The idea that tripping a single sprinkler head will set them all off at once is hollywood fiction.
Just to be pedantic, such systems do exist. They're called "deluge sprinkler" systems. Like a pre-action system, the pipes are normally kept dry, until some external event triggers it. However, unlike a pre-action system, every sprinkler head is open, so once the water valve is opened, it immediately starts raining everywhere. Mainly used in places where any sign of fire warrants immediate drastic action, like a fuel depot.
Money is basically a representation of a person's past value - what they've contributed to society...
What you just described is called "whuffie" by Cory Doctorow, in his story Down and Out in the Magic Kingdom. He calls the surplus-society meritocracy you describe "The Bitchun Society". The story is Freely available (Creative Commons license) at http://www.craphound.com/down/ and is well worth the read.
Actually, FAST TCP is also available as a linux kernel patch.
Oh, it's available for Linux? Well, then, FastTCP must be a great idea. Indeed, this just shows how Windows is inferior, since Microsoft isn't shipping support for FastTCP in Windows yet...
Systems intended for use with sensitive data have to be appropriately configured.
"Appropriately", yes. For example, on Win XP, you need to enforce the use of strong passwords. But for, say, a Win 98 or DOS box, there's really not much to do, except make sure you lock it up when you're done. Which was my point: If a Win 98 box can be approved to operate in a classified environment (and it can), your original statement ("Microsoft's software can be configured for high security applications -- otherwise it would not be found suitable for use in classified environments") is not valid.
The rest of your post is interesting, but not really relevant to that point. I did want to respond to one other thing, though:
In the past, you started for this by running the hisec template with the security configuration editor to reset system ACL's and permissions.
While that's a good idea, and something I recommend, it's not required per NISPOM or the DSS CTG. That's the NISP world, though. Other CSAs have different requirements.
Microsoft's software can be configured for high security applications -- otherwise it would not be found suitable for use in classified environments.
Every AIS (Automated Information System, the NSA TLA for "computer") I've ever seen running a Microsoft OS that was also processing classified information ran in "system high" or "dedicated" mode -- where you treat the whole system as classified, only let cleared people touch it, and lock the whole thing up. The security of the OS is practically inconsequential. MS-DOS can be, was, and likely still is used in this way.
I'm not saying you can't secure MS Windows (well, not in this post, anyway); I'm just saying "It's used for classified processing" isn't a good argument.
The end user has to have both the ciphertext and the key, in order to use the content at all
Alice wants to send something to Bob, while keeping Eve from seeing it. The classic argument is that in DRM, Bob and Eve are the same person (the TV watcher; Alice being the studio). It was pointed out to me (on Slashdot, even) that Bob isn't the TV watcher. Bob is the TV. The media cartels want to own your TV and send the content to it. You're Eve, the eavesdropper.
Really puts our roll in the DRM equation into perspective, doesn't it?
That is is DirectX's advantage: if the system supports "DirectX 9," you know that exactly all of the features of Direct3D 9 are supported.
Hmmm, one of the features I saw touted for DirectX 10 was that it is a single, uniform, all-or-nothing platform. Microsoft's ad copy said that DirectX 9 has something called "capability bits", or "cap bits". Games were supposed to check the cap bits to find out what DX9 features a system supported. That would seem to indicate that DX9 wasn't a uniform platform, no? And so while that might mean DX10 has an advantage, it would seem to make that argument invalid about past DirectX releases, yes?
The fact that one guy didn't learn well by taking notes doesn't mean that taking notes is a universal hindrance for all. Likewise, transcribing things helps many people retain information.
Why the heck do so many people think one size must fit all?
No, because without the certification, secure/sensitive installations aren't allowed to use those flavours of BSD (or any other uncertified product).
It's worth pointing out that these kinds of generic certifications aren't always required. They're generally required when you're doing multi-level security -- people with varying levels of trust using the same system. For example, if you need the system to prevent SECRET information from becoming available to a user who is only cleared to CONFIDENTIAL. The requirements for that are quite strict, and this kind of thing matters.
But many systems operate in what's known as "system high" or "dedicated" mode. Everyone is cleared to the same level, you treat everything on the system as classified to that level, and lock the whole thing up. For such environments, even Windows 9x or MS-DOS are acceptable, provided your other safeguards are sufficient (physical protections, non-computer administrative controls, etc.).
It's worth pointing out that anything which is released under the GPL alleviates a lot of the concerns that single-vendor solutions incur. Any truly Free/Open Source Software is never going to go out-of-business or be killed. Someone else can always fork the code.
