I don't know how much or how little companies contribute to FreeBSD, but it doesn't look like they throw much in. They are trying to raise $300,000 for the *year* (http://www.freebsdfoundation.org/donate/). A company like Apple or Yahoo or Juniper or others that rely on it probably spend many times more than that on coffee. I hope that there is a lot I don't know about to help fund it (along with the other BSDs, Linux, and open source projects in general, for that matter), and there probably is, but being more public about it would be a nice change if that is the case. Quite a few companies have built themselves on top of BSD development--seems like they would want to see it continue to prosper.
I'm neither a developer or a rich guy, but FreeBSD and OpenBSD have saved my ass so many times I make sure to throw a few bucks their way every year. I do like Linux (particularly Gentoo and Ubuntu), and for bleeding edge things especially, Linux is awesome. But BSD is (for me) so simple, extremely stable, uber-easy to maintain, and crazy fast. For an average chump like me who needs a Unix platform to work and work well, BSD is very hard to beat. And PC-BSD has been very impressive to a lot of my Linux-user friends.
Insofar as BSD desktop deployments, no, I haven't really seen them and I doubt there are that many (besides the obvious of Apple;-). But I would very much encourage looking into them. PC-BSD makes it very easy. I did three thin client deployments for schools in the area as a favor to my mother (she's a teacher) and it's been a godsend for them. We often used ancient hardware that was about to be thrown away and stood them up in one or two weekends (biggest one was 42 thin clients). No AV software required, centrally managed, lickety-splickety fast, and all the kids needed was a browser (Firefox), a video player (VLC) and basic documents (OpenOffice), so it was a perfect fit.
Probably the coolest part was showing the High School dorks how to maintain it and install apps (when I showed them how to update and compile a kernel, they acted like they were looking at The Matrix:-). So give it a try. Like I say to women: 'It won't take that long and, who knows? You just might like it.'
This could be an interesting conversation, but Ranum makes it almost impossible to take seriously (or enjoy). I cannot--and would not--take away from his accomplishments, but his talking points sound like they came from a magic 8-ball or a doll that talks when you pull the string. "Keep the horses in the barn" and "don't mix production with non-production" and "I before E, except after C"....blech. What a douche nozzle.
I'm not British, but I'm sure we American's brought over "contempt of court" from Britain as a ruling a judge can sentence a defendant with. If it's Super-Crime-Boss-John and he has everything encrypted on his computer then says "Gosh, forgot the password, don't know why I would have encrypted it anyway--nothing but email from Mom on the PC," an American judge will charge him with of contempt of court 99 times out of 100 and put him in jail unless and until he wants to change his mind (within reason). Meanwhile (if serious enough, anyway) you can get some dudes to brute force it open and, besides, they can take all the time they want to do it since John is sitting his contemptous ass in jail. I can't imagine it too terribly different in the UK. Perhaps Brits sometimes suffer from the same disease as Yanks wherein they don't use the laws they have and create unnecessary controversy from over-reaching politicians deperate to get recognition.
Delicious! The firewall piece is just brilliant, isn't it? Hell, put in a baker's dozen firewalls. Then it will be *really* secure--Ft. Knox, Baby!
One has to wonder how these nanny apes think putting a firewall in front of and/or behind a wireless access point--or on the PC for that matter--helps anything. The whole point of sniffing on wireless networks is to sniff traffic that (gasp!) is going through a radio signal, last I heard. And people, ummm, connect directly to it. It's like putting a pack of ninjas in front of a radio tower to keep people from picking up the signal.
Besides, anyone idiotic enough to send personal info in a phukin email or unsecured web site should be flogged in front of their parents. My mother knows not to do that and she can barely get past turning a computer on. Meanwhile, businesses there have to incur extra expense and create frustration with their customers to not be in violation of this ordinance. Positively brilliant. Aren't there a couple potholes in Westchester County, NY that need attention?
Add me to the list of those who disagree--and vehemently so. We did a global rollout of Sourcefire IDS boxes at 14 different gateways and it couldn't have gone smoother. Setting them up is easier than setting up a home router, they never go down, the sales personnel were very helpful and responsive (better than any I've dealt with, actually), and the support guys have been awesome. We have a very good relationship with them.
