I used to work for a bank and we looked at SecureID for all of our internet banking customers that could originate ACH (Automated Clearing House) transfers.
We realized that SecureID is also vulnerable to a man-in-the-middle attack. Since most people ignore invalid SSL certificates, anyone could put up a fake webpage and intercept the entire SecureID transaction. Once a successful login is permitted, the attacker can process bank transactions as the legitimate user.
SecureID is a nice way to augment passwords with a one-time password, and it does reduce the "attack window" due to the fact that the bad guy can not reuse your login credentials at a later time. SecureID does not eliminate the attack window...the attacker needs to process the fraudulent transactions during the legitimate user's session.
The cell phone market is filled with phones that are difficult to use, unstable, and generally crap.
I have a Motorola Q and it SUCKS. Sure, it hooks up to exchange, and it is nice and small, but battery life sucks, voice recognition sucks, and it crashes more than Eddie Griffin driving an Enzo.
I can't tell you how many times I've looked at phone interfaces from LG, Samsung, Motorola and Nokia and thought the designers were all on crack.
Apple NEEDS to show the world how to make a phone. God help us if they don't.
You probably could outsource 12,000 phones, but you would probably lose custom configurations that big companies like. The bigger challenge would be finding a company that could handle that many clients. Companies the size of Verizon probably could do it, but I would HATE to call a company that big for small adds and changes.
Agreed on Voice Gateway.....what a disaster.
Our current Cisco IAD2400 can be a complete stand-alone phone system. If you add a flash memory card, you can even do limited amounts of voicemail. That's amazing for one little router. Currently it only connects us to our phone system provider that has a much more feature rich system, but i'll bet in the next few years, that type of functionality will be built into the perimeter routers.
Actually, our biggest headaches came from SQL injection attacks against our internet banking application. The MS stuff never really gave us a problem thanks to many layers of security (intrusion detection, content filters, restricted internet access, anti-virus, low-default permissions....etc).
Still, an internet banking application, that was open source, may have prevented those SQL injection vulnerabilities due to many eyeballs looking at the code.
We just recently outsourced our entire phone system to our phone company. Instead of maintaining Cisco call manager and the associated servers, we now have MPLS circuits at all our locations to our phone company. They interconnect our sites, and provide VOIP service with Polycom phones and Broadsoft's VOIP backend.
It turned out to be cheaper to pay per-month, per-phone, than maintaining a huge infrastructure to support Cisco voice. We have to pay for voice service anyway, the small additional cost put phones on everyone's desk without a huge capital outlay to buy all the Cisco gear.
Stuff changes overnight in this business. VOIP might change that fast as well.
How many times have you heard this from your users?
The government is now putting developers on notice. If your application needs something strange.....like administrative / root access for all who use the app, then guess what - you can't sell that application to the US government.
I'm actually happy to hear this. All users on our network run as a standard user. No one outside of our IT department gets administrative or root access....if their application requires it.....too bad.
I was the network manager for a bank a while back, and during our audits were were given a list of registry/active directory policies required to get a good rating by those auditors. They also had a list of services that needed to be disabled as well (unless there was a compelling business case for those services).
I have to admit, the federal regulators did not ask us to do anything that I did not agree with. The only exception was changing our default SQL server port. I think that was around the slammer virus time and that was the quick fix. Unfortunately their "quick fix" turned into months of application research trying to figure out what we were going to break by changing the SQL port. I told the auditors that a quick nmap scan would reveal the new port easily.....and future worms would have that ability built-in. They made us change it anyway.
Beyond that, they also looked at our audit trail, monitoring and alerting, and our network/firewall architecture. You pretty much had to do everything they asked or you lost your FDIC insurance.
You should be glad the feds care about bank security....after all, it is your money they are protecting.
We need to get left behind to shake up our policy makers. After a decade of stupid laws that kill innovation in this country, and start an economic recession, maybe people will wake up to the fact that conservative candidates and ideas need to be tossed out. You can not have progress without change. Conservatives, by nature and definition, resist change.
Innovation killing patents, overly-restrictive copyright, anti-science and anti-education political agendas, trade barriers.....all the right ingredients to kill our economy.
