And none of those updates covered the RPC vulnerability, again! That's right the Microsoft RPC vulnerability that has already been patched twice is STILL vulnerable and an exploit exists. Word is that Microsoft has been informed but, as usual, no word from Microsoft yet. The notification was sent 10 days ago.
So much for 24 hour patches. On the other hand, I must admit that I have no desire to reboot my servers every 24 hours so, it's just as well that Bill isn't as fast as he says he is.
I wonder if they will actually fix RPC on the third attempt.
I can't help thinking that it would be cheaper to subsidise in-car satnav units with traffic avoidance than building new freeways.
The population is growing. The number of cars on the road is increasing dramatically. How do you think you will be able to avoid the traffic when all of the roads are full? There is no way to reduce congestion without building new roads unless, you somehow restrict the number of cars.
Of course this is another headache for admins still patching for last month's RPC flaw."
That RPC flaw, patched twice so far, is actually still vulnerable. That's right the RPC service will require a third patch.
Security experts have discovered that a vulnerability still exists in the Microsoft RPC service. Furthermore, an exploit has been developed as a proof of concept. The results have been reported to Microsoft but, as yet they have not responded publicly. So, be on the look out for yet another RPC security bulletin from Microsoft. Hopefully, coming soon.
This story showed up on The Register a couple of days ago and then Newsforge cited The Reg article after that. But, as yet I have not seen anyone else report it or corroborate the story. It would be really great if some "News" site were to investigate the validity of this story.
This bill would require that you prove that the insurance company denied you coverage because of your DNA rather than some other reason of their choosing. It doesn't deny them the ability to see or maintain records of your DNA which is what we really need.
With this bill it would be no problem for an insurance company to deny you coverage based on your DNA but, tell you it is due to them having reached their quota for your age/gender/geographic region/past claims.
The law needs to say that they cannot see your genome and they definitely cannot record it. There is no reason for anyone but your doctor and his lab to have it.
It would be a lot nicer if they had included some technical details on this. 10Gbps links are available, though not common. Indeed, they are presently improving the quality and price of 40Gbps equipment.
But, how does one drive the data at 5, 10 or 40 Gbps. These speeds are not a big deal for network switching gear but it is a big deal for a PC. The fastest PCI bus that I have seen maxes out a under 5Gbps and there aren't any disk drives that can offer that sort of throughput. Then one has to wonder how they got a 10Gbps trans-oceanic link. Who is the carrier?
Make of it what you will but, lately there has been a big push to get away from the AOL moniker. In the past few days Time Warner has dropped the AOL name and is changing its stock symbol from AOL.
Now AOL is announcing new services but they too are avoiding the AOL name. What's next? Rename AOL to AISP or The Internet?
One of the features that they cite is "File names can now be intuitively renamed", referring to clicking on the name slowly, ala Windows. Was right click -> Rename not intuitive enough?
In the case of Sysinternals, a couple of students figured out how to mount NTFS partitions for reading and later for writing. They decided that the writable version had value and built a company to sell that version. This is rather like the Yahoo! story where, a couple of students developed a search engine and built a company around it.
In the case of the Linux community, a whole bunch of guys said: "It's undocumented and it's too hard to figure out without the documentation. Besides, Microsoft keeps changing the spec so, there isn't any point in putting much effort into it. Use Ext3 instead."
The thing is that there are others that have also figured it out. Look at all the imaging software that can read and write NTFS partitions. I know that some simply do sector copying but some actually read and write the NTFS file system itself.
The state of NTFS support in Linux is very similar to the way it use to be with Winmodem drivers. For years Linux developers and users berated modem manufacturers for making Winmodems. The story was that Winmodems could NEVER work on Linux. They were undocumented and they were built specifically for MS Windows blah blah blah. But here we are today and, surprise surprise, Winmodems can and do work under Linux. All it took was for someone to figure out how to write the driver.
Last time I checked it was still "experimental" "dangerous" "data loss" blah blah blah.
How about NTFS support that you can really use. I want to be able to treat an NTFS partition no differently than an ext2 partition. Also, the whining about it's undocumented and "Microsoft keeps changing the spec" hasn't affected these guys any. They managed to figure it out on their own and created a company to sell their DOS version and several other versions with full NTFS read and write support. It has been available for years.
Yeah, I posted this about a week ago, I've figured it out since then. I wasn't expecting slashdot to actually approve this.
You asked a lpd 101 question that could easily have been Googled, which is an invitation for flames. But, you submitted a question to askSlashdot, with the intent of it NOT being posted? That's asinine.
If you didn't want it posted, you should not have submitted it. The fact that you are getting flamed now is your own fault and telling people to "go to hell" is just inviting more flames.
