"If the guest account is enabled (on Exchange 5.5 and 2000), even if your login fails, you can send mail, because the guest account is there as a catchall," he said. "Even if you think you've done everything (to secure the server), you are still open to spammers."
Um, excuse me? Any idiot with more than 7 days experience administering a Windows server should know that the Guest account is BAD BAD BAD.
By definition "Guest" doesn't require successful authentication to access resources. The entire reason "Guest" exists is to provide un-authenticated access to resources.
I can read bugtraq as well as anyone else, so I'm aware of the past history Microsoft has with the security of its products. However, no sane person could reasonably attribute this "flaw" to Microsoft software. A more apt description is "Flaw in MS Exchange 5.5 and 2000 Administrators".
I mean really. It's like setting a Windows Domain Administrator account password to "Administrator" or "password" (another major cause of Exchange-based spam. Grep USENET and MS KB's for UI).
No software yet written or ever to be written in the future can make up for mistakes, oversights and sometimes just plain stupidity of humans.
As a Safari subscriber, I'd say it's probably because Full Text Search of online book content is also present at O'Reilly's own Safari online tech book site. You've been able to do the same thing Amazon is now crowing about, on every book Safari has, since launch quite some time ago (year or two perhaps?)
Safari is more of a "service" (i.e. renting access to book content) than a "feature" of a retail website, which is all Amazon's "innovation" seems to be.
Basically the only real different between the two (aside from what is cited above) is that Amazon just lets you know the content is mentioned, and shows you a page or two. Safari gives you the entire book. That and that Amazon has a much wider range of books in non-tech genres
Your proposal is an interesting one and I have emailed you. Should you not get it (full inbox etc), you can reach me via my email address publically viewable on slashdot.
Parses the HTML, recognises the external image link and consequently does not send a request for the image, or
Parses the HTML, recognises the external image link, downloads the image and then just fails to display it until you click on the X.
May not seem like much of a difference, but it is. (1) still allows marketers/spammers to collect view statistics and gain some measure of response to their trash. while (2) does not. What's the bet O2k3 does the latter?
After all, if MS really cared about dangerous HTML content and the spam problem they'd have added a "parse all incoming emails as text only" option long ago.
Considering their poor server is at this very moment in the process of becoming a molten lump of metal and slag, they should probably give some thought to renaming the article "Hardware Analysis: How NOT to configure a webserver"
We use SUS at work to distribute patches to around 60 desktops. While it's certainly nice to not have to go desk-to-desk doing this manually, SUS has some major drawbacks.
Bad patch verification. Like WindowsUpdate, SUS relies on a registry entry to check sucessful installation of patches. As many admins have discovered over the past few months, this method of patch verification is highly flawed and results in many, many cases of false-negatives when searching for vulnerable workstations.
OS patches only. SUS does OS patches. Great. Now what about Office, which is also installed on every desktop in our company?
Patch reliability. Even if SUS was vastly improved, the sad fact of the matter is that MS patches are still capable of doing severe damage to the target system. It's not like there are no past examples of patches and/or service-packs f$*king up machines. Until the patching process becomes not only dead easy, but also bulletproof RELIABLE, servers (esp. critical infrastructure machines) will continue to need manual patching. Considering many larger companies can have hundreds of servers across the organisation, it becomes one hugeass timesink.
Other pitfalls. There are many, MANY other options missing that would make life for administrators much easier - such as forcing reboots for patched machines, the ability to stagger deployement using only one SUS server (by using, say, MAC addresses or NetBT/DNS hostnames), the ability to detect mobile users (via a configurable registry setting on the client end) and *force* them to patch immediately upon connecting to the LAN based upon past percentage hit-rate for sucessful patching (i.e. machine was turned on and conneted to LAN) at the regular scheduled time
SUS is nice to have, but it's certainly not set-and-forget as it SHOULD be - at least on the client end of things. There is a long way to go with SUS before it begins to approach something that makes a significant impact on the nightmare that is Microsoft patching. But of course the problem with hoping SUS gets better is that SMS and MOM exist... and unlike SUS, neither of those are free.
