Talented windows sysadmins are no cheaper than talented linux sysadmins, but you still have the added cost of windows and all the other proprietary third party software it requires... And while competent admins will be able to scale up to many hosts quite easily, software costs just escalate as you add more hosts. Also a competent windows admin will spend a lot of time trying to mitigate serious windows design flaws...
Following best practices generally does not work, or is not practical... I have pentested many windows networks where the admins have followed all the best practices and there were still ways to compromise the network.
The most important difference is that while a mediocre admin will be able to keep a windows network limping along, it is likely to be extremely insecure and suffer from all manner of other problems. An expensive competent admin on the other hand will be able to do a much better job regardless of the technology they use, although it would be foolish to spend a lot on proprietary software when your admins are competent enough to do a better job using free software.
No it doesn't, security through obscurity doesn't work.
People use standard algorithms for encryption, that doesn't make them any easier to hack.
With a widely used standard, it would be thoroughly audited by many people and organisations...
With all manner of proprietary crap, how do you know that the one you pick won't have gaping flaws? Take a look at http://www.digit-labs.org/files/presentations/sec-t-2010.pdf and some of the other stuff on digit-labs.org for examples of flaws in proprietary encryption products...
Walking, cycling or using public transport is often not practical at all... There are some nearby locations that due to the layout of public transport take 2.5 hours to get to, vs 15 minutes by car... There are plenty of areas not covered by public transport at all. There are times when public transport is not running, and plenty of times/places where walking would be too dangerous. It's also impractical to carry very much without a car, so if i were to go to the location 15 mins away by car for shopping i can get all my shopping done in a single quick trip, if i go on public transport it would take most of a day to do the job and i would have to do it again much sooner.
Using that power directly may well be efficient, but storing it is not and transporting it generally requires static infrastructure (cables) to be built, making it impractical for short term use in remote areas.
Electric cars have large heavy batteries which require a lot of energy and toxic chemicals to make, quickly wear out and need replacing, and take a long time to charge... Also the storage process is in itself lossy.
Being able to pour a liquid fuel into a tank is extremely convenient, and while this process is likely to be less efficient than other energy storage techniques this lesser efficiency could easily be outeighed by the other advantages it offers.
It creates a loop whereby the co2 emitted by burning the fuel is then turned back into fuel, much faster than (although obviously similar to) the natural processes by which such fuels were traditionally formed.
It makes other cleaner forms of energy production far more practical, for instance solar, wind and geothermal since the fuel makes for a very convenient energy storage mechanism.
The storage and transportation is even more convenient because there is already infrastructure in place for storing and transporting large quantities of petrol.
Similarly it promises to be compatible with existing technology that makes use of such fuels (eg cars).
Since the infrastructure is already in place, technology like this can be introduced gradually and scale up, you don't have the catch 22 situation that exists with say hydrogen - where there is no distribution network and no incentive to build one because there are no users.
So you have a history (windows mobile, windows phone 7) of products with the same name that are totally incompatible...
And now you have a system which is mostly compatible at the source code level, where applications are predominantly distributed without source...
And all this, tied to a brand that is generally considered to be poor quality but tolerated due to its ubiquity, only its trying to enter markets where existing products dominate and those products generally have a much better reputation.
Companies produced Android tablets which competed with the ipad on price, they didn't sell... Windows RT is mostly in the same boat, it is a new entrant to the tablet market but is known in other market segments and has relatively few tablet specific apps.
MS are hoping that the windows brand will sell tablets and encourage developers to make apps, however it may just do the opposite... people tolerate windows on the desktop largely because its already ubiquitous, but they are unlikely to put up with it on a tablet when the ipad is the benchmark.
I also suspect that the windows brand will backfire in other ways, users will buy it expecting to run their existing software and then be disappointed when they can't...
Just why in the hell are embedded medical devices running on a full blown windows system that is prone to malware infection, and likely to break functionality of the device if regular system updates (many of which will be for functionality that isnt being used) are installed?
Such devices should be using a custom, minimalist OS which is configured specifically for the purpose it serves, has no extra unnecessary functionality, and support for the entire package (device, hardware, application and os software) is provided by the device supplier...
If your OS is minimalist the chances of vulnerabilities existing are much smaller, and therefore the number of patches required is much smaller. Less risk, less maintenance.