But, then again, maybe you have pulled off the ultimate troll. If so, you got me.
The number two Unix vulnerability was RPC, which I was not aware of. However, the last two major windows vulnerabilities were both with the same Windows RPC service and yet that didn't make the list at all. MS Blaster was an exploit of the RPC vulnerability.
And does the operating system or particular service(s) dictate this architecture to a certain extent?"
The operating system, particular services, capacity, load and reliability requirements dictate the architecture completely. Every situation is different and they all need to be evaluated based on the metrics of that particular situation. For a small ten user office, I would think nothing of hosting DNS, DHCP, web proxy, email, file storage, print server, SQL database and maybe more on a single box but, if that same office had a large SQL databse and the SQL application was the core of their business, I would put it on its own box.
The same holds true on much larger networks too. There will be situations where you can and will run a mail server and DNS server with 2000 users on the same box and there will be others that will only allow 1000 users on the box and no other services besides mail. Or perhaps the individual requirements will require no more than 100 users on a box and that box needs to be part of a fault tollerant cluster to guarantee uptime.
This sizing and design is what network architects figure out before a network is built. They figure out what the requirements are, the loads that those requirements will create, the level of service that is required, projected growth, business continuity and fault tollerance and then they match all of this to the appropriate hardware to accomplish these requirements. Every design is unique and there is no silver bullet.
I don't mean to be offensive here but you do not state what your qualifications with regard to IT are so, I must ask are you qualified to evaluate and judge the competence of your IT department and their procedures?
You see, I frequently run into middle and upper level managers that pose the same questions and issues that you do. They have decided that their files are the most important thing in the world and that the IT department is incompetent because they do not seem responsive to said managers' queries or concerns. But, in spite of the managers' feelings on the matter, I rarely see a situation where the IT department is truly incompetent or is doing a poor job on security. What is really happening is that the managers are not qualified to evaluate the IT departments procedures and that said departments become "unresponsive" to these managers after a while of hearing the mistrust and false accusations from someone unqualified to judge.
The fact is that most file servers offer most of the features that you are asking about. Most file servers(Windows NT-2003, Netware, Unix) have very good security measures that allow compartmentalized access, the ability to recover an account and its files when the user is hit by a bus, extensive access logging and auditing, the ability for the file's owner to assign other users access permissions, the ability to handle very large files, potentially secure access control via user ID and password, and more. Most newer ones will allow you to encrypt individual files, directories or even entire disks to further restrict access although this can interfere with work when multiple users are involved. Also, most file servers from within the past decade can support two factor security schemes that utilize one time password key fobs or even biometrics like thumb print scanners(which I find preferable to key fobs that can be lost or stolen).
The most contrary item on your list of requirements is the ability to take home large files. This is a gaping hole in any security system and if the files are so terribly valuable, your company should implement measures to make sure that taking these files anywhere form the server is impossible, or at least extremely difficult. Why would you implement an elaborate security system and the have the files walking out the door on a disk or tape? (As I think about it, Microsoft claims that this can be done securely under their Trust Computing and DRM plan. But, I won't buy into it.)
In the end the question returns, are you actually qualified to evaluate and judge the IT department's processes and procedures or are you feeling dejected because they are "unresponsive" to your individual needs? One final note about your IT department's pride in their antiquated network. There are several systems out there that although old are still more than capable of doing their job and are indeed quite secure. DEC Vax systems running LAT can be completely secure from both external and internal attack. The same can be said for Novell systems when they rely on the IPX protocol. In spite of your obvious dislike and mistrust of your IT department, it is entirely possible that they are truly very secure with their outdated network.
Yes it certainly could. It could cause them to stop playing or "skip" frequently when they are being used in bumpy environments like cars, joggers, etc.
Could you explain to me exactly who the lot of companies are? It is my belief that corporations as a whole will either not care at all or will regard this as a very good and important feature that will allow their operating system of choice(Windows) to operate more reliably and securely thanks to DRM and Trusted Computing blah blah blah
Most corporations will welcome this with open arms.
Now, I will not even require an OS in order to contract and spread viruses and worms.
It's only a matter of time before Microsoft's superior technology inovators develop a compression algorythm that will allow them to stuff all of Windows XP/2003 into the BIOS chip. Then they will really have a lock on the PC industry.
33Mhz X 32 bit PCI = 1 Gigabit 66Mhz X 32 bit PCI = 2 Gigabit 66Mhz X 64 bit PCI = 4 Gigabit
Actual throughput for each of these bus types is a bit less than the theoretical values above. However, having multiple 54Mbps cards on a single 33Mhz PCI bus should not be a problem from a bandwidth perspective.
