Yup - wrong on the 'not available', right on the 'not encouraged'. Now, since we're on the subject of installs - the one flaw I've found in removal of RPM installed packages is the occasional config residue. I can live with that. Is there an equivalent in Windows (W2K and beyond) that is as thorough about (1) dependencies and (2) code removal including libraries? I find it occasionally a complete dog to get rid of things in W2K.
Although I agree to a point with your argument I would like to draw your attention to a rather crucial difference between use of Windows and Linux/Unix in general.
Windows does not have a facility to temporarily raise privilege level like what can be found in Linux ("su", for example), nor does the default installation support/encourage that model. The net consequence for a Windows user who occasionally installs software is that they're likely to run the system with Administrator privileges (that's the equivalent of root to those that have been lucky enough never to have been near a Windows box;-). In other words, malicious code will find a wide open barn door straight into the heart of the OS. Duh.
Compare that against Linux where distributions basically enforce the creation of a user account for normal use, in other words, lowered privilege during normal operation. That doesn't stop root level activities, but they require explicit permission first. It is considered good practice not to run any Unix box as root, and that alone will be quite a substantial barrier to deep level exposures (assuming the malware isn't exploiting an OS vulnerability to escalate its privilege level - that's a risk in itself).
If I compare the two approaches I favour the Unix one, because it encourages the user to be safe without making too much a point of it. It is unrealistic to expect the average end user to understand the depths of system security - that is our job. It would be a bit like expecting them to be a car mechanic before they're allowed to drive - that would be too high an expectation. Having a driving license (i.e. having had a degree of training) would be nice, though..
You're forgetting something: it's THAI Windows. In other words, even if you switch the language to English you'll find that the help file and menus are in Thai. And just to make it more exciting, the number of entries in the menu do NOT always match.
Been there (literally), done that. Much better idea to just kick the habit and install Linux;-).
It's not just the type of waves, it's also where they occur. A classic ADHD problem is the 'regulator' (the front part of the brain) almost going to sleep when it ought to be helping you decide what to do - as a result you're much more prone to follow impulse decisions instead of keeping to what you were planning to do. With EEG feedback you can 'exercise' that region in relation to others.
It's not for everyone, but in my (admittedly limited) experience compatibility shows fairly early in the process. My son was at the age of 4 almost instantly able to drive the pacman game for his particular treatment.
A little bit offbeat, if you want evidence of how much the brain resembles a muscle in needing training, try using a calculator for any addition, even below 100, for two weeks. You'll be amazed how hard it is afterwards not to grab for it for even the simplest addition.
As for medication, you could also look at Vaxa (www.vaxa.com), they do a natural treatment. It didn't work for me (and my son didn't like it) but they are genuine when they say you can try it for free. When we told them we found no benefit they simply refunded our costs - no arguments or anything. Recommended (and no, I have no shares in them - it's just rare to see a company do as it says;-).
When we perceived our son as 'different' in school the first reaction was that we were imagining it, but it gradually emerged that he indeed was different in his inability to sit still for less time than his peers, and the strange mix of total deep concentration on certain things like trains and his mentally wandering off when it wasn't interesting for him. In short, I recognised myself, but he's so borderline that it was difficult to get a formal diagnose (his age doesn't help). The good side of ADD is that he at one point got interested in writing and his focus assured he was writing words very soon (age 2.5), the downside is that it gets seriously in the way of social relations (which is the most important this early), and yes, it's certainly ADD (not too hard, I recognised myself here and apparently genetic influences play a big role here - as well as diet). In the absence of any help we had a look at neurofeedback, and it's made a world of difference as he's now able to sit still and focus longer on other things he needs to learn, and it was a relief when the brain map finally showed clear and concrete evidence of the things we were only suspecting. However, in the UK you have to be VERY careful as there are a number of 'practicioners' who just grab the technology and don't keep up with research and peer review. This means that they don't benefit from the latest knowledge and research and their treatment lacks oversight - pretty questionable IMO with a relatively new field and usually indicative of someone just after the money instead of trying to help people.
