Well though out...but is this a pipedream?
on
Public Net-work
·
· Score: 4, Interesting
I like the *ideas* presented in this guys article, but at this point in time I think its still a bit of a pipe dream. Mostly due to the lack of familiarity with the technology by non-technical people and the paranoia of those technical enough to understand what is going on behind the scenes.
Also, trying to communicate anything meaningful in a public electronic forum is next to impossible any more. There is just too much noise. The only good way to reduce the noise is to make people accountable for their comments and suggestions. But, as we all are well aware, the only good way to make people accountable is to take away their anonymity....which kinda defeats the purpose in the first place.
I hear occasional notes about "problems" with civil rights, and then there's the whole pirated anime problem.
And what, exactly, does that have to do with whether or not this attack is actually going. Plenty of governments have plenty of problems.
... but no hard information about the programs, the companies, or the government agencies.
Giving out that sort of information is not necessary and could actually make the problem worse!! Imagine telling the rest of the world the names of entities that are trojaned, and the programs that were used. I think more than a few script kids would jump on the hacking bandwagon and make the problem far worse that it is currently before the sys admins have any time to patch their systems or put other counter-measures into place.
Wow! This is exactly the reason that systems administrators generally dislike most members of their development group. Your attitude does not do very much to endeer us 'cable monkeys' and 'PHB's to you.
"IT people", who give a shit about logs and backups and think plugging a PC and monitor into a powerbar is "computer science"
If you think this is all that is involved in running a remotely large and reliable network, you are sadly mistaken my friend. A lot of thought, planning and testing goes into most corporate network infrastructures.....kinda like software development.
"Computer Science" is a very broad term that encompasses much more than just 'programming'.
Allowing the OEM to decide whether or not DRM can be disabled could hurt the open OS community. What if Dell and/or Micron decided to make DRM a mandatory feature on their PC's. Then only operating systems that support DRM could be loaded onto these PC's.
If MS, or any other vendor for that matter, convinced a couple of large desktop vendors to make DRM mandatory....the spread of OS's that don't support DRM will dramatically slow down.
I often wonder if corporations basing their whole infrastructure off of linux (and other free software) is really fair to the open source community. Corporations who have embraced open software (linux specifically) are really saving themselves a lot of money. It'd be nice of those coporations would kick back some of their savings into supporting open source projects and initiatives.
On the other hand, without wide adoption, the rate at which Linux has developed probably wouldn't be any where near what it currently is. The best way to find bugs and feature requests is to get as many people as possible banging on a piece of software until it fails (or seems deficient in one area or another). So maybe the exposure, feature enhancements and bugs found are the proper 'payment' I spoke of.
but i think a lot of the reason GNOME and KDE each have such a huge following is because they're very pleasant to look at
Not a flame.....but, I completely disagree. I think the reason that KDE and GNOME are so popular has everything to do with the fact that they are the default window managers in the most popular Linux distros (*cough*RedHat*cough*Suse*cough*). Another plus is that they bring that 'Windows'-ish feel, which new Linux converts crave......it gives them something somewhat familiar while investigating a whole new world (read: Linux/*BSD/your-free-unix-like-OS-of-choice)
The project may start out as an un-biased ranking system. But, if it gets very popular, the cost of running and maintaining a search engine that gets much traffic at all will require some sort of funding. (case in point: Google)
Maybe if the thing was intended for use only by educational institutions, then some education grants could be used to support the infrastructure required to run a popular search engine? Or maybe it could be a subscription-based service? I dunno...couple of thoughts on how to pay for it anyway.
Bottom line: somebody's gotta pay for it and (usually) the easiest way to pay for it is through advertising.....which will (unforunately) probably lead to money-biased rankings.
He doesn't delve into the details of Snort, and this book makes a perfect choice for a reader who wants to get The Pig up and running quickly and move on to something else.
Anybody who makes a statement like that quite obviously has never gotten too serious about setting up and maintaining an IDS. Every IDS I've ever used has required quite a bit of care and feeding to make it useful.
First of all, most IDS's have so many false-positives right out of the box that you just have to do some tweaking to keep your sanity.
Next, for an IDS to be effective, it must be kept up to date. This means importing new rules from the vendor. Making sure those rules are not a whole new batch of false positives. And writing your own rules to tailor the IDS to effectively monitor your network.
These kind of things (and the above 2 are just a couple of examples of many different care/feeding aspects of IDS installations) are a must if you are even remotely serious about having an effective IDS. An IDS, by its very nature, is a system which is definitely NOT a 'set up and move on to something else' kind of system.
