Assuming you are in the US, you might visit your local Armed Forces Recruiter. I went to college on a full Army ROTC ride to the tune of around $125k, and had a nicely paying job upon graduation.
A couple of things to remember:
READ the contract, including the fine print, and pay particular attention to escape clauses with words like "needs of the service".
Talk to ALL of the recruiters from each service. They have different quotas at different times.
It's definitely closer than this would have you believe....
IEEE 802.11 is working on this NOW. The Task Group is called WAVE (Wireless Access in Vehicular Environment), and the next meeting is at the IEEE 802.11 Interim Meeting in Vancouver in January. IEEE Meetings are open to all, BTW. Just pay your registration fee, show up and participate.
This makes sense when you think about it. Last time I checked, Google operated a linux clustered array of thousands of machines, thus automagically making them and any other large linux cluster operator a HUGE violator of SCO's alleged IP.
Interesting milestone number one will be when some of the other operators of large linux clusters (like, say Nvidia, the various National Labs and other arms of the US Government like the NIH and NASA, and lots of other Public and Private entities) realize this is going on and that they are logical targets.
Interesting milestone number two will occur when a group of these folks with Something to Lose(tm) grow a collective set, band together and class-action SCO into non-existance.
BTW, who is forming the class of individual linux users threatened en masse by SCO? Where do I and others sign up?
Dan Geer was one of the few, if not the only, old school information security professional at @Stake. This canning, apparently for calling a spade a spade, combined with persistent rumours of mental health issues with one of their other prominent principals make me wonder if they are gonna circle the bowl to the left or to the right as they go down the hole.....
Go HERE and look around, specifically under Bargain Bin. At one point, they had a metric buttload of SGI international and domestic (US) USB keyboards cheep..... Slimmer pickins now, but you should still be able to scratch your itch.
"In response to their legal targeting of individual file-swappers, access from their known networks to this site has now been blocked. While it may still be possible for them to access Techfocus via address ranges which we're not aware of, they'll otherwise have to use non-RIAA and non-MPAA networks to view the site."
So, this site's admin has put in place a technical measure to prevent or limit certain persons from accessing his site. Wouldn't attempts by those persons to circumvent that access control technology constitute a violation of the DMCA?
Where's the FBI and a Federal Prosecutor when you need one?
DA Form 6 form does not answer his question on HOW to allocate the schedule.
Correct, but not very helpful.....
How much you think a pad of those costs?
Nothing. ALL Army forms are available in PDF format. The advantage of a piece of paper is that you don't need a computer to operate it. This comes in handy in places like foxholes, which typically lack electricity.
FWIW, AR 220-45 tells you HOW to use the form. This took me, oh, 10 seconds to locate via google. FWIW, here's a PDF copy of the reg. Of course, I'm not a cynic who condemns all things military because they are military. Oh, and I guess I should say that I'm a Major in the Army and have used the DA 6 for most of my adult life to do things like this.
A little more searching will probably turn up either a standalone program implementing the duty roster, or a spreadsheet. The paper forms become tedious to maintain for large groups of people, or when maintaining a separate rotation for weekdays and holidays/weekends (which is common), but are VERY fair in allocating duties. More importantly, they are AUDITABLE, so anyone can look at the roster form and determine that the duties are being assigned fairly.
Trucks idle overnight rather than shutdown/restart to decrease engine wear. The engine is the single most expensive component, and actually wears very little when running, particularly when under a light load (idle) because of the circulation of lubricant under pressure. At startup, there is typically metal-on-metal contact inside the engine until the oil pressure comes up. Supplying power and heat for the occupant is secondary.
Truckstops already are very communications friendly places, and always have been. The long-haul trucking community has been a heavy user of the available technology as it advanced, and truckstops have advanced from providing banks of pay phones to more modern technologies for their use, just as airports have for the use of business travelers. It is not unusual today to see telephones with dataports, and increasingly net jacks in individual booths in truckstop restaurants. The drivers bring their notebooks, jack in and call home, either to their SO or to the company.
