"IT managers are quite happy to accept their kickbacks from MS to have MS still deployed throughout their company"
Damn, I haven't been getting any kickbacks. Where do I sign up? How much is ~100 Windows PCs worth? If I ditch our Linux PCs will that get me more money?
Well, I never went to 3Com to get SLIP, and all the documentation I got at the time I downloaded it in the late 80s mentioned the ham radio tie-in. If no Hams ever used it because of their dislike for it, I guess that makes the documents I read lies, and me a liar for repeating them. Sorry.
No, that doesn't make you a liar. But deliberately misrepresenting my statements and turning it into a straw man false dichotomy does make you an asshole.
LOTS of things first saw the light of day on those old 8-bit machines: - windows/mouse interfaces (Apple, Atari, Commodore)
First? Doug Englebart would like a word with you. And it's generally acknowledged that Xerox PARC (yes, the copier company) pioneered the modern GUI. The Star was a commercial failure because of its price, but it was a real product, and it had all that stuff first. Steve Jobs notoriously took a tour of PARC and borrowed ideas for their own GUIs from them.
there was this software called "SLIP" that was developed by Hams around the world
Wait, what? Citation needed. AFAIK, SLIP was developed by 3Com. See RFC-1055. Whenever I have seen, heard or read of packet radio by hams, it's all based on X.25. Indeed, according to the Jargon file, hams did not originally like TCP/IP, calling it "That Crap Phil Is Pushing".
there was a separate RS-232 port as well on older iPods, but I think it's gone now
Small nitpick: To the best of my knowledge, no iPod has had a separate RS-232 port.
Unless you're talking about the interface for the remote control lump on the headphone cable. That uses a proprietary 4-pin connector next to the headphone jack. I've always assumed it was something simpler, but I suppose it could be RS-232.
The earliest iPods came with a FireWire connector (the GameBoy connector) instead of the Dock connector; maybe that's what you're thinking of. The Dock connector replaced that.
Also, FireWire support was discontinued by Apple some time ago. Newer iTunes doesn't recognize it, and newer iPod's don't have the circuitry.
But I certainly agree that the Dock connector can provide way more than just power and USB. I just wish Apple wasn't so damn proprietary about it. But then, it's Apple.
My point was that most calls are currently packet-switched. They even in fact share the fiber that carry general internet traffic, only with additional QoS enforcements.
Can you cite a source on the claim that most calls are currently packet-switched? While it's been some years since I've been up close to that part of the IT field, I don't think there's been enough time to physically change over that many phone switches, let alone the money or telco inclination.
Note that just because a call is running down the same fiber as an IP feed doesn't mean the voice is packet-switched. It is (or was) much more common to find the IP feeds existing as channels within a TDM trunk. A given stand carries a buttload of DS0 channels, any one of which might be a voice call, or might be assigned to data usage.
Note also that I'm not considering ATM packet-switched, although some do. The uniform, small size of the transmission unit, and complicated control protocols, mean it doesn't really behave like a traditional packet-switched network. (Which is, after all, the point.)
One other thing: Telephony over the public Internet has seen a huge increase in usage. Mobile telephony has seen an even huger increase, and I'm told many of those are IP-based. It could be that "most calls" are VoIP now because most calls have moved off the traditional PSTN to "new" public telephone networks. Which does count, I suppose, but I think the context of the OP was more about the traditional PSTN.
Good gods, how did *that* get modded "Informative"? (Yah, yah, pretend I'm new here.)
POTS calls, by definition, start on a line with Plain Old Telephone Service. 48 volts, analog, more or less the same thing that's been in use for roughly a century now.
Now, once you get to the CO, you're almost certainly going to go digital. That digital channel is still commonly pure TDM and circuit-switched (especially if you don't leave the exchange). You have a 64 Kbit/sec timeslice dedicated to your call all the way. Or it may go into an ATM network ("A technology that lets telephone companies turn your WAN problems into something they can tariff") and be cell-switched. Or, yes, it may go into a packet-switched IP network. Maybe even the Internet, if you're using a cheap LD carrier.
But "all"?? No. Not by a long shot.
Even if your call *does* go VoIP, you may still never leave the domain of the PSTN, where things like QoS can be enforced end-to-end. The Internet's generally a "unreliable, best effort" service. Different operators do different things, and all you can do is plug in somewhere and hope for the best. A telco deploying VoIP as a backhaul internally is a very different beast.
