Default deny is a great method and I've been using it for a long time. I'm not sure where your Web access brainstorm comes from but it has no place in a security strategy of default deny. Default deny is very very simple. Either you are a trusted IP or you aren't. Every security strategy has weaknesses. Default denies biggest weakness is that it isn't flexible. But it's biggest strength is that it can massively restrict the amount of potential connectors to a system.
The record companies disagree with you.
Metro-Goldwyn-Mayer Studios v. Grokster Ltd.
http://www.supremecourt.gov/oral_arguments/argument_transcripts/04-480.pdf
"The record companies, my clients, have said, for some time now, and it's been on their Website for some time now, that it's perfectly lawful to take a CD that you've purchased, upload it onto your computer, put it onto your iPod."
From the New York Times http://bits.blogs.nytimes.com/2009/04/08/time-warner-cable-profits-on-broadband-are-great-and-will-grow-because-of-caps/
"Mr. Hobbs tried to strike a balance, saying that while the company is concerned about the cost to maintain its broadband network, investors should not be worried. He said it was “absolutely not” true that Time Warner’s profits were being squeezed by the cost of heavy broadband users. "
AT&T's actual release says the following
"Lopsided usage patterns can cause congestion at certain points in the network, which can slow Internet speeds and interfere with other customers’ access to and use of the network."
Not exactly a convincing argument that they truly have an issue. Especially as their revenues, profits rise and their costs for infrastructure and bandwidth drops.
http://stopthecap.com/2011/03/14/stop-the-cap-investigates-atts-justification-for-internet-overcharging/
""Clear conjecture?" Surely you jest. Unless you've made an enormous breakthrough in networking technology, all existing network interfaces can only handle a finite amount of information at once."
No jest of all. What enormous breakthrough is needed. Just investment of their profits. If one of their FTTN cabinets is congested they add another or increase the backend as needed. Not exactly a miraculous trick when you are talking about fiber. The fiber that feeds that cabinet can handle many times the needed bandwidth for now and for well into the future. Best of all backend costs for the additional bandwidth and cost for the hardware drop every year.
Not sound or relevant. The fact is that an unlimited router isn't necessary, but of course anyone in the ISP business can expect periodic network upgrades. What AT&T is doing is an attempt to double dip. As their bandwidth costs drop, they want to increase bandwidth costs to the end user. If you don't believe me, all you have to do is look at their financials. Uverse is Fiber to the node. And they already have caps in effect based on speed as they sell a variety of different speed packages. To get more speed, you pay more already making the data redundant and unnecessary. But Landell Hobbs former COO of Time Warner Cable says it best:
"Mr. Hobbs tried to strike a balance, saying that while the company is concerned about the cost to maintain its broadband network, investors should not be worried. He said it was “absolutely not” true that Time Warner’s profits were being squeezed by the cost of heavy broadband users. "
Why is that, all your claims are clear conjecture without citation. Landell Hobbs quotes are from a New York Times article at the time they first floated the caps. It's also very easy to find that Time Warner's cost for bandwidth has been dropping in recent years. Relatively easy to find. ATT profits are easily found all over the net with a quick search, along with the role that Uverse has played in contributing to those profits.
"There is a finite amount of bandwidth. The options that have been presented to solve this problem are traffic shaping and capping, so please either throw your towel in with one of those or propose another idea."
Your premise isn't based on fact. The major ISP's have agreed that there is no bandwidth problem, all the traffic shaping and caps are for is to maximize already healthy profits. The fact is that the ISP's have effective caps now. All of the major ISP's have varying levels of speeds you can purchase. Which is effectively a cap. Uverse has been a profit machine for AT&T, take a look at their financial releases and you'll see that AT&T agrees. Time Warner's former COO Landel Hobb's even denied that high bandwidth users had any effect on the companies bottom line.
The only towel that needs to be thrown in is your false premise and the solutions to a non existent problem.
