I work in K12, we manage 2 SIS databases that contain between 16k and 40k student records. We aren't the norm, but there are much larger K12 databases out there.
Student Information Systems can easily contain over 10,000 student records. So, potentially, the kid who changes his grades could be tried by the fed in the future.
In reality, this is just more of the same nonsense from the dolts on the hill. The problem has never been the content available to students. It has always been an issue of enforcing faculty responsibility. Students are given the opportunity to use systems unattended in the school environment without focus or direction.
Granted, computers are a wonderful way to excite students towards learning methods. The internet provides a platform for research and collaboration unsurpassed by what any previous school library could provide. However, it also provides a platform for screwing around.
As a tech in this environment I've had to deal for years with the light-hearted way teachers use technology. Some understand what the power of the internet can do unfocused, many do not. For the most part the activity that is trying to be mitigated is the activity that shouldn't be allowed to go on in the first place: playing. A teacher standing yards away from a student playing games, or viewing questionable content, taking up valuable chair time, while students with research wait is a travesty and yet it goes on all the time. Some faculty are more aware of the issue and pay attention, but some are on the opposite end of the spectrum and disregard their responsibility saying it is the IT staff who should manage what's "right and wrong."
Schools spend millions of dollars maintaining infrastructure, servers, workstations, network environments and the like, meanwhile little is ever done to give thought to training of staff. So when it comes down to it, the unharnessed potential of the internet is not typically used in a directed manner. We are undermanned in Edu-IT and haven't the time to rate the entire internet, so we try and mitigate major bandwidth hogs, it's all we can really do. If the congress really wanted students to be safer at school faculty need to be accountable for what their wards are doing in the virtual world. They'll never do it, cause the Teacher's Union Mafiosos won't accept responsibility for their actions (or inactions), and congress wouldn't risk losing their support. (read: money)
Wal-mart will buy in such large bulk that they can afford to retail their hardware at a very low profit margin. If the DIY idea doesn't fly, they'll use them as a loss leader till they run out of stock. The gear will no doubt be bottom of the line, but I doubt anyone who can't buy 1m+ units will be able to compete on pure cost.
A big portion of the dilemma you describe, ignoring the silly 31337 *nix fanboys, is that the inner workings of open systems in the eyes of the systems engineer is readily available. A BSD or Linux admin can rip right down to the source of a particular system call and know what's going on. Even if the stuff is partially documented, any flaws in the doc can be made pretty apparent by looking at the source.
As someone who's worked in a mixed environment (Linux/OpenVMS/Win32) I've been pretty satisfied with the operation of certain aspects of Microsoft products. However, when a major problem comes up, and Microsoft doesn't happen to have it documented in TechNet you're hosed and are stuck ponying up for support.
Sure there are MSDN forum archives that can give you a bit of insight, but that requires a subscription and for the average business they're not going to pony up for that. Building unattended windows installations are pretty much by the seat of the pants, and require third party utilities to be managable.
Active Directory (pre-2003) was a real hassle to diagnose, and often required a ~$150 call to Microsoft if you made a simple typo. Not to mention Microsoft's history of acknowledgement and fixing of third party diagnosed security issues in their software is abysmal as opposed to F/OSS environments where a patch for a security issue is often included in the advisory release.
Bug tracking is done behind closed doors as opposed to F/OSS where bugs released to the developers are readily available, if they are not immediately patchable work arounds can be inferred by System Administrators themselves. "Early" releases of hotfixes can be paid for, but by then who knows how long the bug has been known.
I'm not knocking the security advances M$ has begun to add on to it's platforms. But it's definition of secure-by-default has a long way to go to provide comparable security to secure-by-design operating systems.
Let me get this right, by DoSing the proc someone can overwrite the embedded code on the chip? If someone already owned the box and were to use this, it sounds like it would be the ultimate rootkit. Place in the proc, then when the system is hardened/reloaded initiate another DoS (lots are available for winblows) and viola instant re-infected Zombie PC.
Assuming the technology has to be known before the NSA has it is the wrong way to look at things. They hire autistic developers and other 31337 types that are riding the end of the curve. They are constantly developing the technologies and standards that eventually end up in commercial use, not typically the reverse.
It appears it's *another* (double/single) blind study on the affects of cellphone use. Though, it is the only one (AFAIK) that was done on cancer patients.
To sum up my recollection of the previous studies, the most interesting aspect was that they showed a transfer of the 217hz wave from your cellphone's speaker to your Delta wave during prolonged 10mins use. No physiological effects were ever attributed to this wave-transfer.