Checkpoint on the other hand has flat out told us that they will not change broken elements of their code because "there are acceptable workarounds." Even when they were the *only* firewall vendor on earth doing things in that manner. Additionally, I haven't met a single sales person for Checkpoint that can explain their licensing model in a clear fashion. It's not because they are dumb or that they don't try, but because it is impossible to do so. Then, the really good news: Checkpoint is slooooooooow. Slow in management, slow in passing traffic, and slow to make changes to problems in their code (if you're lucky enough to get a fix to it).
By your tone and apparent affection for Checkpoint, I assume that the "large MSSP" you work for rhymes with Serivign. If not, disregard the following. If so, please know this: Sourcefire is light years ahead of your company when it comes to stability and competance. I know. I've worked with both. Perhaps the reason Sourcefire support comes off as arrogant is because they are disgusted by the fact that personnel working at a "large MSSP" shouldn't be calling them asking how to get their zipper unstuck.
Fair enough (been a while since I used it). Of course, you could just stick with rainbow crack or use CAIN (with or without rainbow tables) for free... Doesn't really matter though--whatever one is comfortable with. I liked L0pht for doing onesie-twosie checking in the past--and it's probably still good at that--I was just so bewildered with the recent law that a negative tone probably unfairly maligned the good folks at LC5. I hope it didn't come across as a flame toward LC5 to you or anyone else. Cheers!
First, the ban assumes that "terrorists" know anything about computers in the first place which, from where I sit, is an almost laughable idea. If they did, we would have been in massive pain years ago.
Second, anyone who has to crack passwords with any regularity uses rainbow tables and/or john with customized tables. They are just better tools.
Third, and most amazing to me, the ban assumes that potential terrorists are somewhere "over there" when *all* of the 9/11 hijackers had spent considerable time in North America--some had been here for years. Even if the transfer of the program overseas was able to be blocked (which is impossible, of course), WTF do they plan on doing about the hundreds of millions here now?
The earlier US ban on the export of high-level encryption began to seriously hurt and slow down American technology companies, prompting the lift of the ban. I have a feeling that should such legislation continue, similar pressure to ease restrictions will be properly and successfully applied. I'm not too terribly worried.
Largely yes, but sometimes there isn't that much of a cost advantage. What one finds, however (and this is *not* directed at you personally), is a workforce that not only can offer quality, but a populace that generally has a beautiful quality of its own: they don't bitch. They don't bitch and moan and cry and whine like children stamping their feet in the snow because it's cold and they can't ride their Big Wheel. It's sooooo nice to work with Indians. Yes, at times there is a language/accent barrier, but most of the time they just do what is asked--get it done.
I've seen the same thing with Mexican labor in the construction industry here in the American Southwest. They just do the job and, if they don't like it anymore, they leave. No hassles, no drama, just "pay me and I'll do what you tell me to do. Become an asshole, and I'll leave." That's the well-known secret, I think, Americans (and I'm one of them) can be not only expensive, but a royal pain the ass to work with sometimes. And, the other well-known secret, they are oftentimes not very good.
As an American, and a WASPy white male, and a verteran, and one who loves my mother, apple pie, and baseball, I say if guys in India can get it done for a nickel less and in a much more pleasant manner, give them the work and let the UNIX "admin" who doesn't know what to do with a file that is tar'd *and* gzip'd go flip burgers (yes, I really did meet that guy). Apparently, I'm not the only one who feels this way given this new potential need of India's.
You've already played Devil's Advocate, so document what you think the risks are/may be, then do *exactly* what he says. Once it breaks, whip out the risks you documented and explain how you did exactly what was asked of you over your stated objections. It's the only real way to do it--and rather satisfying, gotta admit.
Only older versions of *NIX use the old DES encryption algorithms for passwd hashing. MD5 is commonplace now (which allows for >8characters--up to 128 for the insane, actually--and blowfish is offered on all BSDs (blowfish has yet to be cracked, to my knowledge, while there are many MD5 crackers out there). I would imagine it is available on linux as well.
It doesn't have an "installer," it either installs the package (using perl, gcc, whatever the developer used--and will install *that* if necessary as well) or--more often, it compiles things from source automagically--including dependencies and checking MD5 hashes--and keeps a list of packages that you have installed in case you want to remove them later. As for uninstalling:
Not too terrifically difficult--and it extends to the entire OS as well. You haven't experienced opensource valhalla until you've upgraded your entire OS and every package in it with a few lines while drinking a couple beers. I suggest you give it a go.