Flying-J, a national chain of truckstops, is deploying wi-fi hotspots in parking areas nationwide, and offering suprisingly affordable subscription rates. This means drivers can get access from the computers in their sleepers, and not have to bring them into the terminal.
This community of PAYING users probably stands a greater chance of advancing the widespread deployment of public access hotspots than any other. They actually NEED the access it provides, and are willing to pay for it.
They publish application specific example exploitation code.
In my experience, this means that actual attack code will be circulating in short order. The race to implement in N-1 lines of PERL will begin shortly thereafter
I made no mention whatsoever of any a priori or any other constraints on these folks right to publish the results of their research. I object to their timing, that is, to the fact that they apparently chose to make their research public before they informed the vendor community and get fixes in place.
I read it, a couple of days ago. I work for a security company and we track this schtuff.
There are LOTs of problems that are widespread and need to be fixed. Telling the world BEFORE you give folks with software in the field a CHANCE to effect a repair does NOT make things better.
Given that this is a class of attacks, not a specific attack. How does one inform all of the maintainers of every possible vulnerable application, without it becoming known everywhere? The site discusses a half dozen different applications, by dozens of authors.
Easy, The CERT Coordination Center. This is exactly why they exist. Yes, (and I know from prior experience), the are a PAIN to deal with, and they WILL take longer than seems reasonable to coordinate disclosure and release, but they WILL do it an a responsible manner.
These dipshits (yes, I said dipshits) publishing a paper like this without taking positive steps to make sure that maintainers of vulnerable packages were aware of the issues and had the chance to implement and publish fixes, and most importantly, get them deployed into the field, prior to publication
OR
Some random Slashdot Editor posting links to it, thereby calling the attention of the whole damn world to the fact that this class of vulnerability exists, apparently without fixes.
Yes, I know, "Security through Obscurity is no Security at All." On the other hand, in a multi-layered security environment (think defense in depth), obscurity, or secrecy IS a valid (albeit thin) layer. This just eliminated that layer.
Thanks, dipshits, and Slashdot, for making the world a WORSE place.
Pass on this one.... Mitnick doesn't know crap that's relevant, except possibly something about social engineering (a timeless trade, the con man), and being a prison bitch (one thing he probably IS up to date on).
I personally don't want to acquire either skillset, not sure about you.
Additionally, based on hearing him speak, I doubt he can write intelligibly. Stick with a proven author.
Besides, if you buy his book, that means he soc'd YOU.
I know for a fact that drivers for these cards DO exist within Broadcom. I participate in the 802.11 committee, and have sat next to a Broadcom employee running linux on "unsupported" broadcom hardware. These drivers are NOT likely to be released by Broadcom. Same goes for some other chipset vendors BTW.
Consensus seems to be that if enough (potential) customers ask the product vendors (in your example, that would be Linksys, NOT Broadcom), they will produce and release drivers for linux, as Linksys has done in the past.
Note that there will probably NEVER be totally open source drivers for these. As software controlled radios, there are FCC issues. I don't pretend to understand all the issues, or agree, but I have been told essentially the same thing by several different engineers working for at least three companies.
I also don't give a rats ass if released drivers contain a closed binary only module for the software radio functions. I just want to be able to use the hardware.
A related question: is anyone working on implementing the 802.1x supplicant code which will be required to support operations using TKIP and/or CCMP, the new ciphers specified in the 802.11i DRAFT? Microsoft has devoted major resources to this, and has promised support for XP and I believe 2000. 802.1x is used for key management and distributed authentication, BTW.
You've apparently never asked Theo about this. I have several times, going back years ago, and his reply has always been either "nobody wants it", or "SMP machines are too expensive and nobody has them". And OBTW, he wasn't interested in loaner or donated hardware to do the work on.
Does anyone remember when Windows NT achieved C2 certification? It was:
An older version (3.5 or 3.51)
Without removable media (floppy or CDROM)
Without a network connection
Bound to the specific PC it was tested on
Of no real use to real users
This certification isn't much different, in that is has no real meaning or value to end users. All it does is allow M$ to sell into markets, primarily government, where CC certification is a requirement.