Shhh. Becareful the Microsoft Sod-Layers might hear you and mod you "ill informed." Linux can't just be as good, it has to be far and away the better OS to win. Windows mangles your boot-loader when installed by default, as do some default installs of linux. In reality what needs to happen is Lilo/Grub need to have a foolproof method of "Dual booting" via a checkbox or a radio button in the installer of *pick your distro.* Otherwise idiots will hose their part-table and tell you it's cause the OS sucks. They don't understand it's cause they're idiots, and if you tell them they are they take it as an affront and leave the OS for good, touting Windows since microsoft gives them a brainless way to recover.
Linux should be ammended to "Desktop Linux" as Linux is embedded in craploads of things and works effectively at this task, but only cause it's single click. Tivo etc.
Well. I think his experience kind of underlines the whole Linux for "single-clickers" problem. If it can't be done in one click, idiots and the techno-unsavvy will screw it up. And since 49% of the world are idiots... well you get the idea.
Software built via a single script ('./configure;make;make install' isn't a single script) is easier to troubleshoot during the release stages. Software that installs via next->next->next isn't either. No OS really does this properly. A panel with a list of software labeled "Click to install" is about the level that the average user wants to go to.
Power users, Administrators, and techno-savvy aside, Linux is really not applicable outside of a controlled and administered environment (aka. professional.) Configuring a bootloader is (unfortunately) par for the course in installing linux, especially in dual boot configs. But then again, configuring a boot loader for the "average" user is about as esoteric as their TCP/IP settings, or their Firewall configuration. They have a cd set provided by MS/their vendor that nearly autoloads their system to "usable."
In all honesty, this "user" should have downloaded a live CD instead of goobering up his MBR.
Probably just a study done by making a request along the following lines: "Disprove the myth that Linux is better in Legacy situations than Windows"
So they did. All they had to do with pick the right sampling of distros to prove any theory. And they picked heavy duty new distros. They didn't touch LFS, Debian, Trustix, DSL, Slackware etc because that would have given the wrong impression.
The parent poster gives a desired email to spam ratio as 30%, currently the place I work (1500 users or so) recieves 9000 or so messages a day and about 900 of those messages are legitimate.
Maybe that's because we also log messages not destined for real users as well as junk flagged for real users.
If I had to make my money by selling Music CDs through a vendor who not only thought of my customers with enough contempt to do this in the first place but also believing they are too stupid to know they're infecting their computers (which amounts to corporate espionage), I would be very afraid.
It makes me very happy I haven't purchased a single RIAA endorsed CD in years.
And for those who condone Pirate2Pirate filesharing this only goes to further their arguments.
Well, more of a hack than a whitelist. By default all DHCP servers we've encountered (*nix,Windows etc) allow for exclusion ranges as well as reservation lists. The order of operations in terms of exclusion ranges seems to apply (in all cases) reservations then exclusion. So in windows we set up a scope for the range we care about, input our known "good" mac addresses in as reservations and then exclude the entire scope. What ends up happening is, users with reservations end up with addresses, users without can't get one.
I could go on about why I think you're wrong about the system administration aspect, too. But I won't lest a senseless flame war develop.
Har, yes. There are reasons we do things the way we do, and there are certain... liberties we are allowed to remove from our userbase that make our task of managing easier than most.
As far as being wrong or not, our management works for our environment. With very limited (critically undermanned is putting it nicely) we put a very strong emphasis on the mantra "Do it once, document. Do it twice, write a script."
It works for us in a 400:1 Computer to tech ratio. In a corporate environment, I would definitely have to say some of the things we do are not security minded enough. But that's government for you: get it done and worry about the consequences of bad practices later.
Still the ability to dictate things like: Banning Outlook/Outlook Express and other horribly insecure applications certainly limits silly things like macro worms. Creating Allowed Process lists for GPO restriction of applications, Double buffered firewalling with Restrictive Portlists, DHCP Whitelists, and switch level portsecurity to prevent systems we didn't configure on the network... etc etc.
The whole idea of Defense in Detail seems lost to most. A poor (or moderately poor) security policy on the workstation is easily mitigated by removing vectors of attack.
-BTW Since this thread is dead feel free to flame away.
You've never met the Windows techs I work with on a daily basis. The flexibility you speak of is typical of linux due to the framework provided. A Suse machine with limited connectivity and no development packages can't compile a thing. So your flexibility is limited until you expand your framework.
