Windows2K, XP, Vista (And even all the older variations of NT) have time restricted and control login and usage policies. This is something that an administrator can easily set in the domain or authenication server or even a local machine policy. This is something that is very easy to set, even on a home computer for Kids let alone a domain where you can flip a switch all the systems obey.
That's not the issue at hand here -- the original poster was referring to the amount of time it takes to log on with certain schemes, and not talking about restricting logon/logoff to a certain times of day
Flash-forward to a couple of years ago, when Bill sent out yet another all-hands memo, pointing the company in the direction of security. At first, we all laughed. But now it's becoming more and more obvious that they're taking security every bit as seriously as they once took the Internet. They are aiming to be the top of the heap in security, and they've got drive, ambition and aggression.
Too bad that it won't work, unless they scrap everything they have and start from scratch, likely breaking all most backwards compatibility in the progress.
'security' isn't something you can just slap on top after the fact, it's the foundation of a solid system. If you just paint over the holes, you will keep on doing that forever.
Direct answer to your question: Our T1 line is beyond essential to the daily operation of the organization. It's absolutely mission critical that we're connected at all times, without interruption or major packet loss.
If it is so absolutely mission-critical, with any outage potentially causing irreperable damage... how on earth could one justify not having a backup connection from another provider as well? You're putting all your eggs in one basket otherwise. Having dealt with extensive telco outages over equipment failure on their end, I'd be very hesitant to trust them with the life of your business over something like that. You really don't want to be a telco hardware failure in an 'irreplacable' router away from having to close your company for good.
So... surely one would assume you would also have a connection through another ISP/medium that's always available for a fall-over?
Have a static IP on the 2nd line, secondary MX records and such pointing to the secondary uplink connection... Could save you a world of hurt.
I've worked for an ISP, it's absolutely amazing how often people would call in screaming if their $9.95 dialup account ran into any busy signal at all, claiming "they just lost tens of thousands of dollars" because of it when trying to trade their stocks online. Of course the ISP does their best to prevent downtimes, but seriously -- if you have that much money riding over the ability to get online quickly, you should have your head examined to have it all riding on dialup internet, hardly the pinnacle of reliability. One would think that the LEAST you would do is ensure that you either have a secondary account with another ISP, or preferably have an always-on connection like ADSL with dialup internet as your fall-back option.
...A one or two year old laptop tends to have a fraction of the battery life of a brand new one.
Now look at the replacement cost of not one, but thousands of batteries.
eventually led to a society built around getting rid of defective people as a whole or making life difficult for them
Not really built around, it was more a side-effect of the risk/rewards analyses an employer could do. All things being equal, would you rather invest in someone who is likely to continue to be in good health, or someone who will likely die of a heart attack at an early age?
If everyone would look after their own/corporate interests that way, oppertunities for the 'less desirables' will shrivel up to next to nothing, without anyone actively trying to get rid of them. They just kind of fall through the cracks in the system.
- Assuming that one means a "chicken egg" rather than a generic "egg"...
-... do you consider a chicken egg to be an egg *laid* by a chicken, or an egg that *hatches* a chicken?
If two proto-chickens create an egg that brings forth the first true chicken-as-we-know-it, was the egg it came from a chicken egg? Or do you have to wait for your very first chicken to lay its own eggs before you consider them chicken eggs?
Depending on your definition on chicken egg, one can still explain it either way, and in both cases it's 'obvious' which of the two came first under your interpretation.
Actually slightly more elaborate: SQL 7 SP3 was also affected, plus they wrote the password to not one, but two files:
Summary
On May 30, 2000, Microsoft released the original version of this bulletin, to announce the availability of a patch that eliminates a security vulnerability in Microsoft® SQL Server® 7.0 Service Packs 1 and 2 installation routine. When run on a machine that is configured in a non-recommended mode, the routines record the administrator password in a log file, where it could be read by any user who could log onto the server at the keyboard.
On June 15, 2000, the bulletin was updated to note that, under the same conditions as originally reported, the password also is recorded in a second file. A new version of the patch is available that prevents the password from being recorded in either file.
On May 10, 2001, the bulletin was updated to note that Service Pack 3 is also affected by this vulnerability. A new patch is available for SP3 and we are also providing a command line utility (post Service Pack deployment) to remove all instances of the SA password written in either file via Q263968.