I'm not criticizing LedgerSMB (indeed, I'll be keeping an eye on it). And I appreciate that Quasar has some closed, non-Free parts. I just wanted to point out this advantage of FOSS.
so when the early Windows 2000 failed one of the tests, it was technically unlawful to use Windows 2000 for any Government work
What law require(s|ed) evaluation according to the NSA "rainbow books" before a system can be used for government work? Where I work, even systems which process Classified information are not required to have trusted system software. You have to protect the system, but that's most often accomplished by far less sophisticated means. It is what is called "system high" or "dedicated" operation -- you treat everything as classified, lock everything up, and only let cleared people near it. The OS is not part of the safeguarding. Hell, eight years ago, there were plenty of Windows 95 and Windows 98 systems processing Classified information.
The more sophisticated measures -- an OS supporting multi-level security -- is only required if you want to let people who are not cleared to the information access some other part of the system. In other words, if you want to have Joe Blow without a clearance store his order for janitorial supplies on the same system that has SECRET data.
I think "NEAR" is implied with Google. That is to say, if you search for "apple macintosh", pages with those two terms in close proximity will rank higher than pages which simply contain the terms. Since Google's exact algorithms are proprietary, I cannot swear to this, but that seems to be the way it behaves in my own use.
What I miss from Alta Vista is the ability to go grouping to set precedence, i.e., parenthesis. I don't have to do this very often, but when I do, I really miss it. The need generally comes about when a given thing has a lot of different names or ways to describe it, and I want to say "this OR that OR (foo AND (bar OR baz))".
pcHDTV HD-5500. $129 list. PCI. Coax input. Analog/digital tuner. Hardware MPEG encoder. Explicitly designed to work with Linux.
Silicondust HDHomeRun. $169 list. Stand-alone box. Ethernet attachment. Dual coax inputs. Dual analog/digital tuners. Hardware MPEG encoder. Can stream video to MythTV and other systems.
Jarod Wilson recommended these to our LUG. I got the HD-5500 and it works well.
Also, I am told that Hauppague has recently started packaging HVR-1600 cards in PVR-150 boxes, with no indication of the change. The HVR-1600 does NOT work with MythTV.
With the parent as such a fine example, I look forward to an unbiased, unemotional discussion on the pros and cons of different Linux distributions. I'm sure it will be based entirely on objective facts, supported by careful citations, and not contain any anecdotal evidence or personal opinions.
I first read the headline as "Wi-Fi Hack Aids Boring Parties". I was thinking maybe someone hacked someone's wi-fi LAN to redirect every website into a porn site, and the prank made the papers or something. Then I started reading the summary, and it was all about the military raiding ships at sea. And I could only think to myself, "Holy shit, man, I may be a boring nerd, but I don't think I want my parties to be that exciting!"
Then I re-read the headline. I think I liked my version better.:)
There's an old saying: "When elephants fight, it is the grass that gets trampled."
Here are the possible outcomes I can see:
One format wins, the other loses and dies out. Betamax redux. Customers have to put up with the battle until the winer emerges. Anyone who buys the looser ends up buying everything twice.
Both formats win, in the form of dual-format equipment. Customers end up paying the licensing and technology costs of two platforms.
Both formats win, in the form of widespread availability of most titles for both formats. Customers have to pay for the increased shelf and stock room space, make sure they buy the right thing, and some titles will still doubtless only be available for one platform.
Both formats loose and die out (for whatever reason), replaced by something else. Anyone who buys either format is screwed.
No matter what happens, it's going to be Joe Consumer who gets the shaft. Lovely prospect. I would say the best option is the last, as a colossal failure of that magnitude might teach the industry a lesson, but if there is one thing I've learned from history, it's that people don't learn from history.
I say Microsoft needs to be sued under the RICO act, because that's almost exactly how the Mafia works.
It's not racketeering, because what Microsoft is threatening to do (sue) is not illegal. Breaking kneecaps is illegal. Bogus patent lawsuits are legal.
Just remember, when the mafia destroys you and all you've worked for, it's condemnable, despicable behavior. When a major multinational company does it, it's just standard business practice.
Is there really any reason why these simple documents need to be in anything but plain text?
Depends on how you define "need". They probabbly don't need to be written using a computer. But it makes it easier. Likewise, depending on the nature of the document, it may easier to do things like auto numbering, indenting, tracking changes (on purpose), reviewing, and so on using a more sophisticated file format. I cannot speak for the people doing this work, of course.
Kind of like how I'm using "rich text" (i.e., HTML) to format this post to be more useful. I could just type the text. But adding some quotes improves the context in the discussion. Needed? No. Useful? I'd say yes.
You also have to consider that most Windows systems don't have a decent text editor. (You can sort-of use Word, by saving as plain text, but that tends to loose a lot of the stuff you were trying to do.)
Allot of this communication was probably done with email in the first place, so it started out as plain text.
You've obviously never worked in a large organization where everyone is using email systems with "rich text" (e.g., Exchange/Outlook, Lotus Notes, even HTML mail in Thunderbird).