There's nothing mandating TCB B3 for collateral SECRET in any DOD issuance I'm familiar with. B3 was pretty hard to get; it's most definitely more than EAL4. I can't say for sure the DOD has never issued anything mandating EAL4 for SECRET, but if they have they've never flowed the requirement to the regulations I work under.
Many of the standards you list specify do not address applicability or mandate implementation. They are a framework, a mechanism -- they are not policy. The fact that something is a Federal standard doesn't mean it is a *mandatory* standard. Thee are tons of things standardized for agencies who *elect* to employ something.
Further, the DOD is largely its own beast. FIPS is for civilian Federal agencies; it and other NIST issuances generally don't have jurisdiction over DOD. FISMA (the law that gives force to things like FIPS 200) explicitly exempts DOD, NSA, and other "national security" systems. The DOD adopts a lot of that stuff anyway, but it's their option.
If there isn't a DOD Directive, Instruction, Manual, etc., that says "All DoD commands shall do XYZ", there's little to no real force behind it, as far as DOD goes.
You're not supposed to have phones in classified facilities. That, along with all removable media shall not leave the facility, is a policy.
There's no government-wide rule that says you cannot have a mobile phone in a classified facility. Such rules are often enacted, but that's at the local security plan level, not official regulation.
The rules for Sensitive Compartmented Information or Special Access Programs are stricter. In a SCI or SAP Facility, phones and personal electronic devices are prohibited by the governing regulations. Additionally, strong controls on media use, both procedural and computer-enforced, are often enacted at the local level. But SIPRNET and SCI/SAP are basically antithetical to each other, so it's kind of moot for this WikiLeaks scenario.
floppy disk drive be removed. And off the network.
I think you'll find that was a requirement for any system to be C2-certified - it was part of the spec.
Not really.
You can't certify an operating system by itself. Only a whole system -- hardware, software, configuration, *and* your plan and procedures for keeping it secure. So Microsoft never "got Windows NT" certified, because that simply isn't possible.
I suspect what Microsoft did was publish a set of guidelines to help one configure an NT box to help you meet NSA Orange Book guidelines. (MSFT publishes similar guidelines today, for newer regulations.) Microsoft advised to disconnect the floppy drive because if you can boot from floppy you can bypass the OS. Disabling things in the BIOS would also work, but back in 1995 many computers (especially IBM's) didn't have that option.
I don't know why MSFT didn't cover network security. Possibly it was just beyond the project's approved scope, possibly no one was asking (in 1995, classified PC networks were much more rare), maybe they couldn't do it, who knows?
It is true the Orange Book (which defined the divisions and classes, like C1) doesn't address networks at all. But it doesn't disallow them, per se. Again, the entire configuration has to be certified as a whole. If you want a network, then all computers on the network, and the network itself, have to be considered part of the system, and certified together. The NSA Red Book got into network security, but really didn't make things much different.
I'm given to understand that the Common Criteria (which replaced the NSA Rainbow Books) allow for more flexibility, which is how the SIPRNET exists at all. In the spaces I've played, though, they still use the "certify the network as a whole" approach. It's certainly easier to secure that way. An air gap is the best firewall.
NSA publications expressly prohibit the capability to transfer files to insecure formats.
Citation needed.
In my experience, the NSA, DoD, and friends rely much more on physical and personnel controls. A system assumes the highest classification of any information on it. A writable medium mounted on a classified system assumes the classification of the system. If you've got a security clearance, you're expected to protect such media as any other classified information. The regulations very rarely dictate anything about file formats or access control, beyond protecting the authentication and audit subsystems of the system itself.
Now, whether they *should* worry about that kind of thing is another story. Certainly, for selected programs, much stricter requirements tend to be imposed on things like removable media, and that's a good thing for data security. But those are technically imposed at the local level, not from official regulations.
Items 30 years ago were engineered to work - that's all we knew how to do. But now we know how to do something more profitable: items today are engineered as cheaply as possible to last for the length of the warranty. It'd be uncapitalistic not to, right?
Of course, given the choice between expensive quality and cheap crap, the vast majority of consumers buy the cheap crap every time. If you try and build stuff designed to last for decades, nobody buys it and you go out of business. Sucks for the tiny minority which is actually willing to fund quality, of course.