Sorry for the potential troll, but who really likes working with Solaris (not including all those guys out there scared shitless because they make money by being Solaris admins)? Yes, Solaris is extrememly robust, very stable, threads very well, etc. The problem is that almost nobody cares.
Opensource handles server applications very, very well. Additionally, opensource applications/libraries/compilers, are developed on (gasp!) opensource operating systems. Further still, the opensource applications/libraries/compilers are exactly what many, many people want. So, reasonably, most developers and sysads don't feel it wise to use anything other than opensource operating systems.
Solaris makes sense in certain environments, no doubt--but not many. That is the point. For a massive metadirectory, sure, go Solaris on a E6K or something, for most everything else, don't. Linux and *BSD can take care of 99% of your enterprise needs for a fraction of the cost, a wider user base, more international development, more usability, less dependancy problems, etc. etc.
Yahoo, Google, Pair Networks, etc, don't use opensource because it sucks, but because it works well and fits their business model. SUN may well be around for a while, but only if no one wants to buy them.
It's not troll, but I'm afraid it's wrong. Citizens have the right of free speech, companies do not.
Thousands of laws exist in the US--federal, state, and local--regulating advertising ranging from content, mediums allowed, representation of fact, even down to the size, colors, and placement of billboards. It's a business practice, just like exchanging business cards or currency, not protected speech.
Now the ability to fairly conduct business as protected by laws regarding commerce--that's somewhat of an argument, however weak. Unfortunately for this company, they are too stupid to realize that and, more unfortunately for us, this judge doesn't either. True, an injunction isn't a final ruling on a case, but this judge is being a trifle over-cautious (if not rather stupid).
Well said. If this guy wants to preen and massage his swollen, emotional clitoris, fine. But choosing a LUG communication to publicly display it is even more pathetic than it is is ignorant.
Pescatore earns his living by studying this subject and, I dare say, may well know a couple things more about how companies battle this and what their actual costs are--maybe even more than you. Once *all* costs are figured in, the number becomes believable--meaning the labor to track down infected hosts, patch them, monitor them, go to the meetings, update the licencing for anti-virus, the lost labor for downed systems, the lost production due to downed systems, etc., etc.--it starts to add up. I wouldn't be so quick to dismiss the numbers.
Quoting Twain is charming, but unless you have statistics to counter Gartner's, I would be prone to believe them.
I agree as well. What concerns me, however, is that the new draconian legislation will try to nail him to the wall and treat Lamo as a "terrorist." Hopefully they will be reasonable adults about it if charges are formally announced and levied. But we are all going to have to admit that there are different levels of hacking just as there are different levels of theft and like-crimes.
If I walk into your house because you left the door unlocked and I walk around, look through your medicine cabinet or check out your books, then leave, that is trespassing--to be certain. But it's not the same as breaking in, killing your dog, and stealing all of your furniture. I'm not suggesting that you think the book should be thrown at him--you, like me, just don't want him snooping around uninvited. I just hope that they don't try to make a whipping boy out of this guy.
It sucks, but tough love is the answer. So long as you have offered solutions, you've done your CYA. They won't want to hear it, but--as you've pointed out--it's going to take money, period. If they want a $5 network, that's what they will get. Just make sure you give them several options with itemized costs and the pros and cons of each--including room for growth.
I feel for you, Bro--been there many times. All you can really do is try to work with what you have up to a point and then tell them that their options are (1) spend money, or (2) not have a network anymore. Once it crashes, they are more receptive to your recommendations. It *does* suck, no doubt, but think of it this way--security/network guys always have been, and always will be, hated. It's just part of the job. The objective is to be hated and respected *and* feared. Good luck.
It's going to take a combination of many things and depends upon your budget as well. The acls are an obvious step, but you will be forced to put them on pretty much all of the routers to take the burden off of the core routers--otherwise they could puke pretty quickly.