Considering we (Australia) doesnt actually *have* 2000 SAS personnel, but only around 300 at last count...
We deployed deployed 80 ATCers, 16 WMD location personnel, ~75 "security" personnel doing explosives ordinance and VIP protection, 6 guys to train IDF (iraqi defence force) after the war, 3x CPA reps, 3x light armoured vehicles + crew, comms and logistics guys and a bunch of Military cops. Add to this 2x C130 plus crew and support (totalling 140), 1x "military liason" *cough* ASIS *cough*, 3 blokes from Office of Reconstruction and Humanitarian Assistance, ~90 "Army HQ" staff.
Also making an appearence were HMAS Sydney + support group, HMAS Kanimbla, HMAS Newcastle and 2x P3 Orion aircraft for a total of 270 Naval personnel and 160 for the orions + support elements.
We also sent over a gaggle of F-18's, though I can't find any mention of numbers for these.
Last but not least, our SAS deployement. Being SpecForces there isn't much information running around, but best guesses put the number at somewhere between 60 and 130 deployed in total.
So, while we had a total of almost 2000 troops in Iraq over the past six months or so, most of them were definately NOT SAS.
Wow, you're in almost the exact same position I'm in: the sole admin for your mid-sized organisation, responsible for anything capable of generating a spark.
These are the guidelines that help me achieve my goals, and my boss' goals, without going nuts in the process.
Use a trouble ticket system! I can't stress this one enough. ALL requests for work should come through your trouble ticket system. Mid and Long-term projects don't need this as they should *only* come from your immediate boss.
Failing above, do everything via email. Having everything in writing allows you to keep track of who requested what and when. It also leaves a paper trail should the user/client claim you did not meet their request on time/to spec. Last but not least, it enables you to justify your time management.
Practice good time management. I know this sounds like a verbal wank, but it's true. If a task is not important, don't prioritise it above those that are. Keep in mind that your priorities are not those of your boss, and your boss' opinion of your work is really all that matters as far as doing well goes.
Meet your boss' priorities, not your own. To be happy and successful in your job, you need to meet the priorities of your boss. If there's something that needs doing and it's not your boss' priority, make it one. Do this by explaining what it is, why it needs to be done, the impact on the organisation/yourself/your department/whatever if it's not done, the urgency and why it's so urgent.
Ignore normal comm channels When you're working on very important tasks under ultratight deadline, put your phone on "do not disturb" and ignore email. This helps your concentration greatly and, bottom line, if it's important enough people will walk into your office to see you. This is doubly effective if you're trained your users to do everything via TTS or email; they'll be reluctant to ask you in person, knowing you usually tell them to repeat it all in an email. Thus they'll only come to you when it really is important.
Priority list is sacrosanct Following the above point, your prioritised list of tasks is sacrosanct - stick to it! The *only* tasks you should even consider inserting into the priority list you and your boss have previously agreed on, are those that can be classed as "DoMeNowOrElse". Before you class something in this way, ask yourself "would i be willing to do major (>2hrs) overtime to get this done ASAP?" If they answer is yes (e.g. downed email server), then it's worthy of insertion into the priority list. Also keep in mind these insertions should always go above existing priorities - it'll help dissuade you from arbitarily adding tasks because someone other than your immediate manager says they're urgent.
Regularly check relevence of priorities Meet once a week with your boss and ensure your priority list is still relevant with his needs. He or she usually knows much more about whats going on and what's important at a strategic level, so while you may think disabling that ex-employee's account isn't more important than upgrading a mailserver, your boss may know different.
Never be unpleasant This may sound silly in a discussion about workload management, but it's core to everything you do as a sysadmin. Remember that the only time most people see what you do is when they come to you with a request. They dont have the vaguest clue what your job entails - the difficulty, the hours, the stress, none of it. All they'll remember is the grumpy way you dismissed them with a "no" and went back to working on your "DoMeNowOrElse" task. Which to them of course looks like you're just goofing off at your workstation. While this seems the easiest, I find this point by far the hardest to stick to.