It has everything to do with Firebug. Firebug is an excellent tool, but does cause high CPU and memory usage. Firebug does quite a bit behind the scenes and of course this takes memory and CPU.
http://kb.mozillazine.org/Problematic_extensions
Known good hosts is a good security practice and it does plenty of good. In your case you are choosing convenience over a sound security practice. It's a completely acceptable choice, but you accept all of the consequences of making that choice on the front end.
Others might decide that it's simply not worth the risk to allow ssh access from a coffee shop. Personally I'd consider a system accessing ssh from a hotel room or coffee shop as an unknown host. But there are plenty of ways to verify the host is a known-good host. Implementing them does require more work, thought and layers than simply opening ssh to the world, but security isn't convenient.
"Remote management technologies are for remote management."
Great, telnet is a remote management technology as well, but it certainly doesn't mean that I'm opening it to the world or even local for that matter.
Security practice aren't really one size fits all. What you deem an acceptable risk, isn't for me. All I can say is that because of the practices I've chosen, I don't have the same issues on my Centos boxes that the grandparent has on his.
Yawn. I can send my customers to buy a copy of Windows 7 only to find some of their existing hardware doesn't work with it. Yet the probability is high that it will work with Linux. When Vista had much publicized driver issues, all you guys were saying, "It's not MS's fault, it's the hardware manufacturers." The troll would be so much more effective if you stay consistent and a little less obvious. Another way to not be perceived as a troll is quit pretending that the internet doesn't exist on a troll of an internet forum. Two trips to the B&M indeed.
Slashdot Mirror
The courts have disagreed with your assessment.
Default deny is a great method and I've been using it for a long time. I'm not sure where your Web access brainstorm comes from but it has no place in a security strategy of default deny. Default deny is very very simple. Either you are a trusted IP or you aren't. Every security strategy has weaknesses. Default denies biggest weakness is that it isn't flexible. But it's biggest strength is that it can massively restrict the amount of potential connectors to a system.
Go practice your trolls and come back. Nothing says dated and 5 years ago like mentioning Linux Hater's Blog
Buying development only confirms how far behind they are app-wise.
"And this isn't a Microsoft fanboi rant" Why are these words always included in Microsoft fanboi rants?
GTFO, that EULA is specifically for the website and has nothing to do with Uplay or their games.
And I use Adblock full on, full time. Different strokes for different folks.
Exactly! I have no moral qualms about cooperative time shifting.
And still you offer none...
The prius is the most dogshit looking car there is. Nothing futuristic about it in the least.
Paul Thurott is an unabashed shill. Nothing to see here move along
The record companies disagree with you. Metro-Goldwyn-Mayer Studios v. Grokster Ltd. http://www.supremecourt.gov/oral_arguments/argument_transcripts/04-480.pdf "The record companies, my clients, have said, for some time now, and it's been on their Website for some time now, that it's perfectly lawful to take a CD that you've purchased, upload it onto your computer, put it onto your iPod."
And your work is much appreciated!
Your ignorance of networking technology is showing all over the place.
From the New York Times http://bits.blogs.nytimes.com/2009/04/08/time-warner-cable-profits-on-broadband-are-great-and-will-grow-because-of-caps/ "Mr. Hobbs tried to strike a balance, saying that while the company is concerned about the cost to maintain its broadband network, investors should not be worried. He said it was “absolutely not” true that Time Warner’s profits were being squeezed by the cost of heavy broadband users. " AT&T's actual release says the following "Lopsided usage patterns can cause congestion at certain points in the network, which can slow Internet speeds and interfere with other customers’ access to and use of the network." Not exactly a convincing argument that they truly have an issue. Especially as their revenues, profits rise and their costs for infrastructure and bandwidth drops. http://stopthecap.com/2011/03/14/stop-the-cap-investigates-atts-justification-for-internet-overcharging/ ""Clear conjecture?" Surely you jest. Unless you've made an enormous breakthrough in networking technology, all existing network interfaces can only handle a finite amount of information at once." No jest of all. What enormous breakthrough is needed. Just investment of their profits. If one of their FTTN cabinets is congested they add another or increase the backend as needed. Not exactly a miraculous trick when you are talking about fiber. The fiber that feeds that cabinet can handle many times the needed bandwidth for now and for well into the future. Best of all backend costs for the additional bandwidth and cost for the hardware drop every year.