Maybe after a decade of being the "world-losers" joe-sixpack will figure out that new leadership is needed....and maybe voting only pro-choice or pro-life is too simplistic a strategy to keep our country competitive with the rest of the world.
I like the new Intel Macs and we run a ton of them at work. We were traditionally a windows shop, and still are on the back-end. The new Macs give us a choice. We can run windows and Mac OS where it makes sense.
Unfortunately if you need to replace hard drives, the new Macs suck. Sure, the Mac Pro is easy as pie. The drives just slide out. On everything else, it requires major surgery. In our iMacs, you need to pull the front off of the unit and then remove the screen (that is under a boatload of adhesive shielding foil).
Mac Minis are also a pain. It requires shoving putty knives into three sides of the unit to pry off the top and then removing a DVD drive and a plastic subframe.
The laptops have always been a hassle and still are.
Now the Dell Optiplex systems are wonderful. A couple of pushtabs to open the case and another couple of pushtabs to pull out the hard drive. It's almost as easy as opening a copier....no tools required.
Apple needs to make a mid-line tower machine based on the Core 2 processor. Most desktop users like the expandibility of a mid-tower, but they do not need dual-xeons.
Remember years ago....most small to medium businesses ran Netware. The stuff was everywhere. Around Netware 3.11 or 4 MS started making inroads with NT server, NT workstation, and windows 95. How did this happen?
The Novell Network client for MS operating systems did much to integrate MS products into these networks and slowly, through the natural replacement cycle, Novell went away and Windows came in.
OS X could do this the same way. The AD plugin for OS X is a good start. Better support and integration of Active Directory and Open Directory will make it possible for OS X to directly replace Windows servers and workstations.
Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test.
As a network manager for a school, I can tell you that this attitude is not unique to the software industry.
Two jobs ago I was a sysadmin at a place that had an EMC Clariion and Symetrix SANs. Both SANs had the ability to call home to EMC when they detected a drive failure and EMC would send out a replacement drive automatically.
We saw FedEX overnight boxes sitting on our doorstep in the morning with disturbing regularity. The "quality" of the systems did not seem to matter. A $30,000 SAN using SATA drives or a $500,000 SAN using FC drives...both had almost equal failure rates.
The FC SAN had WAY better performance....probably due to the 32 GB of system cache.
Gates must have dropped out before taking Econ 101.
A labor shortfall in a free market ALWAYS results in higher wages which ends up drawing more people into the field. Once an employment saturation point is achieved, salaries decline and employment levels off.
H-1B visas artificially increase the labor supply while decreasing wage growth. This attempt to "makeup the shortfall" will only further depress CS enrollments. Why on earth would a prospective student go into CS if the money is not there, and labor is being imported to further drive down wages?
Gates is not a stupid man - he knows these economic rules, and lowering wages is the only reason to push for more H-1B visas.
I've read a few comments about virtualization making disaster recovery less painful (thanks to hardware abstraction) and server fault tolerance (due to redundant SAN attached boxes handing server images back and forth). That sounds great but let me explain how it will really be sold to CEOs and CFOs:
HARDWARE SAVINGS. I can already see the Microsoft ads....reduce the size of your datacenter, save electricity, buy less hardware...all by putting multiple mission critical servers on ONE physical server! That's why you need Longhorn server!
And that's how management will buy and implement this thing. All your mission critical software eggs in one hardware basket.
The state of broadband in the US reflects its users. Lots of people in the US know very little about what occurs outside their borders. Most broadband customers feel that $50.00/mo. for a 3 Mbps/512k connection is normal. Furthermore, they think that is all they need. I've heard plenty of people sing the praises of Verizon's $20.00/mo. 768k/128k DSL....why? Because it is cheap, and faster than dial-up. In their minds, there is no reason to spend almost 3x as much for faster service.
Thanks to this type of consumer, and local monopolies, $50.00 low-speed "broadband" is the norm in areas that have access to broadband.
Remember the Tennessee Valley Authority from your history class? Why was it important?
