Why would I want to buy an E-book that could lock me out of the book I want to read at the publisher's whim when I can buy a paper copy that I can always read?
I wonder if all the *sucks.com domains will be determined to be typos (therefore illegal). If a company decideds to go after someone they might be able to use this ruling to shutdown sites that legitimately protect consumer interests.
Dan,
How does IDC determine if the answers they are getting are valid? What I mean by this is how does your organization insure that the people they are surveying being truthful in their responses? I can see scenarios where a well co-ordinated group of people could be swayed by a vendor to influence the results of a survey, especially in a field as specialized as the IT industry.
Also, if you suspect that the results of a survey are tainted, do you publish it anyway (with caveats included, of course) or redo it (at your time and expense)?
"It's cheap, as you see in the proce difference between IDE and SCSI drives."
Take a close look at the SCSI vs. IDE models of hard drives from the different manufacturers. Compare the geometry of the SCSI version of a model with the IDE version of the same model and you will see that the only thing different is the electronics card attached to the drive. All the mechanical internals of the drive are the SAME. The mechanical parts (wether SCSI or IDE) are put through the same QA test, etc before being given the electronics board.
I agree that SCSI is better for server/data warehousing applications due to all the reasons you mentioned. If you're just looking for some way to store all you MP3s cheaply or running an in-home server, then IDE works just fine.
There is a company called Blackbox that sells all sorts of lockable cabinets for computer systems. You might want to check out their ClimateCab and ClimateCab Desktop products. I've used these with great success in dirty and hot environments. They are NOT cheap ($4,686.95 and $3,564.95 respectively) but they are the best that I've found that include security, filtration, and cooling.
How about getting your mail software to forward a copy of every piece of spam you get to your Congressmen and Senators? After all, if they are that interested in making sure that people can spam us whenever they like, they must like getting spammed too. So how about we share with them what we have to see everytime we check our e-mail?
Just my $0.02.
Actually, this could be GOOD for Linux. If the strongest variants of the OS buy the weakest, then there's hope we might finally see a unified distobution. I'm all for choice, but a selection between a few strong distros that have what we want vs. a plethora of distros that each have a little bit of what we want is a good thing.
DoD Computer Systems, OSs, and Commercial Software
on
DoD and Net Attacks
·
· Score: 3
Understand that most attacks that are launched on DoD computer networks are against UNCLASSIFIED networks. They can contain sensitive information but the really CLASSIFIED stuff is housed on machines that aren't even connected to the Internet (think the original Mission Impossible movie). The sensitive machines that are connected to the Internet can't be found by any script kiddy or leet haxors. For those of you who think you're the hottest cracker around, think again. If the NSA or DoD hasn't approached you to join, you're not nearly as good as you think you are.
To address a few issues that others have brought up:
Attacking a military system with more than a port scan or mild probing WILL earn you a visit from some very terse (but polite) gentlemen.
At the facility I work at we use Solaris, AIX, Windows NT, Windows 98, OS/390, MVS, and even Linux on an S/390. I'm sure there is a project somewhere that uses OpenBSD.
Backdoors in commercial software are a VERY big issue, especially when the system is connected to the Internet. We DO use software like Emacs, and other Open Source software on our systems. Having the source code available for perusal by a programmer is EXACTLY the reason we use OSS. There is nothing hidden in OSS like there is in proprietary packages. Ever tried asking Microsoft for their code for any of their products so you could verify C2 compliance?
The DoD does NOT engage in monitoring the public on the Internet (that's the FBI's job;) ). You will be monitored while accessing a DoD site (and we post BIG warning messages about that) or if you attempt to do anything that is deemed an attack against DoD systems (the same kind of acts that would get you monitored by a commercial site).
As for programmers putting backdoors into software that the DoD creates, that chance is nearly 0%. When a mission critical software package is written, it is done by more than one person, often by more than one team of people. The code is then subjected to multiple peer reviews. Everything that is done by the program is questioned and re-evaluated at each step of the development cycle. Why else do you think that the government is still using computers from the 70's and 80's? We haven't finished the code reviews yet!;)
Trusting foreigners - Well, you can't even get a clearance if you were not born in the U.S. (at least that's the way they say it's supposed to work).
The DoD is NOT stupid or careless; unfortunately, there are times when people make mistakes and accidentally compromise classified information. This happens through laziness and cockiness on the part of users AND Admins; the same reasons that commercial sites get cracked.
And, yes, many of us are not in this job for the pay, rather out of a sense of duty toward our country.