To give a concrete example: Modern photocopiers are basically just big printers. They're the only printers left which have reasonable cost per page and are designed to last for millions of pages. But they cost several thousand dollars. The thing is, when you look at cost per page, they're actually *well worth it*, even at that price. You get break-even after a few years; after that they're making you money. But most people still buy a $300 printer instead.
Imagine if you could run a wireless sensor device for years without ever having to replace the battery.... a small node sized device that uses the residential wiring from a building or home...
So, if we're already surrounded by a dedicated hard-wired power delivery infrastructure, we don't need batteries if we use this thing.
The MLB jump was totally expected. At that point they were using SL2, which was really SL1.1 with a name change so people wouldn't associate it with SL1, that used an entirely different system (SL1 was basically a XAML rendering plug in that depended on JS for everything). SL2 was the first iteration of SL to use the Silverlight Framework (a trimmed down version of the.Net framework).
Is that supposed to make me feel better about Silverlight?
Before I just didn't know anything about Silverlight. Now I know that SL2 and SL1.1 were the same thing, but totally different, with a different name, but the first release was totally something else from later releases, because the first version of Silerlight didn't even use Silverlight, but now Silverlight uses Silverlight, which is like.NET except not like.NET.
Did you ever try Ultima Underworld? It was released *before* Wolf3D and was in many ways more advanced than Doom was. (Sloped ceilings and floors, up/down looking, jumping, water you could swim in, a physics model for throwing items, etc, etc)
One reason Doom succeeded so well was that it did everything it needed extremely well, and left out anything it didn't need. So it was 3D enough to look cool, had enough lighting to make things spooky, but still ran relatively fast on the hardware available.
I'm not trying to dismiss UU -- clearly it was an achievement -- just point out that games are more than the sum of their parts.
He got that wrong, too. He posted a map image saying it was the first map. It's sad, but I actually recognized it wasn't the first map, and was able to remember that it was E1M3, without looking at the image URL. I recognized the hidden staircase that led you to the first Supercharge you could get.
I can't remember stuff for work, but that, *that* I remember.
General support is 5 years. That is when you get new service packs, new features, that kind of thing. Full support, more or less. Extended support is 5 more years. That is bug fixes and usually little more, though sometimes features happen too.
I'm well aware of their policy. But sometimes they decide that fixing something would be too much work and just don't fix it, even though it's a security bug affecting a product still in the Extended Support Phase. So on occasion they don't honor their policy. What are you gonna do?
Oh, and extended support is nominally critical fixes only. That is, those effecting security or system stability. Something like a loss-of-functionality bug you won't get fixed without a Custom Support Agreement. To get the 2007 timezone tables for Exchange 2000 was $4000. For us, it was the same price to just move to Exchange 2003.
They sometimes extend them, as they have for XP.
Okay, yah. I was thinking more along the lines of them continuing to release updates even though the product was officially end-of-life. I can't recall that happening, but it's not like I've studied every update Microsoft has ever released.
Slashdot Mirror
"IT managers are quite happy to accept their kickbacks from MS to have MS still deployed throughout their company"
Damn, I haven't been getting any kickbacks. Where do I sign up? How much is ~100 Windows PCs worth? If I ditch our Linux PCs will that get me more money?
Heh. I actually tagged this story "getoffmylawn".
I miss not having 42 daemons running in the background to do stuff that could simply be a library or utility loaded/run when needed.
I miss having the init system being a robust, straight-forward process of calling shell scripts in sequence.
I miss only needing to reboot for kernel updates.
I miss having one sound subsystem that never worked, rather than countless sound daemons which never work.
I miss having my immediately-after-logon process list fit in a single 80x25 terminal window.
I miss not having everything complain that DBUS isn't running.
I miss the Unix philosophy.
It seems like Linux is just as good as MS Windows these days. Too bad. I liked it when Linux was an improvement over MS Windows.
Well, I never went to 3Com to get SLIP, and all the documentation I got at the time I downloaded it in the late 80s mentioned the ham radio tie-in. If no Hams ever used it because of their dislike for it, I guess that makes the documents I read lies, and me a liar for repeating them. Sorry.
