Unfortunately, with only a single battery, there just aren't any laptops that can last 5 hours with "normal operation", unless "normal operation" is just some light typing.
That's why I said extended batteries are acceptable. I own a Lenovo X61 tablet, and can operate it for a little over 5 hours on battery with the extended life battery that clips into the docking port. My operation includes writing code in the terminal using vim, while streaming from Pandora via Wi-Fi for my listening pleasure.
So, it may not be possible for gamers or movie lovers, but it works for me. YMMV
A laptop that cannot hold a charge over the length of a domestic flight is not particularly useful, in this case. I know it is a personal preference, but these 17" laptops that can only operate for 2 hours on a battery are really nothing more than an expensive desktop machine with a fancy UPS.
My personal requirements are to not own a laptop that cannot last at least 5 hours on a battery during normal operation. Extended life batteries are allowed. This limits my options, but portability is my top priority.
They've been promising us "instant-on" PCs forever. The technology is there now, but as Bruce Schneier indicates "... the current crop of major operating systems just don't" (from Freakonomics Q&A. I'll believe it when I see it. I'm from Missouri, so you'll have to Show-Me!
Actually, it was the MO National Guard network. It was tied in with MOREnet, but we had dedicated links. They have since replaced the entire infrastructure with a state-wide ethernet drop to all locations and a single provider.
"Your actual T1 won't go down because of things like rain, nearby lightning, electrical interference, etc."
That's not entirely true. I worked as a WAN manager for a while and maintained our WAN links (as the title would suggest;-) to over 60 different sites spread across the state of MO (we're in the middle of the US:). Everytime we had a severe storm, flash floods, or what-have-you, I would spend the next 24 - 48 hours contacting Sprint Long Distance, MCI, Southwestern Bell, Verizon, and/or CenturyTel trying to get our network links back up. We would always run through the same routine of making sure our sites had power, the equipment was on, etc. Then one phone company would blame it on another because it was a local POP issue, not the overall circuit problem.
Also, with the ISP's over-subscribing the T1s: those are called shared or fractional T1s. If you're paying for a full T1, then you are getting all 24 channels (or 30 if it's an E1).
We use 802.11a wireless where I work, and it is actually more secure than our wired network. (see newer post about specifics of our solution) The Wi-Fi network is first secured on Layer 2 using a shared secret and then being authorized by a central access server. It is then secured on layer 3 using WPA2. Our traffic on the wired network isn't encrypted at all, so I see that as less secure, as an eays MAC spoofing grants you access. On the wireless, connections between wireless devices is explicity denied, so you can't talk to your peers. We're looking to migrate to a standards compliant 802.11i solution, but we are currently using AirFortress for the layer 2 encryption. And if that isn't enough, there are wireless IDS/IPS devices that can actively deny service to unauthorized wireless devices using radio interference and other DoS methods.
I just recently stopped working for a government agency and I was responsible for managing port security on about 6000 ports. Our current end-game solution is to use 802.1x, however due to certain regulations, our agency couldn't operate a CA, so we couldn't feasibly request a new certificate for each host everytime one completes an accreditation process. But we were implementing everything else until we could get there.
Our short term solution is to standup a RADIUS server and use it for port-security. This isn't quite as good as 802.1x, but provides the same level of scalability without going as much in-depth. You bascially have your switches (assuming they have this ability) check the radius server for allowed MACs. This works the same as the MAC ACLs, but is centrally managed. We haven't gotten that far yet either, as we didn't have a RADIUS server. (more stupid regulations that make that a headache)
So, the current process is to manually change the MAC address on each port on each switch. We initially turn on port-security on the switches, and for the newer ones (Cisco 3550/3560/3750) once we determine that all the users are on that need to be on, we drop all other ports into a dead-end VLAN that has no access. The remaining ports we drop into our data vlan (we also have dedicated vlans for voice, wireless, video, and infrastructure management). Once we've established that, we secure the MACs to the ports. All port security violations are logged to a syslog server and the switches are set to restrict access. This prevents useless work of re-opening ports when some user decides to plug-in their home machine to download the latest Linux ISOs or torrents. For further changes (i.e. when a new machine gets put on the network), a call is made to the helpdesk which routes the ticket to the networking team (that's me) and I unlock the port. We then have to notify the security team, which scans the machine for vulnerabilities and applies patches as needed. After that, it is managed by WSUS and SMS.
