Let me get this straight before I begin. I hate the way I'm treated at my current job. I hate the kinds of mistakes we're making, and the reasons we're making them (over and over and over and over again). It causes me much angst to see what is fundamentally a relatively "easy," albeit large, project fail due to mismanagement, misdirection, and a general lack of good design.
However, as my first (or second, depends on how you count) job out of uni, it's a great experience. For all the wrong reasons, sure, but a great experience nonetheless.
So sure, I don't feel good about my job or happy on the job, but I do feel good knowing that I have all this experience on What Not To Do(tm) in the future. I do feel good knowing I can take very real experience in a large software project into the future.
In all seriousness, such systems exist, and we can pick up on them just as quickly as the kids do, thus negating any usefulness they might otherwise have had. If a site's only available in-room for thirty minutes, it's not much use, is it?
As some coward also said, there's such a thing as a whitelist, too; we don't actively use one, and probably wouldn't bother. People do check the logs regularly though.
I think you missed the point.
Schools are for learning; IM doesn't improve that. On the other hand, starvation and constipation don't improve learning function either (try learning something when you really need to go to the loo).
If you really categorise basic bodily functions in the same "lump" as IM, then I'm really fearful for you. Get a life already.:-)
Seriously though, if you can show how IM is an "essential" function which should be every schoolkid's right to use during school hours, then I'm more than happy to hear it. We tried, and couldn't find a reason to keep it (and teachers complained about the distraction), so out it went.
... have generally had a single- or dual-channel ISDN to share between up to 100 computers. (This is in rural areas of Queensland, Australia - yes, they really do have less available bandwidth than your average cable user, and they pay upward of 40c per megabyte for it...).
There's two main reasons we've taken to blocking any form of IM, or in fact anything that isn't HTTP/FTP, to student desktops. First, of course, is the somewhat limited bandwidth, although this was the least of our reasons. Secondly, and far more importantly, is the element of control: with a transparent proxy through which all HTTP and FTP traffic is routed, we can (a) cut down the amount of input bandwidth needed, and (b) implement a certain amount of filtering (well known porn sites, ads, etc).
Not having IM installed on each desktop also means that there's not configuration problems. Realistically schools have to support one environment, and IM systems, with the number that there are, complicate this no end (imagine the arguments if AIM is the only one supported by a school, but a large percentage of kids use MSN...).
Realistically, if kids want to use IM, they're welcome to do so at home on their own (usually dialup) time. Likewise with any other non-HTTP access. I personally don't see it at that disabling; if kids want to IM each other, they can go back to "pass-it-on" notes.:-)
My $10 says the military brass don't have a clue what they're doing. Particularly given the military's track record of online security...
It's called Buzzword Bingo, and everyone's playing. That will be the main reason for this; it sounds cool, it sounds like a neat concept, and we'll be the only players, right? We don't need to worry about The Enemy building a 15dBi omni, and at least listening in, and at most actually taking over? Surely not. Never. They'd not do that. Nobody has that capability.
Lo and behold, what was designed and implemented as a battlespace advantage quickly becomes your biggest battlespace disadvantage.
Given the military's strong chain of command - and the near heresy of so much as thinking questioning thoughts, the techs implementing this won't dare mention what a Bad Idea it is.
But hey, it's not as if I have any experience in large defence projects. Oh, no. Definitely not.
... they want Apple to put part of their browser on each system, or else they won't develop their browser at all for that platform? Huh? So effectively you'd have two browsers which have the same rendering code, or none which use that rendering code?
Riiight. Somehow I don't see Apple buying this, particularly given that KHTML is an arguably "better" renderer, and I'd imagine costs a lot less to work with than this particular "option".
Looks like Opera just don't want to cross-develop, and they're going to blame whoever they can for their reason. No great loss; there's heaps of resonable-to-good browsers on the platform, so I'm sure we can live without.
It's really quite simple. If a CD can be played, it can be copied. If through no other way than by analog or digital outputs from the playback device, into a recording device...
All these copyright protection schemes do is prevent me, the consumer, using the copyrighted work in a way which is legally supported (at least here in Australia, where the DMCA isn't used as a catch-all...).
It's been said before, and'll be said again: if someone truly wants to violate copyright, there'll be a way to do it - so in the end, the only losers are Mum and Dad users.
Fortunately, there's usually enough power-altering equipment between you and your utility's lines - e.g. power meters and transformers - to limit the propagation to merely one or two houses.
It's the same as wireless from the point of view that you should always assume that you can be sniffed, and take suitable precautions for the kind of data going across the link.
In my experience, they're adequate for most home networks, as long as you're not addicted to 100Mb/sec networks, as am I.:-)
Only major problem is that you're exposed to the line, and serious surges (read: lightning strikes on powerlines, or transformer breakdowns) will get through. Mind, the kind of surge I'm talking about there is likely to pop most surge guards - and a fair few cheaper UPSen - as well. Something else to consider, I guess.