Neurofeedback has a couple of benefits over medication:
1) it is simply 'training' the brain - not modifying it 2) it is extremely targeted treatment 3) there appear to be few side effects
However, with ADD, neurofeedback alone is not enough - make sure the diet is as healthy as possible. Avoid sugars and artificial/refined foods (btw, "avoid" does not mean replace with equivalents as artificial sugars are IMO a danger in itself) and try to create a diet as balanced as possible. 'Healthy' also doesn't equate to 'diet' as children growing up need fat - just try to keep it to unsaturated fats;-). It's IMO absolutely criminal that school catering is sometimes actually full of this crap, and sugar is a staple components of 'treats' which result in an overactive child that ends up being punished for it. Duh. So our child has a packed lunch as his school supports both (it also makes it easier to cater for some allergies if your child has them)
Anyway, I digress. In summary, I believe ADD is helping our little boy and believe me, I've been nervously watching for signs of trouble. He's now very happy at his school (which was briefed on the issue) and doing well. What else could a caring parent wish for?
I submitted the same story - with the remark that said announcement (made by email to subscribers) hadn't made it to their website yet. Strange way of ending such an event though..
Having said that, it could be a bizarrely accurate spam as I didn't trace the mail back;-). =Ch=
There's a much better one: Smart ID makes one that is really accurate and (unlike the Kensington) rejects other sources like mobile phones. And they ship globally from Singapore AFAIK (well, it's always worth visiting Singapore - it's got Sim Lin Square, a sort of expensive version of Pan Tip Plaza in Bangkok;-).
The first spreadsheet was called SuperCalc or something (I could be wrong here, it's roughly two decades ago), and ran on an Apple II (OK, ][ to be pedantic;-). The Mac merely inherited the principles. And I'm not sure you'd call this CLI - it's a text interface but has more lines than the term CLI suggests (at least to me;-). As for GUI use - yes, we're wasting heaps of cycles on animated cursors, but even X is pretty hideous if an outfit like QNX can stick a windowed environment, a dialer or network stack and a browser on ONE floppy. I'm always amazed at MS Word disappearing off for seconds on a 2GHz processor. So I'm amazed pretty often;-).
If you want to do it right you'll always end up with a tiered model. Your basic stance should be not to trust anything or anybody, and open up from there (a bit like getting a mortgage;-). Second stance is to always try and have two layers of defence in place instead of one (i.e. defence in depth), like NAT + proxy, just an example. Third stance is to NEVER allow direct interaction with internal hosts. This means that inbound services (SMTP, hosting web pages) should be done from a separate interface 'between' the Net and your internal network, called Demilitarised Zone of DMZ (apologies if this is old news, just trying to keep it clear). That's IMO also where VPN users come in, they can be given proxied equivalents of internal services, that keeps a network clear from oinks that have just managed to fiddle their VPN so they end up as routers between the Net and the internal network (yes, I know your policies should prevent them doing this, but see second stance;-). Any supplier feeds come in on the same type of facility, you could even use a separate interface for it. And last but certainly not least, describe what you're actually trying to protect as that will give you some idea of the value loss if you end up with a breach, much easier to develop some defendable idea about budget requirements. For extra bonus points you can let senior management decide to put a value on those assets (i.e. give them enough rope;-).
But this is not where it ends, because you still haven't dealt with (a) inside abuse and (b) the possibility of failure. Good security design takes failure mode into account. Plan for when somehow your defenses are breached. Tripwire your firewalls and core systems and check them, lob the odd honeypot in the internal network which will give you early alerts that someone is scanning the place or a virus has entered (last year I caught one of them very early because of a rather suspicious Apache log) and make sure you have a patch strategy that has a short cycle time (depends on your risk tolerance, but especially your firewalls will need attention). Where possible, segregate the more critical facilities out so you can more accurately protect them (just consider your users hostile - don't answer the support phone for half a day if you want a more realistic version of that feeling;-). Oh, and think about what platform you run your security services on. I don't prefer a Unix over Windows because it's more or less safe (that's actually more complex than appears at first glance - donning asbestos jacket;-), I prefer Unix based facilities because I end up with less patching downtime as it rarely needs a complete restart. But that's just me. And READ those logs..