The average attitude of corporations is to keep their devices horrendously insecure and hide them behind firewalls, basically gambling that noone will attack them...
Hospitals are _NOT_ secure networks, most hospitals are open to the public and it is trivially easy to walk in and gain access to an ethernet cable somewhere within the building. Just visiting several hospitals recently i have seen open ethernet ports in areas where members of the public could just walk in, and many hospitals are open 24 hours while the IT dept only really works 9-5.
Remove the usb-storage module, or blacklist it so that it cannot load.
Other classes of usb device have their own modules, which you can either leave alone or remove at your leisure if you want to use them (printers etc)...
You could also just disable the automount service, then no removable media will get mounted and you would need root in order to access it manually.
It's actually much easier than the various hoops people jump through to try and implement the same on windows.
Actually it does, in typical government inefficiency it will take considerable resources to process this fine, and most likely there will be banking charges involved which means at least some of the money leaks into private hands.
The problem is that there is simply no standard for encrypted removable storage... It seems every vendor of "encrypted" flash drives ships their own proprietary, usually windows-only binaries on the stick which may or may not work, and may or may not require various levels of privilege in order to install, and may or may not be full of all manner of security holes. Pity the poor consultant carrying a windows laptop that contains all these various encryption drivers installed because he never knows what proprietary encryption scheme the next client will be using.
USB storage is a good standard, you can plug such a device into almost anything and it will be mounted and read... What we need is a similar standard for encrypted storage where you can plug it into almost anything, enter a password and it mounts without having to install any non standard drivers.
The more important aspect is the "nuclear deterrent" one...
The peasants know they can rise up and overthrow the king, sure he may have soldiers and castles but with enough angry peasants they can overthrow and kill him if his demands becomes too outrageous. On the other hand, if the king has an ally at his disposal that the peasants have no hope of countering, there is no point attempting to overthrow the king because such an attempt would always result in failure. The notion of `God' is the ultimate nuclear deterrent.
So just on slashdot today, you have a story about Einstein ridiculing christianity, and yet we see thousands of muslims angry over some video...
I just watched part of the trailer for this movie, for the sole reason that there is so much fuss about it... It seems to be a very poorly made movie, and all these protests are doing is providing free advertising for something that otherwise would have been forgotten fairly quickly.
So you protest at google, they cave and take it offline... Then what? demand for the movie has increased because of all the publicity, so what happens? Someone else hosts it and the cycle continues.
Who benefits from this? Only the people who made the movie, they were able to get their third rate movie watched by millions of people... How many people do you think would have watched or even heard about this movie had it not been for all the publicity generated by those who hate it?
As it stands, not only will millions of people hear the anti-muslim message promoted by this movie but many will consider muslims to be overly touchy and unable to take criticism... Had they reacted differently, only those who already hated muslims would have bothered to seek out and watch this movie, noone else would have cared.
For daily mundane use, if both are perfectly adequate then the price difference makes libreoffice the obvious choice. Why pay extra for something which brings no benefits to you?
I think the most important argument is the fact that teaching someone a specific application is ultimately going to be wasted. I know plenty of people who took courses specific to a given version of msoffice, and are now finding themselves completely stuck when they start a job and their employer is using a different version. Teaching a specific application is not teaching, it's marketing, and is extremely damaging to those doing the course. They will become dependent on that one application and the way it does things, and when faced with anything different they won't be able to cope with it.
Teaching general concepts, alongside a range of different applications is the only sensible approach... Teach what various options do, and then let the students find those options in a range of programs themselves, using google or the built in help etc.
The most important thing you can teach people, is the ability to teach themselves. They might have a teacher they can ask for help in college, but outside that may not always be the case.
The price difference was largely down to economies of scale and competition in the x86 market, Alpha pretty much had only one supplier and was low volume...
Alpha was faster at integer code too, but the difference for floating point was far larger.
The Alpha could run Tru64, VMS, Linux and various BSD versions It even ran a version of windows at one point... Sure there was a proprietary compiler which produced faster code than gcc, but the same is true on x86 and other platforms too.
In some countries it is legal to use any alias you wish, provided you are not doing so with the intention of committing fraud or impersonation (in which case the actual crime is the fraud/impersonation not the fact you used an alias). A name is after all, a totally arbitrary label and the government is only really concerned in tying an individual to a birth record.