No, that doesn't make you a liar. But deliberately misrepresenting my statements and turning it into a straw man false dichotomy does make you an asshole.
LOTS of things first saw the light of day on those old 8-bit machines:
- windows/mouse interfaces (Apple, Atari, Commodore)
First? Doug Englebart would like a word with you. And it's generally acknowledged that Xerox PARC (yes, the copier company) pioneered the modern GUI. The Star was a commercial failure because of its price, but it was a real product, and it had all that stuff first. Steve Jobs notoriously took a tour of PARC and borrowed ideas for their own GUIs from them.
there was this software called "SLIP" that was developed by Hams around the world
Wait, what? Citation needed. AFAIK, SLIP was developed by 3Com. See RFC-1055. Whenever I have seen, heard or read of packet radio by hams, it's all based on X.25. Indeed, according to the Jargon file, hams did not originally like TCP/IP, calling it "That Crap Phil Is Pushing".
there was a separate RS-232 port as well on older iPods, but I think it's gone now
Small nitpick: To the best of my knowledge, no iPod has had a separate RS-232 port.
Unless you're talking about the interface for the remote control lump on the headphone cable. That uses a proprietary 4-pin connector next to the headphone jack. I've always assumed it was something simpler, but I suppose it could be RS-232.
The earliest iPods came with a FireWire connector (the GameBoy connector) instead of the Dock connector; maybe that's what you're thinking of. The Dock connector replaced that.
Also, FireWire support was discontinued by Apple some time ago. Newer iTunes doesn't recognize it, and newer iPod's don't have the circuitry.
But I certainly agree that the Dock connector can provide way more than just power and USB. I just wish Apple wasn't so damn proprietary about it. But then, it's Apple.
My point was that most calls are currently packet-switched. They even in fact share the fiber that carry general internet traffic, only with additional QoS enforcements.
Can you cite a source on the claim that most calls are currently packet-switched? While it's been some years since I've been up close to that part of the IT field, I don't think there's been enough time to physically change over that many phone switches, let alone the money or telco inclination.
Note that just because a call is running down the same fiber as an IP feed doesn't mean the voice is packet-switched. It is (or was) much more common to find the IP feeds existing as channels within a TDM trunk. A given stand carries a buttload of DS0 channels, any one of which might be a voice call, or might be assigned to data usage.
Note also that I'm not considering ATM packet-switched, although some do. The uniform, small size of the transmission unit, and complicated control protocols, mean it doesn't really behave like a traditional packet-switched network. (Which is, after all, the point.)
One other thing: Telephony over the public Internet has seen a huge increase in usage. Mobile telephony has seen an even huger increase, and I'm told many of those are IP-based. It could be that "most calls" are VoIP now because most calls have moved off the traditional PSTN to "new" public telephone networks. Which does count, I suppose, but I think the context of the OP was more about the traditional PSTN.
Currently all POTS calls *are* VOIP calls!
Good gods, how did *that* get modded "Informative"? (Yah, yah, pretend I'm new here.)
POTS calls, by definition, start on a line with Plain Old Telephone Service. 48 volts, analog, more or less the same thing that's been in use for roughly a century now.
Now, once you get to the CO, you're almost certainly going to go digital. That digital channel is still commonly pure TDM and circuit-switched (especially if you don't leave the exchange). You have a 64 Kbit/sec timeslice dedicated to your call all the way. Or it may go into an ATM network ("A technology that lets telephone companies turn your WAN problems into something they can tariff") and be cell-switched. Or, yes, it may go into a packet-switched IP network. Maybe even the Internet, if you're using a cheap LD carrier.
But "all"?? No. Not by a long shot.
Even if your call *does* go VoIP, you may still never leave the domain of the PSTN, where things like QoS can be enforced end-to-end. The Internet's generally a "unreliable, best effort" service. Different operators do different things, and all you can do is plug in somewhere and hope for the best. A telco deploying VoIP as a backhaul internally is a very different beast.
Install the "OldBar" Extension to change the "look" back to the old way:
https://addons.mozilla.org/en-US/firefox/addon/6227
Make the following about:config changes to get the "feel" closer to the old way:
browser.urlbar.matchOnlyTyped = True
browser.urlbar.matchBehavior = 2
There's nothing mandating TCB B3 for collateral SECRET in any DOD issuance I'm familiar with. B3 was pretty hard to get; it's most definitely more than EAL4. I can't say for sure the DOD has never issued anything mandating EAL4 for SECRET, but if they have they've never flowed the requirement to the regulations I work under.