Okayyyy, let's look at this properly. You have data going in, data going out, and all of that over a series of devices (servers, gateways, firewalls, desktops, maybe tape streamers etc etc). All of this stuff has to be DRM enabled not to create a hole in this scheme. Am I the only one to spot a rather obvious problem here?
You are busy with sprinkling multiple single points of failure into the IT that has to support your business, and you don't have a way of disabling it for diagnostics if it dies for some reason (and it will, you're not exactly talking about mature technology here). Worse - someone else DOES have an on/off switch to your own Intellectual Property. So, the next time you have en equipment failure or the next time your accounts department forgets to pay MS protection money (just to give it a different name), imagine what's going to happen. Given that you have signed away all redress by accepting the usual shrinkwrap EULA you just *may* have a problem.
Try explaining that one to your shareholders. Oh, and try claiming that off your corporate insurance. You'll probably get a cheque: about $1 for the entertainment you've given them. You may, however, get taken to the cleaners for liabilities yourself (for example, if you happen to host data for other people). I can really see a bright new market emerging for China and Korea for non-DRM equipped kit. Once the consequences of DRM dawn on corporate America you won't be able to sell a DRM enabled piece of kit for more than scrap value, but as usual we will have to make the mistake first before we realise what mess we got ourselves into.
MS paying the fee *could* (I say could, it's just your average anti-MS conspiracy theory) be for either of both of the following reasons: (1) to establish some precedent and firm up the SCO suit's -rather thin- credibility and/or (2) as an, er, form of sponsorship to help along some rather beneficial document shredding (see http://www.theregister.co.uk/content/4/30821.html).
"Well, milord, as you can see from this evidence.." [MS lawyer] ".. what evidence? Without the physical presence, how are we to prove this image hasn't been tampered with?"
But Enronning that paperwork is probably entirely coincidental - it just happens to take place at roughly the same time...
The UnitedLinux product -- jointly designed and developed by SuSE Linux, Turbolinux, Conectiva and SCO -- will continue to be supported unconditionally by SuSE Linux. We will honor all UnitedLinux commitments to customers and partners, regardless of any actions that SCO may take or even allegations they may make.
SCO's actions are again indeed curious. We have asked SCO for clarification of their public statements, SCO has declined. We are not aware, nor has SCO made any attempt to make us aware, of any specific unauthorized code in any SuSE Linux product. As a matter of policy, we have diligent processes for ensuring that appropriate licensing arrangements (open source or otherwise) are in place for all code used in our products.
Yeah, yeah, full of it. I shudder to think what will happen if you fail to patch this baby in time. Things will hit the fan, er..
= C =
So you know the name of the first hack already ;-)
on
Sony Introduces Passage
·
· Score: 5, Funny
No prizes for guessing what the first hack of this standard is going to be called. Hint for those that haven't reached the required caffeine level yet: you're sitting on it. Duh;-).
The people that actually write the standards (like Dave Chadwick) appear to have given up on X500 as the trend is (VHS-like) towards LDAP. SO it's likely that LDAP will simply acquire the X500 attributes that made X500 so usable (but as always also too flexible to implement without having at least a clue about what you're doing). Give it time - or sponsor the guys that write the standards to do further work on it quicker;-).
Look at www.gmat.org, you can download a sample GMAT test which includes a tutorial to get you up to speed on the GMAT required maths (Windows only, sorry). It's a good start - and free...