I used to have a password with tab and control characters in it, it worked extremely well on the linux console but was pretty much unusable in most gui based environment.
It's largely pointless anyway, because the windows networking protocols let you authenticate just using the hash (yes even today with lanman turned off)...
Not really, you simply assume a/64 is the equivalent of a single ipv4...
It also makes other forms of attacks much harder, for instance with ipv4 it is common to scan a whole ip range looking for vulnerable hosts, with ipv6 this becomes completely impractical.
What happens when someone manages to guess a large number of your usernames, and then intentionally locks them all out? Or what happens when someone takes the aforementioned userlist and tries each account with 2 different but very common passwords, what are the odds that on a large system at least one user has qwerty1 or password1 as their password?
And you expected anything better from MS? The same company who's flagship OS not only uses an unsalted hash for storing user passwords, but actually allows you to authenticate using just the hash without ever knowing the original plaintext, thus making the hash itself the plaintext password?
If you block access to an account, you create a denial of service opportunity. The idea of account lockouts is thus utterly ridiculous.
And you do nothing to someone who takes the opposite approach - try thousands of accounts with a single password (where on a system as large as hotmail, someone will have "Password1" or similar.
Instead you really should block the source address of any obvious attacks, which while obviously not perfect (botnets, proxies etc) is at least moderately more effective.
For many years a high priced RISC chip would easily beat any x86 chip on the market... In its day, the Alpha was able to emulate x86 code faster than any real x86 chip available at the time. Even after they stopped developing it, the Alpha was able to outperform x86 comfortably for floating point code.
1.25ghz Alpha, beating an x86 chip with almost 3 times higher clock rate and 3 years newer... The P4 3.4ghz was released feb 2, 2004... The 1.25GHz 21264C came out in 2001.
Slashdot Mirror
Talented windows sysadmins are no cheaper than talented linux sysadmins, but you still have the added cost of windows and all the other proprietary third party software it requires...
And while competent admins will be able to scale up to many hosts quite easily, software costs just escalate as you add more hosts.
Also a competent windows admin will spend a lot of time trying to mitigate serious windows design flaws...
Following best practices generally does not work, or is not practical... I have pentested many windows networks where the admins have followed all the best practices and there were still ways to compromise the network.
The most important difference is that while a mediocre admin will be able to keep a windows network limping along, it is likely to be extremely insecure and suffer from all manner of other problems.
An expensive competent admin on the other hand will be able to do a much better job regardless of the technology they use, although it would be foolish to spend a lot on proprietary software when your admins are competent enough to do a better job using free software.
No it doesn't, security through obscurity doesn't work.
People use standard algorithms for encryption, that doesn't make them any easier to hack.
With a widely used standard, it would be thoroughly audited by many people and organisations...
With all manner of proprietary crap, how do you know that the one you pick won't have gaping flaws? Take a look at http://www.digit-labs.org/files/presentations/sec-t-2010.pdf and some of the other stuff on digit-labs.org for examples of flaws in proprietary encryption products...
Walking, cycling or using public transport is often not practical at all...
There are some nearby locations that due to the layout of public transport take 2.5 hours to get to, vs 15 minutes by car... There are plenty of areas not covered by public transport at all. There are times when public transport is not running, and plenty of times/places where walking would be too dangerous.
It's also impractical to carry very much without a car, so if i were to go to the location 15 mins away by car for shopping i can get all my shopping done in a single quick trip, if i go on public transport it would take most of a day to do the job and i would have to do it again much sooner.
Using that power directly may well be efficient, but storing it is not and transporting it generally requires static infrastructure (cables) to be built, making it impractical for short term use in remote areas.
Electric cars have large heavy batteries which require a lot of energy and toxic chemicals to make, quickly wear out and need replacing, and take a long time to charge... Also the storage process is in itself lossy.
Being able to pour a liquid fuel into a tank is extremely convenient, and while this process is likely to be less efficient than other energy storage techniques this lesser efficiency could easily be outeighed by the other advantages it offers.
It would solve plenty of problems...
It creates a loop whereby the co2 emitted by burning the fuel is then turned back into fuel, much faster than (although obviously similar to) the natural processes by which such fuels were traditionally formed.
It makes other cleaner forms of energy production far more practical, for instance solar, wind and geothermal since the fuel makes for a very convenient energy storage mechanism.