Now this sounds very tedious, but it isn't that difficult to manage. For the last 2 months, I managed all port security by myself, as well as down network links, some remote office firewalls, and new switch installs. Port security helpdesk tickets were typically closed within 2 hours of the request (assuming the helpdesk tells me about them). As a bonus, and because I'm lazy, I wrote some scripts for WSH that will connect to a switch, get a listing of all port-security information, compare it to DHCP leases on Windows servers, and output a table that shows which host is on which port. I also expanded this for use on WAN links where it will recursively access all switches at a site, stopping when it reaches a router and display the same information on a per-switch basis. A pretty handy report. Useful for telling you which hosts aren't using DHCP (so you can ensure they belong there). The only real requirements for this to work are that the switches use CDP on infrastructure links and they support ssh. You also have to have a CLI ssh client that supports putting the password on the command line (or certificate based auth if you can set that up, I don't think Cisco devices support it, although I think kerberos works:)
Having the source to even a large program can be incredibly useful. Obtaining the source would lead to a higher level of understanding of the way Pix firewalls work. Knowing exactly how it is coded, being a closed-source product, you would now have the possiblity to have exclusive knowledge to flaws in the code.
Now, one hacker trying to sort through all of the code by oneself could take a very long while, unless it is well documented. Consider the possiblity that a hacker group acquired it. Say 12 hackers. You could divide it up and find flaws much quicker.
Given the wide use of Pix firewalls, it could end up being a skeleton key to thousands of corporate networks, assuming of course that it is the real deal.
Columbus was a greedy spaniard (PC DISCLAIMER: no offense to you greedy spaniards out there, not that all spaniards are greedy.:-D) and had no idea he had found a new continent. He was looking for a cheaper way to get to the East Indies so that he could profit by selling spices. He then found gold and the greed fed on him. Anyway, to actually correct your "facts", America was named after Americus Vespucius in 1507, a year after Columbus's death (1506).
Just thought I'd clear up a little history that people don't know before it gets rewritten again.:-D
Those of us that can not pick up and leave when we wish are slaves to our jobs. I lived with this mentality for several years, but I was then wrongly and illegally fired. It was the best thing that company ever did for me, though. Now, if I feel that the job is getting in the way of life and my bosses don't want to make changes, I'll leave. I could easily switch from coding to anything else. I still code in my free time and give to the coding community, but I could be just as happy doing manual labor. It's all what you make of it. And if you have a desire to change, only you set your limits of how far you will go and what you will achieve.
As far as children, obviously you are not a parent. I am not either, but I am an uncle and I love my niece more than anything. I know that that love will be much more once I, myself, am a father.
Okay, Trillian is just swell, with the exception that AOL constantly tries to block it. Why? I don't have a friggin' clue.
But!! Gaim is much better. It has never suffered to the blocking that Trillian does AND it is now available for Windows. Although, Gaim is still best used under *NIX.:-p
I ran Seek42 at Northwest Missouri State last year. This system runs at University of Missouri-Rolla and the university supports it. At Northwest however, they didn't tell me to turn it off. They deactivated my port and then sent me a summons. I was charged with copyright infringement, aiding in mass copyright infringement, and running a webserver in my dorm room. After presenting my case to the board, everyone on the board was VERY interested and supported my implementation of it, but I understand they had a job to do. I was found in violation of only running a web server in my room. (Yes, I knew this was a violation before I started I originally started this up there as a proof-of-concept project. I just wanted to know that I could get it to work up there. They've got a crazy network anyway.
In the end, I got a $50 fine and banned from network usage until Dec 30, 2002. It's not fair, but that's life I guess.