I've built many lights with white LEDs (lots of light for a small form factor) but the thing that bugs me is that they cost an absolute fortune in comparison with red/green/yellow lights. Anyone any idea why?
Just to cover the 'who': I've used QinetiQ (www.qinetiq.com) IT Health Check a lot. These guys spend a lot of time researching.
However, know these two things, though:
1) a penetration test only proves that a certain (very skilled) group can't (or can) break in at a certain point in time. This doesn't account for smarter people and changes to your setup, and a PEN test is an expensive way to get a to-do list. Rather get some tools (and/or capable people) in first and set a baseline against which to improve. Then tackle what you've found, and PEN test after that to see if you got it right. Shadow the pen testers so you can jump on anything that comes up (especially if it's a fire;-) and you'll end up with a report that says 'issue found - fixed' instead of just a list of fires.
2) I'm going to shout now: ALL OF THIS IS COMPLETELY POINTLESS UNLESS YOU HAVE A DECENT SECURITY MANAGEMENT FRAMEWORK. In English: unless you have policies, standards and procedures in place you're only creating a secure snapshot. The next time a security vulnerability is found (and you don't have an update process) you're back to square one. And who says that your current systems aren't already trojaned to the hilt? Default build and change control etc etc.
I can go on, but there's a lot more to it than technology 'sniff and scratch' and not taking care of it means you're half wasting your time. Good luck. It's not the easiest thing to do, but it's not impossible either (I've done it many times 8-).
Just push it and it will... Er. Wait a minute. Dang, back to the drawing board.
Not a new idea: the UK already has it...
on
GOVNET In the Works
·
· Score: 1
It makes sense to create an Intranet. The UK Government already has such a setup, it is called GSI (Government Secure Intranet). Just makes you wonder why they haven't agreed to outlaw spam yet - any idea what will happen to the effectiveness if they get flooded with junk?
It still comes back to 'I need a separate server per smart customer'. Add the time to set it up/reconfigure (not all customers stay) to the fitting, powering, watering and feeding and you're looking at lots of labour - the most costly element. Better approaches are available. In an IBM S/390 it apparently takes about 9 seconds to create another virtual machine - and you can have around 40.000 systems running in one unit. All we need to see now is a smaller version of this (but a *bit* larger than what VMWare GSX offers;-) and all that kit will be redundant (or usable for games consoles;-).
The noise is generated by fans and drives. Fan noise can be reduced by getting a quieter model power supply like the "Enermax Whisper Quiet Dual Fan PSU" and a processor fan with a better design (see www.quietpc.com etc). Some mileage can be had by changing to watercooling, but that is quite a bit of work - depends if you overclock the CPU. The Molex cooler is quite good, and the Noise Control Silverado is quite impressive too but more difficult to get hold of outside the US.
Another approach is to swap fans for temperature controlled models, these spin at low speed (i.e. less noisy) until things heat up and more airflow is needed. They fail safe so when the sensor dies it just reverts to full blast mode. Last but not least the harddisk noise. A single harddisk can be fitted inside a cooling enclosure, but for more than one this becomes too costly (and large;-). You might want to build your own drive box with cooler - or host the data storage elsewhere and use a 100Mb network to carry data back and forth. If all of that fails, put the system in the adjacent room and drill a few holes for cables;-). Good luck!
You have to first define what you want to protect, and against who. That will determine what your MSP has to provide to make it work for you. An increasing trend for security sensitive companies is to use an MSP as a front-end to their own security - in effect a double shell with different parameters to breach. OTOH, if you're not that worried you could always start with enabling filtering and Network Address Translation (NAT) on your incoming router - which is a cheap way of securing your connection a little bit but gives you zero logging and audit capabilities. First decide what you really want...
Slashdot Mirror
Because it'll pick up so many swearwords that normally never quite make it into an open plan office that it'll be next to useless ;-)
Yup - wrong on the 'not available', right on the 'not encouraged'. Now, since we're on the subject of installs - the one flaw I've found in removal of RPM installed packages is the occasional config residue. I can live with that. Is there an equivalent in Windows (W2K and beyond) that is as thorough about (1) dependencies and (2) code removal including libraries? I find it occasionally a complete dog to get rid of things in W2K.