Our government realized that electricity was so important to the growth of our nation, that it could not be left to an unregulated market. Our government knew that if left to private industry, utility service would only be made available to densely populated areas. Our government needs to realize that high-speed data service now is as important as electricity or running water. For those that doubt that statement, try to apply for a job without using the internet. Sure, you can in some cases, but high-paying jobs almost require you to apply via electronic means.
We need to vote for guys that make this a priority (not Ted Stevens).
We just started experimenting with parallels, and we got one disappointing surprise:
Parallels is designed for a single user. Each user of Mac OS needs to have their own installed copy of windows. There is no way with Parallels Desktop to have multiple mac users login to windows without installing a separate instance of windows.
Our goal was to eliminate bootcamp and allow roaming users to login to the Macs and then be able to fire up a copy of windows, and then login to that.
On the bright side: Parallels says they may rebuild the software to allow that type of use.
Those guys used to give big-time money to their church.....and then go "whack" some guys as a matter of business.
The leaders of an organization do not necessarily reflect the true nature of their organization.
Bill and Melinda are probably very nice people, and they do very nice things with their money, but their company is a ruthless and brutal company. Microsoft has demonstrated, time and time again, that they will do anything to maintain their monopoly and stranglehold on their market. They have put the screws to their "partners" and customers, and have caused much ill will between those parties.
No amount of gift-giving, by a few at the top, will change that.
Many companies only backup irreplaceable data. Have you priced LTO3 drives, tapes, or autoloaders recently? Those damn things are expensive. Why backup operating systems and consume precious, expensive backup space?
Most companies have hot/warm redundant systems off-site for mission critical systems. System images don't usually help in the event of a Katrina type disaster. After all, how can you guarantee that you'll get the exact same hardware you had? DR companies like Agility only guarantee that you'll get a 1u Intel Xeon server, not necessarily a Dell PowerEdge 1850....
Because of these limitations, entire operating systems are seldom backed up.
I can't tell you how many times I've seen people buy new computers because theirs was filled with spyware, viruses, and tons of crapware. I'm sure Microsoft is aware of this trend....especially with $500 computers.
Now that consumer versions of Vista are not bootable, this trend will only increase. More people will say "fuck it....i'll just buy a new one".
I can't think of any other reason for Microsoft to do this nonsense.
I didn't see anything in the study that accounted for age.
I live in a town home community. Our town home borders a township park and a small strip of stores. We do our share of walking, but we use our cars for weekend errands, and the daily commute to work.
Most people in our development are in their late 20's, early 30's, or are retired.
Almost everyone here starting a family wants to move into a 4 bedroom, 2.5 bath house, with a 2 car garage, on an acre of land.....but economics drives these housing decisions.
Is it possible that the 40-something people, that can afford the classic suburban house, are 10 lbs heavier because they are a little older and aren't as physically active as they were in their younger years?
That means of all the windows installs out there only 20% are pirated!
So here are the costs of WGA and Volume Activation 2.0:
Microsoft is going through development hassles distracting them from putting anything substantial in Vista (beyond a paint job).
Microsoft will put its paying customers through the anti-piracy wringer while pirates keep going on about their business.
Microsoft has created a potential security hole that can render a machine almost useless by a determined black-hat.
Microsoft may actually lose customers to Linux and Mac OS due to the hassles of activation and WGA.
Is this really worth it for a potential one-time 20% gain in sales? Microsoft still charges for support per incident - so there are no support losses due to piracy.
Actually, our business manager cuts the checks...I just create the budgets, get the board to approve the budgets, and then sign the purchase orders.
So technically I don't cut the checks, I tell my business manager to.
I have put my ass on the line for free software. We currently run Open Office on all our Mac and Windows platforms. Only a small handful of people in the organization run Microsoft Office.
Slashdot Mirror
I used to work for a bank and we looked at SecureID for all of our internet banking customers that could originate ACH (Automated Clearing House) transfers.
We realized that SecureID is also vulnerable to a man-in-the-middle attack. Since most people ignore invalid SSL certificates, anyone could put up a fake webpage and intercept the entire SecureID transaction. Once a successful login is permitted, the attacker can process bank transactions as the legitimate user.