The NT login script already mentioned is pretty effective but, of course, assumes that everyone is logging on to an NT domain. Detecting infected machines and then denying DHCP services, denying proxy access, nuking them, etc., may or may not make sense depending on your network setup and how dictatorial you are allowed to be--but they are valid options depending upon how widespread the problem is and how bad your network is hurting. Passing out information and/or CDs, of course, is a must and I'm sure you've done that (some people want to do the right thing). I would try to scare them too--telling them about how they could have their computer seized by an evil dark hacker and all of their files could be stolen/corrupted, including passwords. If responsibility doesn't motivate them, sometimes concern over their 4Gigs of pr0n does.
I hesitate to say this next part because I don't want to sound like a commercial and it's not an option for today-right-now anyway, but I know of a couple universities and several companies who ditched their core routers (and most perimeter ones) and went with a commercial firewall that has the ability to not only serve the function of routers, but also has the ability to run virtual firewalls and virtual routers so that different departments can maintain their own ruleset while root-god user can make sure they are not too leniant. Combined with IDP software/appliances, it can give you the ability to stop the harmful traffic while logging infected users, then do what you will with the infected machines. If you want more information about that option for future planning, let me know because I don't want to plug a specific product. And, no, I'm not a sales guy--I just like the product. In talking to the guys who use it, when blaster and sobig came out they pretty much sat back and said, "Must suck to be those other guys."
Without trying to sound patronizing or mean, I think your configuration and/or setup is in terrible form. I've never heard of such problems, actually, so you may well have just had some bad luck--it's not impossible.
Truthfully, as one who really likes FreeBSD, I use Linux for my laptop with a vmware image of Windows so I can run the applications I need for work. GNU/Linux is just better at that sort of thing because there is more support and people willing to contribute to the code. I also use OpenBSD and Solaris and OSX. It just depends on what you want and what you are looking for.
As to your question regarding why anyone would choose BSD, ask Yahoo, ask Pair Networks, ask NYInet, or little ol' me--it absolutely screams as a server. Very stable, very secure, and there is a consistent structure to it. There aren't several major, and dozens of smaller, distros. And the different BSDs compliment each other well without animosity, which leads to the next point.
The culture is much more, well, mature. There aren't too many 15 year olds using *BSD with Bill Gates' face on a dartboard. If xine or quake under wine is working too well, who really cares? It seems to be a user community more interested in making servers work--period. Tux Racer and other stuff is great and not without value, but Yahoo isn't interested in that--and neither are many of us.
Take it easy, dude, he didn't deserve to be yelled at...
Anyway, I don't think that the umpire will ever be rid of. Still need a guy there to handle the game, call an out at home, throw the balls out to the pitcher, etc. It will co-exist one day with the home plate ump one day. Tennis umps cried and moaned for a long time too until it became obvious that having a human being tell you that the ball hit the tape is a waste of money and having a human being watch to see if an object travelling at 100mph+ (and moving while in flight) missed a line by a fraction of an inch is prone to errors. Baseball will discover it themselves soon enough (I hope).
But I was in the Army;-). I didn't mean to make a broad sweep of the military personnel, Captain. But I do know how it feels to be thrown at a multi-million dollar machine with a dusty book and told, "well, there it is." I was not in the slightest prepared to do my job because the training was a blanket "You'll probably only use 5-10% of this" approach. Turns out I used about 2% and the rest I just had to figure out.
I know, as well, that a butter-bar not being able to use Power Point or a Major not being able to figure out his email client is *big deal.* I understand it to a point, but I think we would both agree that using systems that keep people alive and information secure is more important than the fluffy stuff. Largely, from my experience, mission critical stuff was on systems that worked more than systems that were cute and peppy--and thankfully so. The problem I saw was that the troops didn't have a clue as to how to work on the systems that did work (I was one of them), we relied far too much on contractors, and all of it together could have equalled dead troops if the balloon ever went up. Believe it or not--we're on the same side with this one, Sir, I'm just the old E-4 bitching a bit.
Amen, Brother. And what *everybody* seemed to miss in this was the DoD engineers and techs (likely moreso than the civilian world) have to deal with the Colonel not being able to get to nascar.com or being able to IM his buddy back in North Carolina. Then there are the LT's that can't do their powerpoint presentations, the PFC that can't drop a ball and hit the earth better than 2 out of 3 times--looking like Dan Quayle at a spelling B while staring at the CDE--and, meanwhile...the smart NCO and his best trooper standing next to the contractor (former NCO himself, most likely, knowing not much beyond a few Solaris tweaks) saying, "Fuck it. It sucks, but the Colonel needs NASCAR and he gets a hard-on everytime his friends IM him, just give it to him."