The thought of relying on a standard PC to drive/frame/time/switch a DS3 makes me nervous. There is a lot to be said for Application Specific Integrated Circuits(ASICs), which is what the Cisco uses.
Cisco's routers are expensive. Perhaps Nortel, Juniper, Foundry, Fore, Riverstone, etc might be less expensive but offer similar functionality and reliability.
How many channels are actually needed from the DS3? A Cisco 3600 can drive up to 12Mbps on a HSSI interface and would cost a lot less the $30,000 but, you couldn't go beyond 12 Mbps.
How much does a DS3 cost you? In my area, the monthly cost of such a circuit is such that a one time cost of $30,000 for hardware is really no big deal.
Not quite so bad as you describe. The voice regocnition system does and will work in a very similar fashion as is used when conversing with a human. While you might blurt out "kill the bastard" your friend, sitting next to you, would not respond to it as a command directed at them. In order to direct a command at your friend, you would say "John, kill the bastard". In this case saying the persons name, obviously, alerts them that you are directing your conversation at them.
Computer voice recognition works in a similar fashion. The computer waits for a keyword or trigger before it accepts input directed at it. So you would say, "Computer, kill the bastard". Saying the keyword "Computer" alerts the computer that this is an istruction that is directed at it rather just some background noise or other conversation that it is not expected to act upon.
This brings us to the keyword itself. Depending on the environment using "Computer" as the keyword or trigger may not be a good choice. For instance in an IT environment the word computer is likely to come up often which would cause undesirable commands to be arbitrarily executed in a voice recognition situation. Similar problems occur today in home automation environments where people name their automation system(set the trigger) to a word that is too often used in the course of a normal converstation, like a friend's or pet's name. This causes undesirable results or a confused system. Instead they must choose a name that is both pleasing to them and is unlikely to be used in the home for any other reason than addressing the automation system.
Slashdot Mirror
There were 7 updates yesterday!
And none of those updates covered the RPC vulnerability, again! That's right the Microsoft RPC vulnerability that has already been patched twice is STILL vulnerable and an exploit exists. Word is that Microsoft has been informed but, as usual, no word from Microsoft yet. The notification was sent 10 days ago.
So much for 24 hour patches. On the other hand, I must admit that I have no desire to reboot my servers every 24 hours so, it's just as well that Bill isn't as fast as he says he is.
I wonder if they will actually fix RPC on the third attempt.
I can't help thinking that it would be cheaper to subsidise in-car satnav units with traffic avoidance than building new freeways.
The population is growing. The number of cars on the road is increasing dramatically. How do you think you will be able to avoid the traffic when all of the roads are full? There is no way to reduce congestion without building new roads unless, you somehow restrict the number of cars.
Of course this is another headache for admins still patching for last month's RPC flaw."
That RPC flaw, patched twice so far, is actually still vulnerable. That's right the RPC service will require a third patch.
Security experts have discovered that a vulnerability still exists in the Microsoft RPC service. Furthermore, an exploit has been developed as a proof of concept. The results have been reported to Microsoft but, as yet they have not responded publicly. So, be on the look out for yet another RPC security bulletin from Microsoft. Hopefully, coming soon.
This story showed up on The Register a couple of days ago and then Newsforge cited The Reg article after that. But, as yet I have not seen anyone else report it or corroborate the story. It would be really great if some "News" site were to investigate the validity of this story.
This bill would require that you prove that the insurance company denied you coverage because of your DNA rather than some other reason of their choosing. It doesn't deny them the ability to see or maintain records of your DNA which is what we really need.
With this bill it would be no problem for an insurance company to deny you coverage based on your DNA but, tell you it is due to them having reached their quota for your age/gender/geographic region/past claims.
The law needs to say that they cannot see your genome and they definitely cannot record it. There is no reason for anyone but your doctor and his lab to have it.
It would be a lot nicer if they had included some technical details on this. 10Gbps links are available, though not common. Indeed, they are presently improving the quality and price of 40Gbps equipment.
But, how does one drive the data at 5, 10 or 40 Gbps. These speeds are not a big deal for network switching gear but it is a big deal for a PC. The fastest PCI bus that I have seen maxes out a under 5Gbps and there aren't any disk drives that can offer that sort of throughput. Then one has to wonder how they got a 10Gbps trans-oceanic link. Who is the carrier?
Make of it what you will but, lately there has been a big push to get away from the AOL moniker. In the past few days Time Warner has dropped the AOL name and is changing its stock symbol from AOL.