SecureID is a nice way to augment passwords with a one-time password, and it does reduce the "attack window" due to the fact that the bad guy can not reuse your login credentials at a later time. SecureID does not eliminate the attack window...the attacker needs to process the fraudulent transactions during the legitimate user's session.
-ted
The cell phone market is filled with phones that are difficult to use, unstable, and generally crap.
I have a Motorola Q and it SUCKS. Sure, it hooks up to exchange, and it is nice and small, but battery life sucks, voice recognition sucks, and it crashes more than Eddie Griffin driving an Enzo.
I can't tell you how many times I've looked at phone interfaces from LG, Samsung, Motorola and Nokia and thought the designers were all on crack.
Apple NEEDS to show the world how to make a phone. God help us if they don't.
-ted
You probably could outsource 12,000 phones, but you would probably lose custom configurations that big companies like. The bigger challenge would be finding a company that could handle that many clients. Companies the size of Verizon probably could do it, but I would HATE to call a company that big for small adds and changes.
Agreed on Voice Gateway.....what a disaster.
Our current Cisco IAD2400 can be a complete stand-alone phone system. If you add a flash memory card, you can even do limited amounts of voicemail. That's amazing for one little router. Currently it only connects us to our phone system provider that has a much more feature rich system, but i'll bet in the next few years, that type of functionality will be built into the perimeter routers.
-ted
Actually, our biggest headaches came from SQL injection attacks against our internet banking application. The MS stuff never really gave us a problem thanks to many layers of security (intrusion detection, content filters, restricted internet access, anti-virus, low-default permissions....etc).
Still, an internet banking application, that was open source, may have prevented those SQL injection vulnerabilities due to many eyeballs looking at the code.
-ted
We just recently outsourced our entire phone system to our phone company. Instead of maintaining Cisco call manager and the associated servers, we now have MPLS circuits at all our locations to our phone company. They interconnect our sites, and provide VOIP service with Polycom phones and Broadsoft's VOIP backend.
It turned out to be cheaper to pay per-month, per-phone, than maintaining a huge infrastructure to support Cisco voice. We have to pay for voice service anyway, the small additional cost put phones on everyone's desk without a huge capital outlay to buy all the Cisco gear.
Stuff changes overnight in this business. VOIP might change that fast as well.
-ted
How many times have you heard this from your users?
The government is now putting developers on notice. If your application needs something strange.....like administrative / root access for all who use the app, then guess what - you can't sell that application to the US government.
I'm actually happy to hear this. All users on our network run as a standard user. No one outside of our IT department gets administrative or root access....if their application requires it.....too bad.
-ted
I was the network manager for a bank a while back, and during our audits were were given a list of registry/active directory policies required to get a good rating by those auditors. They also had a list of services that needed to be disabled as well (unless there was a compelling business case for those services).
I have to admit, the federal regulators did not ask us to do anything that I did not agree with. The only exception was changing our default SQL server port. I think that was around the slammer virus time and that was the quick fix. Unfortunately their "quick fix" turned into months of application research trying to figure out what we were going to break by changing the SQL port. I told the auditors that a quick nmap scan would reveal the new port easily.....and future worms would have that ability built-in. They made us change it anyway.
Beyond that, they also looked at our audit trail, monitoring and alerting, and our network/firewall architecture. You pretty much had to do everything they asked or you lost your FDIC insurance.
You should be glad the feds care about bank security....after all, it is your money they are protecting.
-ted
We need to get left behind to shake up our policy makers. After a decade of stupid laws that kill innovation in this country, and start an economic recession, maybe people will wake up to the fact that conservative candidates and ideas need to be tossed out. You can not have progress without change. Conservatives, by nature and definition, resist change.
Innovation killing patents, overly-restrictive copyright, anti-science and anti-education political agendas, trade barriers.....all the right ingredients to kill our economy.
Maybe after a decade of being the "world-losers" joe-sixpack will figure out that new leadership is needed....and maybe voting only pro-choice or pro-life is too simplistic a strategy to keep our country competitive with the rest of the world.