And, last but not least, remember this phrase: "A lack of planning on your part does not constitute an emergency on my part". But don't ever say that to your users unless you can figure a nicer way of putting it;)
You know what - I'd settle for every RAM manufacturer to clearly label the amount/speed/type on their fscing sticks of RAM! I mean seriously, how hard is it to add the sticker?
Yes, but common knowledge tells everyone what the brakes do in a car. You do a driving test that requires the use of the brake.
So, using that as an example and considering how much more common computers are in every day life than cars (know anyone how hasn't driven in the past 12 months? Now, know anyone who hasn't touched a computer in any way shape or form in the same time period?), why don't we have compulsory "basic operation" licsenses for computers?
Most people outside the IT Industry use computers as a tool, a means to an end. And yet there are NO requirements in place to ensure people are competant when using that (potentially dangerous) tool
Think about it this way; Truck drivers are forced to undergo rigerous driving training (in the form of logged experience and lessons from qualified staff) before they're allowed to sit for their license and operate the tool they use to make a living. Builders are required to undergo at least two years of apprenticeship plus TAFE (think community college) courses before they can build any type of large structure. People who pilot any form of marine vessel are required to sit a test and get their license before they can command a vessel capable of going over a certain speed/weighing more than a certain tonnage. Hell, even short-order *COOKS* are required to undergoe some form of food preperation and service training before most places will give them a job.
And yet companies all across the world will hire someone into a position that required daily, extended user of office type computers at the drop of a hat. At best you can expect "Can you touch type? DO you know Microsoft Word?" Hell, even that's only mostly for secretaries!
A basic computer competency test should be *compulsory* before anyone is allowed to purchase a computer. Said test should include the following areas;
Basic hardware in a computer (stops the old "my cupholder is broken and the tv wont start!" support call when whats actually happened is that they've kicked out a cord at the back)
Basic use of word processing, database, presentation and spreadsheet software (by basic I mean VERY basic. "This is a spreadsheet. It does simple simple calculations, like so")
Basic Internet skills ("this is how to use email, this is SPAM - its bad, dont ever reply. This is how to browse the web" etc)
Basic computer security (in fact, dont even include the word "security". Include this in the "basic operation" section. Cover topics such as viruses ("don't open email with attachments unless you have an UP TO DATE virus scanner running, and the file is NOT an exe/vbs/whatever", spyware, password security (and the importance of it, with say a "your internet banking and hotmail account are vulnerable! listen up!")
How to report a problem (if you have a support line/helpdesk/manufacturer to call under warrenty.
When computers are in as widespread use as they are in our society today, rivaling even vehicles in their numbers, people should be forced to prove at least some BASIC competancies. I'm not talking about doing us out of a job (I am paid to fix problems, among *other* things), but ensuring that the damage/aggrivation/grief caused by computer-ignorant people is minimised.
That's funny, because we're on the Sydney Comindico PoP and havn't had any link downtime today at all.
Of course, there have been a few incidents over the past week where our link dropped for between three and ten minutes at a time. Comindico's network status page explained them as "router rebooted", no more details.
But anyway, none today.
Note on Outlook compatability
on
Opengroupware
·
· Score: 4, Interesting
If you notice, the screenies of Outlook are using a plugin called Zidelook. They dont mention whether this is requisite to get full compatibility (i.e. drop-in replacement for exchange), but they DO mention that OpenGroupware base is not compatible with Zidelook.
To use Zidelook, you must use SKYRiX, and "enterprise distribution" of OpenGroupware. I.e. it's a commercial plug-in.
Of course, I could be wrong, but that's just how it reads.
I work as an IT admin at a publishing company. We do several magazines covering various aspects of the IT industry. PDF's are vital to our production process. Why? Well, the two biggest reasons are;
When an advertiser sends your their ad as PDF, they can be almost 100% certain that it will appear on our systems exactly the same as it did on theirs.(*)
When we send our magazines off for printing, we can be almost 100% certain that what the printers see on their systems is what we saw on ours(**)
Aside from the above, there are many other reasons why PDF is the industry standard in publishing (and, unlike Mac, it's a real standard. Once we weaned our designers off Apple and over to PC, they've been full of nothing but praise for the platform. Yep, that's right, we're a magazine publishing company that doesn't use Apple.)