I work on a military installation that uses SmartFilter to prevent access to sites on it's blacklist. Imagine my surprise Monday morning when trying to get my daily dose of Slashdot to find out that this site is listed as being unaccessable because it is a "chat" site.
I'm sure someone will remark that Slashdot could not possibly be considered as a work related site, therefore the military is justified in blocking it. That maybe true, but as a systems administrator there are several sites that I normally frequent to find out what crackers are up to. I cannot access these sites at work (since SmartFilter blocks them) and must do so at home to keep abreast of news on the computer security front.
"Smart"Filter and all the other packages that pretend to "protect" people from the "evils" of the internet only end up restricting access to many of the sites admins/programmers/techies access to do their jobs. When will the companies that produce these pieces of crap realize that they are selling parents and companies pipe dreams that they can block out the undesirable aspects of the net? It is far more effective for parents to spend time with their kids surfing the net and helping them avoid areas they want to be off limits. Most companies have clear policies about what is considered acceptable usage; employees who violate those rules should be dealt with as the company sees fit.
I consider myself lucky that the position I currently work in is a very flexible position. I can basically set my hours to what I need for a given day/week/month and no one complains as long as I meet my deadlines. My company allows me to take up to a two-hour lunch, during which I can go to the Doctor, run errands, etc. If I work more than 40-hours in a week, I can comp the time to use later instead of dipping into vacation time. The only thing I dislike is that my current employer lumps sick time and vacation time into one pool: Paid Time Off.
Don't get me wrong; I'm not trying to brag. I have friends at other companies that I have worked for who work long hours under draconian bosses. Four ex-coworkers regularly put in 80+ hour weeks and have an Dick for a boss. They don't get overtime or comp time, they only get paid salary, and they RARELY get to sit and eat lunch without being disturbed. They also are on pagers and cell phones 24/7/365.
Funny thing is, I find that many people choose the jobs they have as a result of the percieved "social status" that surrounds their job or who they work for. Examples: In many of the places I have worked programmers are considered to be lower in status than a sysadmin or you're better if you work for a hot, internet startup than if you work in an established company. My ex-coworkers are very status conscious and have bragged many times that they are the best LAN team in a major telecommunications company (Worldcom).
We met up the other day and got to talking about work. They have made it clear that they look down on what I do (AIX/Linux/Windows Administrator, Network Engineer, Jack-of-All-Trades) because of who I do it for (Lockheed Martin) and that I work in support of the military. They started comparing salaries and laughed when I revealed that my salary is about $10K less that theirs.
I had the last laugh though; I simply asked the question of how much they make per hour. One of them did some quick figuring and discovered that they made (on average) about $17.00/hour versus the $30+/hour that I make because my employer doesn't work me 80+ hours per week.
I work for a large aerospace company that is on contract with the U.S. Military. We are always on the lookout for interns in various areas. Our site has many *nix boxen: IBM, Sun, and even x86 running Linux. My last assistant up and quit after the management at his company (not the one I work for) made a major screw-up. The position is open....
Look to companies in the military/government sector as well as the private sector.
Just finished looking at "The Cube" and love the way they designed how to remove the innards of the machine from the case. After many years of working on steel-cased machines (everything from PCs to mainframes to Unix Boxes) and cutting up my hands in the process, Apple has finnaly made a design that I'd love to get my hands on. Easy to remove from the case, doesn't appear to have many sharp edges. Would love to know if the component chassis is metal or plastic.
Would especially love to see a rackmount unit made that can hold, say, two of the chassis modules per rack. That would be about 16 per standard size 19" rack. Easy insert and extract for repairs. Hmmmm...... LinuxPPC on each unit running SETI@Home:)
I work for a large aerospace company as a Systems Administrator on a U.S. Military Base. The physical security of the systems as well as the data they contain is of utmost importance to the Military. This is evidenced by the regular, mandatory security training sessions we receive from the boys-in-blue. Even with all the training (read trying-to-pound-in-common-sense) we receive, the number one security problem is contractors. The very same people who zealously guard "their" company's secrets are the one's who think nothing of sending classified information out via unclassified e-mail systems. They think nothing of violating rules that forbid anyone (except the sysadmin) from writing data to a floppy that they take home with them. Those of us who are responsible for systems security have also watched in horror as the management of these contracting companies have covered up security violations. I have seen many of the things that officials from Los Alamos are claiming as possibilities for why the data is missing. During the shutdown of another facility, some of the tapes and records on their books were found to be missing. After much searching, it was found that the librarian had failed to file the appropriate paperwork for the destruction of those records and they were never removed from the inventory. There have been occasions where people have checked out material and then failed to have it signed back in when they returned it. Once, we were declassifying old hard drives only to find out, when we were finished, that we'd been given the wrong drives to declassify! Fortunately, we have never had anything stolen. Make no mistake, the government and the military take the security of their data quite seriously. It's the unattentive, careless, and clueless contractors and other workers who don't take the security of the U.S.'s information SERIOUSLY that pose the greatest risk. The rules and regulations that we are required to follow in the handling of sensitive material are just the kind of rules many corporations use: * If someone doesn't need to know, don't tell them * Don't leave sensitive information laying around unattended * Follow the proper procedure for checking out/checking in documents/tapes/disks * Don't use internet e-mail to send sensitive information
It may hurt Micro$oft, but it could be a boon to the consumer/user community. Imagine a Windows product that you actually had the ability to fix the bugs in ala Open Source. Wow, a version of Windows where you won't get the Blue Screen of Death everyday.