Slashdot Mirror
Unfortunately, with only a single battery, there just aren't any laptops that can last 5 hours with "normal operation", unless "normal operation" is just some light typing.
That's why I said extended batteries are acceptable. I own a Lenovo X61 tablet, and can operate it for a little over 5 hours on battery with the extended life battery that clips into the docking port. My operation includes writing code in the terminal using vim, while streaming from Pandora via Wi-Fi for my listening pleasure.
So, it may not be possible for gamers or movie lovers, but it works for me. YMMV
A laptop that cannot hold a charge over the length of a domestic flight is not particularly useful, in this case. I know it is a personal preference, but these 17" laptops that can only operate for 2 hours on a battery are really nothing more than an expensive desktop machine with a fancy UPS.
My personal requirements are to not own a laptop that cannot last at least 5 hours on a battery during normal operation. Extended life batteries are allowed. This limits my options, but portability is my top priority.
They've been promising us "instant-on" PCs forever. The technology is there now, but as Bruce Schneier indicates "... the current crop of major operating systems just don't" (from Freakonomics Q&A. I'll believe it when I see it. I'm from Missouri, so you'll have to Show-Me!
Actually, it was the MO National Guard network. It was tied in with MOREnet, but we had dedicated links. They have since replaced the entire infrastructure with a state-wide ethernet drop to all locations and a single provider.
"Your actual T1 won't go down because of things like rain, nearby lightning, electrical interference, etc."
;-) to over 60 different sites spread across the state of MO (we're in the middle of the US :). Everytime we had a severe storm, flash floods, or what-have-you, I would spend the next 24 - 48 hours contacting Sprint Long Distance, MCI, Southwestern Bell, Verizon, and/or CenturyTel trying to get our network links back up. We would always run through the same routine of making sure our sites had power, the equipment was on, etc. Then one phone company would blame it on another because it was a local POP issue, not the overall circuit problem.
That's not entirely true. I worked as a WAN manager for a while and maintained our WAN links (as the title would suggest
Also, with the ISP's over-subscribing the T1s: those are called shared or fractional T1s. If you're paying for a full T1, then you are getting all 24 channels (or 30 if it's an E1).
We use 802.11a wireless where I work, and it is actually more secure than our wired network. (see newer post about specifics of our solution) The Wi-Fi network is first secured on Layer 2 using a shared secret and then being authorized by a central access server. It is then secured on layer 3 using WPA2. Our traffic on the wired network isn't encrypted at all, so I see that as less secure, as an eays MAC spoofing grants you access. On the wireless, connections between wireless devices is explicity denied, so you can't talk to your peers. We're looking to migrate to a standards compliant 802.11i solution, but we are currently using AirFortress for the layer 2 encryption. And if that isn't enough, there are wireless IDS/IPS devices that can actively deny service to unauthorized wireless devices using radio interference and other DoS methods.
I just recently stopped working for a government agency and I was responsible for managing port security on about 6000 ports. Our current end-game solution is to use 802.1x, however due to certain regulations, our agency couldn't operate a CA, so we couldn't feasibly request a new certificate for each host everytime one completes an accreditation process. But we were implementing everything else until we could get there.
:)
Our short term solution is to standup a RADIUS server and use it for port-security. This isn't quite as good as 802.1x, but provides the same level of scalability without going as much in-depth. You bascially have your switches (assuming they have this ability) check the radius server for allowed MACs. This works the same as the MAC ACLs, but is centrally managed. We haven't gotten that far yet either, as we didn't have a RADIUS server. (more stupid regulations that make that a headache)
So, the current process is to manually change the MAC address on each port on each switch. We initially turn on port-security on the switches, and for the newer ones (Cisco 3550/3560/3750) once we determine that all the users are on that need to be on, we drop all other ports into a dead-end VLAN that has no access. The remaining ports we drop into our data vlan (we also have dedicated vlans for voice, wireless, video, and infrastructure management). Once we've established that, we secure the MACs to the ports. All port security violations are logged to a syslog server and the switches are set to restrict access. This prevents useless work of re-opening ports when some user decides to plug-in their home machine to download the latest Linux ISOs or torrents. For further changes (i.e. when a new machine gets put on the network), a call is made to the helpdesk which routes the ticket to the networking team (that's me) and I unlock the port. We then have to notify the security team, which scans the machine for vulnerabilities and applies patches as needed. After that, it is managed by WSUS and SMS.