Despite your claims, HTML is never and will never be a means of displaying content the same way across multiple platforms. Heck, it wasn't even designed for that use in the first place. People try to make HTML-formatted content look exactly the same cross-platform, but when it changes layout at the even the slightest screen resolution change, it's a lost cause.
I read the Elcomsoft post to bugtraq this afternoon, and I agree Adobe's attempt to fix the problem was, at best, a poor effort. However, their failure to fix a flaw in their application does not mean that companies can up and switch to formats that not only do not do the same basic job PDF does (consistent display cross platform), but don't even claim to do so.
*Varibles such as colour saturation, monitor differences and even things as small as the level and angle of light being cast onto a monitor affect the display. However, this does not affect the printing process.
**Once again, you have variables that are almost uncontrollable such as types of ink, non-PDF fuckups at the printer's end, etc.
I love reading all these comments from people complaining how their one or two PCs produce so much noise it drives them insane. Working as I do in a server room (on the bright side, at least it gives me my own office...), the noise levels I'm exposed to are exponentially worse than that of your average home or office user.
To wit;
1x IBM NetFinity 7000: 2x internal fans, 2x front bezel fans, 8x HDD rack fans, 2x PSU fans
1x IBM NetFinity 5000: 2x internal fans, 2x HDD fans, 1x PSU fan
1x F760 NetApp NAS: 2x PSU fans, 16x HDD fans
Add to that three more floor-mounted servers and my own workstation. I'm sure I've read somewhere that long-term exposure to noise levels such as this damages your hearing. Hence why I constantly play Nirvana and Keiko Matsui at a billion decibels.
With all due respect, your point of view is absolutely wrong.
Website defacements cost companies real money. It may or may not be in the oft-quoted "millions" mark, but it is certainly a non-trivial figure.
For the benefit of those not in the SysAdmin/ITAdmin/Computer Security industries, I'll give you a quick rundown as to WHY they cost money.
First and foremost, there's staff time used up in detecting, evaluating, responding to and cleaning up the actual defacement. This is not just a case of re-uploading the web content! Defacements are security breaches, and as such the machine is treated as compromised. There's meetings with management, co-workers, other interested parties (business partners etc) to establish such things as immediate effect, immediate course of action, whether to perform forensics, potential compromise to other systems etc. Reload and reinstall the system, go through the rest of your security logs (IDS, Firewall logs etc) with a fine tooth comb because the attacker JUST MIGHT have used his higher privileges on the web server to sniff out other avenues inside your network. This task of tracking down what access an attacker had, and what they did with it, can be a huge time sink (and thus a huge money sink)
Cost in terms of PR. This is intangible as it deals with the affects on a company's good name and reputation. This can often be estimated quite highly, and can run into the *thousands* of man hours for complicated network scenarios
Potential lost business through downtime of services. This is another area where estimates can be quite high. Sure, not every person who hit your website during the downtime would have bought something, but that's not at issue. What's at issue is that that could have bought something, had the service been available. It's called Opportunity Cost, and website defacements of commercial sites have a high opportunity cost.
Regardless of whether the website defacer contacts you with details on how the achieved the attack and what they modified (which, incidentally, they usually do not. Web defacements are usually the work of bored skiddiots), you must treat the incident as a full-blown compromise, at least until you've performed enough analysis to determine that no other systems are suspicious. When you work as an Admin for a living, you do not bet your company's money on the trustworthiness of a 16 year old skiddiot (whom, lets face it, wouldn't have sunk as low as an ISS/Apache sploit if they were at all trustworthy in the first place).
Any form of system compromise is a major incident. Even compromises of Bastion hosts, which we expect to be compromised at some point, cost businesses money. Your opinion stems from ignorance of the issues involved and is exactly the sort of opinion most skiddiots have - although that doesn't make you one.
