Um, That doesn't really solve the problem. If I want to snarf people at a starbucks, I'm going to get on their public network, encrypted or not, and snarf that data the same as I always have. This doesn't solve anything other than authenticating that I'm actually connecting to starbucks and not my evil network with transparent proxy.
A better solution is to enable wireless isolation so that your wifi behaves more like a switch and is not as easily sniffable. DD-WRT, for example, provides this option.
I like that my ubuntu laptop "just works" for the most part. I dislike that for things that aren't quite the way I want them, it is becoming more impossible to fix or change them.
KDE is a great example. Years ago, I liked their initial efforts of borrowing from the best UI elements that worked in other environments (OS/2's WPS, for example). Now they simply chase Microsoft. Gnome is guilty of this too. I love the concept of drag/dropping colors/patterns to nautilus to change it's appearance. Why isn't this used throughout? Why is it constrained to only the background? Why is it applied globally, and not available per object? WHy doesn't nautilus maintain the size of windows for different folders?
Windows is not a great interface. There are many things that Linux UIs do, and have done, better. Unfortunately, those good things seem to be going away as everybody seeks to mimic windows rather than stick to the better way of doing things, or come up with better ways of doing things. All in the name of "making it easy for windows users to transition". That should not be our goal. Our goal should be an elegant, intuitive, and customizable UI.
This is why I never bothered learning anything new. I dabbled with c, c++, and java, but as a sysadmin, perl and shell do the job. And perl does an excellent job at web frameworks, so I never bothered learning PHP, ASP, etc. It's a shame. I remember when perl was used for everything. And now they've just created new languages to do the same thing, only without the power of cpan. Don't get me started on friggin' ruby.
Then make it as convenient as the illegal stuff. No DRM, for starters. Here's a neat solution: Run your own tracker with client side certificates for people who have paid for a subscription.
Android may be open source, and WebOS closed, but WebOS remains the most open phone platform in existence. You can remove the bloatware apps pretty easily, or if you prefer, just hide them by changing a simple text file.
Changing passwords frequently, as somebody writes below, leads to patterns, sticky notes on monitors, passwords kept in notepad files, etc. IOW, it MAKES THINGS LESS SECURE.
It is the most ridiculous policy I've seen in this field.
A better policy is:
1) force strong passwords 2) audit against week passwords using cracking tools 3) force a change of passwords when an incident occurs, or a person with a shared (ie: admin, root, database, etc) access leaves the company.
Forcing constant changes does not make you more secure if the password is strong to begin with and good policies around sharing and disclosing that password are followed (and they are more likely to be followed if you aren't forcing users to change the damned thing every month). Users will also be able to REMEMBER their STRONG password. Imagine that!
The government's role should be to simply provide the data and perhaps some APIs to get to it. Let others write tools to access it. The tools that there is demand for will be written, and citizens can write their own tools just like any big company could then.
My position on full background-execution multitasking remains unchanged from the first time I tried a Windows Mobile phone after being a Palm user for years. With a small device like a phone, it's just too easy for a user to rack up this huge array of crap running in the background without realizing it. And that, potentially, has a greater impact on your productivity since it will gobble up the power in your battery. With a PC, you've got a task bar or a dock to see what you've got running. In addition, there's a one-click way of shutting off the app. Whenever a Windows Mobile user would have me look at their phone to fix it, I'd find that they had a half-dozen things still running: control panel, mail, notepad, contacts... all of these things were things where they had finished their work with those apps, but they either didn't realize that they had to close the apps or they were too lazy to press "Menu->File->Quit". Instead, they just went back to the home screen and started the next app they wanted.
You just haven't used it on a phone that handles it elegantly. And as a former Palm user, you owe it to yourself to give a Pre runnning WebOS a try. Seriously. It's on 3 of the 4 major carriers. There's no excuse.
get a palm pre (get one used now, there is new hardware on its way). WebOS == most open platform out there with a strong homebrew community and support from Palm themselves.
Those of us in Security don't like it much either. What people do with the connections we give them, if it violates policy, is a management issue.
I have no problem doing a specific monitoring for someone suspected of violating policy, but to put global filters and monitoring on our entire infrastructure is a waste of time, money, and resources.
Spamhaus is VERY EASY to get off of. If you really aren't a spammer, a simple form, and voila! You're off!!
This is the reason that I use them, and my mail bounce kindly directs the sender to that form. This is the reason that Spamhaus is the only RBL that I use, because it is so easy to get off of if you are legitimate.
I kindof like just using tools that actually don't let it happen in the first place. Embedded perl, for example. You have to really go out of your way to write insecure code with that particular tool.
Every time ubuntu updates firefox, it slams it's own list of search engines into my browser, and I have to yet again remove them. Why would a system update muck with personal settings like that?
This ridiculousness needed to be stopped at its source. Artists should have stopped signing on with the RIAA at least a decade ago. They are not needed. Even as a hobby, these days, you can afford to self-produce with your own studio, if you are so inclined.
Dumb solution. ISPs are idiots. They detect valid mailing lists as 'botnet activity from your machine' No thanks. They give me a pipe and the bandwidth I pay for. They aren't the Internet Police. Maybe if they'd listen to customer complaints about other customer traffic, or better yet THEIR OWN. I once had a firewall crash because its log partition filled due to the raw amount of invalid DHCP traffic the ISP was spewing over the line from one of its own servers. And you want me to trust *THEM* with the authority to arbitrarily disconnect me from a service that I pay for?? I don't think so.
Slashdot Mirror
And we used to have usenet, and now have 'forums'. I wouldn't be so quick to dismiss the dumber walled-garden approach as the one that fails.