So not only did they have a similar problem, it persisted for over a year after initially being found & alledgedly fixed.
Nevertheless, AC is right. If it was relvealed that the local Administrator account or the domain Administrator account was stored anywhere as plain text in Windows 2000, XP, or 2003, then MS would be reamed endlessly and very harshly here.
Interestingly enough Microsoft did make pretty much the same mistake, with Microsoft SQL 7, both servicepack 1 & 2. They wrote the SQL administrator password to the installation log file, which would give you full access to any SQL database on the server. Written to a logfile in the TEMP folder, which by default has full read/write access for any user on the system.
(The 'non-recommended' mode mentioned is using SQL authentication instead of windows NTLM authentication, which much more common then they try to make it sound)
Daily, on the radio, I hear ads that say "Mention this ad and save an additional 12%!" This system allows the advertising folks to learn quickly whether their ad is reaching its audience. The customers come in and tell you so.
Is there any reason why internet ads do not do this?
Because they don't need to ask you, they already have that information -- each time you click on a link that takes you to their site, the webserver can log the referrer URL. With a search engine, the referrer URL will contain both the name of the search engine, and the words you searched on. Since this is automated and is viewable for nearly every visitor to your site, it will be a lot more reliable than getting people to actually actively *tell* you how they got there, since many wouldn't even bother to do so.
- Stop telling me "access denied" when I'm the fracking system admin. I really hate that. Processes can't be killed, services can't be stopped, files can't be deleted, etc because "Access denied". Kill the damn process if I tell you to.
You can still stop them. The catch is that "administrator" is not the account with the highest credentials, "system" is.
You can use the 'kill.exe' from the MS option pack to shoot down almost all 'unkillable' processeses, or escallate your current permissions by launching Taskmanager from the system account. By default, everything launched through the scheduler or AT runs under 'system' credentials.
(Launching cmd.exe through the scheduler in 'interactive' mode will give you a command prompt you can launch anything through with full access. The drawback of 'system' is that it has no access to any network resources, for security reasons.)
In my experience over the past couple of years, there are few PC 'optimizations' as effective as uninstalling Symantec antivirus, firewall, spamfilter and associated applications..
It is absolutely *astounding* the percentage of techsupport calls coming in at an ISP helpdesk are the direct result of a malfunctioning Symantec application. Especially Norton Antivirus -- after a while, you almost start to suspect that Symantec released that program as a practical joke.
McAfee is a distant second, while AVG and Avast rarely cause any problems. It's amazing how many problems, lock-ups and corrupted email problems magically disappear simply by uninstalling Norton Antivirus and installing the free version of AVG instead.
Somehow, I am rather sceptical that things will get better by them slapping their entire product line in a single box, and trying to cram in a pony on top of it. Jack of all trades, master of none.
E.g., he describes a case where a patient with a certain damage in the cerebrum experienced himself as blind: he could not consciously experience the world with the visual sense. However, if you unexpectedly hurled an object towards the patient's face, he would dodge, as visual stimuli still reached the cerebellum and triggered reaction.
IIRC This is known as "Blind-sight" -- not being able to 'see'/recognize anything, but able to detect motion. Brain-damaged people with this disorder can tell you if an object is moving left, right, up or down, but they won't be able to tell you what the object in question actually is, or what it looks like. They can't tell a ball from a mouse pointer from a hand, and when it stops moving they can't detect it at all.
Supposedly it's the same type of vision that some reptiles have.
Alternatively:
Fill the 3G jug. Pour it into the 5G jug. Fill the 3G jug again, and pour it in the 5G jug. 1G will remain in the 3G jug. Empty the 5G jug, and pour the 1G from the 3G jug into it. Fill the 3G jug up once more, and empty it into the 5G jug -- which will now contain 4G.
At least there's always RealAlternative to play Real video, using Mediaplayer Classic... No questionable taskbar junk, no shady installer, no RealPlayer.
You'll never look back.
I'm continually amazed that MS has such traction that F/OSS has to fight to get anywhere. If MS and Linux were cars (never mind old jokes) people would be buying magazines to compare, taking test drives, and asking their buddies which one to buy...
