"NT just wasn't designed for easy remote-management; this fact is woefully apparent in my experience."
Funny, I've never had any issues with this. Especially with Win2k. Most administration can be done via a command line, and if not there are plenty of tools that connect remotely such as regedt32, etc.
I hope you realize.NET Server will have the option of running headless with nothing but a serial port. You have to have x86 hardware specifically designed for this, but it's coming... This will allow.NET Server to run on server blades quite easily.
It does not seem to me that they are talking about a BSD client accessing a Win98 computer sharing files.
It sounds like this was text out of say an Office EULA, that got put in there. They're basically saying you can install the software to a network server, but if you run it from that location you have to have a license for each computer doing so.
This is the wording that forbids concurrent use licensing, which used to be quite possible with Office, etc.
How this is applicable to Win98 I don't know. Unless you can setup Win98 to boot on a diskless workstation. We used to do this with DOS all the time, but I've never seen that with Win9x.
The Win2k clause makes sense. They're basically forbidding you from setting up one Win2k machine, and then using a bunch of Win95 machines to connect to it so you can run apps on it without upgrading the licensing on each of your Win95 clients.
That one I can see. The first clause I think was not well thought out by legal.
What if I want to buy a Blender that only needs to work once, and all I have is $5? In America I have that choice, but you are saying in Europe I do not?
The Win2k version of the MCSE is supposed to be considerably more difficult than the NT4 version that I took. I have not taken any of the exams so I don't really know how different it is.
I agree it isn't as easy as some people claim it is, and it's definately worthwhile experience to at least study for it.
GIAC is certainly is a good deal of work. The practical requires a good week or more of effort to complete in terms of research and writing. GIAC has posted the practicals of those who have completed the cert to get some idea of what they require. I know of at least 3 other people who tried for the cert at the same time I did but didn't complete the work successfully. Partly because unlike other certs there is a timelimit of about 3 months to complete everything.
They've also stated that their goal is not to have a deluge of people with the cert(unlike Cisco, MS, Novell, etc. who advertise how many are certified). If they start seeing a lot of people passing the cert, they'll make the cert harder to obtain. Worth pursuing, definately.
It was well known at the time the Linux article came out that Microsoft also had zlib code in their software.
I mean... DUH... IIS and IE support the Content-Encoding extensions from HTTP 1.1 that use gzip for compression and the easiest way for them to have implemented that was functions from zlib.
Now what I want to know is how you have come to the conclusion that Microsoft uses the code in the specific way necessary to exploit it. Or if they even use that particular function, or if they haven't already fixed it long ago in their source tree.
Speculation and wild claims don't add any value, and that's what this article does and what your post does. Yes, it is popular to bash MS.
Now let's get to the real question. How come this bug got into zlib in the first place?
If you do not understand the issues, please don't bother to respond.
The updates I spoke of are only re-released when new versions of the applications come out, for compatibility reasons. Yes, the virus definition files do have weekly updates, but that is all.
Are you even aware of the Outlook 2000 update and what it does?
Any naming convention which uses themes, names, etc. is probably inappropriate for a company(eventually someone chooses a name someone is offended by), but more importantly it's very difficult to maintain for long term growth.
I would suggest coming up with a coding standard that provides the information you find valuable.
2 chars to define the OS or machine type 3 chars to define location 1 char for production or development 3 chars for a number sequence
So something like NTDFWP150 would be your 150th production NT server in Dallas. Maybe location isn't as important as purpose. Maybe you don't have development or production differentiation. I do think it's helpful for support staff to be able to tell what OS the machine is running by the machine name. If you are looking at 4000 servers at some point, then maybe 4-5 chars should be devoted to numbers.
Even though the name seems confusing, if you have a well defined pattern, it is trivial to train new staff. As far as linking this to customer names, you build a spreadsheet with a lookup table.
So I should dump Unix for SMTP and DNS because of the problems with BIND and sendmail?
Yeah, that's intelligent.
Learn how things work, why things work, and then implement the solutions.
The vast majority of currently known IIS attacks(Code Red, Nimda, and so forth) could have been prevented proactively by implementing the steps in the IIS security checklists from Microsoft, SANS, and so forth. It's not that hard, and all I see in your response is a knee jerk reaction against Microsoft without proper understanding of the issues.
"At what point do you finally switch over to something different? "
At what point do you finally realize that switching to something different doesn't solve problems, it just creates new ones?
The answer is still... education... Learn how to admin what you have now, and save yourself a whole lot of hassle!
"UNIX has a whole slew of problems, too, but at least it isn't designed to be insecure."
No moreso than Windows 2000. The point is that if you know what you are doing and set things up properly, you don't have issues.