-ted
I like the new Intel Macs and we run a ton of them at work. We were traditionally a windows shop, and still are on the back-end. The new Macs give us a choice. We can run windows and Mac OS where it makes sense.
Unfortunately if you need to replace hard drives, the new Macs suck. Sure, the Mac Pro is easy as pie. The drives just slide out. On everything else, it requires major surgery. In our iMacs, you need to pull the front off of the unit and then remove the screen (that is under a boatload of adhesive shielding foil).
Mac Minis are also a pain. It requires shoving putty knives into three sides of the unit to pry off the top and then removing a DVD drive and a plastic subframe.
The laptops have always been a hassle and still are.
Now the Dell Optiplex systems are wonderful. A couple of pushtabs to open the case and another couple of pushtabs to pull out the hard drive. It's almost as easy as opening a copier....no tools required.
Apple needs to make a mid-line tower machine based on the Core 2 processor. Most desktop users like the expandibility of a mid-tower, but they do not need dual-xeons.
-ted
Remember years ago....most small to medium businesses ran Netware. The stuff was everywhere. Around Netware 3.11 or 4 MS started making inroads with NT server, NT workstation, and windows 95. How did this happen?
The Novell Network client for MS operating systems did much to integrate MS products into these networks and slowly, through the natural replacement cycle, Novell went away and Windows came in.
OS X could do this the same way. The AD plugin for OS X is a good start. Better support and integration of Active Directory and Open Directory will make it possible for OS X to directly replace Windows servers and workstations.
It might take 5-10 years, but it is possbile.
-ted
Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test.
As a network manager for a school, I can tell you that this attitude is not unique to the software industry.
-ted
Two jobs ago I was a sysadmin at a place that had an EMC Clariion and Symetrix SANs. Both SANs had the ability to call home to EMC when they detected a drive failure and EMC would send out a replacement drive automatically.
We saw FedEX overnight boxes sitting on our doorstep in the morning with disturbing regularity. The "quality" of the systems did not seem to matter. A $30,000 SAN using SATA drives or a $500,000 SAN using FC drives...both had almost equal failure rates.
The FC SAN had WAY better performance....probably due to the 32 GB of system cache.
-ted
As a recent Mac convert, i'll be the first to admit that Firefox is a better browser for both Mac and PC.
Safari incorrectly renders lots of sites. Firefox seems to be better about most sites.
And....it's free.
-ted
Gates must have dropped out before taking Econ 101.
A labor shortfall in a free market ALWAYS results in higher wages which ends up drawing more people into the field. Once an employment saturation point is achieved, salaries decline and employment levels off.
H-1B visas artificially increase the labor supply while decreasing wage growth. This attempt to "makeup the shortfall" will only further depress CS enrollments. Why on earth would a prospective student go into CS if the money is not there, and labor is being imported to further drive down wages?
Gates is not a stupid man - he knows these economic rules, and lowering wages is the only reason to push for more H-1B visas.
-ted
I've read a few comments about virtualization making disaster recovery less painful (thanks to hardware abstraction) and server fault tolerance (due to redundant SAN attached boxes handing server images back and forth). That sounds great but let me explain how it will really be sold to CEOs and CFOs:
HARDWARE SAVINGS. I can already see the Microsoft ads....reduce the size of your datacenter, save electricity, buy less hardware...all by putting multiple mission critical servers on ONE physical server! That's why you need Longhorn server!
And that's how management will buy and implement this thing. All your mission critical software eggs in one hardware basket.
-ted
The state of broadband in the US reflects its users. Lots of people in the US know very little about what occurs outside their borders. Most broadband customers feel that $50.00/mo. for a 3 Mbps/512k connection is normal. Furthermore, they think that is all they need. I've heard plenty of people sing the praises of Verizon's $20.00/mo. 768k/128k DSL....why? Because it is cheap, and faster than dial-up. In their minds, there is no reason to spend almost 3x as much for faster service.
Thanks to this type of consumer, and local monopolies, $50.00 low-speed "broadband" is the norm in areas that have access to broadband.
Remember the Tennessee Valley Authority from your history class? Why was it important?