Now this sounds very tedious, but it isn't that difficult to manage. For the last 2 months, I managed all port security by myself, as well as down network links, some remote office firewalls, and new switch installs. Port security helpdesk tickets were typically closed within 2 hours of the request (assuming the helpdesk tells me about them). As a bonus, and because I'm lazy, I wrote some scripts for WSH that will connect to a switch, get a listing of all port-security information, compare it to DHCP leases on Windows servers, and output a table that shows which host is on which port. I also expanded this for use on WAN links where it will recursively access all switches at a site, stopping when it reaches a router and display the same information on a per-switch basis. A pretty handy report. Useful for telling you which hosts aren't using DHCP (so you can ensure they belong there). The only real requirements for this to work are that the switches use CDP on infrastructure links and they support ssh. You also have to have a CLI ssh client that supports putting the password on the command line (or certificate based auth if you can set that up, I don't think Cisco devices support it, although I think kerberos works
I disagree with the above statement.
Having the source to even a large program can be incredibly useful. Obtaining the source would lead to a higher level of understanding of the way Pix firewalls work. Knowing exactly how it is coded, being a closed-source product, you would now have the possiblity to have exclusive knowledge to flaws in the code.
Now, one hacker trying to sort through all of the code by oneself could take a very long while, unless it is well documented. Consider the possiblity that a hacker group acquired it. Say 12 hackers. You could divide it up and find flaws much quicker.
Given the wide use of Pix firewalls, it could end up being a skeleton key to thousands of corporate networks, assuming of course that it is the real deal.
All code has at least one bug...
Stimpy you EEEDIOT!!!
Columbus was a greedy spaniard (PC DISCLAIMER: no offense to you greedy spaniards out there, not that all spaniards are greedy. :-D) and had no idea he had found a new continent. He was looking for a cheaper way to get to the East Indies so that he could profit by selling spices. He then found gold and the greed fed on him. Anyway, to actually correct your "facts", America was named after Americus Vespucius in 1507, a year after Columbus's death (1506).
Just thought I'd clear up a little history that people don't know before it gets rewritten again. :-D
Those of us that can not pick up and leave when we wish are slaves to our jobs. I lived with this mentality for several years, but I was then wrongly and illegally fired. It was the best thing that company ever did for me, though. Now, if I feel that the job is getting in the way of life and my bosses don't want to make changes, I'll leave. I could easily switch from coding to anything else. I still code in my free time and give to the coding community, but I could be just as happy doing manual labor. It's all what you make of it. And if you have a desire to change, only you set your limits of how far you will go and what you will achieve.
As far as children, obviously you are not a parent. I am not either, but I am an uncle and I love my niece more than anything. I know that that love will be much more once I, myself, am a father.
Okay, Trillian is just swell, with the exception that AOL constantly tries to block it. Why? I don't have a friggin' clue.
:-p
But!! Gaim is much better. It has never suffered to the blocking that Trillian does AND it is now available for Windows. Although, Gaim is still best used under *NIX.
I ran Seek42 at Northwest Missouri State last year. This system runs at University of Missouri-Rolla and the university supports it. At Northwest however, they didn't tell me to turn it off. They deactivated my port and then sent me a summons. I was charged with copyright infringement, aiding in mass copyright infringement, and running a webserver in my dorm room. After presenting my case to the board, everyone on the board was VERY interested and supported my implementation of it, but I understand they had a job to do. I was found in violation of only running a web server in my room. (Yes, I knew this was a violation before I started I originally started this up there as a proof-of-concept project. I just wanted to know that I could get it to work up there. They've got a crazy network anyway. In the end, I got a $50 fine and banned from network usage until Dec 30, 2002. It's not fair, but that's life I guess.