Honestly, they don't make a lot of sense for networking, either for the same reason, but I'm willing to overlook that...
You were doing real well up until that. Unlike, say, RAM or hard disk space, communications technology is not fundamentally organized around groups of octets. Comm tech is all bit-based. POTS modems, Ethernet transceivers, DSLs, etc., all transmit bits. The numbers of octets transmitted per arbitrary-group-of-bits depends on things like framing, packet size, and protocol overhead, which can and does vary. For example, if you send a large quantity of data in 576-octet Ethernet packets, it will take longer than it would using 1518-octet packets. (This holds true even if you discount the headers, as you still have framing overhead).
Slashdot Mirror
Just to be pedantic, such systems do exist. They're called "deluge sprinkler" systems. Like a pre-action system, the pipes are normally kept dry, until some external event triggers it. However, unlike a pre-action system, every sprinkler head is open, so once the water valve is opened, it immediately starts raining everywhere. Mainly used in places where any sign of fire warrants immediate drastic action, like a fuel depot.
What you just described is called "whuffie" by Cory Doctorow, in his story Down and Out in the Magic Kingdom. He calls the surplus-society meritocracy you describe "The Bitchun Society". The story is Freely available (Creative Commons license) at http://www.craphound.com/down/ and is well worth the read.
Oh, it's available for Linux? Well, then, FastTCP must be a great idea. Indeed, this just shows how Windows is inferior, since Microsoft isn't shipping support for FastTCP in Windows yet...
"Appropriately", yes. For example, on Win XP, you need to enforce the use of strong passwords. But for, say, a Win 98 or DOS box, there's really not much to do, except make sure you lock it up when you're done. Which was my point: If a Win 98 box can be approved to operate in a classified environment (and it can), your original statement ("Microsoft's software can be configured for high security applications -- otherwise it would not be found suitable for use in classified environments") is not valid.
The rest of your post is interesting, but not really relevant to that point. I did want to respond to one other thing, though:
While that's a good idea, and something I recommend, it's not required per NISPOM or the DSS CTG. That's the NISP world, though. Other CSAs have different requirements.
Every AIS (Automated Information System, the NSA TLA for "computer") I've ever seen running a Microsoft OS that was also processing classified information ran in "system high" or "dedicated" mode -- where you treat the whole system as classified, only let cleared people touch it, and lock the whole thing up. The security of the OS is practically inconsequential. MS-DOS can be, was, and likely still is used in this way.
I'm not saying you can't secure MS Windows (well, not in this post, anyway); I'm just saying "It's used for classified processing" isn't a good argument.
Alice wants to send something to Bob, while keeping Eve from seeing it. The classic argument is that in DRM, Bob and Eve are the same person (the TV watcher; Alice being the studio). It was pointed out to me (on Slashdot, even) that Bob isn't the TV watcher. Bob is the TV. The media cartels want to own your TV and send the content to it. You're Eve, the eavesdropper.
Really puts our roll in the DRM equation into perspective, doesn't it?
Hmmm, one of the features I saw touted for DirectX 10 was that it is a single, uniform, all-or-nothing platform. Microsoft's ad copy said that DirectX 9 has something called "capability bits", or "cap bits". Games were supposed to check the cap bits to find out what DX9 features a system supported. That would seem to indicate that DX9 wasn't a uniform platform, no? And so while that might mean DX10 has an advantage, it would seem to make that argument invalid about past DirectX releases, yes?
Slashdot used to be "News for Linux nerds. Nothing else matters." Lately, it seems it's switched to being AppleDot.
News flash: Not everybody learns the same way.
The fact that one guy didn't learn well by taking notes doesn't mean that taking notes is a universal hindrance for all. Likewise, transcribing things helps many people retain information.
Why the heck do so many people think one size must fit all?
It's worth pointing out that these kinds of generic certifications aren't always required. They're generally required when you're doing multi-level security -- people with varying levels of trust using the same system. For example, if you need the system to prevent SECRET information from becoming available to a user who is only cleared to CONFIDENTIAL. The requirements for that are quite strict, and this kind of thing matters.
But many systems operate in what's known as "system high" or "dedicated" mode. Everyone is cleared to the same level, you treat everything on the system as classified to that level, and lock the whole thing up. For such environments, even Windows 9x or MS-DOS are acceptable, provided your other safeguards are sufficient (physical protections, non-computer administrative controls, etc.).
It's worth pointing out that anything which is released under the GPL alleviates a lot of the concerns that single-vendor solutions incur. Any truly Free/Open Source Software is never going to go out-of-business or be killed. Someone else can always fork the code.
I'm not criticizing LedgerSMB (indeed, I'll be keeping an eye on it). And I appreciate that Quasar has some closed, non-Free parts. I just wanted to point out this advantage of FOSS.