The same applies to Windows. Utilizing package management utilities (Installer generators and the like) visual basic scripting and creative use of GPOs you can create a framework with a great deal of flexibility. But it requires the knowledgebase, and the framework to do so.
You can't define a faith based argument in scientific terms, or a scientific argument in faith based terms. The two countermand each other.
(EG. A theory is disproved following one piece of contradictory evidence. Faith, barring time travel, is based upon belief regardless of contradictory evidence.)
I beg to differ. Given the option of paying, I'd buy Altiris. Image blaster has always been more effective IMHO and the desktop support capabilities integrated into the altiris product line (Remote Desktop/Scripting/Rapid Installs etc.) Are pretty darn robust; ignoring a few frustrations in older versions (mostly cosmetic) that is.
Their support is excellent and their Database integration for centralized inventory tracking and software inventory tracking is very useful. Not to mention having the data in ready to use SQL form.
It's a step up from Ghost for sure, and for the enterprise it does integrate with HP OpenView. But, you're not supposed to talk about real closed source pay for solutions on Slashdot. *waves hand* This isn't the product you're looking for. It's certainly not cheap, and it's certainly not something you'd want to rush into.
And as long as I'm on a rant about good pay for solutions, if all the guy wants to use is ghost functionality why not use RIS? Other than the whole Microsoft Homogeny thing it seems to work nearly as well (if not better) than ghost.
The previous anger displayed is certainly well justified, if a little one sided. Still, to downplay said frustrations is equally biased.
What would be closer to accurate than either of these equally slanted statements would be something along the lines of the following:
"Microsoft funds R&D programs which will, through one means or another, help to contribute to their stranglehold on the Desktop Market. Alternatively, some of these R&D programs eventually end in new concepts which increase usability in computing for all but on the whole most are rehashes of existing computing practices."
Take a look at research.microsoft.com There are some genuinely interesting R&D projects in the hopper, as well as in the past. But as is pretty evident few things listed are/would be revolutionary.
Slashdot Mirror
I work in K12, we manage 2 SIS databases that contain between 16k and 40k student records. We aren't the norm, but there are much larger K12 databases out there.
Student Information Systems can easily contain over 10,000 student records. So, potentially, the kid who changes his grades could be tried by the fed in the future.
In reality, this is just more of the same nonsense from the dolts on the hill. The problem has never been the content available to students. It has always been an issue of enforcing faculty responsibility. Students are given the opportunity to use systems unattended in the school environment without focus or direction.
Granted, computers are a wonderful way to excite students towards learning methods. The internet provides a platform for research and collaboration unsurpassed by what any previous school library could provide. However, it also provides a platform for screwing around.
As a tech in this environment I've had to deal for years with the light-hearted way teachers use technology. Some understand what the power of the internet can do unfocused, many do not. For the most part the activity that is trying to be mitigated is the activity that shouldn't be allowed to go on in the first place: playing. A teacher standing yards away from a student playing games, or viewing questionable content, taking up valuable chair time, while students with research wait is a travesty and yet it goes on all the time. Some faculty are more aware of the issue and pay attention, but some are on the opposite end of the spectrum and disregard their responsibility saying it is the IT staff who should manage what's "right and wrong."
Schools spend millions of dollars maintaining infrastructure, servers, workstations, network environments and the like, meanwhile little is ever done to give thought to training of staff. So when it comes down to it, the unharnessed potential of the internet is not typically used in a directed manner. We are undermanned in Edu-IT and haven't the time to rate the entire internet, so we try and mitigate major bandwidth hogs, it's all we can really do. If the congress really wanted students to be safer at school faculty need to be accountable for what their wards are doing in the virtual world. They'll never do it, cause the Teacher's Union Mafiosos won't accept responsibility for their actions (or inactions), and congress wouldn't risk losing their support. (read: money)
Wal-mart will buy in such large bulk that they can afford to retail their hardware at a very low profit margin. If the DIY idea doesn't fly, they'll use them as a loss leader till they run out of stock. The gear will no doubt be bottom of the line, but I doubt anyone who can't buy 1m+ units will be able to compete on pure cost.
A big portion of the dilemma you describe, ignoring the silly 31337 *nix fanboys, is that the inner workings of open systems in the eyes of the systems engineer is readily available. A BSD or Linux admin can rip right down to the source of a particular system call and know what's going on. Even if the stuff is partially documented, any flaws in the doc can be made pretty apparent by looking at the source.