Although I agree to a point with your argument I would like to draw your attention to a rather crucial difference between use of Windows and Linux/Unix in general.
;-). In other words, malicious code will find a wide open barn door straight into the heart of the OS. Duh.
Windows does not have a facility to temporarily raise privilege level like what can be found in Linux ("su", for example), nor does the default installation support/encourage that model. The net consequence for a Windows user who occasionally installs software is that they're likely to run the system with Administrator privileges (that's the equivalent of root to those that have been lucky enough never to have been near a Windows box
Compare that against Linux where distributions basically enforce the creation of a user account for normal use, in other words, lowered privilege during normal operation. That doesn't stop root level activities, but they require explicit permission first. It is considered good practice not to run any Unix box as root, and that alone will be quite a substantial barrier to deep level exposures (assuming the malware isn't exploiting an OS vulnerability to escalate its privilege level - that's a risk in itself).
If I compare the two approaches I favour the Unix one, because it encourages the user to be safe without making too much a point of it. It is unrealistic to expect the average end user to understand the depths of system security - that is our job. It would be a bit like expecting them to be a car mechanic before they're allowed to drive - that would be too high an expectation. Having a driving license (i.e. having had a degree of training) would be nice, though..
You're forgetting something: it's THAI Windows. In other words, even if you switch the language to English you'll find that the help file and menus are in Thai. And just to make it more exciting, the number of entries in the menu do NOT always match.
;-).
Been there (literally), done that. Much better idea to just kick the habit and install Linux
Windows: because other lemmings use it..
Actually, maybe they already exist. Which could explain SCO: obviously a software bug. That's what you get when you illegally relicense GPL code ;-)
;-)]
[Notice for lawyers: if you can't recognise sarcasm, satire and irony, get an upgrade. Or switch to Linux
It's not just the type of waves, it's also where they occur. A classic ADHD problem is the 'regulator' (the front part of the brain) almost going to sleep when it ought to be helping you decide what to do - as a result you're much more prone to follow impulse decisions instead of keeping to what you were planning to do. With EEG feedback you can 'exercise' that region in relation to others.
;-).
It's not for everyone, but in my (admittedly limited) experience compatibility shows fairly early in the process. My son was at the age of 4 almost instantly able to drive the pacman game for his particular treatment.
A little bit offbeat, if you want evidence of how much the brain resembles a muscle in needing training, try using a calculator for any addition, even below 100, for two weeks. You'll be amazed how hard it is afterwards not to grab for it for even the simplest addition.
As for medication, you could also look at Vaxa (www.vaxa.com), they do a natural treatment. It didn't work for me (and my son didn't like it) but they are genuine when they say you can try it for free. When we told them we found no benefit they simply refunded our costs - no arguments or anything. Recommended (and no, I have no shares in them - it's just rare to see a company do as it says
When we perceived our son as 'different' in school the first reaction was that we were imagining it, but it gradually emerged that he indeed was different in his inability to sit still for less time than his peers, and the strange mix of total deep concentration on certain things like trains and his mentally wandering off when it wasn't interesting for him. In short, I recognised myself, but he's so borderline that it was difficult to get a formal diagnose (his age doesn't help). The good side of ADD is that he at one point got interested in writing and his focus assured he was writing words very soon (age 2.5), the downside is that it gets seriously in the way of social relations (which is the most important this early), and yes, it's certainly ADD (not too hard, I recognised myself here and apparently genetic influences play a big role here - as well as diet).