The Queensland Electricity Commission, back in the early `90's, toyed with doing something like this - at a whole 2400 baud - to get some level of signals from one power station to another. By the time they finally got around to doing it, they got broken up - and had fibre networks anyway.
Then why didn't you just run ipsec over conventional 802.11? It will be just as secure as this, and can be done on commodity hardware and with free software.
I doubt it, somehow. The encryption for this will most likely be Type 1 military, which is supposedly uncrackable by standard non-brute-force methods. Give or take a few years, of course - someone will find a weakness in it and be able to exploit it. And as others have said (and quoted from Schneier), a non-open, non-peer-reviewed algorithm isn't necessarily safer, even given that the NSA have enough mathematicians to carry out a full peer review with ease. That doesn't mean the NSA don't know what they're doing, of course...
That all said, security by obscurity is a perfectly valid method, and works well in combination with other methods (good encryption, good user awareness, good network policies, and so on).
Yes, IPSec is good - very good - and when used properly makes it very nearly impossible to break in to a decent network. IPSec is one step in the chain, but isn't the chain. There's many, many parts to getting a SECRET classification on a network.
Presently, IPSec on it's own doesn't get you that classification. I doubt it ever will. Likewise, these cards won't guarantee a SECRET classification, nor should they. Security is the whole, not the individual parts.
Re:Good God, are you Clueless?
on
WiFi Triangulation
·
· Score: 2, Insightful
How hard is it for people to do?
It's not that it's hard, it's that the kinds of people who are generally setting these things up have been roped into doing so, and often don't have the first clue about security in general. Nor do they care - they're not usually frontliners who deal with security breaches on a day-by-day basis, and probably couldn't detect a security breach if/when it happened to them.
Very few SMEs - at least in Australia - 'can afford' to hire a fulltime sysadmin with any level of security knowledge. Sad, yet true...
I presume this isn't a recent iBook, since all of the new ones, at least here in AU, have no IR port. Just wondering... do us Australians get a raw deal?
Why not look at getting a wireless ethernet card or two? All of the speed of a standard (albeit "slow") network, none of the cables. It's a relatively cheap workaround that doesn't involve cabling.:-)
The amount was $400 per machine, for any machine faster than a 486. Servers were $1200 each. Per year. Regardless of actual make or model. Imagine a school with four classrooms of computers, 25 computers each room, plus one server per room. That's effectively $44,800 per annum, which is at least in Queensland about the same as the average school's IT budget (schools in QLD don't get much funding for anything, IT included).
Yes, I do believe that includes the faster PDAs, which of course are now getting up to Pentium-class speeds.
Recently my own state (Queensland, AU) implemented a similar thing within the public school system here. Basically a Burgundy Select license pack - "unlimited" licenses for any product within the pack (including education editions of stuff like Visual Basic), and a fixed cost of AU$400.00 per computer per year. Regardless of what kind - mac, Linux box, PC, you name it. Unless it was a server-class machine, where it costs $1200.00 (again, regardless of what it was actually running).
Schools can't afford that - what $400 equated to in a school of 600 with 100 computers, was literally the entire IT budget. The school I'm involved with rejected the "offer", only to be told that doing so meant they were no longer licensed to use Windows or any other Microsoft product - even those supplied OEM. That is, "since you broke the contract here, we're nullifying every EULA you've ever seen!"
My school has since switched to 100% non-Microsoft products (Sun, Linux, some macs) and haven't regretted it since. They're able to use older machines as thin-clients of sorts, and with a couple of bright students and a lot of learning, they haven't needed to look back.
The Department of Education are not amused, and neither I imagine are Microsoft. Education Queensland have used the carrot ("but this is so much easier to account for than Linux, and here, we'll give you 10% more IT budget than last year...") and the stick (need I say more?) approach, but it so far hasn't worked.
I'd feel sorry for those of you suffering this fate, but Telstra have just done a very similar thing.
Twice.
First of all there was the 3000MB "limit" (free data; you can keep going beyond 3000MB but you pay AU$0.18 per MB beyond that). Now, just over a month or so on, they've kept that in place, uncapped the speed (now making it easier for you to exceed the 3000MB limit without realising it), and increased the cost by about 20%.
Reason given? It's somehow "better value" for some customers (someone, please, tell me how charging me 20% more for the same service is better value...), running the HFC network apparently is "very expensive", and Telstra's AU$4B profit apparently wasn't big enough already.
Personally, I'd rather have kept the 512k cap - I'm mainly after always-on connectivity anyway.