As someone who's worked in a mixed environment (Linux/OpenVMS/Win32) I've been pretty satisfied with the operation of certain aspects of Microsoft products. However, when a major problem comes up, and Microsoft doesn't happen to have it documented in TechNet you're hosed and are stuck ponying up for support.
Sure there are MSDN forum archives that can give you a bit of insight, but that requires a subscription and for the average business they're not going to pony up for that. Building unattended windows installations are pretty much by the seat of the pants, and require third party utilities to be managable.
Active Directory (pre-2003) was a real hassle to diagnose, and often required a ~$150 call to Microsoft if you made a simple typo. Not to mention Microsoft's history of acknowledgement and fixing of third party diagnosed security issues in their software is abysmal as opposed to F/OSS environments where a patch for a security issue is often included in the advisory release.
Bug tracking is done behind closed doors as opposed to F/OSS where bugs released to the developers are readily available, if they are not immediately patchable work arounds can be inferred by System Administrators themselves. "Early" releases of hotfixes can be paid for, but by then who knows how long the bug has been known.
I'm not knocking the security advances M$ has begun to add on to it's platforms. But it's definition of secure-by-default has a long way to go to provide comparable security to secure-by-design operating systems.
Let me get this right, by DoSing the proc someone can overwrite the embedded code on the chip? If someone already owned the box and were to use this, it sounds like it would be the ultimate rootkit. Place in the proc, then when the system is hardened/reloaded initiate another DoS (lots are available for winblows) and viola instant re-infected Zombie PC.
Or am I confused?
Assuming the technology has to be known before the NSA has it is the wrong way to look at things. They hire autistic developers and other 31337 types that are riding the end of the curve. They are constantly developing the technologies and standards that eventually end up in commercial use, not typically the reverse.
PDF of the document is available here:
link
It appears it's *another* (double/single) blind study on the affects of cellphone use. Though, it is the only one (AFAIK) that was done on cancer patients.
To sum up my recollection of the previous studies, the most interesting aspect was that they showed a transfer of the 217hz wave from your cellphone's speaker to your Delta wave during prolonged 10mins use. No physiological effects were ever attributed to this wave-transfer.
not to be outdone by: /bin/wc /bin/cat /bin/bash /bin/csh /usr/bin/diff
or the most useful weapon in our arsenal of all imo: "|"
Shhh. Becareful the Microsoft Sod-Layers might hear you and mod you "ill informed." Linux can't just be as good, it has to be far and away the better OS to win. Windows mangles your boot-loader when installed by default, as do some default installs of linux. In reality what needs to happen is Lilo/Grub need to have a foolproof method of "Dual booting" via a checkbox or a radio button in the installer of *pick your distro.* Otherwise idiots will hose their part-table and tell you it's cause the OS sucks. They don't understand it's cause they're idiots, and if you tell them they are they take it as an affront and leave the OS for good, touting Windows since microsoft gives them a brainless way to recover.
Linux should be ammended to "Desktop Linux" as Linux is embedded in craploads of things and works effectively at this task, but only cause it's single click. Tivo etc.
Well. I think his experience kind of underlines the whole Linux for "single-clickers" problem. If it can't be done in one click, idiots and the techno-unsavvy will screw it up. And since 49% of the world are idiots... well you get the idea.
Software built via a single script ('./configure;make;make install' isn't a single script) is easier to troubleshoot during the release stages. Software that installs via next->next->next isn't either. No OS really does this properly. A panel with a list of software labeled "Click to install" is about the level that the average user wants to go to.
Power users, Administrators, and techno-savvy aside, Linux is really not applicable outside of a controlled and administered environment (aka. professional.) Configuring a bootloader is (unfortunately) par for the course in installing linux, especially in dual boot configs. But then again, configuring a boot loader for the "average" user is about as esoteric as their TCP/IP settings, or their Firewall configuration. They have a cd set provided by MS/their vendor that nearly autoloads their system to "usable."
In all honesty, this "user" should have downloaded a live CD instead of goobering up his MBR.
There are no significant bugs in our released software that any significant number of users want fixed.
-Bill Gates
Probably just a study done by making a request along the following lines: "Disprove the myth that Linux is better in Legacy situations than Windows"
So they did. All they had to do with pick the right sampling of distros to prove any theory. And they picked heavy duty new distros. They didn't touch LFS, Debian, Trustix, DSL, Slackware etc because that would have given the wrong impression.