;-). It's IMO absolutely criminal that school catering is sometimes actually full of this crap, and sugar is a staple components of 'treats' which result in an overactive child that ends up being punished for it. Duh. So our child has a packed lunch as his school supports both (it also makes it easier to cater for some allergies if your child has them)
In the absence of any help we had a look at neurofeedback, and it's made a world of difference as he's now able to sit still and focus longer on other things he needs to learn, and it was a relief when the brain map finally showed clear and concrete evidence of the things we were only suspecting. However, in the UK you have to be VERY careful as there are a number of 'practicioners' who just grab the technology and don't keep up with research and peer review. This means that they don't benefit from the latest knowledge and research and their treatment lacks oversight - pretty questionable IMO with a relatively new field and usually indicative of someone just after the money instead of trying to help people.
Neurofeedback has a couple of benefits over medication:
1) it is simply 'training' the brain - not modifying it
2) it is extremely targeted treatment
3) there appear to be few side effects
However, with ADD, neurofeedback alone is not enough - make sure the diet is as healthy as possible. Avoid sugars and artificial/refined foods (btw, "avoid" does not mean replace with equivalents as artificial sugars are IMO a danger in itself) and try to create a diet as balanced as possible. 'Healthy' also doesn't equate to 'diet' as children growing up need fat - just try to keep it to unsaturated fats
Anyway, I digress. In summary, I believe ADD is helping our little boy and believe me, I've been nervously watching for signs of trouble. He's now very happy at his school (which was briefed on the issue) and doing well. What else could a caring parent wish for?
Good luck, and let me know how you get on!
I submitted the same story - with the remark that said announcement (made by email to subscribers) hadn't made it to their website yet. Strange way of ending such an event though..
;-). =Ch=
Having said that, it could be a bizarrely accurate spam as I didn't trace the mail back
There's a much better one: Smart ID makes one that is really accurate and (unlike the Kensington) rejects other sources like mobile phones. And they ship globally from Singapore AFAIK (well, it's always worth visiting Singapore - it's got Sim Lin Square, a sort of expensive version of Pan Tip Plaza in Bangkok ;-).
The first spreadsheet was called SuperCalc or something (I could be wrong here, it's roughly two decades ago), and ran on an Apple II (OK, ][ to be pedantic ;-). The Mac merely inherited the principles. And I'm not sure you'd call this CLI - it's a text interface but has more lines than the term CLI suggests (at least to me ;-). ;-).
As for GUI use - yes, we're wasting heaps of cycles on animated cursors, but even X is pretty hideous if an outfit like QNX can stick a windowed environment, a dialer or network stack and a browser on ONE floppy. I'm always amazed at MS Word disappearing off for seconds on a 2GHz processor. So I'm amazed pretty often
=C=
If you want to do it right you'll always end up with a tiered model. Your basic stance should be not to trust anything or anybody, and open up from there (a bit like getting a mortgage ;-). Second stance is to always try and have two layers of defence in place instead of one (i.e. defence in depth), like NAT + proxy, just an example. Third stance is to NEVER allow direct interaction with internal hosts. This means that inbound services (SMTP, hosting web pages) should be done from a separate interface 'between' the Net and your internal network, called Demilitarised Zone of DMZ (apologies if this is old news, just trying to keep it clear). That's IMO also where VPN users come in, they can be given proxied equivalents of internal services, that keeps a network clear from oinks that have just managed to fiddle their VPN so they end up as routers between the Net and the internal network (yes, I know your policies should prevent them doing this, but see second stance ;-). Any supplier feeds come in on the same type of facility, you could even use a separate interface for it. And last but certainly not least, describe what you're actually trying to protect as that will give you some idea of the value loss if you end up with a breach, much easier to develop some defendable idea about budget requirements. For extra bonus points you can let senior management decide to put a value on those assets (i.e. give them enough rope ;-).
;-). ;-), I prefer Unix based facilities because I end up with less patching downtime as it rarely needs a complete restart. But that's just me. And READ those logs..
