary' mod option for posts like above!
Cool, so my country (Australia) who sent troops to Iraq - now has its citizens treated the same way suspects are when brought into a police station.
I just can't wait to plan my next holiday to Disneyland!
Well as we've seen, the Firefox/Firebird/whatever-it-is-this-month project has no qualms about regular name changes. These guys should go ahead and change it too! ;)
When I speak to my colleagues about open source programs, their first questions are on - how easy is it to manage, and how easy is it to deploy. For something that requires configuration changes multiple times a day on multiple servers, responding that "you manage it from the command line" is not a valid option.
This is why I felt I had scored a major coup in getting internal support for deploying snort in our environment - because distributed management could be handled by IDS Policy Manager (free), and viewing/analysing alerts could be handled through ACID. Both functions (management and analysis of events) could have been done at the command-line, but the ability to do them via a centralised application and a web server meant that less time would be spent performing routine tasks - and secured management (boss) support.
Booting Gentoo 2004.0 off CD, not netboot. Can't be fooked setting up a netboot server for a test box. I'll try FBSD 5.2.1 on it instead. ;)
Just tried installing Gentoo 2004.0 for sparc64 onto a Netra T1 yesterday. Unfortunately, someone seems to have forgotten that some systems are designed without a keyboard/monitor, and is hanging on INIT respawning tty's too fast.
;)
I've also got a bunch of ISO's here at present for BSD (Net/Open/Free) on sparc64, so my next thought is to try out FreeBSD. This article therefore is a welcome and timely suprise.
If you need a GUI and FW admin is your day job, I have to wonder why you're bothering with FW admin.
I do not need a GUI. My colleagues do not need one either (we previously used PIX... shudder). But when you start dealing with a large number of firewalls (we have over 25 deployed), and not simply firewall rules, but NAT, PAT, authentication and VPN's - having a GUI frontend that ties all that information up together and provides it in an easy to manage way, is a lot better than grepping and trawling through long configuration files to make additions or changes.
Yes any capable firewall admin should be able to implement rules once they read documentation for ipfilter/iptables/pf/ipfw/etc - but they shouldn't necessarily have to. The people I work with aren't stupid, they just don't want to have to work at the command-line across multiple systems to implement a single rule.
However, as excellent as this looks, I can only shudder in horror at the thought of migrating any of our existing rulesets across to openbsd/pf, let alone distributed management of policies across several 'clusters' of firewalls we have.
Yes my friends. I'm asking for a GUI. FW Builder is a good start, but it still needs work (porting to Windows would be a good start). Migration tools from Checkpoint (or other commercial firewalls) would be another good addition.
PS, I ask for Windows support not for my sake, but so that my co-workers would be able to use it. However, this criticism is levelled at FW Builder.
OpenBSD/pf/CARP has provided a brilliant technical starting block, but it needs these additional tools to make inroads into enterprise organisations.
The slashdot crowd roots for the 'underdog', in this case it's Apple vs Microsoft (and others who try to clone the iPod interface).
;)
We bitch and moan about Microsoft because of the behemoth it is. Apple has 'slashdot-cred' because they produce cool stuff (OS X, iPods, powerbooks... drool).
You must be new here... (obligatory!)
I have an Ultra5 here at home that I test things out with from time to time. At one stage I envisionged being able to use it as a server running Open/Net/FreeBSD.
NetBSD (1.6.1) had the crashing issues with installer, and once I finally got it installed I too had issues with packages compiling.
So I decided to skip instead ot OpenBSD 3.4. Got that installed, only to discover that the applications it supports in its ports tree is smaller and not up to date.
I then looked into FreeBSD. Now I have an external monitor I use with my Ultra5, and both recently (5.2) and a while back (5.1 or 5.0) I simply couldn't navigate past the initial boot screen to complete the install. The problem with FreeBSD on sparc is that it retains its curses-based install GUI, which renders in some horrible way (term is fucked up) when using a monitor. There are 4 options you can try when using installing, and none of them worked to give me a readable screen. To date I haven't tried installing via console, which could be the key.
Either way, OpenBSD has proved to be the easiest and most stable for installing on Ultrasparc to date, so that's what I'm recommending at present to people at work (have it on a few Ultra 5's and E220's).
This is a good idea, and both Windows and to a lesser extent OS X have it already.
However, the issue in implementing it on Linux distributions is the diverse nature of package management:
1) RPM (RedHat, Mandrake)
2) Deb (Debian, erm... not sure who else uses this)
3) Portage (Gentoo)
4) tar.gz (Slackware?)