The parent poster gives a desired email to spam ratio as 30%, currently the place I work (1500 users or so) recieves 9000 or so messages a day and about 900 of those messages are legitimate.
Maybe that's because we also log messages not destined for real users as well as junk flagged for real users.
If I had to make my money by selling Music CDs through a vendor who not only thought of my customers with enough contempt to do this in the first place but also believing they are too stupid to know they're infecting their computers (which amounts to corporate espionage), I would be very afraid.
It makes me very happy I haven't purchased a single RIAA endorsed CD in years.
And for those who condone Pirate2Pirate filesharing this only goes to further their arguments.
Well, more of a hack than a whitelist. By default all DHCP servers we've encountered (*nix,Windows etc) allow for exclusion ranges as well as reservation lists. The order of operations in terms of exclusion ranges seems to apply (in all cases) reservations then exclusion. So in windows we set up a scope for the range we care about, input our known "good" mac addresses in as reservations and then exclude the entire scope. What ends up happening is, users with reservations end up with addresses, users without can't get one.
Har, yes. There are reasons we do things the way we do, and there are
certain... liberties we are allowed to remove from our userbase that make our task of managing easier than most.
As far as being wrong or not, our management works for our environment. With very limited (critically undermanned is putting it nicely) we put a very strong emphasis on the mantra "Do it once, document. Do it twice, write a script."
It works for us in a 400:1 Computer to tech ratio. In a corporate environment, I would definitely have to say some of the things we do are not security minded enough. But that's government for you: get it done and worry about the consequences of bad practices later.
Still the ability to dictate things like: Banning Outlook/Outlook Express and other horribly insecure applications certainly limits silly things like macro worms. Creating Allowed Process lists for GPO restriction of applications, Double buffered firewalling with Restrictive Portlists, DHCP Whitelists, and switch level portsecurity to prevent systems we didn't configure on the network... etc etc.
The whole idea of Defense in Detail seems lost to most. A poor (or moderately poor) security policy on the workstation is easily mitigated by removing vectors of attack.
-BTW Since this thread is dead feel free to flame away.
You've never met the Windows techs I work with on a daily basis. The flexibility you speak of is typical of linux due to the framework provided. A Suse machine with limited connectivity and no development packages can't compile a thing. So your flexibility is limited until you expand your framework.
The same applies to Windows. Utilizing package management utilities (Installer generators and the like) visual basic scripting and creative use of GPOs you can create a framework with a great deal of flexibility. But it requires the knowledgebase, and the framework to do so.
You can't define a faith based argument in scientific terms, or a scientific argument in faith based terms. The two countermand each other.
(EG. A theory is disproved following one piece of contradictory evidence. Faith, barring time travel, is based upon belief regardless of contradictory evidence.)
Oh right, and Altiris supports linux in both a PXE boot image and as a client to be managed.
I beg to differ. Given the option of paying, I'd buy Altiris. Image blaster has always been more effective IMHO and the desktop support capabilities integrated into the altiris product line (Remote Desktop/Scripting/Rapid Installs etc.) Are pretty darn robust; ignoring a few frustrations in older versions (mostly cosmetic) that is.
Their support is excellent and their Database integration for centralized inventory tracking and software inventory tracking is very useful. Not to mention having the data in ready to use SQL form.
It's a step up from Ghost for sure, and for the enterprise it does integrate with HP OpenView. But, you're not supposed to talk about real closed source pay for solutions on Slashdot. *waves hand* This isn't the product you're looking for. It's certainly not cheap, and it's certainly not something you'd want to rush into.
And as long as I'm on a rant about good pay for solutions, if all the guy wants to use is ghost functionality why not use RIS? Other than the whole Microsoft Homogeny thing it seems to work nearly as well (if not better) than ghost.
Mod Parent up, not only because I dislike the very notion of slashvertisements, but because the parent is right.
Silly href. research.microsoft.com
The previous anger displayed is certainly well justified, if a little one sided. Still, to downplay said frustrations is equally biased.
What would be closer to accurate than either of these equally slanted statements would be something along the lines of the following:
"Microsoft funds R&D programs which will, through one means or another, help to contribute to their stranglehold on the Desktop Market. Alternatively, some of these R&D programs eventually end in new concepts which increase usability in computing for all but on the whole most are rehashes of existing computing practices."
Take a look at research.microsoft.com There are some genuinely interesting R&D projects in the hopper, as well as in the past. But as is pretty evident few things listed are/would be revolutionary.