The problem with this analogy is that with cars, there are no real 'interoperability' issues: Your car doesn't have to be 'compatible' with your neighbor's or co-workers cars for it to be 'productive'. Driving a different brand car than your coworkers has exactly 0 impact on your productivity, which is not the case with computer systems were interoperability/compatibility are major factors.
One of the major reasons for the high price of most hardware RAID5 solutions, is the hot-swap backplane. If you are OK with a solution where you would have to shut down the server in order to replace a bad drive (which would be OK for most home use I would image), you can find some *very* cheap hardware RAID controllers ($50, for both ATA and SATA) that will do the job just fine...
Microsoft's roadmap shows Win2K currently in the 'extended' support phase, which means that they won't be adding new functionality, but will continue to offer paid support, and release bug fixes.
Support will be dropped altogether 10 years after the initial launch.
(Microsoft's current support roadmap & timelines were in part released due to the backlash after their intial rather short notice that Win98 would be end-of-lifed. They then extended support for it a bit, and released a roadmap so people knew what to expect for their other product lines.)
Their current standard policy is 5 years mainstream support, 5 years extended support, then you're on your own.
It takes a good few inches of lead (or a good few feet of concrete, dirt, whatever) to significantly attenuate gamma rays - and if the ones were are talking about were powerful enough to get through the full depth of the earth's oceans and still kill things when they got there - then you'd need to wrap the earth in a few feet of lead - or hide down some amazingly deep mine-shafts
The article didn't say that the gamma rays themselves killed off life deep in the ocean, it just said that it killed of much of the plankton which lives in the first few feet in the ocean. Since the plankton is the bottom step in the food chain, it disappearing will starve a lot of small animals, which in turn means no food for the animals that eat them, etc.
Rinse & repeat all the way down the food chain.
Even life at the bottom of the ocean is dependend on what's going on near the surface. It may take a while, but eventually cataclismic changes near the surface will deplete much of the food sources in the deep as well.
I think the fact that they have two rovers that have performed extremely well under harsh conditions 4x over their rated life is an incredible accomplishment
True -- But while very impressive, some of the engineers did admit to have 'pulled a Scotty' and purposfully underestimated the expected lifetime of the rovers.
What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever
Or so they say.
What many people here may not be aware of, is that the domain registry system had a slight overhaul recently, after ICANN mandated a change in the registrar transfer procedures.
More specifically: while in the past a domain transfer would automatically be rejected when the account holder did not approve it, recently this changed so now a transfer request get approved by default unless the account holder actively rejects it.
Yes -- that means that if the owner to be on vacation, doesn't check his mail frequently enough, has a spamfilter that ate the transfer notice, or simply never received the message in the first place for whatever other reason, the domain transfer request will automatically be granted.
ICANN's reasoning for this was alledgedly that it would prevent a defunct hosting provider or non-working administrative account from keeping a customer's domain hostage.
The only way to change this behaviour and reject a domain transfer by default, is to lock the domain with the registrar. Many of the registrars responded to this policy change by proactively locking all domains hosted with them with little warning (Network Solutions, for example)
Anyway, it's quite likely that this domain in question simply didn't get locked (or was actively unlocked by the administrator because it was deemed inconvenient?). Then if anyone sent a (bogus) transfer request and the administrator either didn't see the notice or didn't respond in a timely fashion to reject it, this would happen.
This will happen to ANY domain that is not currently locked, and who's admin contacts aren't paying close enough attention to their mailbox. If you haven't already done so: MAKE SURE YOUR DOMAINS ARE LOCKED!!!
Yet another example of how ICANN makes the world a better place, I guess.
...or I can pick up a new Mac Mini for $499, [apple.com] and be completely secure from all Windows virsues, plus 99.99% of trojans, spyware, etc. And given how long ago NT 4.0 came preloaded on anything, I'll probably get a faster machine in the bargain.
Which would you choose?
That one that allowed me to keep running the same legacy software -- i.e. not the mac.
Slashdot Mirror
Windows2K, XP, Vista (And even all the older variations of NT) have time restricted and control login and usage policies. This is something that an administrator can easily set in the domain or authenication server or even a local machine policy. This is something that is very easy to set, even on a home computer for Kids let alone a domain where you can flip a switch all the systems obey.