OSS would make it's biggest splash by showing off the fluff--and *then* sneaking in samba, Freeswan/Raccon, MySQL, etc. The DoD has no problem with the these--so long as the Colonel can use it.
Paraphrasing from American President Lyndon Johnson...Saying "BSD is dead" is like pissing with a bad case of the clap--you think it's pretty hot, but nobody else does.
One of the main thrusts (or at least effects) of opensource is to turn software into a service model. If you anticipate it being a tough sell, you may well want to pick a linux distro that is well supported by a company all too happy to take your company's money (though at a much lower fee than other proprietary UNIX's, normally, not to mention the reduced rate in hardware costs).
If you want to run stuff like Debian or FreeBSD, though--might be a tough sell. Even still, you can say something to the effect of 'well, IBM and a great number of their professional services customers run linux, Yahoo and Pair Networks run FreeBSD, (etc.), and they seem to be doing just fine.'
Even if you have to pay for vendor support and it's not your favorite distro/OS, the cost savings and the ease on your responsibilities would be fairly substantial, I should think, with the usual suspects of large linux distros. So, be prepared to bend a bit if they crinkle their nose at, say, Gentoo or OpenBSD--just as examples.
The major selling point that geeks often miss, however (IMHO), is not just the cost savings, but the ease of it all. Even if you have to pay, you pay one company one check once every set interval and never have to worry about the number of seats you have, the fees associated with upgrade cycles, voiding warrantees, getting hit with an audit, etc, etc. And you have access to volumes more software for testing, patching, and reviewing without having to worry about money either. The long term benefits and TCO are, potentially, enormous.
Slashdot Mirror
I don't know how much or how little companies contribute to FreeBSD, but it doesn't look like they throw much in. They are trying to raise $300,000 for the *year* (http://www.freebsdfoundation.org/donate/). A company like Apple or Yahoo or Juniper or others that rely on it probably spend many times more than that on coffee. I hope that there is a lot I don't know about to help fund it (along with the other BSDs, Linux, and open source projects in general, for that matter), and there probably is, but being more public about it would be a nice change if that is the case. Quite a few companies have built themselves on top of BSD development--seems like they would want to see it continue to prosper.
I'm neither a developer or a rich guy, but FreeBSD and OpenBSD have saved my ass so many times I make sure to throw a few bucks their way every year. I do like Linux (particularly Gentoo and Ubuntu), and for bleeding edge things especially, Linux is awesome. But BSD is (for me) so simple, extremely stable, uber-easy to maintain, and crazy fast. For an average chump like me who needs a Unix platform to work and work well, BSD is very hard to beat. And PC-BSD has been very impressive to a lot of my Linux-user friends.
Insofar as BSD desktop deployments, no, I haven't really seen them and I doubt there are that many (besides the obvious of Apple ;-). But I would very much encourage looking into them. PC-BSD makes it very easy. I did three thin client deployments for schools in the area as a favor to my mother (she's a teacher) and it's been a godsend for them. We often used ancient hardware that was about to be thrown away and stood them up in one or two weekends (biggest one was 42 thin clients). No AV software required, centrally managed, lickety-splickety fast, and all the kids needed was a browser (Firefox), a video player (VLC) and basic documents (OpenOffice), so it was a perfect fit.
Probably the coolest part was showing the High School dorks how to maintain it and install apps (when I showed them how to update and compile a kernel, they acted like they were looking at The Matrix :-). So give it a try. Like I say to women: 'It won't take that long and, who knows? You just might like it.'
This could be an interesting conversation, but Ranum makes it almost impossible to take seriously (or enjoy). I cannot--and would not--take away from his accomplishments, but his talking points sound like they came from a magic 8-ball or a doll that talks when you pull the string. "Keep the horses in the barn" and "don't mix production with non-production" and "I before E, except after C"....blech. What a douche nozzle.