The storage and transportation is even more convenient because there is already infrastructure in place for storing and transporting large quantities of petrol.
Similarly it promises to be compatible with existing technology that makes use of such fuels (eg cars).
Since the infrastructure is already in place, technology like this can be introduced gradually and scale up, you don't have the catch 22 situation that exists with say hydrogen - where there is no distribution network and no incentive to build one because there are no users.
So you have a history (windows mobile, windows phone 7) of products with the same name that are totally incompatible...
And now you have a system which is mostly compatible at the source code level, where applications are predominantly distributed without source...
And all this, tied to a brand that is generally considered to be poor quality but tolerated due to its ubiquity, only its trying to enter markets where existing products dominate and those products generally have a much better reputation.
This is just going to frustrate and anger users
Companies produced Android tablets which competed with the ipad on price, they didn't sell...
Windows RT is mostly in the same boat, it is a new entrant to the tablet market but is known in other market segments and has relatively few tablet specific apps.
MS are hoping that the windows brand will sell tablets and encourage developers to make apps, however it may just do the opposite... people tolerate windows on the desktop largely because its already ubiquitous, but they are unlikely to put up with it on a tablet when the ipad is the benchmark.
I also suspect that the windows brand will backfire in other ways, users will buy it expecting to run their existing software and then be disappointed when they can't...
Just why in the hell are embedded medical devices running on a full blown windows system that is prone to malware infection, and likely to break functionality of the device if regular system updates (many of which will be for functionality that isnt being used) are installed?
Such devices should be using a custom, minimalist OS which is configured specifically for the purpose it serves, has no extra unnecessary functionality, and support for the entire package (device, hardware, application and os software) is provided by the device supplier...
If your OS is minimalist the chances of vulnerabilities existing are much smaller, and therefore the number of patches required is much smaller. Less risk, less maintenance.
The average attitude of corporations is to keep their devices horrendously insecure and hide them behind firewalls, basically gambling that noone will attack them...
Hospitals are _NOT_ secure networks, most hospitals are open to the public and it is trivially easy to walk in and gain access to an ethernet cable somewhere within the building. Just visiting several hospitals recently i have seen open ethernet ports in areas where members of the public could just walk in, and many hospitals are open 24 hours while the IT dept only really works 9-5.
Remove the usb-storage module, or blacklist it so that it cannot load.
Other classes of usb device have their own modules, which you can either leave alone or remove at your leisure if you want to use them (printers etc)...
You could also just disable the automount service, then no removable media will get mounted and you would need root in order to access it manually.
It's actually much easier than the various hoops people jump through to try and implement the same on windows.
Actually it does, in typical government inefficiency it will take considerable resources to process this fine, and most likely there will be banking charges involved which means at least some of the money leaks into private hands.
The problem is that there is simply no standard for encrypted removable storage... It seems every vendor of "encrypted" flash drives ships their own proprietary, usually windows-only binaries on the stick which may or may not work, and may or may not require various levels of privilege in order to install, and may or may not be full of all manner of security holes.
Pity the poor consultant carrying a windows laptop that contains all these various encryption drivers installed because he never knows what proprietary encryption scheme the next client will be using.
USB storage is a good standard, you can plug such a device into almost anything and it will be mounted and read... What we need is a similar standard for encrypted storage where you can plug it into almost anything, enter a password and it mounts without having to install any non standard drivers.
The more important aspect is the "nuclear deterrent" one...
The peasants know they can rise up and overthrow the king, sure he may have soldiers and castles but with enough angry peasants they can overthrow and kill him if his demands becomes too outrageous.
On the other hand, if the king has an ally at his disposal that the peasants have no hope of countering, there is no point attempting to overthrow the king because such an attempt would always result in failure. The notion of `God' is the ultimate nuclear deterrent.
So just on slashdot today, you have a story about Einstein ridiculing christianity, and yet we see thousands of muslims angry over some video...
I just watched part of the trailer for this movie, for the sole reason that there is so much fuss about it... It seems to be a very poorly made movie, and all these protests are doing is providing free advertising for something that otherwise would have been forgotten fairly quickly.
So you protest at google, they cave and take it offline... Then what? demand for the movie has increased because of all the publicity, so what happens? Someone else hosts it and the cycle continues.