What law require(s|ed) evaluation according to the NSA "rainbow books" before a system can be used for government work? Where I work, even systems which process Classified information are not required to have trusted system software. You have to protect the system, but that's most often accomplished by far less sophisticated means. It is what is called "system high" or "dedicated" operation -- you treat everything as classified, lock everything up, and only let cleared people near it. The OS is not part of the safeguarding. Hell, eight years ago, there were plenty of Windows 95 and Windows 98 systems processing Classified information.
The more sophisticated measures -- an OS supporting multi-level security -- is only required if you want to let people who are not cleared to the information access some other part of the system. In other words, if you want to have Joe Blow without a clearance store his order for janitorial supplies on the same system that has SECRET data.
I think "NEAR" is implied with Google. That is to say, if you search for "apple macintosh", pages with those two terms in close proximity will rank higher than pages which simply contain the terms. Since Google's exact algorithms are proprietary, I cannot swear to this, but that seems to be the way it behaves in my own use.
What I miss from Alta Vista is the ability to go grouping to set precedence, i.e., parenthesis. I don't have to do this very often, but when I do, I really miss it. The need generally comes about when a given thing has a lot of different names or ways to describe it, and I want to say "this OR that OR (foo AND (bar OR baz))".
May I also suggest:
pcHDTV HD-5500. $129 list. PCI. Coax input. Analog/digital tuner. Hardware MPEG encoder. Explicitly designed to work with Linux.
Silicondust HDHomeRun. $169 list. Stand-alone box. Ethernet attachment. Dual coax inputs. Dual analog/digital tuners. Hardware MPEG encoder. Can stream video to MythTV and other systems.
Jarod Wilson recommended these to our LUG. I got the HD-5500 and it works well.
Also, I am told that Hauppague has recently started packaging HVR-1600 cards in PVR-150 boxes, with no indication of the change. The HVR-1600 does NOT work with MythTV.
With the parent as such a fine example, I look forward to an unbiased, unemotional discussion on the pros and cons of different Linux distributions. I'm sure it will be based entirely on objective facts, supported by careful citations, and not contain any anecdotal evidence or personal opinions.
I first read the headline as "Wi-Fi Hack Aids Boring Parties". I was thinking maybe someone hacked someone's wi-fi LAN to redirect every website into a porn site, and the prank made the papers or something. Then I started reading the summary, and it was all about the military raiding ships at sea. And I could only think to myself, "Holy shit, man, I may be a boring nerd, but I don't think I want my parties to be that exciting!"
:)
Then I re-read the headline. I think I liked my version better.
What power?
There's an old saying: "When elephants fight, it is the grass that gets trampled."
Here are the possible outcomes I can see:
No matter what happens, it's going to be Joe Consumer who gets the shaft. Lovely prospect. I would say the best option is the last, as a colossal failure of that magnitude might teach the industry a lesson, but if there is one thing I've learned from history, it's that people don't learn from history.
You remind me of the babe.
It also leaves the door wide open for them to invoke the Darth Vader clause: "I am altering the deal. Pray I do not alter it any further."
They can still decide to sue anytime they want. This press release isn't worth the paper it isn't written on.
It's not racketeering, because what Microsoft is threatening to do (sue) is not illegal. Breaking kneecaps is illegal. Bogus patent lawsuits are legal.
Just remember, when the mafia destroys you and all you've worked for, it's condemnable, despicable behavior. When a major multinational company does it, it's just standard business practice.
Depends on how you define "need". They probabbly don't need to be written using a computer. But it makes it easier. Likewise, depending on the nature of the document, it may easier to do things like auto numbering, indenting, tracking changes (on purpose), reviewing, and so on using a more sophisticated file format. I cannot speak for the people doing this work, of course.
Kind of like how I'm using "rich text" (i.e., HTML) to format this post to be more useful. I could just type the text. But adding some quotes improves the context in the discussion. Needed? No. Useful? I'd say yes.
You also have to consider that most Windows systems don't have a decent text editor. (You can sort-of use Word, by saving as plain text, but that tends to loose a lot of the stuff you were trying to do.)
You've obviously never worked in a large organization where everyone is using email systems with "rich text" (e.g., Exchange/Outlook, Lotus Notes, even HTML mail in Thunderbird).
You must be new here.
;-)
You were doing real well up until that. Unlike, say, RAM or hard disk space, communications technology is not fundamentally organized around groups of octets. Comm tech is all bit-based. POTS modems, Ethernet transceivers, DSLs, etc., all transmit bits. The numbers of octets transmitted per arbitrary-group-of-bits depends on things like framing, packet size, and protocol overhead, which can and does vary. For example, if you send a large quantity of data in 576-octet Ethernet packets, it will take longer than it would using 1518-octet packets. (This holds true even if you discount the headers, as you still have framing overhead).