Our company was not hit by Code Red. We did have issues with Nimda, but only on development machines which were not well managed; production were fine. We have not had any issues with production systems as a result of windows vulnerabilities in 3 years because we have smart Admins.
Christ I have the GIAC Windows Security administration cert and don't know half what my companies admins know. But I would still recommend to those bitching, especially that air force Lt. that he attend the SANS annual and take Track 5.
Why don't you take all this negative energy and hate and direct it to something positive. Like, learning how to administer your Windows systems so that they aren't vulnerable to issues.
The company I work for has not had any issues with email born viruses since ILOVEYOU. It took one lesson, we learned from it, we corrected the problems and we moved on. If you don't learn then you are too stupid to be in IT.
You remember incorrectly, or rather you have a preconceived concept that you want the article to say and are filling in facts to try to get to that point.
The article is really quite vague, but anybody with a remote amount of intelligence and experience with systems design can see that they were talking about a custom application written by the consulting firm that runs on top of the OS and the database.
i.e. some bad data got entered into the database, and this app didn't know how to fail gracefully.
Slashdot Mirror
"NT just wasn't designed for easy remote-management; this fact is woefully apparent in my experience."
.NET Server will have the option of running headless with nothing but a serial port. You have to have x86 hardware specifically designed for this, but it's coming... This will allow .NET Server to run on server blades quite easily.
Funny, I've never had any issues with this. Especially with Win2k. Most administration can be done via a command line, and if not there are plenty of tools that connect remotely such as regedt32, etc.
I hope you realize
"I wish it did, but XP is such a primitive system that that's not easily possible."
I don't see how you could possible claim this isn't easily possible given every version of NT ever produced has been multiuser.
XP especially.
That first one from the Win98 EULA is bizarre.
It does not seem to me that they are talking about a BSD client accessing a Win98 computer sharing files.
It sounds like this was text out of say an Office EULA, that got put in there. They're basically saying you can install the software to a network server, but if you run it from that location you have to have a license for each computer doing so.
This is the wording that forbids concurrent use licensing, which used to be quite possible with Office, etc.
How this is applicable to Win98 I don't know. Unless you can setup Win98 to boot on a diskless workstation. We used to do this with DOS all the time, but I've never seen that with Win9x.
The Win2k clause makes sense. They're basically forbidding you from setting up one Win2k machine, and then using a bunch of Win95 machines to connect to it so you can run apps on it without upgrading the licensing on each of your Win95 clients.
That one I can see. The first clause I think was not well thought out by legal.
What if I want to buy a Blender that only needs to work once, and all I have is $5? In America I have that choice, but you are saying in Europe I do not?
That's not my definition of consumer freedom.
It's nice to see slashdot.org announcing innovations coming out of Microsoft, but it would be nice if you'd properly attribute them as well.
The Win2k version of the MCSE is supposed to be considerably more difficult than the NT4 version that I took. I have not taken any of the exams so I don't really know how different it is.
I agree it isn't as easy as some people claim it is, and it's definately worthwhile experience to at least study for it.
GIAC is certainly is a good deal of work. The practical requires a good week or more of effort to complete in terms of research and writing. GIAC has posted the practicals of those who have completed the cert to get some idea of what they require. I know of at least 3 other people who tried for the cert at the same time I did but didn't complete the work successfully. Partly because unlike other certs there is a timelimit of about 3 months to complete everything.
They've also stated that their goal is not to have a deluge of people with the cert(unlike Cisco, MS, Novell, etc. who advertise how many are certified). If they start seeing a lot of people passing the cert, they'll make the cert harder to obtain. Worth pursuing, definately.
sheldon - GCWN #168
If you are looking to hire someone to operate an X-Ray machine, why would you want to hire a radiologist?
If so, is it illegal to sing about Casey Jones?
X essentially developed parallel to efforts by Microsoft.
And before someone brings it up. No, the user interface of Motif was actually a copy of Microsoft Windows. Not the other way around.
Microsoft was part of the consortium, and licensed their UI for use in Motif.
How about you provide for us a list of these sites you visited?
My experience with Mozilla did not contribute to the adjectives stable and fast.
I encounter daily sites providing content thru the use of ActiveX controls:
Adobe Acrobat
Windows Media
Quicktime
Real Player
Macromedia Flash
"notice how fast AOL took on this project?"
Hmmm... They started this project in November of 1998 when they announced the acquisition of Netscape.
So it's taken just over 3 years to get to a beta stage. Fast in geological time keeping, but certainly not what we used to call internet time.
But what if there is no problem with the Microsoft software?
Should Microsoft issue a press-release saying "despite what some Linux kiddies think, our software has no issues."?