Looks like they are gearing up to start an assault on Linux. Even though it's just *nix compatibility, they'll probably shout "Just like *nix, only better!" Microsloth 95/98/NT are just too bloody unstable for my tastes and it's wonderful how often people keep finding new and fun security bugs. Give me AIX and Linux anyday!
Bones and the rest of the Star Trek crew brightened many a rainy day for me. I wish Dee would have lived to see 140+, like Bones in the first episode of ST:TNG.
I worked for a major long distance company not too long ago and spying on employees was common. We had many occurances of stolen computer hardware/software and it began costing the company quite a bit of money. Their solution was to install security cameras (during a holiday weekend) into vents and lighting fixtures to keep an eye on the employees. Because of space limitations, the security monitors/recorders were located in a storage area in our server room. We got to see employees doing silly/stupid/crazy things. "Computer abuse" was quite common; pounding on keyboards, slamming mice on the desk, slapping monitors, even one guy who took a leak into his computer then turned it on. He'd been wanting a faster machine but his position didn't require a fast machine; all he did was e-mail and wordprocessing. You might want to think again, the next time you sit in your cube, if you think no one is watching you. I'm surprised no one has come up with "America's Funniest Office Antics" TV show.
Slashdot Mirror
Why would I want to buy an E-book that could lock me out of the book I want to read at the publisher's whim when I can buy a paper copy that I can always read?
PS1="/."
I wonder if all the *sucks.com domains will be determined to be typos (therefore illegal). If a company decideds to go after someone they might be able to use this ruling to shutdown sites that legitimately protect consumer interests.
Do any of these worms call your mother every 5 minutes to let her know you're ok?
Dan,
How does IDC determine if the answers they are getting are valid? What I mean by this is how does your organization insure that the people they are surveying being truthful in their responses? I can see scenarios where a well co-ordinated group of people could be swayed by a vendor to influence the results of a survey, especially in a field as specialized as the IT industry.
Also, if you suspect that the results of a survey are tainted, do you publish it anyway (with caveats included, of course) or redo it (at your time and expense)?
"It's cheap, as you see in the proce difference between IDE and SCSI drives."
Take a close look at the SCSI vs. IDE models of hard drives from the different manufacturers. Compare the geometry of the SCSI version of a model with the IDE version of the same model and you will see that the only thing different is the electronics card attached to the drive. All the mechanical internals of the drive are the SAME. The mechanical parts (wether SCSI or IDE) are put through the same QA test, etc before being given the electronics board.
I agree that SCSI is better for server/data warehousing applications due to all the reasons you mentioned. If you're just looking for some way to store all you MP3s cheaply or running an in-home server, then IDE works just fine.
There is a company called Blackbox that sells all sorts of lockable cabinets for computer systems. You might want to check out their ClimateCab and ClimateCab Desktop products. I've used these with great success in dirty and hot environments. They are NOT cheap ($4,686.95 and $3,564.95 respectively) but they are the best that I've found that include security, filtration, and cooling.
How about getting your mail software to forward a copy of every piece of spam you get to your Congressmen and Senators? After all, if they are that interested in making sure that people can spam us whenever they like, they must like getting spammed too. So how about we share with them what we have to see everytime we check our e-mail?
Just my $0.02.
Actually, this could be GOOD for Linux. If the strongest variants of the OS buy the weakest, then there's hope we might finally see a unified distobution. I'm all for choice, but a selection between a few strong distros that have what we want vs. a plethora of distros that each have a little bit of what we want is a good thing.