I'm not British, but I'm sure we American's brought over "contempt of court" from Britain as a ruling a judge can sentence a defendant with. If it's Super-Crime-Boss-John and he has everything encrypted on his computer then says "Gosh, forgot the password, don't know why I would have encrypted it anyway--nothing but email from Mom on the PC," an American judge will charge him with of contempt of court 99 times out of 100 and put him in jail unless and until he wants to change his mind (within reason). Meanwhile (if serious enough, anyway) you can get some dudes to brute force it open and, besides, they can take all the time they want to do it since John is sitting his contemptous ass in jail. I can't imagine it too terribly different in the UK. Perhaps Brits sometimes suffer from the same disease as Yanks wherein they don't use the laws they have and create unnecessary controversy from over-reaching politicians deperate to get recognition.
One has to wonder how these nanny apes think putting a firewall in front of and/or behind a wireless access point--or on the PC for that matter--helps anything. The whole point of sniffing on wireless networks is to sniff traffic that (gasp!) is going through a radio signal, last I heard. And people, ummm, connect directly to it. It's like putting a pack of ninjas in front of a radio tower to keep people from picking up the signal.
Besides, anyone idiotic enough to send personal info in a phukin email or unsecured web site should be flogged in front of their parents. My mother knows not to do that and she can barely get past turning a computer on. Meanwhile, businesses there have to incur extra expense and create frustration with their customers to not be in violation of this ordinance. Positively brilliant. Aren't there a couple potholes in Westchester County, NY that need attention?
Checkpoint on the other hand has flat out told us that they will not change broken elements of their code because "there are acceptable workarounds." Even when they were the *only* firewall vendor on earth doing things in that manner. Additionally, I haven't met a single sales person for Checkpoint that can explain their licensing model in a clear fashion. It's not because they are dumb or that they don't try, but because it is impossible to do so. Then, the really good news: Checkpoint is slooooooooow. Slow in management, slow in passing traffic, and slow to make changes to problems in their code (if you're lucky enough to get a fix to it).
By your tone and apparent affection for Checkpoint, I assume that the "large MSSP" you work for rhymes with Serivign. If not, disregard the following. If so, please know this: Sourcefire is light years ahead of your company when it comes to stability and competance. I know. I've worked with both. Perhaps the reason Sourcefire support comes off as arrogant is because they are disgusted by the fact that personnel working at a "large MSSP" shouldn't be calling them asking how to get their zipper unstuck.
Fair enough (been a while since I used it). Of course, you could just stick with rainbow crack or use CAIN (with or without rainbow tables) for free... Doesn't really matter though--whatever one is comfortable with. I liked L0pht for doing onesie-twosie checking in the past--and it's probably still good at that--I was just so bewildered with the recent law that a negative tone probably unfairly maligned the good folks at LC5. I hope it didn't come across as a flame toward LC5 to you or anyone else. Cheers!
Second, anyone who has to crack passwords with any regularity uses rainbow tables and/or john with customized tables. They are just better tools.
Third, and most amazing to me, the ban assumes that potential terrorists are somewhere "over there" when *all* of the 9/11 hijackers had spent considerable time in North America--some had been here for years. Even if the transfer of the program overseas was able to be blocked (which is impossible, of course), WTF do they plan on doing about the hundreds of millions here now?
The earlier US ban on the export of high-level encryption began to seriously hurt and slow down American technology companies, prompting the lift of the ban. I have a feeling that should such legislation continue, similar pressure to ease restrictions will be properly and successfully applied. I'm not too terribly worried.
I've seen the same thing with Mexican labor in the construction industry here in the American Southwest. They just do the job and, if they don't like it anymore, they leave. No hassles, no drama, just "pay me and I'll do what you tell me to do. Become an asshole, and I'll leave." That's the well-known secret, I think, Americans (and I'm one of them) can be not only expensive, but a royal pain the ass to work with sometimes. And, the other well-known secret, they are oftentimes not very good.
As an American, and a WASPy white male, and a verteran, and one who loves my mother, apple pie, and baseball, I say if guys in India can get it done for a nickel less and in a much more pleasant manner, give them the work and let the UNIX "admin" who doesn't know what to do with a file that is tar'd *and* gzip'd go flip burgers (yes, I really did meet that guy). Apparently, I'm not the only one who feels this way given this new potential need of India's.