You're not after bridging mode, as the PIX wont do bridged. What you want are static routes pointing at the public IP of your machines. This, in conjunction with having your internal DNS point at the public IPs for the domains you're hosting instead of the internal ones, will ensure it all works.
1) This is not a law. Its a code of practice, and no-where in the article does it say whether said code is mandatory.
2) This code of practice applies ONLY to "carriers and service providers". So Shazza's Crikey Crocadile Shoe Shop isn't going to be affected in any way when they decide to send out 3 million SMS spams advertising their latest evening shoe.
3) At 30c/SMS, spammers are up for one hell of a phone bill after sending all that spam. Considering the success rates of Email spam and the cost of SMS, id say SMS spam for any type of business is a money losing proposition that all but the stupidest PHB could clearly see. And those PHB's will quickly learn when they pay 400,000 in SMS bills for 10,000 in generated sales.
4) Related to above. Because of the cost of SMS, the only entities that could really use SMS spam effectively are Telcos. Hence why this only applies to telcos. But of course, as I said earlier, there's no word on whether its mandatory or not. What ifyour new telco simply decides not to be a member?
Slashdot Mirror
In much the same way that a mere ISP taking over an international print and TV empire was over the top. Ah well, AOL's still around, right?
It's called "honourary"
"If the guest account is enabled (on Exchange 5.5 and 2000), even if your login fails, you can send mail, because the guest account is there as a catchall," he said. "Even if you think you've done everything (to secure the server), you are still open to spammers."
Um, excuse me? Any idiot with more than 7 days experience administering a Windows server should know that the Guest account is BAD BAD BAD.
By definition "Guest" doesn't require successful authentication to access resources. The entire reason "Guest" exists is to provide un-authenticated access to resources.
I can read bugtraq as well as anyone else, so I'm aware of the past history Microsoft has with the security of its products. However, no sane person could reasonably attribute this "flaw" to Microsoft software. A more apt description is "Flaw in MS Exchange 5.5 and 2000 Administrators".
I mean really. It's like setting a Windows Domain Administrator account password to "Administrator" or "password" (another major cause of Exchange-based spam. Grep USENET and MS KB's for UI).
No software yet written or ever to be written in the future can make up for mistakes, oversights and sometimes just plain stupidity of humans.
As a Safari subscriber, I'd say it's probably because Full Text Search of online book content is also present at O'Reilly's own Safari online tech book site. You've been able to do the same thing Amazon is now crowing about, on every book Safari has, since launch quite some time ago (year or two perhaps?)
Safari is more of a "service" (i.e. renting access to book content) than a "feature" of a retail website, which is all Amazon's "innovation" seems to be.
Basically the only real different between the two (aside from what is cited above) is that Amazon just lets you know the content is mentioned, and shows you a page or two. Safari gives you the entire book. That and that Amazon has a much wider range of books in non-tech genres
Your proposal is an interesting one and I have emailed you. Should you not get it (full inbox etc), you can reach me via my email address publically viewable on slashdot.
Thanks for the link, I was unaware of that added feature.
May not seem like much of a difference, but it is. (1) still allows marketers/spammers to collect view statistics and gain some measure of response to their trash. while (2) does not. What's the bet O2k3 does the latter?
After all, if MS really cared about dangerous HTML content and the spam problem they'd have added a "parse all incoming emails as text only" option long ago.
Considering their poor server is at this very moment in the process of becoming a molten lump of metal and slag, they should probably give some thought to renaming the article "Hardware Analysis: How NOT to configure a webserver"
From the aforementioned website, with around 40 comments posted thus far:
"There are 17 registered and 5413 anonymous users currently online. Current bandwidth usage: 1406.08 kbit/s"
Wow... betcha they notice that real quick!
- Bad patch verification. Like WindowsUpdate, SUS relies on a registry entry to check sucessful installation of patches. As many admins have discovered over the past few months, this method of patch verification is highly flawed and results in many, many cases of false-negatives when searching for vulnerable workstations.
- OS patches only. SUS does OS patches. Great. Now what about Office, which is also installed on every desktop in our company?