Um,
That doesn't really solve the problem. If I want to snarf people at a starbucks, I'm going to get on their public network, encrypted or not, and snarf that data the same as I always have. This doesn't solve anything other than authenticating that I'm actually connecting to starbucks and not my evil network with transparent proxy.
A better solution is to enable wireless isolation so that your wifi behaves more like a switch and is not as easily sniffable. DD-WRT, for example, provides this option.
I like that my ubuntu laptop "just works" for the most part. I dislike that for things that aren't quite the way I want them, it is becoming more impossible to fix or change them.
KDE is a great example. Years ago, I liked their initial efforts of borrowing from the best UI elements that worked in other environments (OS/2's WPS, for example). Now they simply chase Microsoft. Gnome is guilty of this too. I love the concept of drag/dropping colors/patterns to nautilus to change it's appearance. Why isn't this used throughout? Why is it constrained to only the background? Why is it applied globally, and not available per object? WHy doesn't nautilus maintain the size of windows for different folders?
Windows is not a great interface. There are many things that Linux UIs do, and have done, better. Unfortunately, those good things seem to be going away as everybody seeks to mimic windows rather than stick to the better way of doing things, or come up with better ways of doing things. All in the name of "making it easy for windows users to transition". That should not be our goal. Our goal should be an elegant, intuitive, and customizable UI.
This is why I never bothered learning anything new. I dabbled with c, c++, and java, but as a sysadmin, perl and shell do the job. And perl does an excellent job at web frameworks, so I never bothered learning PHP, ASP, etc. It's a shame. I remember when perl was used for everything. And now they've just created new languages to do the same thing, only without the power of cpan. Don't get me started on friggin' ruby.
According to comcast, my mail server is a bot. Stopped getting disonnected and harassed by forwarding to dyndns's mailhop servers. Suck it, comcast.
Then make it as convenient as the illegal stuff. No DRM, for starters. Here's a neat solution: Run your own tracker with client side certificates for people who have paid for a subscription.
...there's a patch for that!
Android may be open source, and WebOS closed, but WebOS remains the most open phone platform in existence. You can remove the bloatware apps pretty easily, or if you prefer, just hide them by changing a simple text file.
Cool. The exploits should be interesting.
Hold it any way you want.
s/week/weak/
damn, getting old sucks.
Changing passwords frequently, as somebody writes below, leads to patterns, sticky notes on monitors, passwords kept in notepad files, etc. IOW, it MAKES THINGS LESS SECURE.
It is the most ridiculous policy I've seen in this field.
A better policy is:
1) force strong passwords
2) audit against week passwords using cracking tools
3) force a change of passwords when an incident occurs, or a person with a shared (ie: admin, root, database, etc) access leaves the company.
Forcing constant changes does not make you more secure if the password is strong to begin with and good policies around sharing and disclosing that password are followed (and they are more likely to be followed if you aren't forcing users to change the damned thing every month). Users will also be able to REMEMBER their STRONG password. Imagine that!
HP/Palm continue to support their homebrew community, and provide a virtually un-brickable device that you can modify without even compiling any code.
WebOS FTW!
...for quite awhile now.
Welcome to the party:
http://ares.palm.com/Ares/about.html
That's a good point.
The government's role should be to simply provide the data and perhaps some APIs to get to it. Let others write tools to access it. The tools that there is demand for will be written, and citizens can write their own tools just like any big company could then.
Don't forget window grouping and tab groups. I use that a lot. Expose is nice for managing multiple desktops as well.
HP has bought palm, killed their windoze slate, and is quite excited about what they can do with WebOS across a spectrum of mobile devices.
Things are going to be interesting in the coming year.
You just haven't used it on a phone that handles it elegantly. And as a former Palm user, you owe it to yourself to give a Pre runnning WebOS a try. Seriously. It's on 3 of the 4 major carriers. There's no excuse.
get a palm pre (get one used now, there is new hardware on its way). WebOS == most open platform out there with a strong homebrew community and support from Palm themselves.
Those of us in Security don't like it much either. What people do with the connections we give them, if it violates policy, is a management issue.
I have no problem doing a specific monitoring for someone suspected of violating policy, but to put global filters and monitoring on our entire infrastructure is a waste of time, money, and resources.
Spamhaus is VERY EASY to get off of. If you really aren't a spammer, a simple form, and voila! You're off!!
This is the reason that I use them, and my mail bounce kindly directs the sender to that form. This is the reason that Spamhaus is the only RBL that I use, because it is so easy to get off of if you are legitimate.
Basically.
I kindof like just using tools that actually don't let it happen in the first place. Embedded perl, for example. You have to really go out of your way to write insecure code with that particular tool.
You can't patent the way you drive your car. So why can you patent instructions to a computer?
Patent the device. Not how you use it.
If you want to write a book about your driving method, you would get a copyright. Same applies to software.
Software and business method patents need to go away.
Every time ubuntu updates firefox, it slams it's own list of search engines into my browser, and I have to yet again remove them. Why would a system update muck with personal settings like that?
This ridiculousness needed to be stopped at its source. Artists should have stopped signing on with the RIAA at least a decade ago. They are not needed. Even as a hobby, these days, you can afford to self-produce with your own studio, if you are so inclined.
No artists == no product == no RIAA.
Dumb solution. ISPs are idiots. They detect valid mailing lists as 'botnet activity from your machine' No thanks. They give me a pipe and the bandwidth I pay for. They aren't the Internet Police. Maybe if they'd listen to customer complaints about other customer traffic, or better yet THEIR OWN. I once had a firewall crash because its log partition filled due to the raw amount of invalid DHCP traffic the ISP was spewing over the line from one of its own servers. And you want me to trust *THEM* with the authority to arbitrarily disconnect me from a service that I pay for?? I don't think so.