Now AOL is announcing new services but they too are avoiding the AOL name. What's next? Rename AOL to AISP or The Internet?
One of the features that they cite is "File names can now be intuitively renamed", referring to clicking on the name slowly, ala Windows. Was right click -> Rename not intuitive enough?
Yes, I see the difference. Do you?
In the case of Sysinternals, a couple of students figured out how to mount NTFS partitions for reading and later for writing. They decided that the writable version had value and built a company to sell that version. This is rather like the Yahoo! story where, a couple of students developed a search engine and built a company around it.
In the case of the Linux community, a whole bunch of guys said: "It's undocumented and it's too hard to figure out without the documentation. Besides, Microsoft keeps changing the spec so, there isn't any point in putting much effort into it. Use Ext3 instead."
The thing is that there are others that have also figured it out. Look at all the imaging software that can read and write NTFS partitions. I know that some simply do sector copying but some actually read and write the NTFS file system itself.
The state of NTFS support in Linux is very similar to the way it use to be with Winmodem drivers. For years Linux developers and users berated modem manufacturers for making Winmodems. The story was that Winmodems could NEVER work on Linux. They were undocumented and they were built specifically for MS Windows blah blah blah. But here we are today and, surprise surprise, Winmodems can and do work under Linux. All it took was for someone to figure out how to write the driver.
My DOS boot floppy has no trouble accessing NTFS partitions and it has no .dlls on the floppy.
Last time I checked it was still "experimental" "dangerous" "data loss" blah blah blah.
How about NTFS support that you can really use. I want to be able to treat an NTFS partition no differently than an ext2 partition. Also, the whining about it's undocumented and "Microsoft keeps changing the spec" hasn't affected these guys any. They managed to figure it out on their own and created a company to sell their DOS version and several other versions with full NTFS read and write support. It has been available for years.
Yeah, I posted this about a week ago, I've figured it out since then. I wasn't expecting slashdot to actually approve this.
You asked a lpd 101 question that could easily have been Googled, which is an invitation for flames. But, you submitted a question to askSlashdot, with the intent of it NOT being posted? That's asinine.
If you didn't want it posted, you should not have submitted it. The fact that you are getting flamed now is your own fault and telling people to "go to hell" is just inviting more flames.
But, then again, maybe you have pulled off the ultimate troll. If so, you got me.
The number two Unix vulnerability was RPC, which I was not aware of. However, the last two major windows vulnerabilities were both with the same Windows RPC service and yet that didn't make the list at all. MS Blaster was an exploit of the RPC vulnerability.
And does the operating system or particular service(s) dictate this architecture to a certain extent?"
The operating system, particular services, capacity, load and reliability requirements dictate the architecture completely. Every situation is different and they all need to be evaluated based on the metrics of that particular situation. For a small ten user office, I would think nothing of hosting DNS, DHCP, web proxy, email, file storage, print server, SQL database and maybe more on a single box but, if that same office had a large SQL databse and the SQL application was the core of their business, I would put it on its own box.
The same holds true on much larger networks too. There will be situations where you can and will run a mail server and DNS server with 2000 users on the same box and there will be others that will only allow 1000 users on the box and no other services besides mail. Or perhaps the individual requirements will require no more than 100 users on a box and that box needs to be part of a fault tollerant cluster to guarantee uptime.
This sizing and design is what network architects figure out before a network is built. They figure out what the requirements are, the loads that those requirements will create, the level of service that is required, projected growth, business continuity and fault tollerance and then they match all of this to the appropriate hardware to accomplish these requirements. Every design is unique and there is no silver bullet.
I don't mean to be offensive here but you do not state what your qualifications with regard to IT are so, I must ask are you qualified to evaluate and judge the competence of your IT department and their procedures?
You see, I frequently run into middle and upper level managers that pose the same questions and issues that you do. They have decided that their files are the most important thing in the world and that the IT department is incompetent because they do not seem responsive to said managers' queries or concerns. But, in spite of the managers' feelings on the matter, I rarely see a situation where the IT department is truly incompetent or is doing a poor job on security. What is really happening is that the managers are not qualified to evaluate the IT departments procedures and that said departments become "unresponsive" to these managers after a while of hearing the mistrust and false accusations from someone unqualified to judge.
The fact is that most file servers offer most of the features that you are asking about. Most file servers(Windows NT-2003, Netware, Unix) have very good security measures that allow compartmentalized access, the ability to recover an account and its files when the user is hit by a bus, extensive access logging and auditing, the ability for the file's owner to assign other users access permissions, the ability to handle very large files, potentially secure access control via user ID and password, and more. Most newer ones will allow you to encrypt individual files, directories or even entire disks to further restrict access although this can interfere with work when multiple users are involved. Also, most file servers from within the past decade can support two factor security schemes that utilize one time password key fobs or even biometrics like thumb print scanners(which I find preferable to key fobs that can be lost or stolen).