That's not the issue at hand here -- the original poster was referring to the amount of time it takes to log on with certain schemes, and not talking about restricting logon/logoff to a certain times of day
Flash-forward to a couple of years ago, when Bill sent out yet another all-hands memo, pointing the company in the direction of security. At first, we all laughed. But now it's becoming more and more obvious that they're taking security every bit as seriously as they once took the Internet. They are aiming to be the top of the heap in security, and they've got drive, ambition and aggression.
Too bad that it won't work, unless they scrap everything they have and start from scratch, likely breaking all most backwards compatibility in the progress.
'security' isn't something you can just slap on top after the fact, it's the foundation of a solid system. If you just paint over the holes, you will keep on doing that forever.
Direct answer to your question: Our T1 line is beyond essential to the daily operation of the organization. It's absolutely mission critical that we're connected at all times, without interruption or major packet loss.
If it is so absolutely mission-critical, with any outage potentially causing irreperable damage... how on earth could one justify not having a backup connection from another provider as well? You're putting all your eggs in one basket otherwise. Having dealt with extensive telco outages over equipment failure on their end, I'd be very hesitant to trust them with the life of your business over something like that. You really don't want to be a telco hardware failure in an 'irreplacable' router away from having to close your company for good.
So... surely one would assume you would also have a connection through another ISP/medium that's always available for a fall-over?
Have a static IP on the 2nd line, secondary MX records and such pointing to the secondary uplink connection... Could save you a world of hurt.
I've worked for an ISP, it's absolutely amazing how often people would call in screaming if their $9.95 dialup account ran into any busy signal at all, claiming "they just lost tens of thousands of dollars" because of it when trying to trade their stocks online. Of course the ISP does their best to prevent downtimes, but seriously -- if you have that much money riding over the ability to get online quickly, you should have your head examined to have it all riding on dialup internet, hardly the pinnacle of reliability. One would think that the LEAST you would do is ensure that you either have a secondary account with another ISP, or preferably have an always-on connection like ADSL with dialup internet as your fall-back option.
...A one or two year old laptop tends to have a fraction of the battery life of a brand new one. Now look at the replacement cost of not one, but thousands of batteries.
eventually led to a society built around getting rid of defective people as a whole or making life difficult for them
Not really built around, it was more a side-effect of the risk/rewards analyses an employer could do. All things being equal, would you rather invest in someone who is likely to continue to be in good health, or someone who will likely die of a heart attack at an early age?
If everyone would look after their own/corporate interests that way, oppertunities for the 'less desirables' will shrivel up to next to nothing, without anyone actively trying to get rid of them. They just kind of fall through the cracks in the system.
It's still a matter of semantics:
... do you consider a chicken egg to be an egg *laid* by a chicken, or an egg that *hatches* a chicken?
- Assuming that one means a "chicken egg" rather than a generic "egg"...
-
If two proto-chickens create an egg that brings forth the first true chicken-as-we-know-it, was the egg it came from a chicken egg? Or do you have to wait for your very first chicken to lay its own eggs before you consider them chicken eggs?
Depending on your definition on chicken egg, one can still explain it either way, and in both cases it's 'obvious' which of the two came first under your interpretation.
In the two remaining years, VeriSign will only be able to raise prices if it can show the rises are necessary for security reasons.
Come again?
Maybe 'securing their profits' counts?
Actually slightly more elaborate: SQL 7 SP3 was also affected, plus they wrote the password to not one, but two files:
Summary
On May 30, 2000, Microsoft released the original version of this bulletin, to announce the availability of a patch that eliminates a security vulnerability in Microsoft® SQL Server® 7.0 Service Packs 1 and 2 installation routine. When run on a machine that is configured in a non-recommended mode, the routines record the administrator password in a log file, where it could be read by any user who could log onto the server at the keyboard.
On June 15, 2000, the bulletin was updated to note that, under the same conditions as originally reported, the password also is recorded in a second file. A new version of the patch is available that prevents the password from being recorded in either file.
On May 10, 2001, the bulletin was updated to note that Service Pack 3 is also affected by this vulnerability. A new patch is available for SP3 and we are also providing a command line utility (post Service Pack deployment) to remove all instances of the SA password written in either file via Q263968.
