Here's what happens when you use HTTP to talk to a site:
1) Open socket to ip address and port. 2) Send HTTP request, including the Host: header. 3) Get response.
Here's what happens when SSL gets added.
1) Open socket. 2) Negotiate SSL, including verifying the certificate, which contains the host name. If it doesn't match, fail. 3) Send HTTP request, including the Host: header. 4) Get response.
Unless you want to replace every browser out there, along with every web server, to enable a new STARTTLS-enabled HTTP/2.0 protocol that can send the hostname before the command (GET, POST, etc), we're stuck.
... Which does not change the fact that a layer 7 filter, such as an HTTP proxy, takes quite a bit more processing power than a simple IP-based (layer 3) ACL on a router.
In short, of course the parent's heard of a proxy. Of course it's easy *to set up* and the tools are available. Now, build me one that can handle multiple OC-48 pipes without slowing down traffic and won't piss off paying customers by caching pages with old information (such as pages that a web designer is working on, or cnn.com).
But my phone does it and I have ear pieces... I find it better when flying and other places to do that rather than drain my laptop batteries.
That's a federal offense, mmmmkay? I don't know of any combined phone/pda/mp3 player/game console/electric razor that allows you to shut off the *phone* -- and having the cell phone on while you're flying around is a Bad Thing, according to the FAA.
Not trying to say whether or not that law has any merit, but it is there and I'd be damned careful with it. Personally, that is one reason that I prefer separate devices for such things. One device should do one or two things very well, not 20 things poorly.
Recent studies have shown that DVD that's not pressed, but written with a consumer-grade DVD recorder does not have especially good longevity, just as a warning. Commercially pressed DVDs do have excellent life, but same as home-written CDs, it's not that great otherwise.
The specific media makes a big difference as well. Look up the NIST study about it. Interesting reading.
The prices quoted in the article are in quantities of 1000. You are buying one. As Dell is one of the very few vendors that can actually get the dual-core P4EEs, they're going to take profit on them.
Plugged a floppy cable in to one of the expansion ports on an old DPT SCSI card (EISA!), back in the day. The ports were meant for RAID processors, cache, battery, alarms...
It had the right number of pins. However, the floppy cable melted and ignited when I turned the machine on, and some of the burning plastic hit the motherboard.
My boss was not pleased.
Still not as fun as making an Apple Disk II controller explode (the old external ribbon cable 5.25" floppys for Apple IIs, if you offset the cable right, it fed power back to the controller chip which would then explode.)
The really interesting part of using a preview of the file's contents to create an icon? Malicious contents.
Now, we don't even need to open the file for Word to be loaded as an OLE^H^H^H ActiveX^H^H^W COM component and exploited. Excellent.
You know that's how they'll do it -- by using components. That's the traditional Microsoft way, and why else would you need a few gigs of RAM and a 4Ghz proc to make it look shiny? If Intel's going to keep pushing your crap, well, you've got to push people to buy theirs.
Right. I trust downloading RANDOM FRICKIN' EXECUTABLES from some arsehole's blog! Jebus. People should know better than to encourage Granny to run random programs from email and web pages.
Now, do I need to explain further why this is a bad idea, and why anyone who does trust this stuff has about 20 different dialers and a few hundred other forms of malware on their (underpatched) Windows box?
Also, your != you're. When I see a programmer make this type of mistake, I can only assume that mistakes like "if (foo = 0) { error("failed foo"); }" will be common. If you can't handle basic grammar, including proper use of possessives, I don't trust you to not make simple logic errors.
It's a simple matter of attention to detail. Both human languages and computer languages have simple rules that are easy to learn.
Apparently, I'm feeling a bit pedantic today. </nazi type="grammar">
If you used the same chips as that VC20 upgrade, it would not fit in the case of an original Mac at 1MB. You would need a much larger box. Now, if you used higher density chips... ooh. The price just jumped a little.
What rankles the professors is that someone lower on the totem pole is dictating to them what they can and cant do (its an ego thing). Take it to the next level, and they wont complain.
Incorrect.
As far as I can tell, a significant portion of academia believes that nobody may dictate what they can and cannot do. This group considers it a critical part of academic freedom, and in many cases rely on the insecurity for the way they work. I've heard of faculty threatening to unionize for less.
The problem runs much deeper than a simple "Get their boss to tell them." It doesn't matter if the president of the University decrees it; there are many professors that just won't care, and won't see the problem. I've had to argue with people about whether they should have a password at all, much less a strong one.
"If someone wants to see my work, I welcome them, and nobody would have any reason to destroy my work." Even if the account is compromised, many won't care because that doesn't affect their work -- it may cause some minor disruption, but nothing compared to changing the way they work. To make the system secure, you have to prevent Dr. Alice giving her password to Grad Student Bob so that they can share files. They have to change the way that they've worked for the past 15 years, and in general, that's not going to happen.