I bet they're pretty smacked right now. This link and links to isc.sans.org were immediately put up all over the place and sent to security mailing lists when people started hearing about the worm.
Because Linus and all of the other people who contributed to Linux released their code under the GPL. This is one of the main arguments with SCO....whether or not they actually released the code under GPL, which (if they DID) would prevent them from claiming IP rights on it.
This still doesn't protect you from a 'user' clicking on a file attachment that they should not have and infecting the local box. If your local firewall is limiting outbound traffic as well, then great. At least you won't spread the disease.
Honestly though, if you've taken the time to put firewall rules in place on each individual box, why not just patch each one while you're at it?
Everybody keeps posting that they have this or that port blocked on their firewall, so they're safe. Not so. All it takes is one person inside your network to open the wrong file attachment, or one laptop that went outside the network and then came back in to infect your internal network.
Therefore, one could reasonably conclude that $10 spent on marketing does more than $50 spent on tech support. And if that's so, then the consumer has himself to blame for being a tool.
Newsflash: 99% of consumers are tools and $10 spent on marketing probably does do more than $50 spent on tech support. The money is still going to end up in the hands of the people making the decision to charge more (or less) for a product and then out-source their call center to India anyway.
What if the poor support is a direct result of lack of incentive? If they were paid such that they felt their jobs were actually providing a measurable benefit to the company, they may provide better support. Employee morale is often underrated in my opinion.....if you're happy to be at your job, you'll try harder not to lose it.
But do you really think that the people answering the phones get any more money if we pay more for tech support? Nope, the money goes right into the pockets of the people who are already getting most of it anyways.
Allowing this sort of thing would lead to the creation of entire worlds, with all of the ugly economics and politics included!! Alliances will be formed which, in turn, will effectively become digital armies. Once you have a 'digital army' in place that is actually fighting to earn (and take) items that are worth real $$, you might as well have created a 'real' country.....ugliness ensues
This, of course, is a highly simplified description. But, I think you get the point!
Slashdot Mirror
I like the *ideas* presented in this guys article, but at this point in time I think its still a bit of a pipe dream. Mostly due to the lack of familiarity with the technology by non-technical people and the paranoia of those technical enough to understand what is going on behind the scenes.
Also, trying to communicate anything meaningful in a public electronic forum is next to impossible any more. There is just too much noise. The only good way to reduce the noise is to make people accountable for their comments and suggestions. But, as we all are well aware, the only good way to make people accountable is to take away their anonymity....which kinda defeats the purpose in the first place.
And what, exactly, does that have to do with whether or not this attack is actually going. Plenty of governments have plenty of problems.
Giving out that sort of information is not necessary and could actually make the problem worse!! Imagine telling the rest of the world the names of entities that are trojaned, and the programs that were used. I think more than a few script kids would jump on the hacking bandwagon and make the problem far worse that it is currently before the sys admins have any time to patch their systems or put other counter-measures into place.
Sure they do......IBM just needs to purchase ad time during 'Friends' and 'Paradise Hotel'. :)
I can see it now....Linux workstations would be popping up across college campuses nation-wide.
Wow! This is exactly the reason that systems administrators generally dislike most members of their development group. Your attitude does not do very much to endeer us 'cable monkeys' and 'PHB's to you.
"IT people", who give a shit about logs and backups and think plugging a PC and monitor into a powerbar is "computer science"
If you think this is all that is involved in running a remotely large and reliable network, you are sadly mistaken my friend. A lot of thought, planning and testing goes into most corporate network infrastructures.....kinda like software development.
"Computer Science" is a very broad term that encompasses much more than just 'programming'.
Allowing the OEM to decide whether or not DRM can be disabled could hurt the open OS community. What if Dell and/or Micron decided to make DRM a mandatory feature on their PC's. Then only operating systems that support DRM could be loaded onto these PC's.
If MS, or any other vendor for that matter, convinced a couple of large desktop vendors to make DRM mandatory....the spread of OS's that don't support DRM will dramatically slow down.
It's already pretty darn close.
I often wonder if corporations basing their whole infrastructure off of linux (and other free software) is really fair to the open source community. Corporations who have embraced open software (linux specifically) are really saving themselves a lot of money. It'd be nice of those coporations would kick back some of their savings into supporting open source projects and initiatives.