You've already played Devil's Advocate, so document what you think the risks are/may be, then do *exactly* what he says. Once it breaks, whip out the risks you documented and explain how you did exactly what was asked of you over your stated objections. It's the only real way to do it--and rather satisfying, gotta admit.
Only older versions of *NIX use the old DES encryption algorithms for passwd hashing. MD5 is commonplace now (which allows for >8characters--up to 128 for the insane, actually--and blowfish is offered on all BSDs (blowfish has yet to be cracked, to my knowledge, while there are many MD5 crackers out there). I would imagine it is available on linux as well.
Oops! Yep, I didn't RTF string well. Sorry 'bout that ..;-).
It doesn't have an "installer," it either installs the package (using perl, gcc, whatever the developer used--and will install *that* if necessary as well) or--more often, it compiles things from source automagically--including dependencies and checking MD5 hashes--and keeps a list of packages that you have installed in case you want to remove them later. As for uninstalling:
Gentoo: emerge unmerge program_name (like mozilla)
FreeBSD: pkg_delete package_name (or, in appropriate ports directory): make deinstall clean
Debian: apt-get uninstall package
Not too terrifically difficult--and it extends to the entire OS as well. You haven't experienced opensource valhalla until you've upgraded your entire OS and every package in it with a few lines while drinking a couple beers. I suggest you give it a go.
Opensource handles server applications very, very well. Additionally, opensource applications/libraries/compilers, are developed on (gasp!) opensource operating systems. Further still, the opensource applications/libraries/compilers are exactly what many, many people want. So, reasonably, most developers and sysads don't feel it wise to use anything other than opensource operating systems.
Solaris makes sense in certain environments, no doubt--but not many. That is the point. For a massive metadirectory, sure, go Solaris on a E6K or something, for most everything else, don't. Linux and *BSD can take care of 99% of your enterprise needs for a fraction of the cost, a wider user base, more international development, more usability, less dependancy problems, etc. etc.
Yahoo, Google, Pair Networks, etc, don't use opensource because it sucks, but because it works well and fits their business model. SUN may well be around for a while, but only if no one wants to buy them.
Thousands of laws exist in the US--federal, state, and local--regulating advertising ranging from content, mediums allowed, representation of fact, even down to the size, colors, and placement of billboards. It's a business practice, just like exchanging business cards or currency, not protected speech.
Now the ability to fairly conduct business as protected by laws regarding commerce--that's somewhat of an argument, however weak. Unfortunately for this company, they are too stupid to realize that and, more unfortunately for us, this judge doesn't either. True, an injunction isn't a final ruling on a case, but this judge is being a trifle over-cautious (if not rather stupid).
Well said. If this guy wants to preen and massage his swollen, emotional clitoris, fine. But choosing a LUG communication to publicly display it is even more pathetic than it is is ignorant.
Quoting Twain is charming, but unless you have statistics to counter Gartner's, I would be prone to believe them.
If I walk into your house because you left the door unlocked and I walk around, look through your medicine cabinet or check out your books, then leave, that is trespassing--to be certain. But it's not the same as breaking in, killing your dog, and stealing all of your furniture. I'm not suggesting that you think the book should be thrown at him--you, like me, just don't want him snooping around uninvited. I just hope that they don't try to make a whipping boy out of this guy.
I feel for you, Bro--been there many times. All you can really do is try to work with what you have up to a point and then tell them that their options are (1) spend money, or (2) not have a network anymore. Once it crashes, they are more receptive to your recommendations. It *does* suck, no doubt, but think of it this way--security/network guys always have been, and always will be, hated. It's just part of the job. The objective is to be hated and respected *and* feared. Good luck.
--WillieThe NT login script already mentioned is pretty effective but, of course, assumes that everyone is logging on to an NT domain. Detecting infected machines and then denying DHCP services, denying proxy access, nuking them, etc., may or may not make sense depending on your network setup and how dictatorial you are allowed to be--but they are valid options depending upon how widespread the problem is and how bad your network is hurting. Passing out information and/or CDs, of course, is a must and I'm sure you've done that (some people want to do the right thing). I would try to scare them too--telling them about how they could have their computer seized by an evil dark hacker and all of their files could be stolen/corrupted, including passwords. If responsibility doesn't motivate them, sometimes concern over their 4Gigs of pr0n does.