Many of the standards you list specify do not address applicability or mandate implementation. They are a framework, a mechanism -- they are not policy. The fact that something is a Federal standard doesn't mean it is a *mandatory* standard. Thee are tons of things standardized for agencies who *elect* to employ something.
Further, the DOD is largely its own beast. FIPS is for civilian Federal agencies; it and other NIST issuances generally don't have jurisdiction over DOD. FISMA (the law that gives force to things like FIPS 200) explicitly exempts DOD, NSA, and other "national security" systems. The DOD adopts a lot of that stuff anyway, but it's their option.
If there isn't a DOD Directive, Instruction, Manual, etc., that says "All DoD commands shall do XYZ", there's little to no real force behind it, as far as DOD goes.
Thank god they didn't ban floppy disks.
You laugh, but floppy diskettes still see a lot of use in classified environments precisely because they're still allowed. HHOS.
You're not supposed to have phones in classified facilities. That, along with all removable media shall not leave the facility, is a policy.
There's no government-wide rule that says you cannot have a mobile phone in a classified facility. Such rules are often enacted, but that's at the local security plan level, not official regulation.
The rules for Sensitive Compartmented Information or Special Access Programs are stricter. In a SCI or SAP Facility, phones and personal electronic devices are prohibited by the governing regulations. Additionally, strong controls on media use, both procedural and computer-enforced, are often enacted at the local level. But SIPRNET and SCI/SAP are basically antithetical to each other, so it's kind of moot for this WikiLeaks scenario.
floppy disk drive be removed. And off the network.
I think you'll find that was a requirement for any system to be C2-certified - it was part of the spec.
Not really.
You can't certify an operating system by itself. Only a whole system -- hardware, software, configuration, *and* your plan and procedures for keeping it secure. So Microsoft never "got Windows NT" certified, because that simply isn't possible.
I suspect what Microsoft did was publish a set of guidelines to help one configure an NT box to help you meet NSA Orange Book guidelines. (MSFT publishes similar guidelines today, for newer regulations.) Microsoft advised to disconnect the floppy drive because if you can boot from floppy you can bypass the OS. Disabling things in the BIOS would also work, but back in 1995 many computers (especially IBM's) didn't have that option.
I don't know why MSFT didn't cover network security. Possibly it was just beyond the project's approved scope, possibly no one was asking (in 1995, classified PC networks were much more rare), maybe they couldn't do it, who knows?
It is true the Orange Book (which defined the divisions and classes, like C1) doesn't address networks at all. But it doesn't disallow them, per se. Again, the entire configuration has to be certified as a whole. If you want a network, then all computers on the network, and the network itself, have to be considered part of the system, and certified together. The NSA Red Book got into network security, but really didn't make things much different.
I'm given to understand that the Common Criteria (which replaced the NSA Rainbow Books) allow for more flexibility, which is how the SIPRNET exists at all. In the spaces I've played, though, they still use the "certify the network as a whole" approach. It's certainly easier to secure that way. An air gap is the best firewall.
NSA publications expressly prohibit the capability to transfer files to insecure formats.
Citation needed.
In my experience, the NSA, DoD, and friends rely much more on physical and personnel controls. A system assumes the highest classification of any information on it. A writable medium mounted on a classified system assumes the classification of the system. If you've got a security clearance, you're expected to protect such media as any other classified information. The regulations very rarely dictate anything about file formats or access control, beyond protecting the authentication and audit subsystems of the system itself.
Now, whether they *should* worry about that kind of thing is another story. Certainly, for selected programs, much stricter requirements tend to be imposed on things like removable media, and that's a good thing for data security. But those are technically imposed at the local level, not from official regulations.
Items 30 years ago were engineered to work - that's all we knew how to do. But now we know how to do something more profitable: items today are engineered as cheaply as possible to last for the length of the warranty. It'd be uncapitalistic not to, right?
Of course, given the choice between expensive quality and cheap crap, the vast majority of consumers buy the cheap crap every time. If you try and build stuff designed to last for decades, nobody buys it and you go out of business. Sucks for the tiny minority which is actually willing to fund quality, of course.