- Patch reliability. Even if SUS was vastly improved, the sad fact of the matter is that MS patches are still capable of doing severe damage to the target system. It's not like there are no past examples of patches and/or service-packs f$*king up machines. Until the patching process becomes not only dead easy, but also bulletproof RELIABLE, servers (esp. critical infrastructure machines) will continue to need manual patching. Considering many larger companies can have hundreds of servers across the organisation, it becomes one hugeass timesink.
- Other pitfalls. There are many, MANY other options missing that would make life for administrators much easier - such as forcing reboots for patched machines, the ability to stagger deployement using only one SUS server (by using, say, MAC addresses or NetBT/DNS hostnames), the ability to detect mobile users (via a configurable registry setting on the client end) and *force* them to patch immediately upon connecting to the LAN based upon past percentage hit-rate for sucessful patching (i.e. machine was turned on and conneted to LAN) at the regular scheduled time
SUS is nice to have, but it's certainly not set-and-forget as it SHOULD be - at least on the client end of things. There is a long way to go with SUS before it begins to approach something that makes a significant impact on the nightmare that is Microsoft patching. But of course the problem with hoping SUS gets better is that SMS and MOM exist... and unlike SUS, neither of those are free.Nah, they're kiwi!
Considering we (Australia) doesnt actually *have* 2000 SAS personnel, but only around 300 at last count... We deployed deployed 80 ATCers, 16 WMD location personnel, ~75 "security" personnel doing explosives ordinance and VIP protection, 6 guys to train IDF (iraqi defence force) after the war, 3x CPA reps, 3x light armoured vehicles + crew, comms and logistics guys and a bunch of Military cops. Add to this 2x C130 plus crew and support (totalling 140), 1x "military liason" *cough* ASIS *cough*, 3 blokes from Office of Reconstruction and Humanitarian Assistance, ~90 "Army HQ" staff. Also making an appearence were HMAS Sydney + support group, HMAS Kanimbla, HMAS Newcastle and 2x P3 Orion aircraft for a total of 270 Naval personnel and 160 for the orions + support elements. We also sent over a gaggle of F-18's, though I can't find any mention of numbers for these. Last but not least, our SAS deployement. Being SpecForces there isn't much information running around, but best guesses put the number at somewhere between 60 and 130 deployed in total. So, while we had a total of almost 2000 troops in Iraq over the past six months or so, most of them were definately NOT SAS.
Request Tracker. Google it. now if someone can find me a good, OSS request tracker that runs on IIS/ASP...
These are the guidelines that help me achieve my goals, and my boss' goals, without going nuts in the process.
I can't stress this one enough. ALL requests for work should come through your trouble ticket system. Mid and Long-term projects don't need this as they should *only* come from your immediate boss.
Having everything in writing allows you to keep track of who requested what and when. It also leaves a paper trail should the user/client claim you did not meet their request on time/to spec. Last but not least, it enables you to justify your time management.
I know this sounds like a verbal wank, but it's true. If a task is not important, don't prioritise it above those that are. Keep in mind that your priorities are not those of your boss, and your boss' opinion of your work is really all that matters as far as doing well goes.
To be happy and successful in your job, you need to meet the priorities of your boss. If there's something that needs doing and it's not your boss' priority, make it one. Do this by explaining what it is, why it needs to be done, the impact on the organisation/yourself/your department/whatever if it's not done, the urgency and why it's so urgent.
When you're working on very important tasks under ultratight deadline, put your phone on "do not disturb" and ignore email. This helps your concentration greatly and, bottom line, if it's important enough people will walk into your office to see you. This is doubly effective if you're trained your users to do everything via TTS or email; they'll be reluctant to ask you in person, knowing you usually tell them to repeat it all in an email. Thus they'll only come to you when it really is important.
Following the above point, your prioritised list of tasks is sacrosanct - stick to it! The *only* tasks you should even consider inserting into the priority list you and your boss have previously agreed on, are those that can be classed as "DoMeNowOrElse". Before you class something in this way, ask yourself "would i be willing to do major (>2hrs) overtime to get this done ASAP?" If they answer is yes (e.g. downed email server), then it's worthy of insertion into the priority list. Also keep in mind these insertions should always go above existing priorities - it'll help dissuade you from arbitarily adding tasks because someone other than your immediate manager says they're urgent.