To make things worse, the usage server provided to allow us to monitor and track our own usage goes down when we most need it - when we're nearing the end of the month, and are most likely to exceed our "free" allocation of data.
Great move - I agree. While it'd be nice to have an MS-Office interoperable product on Linux (no, StarOffice doesn't quite cut the mustard - I would prefer 100% interoperability), I really don't think it should be a MS product itself. That just moves the "problem" to one more OS - it does not by any means get rid of the MS monopoly or properly remedy it. Then, also, there's another issue.
As I understand it, the major problem is that Microsoft themselves aren't fully aware of the internal file formats for some of their older products! The information originally was on the wvWare site, although I can't find the exact snippet now.
Another advantage of having the Office file formats opened is that my work among other places could start to properly convert.DOC files to HTML...
Once again, nice work - but I really think it's a teeny bit misguided.
... is to get away from computers/geek-talk (which happens to be work-talk in my case). So my idea of a geek bar is probably not that dissimilar from a real bar.
Matter of fact, PJ O'Brien's in the centre of Brisbane (Queensland, Australia) is just about perfect, IMHO. Quiet enough without being too quiet, serves good drinks and food at the right price, and has good music.
Happens to be where a lot of geeks can be found, in the back left corner of the place on any given Friday night.
Slashdot Mirror
However, as my first (or second, depends on how you count) job out of uni, it's a great experience. For all the wrong reasons, sure, but a great experience nonetheless.
So sure, I don't feel good about my job or happy on the job, but I do feel good knowing that I have all this experience on What Not To Do(tm) in the future. I do feel good knowing I can take very real experience in a large software project into the future.
Call me a masochist. I don't care.
OH MY.
I think you need a life. :P
We're no longer using SINA at all (longish story - but basically cuts down to cost and cost alone), so yes - we're doing it all ourselves.
In all seriousness, such systems exist, and we can pick up on them just as quickly as the kids do, thus negating any usefulness they might otherwise have had. If a site's only available in-room for thirty minutes, it's not much use, is it?
As some coward also said, there's such a thing as a whitelist, too; we don't actively use one, and probably wouldn't bother. People do check the logs regularly though.
Schools are for learning; IM doesn't improve that. On the other hand, starvation and constipation don't improve learning function either (try learning something when you really need to go to the loo).
If you really categorise basic bodily functions in the same "lump" as IM, then I'm really fearful for you. Get a life already. :-)
Seriously though, if you can show how IM is an "essential" function which should be every schoolkid's right to use during school hours, then I'm more than happy to hear it. We tried, and couldn't find a reason to keep it (and teachers complained about the distraction), so out it went.
There's two main reasons we've taken to blocking any form of IM, or in fact anything that isn't HTTP/FTP, to student desktops. First, of course, is the somewhat limited bandwidth, although this was the least of our reasons. Secondly, and far more importantly, is the element of control: with a transparent proxy through which all HTTP and FTP traffic is routed, we can (a) cut down the amount of input bandwidth needed, and (b) implement a certain amount of filtering (well known porn sites, ads, etc).
Not having IM installed on each desktop also means that there's not configuration problems. Realistically schools have to support one environment, and IM systems, with the number that there are, complicate this no end (imagine the arguments if AIM is the only one supported by a school, but a large percentage of kids use MSN...).
Realistically, if kids want to use IM, they're welcome to do so at home on their own (usually dialup) time. Likewise with any other non-HTTP access. I personally don't see it at that disabling; if kids want to IM each other, they can go back to "pass-it-on" notes. :-)
It's called Buzzword Bingo, and everyone's playing. That will be the main reason for this; it sounds cool, it sounds like a neat concept, and we'll be the only players, right? We don't need to worry about The Enemy building a 15dBi omni, and at least listening in, and at most actually taking over? Surely not. Never. They'd not do that. Nobody has that capability.
Lo and behold, what was designed and implemented as a battlespace advantage quickly becomes your biggest battlespace disadvantage.
Given the military's strong chain of command - and the near heresy of so much as thinking questioning thoughts, the techs implementing this won't dare mention what a Bad Idea it is.
But hey, it's not as if I have any experience in large defence projects. Oh, no. Definitely not.
Riiight. Somehow I don't see Apple buying this, particularly given that KHTML is an arguably "better" renderer, and I'd imagine costs a lot less to work with than this particular "option".
Looks like Opera just don't want to cross-develop, and they're going to blame whoever they can for their reason. No great loss; there's heaps of resonable-to-good browsers on the platform, so I'm sure we can live without.
~ducks~
All these copyright protection schemes do is prevent me, the consumer, using the copyrighted work in a way which is legally supported (at least here in Australia, where the DMCA isn't used as a catch-all...).
It's been said before, and'll be said again: if someone truly wants to violate copyright, there'll be a way to do it - so in the end, the only losers are Mum and Dad users.