Even something as simple as removing administrator-level access to the desktop is almost impossible. Often, there are even valid reasons, like strange software that doesn't run without it but that is actually essential to their research, or the need to install and run extremely esoteric software that's not in general use. This isn't the corporate world where >90% of users are fine with {Outlook|Notes|etc.} and MS Office, and maybe a couple of custom apps that are widely deployed to a group of people. Each researcher often has unique requirements.
Even focusing on the almighty {Dollar|Euro} probably won't help, because at least in the US, NSF and NIH regulations prohibit charging a grant with some of the basic costs, like telephones and network connectivity. If the support staff were charging for service, the funding streams *could not* pay it, under federal law. The last time I really looked at this was years ago, so it may be more relaxed now, but I doubt it.
If anything, academia has more inertia than government.
Here in the uk, we don't have such a thing as.com.uk, if we did, i'm pretty sure it would happen here as well.
Hmm. I seem to recall seeing sites on that there Intarweb like http://www.ox.ac.uk/ (.ac being short for academic or academia, equivalent to.edu). How about http://www.london-eating.co.uk -- a random guide pulled from google. http://www.tesco.co.uk exists, but redirects to tesco.com. There's also a.org.uk domain.
Quite a few of the older.co.uk sites redirect to.com now, like www.virgin.co.uk (redirect to www.virgin.com/uk/). The domains still exist and I'm sure that cockups like this one happen -- it's just that usually the organization that owns foo.co.uk usually owns foo.com (and foo.co.au, if they're in that market).
Intel's really falling behind the curve if that's the case. If I were a stockholder, I'd be pretty annoyed after AMD64^H^H^H^H^H EM64T, and the Itanic debacle. Now they're cloning a Sun processor design? Heh.
Willing to share those reverse-engineered scripts?;)
Send mail to @gmail.com if you are. I'm willing to barter...
Personally, I'm annoyed that I can't use a 250G IDE disk in an old Ultra 5 and Solaris x86 doesn't seem to support any third-party PCI IDE or SATA controllers I can get my hands on, so I have to use relatively expensive disk to hold a large number of different Solaris versions (along with several Linux distros.)
Actually, it's depleted uranium. Not as toxic as plutonium, but still not exactly pixie dust.
It's used by the military for an unusual property -- when DU munitions strike armor or metal, they basically vaporize themselves in a heat flash, allowing DU shells to cut through tank armor.
Unfortunately for anyone nearby, or living in the nation being attacked, when the DU vaporizes, it leaves an extremely fine radioactive dust in the air, which then settles and pollutes the area, as well as being inhaled by anyone nearby.
Radiation levels in many parts of Iraq are way above normal background, and since the first Gulf War, the incidence of birth defects has risen dramatically. You can google for references yourself.
Thou shalt not connect to other servers. Thy network shall be sacrosanct, and thy packets shall be blessed by the Holy Squid before passage to the Internet shall be permitted. Thou shalt worship no other $DEITY but the Authenticated Proxy.
For each way around a firewall, there's a more draconian policy that can prevent it. In any company with an IT staff, there would be no reason for you, my profanity-laced friend, to connect to any outside SMTP server unless your machine is the mail server (which it would not be). You would connect to the internal SMTP server, authenticate, and relay your mail that way. Otherwise, any compromised host could start dumping virus-laden messages or UCE, which is bad.
Of course, the more draconian the security policies become, the more difficult it becomes to do work theoretically the reason that you're using a computer. A balance has to be found, and in most businesses, that balance will be on the side of control.
All communications must be logged when dealing with financial data under SEC regs. HIPPA has a lot of logging and privacy requirements that hit anything dealing with people's medical records, including a lot of academic reasearch. If you have corporate secrets that you're trying to protect, you're not going to allow unrestricted communication out of your network. You also don't want Claria's software to end up on your desktops and possibly cause an exposure of customer data (and the ensuing spate of lawsuits).
In cases where you can say there is no "secret" information, and I doubt that there are many of them, logging is still recommended for protection from landsharks. Quite honestly, it's often used to find a reason to fire someone who's been slacking (or doing something else that's bad, like borderline sexual harassment), but not quite enough to prove they aren't doing their jobs well enough to avoid a lawsuit. Or, alternately, used to discipline Peter the Perv after he's caught browsing pr0n on company time, proving that Alice did see boobies on his screen and thus avoiding a lawsuit.
I'm not advocating hard control -- in fact, I think I'm just feeding a troll -- but there are good reasons to do it. When a company (or university) has one person responsible for a couple hundred or more desktops, that's an extraordinarily hard job if there is no control of the desktop. IT is understaffed to handle people having admin rights. In some cases, it's still understaffed to *not* have users with admin rights, and can't respond effectively to requests.