Understand that most attacks that are launched on DoD computer networks are against UNCLASSIFIED networks. They can contain sensitive information but the really CLASSIFIED stuff is housed on machines that aren't even connected to the Internet (think the original Mission Impossible movie). The sensitive machines that are connected to the Internet can't be found by any script kiddy or leet haxors. For those of you who think you're the hottest cracker around, think again. If the NSA or DoD hasn't approached you to join, you're not nearly as good as you think you are.
;) ). You will be monitored while accessing a DoD site (and we post BIG warning messages about that) or if you attempt to do anything that is deemed an attack against DoD systems (the same kind of acts that would get you monitored by a commercial site).
;)
To address a few issues that others have brought up:
Attacking a military system with more than a port scan or mild probing WILL earn you a visit from some very terse (but polite) gentlemen.
At the facility I work at we use Solaris, AIX, Windows NT, Windows 98, OS/390, MVS, and even Linux on an S/390. I'm sure there is a project somewhere that uses OpenBSD.
Backdoors in commercial software are a VERY big issue, especially when the system is connected to the Internet. We DO use software like Emacs, and other Open Source software on our systems. Having the source code available for perusal by a programmer is EXACTLY the reason we use OSS. There is nothing hidden in OSS like there is in proprietary packages. Ever tried asking Microsoft for their code for any of their products so you could verify C2 compliance?
The DoD does NOT engage in monitoring the public on the Internet (that's the FBI's job
As for programmers putting backdoors into software that the DoD creates, that chance is nearly 0%. When a mission critical software package is written, it is done by more than one person, often by more than one team of people. The code is then subjected to multiple peer reviews. Everything that is done by the program is questioned and re-evaluated at each step of the development cycle. Why else do you think that the government is still using computers from the 70's and 80's? We haven't finished the code reviews yet!
Trusting foreigners - Well, you can't even get a clearance if you were not born in the U.S. (at least that's the way they say it's supposed to work).
The DoD is NOT stupid or careless; unfortunately, there are times when people make mistakes and accidentally compromise classified information. This happens through laziness and cockiness on the part of users AND Admins; the same reasons that commercial sites get cracked.
And, yes, many of us are not in this job for the pay, rather out of a sense of duty toward our country.
I work on a military installation that uses SmartFilter to prevent access to sites on it's blacklist. Imagine my surprise Monday morning when trying to get my daily dose of Slashdot to find out that this site is listed as being unaccessable because it is a "chat" site.
I'm sure someone will remark that Slashdot could not possibly be considered as a work related site, therefore the military is justified in blocking it. That maybe true, but as a systems administrator there are several sites that I normally frequent to find out what crackers are up to. I cannot access these sites at work (since SmartFilter blocks them) and must do so at home to keep abreast of news on the computer security front.
"Smart"Filter and all the other packages that pretend to "protect" people from the "evils" of the internet only end up restricting access to many of the sites admins/programmers/techies access to do their jobs. When will the companies that produce these pieces of crap realize that they are selling parents and companies pipe dreams that they can block out the undesirable aspects of the net? It is far more effective for parents to spend time with their kids surfing the net and helping them avoid areas they want to be off limits. Most companies have clear policies about what is considered acceptable usage; employees who violate those rules should be dealt with as the company sees fit.
I consider myself lucky that the position I currently work in is a very flexible position. I can basically set my hours to what I need for a given day/week/month and no one complains as long as I meet my deadlines. My company allows me to take up to a two-hour lunch, during which I can go to the Doctor, run errands, etc. If I work more than 40-hours in a week, I can comp the time to use later instead of dipping into vacation time. The only thing I dislike is that my current employer lumps sick time and vacation time into one pool: Paid Time Off.
Don't get me wrong; I'm not trying to brag. I have friends at other companies that I have worked for who work long hours under draconian bosses. Four ex-coworkers regularly put in 80+ hour weeks and have an Dick for a boss. They don't get overtime or comp time, they only get paid salary, and they RARELY get to sit and eat lunch without being disturbed. They also are on pagers and cell phones 24/7/365.
Funny thing is, I find that many people choose the jobs they have as a result of the percieved "social status" that surrounds their job or who they work for. Examples: In many of the places I have worked programmers are considered to be lower in status than a sysadmin or you're better if you work for a hot, internet startup than if you work in an established company. My ex-coworkers are very status conscious and have bragged many times that they are the best LAN team in a major telecommunications company (Worldcom).
We met up the other day and got to talking about work. They have made it clear that they look down on what I do (AIX/Linux/Windows Administrator, Network Engineer, Jack-of-All-Trades) because of who I do it for (Lockheed Martin) and that I work in support of the military. They started comparing salaries and laughed when I revealed that my salary is about $10K less that theirs.