To give a concrete example: Modern photocopiers are basically just big printers. They're the only printers left which have reasonable cost per page and are designed to last for millions of pages. But they cost several thousand dollars. The thing is, when you look at cost per page, they're actually *well worth it*, even at that price. You get break-even after a few years; after that they're making you money. But most people still buy a $300 printer instead.
It's only a matter of time until ... you'd have songs written and sung pretty much entirely without human intervention.
Justin Bieber?
Imagine if you could run a wireless sensor device for years without ever having to replace the battery. ... a small node sized device that uses the residential wiring from a building or home ...
So, if we're already surrounded by a dedicated hard-wired power delivery infrastructure, we don't need batteries if we use this thing.
Or you could just plug the damn thing in.
The MLB jump was totally expected. At that point they were using SL2, which was really SL1.1 with a name change so people wouldn't associate it with SL1, that used an entirely different system (SL1 was basically a XAML rendering plug in that depended on JS for everything). SL2 was the first iteration of SL to use the Silverlight Framework (a trimmed down version of the .Net framework).
Is that supposed to make me feel better about Silverlight?
Before I just didn't know anything about Silverlight. Now I know that SL2 and SL1.1 were the same thing, but totally different, with a different name, but the first release was totally something else from later releases, because the first version of Silerlight didn't even use Silverlight, but now Silverlight uses Silverlight, which is like .NET except not like .NET.
*/me runs away screaming*
Did you ever try Ultima Underworld? It was released *before* Wolf3D and was in many ways more advanced than Doom was. (Sloped ceilings and floors, up/down looking, jumping, water you could swim in, a physics model for throwing items, etc, etc)
One reason Doom succeeded so well was that it did everything it needed extremely well, and left out anything it didn't need. So it was 3D enough to look cool, had enough lighting to make things spooky, but still ran relatively fast on the hardware available.
I'm not trying to dismiss UU -- clearly it was an achievement -- just point out that games are more than the sum of their parts.
... had to look up maps online ...
He got that wrong, too. He posted a map image saying it was the first map. It's sad, but I actually recognized it wasn't the first map, and was able to remember that it was E1M3, without looking at the image URL. I recognized the hidden staircase that led you to the first Supercharge you could get.
I can't remember stuff for work, but that, *that* I remember.
General support is 5 years. That is when you get new service packs, new features, that kind of thing. Full support, more or less. Extended support is 5 more years. That is bug fixes and usually little more, though sometimes features happen too.
I'm well aware of their policy. But sometimes they decide that fixing something would be too much work and just don't fix it, even though it's a security bug affecting a product still in the Extended Support Phase. So on occasion they don't honor their policy. What are you gonna do?
Oh, and extended support is nominally critical fixes only. That is, those effecting security or system stability. Something like a loss-of-functionality bug you won't get fixed without a Custom Support Agreement. To get the 2007 timezone tables for Exchange 2000 was $4000. For us, it was the same price to just move to Exchange 2003.
They sometimes extend them, as they have for XP.
Okay, yah. I was thinking more along the lines of them continuing to release updates even though the product was officially end-of-life. I can't recall that happening, but it's not like I've studied every update Microsoft has ever released.
I'm also somewhat confused whether you consider XP -> Vista to be 5 or 6 years.
Apparently so was I. I can only plead that it was a pre-coffee moment.
Yes, the median is 3.5 years, not 2.5 like I originally posted.
Upper bound = 6
Lower bound = 1
Span = Upper - lower = 5
Median = (Span / 2) + Lower bound = (5 / 2) + 1 = 2.5 + 1 = 3.5
I wish MS updated their base system more than once every 10 years.
Win95 (1995) -> Win98 (1998) [3 years] -> Win98SE (1999) [1 year] -> WinME (2000) [1 year]
NT 3.1 (1993) -> NT 3.5 (1994) [1 year] -> NT 4.0 (1996) [2 years] -> Win 2000 (2000) [4 years] -> XP (2001) [1 year] -> Vista (2006) [5 years] -> Win 7 (2009) [3 years]
Even the longest release drought, XP->Vista, was 6 years, not 10. The mean is 2 years; the median 2.5 years.
(I detest FUD, even FUD directed at a target I happen to dislike.)