The situation would be worse if the desktop was not locked down. It would not be better in those cases where IT is understaffed. If you've done everything possible to prevent fires, and you still don't have enough staff to put out the fires that start anyway, you won't have time to deal with Jane User needing Access installed on her machine to manage a simple database, especially since Joe or Jane is likely to need training or support on using that software.
Slashdot Mirror
Here's what happens when you use HTTP to talk to a site:
1) Open socket to ip address and port.
2) Send HTTP request, including the Host: header.
3) Get response.
Here's what happens when SSL gets added.
1) Open socket.
2) Negotiate SSL, including verifying the certificate, which contains the host name. If it doesn't match, fail.
3) Send HTTP request, including the Host: header.
4) Get response.
Unless you want to replace every browser out there, along with every web server, to enable a new STARTTLS-enabled HTTP/2.0 protocol that can send the hostname before the command (GET, POST, etc), we're stuck.
... Which does not change the fact that a layer 7 filter, such as an HTTP proxy, takes quite a bit more processing power than a simple IP-based (layer 3) ACL on a router.
In short, of course the parent's heard of a proxy. Of course it's easy *to set up* and the tools are available. Now, build me one that can handle multiple OC-48 pipes without slowing down traffic and won't piss off paying customers by caching pages with old information (such as pages that a web designer is working on, or cnn.com).
Not so easy anymore.
Not trying to say whether or not that law has any merit, but it is there and I'd be damned careful with it. Personally, that is one reason that I prefer separate devices for such things. One device should do one or two things very well, not 20 things poorly.
Recent studies have shown that DVD that's not pressed, but written with a consumer-grade DVD recorder does not have especially good longevity, just as a warning. Commercially pressed DVDs do have excellent life, but same as home-written CDs, it's not that great otherwise.
The specific media makes a big difference as well. Look up the NIST study about it. Interesting reading.
The prices quoted in the article are in quantities of 1000. You are buying one. As Dell is one of the very few vendors that can actually get the dual-core P4EEs, they're going to take profit on them.
Plugged a floppy cable in to one of the expansion ports on an old DPT SCSI card (EISA!), back in the day. The ports were meant for RAID processors, cache, battery, alarms...
It had the right number of pins. However, the floppy cable melted and ignited when I turned the machine on, and some of the burning plastic hit the motherboard.
My boss was not pleased.
Still not as fun as making an Apple Disk II controller explode (the old external ribbon cable 5.25" floppys for Apple IIs, if you offset the cable right, it fed power back to the controller chip which would then explode.)
Now, we don't even need to open the file for Word to be loaded as an OLE^H^H^H ActiveX^H^H^W COM component and exploited. Excellent.
You know that's how they'll do it -- by using components. That's the traditional Microsoft way, and why else would you need a few gigs of RAM and a 4Ghz proc to make it look shiny? If Intel's going to keep pushing your crap, well, you've got to push people to buy theirs.
The farmers would howl. They need the kids on the farm as slave labor in the summer. In fact, many howl that school starts too early as it is...
shamelessly borrowed from the Monastery.
See? You forgot Poland.
Yes, yes, yes, but the binary on Bob Blogger's site? That's not open. I don't know what else is hiding in there.
Not trying to troll. Just think it's a damned bad idea.
Right. I trust downloading RANDOM FRICKIN' EXECUTABLES from some arsehole's blog! Jebus. People should know better than to encourage Granny to run random programs from email and web pages.
Now, do I need to explain further why this is a bad idea, and why anyone who does trust this stuff has about 20 different dialers and a few hundred other forms of malware on their (underpatched) Windows box?
It's a simple matter of attention to detail. Both human languages and computer languages have simple rules that are easy to learn.
Apparently, I'm feeling a bit pedantic today. </nazi type="grammar">
If you used the same chips as that VC20 upgrade, it would not fit in the case of an original Mac at 1MB. You would need a much larger box. Now, if you used higher density chips... ooh. The price just jumped a little.
It stands for "Three Letter Acronym."
Incorrect.
As far as I can tell, a significant portion of academia believes that nobody may dictate what they can and cannot do. This group considers it a critical part of academic freedom, and in many cases rely on the insecurity for the way they work. I've heard of faculty threatening to unionize for less.
The problem runs much deeper than a simple "Get their boss to tell them." It doesn't matter if the president of the University decrees it; there are many professors that just won't care, and won't see the problem. I've had to argue with people about whether they should have a password at all, much less a strong one.
"If someone wants to see my work, I welcome them, and nobody would have any reason to destroy my work." Even if the account is compromised, many won't care because that doesn't affect their work -- it may cause some minor disruption, but nothing compared to changing the way they work. To make the system secure, you have to prevent Dr. Alice giving her password to Grad Student Bob so that they can share files. They have to change the way that they've worked for the past 15 years, and in general, that's not going to happen.