Sigh.
It's the same as wireless from the point of view that you should always assume that you can be sniffed, and take suitable precautions for the kind of data going across the link.
Only major problem is that you're exposed to the line, and serious surges (read: lightning strikes on powerlines, or transformer breakdowns) will get through. Mind, the kind of surge I'm talking about there is likely to pop most surge guards - and a fair few cheaper UPSen - as well. Something else to consider, I guess.
The Queensland Electricity Commission, back in the early `90's, toyed with doing something like this - at a whole 2400 baud - to get some level of signals from one power station to another. By the time they finally got around to doing it, they got broken up - and had fibre networks anyway.
I doubt it, somehow. The encryption for this will most likely be Type 1 military, which is supposedly uncrackable by standard non-brute-force methods. Give or take a few years, of course - someone will find a weakness in it and be able to exploit it. And as others have said (and quoted from Schneier), a non-open, non-peer-reviewed algorithm isn't necessarily safer, even given that the NSA have enough mathematicians to carry out a full peer review with ease. That doesn't mean the NSA don't know what they're doing, of course...
That all said, security by obscurity is a perfectly valid method, and works well in combination with other methods (good encryption, good user awareness, good network policies, and so on).
Yes, IPSec is good - very good - and when used properly makes it very nearly impossible to break in to a decent network. IPSec is one step in the chain, but isn't the chain. There's many, many parts to getting a SECRET classification on a network.
Presently, IPSec on it's own doesn't get you that classification. I doubt it ever will. Likewise, these cards won't guarantee a SECRET classification, nor should they. Security is the whole, not the individual parts.
It's not that it's hard, it's that the kinds of people who are generally setting these things up have been roped into doing so, and often don't have the first clue about security in general. Nor do they care - they're not usually frontliners who deal with security breaches on a day-by-day basis, and probably couldn't detect a security breach if/when it happened to them.
Very few SMEs - at least in Australia - 'can afford' to hire a fulltime sysadmin with any level of security knowledge. Sad, yet true...
Why not look at getting a wireless ethernet card or two? All of the speed of a standard (albeit "slow") network, none of the cables. It's a relatively cheap workaround that doesn't involve cabling. :-)
Email me for more info. The email address you see will work just fine when unmunged.
Well, a good guideline is 50% - i.e. US$200 equals AU$400, if that helps any.
Yes, I do believe that includes the faster PDAs, which of course are now getting up to Pentium-class speeds.
Schools can't afford that - what $400 equated to in a school of 600 with 100 computers, was literally the entire IT budget. The school I'm involved with rejected the "offer", only to be told that doing so meant they were no longer licensed to use Windows or any other Microsoft product - even those supplied OEM. That is, "since you broke the contract here, we're nullifying every EULA you've ever seen!"
My school has since switched to 100% non-Microsoft products (Sun, Linux, some macs) and haven't regretted it since. They're able to use older machines as thin-clients of sorts, and with a couple of bright students and a lot of learning, they haven't needed to look back.
The Department of Education are not amused, and neither I imagine are Microsoft. Education Queensland have used the carrot ("but this is so much easier to account for than Linux, and here, we'll give you 10% more IT budget than last year...") and the stick (need I say more?) approach, but it so far hasn't worked.
I'd feel sorry for those of you suffering this fate, but Telstra have just done a very similar thing.
Twice.
First of all there was the 3000MB "limit" (free data; you can keep going beyond 3000MB but you pay AU$0.18 per MB beyond that). Now, just over a month or so on, they've kept that in place, uncapped the speed (now making it easier for you to exceed the 3000MB limit without realising it), and increased the cost by about 20%.
Reason given? It's somehow "better value" for some customers (someone, please, tell me how charging me 20% more for the same service is better value...), running the HFC network apparently is "very expensive", and Telstra's AU$4B profit apparently wasn't big enough already.
Personally, I'd rather have kept the 512k cap - I'm mainly after always-on connectivity anyway.
To make things worse, the usage server provided to allow us to monitor and track our own usage goes down when we most need it - when we're nearing the end of the month, and are most likely to exceed our "free" allocation of data.
As I understand it, the major problem is that Microsoft themselves aren't fully aware of the internal file formats for some of their older products! The information originally was on the wvWare site, although I can't find the exact snippet now.
Another advantage of having the Office file formats opened is that my work among other places could start to properly convert .DOC files to HTML...
Once again, nice work - but I really think it's a teeny bit misguided.
Matter of fact, PJ O'Brien's in the centre of Brisbane (Queensland, Australia) is just about perfect, IMHO. Quiet enough without being too quiet, serves good drinks and food at the right price, and has good music.
Happens to be where a lot of geeks can be found, in the back left corner of the place on any given Friday night.