If a vulnerability is discovered in this certified version, there is nothing which forces M$ to make a correction. Further, if M$ issues Patches, HotFixes, Services Packs or whatever subsequent to this evaluation, they will NOT be certified, or even examined.
Marcus Ranum (father of the Internet Firewall, speaking on CC evaluation of Firewalls) said it best:
I once thought about trying to get a 10baseT hub ITSEC evaluated as a firewall (albeit a very permissive one) but the mountains of paperwork and the huge amount of time and money necessary are daunting.
I'm sure that many on this list will be shocked to hear me say this, but the ICSA firewall product certification is orders of magnitude more valuable to real customers than ITSEC evaluation.
Slashdot Mirror
A couple of things to remember:
IEEE 802.11 is working on this NOW. The Task Group is called WAVE (Wireless Access in Vehicular Environment), and the next meeting is at the IEEE 802.11 Interim Meeting in Vancouver in January. IEEE Meetings are open to all, BTW. Just pay your registration fee, show up and participate.
Interesting milestone number one will be when some of the other operators of large linux clusters (like, say Nvidia, the various National Labs and other arms of the US Government like the NIH and NASA, and lots of other Public and Private entities) realize this is going on and that they are logical targets.
Interesting milestone number two will occur when a group of these folks with Something to Lose(tm) grow a collective set, band together and class-action SCO into non-existance.
BTW, who is forming the class of individual linux users threatened en masse by SCO? Where do I and others sign up?
Almost every state in the US recognizes this concept in one form or another.There is a concept known as "at-will employment", which basically states
ObDisclaimer: IITGNAL (I Am, Thank Gawd, Not A Lawyer), this does not constitute legal advice, yada-yada-yada....
ObLinkage: Google is your friend.
Dan Geer was one of the few, if not the only, old school information security professional at @Stake. This canning, apparently for calling a spade a spade, combined with persistent rumours of mental health issues with one of their other prominent principals make me wonder if they are gonna circle the bowl to the left or to the right as they go down the hole.....
Or the penis size of a TROLL.
I personally feel a great deal of mental anguish, and the need to collect some compensation...
Now where's a rabid lawyer when you really need one?
Go HERE and look around, specifically under Bargain Bin. At one point, they had a metric buttload of SGI international and domestic (US) USB keyboards cheep..... Slimmer pickins now, but you should still be able to scratch your itch.
The Archos Jukebox Recorder 20 just kicks iPod (and all others) Ass. Lessee:
So, this site's admin has put in place a technical measure to prevent or limit certain persons from accessing his site. Wouldn't attempts by those persons to circumvent that access control technology constitute a violation of the DMCA?
Where's the FBI and a Federal Prosecutor when you need one?
DA Form 6 form does not answer his question on HOW to allocate the schedule.
Correct, but not very helpful.....
How much you think a pad of those costs?
Nothing. ALL Army forms are available in PDF format. The advantage of a piece of paper is that you don't need a computer to operate it. This comes in handy in places like foxholes, which typically lack electricity.
FWIW, AR 220-45 tells you HOW to use the form. This took me, oh, 10 seconds to locate via google. FWIW, here's a PDF copy of the reg. Of course, I'm not a cynic who condemns all things military because they are military. Oh, and I guess I should say that I'm a Major in the Army and have used the DA 6 for most of my adult life to do things like this.
A little more searching will probably turn up either a standalone program implementing the duty roster, or a spreadsheet. The paper forms become tedious to maintain for large groups of people, or when maintaining a separate rotation for weekdays and holidays/weekends (which is common), but are VERY fair in allocating duties. More importantly, they are AUDITABLE, so anyone can look at the roster form and determine that the duties are being assigned fairly.
This community of PAYING users probably stands a greater chance of advancing the widespread deployment of public access hotspots than any other. They actually NEED the access it provides, and are willing to pay for it.