On the other hand, without wide adoption, the rate at which Linux has developed probably wouldn't be any where near what it currently is. The best way to find bugs and feature requests is to get as many people as possible banging on a piece of software until it fails (or seems deficient in one area or another). So maybe the exposure, feature enhancements and bugs found are the proper 'payment' I spoke of.
Slashdotted???......or having power issues?? Looks like their web servers are in NY somewhere.
Sheesh, that's not advancement. :)
but i think a lot of the reason GNOME and KDE each have such a huge following is because they're very pleasant to look at
Not a flame.....but, I completely disagree. I think the reason that KDE and GNOME are so popular has everything to do with the fact that they are the default window managers in the most popular Linux distros (*cough*RedHat*cough*Suse*cough*). Another plus is that they bring that 'Windows'-ish feel, which new Linux converts crave......it gives them something somewhat familiar while investigating a whole new world (read: Linux/*BSD/your-free-unix-like-OS-of-choice)
The project may start out as an un-biased ranking system. But, if it gets very popular, the cost of running and maintaining a search engine that gets much traffic at all will require some sort of funding. (case in point: Google)
Maybe if the thing was intended for use only by educational institutions, then some education grants could be used to support the infrastructure required to run a popular search engine? Or maybe it could be a subscription-based service? I dunno...couple of thoughts on how to pay for it anyway.
Bottom line: somebody's gotta pay for it and (usually) the easiest way to pay for it is through advertising.....which will (unforunately) probably lead to money-biased rankings.
He doesn't delve into the details of Snort, and this book makes a perfect choice for a reader who wants to get The Pig up and running quickly and move on to something else.
Anybody who makes a statement like that quite obviously has never gotten too serious about setting up and maintaining an IDS. Every IDS I've ever used has required quite a bit of care and feeding to make it useful.
First of all, most IDS's have so many false-positives right out of the box that you just have to do some tweaking to keep your sanity.
Next, for an IDS to be effective, it must be kept up to date. This means importing new rules from the vendor. Making sure those rules are not a whole new batch of false positives. And writing your own rules to tailor the IDS to effectively monitor your network.
These kind of things (and the above 2 are just a couple of examples of many different care/feeding aspects of IDS installations) are a must if you are even remotely serious about having an effective IDS. An IDS, by its very nature, is a system which is definitely NOT a 'set up and move on to something else' kind of system.
Yep, right up until the next Apache/Sendmail/Bind exploit comes out.
like......duh! (spoken in my best valley blonde accent)
I bet they're pretty smacked right now. This link and links to isc.sans.org were immediately put up all over the place and sent to security mailing lists when people started hearing about the worm.
Because Linus and all of the other people who contributed to Linux released their code under the GPL. This is one of the main arguments with SCO....whether or not they actually released the code under GPL, which (if they DID) would prevent them from claiming IP rights on it.
This still doesn't protect you from a 'user' clicking on a file attachment that they should not have and infecting the local box. If your local firewall is limiting outbound traffic as well, then great. At least you won't spread the disease.
Honestly though, if you've taken the time to put firewall rules in place on each individual box, why not just patch each one while you're at it?
Everybody keeps posting that they have this or that port blocked on their firewall, so they're safe. Not so. All it takes is one person inside your network to open the wrong file attachment, or one laptop that went outside the network and then came back in to infect your internal network.
http://isc.sans.org/diary.html?date=2003-08-11
Both. It is opening a shell on port 4444 and contacting a tftp server (using the shell) to download a file which is the worm code itself.
Therefore, one could reasonably conclude that $10 spent on marketing does more than $50 spent on tech support. And if that's so, then the consumer has himself to blame for being a tool.
Newsflash: 99% of consumers are tools and $10 spent on marketing probably does do more than $50 spent on tech support. The money is still going to end up in the hands of the people making the decision to charge more (or less) for a product and then out-source their call center to India anyway.
What if the poor support is a direct result of lack of incentive? If they were paid such that they felt their jobs were actually providing a measurable benefit to the company, they may provide better support. Employee morale is often underrated in my opinion.....if you're happy to be at your job, you'll try harder not to lose it.
But do you really think that the people answering the phones get any more money if we pay more for tech support? Nope, the money goes right into the pockets of the people who are already getting most of it anyways.
Allowing this sort of thing would lead to the creation of entire worlds, with all of the ugly economics and politics included!! Alliances will be formed which, in turn, will effectively become digital armies. Once you have a 'digital army' in place that is actually fighting to earn (and take) items that are worth real $$, you might as well have created a 'real' country.....ugliness ensues
This, of course, is a highly simplified description. But, I think you get the point!