Why not? What is the need for that to occur? If a software vendor doesn't trust that I actually bought their product and feels they need to pull that crap, then I will happily find an alternative.
The firewall included in XP SP2 is actually decent. It solves the immediate problem that we needed to solve for our end users: It denys all inbound traffic while allowing anything outbound. It does this the right way too, by dropping the packet on the floor and logging the drop. The firewall is up immediately on boot, another characteristic of a good firewall (I know of at least one commercial offering that does not come up until after a user has logged in) This allowed us to let users begin to use wifi and wired untrusted networks without fear of getting nailed by a worm. Once connected, they then connect using an IPSec client, which does not allow split tunneling. If you are managing your enterprise using SMS (or is it SUS? I get confused), the firewall can open up if it is on a 'trusted' network in order to allow management of end user PCs. The drawback to this is that it is all or nothing. So, if the wireless card is enabled when a user is connected to a trusted wired net (determined by DNS suffix), then it is possible for bad things to happen if they associate with joe random AP. We mitigate this by configuring default Wifi to use a specific SSID with WEP enabled. WEP provides no real security, but it does stop users from automatically associating with any untrusted network. Our home users are configured to the same SSID and Key, so there is no reason for them to ever change their settings. It's not perfect, but it is easier to manage than many of the commercial products out there, and it solves the core problem with connecting a windows client computer to an untrusted network.
Indeed. I just posted about this myself. While not perfect, the system I use is to email the user (their login id is their email address in my system) a new random password if they forget theirs. This way there is nothing linked to the person themselves, and they know immediately if someone is trying to do something to their account. Yes, it's flawed because it is email, but better than allowing just anybody to change a password if they know some trivial data about the person.
Even with the information ramirez obtained, in a good system she would have also had to hijack the prof's mail. Much better to have the system email (yes, that is insecure too) you a new random password and disallow any further password changes until the person has successfully logged in. This way the victim knows immediately if something is going on while causing them little inconvenience.
Yes, but allowing read-only access is great, because it is a win for the people. They can read their old stuff in word/excel/powerpoint, and then save it to a new open format. They can then ditch microsoft software entirely without having lost their work and without the need to spend endless hours reformatting a bad import.
That's my primary problem with it. You shouldn't need gnome libraries running just to run an application. Unfortunately almost every GTK app compiled today depends on having gnome daemons running too.
I'm getting annoyed at the current trend too. It's becoming increasingly difficult to have my environment behave the way that *I* want it to. Why do we need all of this stuff anyway? Isn't a standard Xdnd and current IPC enough to properly integrate pretty much anything without depending on a bunch of crap like 'gnome-settings-daemon' running?
I digress, the above is a slightly different rant. Not all user stuff is bad. I have sent MANY suggestions to the ROX team, and they have all made it into the software. ROX now depends on the stuff ranted about in the first paragraph, however:(
I drop more stuff these days before it even GETS to spam assassin to be analyzed.
Reject if on the spamhaus list
Reject if claiming to be your mail server in the helo
Reject if claiming to be RFC1918 space in the helo
Reject if there isn't a '.' somewhere in the middle of the helo (simple way of checking for FQDN)
In addition, configure sendmail to do rcpt flood rejects, and even better, enable greet_pause. I've rejected quite a few with those.
Anything that gets through all of that is then analyzed by spamassassin. WIth Bayesian training, my current threshold is 3.0. Anything legit is normally -2.0 or less. I Totally DROP through mimedefang anything greater than 7.0. Anything from 3-7 is dumped in a special folder on my local account via procmail. I analyze that stuff every now and then to see if it is time to once again lower the thresholds.
Also, continue to do the RBL checks in spamassassin (although it's a little redundant since I check spamhaus in mimedefang). That way you also get scoring based on SURBL..good stuff.
The real fix would be to get rid of "business method" and software patents entirely. Patents should be for physical devices, period. Patents are also supposed to protect you while you bring your idea to reality. If you cannot or will not create a prototype (or work with another company to do so) within a certain amount of time...you should lose the patent.
Excuse me, but I pay my cable bill. I'd like to be able to see some of these shows whenever I want, but don't feel like spending the time/money to encode them. If somebody else did and can share that with me, great! Heck, the simpsons is even still on 'free' air. How can they claim this as piracy? Nobody is trying to sell the stuff for profit (oh yeah, the networks want to overcharge you for the DVDs several years later. I forgot)
WRT visual cues....do I *really* need stuff in a menu to change because I am pointing at it? I can already see where my mouse is pointing. That 'cue' is very annoying, whether it is in web pages (in web pages, it's not quite as bad if done properly, since a web page has no standard layout), or application menus (highlighting here is just dumb and gives me a headache more than it helps me in any way...whoever started this trend should be shot).
You don't even need to go that far. The orinoco drivers on my windoze laptop lets me change the MAC through the GUI on the fly. Finding an allowed one is a simple matter of running kismet for a couple of seconds.
Microsoft's worst enemy is on-line applications. They really don't want to go that route, but are being forced into it. I wouldn't worry too much about google.
Actually, just having a degree doesn't make you an engineer. Passing your EIT is the first step to that path. "MSCE" is a disgusting use of the word engineer to anybody who is a real engineer.
Slashdot Mirror
Why not? What is the need for that to occur? If a software vendor doesn't trust that I actually bought their product and feels they need to pull that crap, then I will happily find an alternative.