In my experience, this means that actual attack code will be circulating in short order. The race to implement in N-1 lines of PERL will begin shortly thereafter
I made no mention whatsoever of any a priori or any other constraints on these folks right to publish the results of their research. I object to their timing, that is, to the fact that they apparently chose to make their research public before they informed the vendor community and get fixes in place.
I call this irresponsible.
There are LOTs of problems that are widespread and need to be fixed. Telling the world BEFORE you give folks with software in the field a CHANCE to effect a repair does NOT make things better.
Easy, The CERT Coordination Center. This is exactly why they exist. Yes, (and I know from prior experience), the are a PAIN to deal with, and they WILL take longer than seems reasonable to coordinate disclosure and release, but they WILL do it an a responsible manner.
OR
Some random Slashdot Editor posting links to it, thereby calling the attention of the whole damn world to the fact that this class of vulnerability exists, apparently without fixes.
Yes, I know, "Security through Obscurity is no Security at All." On the other hand, in a multi-layered security environment (think defense in depth), obscurity, or secrecy IS a valid (albeit thin) layer. This just eliminated that layer.
Thanks, dipshits, and Slashdot, for making the world a WORSE place.
I personally don't want to acquire either skillset, not sure about you.
Additionally, based on hearing him speak, I doubt he can write intelligibly. Stick with a proven author.
Besides, if you buy his book, that means he soc'd YOU.
Most admins with any security background know that the right answer is DEFAULT DENY.
When is the mainsteam going to wake up?
I know for a fact that drivers for these cards DO exist within Broadcom. I participate in the 802.11 committee, and have sat next to a Broadcom employee running linux on "unsupported" broadcom hardware. These drivers are NOT likely to be released by Broadcom. Same goes for some other chipset vendors BTW.
Consensus seems to be that if enough (potential) customers ask the product vendors (in your example, that would be Linksys, NOT Broadcom), they will produce and release drivers for linux, as Linksys has done in the past.
Note that there will probably NEVER be totally open source drivers for these. As software controlled radios, there are FCC issues. I don't pretend to understand all the issues, or agree, but I have been told essentially the same thing by several different engineers working for at least three companies.
I also don't give a rats ass if released drivers contain a closed binary only module for the software radio functions. I just want to be able to use the hardware.
A related question: is anyone working on implementing the 802.1x supplicant code which will be required to support operations using TKIP and/or CCMP, the new ciphers specified in the 802.11i DRAFT? Microsoft has devoted major resources to this, and has promised support for XP and I believe 2000. 802.1x is used for key management and distributed authentication, BTW.
Relevant standards schtuff is here
Note to Slashdot Editors: Bite me. I asked virtually the same question on the 4th of February and you rejected it.
NOTHING stanks like RMS. I ran into him again at COMDEX and you could smell his nasty a$$ two aisles over.
AFAIK, there is nothing in the GLP or LGPL prohibiting the use of SOAP. Somebody needs to clue him in on this little fact.
You've apparently never asked Theo about this. I have several times, going back years ago, and his reply has always been either "nobody wants it", or "SMP machines are too expensive and nobody has them". And OBTW, he wasn't interested in loaner or donated hardware to do the work on.
I guess somebody cares now....
This certification isn't much different, in that is has no real meaning or value to end users. All it does is allow M$ to sell into markets, primarily government, where CC certification is a requirement.
If a vulnerability is discovered in this certified version, there is nothing which forces M$ to make a correction. Further, if M$ issues Patches, HotFixes, Services Packs or whatever subsequent to this evaluation, they will NOT be certified, or even examined.
Marcus' Full QuoteMarcus Ranum (father of the Internet Firewall, speaking on CC evaluation of Firewalls) said it best:
Correct, EVERYONE didn't. ENOUGH did, i.e. Critical Mass.
Those of us old enough to have had a drivers license for a while remember when the speed limit in the US was 55 MPH.
It isn't anymore.
Ask yourself why.
The Cringe is right in this case.
No FSCKing way....
Recommendation: Limp along
In a few years, when (if) HDTV is a commodity, the tubes will be (a commodity) as well, with commensurate, commodity level, pricing.
Bide your time...