Meet once a week with your boss and ensure your priority list is still relevant with his needs. He or she usually knows much more about whats going on and what's important at a strategic level, so while you may think disabling that ex-employee's account isn't more important than upgrading a mailserver, your boss may know different.
This may sound silly in a discussion about workload management, but it's core to everything you do as a sysadmin. Remember that the only time most people see what you do is when they come to you with a request. They dont have the vaguest clue what your job entails - the difficulty, the hours, the stress, none of it. All they'll remember is the grumpy way you dismissed them with a "no" and went back to working on your "DoMeNowOrElse" task. Which to them of course looks like you're just goofing off at your workstation. While this seems the easiest, I find this point by far the hardest to stick to.
And, last but not least, remember this phrase: "A lack of planning on your part does not constitute an emergency on my part". But don't ever say that to your users unless you can figure a nicer way of putting it
You know what - I'd settle for every RAM manufacturer to clearly label the amount/speed/type on their fscing sticks of RAM! I mean seriously, how hard is it to add the sticker?
So, using that as an example and considering how much more common computers are in every day life than cars (know anyone how hasn't driven in the past 12 months? Now, know anyone who hasn't touched a computer in any way shape or form in the same time period?), why don't we have compulsory "basic operation" licsenses for computers?
Most people outside the IT Industry use computers as a tool, a means to an end. And yet there are NO requirements in place to ensure people are competant when using that (potentially dangerous) tool
Think about it this way; Truck drivers are forced to undergo rigerous driving training (in the form of logged experience and lessons from qualified staff) before they're allowed to sit for their license and operate the tool they use to make a living. Builders are required to undergo at least two years of apprenticeship plus TAFE (think community college) courses before they can build any type of large structure. People who pilot any form of marine vessel are required to sit a test and get their license before they can command a vessel capable of going over a certain speed/weighing more than a certain tonnage. Hell, even short-order *COOKS* are required to undergoe some form of food preperation and service training before most places will give them a job.
And yet companies all across the world will hire someone into a position that required daily, extended user of office type computers at the drop of a hat. At best you can expect "Can you touch type? DO you know Microsoft Word?" Hell, even that's only mostly for secretaries!
A basic computer competency test should be *compulsory* before anyone is allowed to purchase a computer. Said test should include the following areas;
- Basic hardware in a computer (stops the old "my cupholder is broken and the tv wont start!" support call when whats actually happened is that they've kicked out a cord at the back)
- Basic use of word processing, database, presentation and spreadsheet software (by basic I mean VERY basic. "This is a spreadsheet. It does simple simple calculations, like so")
- Basic Internet skills ("this is how to use email, this is SPAM - its bad, dont ever reply. This is how to browse the web" etc)
- Basic computer security (in fact, dont even include the word "security". Include this in the "basic operation" section. Cover topics such as viruses ("don't open email with attachments unless you have an UP TO DATE virus scanner running, and the file is NOT an exe/vbs/whatever", spyware, password security (and the importance of it, with say a "your internet banking and hotmail account are vulnerable! listen up!")
- How to report a problem (if you have a support line/helpdesk/manufacturer to call under warrenty.
When computers are in as widespread use as they are in our society today, rivaling even vehicles in their numbers, people should be forced to prove at least some BASIC competancies. I'm not talking about doing us out of a job (I am paid to fix problems, among *other* things), but ensuring that the damage/aggrivation/grief caused by computer-ignorant people is minimised....a shattered bowl of petunias was found close by the splattered sperm whale. Police are treating the death of the petunias as suspicious.
That's funny, because we're on the Sydney Comindico PoP and havn't had any link downtime today at all.
Of course, there have been a few incidents over the past week where our link dropped for between three and ten minutes at a time. Comindico's network status page explained them as "router rebooted", no more details.
But anyway, none today.