Even something as simple as removing administrator-level access to the desktop is almost impossible. Often, there are even valid reasons, like strange software that doesn't run without it but that is actually essential to their research, or the need to install and run extremely esoteric software that's not in general use. This isn't the corporate world where >90% of users are fine with {Outlook|Notes|etc.} and MS Office, and maybe a couple of custom apps that are widely deployed to a group of people. Each researcher often has unique requirements.
Even focusing on the almighty {Dollar|Euro} probably won't help, because at least in the US, NSF and NIH regulations prohibit charging a grant with some of the basic costs, like telephones and network connectivity. If the support staff were charging for service, the funding streams *could not* pay it, under federal law. The last time I really looked at this was years ago, so it may be more relaxed now, but I doubt it.
If anything, academia has more inertia than government.
After that reply, did you still get to go?
You, sir, are not exactly observant.
Hmm. I seem to recall seeing sites on that there Intarweb like http://www.ox.ac.uk/ (.ac being short for academic or academia, equivalent toQuite a few of the older .co.uk sites redirect to .com now, like www.virgin.co.uk (redirect to www.virgin.com/uk/). The domains still exist and I'm sure that cockups like this one happen -- it's just that usually the organization that owns foo.co.uk usually owns foo.com (and foo.co.au, if they're in that market).
You wouldn't type out move either, if you were only using a DECwriter III. Not if you had a choice.
Intel's really falling behind the curve if that's the case. If I were a stockholder, I'd be pretty annoyed after AMD64^H^H^H^H^H EM64T, and the Itanic debacle. Now they're cloning a Sun processor design? Heh.
</flamebait>
Bah. That was @ gmail.com. That's what I get for not previewing.
Send mail to @gmail.com if you are. I'm willing to barter...
Personally, I'm annoyed that I can't use a 250G IDE disk in an old Ultra 5 and Solaris x86 doesn't seem to support any third-party PCI IDE or SATA controllers I can get my hands on, so I have to use relatively expensive disk to hold a large number of different Solaris versions (along with several Linux distros.)
It's used by the military for an unusual property -- when DU munitions strike armor or metal, they basically vaporize themselves in a heat flash, allowing DU shells to cut through tank armor.
Unfortunately for anyone nearby, or living in the nation being attacked, when the DU vaporizes, it leaves an extremely fine radioactive dust in the air, which then settles and pollutes the area, as well as being inhaled by anyone nearby.
Radiation levels in many parts of Iraq are way above normal background, and since the first Gulf War, the incidence of birth defects has risen dramatically. You can google for references yourself.
Or, alternately, they've already been 0wn3d and don't bloody realize it. That's a fairly common result of complacency.
For each way around a firewall, there's a more draconian policy that can prevent it. In any company with an IT staff, there would be no reason for you, my profanity-laced friend, to connect to any outside SMTP server unless your machine is the mail server (which it would not be). You would connect to the internal SMTP server, authenticate, and relay your mail that way. Otherwise, any compromised host could start dumping virus-laden messages or UCE, which is bad.
Of course, the more draconian the security policies become, the more difficult it becomes to do work theoretically the reason that you're using a computer. A balance has to be found, and in most businesses, that balance will be on the side of control.
All communications must be logged when dealing with financial data under SEC regs. HIPPA has a lot of logging and privacy requirements that hit anything dealing with people's medical records, including a lot of academic reasearch. If you have corporate secrets that you're trying to protect, you're not going to allow unrestricted communication out of your network. You also don't want Claria's software to end up on your desktops and possibly cause an exposure of customer data (and the ensuing spate of lawsuits).
In cases where you can say there is no "secret" information, and I doubt that there are many of them, logging is still recommended for protection from landsharks. Quite honestly, it's often used to find a reason to fire someone who's been slacking (or doing something else that's bad, like borderline sexual harassment), but not quite enough to prove they aren't doing their jobs well enough to avoid a lawsuit. Or, alternately, used to discipline Peter the Perv after he's caught browsing pr0n on company time, proving that Alice did see boobies on his screen and thus avoiding a lawsuit.
I'm not advocating hard control -- in fact, I think I'm just feeding a troll -- but there are good reasons to do it. When a company (or university) has one person responsible for a couple hundred or more desktops, that's an extraordinarily hard job if there is no control of the desktop. IT is understaffed to handle people having admin rights. In some cases, it's still understaffed to *not* have users with admin rights, and can't respond effectively to requests.
The situation would be worse if the desktop was not locked down. It would not be better in those cases where IT is understaffed. If you've done everything possible to prevent fires, and you still don't have enough staff to put out the fires that start anyway, you won't have time to deal with Jane User needing Access installed on her machine to manage a simple database, especially since Joe or Jane is likely to need training or support on using that software.