So not only did they have a similar problem, it persisted for over a year after initially being found & alledgedly fixed.
Nevertheless, AC is right. If it was relvealed that the local Administrator account or the domain Administrator account was stored anywhere as plain text in Windows 2000, XP, or 2003, then MS would be reamed endlessly and very harshly here.
i n/MS00-035.mspx
Interestingly enough Microsoft did make pretty much the same mistake, with Microsoft SQL 7, both servicepack 1 & 2. They wrote the SQL administrator password to the installation log file, which would give you full access to any SQL database on the server. Written to a logfile in the TEMP folder, which by default has full read/write access for any user on the system.
Security bulletin: https://www.microsoft.com/technet/security/bullet
(The 'non-recommended' mode mentioned is using SQL authentication instead of windows NTLM authentication, which much more common then they try to make it sound)
Daily, on the radio, I hear ads that say "Mention this ad and save an additional 12%!" This system allows the advertising folks to learn quickly whether their ad is reaching its audience. The customers come in and tell you so.
Is there any reason why internet ads do not do this?
Because they don't need to ask you, they already have that information -- each time you click on a link that takes you to their site, the webserver can log the referrer URL. With a search engine, the referrer URL will contain both the name of the search engine, and the words you searched on. Since this is automated and is viewable for nearly every visitor to your site, it will be a lot more reliable than getting people to actually actively *tell* you how they got there, since many wouldn't even bother to do so.
- Stop telling me "access denied" when I'm the fracking system admin. I really hate that. Processes can't be killed, services can't be stopped, files can't be deleted, etc because "Access denied". Kill the damn process if I tell you to.
You can still stop them. The catch is that "administrator" is not the account with the highest credentials, "system" is.
You can use the 'kill.exe' from the MS option pack to shoot down almost all 'unkillable' processeses, or escallate your current permissions by launching Taskmanager from the system account. By default, everything launched through the scheduler or AT runs under 'system' credentials.
(Launching cmd.exe through the scheduler in 'interactive' mode will give you a command prompt you can launch anything through with full access. The drawback of 'system' is that it has no access to any network resources, for security reasons.)
what feature will I get that I don't already have in Mac OS X 10.4?
Being able to run the majority of the software on the market today?
In my experience over the past couple of years, there are few PC 'optimizations' as effective as uninstalling Symantec antivirus, firewall, spamfilter and associated applications..
It is absolutely *astounding* the percentage of techsupport calls coming in at an ISP helpdesk are the direct result of a malfunctioning Symantec application. Especially Norton Antivirus -- after a while, you almost start to suspect that Symantec released that program as a practical joke.
McAfee is a distant second, while AVG and Avast rarely cause any problems. It's amazing how many problems, lock-ups and corrupted email problems magically disappear simply by uninstalling Norton Antivirus and installing the free version of AVG instead.
Somehow, I am rather sceptical that things will get better by them slapping their entire product line in a single box, and trying to cram in a pony on top of it. Jack of all trades, master of none.
E.g., he describes a case where a patient with a certain damage in the cerebrum experienced himself as blind: he could not consciously experience the world with the visual sense. However, if you unexpectedly hurled an object towards the patient's face, he would dodge, as visual stimuli still reached the cerebellum and triggered reaction.
IIRC This is known as "Blind-sight" -- not being able to 'see'/recognize anything, but able to detect motion. Brain-damaged people with this disorder can tell you if an object is moving left, right, up or down, but they won't be able to tell you what the object in question actually is, or what it looks like. They can't tell a ball from a mouse pointer from a hand, and when it stops moving they can't detect it at all.
Supposedly it's the same type of vision that some reptiles have.
"Human kids better at following directions than chimps"
Alternatively: Fill the 3G jug. Pour it into the 5G jug. Fill the 3G jug again, and pour it in the 5G jug. 1G will remain in the 3G jug. Empty the 5G jug, and pour the 1G from the 3G jug into it. Fill the 3G jug up once more, and empty it into the 5G jug -- which will now contain 4G.
At least there's always RealAlternative to play Real video, using Mediaplayer Classic... No questionable taskbar junk, no shady installer, no RealPlayer. You'll never look back.