The firewall included in XP SP2 is actually decent. It solves the immediate problem that we needed to solve for our end users: It denys all inbound traffic while allowing anything outbound. It does this the right way too, by dropping the packet on the floor and logging the drop. The firewall is up immediately on boot, another characteristic of a good firewall (I know of at least one commercial offering that does not come up until after a user has logged in) This allowed us to let users begin to use wifi and wired untrusted networks without fear of getting nailed by a worm. Once connected, they then connect using an IPSec client, which does not allow split tunneling. If you are managing your enterprise using SMS (or is it SUS? I get confused), the firewall can open up if it is on a 'trusted' network in order to allow management of end user PCs. The drawback to this is that it is all or nothing. So, if the wireless card is enabled when a user is connected to a trusted wired net (determined by DNS suffix), then it is possible for bad things to happen if they associate with joe random AP. We mitigate this by configuring default Wifi to use a specific SSID with WEP enabled. WEP provides no real security, but it does stop users from automatically associating with any untrusted network. Our home users are configured to the same SSID and Key, so there is no reason for them to ever change their settings. It's not perfect, but it is easier to manage than many of the commercial products out there, and it solves the core problem with connecting a windows client computer to an untrusted network.
Indeed. I just posted about this myself. While not perfect, the system I use is to email the user (their login id is their email address in my system) a new random password if they forget theirs. This way there is nothing linked to the person themselves, and they know immediately if someone is trying to do something to their account. Yes, it's flawed because it is email, but better than allowing just anybody to change a password if they know some trivial data about the person.
Even with the information ramirez obtained, in a good system she would have also had to hijack the prof's mail. Much better to have the system email (yes, that is insecure too) you a new random password and disallow any further password changes until the person has successfully logged in. This way the victim knows immediately if something is going on while causing them little inconvenience.
If you really want an excuse to go to vegas, there is always defcon. I've got my room reserved at the Alexis already :)
Yes, but allowing read-only access is great, because it is a win for the people. They can read their old stuff in word/excel/powerpoint, and then save it to a new open format. They can then ditch microsoft software entirely without having lost their work and without the need to spend endless hours reformatting a bad import.
That's my primary problem with it. You shouldn't need gnome libraries running just to run an application. Unfortunately almost every GTK app compiled today depends on having gnome daemons running too.
Actually, Nokia has some pretty kickass proxying solutions that rewrite all web content to fit perfectly on a mobile screen. Good stuff.
See above. I personally run windowmaker + ROX. The problem is the apps. Even firefox now depends on xsettings to properly render its menu fonts.
I digress, the above is a slightly different rant. Not all user stuff is bad. I have sent MANY suggestions to the ROX team, and they have all made it into the software. ROX now depends on the stuff ranted about in the first paragraph, however :(
It runs fine on my toshiba libretto (P233, 64MB ram).
Yes, but the computers that the bank uses to control the things may be. You just need to infect them to do bad things to the ATM's.
Who needs anything else?
- Reject if on the spamhaus list
- Reject if claiming to be your mail server in the helo
- Reject if claiming to be RFC1918 space in the helo
- Reject if there isn't a '.' somewhere in the middle of the helo (simple way of checking for FQDN)
In addition, configure sendmail to do rcpt flood rejects, and even better, enable greet_pause. I've rejected quite a few with those.Anything that gets through all of that is then analyzed by spamassassin. WIth Bayesian training, my current threshold is 3.0. Anything legit is normally -2.0 or less. I Totally DROP through mimedefang anything greater than 7.0. Anything from 3-7 is dumped in a special folder on my local account via procmail. I analyze that stuff every now and then to see if it is time to once again lower the thresholds.
Also, continue to do the RBL checks in spamassassin (although it's a little redundant since I check spamhaus in mimedefang). That way you also get scoring based on SURBL..good stuff.
Seems we should get rid of news broadcasts then.
The real fix would be to get rid of "business method" and software patents entirely. Patents should be for physical devices, period. Patents are also supposed to protect you while you bring your idea to reality. If you cannot or will not create a prototype (or work with another company to do so) within a certain amount of time...you should lose the patent.
http://windupradio.com/
For someone who doesn't care, you sure can remember the most recent pop shows pretty well.
Excuse me, but I pay my cable bill. I'd like to be able to see some of these shows whenever I want, but don't feel like spending the time/money to encode them. If somebody else did and can share that with me, great! Heck, the simpsons is even still on 'free' air. How can they claim this as piracy? Nobody is trying to sell the stuff for profit (oh yeah, the networks want to overcharge you for the DVDs several years later. I forgot)
WRT visual cues....do I *really* need stuff in a menu to change because I am pointing at it? I can already see where my mouse is pointing. That 'cue' is very annoying, whether it is in web pages (in web pages, it's not quite as bad if done properly, since a web page has no standard layout), or application menus (highlighting here is just dumb and gives me a headache more than it helps me in any way...whoever started this trend should be shot).
You don't even need to go that far. The orinoco drivers on my windoze laptop lets me change the MAC through the GUI on the fly. Finding an allowed one is a simple matter of running kismet for a couple of seconds.
Microsoft's worst enemy is on-line applications. They really don't want to go that route, but are being forced into it. I wouldn't worry too much about google.
Actually, just having a degree doesn't make you an engineer. Passing your EIT is the first step to that path. "MSCE" is a disgusting use of the word engineer to anybody who is a real engineer.