Our government realized that electricity was so important to the growth of our nation, that it could not be left to an unregulated market. Our government knew that if left to private industry, utility service would only be made available to densely populated areas. Our government needs to realize that high-speed data service now is as important as electricity or running water. For those that doubt that statement, try to apply for a job without using the internet. Sure, you can in some cases, but high-paying jobs almost require you to apply via electronic means.
We need to vote for guys that make this a priority (not Ted Stevens).
-ted
We just started experimenting with parallels, and we got one disappointing surprise:
Parallels is designed for a single user. Each user of Mac OS needs to have their own installed copy of windows. There is no way with Parallels Desktop to have multiple mac users login to windows without installing a separate instance of windows.
Our goal was to eliminate bootcamp and allow roaming users to login to the Macs and then be able to fire up a copy of windows, and then login to that.
On the bright side: Parallels says they may rebuild the software to allow that type of use.
-ted
I merely said they appeared to be nice people since I have never met them.
I do, however, know the company very well, so I felt comfortable commenting on that.
-ted
Those guys used to give big-time money to their church.....and then go "whack" some guys as a matter of business.
The leaders of an organization do not necessarily reflect the true nature of their organization.
Bill and Melinda are probably very nice people, and they do very nice things with their money, but their company is a ruthless and brutal company. Microsoft has demonstrated, time and time again, that they will do anything to maintain their monopoly and stranglehold on their market. They have put the screws to their "partners" and customers, and have caused much ill will between those parties.
No amount of gift-giving, by a few at the top, will change that.
-ted
It's available, but you don't get it unless you ask for it, when you place your volume license order.
-ted
Many companies only backup irreplaceable data. Have you priced LTO3 drives, tapes, or autoloaders recently? Those damn things are expensive. Why backup operating systems and consume precious, expensive backup space?
Most companies have hot/warm redundant systems off-site for mission critical systems. System images don't usually help in the event of a Katrina type disaster. After all, how can you guarantee that you'll get the exact same hardware you had? DR companies like Agility only guarantee that you'll get a 1u Intel Xeon server, not necessarily a Dell PowerEdge 1850....
Because of these limitations, entire operating systems are seldom backed up.
-ted
I can't tell you how many times I've seen people buy new computers because theirs was filled with spyware, viruses, and tons of crapware. I'm sure Microsoft is aware of this trend....especially with $500 computers.
Now that consumer versions of Vista are not bootable, this trend will only increase. More people will say "fuck it....i'll just buy a new one".
I can't think of any other reason for Microsoft to do this nonsense.
-ted
I didn't see anything in the study that accounted for age.
I live in a town home community. Our town home borders a township park and a small strip of stores. We do our share of walking, but we use our cars for weekend errands, and the daily commute to work.
Most people in our development are in their late 20's, early 30's, or are retired.
Almost everyone here starting a family wants to move into a 4 bedroom, 2.5 bath house, with a 2 car garage, on an acre of land.....but economics drives these housing decisions.
Is it possible that the 40-something people, that can afford the classic suburban house, are 10 lbs heavier because they are a little older and aren't as physically active as they were in their younger years?
-ted
That means of all the windows installs out there only 20% are pirated!
So here are the costs of WGA and Volume Activation 2.0:
Microsoft is going through development hassles distracting them from putting anything substantial in Vista (beyond a paint job).
Microsoft will put its paying customers through the anti-piracy wringer while pirates keep going on about their business.
Microsoft has created a potential security hole that can render a machine almost useless by a determined black-hat.
Microsoft may actually lose customers to Linux and Mac OS due to the hassles of activation and WGA.
Is this really worth it for a potential one-time 20% gain in sales? Microsoft still charges for support per incident - so there are no support losses due to piracy.
I don't get it.
-ted
Actually, our business manager cuts the checks...I just create the budgets, get the board to approve the budgets, and then sign the purchase orders.
So technically I don't cut the checks, I tell my business manager to.
I have put my ass on the line for free software. We currently run Open Office on all our Mac and Windows platforms. Only a small handful of people in the organization run Microsoft Office.
-ted