AT&T Mobility LLC is the wholly owned wireless subsidiary of AT&T. Same company.
They are already paying the higher fees for the higher rates. If there are extremely few people then the problem is overstated.
Not sound or relevant. The fact is that an unlimited router isn't necessary, but of course anyone in the ISP business can expect periodic network upgrades. What AT&T is doing is an attempt to double dip. As their bandwidth costs drop, they want to increase bandwidth costs to the end user. If you don't believe me, all you have to do is look at their financials. Uverse is Fiber to the node. And they already have caps in effect based on speed as they sell a variety of different speed packages. To get more speed, you pay more already making the data redundant and unnecessary. But Landell Hobbs former COO of Time Warner Cable says it best: "Mr. Hobbs tried to strike a balance, saying that while the company is concerned about the cost to maintain its broadband network, investors should not be worried. He said it was “absolutely not” true that Time Warner’s profits were being squeezed by the cost of heavy broadband users. "
Why is that, all your claims are clear conjecture without citation. Landell Hobbs quotes are from a New York Times article at the time they first floated the caps. It's also very easy to find that Time Warner's cost for bandwidth has been dropping in recent years. Relatively easy to find. ATT profits are easily found all over the net with a quick search, along with the role that Uverse has played in contributing to those profits.
"There is a finite amount of bandwidth. The options that have been presented to solve this problem are traffic shaping and capping, so please either throw your towel in with one of those or propose another idea." Your premise isn't based on fact. The major ISP's have agreed that there is no bandwidth problem, all the traffic shaping and caps are for is to maximize already healthy profits. The fact is that the ISP's have effective caps now. All of the major ISP's have varying levels of speeds you can purchase. Which is effectively a cap. Uverse has been a profit machine for AT&T, take a look at their financial releases and you'll see that AT&T agrees. Time Warner's former COO Landel Hobb's even denied that high bandwidth users had any effect on the companies bottom line. The only towel that needs to be thrown in is your false premise and the solutions to a non existent problem.
It has everything to do with Firebug. Firebug is an excellent tool, but does cause high CPU and memory usage. Firebug does quite a bit behind the scenes and of course this takes memory and CPU. http://kb.mozillazine.org/Problematic_extensions
Microsoft themselves claim the Xbox OS is a custom OS built from the ground up that uses a subset of Windows API's
http://blogs.msdn.com/b/xboxteam/archive/2006/02/17/534421.aspx
Officer Bubbles meet Barbara Streisand. You've just ensured millions of more views of the videos and the cartoons.
Known good hosts is a good security practice and it does plenty of good. In your case you are choosing convenience over a sound security practice. It's a completely acceptable choice, but you accept all of the consequences of making that choice on the front end. Others might decide that it's simply not worth the risk to allow ssh access from a coffee shop. Personally I'd consider a system accessing ssh from a hotel room or coffee shop as an unknown host. But there are plenty of ways to verify the host is a known-good host. Implementing them does require more work, thought and layers than simply opening ssh to the world, but security isn't convenient. "Remote management technologies are for remote management." Great, telnet is a remote management technology as well, but it certainly doesn't mean that I'm opening it to the world or even local for that matter. Security practice aren't really one size fits all. What you deem an acceptable risk, isn't for me. All I can say is that because of the practices I've chosen, I don't have the same issues on my Centos boxes that the grandparent has on his.
Yawn. I can send my customers to buy a copy of Windows 7 only to find some of their existing hardware doesn't work with it. Yet the probability is high that it will work with Linux. When Vista had much publicized driver issues, all you guys were saying, "It's not MS's fault, it's the hardware manufacturers." The troll would be so much more effective if you stay consistent and a little less obvious. Another way to not be perceived as a troll is quit pretending that the internet doesn't exist on a troll of an internet forum. Two trips to the B&M indeed.