Who benefits from this? Only the people who made the movie, they were able to get their third rate movie watched by millions of people... How many people do you think would have watched or even heard about this movie had it not been for all the publicity generated by those who hate it?
As it stands, not only will millions of people hear the anti-muslim message promoted by this movie but many will consider muslims to be overly touchy and unable to take criticism... Had they reacted differently, only those who already hated muslims would have bothered to seek out and watch this movie, noone else would have cared.
For daily mundane use, if both are perfectly adequate then the price difference makes libreoffice the obvious choice.
Why pay extra for something which brings no benefits to you?
I think the most important argument is the fact that teaching someone a specific application is ultimately going to be wasted. I know plenty of people who took courses specific to a given version of msoffice, and are now finding themselves completely stuck when they start a job and their employer is using a different version.
Teaching a specific application is not teaching, it's marketing, and is extremely damaging to those doing the course. They will become dependent on that one application and the way it does things, and when faced with anything different they won't be able to cope with it.
Teaching general concepts, alongside a range of different applications is the only sensible approach... Teach what various options do, and then let the students find those options in a range of programs themselves, using google or the built in help etc.
The most important thing you can teach people, is the ability to teach themselves. They might have a teacher they can ask for help in college, but outside that may not always be the case.
The price difference was largely down to economies of scale and competition in the x86 market, Alpha pretty much had only one supplier and was low volume...
Alpha was faster at integer code too, but the difference for floating point was far larger.
The Alpha could run Tru64, VMS, Linux and various BSD versions It even ran a version of windows at one point... Sure there was a proprietary compiler which produced faster code than gcc, but the same is true on x86 and other platforms too.
In some countries it is legal to use any alias you wish, provided you are not doing so with the intention of committing fraud or impersonation (in which case the actual crime is the fraud/impersonation not the fact you used an alias). A name is after all, a totally arbitrary label and the government is only really concerned in tying an individual to a birth record.
I used to have a password with tab and control characters in it, it worked extremely well on the linux console but was pretty much unusable in most gui based environment.
It's largely pointless anyway, because the windows networking protocols let you authenticate just using the hash (yes even today with lanman turned off)...
Not really, you simply assume a /64 is the equivalent of a single ipv4...
It also makes other forms of attacks much harder, for instance with ipv4 it is common to scan a whole ip range looking for vulnerable hosts, with ipv6 this becomes completely impractical.
What happens when someone manages to guess a large number of your usernames, and then intentionally locks them all out?
Or what happens when someone takes the aforementioned userlist and tries each account with 2 different but very common passwords, what are the odds that on a large system at least one user has qwerty1 or password1 as their password?
Account lockouts are a stupid idea...
And you expected anything better from MS? The same company who's flagship OS not only uses an unsalted hash for storing user passwords, but actually allows you to authenticate using just the hash without ever knowing the original plaintext, thus making the hash itself the plaintext password?
If you block access to an account, you create a denial of service opportunity. The idea of account lockouts is thus utterly ridiculous.
And you do nothing to someone who takes the opposite approach - try thousands of accounts with a single password (where on a system as large as hotmail, someone will have "Password1" or similar.
Instead you really should block the source address of any obvious attacks, which while obviously not perfect (botnets, proxies etc) is at least moderately more effective.
For many years a high priced RISC chip would easily beat any x86 chip on the market...
In its day, the Alpha was able to emulate x86 code faster than any real x86 chip available at the time. Even after they stopped developing it, the Alpha was able to outperform x86 comfortably for floating point code.
For instance, see specfp2000 results at:
http://www.pvcmuseum.com/cpu/specint-and-specfp-processor-benchmarks.htm
1.25GHz Alpha 21264C = 1365
3.4GHz Pentium 4 Northwood = 1308
1.25ghz Alpha, beating an x86 chip with almost 3 times higher clock rate and 3 years newer...
The P4 3.4ghz was released feb 2, 2004...
The 1.25GHz 21264C came out in 2001.
http://en.wikipedia.org/wiki/Pentium_4#Northwood
http://en.wikipedia.org/wiki/DEC_Alpha#Model_history
All the chips with higher benchmark results than the alpha are considerably newer...
Had they had the same economies of scale and thus development budget behind them, those chips would still be heaving outclassing x86 even today.