The most contrary item on your list of requirements is the ability to take home large files. This is a gaping hole in any security system and if the files are so terribly valuable, your company should implement measures to make sure that taking these files anywhere form the server is impossible, or at least extremely difficult. Why would you implement an elaborate security system and the have the files walking out the door on a disk or tape? (As I think about it, Microsoft claims that this can be done securely under their Trust Computing and DRM plan. But, I won't buy into it.)
In the end the question returns, are you actually qualified to evaluate and judge the IT department's processes and procedures or are you feeling dejected because they are "unresponsive" to your individual needs? One final note about your IT department's pride in their antiquated network. There are several systems out there that although old are still more than capable of doing their job and are indeed quite secure. DEC Vax systems running LAT can be completely secure from both external and internal attack. The same can be said for Novell systems when they rely on the IPX protocol. In spite of your obvious dislike and mistrust of your IT department, it is entirely possible that they are truly very secure with their outdated network.
Yes it certainly could. It could cause them to stop playing or "skip" frequently when they are being used in bumpy environments like cars, joggers, etc.
Could you explain to me exactly who the lot of companies are? It is my belief that corporations as a whole will either not care at all or will regard this as a very good and important feature that will allow their operating system of choice(Windows) to operate more reliably and securely thanks to DRM and Trusted Computing blah blah blah
Most corporations will welcome this with open arms.
Now, I will not even require an OS in order to contract and spread viruses and worms.
It's only a matter of time before Microsoft's superior technology inovators develop a compression algorythm that will allow them to stuff all of Windows XP/2003 into the BIOS chip. Then they will really have a lock on the PC industry.
Hello Bob. I hear that you graduated from Harvard/Berkley/MIT/UVA, that's great!
or
Hello Bob. I hear that you graduated from the University of Phoenix online school. Tell me about that. Zzzzzz
33Mhz X 32 bit PCI = 1 Gigabit
66Mhz X 32 bit PCI = 2 Gigabit
66Mhz X 64 bit PCI = 4 Gigabit
Actual throughput for each of these bus types is a bit less than the theoretical values above. However, having multiple 54Mbps cards on a single 33Mhz PCI bus should not be a problem from a bandwidth perspective.
PCI Adapter
PCI Adapter
Linux Router Page
The thought of relying on a standard PC to drive/frame/time/switch a DS3 makes me nervous. There is a lot to be said for Application Specific Integrated Circuits(ASICs), which is what the Cisco uses.
Cisco's routers are expensive. Perhaps Nortel, Juniper, Foundry, Fore, Riverstone, etc might be less expensive but offer similar functionality and reliability.
How many channels are actually needed from the DS3? A Cisco 3600 can drive up to 12Mbps on a HSSI interface and would cost a lot less the $30,000 but, you couldn't go beyond 12 Mbps.
How much does a DS3 cost you? In my area, the monthly cost of such a circuit is such that a one time cost of $30,000 for hardware is really no big deal.
But, that never stopped me from always saying it.
Not quite so bad as you describe. The voice regocnition system does and will work in a very similar fashion as is used when conversing with a human. While you might blurt out "kill the bastard" your friend, sitting next to you, would not respond to it as a command directed at them. In order to direct a command at your friend, you would say "John, kill the bastard". In this case saying the persons name, obviously, alerts them that you are directing your conversation at them.
Computer voice recognition works in a similar fashion. The computer waits for a keyword or trigger before it accepts input directed at it. So you would say, "Computer, kill the bastard". Saying the keyword "Computer" alerts the computer that this is an istruction that is directed at it rather just some background noise or other conversation that it is not expected to act upon.
This brings us to the keyword itself. Depending on the environment using "Computer" as the keyword or trigger may not be a good choice. For instance in an IT environment the word computer is likely to come up often which would cause undesirable commands to be arbitrarily executed in a voice recognition situation. Similar problems occur today in home automation environments where people name their automation system(set the trigger) to a word that is too often used in the course of a normal converstation, like a friend's or pet's name. This causes undesirable results or a confused system. Instead they must choose a name that is both pleasing to them and is unlikely to be used in the home for any other reason than addressing the automation system.
Natural Language Processing or voice recognition.
I guess that there are still those amongst us that insist on trying to supplement their inadequacies by babbling in acronyms.
I've always said that if you think it's cool or leet to speak using acronyms, you should go all out and speak in hieroglyphics.