Would you believe them anyway?
Now back to our regularly scheduled Microsoft bashing...
It was well known at the time the Linux article came out that Microsoft also had zlib code in their software.
I mean... DUH... IIS and IE support the Content-Encoding extensions from HTTP 1.1 that use gzip for compression and the easiest way for them to have implemented that was functions from zlib.
Now what I want to know is how you have come to the conclusion that Microsoft uses the code in the specific way necessary to exploit it. Or if they even use that particular function, or if they haven't already fixed it long ago in their source tree.
Speculation and wild claims don't add any value, and that's what this article does and what your post does. Yes, it is popular to bash MS.
Now let's get to the real question. How come this bug got into zlib in the first place?
This device is already virtually obsolete. Rio hasn't updated the software in quite some time, and it doesn't work very well as it is.
You are right, of course, they should just document the protocol. Or in this case use a protocol that isn't so tied to Linux.
"First of all, if you were a smart unix user, you would not be using Sendmail. "
Well DUH.
"you aren't being proactive by simply applying vendor-supplied patches when they say to"
Who said anything about vendor-supplied patches?
"Being proactive means learning how your software security works, especially internally, and performing appropriate actions. "
That's what I said.
I'm sorry but your post helps reinforce my point that you don't know what you are talking about.
If you do not understand the issues, please don't bother to respond.
The updates I spoke of are only re-released when new versions of the applications come out, for compatibility reasons. Yes, the virus definition files do have weekly updates, but that is all.
Are you even aware of the Outlook 2000 update and what it does?
Any naming convention which uses themes, names, etc. is probably inappropriate for a company(eventually someone chooses a name someone is offended by), but more importantly it's very difficult to maintain for long term growth.
I would suggest coming up with a coding standard that provides the information you find valuable.
2 chars to define the OS or machine type
3 chars to define location
1 char for production or development
3 chars for a number sequence
So something like NTDFWP150 would be your 150th production NT server in Dallas. Maybe location isn't as important as purpose. Maybe you don't have development or production differentiation. I do think it's helpful for support staff to be able to tell what OS the machine is running by the machine name. If you are looking at 4000 servers at some point, then maybe 4-5 chars should be devoted to numbers.
Even though the name seems confusing, if you have a well defined pattern, it is trivial to train new staff. As far as linking this to customer names, you build a spreadsheet with a lookup table.
So I should dump Unix for SMTP and DNS because of the problems with BIND and sendmail?
Yeah, that's intelligent.
Learn how things work, why things work, and then implement the solutions.
The vast majority of currently known IIS attacks(Code Red, Nimda, and so forth) could have been prevented proactively by implementing the steps in the IIS security checklists from Microsoft, SANS, and so forth. It's not that hard, and all I see in your response is a knee jerk reaction against Microsoft without proper understanding of the issues.
"At what point do you finally switch over to something different? "
At what point do you finally realize that switching to something different doesn't solve problems, it just creates new ones?
The answer is still... education... Learn how to admin what you have now, and save yourself a whole lot of hassle!
"UNIX has a whole slew of problems, too, but at least it isn't designed to be insecure."
No moreso than Windows 2000. The point is that if you know what you are doing and set things up properly, you don't have issues.
Our company was not hit by Code Red. We did have issues with Nimda, but only on development machines which were not well managed; production were fine. We have not had any issues with production systems as a result of windows vulnerabilities in 3 years because we have smart Admins.
Christ I have the GIAC Windows Security administration cert and don't know half what my companies admins know. But I would still recommend to those bitching, especially that air force Lt. that he attend the SANS annual and take Track 5.
There are add-on's to exchange that prevent the spread of these viruses thru filtering.
There are patches to Outlook that prevent the spread of these viruses.
There is anti-virus software with links into Outlook that prevents the spread of these viruses.
Your right, with a proper security policy in place this isn't an issue.
I have a suggestion...
Why don't you take all this negative energy and hate and direct it to something positive. Like, learning how to administer your Windows systems so that they aren't vulnerable to issues.
The company I work for has not had any issues with email born viruses since ILOVEYOU. It took one lesson, we learned from it, we corrected the problems and we moved on. If you don't learn then you are too stupid to be in IT.
You remember incorrectly, or rather you have a preconceived concept that you want the article to say and are filling in facts to try to get to that point.
The article is really quite vague, but anybody with a remote amount of intelligence and experience with systems design can see that they were talking about a custom application written by the consulting firm that runs on top of the OS and the database.
i.e. some bad data got entered into the database, and this app didn't know how to fail gracefully.
In particular SANS has their SCORE initiative, which seems as though it might be somewhat applicable.
http://www.sans.org/SCORE/