I had the last laugh though; I simply asked the question of how much they make per hour. One of them did some quick figuring and discovered that they made (on average) about $17.00/hour versus the $30+/hour that I make because my employer doesn't work me 80+ hours per week.
I work for a large aerospace company that is on contract with the U.S. Military. We are always on the lookout for interns in various areas. Our site has many *nix boxen: IBM, Sun, and even x86 running Linux. My last assistant up and quit after the management at his company (not the one I work for) made a major screw-up. The position is open....
Look to companies in the military/government sector as well as the private sector.
Just finished looking at "The Cube" and love the way they designed how to remove the innards of the machine from the case. After many years of working on steel-cased machines (everything from PCs to mainframes to Unix Boxes) and cutting up my hands in the process, Apple has finnaly made a design that I'd love to get my hands on. Easy to remove from the case, doesn't appear to have many sharp edges. Would love to know if the component chassis is metal or plastic.
:)
Would especially love to see a rackmount unit made that can hold, say, two of the chassis modules per rack. That would be about 16 per standard size 19" rack. Easy insert and extract for repairs. Hmmmm...... LinuxPPC on each unit running SETI@Home
Well, I can dream, can't I?
I work for a large aerospace company as a Systems Administrator on a U.S. Military Base. The physical security of the systems as well as the data they contain is of utmost importance to the Military. This is evidenced by the regular, mandatory security training sessions we receive from the boys-in-blue.
Even with all the training (read trying-to-pound-in-common-sense) we receive, the number one security problem is contractors. The very same people who zealously guard "their" company's secrets are the one's who think nothing of sending classified information out via unclassified e-mail systems. They think nothing of violating rules that forbid anyone (except the sysadmin) from writing data to a floppy that they take home with them. Those of us who are responsible for systems security have also watched in horror as the management of these contracting companies have covered up security violations.
I have seen many of the things that officials from Los Alamos are claiming as possibilities for why the data is missing. During the shutdown of another facility, some of the tapes and records on their books were found to be missing. After much searching, it was found that the librarian had failed to file the appropriate paperwork for the destruction of those records and they were never removed from the inventory. There have been occasions where people have checked out material and then failed to have it signed back in when they returned it. Once, we were declassifying old hard drives only to find out, when we were finished, that we'd been given the wrong drives to declassify! Fortunately, we have never had anything stolen.
Make no mistake, the government and the military take the security of their data quite seriously. It's the unattentive, careless, and clueless contractors and other workers who don't take the security of the U.S.'s information SERIOUSLY that pose the greatest risk. The rules and regulations that we are required to follow in the handling of sensitive material are just the kind of rules many corporations use:
* If someone doesn't need to know, don't tell them
* Don't leave sensitive information laying around unattended
* Follow the proper procedure for checking out/checking in documents/tapes/disks
* Don't use internet e-mail to send sensitive information
I got me one of them new fangled wood-burnin' com-pu-tars!
It may hurt Micro$oft, but it could be a boon to the consumer/user community. Imagine a Windows product that you actually had the ability to fix the bugs in ala Open Source. Wow, a version of Windows where you won't get the Blue Screen of Death everyday.
Looks like they are gearing up to start an assault on Linux. Even though it's just *nix compatibility, they'll probably shout "Just like *nix, only better!"
Microsloth 95/98/NT are just too bloody unstable for my tastes and it's wonderful how often people keep finding new and fun security bugs.
Give me AIX and Linux anyday!
Bones and the rest of the Star Trek crew brightened many a rainy day for me. I wish Dee would have lived to see 140+, like Bones in the first episode of ST:TNG.
His wit and wisdom will be missed.
I worked for a major long distance company not too long ago and spying on employees was common. We had many occurances of stolen computer hardware/software and it began costing the company quite a bit of money. Their solution was to install security cameras (during a holiday weekend) into vents and lighting fixtures to keep an eye on the employees.
Because of space limitations, the security monitors/recorders were located in a storage area in our server room. We got to see employees doing silly/stupid/crazy things. "Computer abuse" was quite common; pounding on keyboards, slamming mice on the desk, slapping monitors, even one guy who took a leak into his computer then turned it on. He'd been wanting a faster machine but his position didn't require a fast machine; all he did was e-mail and wordprocessing.
You might want to think again, the next time you sit in your cube, if you think no one is watching you. I'm surprised no one has come up with "America's Funniest Office Antics" TV show.