5) ports (FreeBSD and OpenBSD's differs)
6) pkgsrc (NetBSD's offering)
Linux vendors need to come together and define a future-proof, reliable, standardised method of package management that at MINIMUM can support the same features that Windows XP/2000 has today.
Similarly the lower-level developers of application libraries (glibc, openssl, gtk, qt, etc) need to ensure that they provide backwards compatibility in new versions of their software. This will of course lead to bloat (the downside) as newer libraries have to retain support for older applications.
Finally, kernel developers need to provide standardised, backwards compatible interfaces for device drivers and so forth, so that the commercial, closed binary for video driver 'x' will still run on kernel 2.8.9 in two years time.
This all requires a radical rethink in how software is designed in Linux (and other open source) distributions. Think back to commercial applications released a year or more back (Soldier of Fortune demo for Linux for example). Would they run on a newly released distribution or not?
Another issue is the lack of being able to copy/paste a rule across to a policy editor for another management station/CMA. At present you can skip this if you have Provider-1 installed (put the rule into a global rule - or define the hosts/groups/services globally to speed things up).
The log viewer also has a MAJOR MAJOR issue, which is that it doesn't have the ability to display/log the three-way handshake for TCP connections. So for example, someone has a connectivity issue, we look into the firewall and see that the connection has been "accepted". All this shows is that the initial SYN packet was received on one of the firewall interfaces, checked against the ruleset, and allowed. But the problem still exists. We have no idea whether the remote host responded, whether we routed out the wrong interface, or whether the syn-ack response got lost somewhere. So we always have to check to see 1) is it hitting a rule and being allowed, 2) log onto the master firewall (we use VRRP), and perform a tcpdump on the appropriate interfaces. Multiple steps for something which should be being answered by the log viewer!
I agree checkpoint is a useful tool for an enterprise network security framework, but sometimes it causes much more headaches than it is worth. If you're investigating implementing a new firewall infrastructure, explore multiple vendors and don't be overwhelmed by the marketing...
I am a hardcore gamer who spends > 40 hours per week on games. Ranging from Dark Age of Camelot (an MMORPG), Call of Duty, America's Army and C&C Generals, depending on what mood I'm in. On top of this I try to get some programming in as well.
Today I have less time to invest 'dedicated' to one particular game, which is frustrating because you develop friends in the online gaming community that you lose when you move on. To me its saddening, and I'm clawing on to keep at the level I used to be at, but it isn't working. :(
Oh well, time to find a girlfriend, get married, and put the money spent on computers and games into a home deposit!
I just can't 'get' why you guys put up with the automated phone messages from candidates..
I work in Chatswood, a CBD area north of Sydney. Due to Chatswood being a major business/community "hub" (major train and bus terminals), we have large numbers of schoolchildren passing through each day, and a lot of office workers passing through at lunchtime.
There are around four to five inet cafe's I'm aware of, predominantly run by Koreans. There is a large population of asians in the area too, which contributes to the various cafe's success.
Most of them are strictly gaming-oriented, and are successful due to large numbers of teenage males playing games in the afternoons after school. This means that they can play with their 'clanmates', games such as CS, Warcraft 3 and Diablo 2. I usually go there at lunchtime occassionally to tune out playing a game of C&C Generals.
As to the locking down/etc, I think these days most cafe's would make a killing selling the cheapest keyring USB drives they could. The gimmick factor would probably make them an attractive purchase.
I read tech books all the time on the loo.
/boggle
Who doesnt?
This won't be able to work with publically accessable services. Internal->Internal or alternatively, remote administration requests, this can work.
Oh, and there's no way this is going to work with closed source environments..
Unless, you were able to implement in windows for example (definitely feasible on open source systems), an IP stack wrapper (or shim? not sure what they call it) that intercepts outgoing requests, looks to see whether they are headed to a known 'knock-required' box, prompt or automatically generate the appropriate knock, and pass through the initial request.
It'd be an interesting project. But as others have posted, it's an administrators worst nightmare. Implement this on your home network, and maybe a baby test environment at the office. This isn't going to be nice to troubleshoot when it fails.
It's not just statute of limitations, but rather where they exist and if they exist.
In my younger days I did some mischief along those lines, but considering the number of countries that I traversed in my electronic travels, I'd be a little concerned if any of them raised any flags.
Especially since some of them that "old" folks like me used to traverse have less than pleasant human rights records.
at home on a DVD legally purchased in a retail store today. Amusingly enough, the film has only recently started showing at cinema's here in Australia...