But this is not where it ends, because you still haven't dealt with (a) inside abuse and (b) the possibility of failure. Good security design takes failure mode into account. Plan for when somehow your defenses are breached. Tripwire your firewalls and core systems and check them, lob the odd honeypot in the internal network which will give you early alerts that someone is scanning the place or a virus has entered (last year I caught one of them very early because of a rather suspicious Apache log) and make sure you have a patch strategy that has a short cycle time (depends on your risk tolerance, but especially your firewalls will need attention). Where possible, segregate the more critical facilities out so you can more accurately protect them (just consider your users hostile - don't answer the support phone for half a day if you want a more realistic version of that feeling
Oh, and think about what platform you run your security services on. I don't prefer a Unix over Windows because it's more or less safe (that's actually more complex than appears at first glance - donning asbestos jacket
Hope this helps. =C=
Okayyyy, let's look at this properly. You have data going in, data going out, and all of that over a series of devices (servers, gateways, firewalls, desktops, maybe tape streamers etc etc). All of this stuff has to be DRM enabled not to create a hole in this scheme. Am I the only one to spot a rather obvious problem here?
You are busy with sprinkling multiple single points of failure into the IT that has to support your business, and you don't have a way of disabling it for diagnostics if it dies for some reason (and it will, you're not exactly talking about mature technology here). Worse - someone else DOES have an on/off switch to your own Intellectual Property. So, the next time you have en equipment failure or the next time your accounts department forgets to pay MS protection money (just to give it a different name), imagine what's going to happen. Given that you have signed away all redress by accepting the usual shrinkwrap EULA you just *may* have a problem.
Try explaining that one to your shareholders. Oh, and try claiming that off your corporate insurance. You'll probably get a cheque: about $1 for the entertainment you've given them. You may, however, get taken to the cleaners for liabilities yourself (for example, if you happen to host data for other people). I can really see a bright new market emerging for China and Korea for non-DRM equipped kit. Once the consequences of DRM dawn on corporate America you won't be able to sell a DRM enabled piece of kit for more than scrap value, but as usual we will have to make the mistake first before we realise what mess we got ourselves into.
MS paying the fee *could* (I say could, it's just your average anti-MS conspiracy theory) be for either of both of the following reasons:) .
.."
(1) to establish some precedent and firm up the SCO suit's -rather thin- credibility and/or
(2) as an, er, form of sponsorship to help along some rather beneficial document shredding (see http://www.theregister.co.uk/content/4/30821.html
"Well, milord, as you can see from this evidence
[MS lawyer] ".. what evidence? Without the physical presence, how are we to prove this image hasn't been tampered with?"
But Enronning that paperwork is probably entirely coincidental - it just happens to take place at roughly the same time...
SuSE responds to latest SCO actions
s /archive03/sco_statement.html
The UnitedLinux product -- jointly designed and developed by SuSE Linux, Turbolinux, Conectiva and SCO -- will continue to be supported unconditionally by SuSE Linux. We will honor all UnitedLinux commitments to customers and partners, regardless of any actions that SCO may take or even allegations they may make.
SCO's actions are again indeed curious. We have asked SCO for clarification of their public statements, SCO has declined. We are not aware, nor has SCO made any attempt to make us aware, of any specific unauthorized code in any SuSE Linux product. As a matter of policy, we have diligent processes for ensuring that appropriate licensing arrangements (open source or otherwise) are in place for all code used in our products.
http://www.suse.de/en/company/press/press_release
.. dumping core ;-)
Yeah, yeah, full of it. I shudder to think what will happen if you fail to patch this baby in time. Things will hit the fan, er..
= C =
No prizes for guessing what the first hack of this standard is going to be called. Hint for those that haven't reached the required caffeine level yet: you're sitting on it. Duh ;-).
[Ch]
The people that actually write the standards (like Dave Chadwick) appear to have given up on X500 as the trend is (VHS-like) towards LDAP. SO it's likely that LDAP will simply acquire the X500 attributes that made X500 so usable (but as always also too flexible to implement without having at least a clue about what you're doing). Give it time - or sponsor the guys that write the standards to do further work on it quicker ;-).