If you notice, the screenies of Outlook are using a plugin called Zidelook. They dont mention whether this is requisite to get full compatibility (i.e. drop-in replacement for exchange), but they DO mention that OpenGroupware base is not compatible with Zidelook.
To use Zidelook, you must use SKYRiX, and "enterprise distribution" of OpenGroupware. I.e. it's a commercial plug-in.
Of course, I could be wrong, but that's just how it reads.
- When an advertiser sends your their ad as PDF, they can be almost 100% certain that it will appear on our systems exactly the same as it did on theirs.(*)
- When we send our magazines off for printing, we can be almost 100% certain that what the printers see on their systems is what we saw on ours(**)
Aside from the above, there are many other reasons why PDF is the industry standard in publishing (and, unlike Mac, it's a real standard. Once we weaned our designers off Apple and over to PC, they've been full of nothing but praise for the platform. Yep, that's right, we're a magazine publishing company that doesn't use Apple.)Despite your claims, HTML is never and will never be a means of displaying content the same way across multiple platforms. Heck, it wasn't even designed for that use in the first place. People try to make HTML-formatted content look exactly the same cross-platform, but when it changes layout at the even the slightest screen resolution change, it's a lost cause.
I read the Elcomsoft post to bugtraq this afternoon, and I agree Adobe's attempt to fix the problem was, at best, a poor effort. However, their failure to fix a flaw in their application does not mean that companies can up and switch to formats that not only do not do the same basic job PDF does (consistent display cross platform), but don't even claim to do so.
*Varibles such as colour saturation, monitor differences and even things as small as the level and angle of light being cast onto a monitor affect the display. However, this does not affect the printing process.
**Once again, you have variables that are almost uncontrollable such as types of ink, non-PDF fuckups at the printer's end, etc.
To wit;
- 1x IBM NetFinity 7000: 2x internal fans, 2x front bezel fans, 8x HDD rack fans, 2x PSU fans
- 1x IBM NetFinity 5000: 2x internal fans, 2x HDD fans, 1x PSU fan
- 1x F760 NetApp NAS: 2x PSU fans, 16x HDD fans
Add to that three more floor-mounted servers and my own workstation. I'm sure I've read somewhere that long-term exposure to noise levels such as this damages your hearing. Hence why I constantly play Nirvana and Keiko Matsui at a billion decibels.Sorry, the "*thousands of man hours*" comment should have been attached to bullet-point #1, not the PR point.
Website defacements cost companies real money. It may or may not be in the oft-quoted "millions" mark, but it is certainly a non-trivial figure.
For the benefit of those not in the SysAdmin/ITAdmin/Computer Security industries, I'll give you a quick rundown as to WHY they cost money.
Any form of system compromise is a major incident. Even compromises of Bastion hosts, which we expect to be compromised at some point, cost businesses money. Your opinion stems from ignorance of the issues involved and is exactly the sort of opinion most skiddiots have - although that doesn't make you one.
You're not after bridging mode, as the PIX wont do bridged. What you want are static routes pointing at the public IP of your machines. This, in conjunction with having your internal DNS point at the public IPs for the domains you're hosting instead of the internal ones, will ensure it all works.
1) This is not a law. Its a code of practice, and no-where in the article does it say whether said code is mandatory.
2) This code of practice applies ONLY to "carriers and service providers". So Shazza's Crikey Crocadile Shoe Shop isn't going to be affected in any way when they decide to send out 3 million SMS spams advertising their latest evening shoe.
3) At 30c/SMS, spammers are up for one hell of a phone bill after sending all that spam. Considering the success rates of Email spam and the cost of SMS, id say SMS spam for any type of business is a money losing proposition that all but the stupidest PHB could clearly see. And those PHB's will quickly learn when they pay 400,000 in SMS bills for 10,000 in generated sales.
4) Related to above. Because of the cost of SMS, the only entities that could really use SMS spam effectively are Telcos. Hence why this only applies to telcos. But of course, as I said earlier, there's no word on whether its mandatory or not. What ifyour new telco simply decides not to be a member?