I'm continually amazed that MS has such traction that F/OSS has to fight to get anywhere. If MS and Linux were cars (never mind old jokes) people would be buying magazines to compare, taking test drives, and asking their buddies which one to buy...
The problem with this analogy is that with cars, there are no real 'interoperability' issues: Your car doesn't have to be 'compatible' with your neighbor's or co-workers cars for it to be 'productive'. Driving a different brand car than your coworkers has exactly 0 impact on your productivity, which is not the case with computer systems were interoperability/compatibility are major factors.
One of the major reasons for the high price of most hardware RAID5 solutions, is the hot-swap backplane. If you are OK with a solution where you would have to shut down the server in order to replace a bad drive (which would be OK for most home use I would image), you can find some *very* cheap hardware RAID controllers ($50, for both ATA and SATA) that will do the job just fine...
Microsoft's roadmap shows Win2K currently in the 'extended' support phase, which means that they won't be adding new functionality, but will continue to offer paid support, and release bug fixes. Support will be dropped altogether 10 years after the initial launch. (Microsoft's current support roadmap & timelines were in part released due to the backlash after their intial rather short notice that Win98 would be end-of-lifed. They then extended support for it a bit, and released a roadmap so people knew what to expect for their other product lines.) Their current standard policy is 5 years mainstream support, 5 years extended support, then you're on your own.
It takes a good few inches of lead (or a good few feet of concrete, dirt, whatever) to significantly attenuate gamma rays - and if the ones were are talking about were powerful enough to get through the full depth of the earth's oceans and still kill things when they got there - then you'd need to wrap the earth in a few feet of lead - or hide down some amazingly deep mine-shafts
The article didn't say that the gamma rays themselves killed off life deep in the ocean, it just said that it killed of much of the plankton which lives in the first few feet in the ocean. Since the plankton is the bottom step in the food chain, it disappearing will starve a lot of small animals, which in turn means no food for the animals that eat them, etc.
Rinse & repeat all the way down the food chain.
Even life at the bottom of the ocean is dependend on what's going on near the surface. It may take a while, but eventually cataclismic changes near the surface will deplete much of the food sources in the deep as well.
[quote]When you signed in, when you signed out, when you became idle, when you became busy etc etc.[/quote] Your IP address.
I think the fact that they have two rovers that have performed extremely well under harsh conditions 4x over their rated life is an incredible accomplishment
True -- But while very impressive, some of the engineers did admit to have 'pulled a Scotty' and purposfully underestimated the expected lifetime of the rovers.
What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever
Or so they say.
What many people here may not be aware of, is that the domain registry system had a slight overhaul recently, after ICANN mandated a change in the registrar transfer procedures.
More specifically: while in the past a domain transfer would automatically be rejected when the account holder did not approve it, recently this changed so now a transfer request get approved by default unless the account holder actively rejects it.
Yes -- that means that if the owner to be on vacation, doesn't check his mail frequently enough, has a spamfilter that ate the transfer notice, or simply never received the message in the first place for whatever other reason, the domain transfer request will automatically be granted.
ICANN's reasoning for this was alledgedly that it would prevent a defunct hosting provider or non-working administrative account from keeping a customer's domain hostage.
The only way to change this behaviour and reject a domain transfer by default, is to lock the domain with the registrar. Many of the registrars responded to this policy change by proactively locking all domains hosted with them with little warning (Network Solutions, for example)
Anyway, it's quite likely that this domain in question simply didn't get locked (or was actively unlocked by the administrator because it was deemed inconvenient?). Then if anyone sent a (bogus) transfer request and the administrator either didn't see the notice or didn't respond in a timely fashion to reject it, this would happen.
This will happen to ANY domain that is not currently locked, and who's admin contacts aren't paying close enough attention to their mailbox. If you haven't already done so: MAKE SURE YOUR DOMAINS ARE LOCKED!!!
Yet another example of how ICANN makes the world a better place, I guess.
...or I can pick up a new Mac Mini for $499, [apple.com] and be completely secure from all Windows virsues, plus 99.99% of trojans, spyware, etc. And given how long ago NT 4.0 came preloaded on anything, I'll probably get a faster machine in the bargain. Which would you choose? That one that allowed me to keep running the same legacy software -- i.e. not the mac.