Look at www.gmat.org, you can download a sample GMAT test which includes a tutorial to get you up to speed on the GMAT required maths (Windows only, sorry). It's a good start - and free...
I've built many lights with white LEDs (lots of light for a small form factor) but the thing that bugs me is that they cost an absolute fortune in comparison with red/green/yellow lights. Anyone any idea why?
Just to cover the 'who': I've used QinetiQ (www.qinetiq.com) IT Health Check a lot. These guys spend a lot of time researching.
;-) and you'll end up with a report that says 'issue found - fixed' instead of just a list of fires.
However, know these two things, though:
1) a penetration test only proves that a certain (very skilled) group can't (or can) break in at a certain point in time. This doesn't account for smarter people and changes to your setup, and a PEN test is an expensive way to get a to-do list. Rather get some tools (and/or capable people) in first and set a baseline against which to improve. Then tackle what you've found, and PEN test after that to see if you got it right. Shadow the pen testers so you can jump on anything that comes up (especially if it's a fire
2) I'm going to shout now: ALL OF THIS IS COMPLETELY POINTLESS UNLESS YOU HAVE A DECENT SECURITY MANAGEMENT FRAMEWORK . In English: unless you have policies, standards and procedures in place you're only creating a secure snapshot. The next time a security vulnerability is found (and you don't have an update process) you're back to square one. And who says that your current systems aren't already trojaned to the hilt? Default build and change control etc etc.
I can go on, but there's a lot more to it than technology 'sniff and scratch' and not taking care of it means you're half wasting your time.
Good luck. It's not the easiest thing to do, but it's not impossible either (I've done it many times 8-).
Just push it and it will... Er. Wait a minute. Dang, back to the drawing board.
It makes sense to create an Intranet. The UK Government already has such a setup, it is called GSI (Government Secure Intranet). Just makes you wonder why they haven't agreed to outlaw spam yet - any idea what will happen to the effectiveness if they get flooded with junk?
It still comes back to 'I need a separate server per smart customer'. Add the time to set it up/reconfigure (not all customers stay) to the fitting, powering, watering and feeding and you're looking at lots of labour - the most costly element. Better approaches are available. In an IBM S/390 it apparently takes about 9 seconds to create another virtual machine - and you can have around 40.000 systems running in one unit. All we need to see now is a smaller version of this (but a *bit* larger than what VMWare GSX offers ;-) and all that kit will be redundant (or usable for games consoles ;-).
The noise is generated by fans and drives. Fan noise can be reduced by getting a quieter model power supply like the "Enermax Whisper Quiet Dual Fan PSU" and a processor fan with a better design (see www.quietpc.com etc). Some mileage can be had by changing to watercooling, but that is quite a bit of work - depends if you overclock the CPU. The Molex cooler is quite good, and the Noise Control Silverado is quite impressive too but more difficult to get hold of outside the US. Another approach is to swap fans for temperature controlled models, these spin at low speed (i.e. less noisy) until things heat up and more airflow is needed. They fail safe so when the sensor dies it just reverts to full blast mode. Last but not least the harddisk noise. A single harddisk can be fitted inside a cooling enclosure, but for more than one this becomes too costly (and large ;-). You might want to build your own drive box with cooler - or host the data storage elsewhere and use a 100Mb network to carry data back and forth. If all of that fails, put the system in the adjacent room and drill a few holes for cables ;-). Good luck!
You have to first define what you want to protect, and against who. That will determine what your MSP has to provide to make it work for you. An increasing trend for security sensitive companies is to use an MSP as a front-end to their own security - in effect a double shell with different parameters to breach. OTOH, if you're not that worried you could always start with enabling filtering and Network Address Translation (NAT) on your incoming router - which is a cheap way of securing your connection a little bit but gives you zero logging and audit capabilities. First decide what you really want ...