I hesitate to say this next part because I don't want to sound like a commercial and it's not an option for today-right-now anyway, but I know of a couple universities and several companies who ditched their core routers (and most perimeter ones) and went with a commercial firewall that has the ability to not only serve the function of routers, but also has the ability to run virtual firewalls and virtual routers so that different departments can maintain their own ruleset while root-god user can make sure they are not too leniant. Combined with IDP software/appliances, it can give you the ability to stop the harmful traffic while logging infected users, then do what you will with the infected machines. If you want more information about that option for future planning, let me know because I don't want to plug a specific product. And, no, I'm not a sales guy--I just like the product. In talking to the guys who use it, when blaster and sobig came out they pretty much sat back and said, "Must suck to be those other guys."--Willie
Truthfully, as one who really likes FreeBSD, I use Linux for my laptop with a vmware image of Windows so I can run the applications I need for work. GNU/Linux is just better at that sort of thing because there is more support and people willing to contribute to the code. I also use OpenBSD and Solaris and OSX. It just depends on what you want and what you are looking for.
As to your question regarding why anyone would choose BSD, ask Yahoo, ask Pair Networks, ask NYInet, or little ol' me--it absolutely screams as a server. Very stable, very secure, and there is a consistent structure to it. There aren't several major, and dozens of smaller, distros. And the different BSDs compliment each other well without animosity, which leads to the next point.
The culture is much more, well, mature. There aren't too many 15 year olds using *BSD with Bill Gates' face on a dartboard. If xine or quake under wine is working too well, who really cares? It seems to be a user community more interested in making servers work--period. Tux Racer and other stuff is great and not without value, but Yahoo isn't interested in that--and neither are many of us.
Hope that answers the bulk of your questions.
--Willie
Anyway, I don't think that the umpire will ever be rid of. Still need a guy there to handle the game, call an out at home, throw the balls out to the pitcher, etc. It will co-exist one day with the home plate ump one day. Tennis umps cried and moaned for a long time too until it became obvious that having a human being tell you that the ball hit the tape is a waste of money and having a human being watch to see if an object travelling at 100mph+ (and moving while in flight) missed a line by a fraction of an inch is prone to errors. Baseball will discover it themselves soon enough (I hope).
I know, as well, that a butter-bar not being able to use Power Point or a Major not being able to figure out his email client is *big deal.* I understand it to a point, but I think we would both agree that using systems that keep people alive and information secure is more important than the fluffy stuff. Largely, from my experience, mission critical stuff was on systems that worked more than systems that were cute and peppy--and thankfully so. The problem I saw was that the troops didn't have a clue as to how to work on the systems that did work (I was one of them), we relied far too much on contractors, and all of it together could have equalled dead troops if the balloon ever went up. Believe it or not--we're on the same side with this one, Sir, I'm just the old E-4 bitching a bit.
--Airborne!!
OSS would make it's biggest splash by showing off the fluff--and *then* sneaking in samba, Freeswan/Raccon, MySQL, etc. The DoD has no problem with the these--so long as the Colonel can use it.
Paraphrasing from American President Lyndon Johnson...Saying "BSD is dead" is like pissing with a bad case of the clap--you think it's pretty hot, but nobody else does.
If you want to run stuff like Debian or FreeBSD, though--might be a tough sell. Even still, you can say something to the effect of 'well, IBM and a great number of their professional services customers run linux, Yahoo and Pair Networks run FreeBSD, (etc.), and they seem to be doing just fine.'
Even if you have to pay for vendor support and it's not your favorite distro/OS, the cost savings and the ease on your responsibilities would be fairly substantial, I should think, with the usual suspects of large linux distros. So, be prepared to bend a bit if they crinkle their nose at, say, Gentoo or OpenBSD--just as examples.
The major selling point that geeks often miss, however (IMHO), is not just the cost savings, but the ease of it all. Even if you have to pay, you pay one company one check once every set interval and never have to worry about the number of seats you have, the fees associated with upgrade cycles, voiding warrantees, getting hit with an audit, etc, etc. And you have access to volumes more software for testing, patching, and reviewing without having to worry about money either. The long term benefits and TCO are, potentially, enormous.
Good luck!