The main factor for Check Point's acquisition was for the RNA technology and the way that the rest of SourceFire's products fit into a centralized management architecture (like Check Point's). Check Point's firewalls have been doing IPS/IDS firewalling for some time. Now combine the existing technology with SourceFire's passive IDS approach and you have quite an interesting technology. Check Point is constantly pushing the envelope and it would have been exciting to see what this would have brought.
As far as all the "US gov't doesn't use Check Point" consider this: one of Check Point's largest customers is the U.S. Army. So we can pretty much put that to rest.
Let's put another one to rest: this whole "Check Point sucks because its all closed source and they make money" is tiring. While yes Check Point's security applications are closed source, the development platform for all the apps is Linux. Check Point's own hardened Linux version SecurePlatform is available at no extra cost, is supported without extra cost and is the preferred platform. Download a version and see for yourself
http://www.vmware.com/vmtn/appliances/. You'll see that Check Point makes extensive use of OSS, and even contributes back to the community from what I hear.
Check Point is a strong advocate for Open Source where it makes sense, and I don't think they need to apologize for being profitable when US based companies like Cisco and Microsoft make billions off the crap they have slopped together.
This whole Israeli "back door" thing is ridiculous, and stings of anti-semetic conspiracy. Israel has consistently been the US's most staunch ally (when allowed). What possible benefit would Israel or Check Point gain by allowing a backdoor to be widely distributed throughout the world? Think about it, Check Point has been in business for 13+ years, and has hundreds of thousands of Internet perimeter firewalls out there in operation. Don't you think that if there was a deliberate back door that it would have been found by now. Yeah those crazy Jews are out for world domination again. Ridiculous.
It is no secret that Check Point is run by mad scientists who make great product, but don't have a clue when it comes to running a business (well maybe just the bribing part). Could it be that Check Point maybe didn't grease Washington the way it should have? Could it be that Sam Nunn being on the board of directors for direct competitor of Sourcefire and Check Point's might have had something to do with this? Could it be that market powerhouses like Cisco who spend more money on marketing the mythical "self-defending network" than actually fixing their sh!t helped put a stop to this?
Follow the money. It was big businees and big Bush that killed this deal. And yes Check Point is a $Billion+ company so I'm sure they will survive (sniff sniff), but how does this play into the mythical "global free market" we keep hearng about? Is protecting stagnant companies like ISS and Cisco what is really best for the security market and the rest of us?
I am surprised at the sheer amount of outdated advice regarding firewalling and security design. The days of static firewall rules/ACLs are long over. It used to be sufficient to block the *duh* ports: telnet, SMB/CIFS, your basic LAN traffic that no one from the Internet should ever be connecting to. This is the approach you take with a router ACL, M$ IPSec client, IPtables, PF, etc. None of these technologies help much anymore. The vast majority of attacks are not at the firewall, or looking for open ports that shouldn't be open.
The vast majority of attacks are directed at the applications behind the firewalls. To defend against these types of attacks you need something that goes deeper than layer 3 and 4 (address, port). Modern firewalls are able to look into the payload and determine what type of traffic it is passing. Remember everyone allows port 80, and 443 to be open. Guess what ports the attackers are exploiting? That's right, the port that you leave open to access your web app. That's where they fire off buffer overflows, SQL/LDAP/Command injection, cross site scripting, etc. How is a Cisco ACL, Cisco reflexive ACL, IP Chains, PF, Smoothwall (read legacy) firewall going to protect your environment? It won't. You need something with more intelligence built into it: Deep packet inspection and IPS are the technologies. OSS falls pretty short when it comes to firewalling. The days of the sub $100 firewall doing anything useful are long over. People stop kidding yourselves.
AFA zombies, those are installed (unknowingly) by the end user. How do you address these? Two approaches: the endpoint, and the perimeter. From an endpoint you need to rely on anti-virus, and a personal firewall that capable of identifying malware on the host. The personal firewall needs to identify the malware and control the TCP/IP stack to the point that it does not allow that malware to 'phone home' with the user's acount information (username/password). I am not aware of an OSS project that can do this on the endpoint.
From a perimeter standpoint, the firewall has to (again) be able to identify the traffic in the payload: the good from the bad. You may have some luck with a product like SNORT which will be able to identify some forms of malware. If you want, you could even put something like this inline as an IPS. You are relying on signatures, but it is certainly better than a legacy firewall. There are several commercial firewall products that perform this function quite well, but they are fairly expensive (or are they when you consider the cost of a work/break-in/disaster?). IPtables, PF, Smoothwall, ACLs will do nothing to stop zombie traffic. They will simply allow it out with all of the other legitimate HTTP/DNS/HTTPS traffic. You hope is that the legacy firewall could be quickly (manually) reconfigured to block on src/dst/port. Remember though, these attacks are mostly automated now, and happen at the speed of light. You cannot react that fast.
Several people have mentioned looking at Cisco's designs. Give me a break. Cisco is a connectivity company, not a security company. Anyone in the security industry know what a complete joke the SAFE is. It isn't a security architecture, rather it is a scam to convince people to buy 6500s and utilize VLANs as a way to 'safely' segment their network. What the networkers failed to realize was that the segmentation was virtual, and defeatable. VLAN spoofing, MAC spoofing, VLAN hopping (etc) are very real exploits http://www.monkey.org/ For guaranteed segmentation, you need physical separation: different switches for each segment. SAFE is a series of commercials and ads whereby Cisco attempts to calm your VP or CIO by claiming their products are secure simply by including 'Cisco' and 'Secure' in the same breath. your management sees this enough and they start to believe it. Information security professionals do not use Cisco or Microsoft products: networkers and sysadmins do. Stop kidding yourself with the VLAN and ACL approa
Might seem like a good deal until you consider the cost. After you purchase a 6500 chasis, and load it with dual power supplies, two supervisor cards (they run the IOS, you will need the good ones), you are probably looking at $70k to $100k. Now double that configuration for HA (two redundant switches). Now add in the IBM mystery cards, think these will be cheap? Seems pretty expensive for just getting your foot in the door.
This is the problem with Cisco 65xx solutions, they become very expensive, very quickly. Cisco is pushing hard on this 65xx direction, and not doing very well for technologies outside of switching/routing. On a side note the article mentions the firewall and IDS blades. These do not perform as advertised, and are not Common Criteria certified nor is the IOS. Be careful when considering the 65xxs, a lot of these addons are not ready for prime time....and may never be.
"Presto, instant DOS against your own network. Fun for the whole family!"
Actually this is not what would happen if you use the loopback.
The host spoofs a source address and sends it to its own loopback. This part is not seen on the network with a sniffer (obviously). What is seen though is a RST sent to the spoofed source. There is a chance the spoofed source is a real host on your network, but receiveing a RST for an unestablished connection periodically will not DoS it. The other thing to remember is the RST will have a source address of 127.x.x.x, which will be dropped by any router before it leaves your local segment.
Seeing a lot of RSTs on a segment is a lot less worse (harmless?) than directed SYNs. However the best solution is the null value for DNS queries. This keeps the SYN flood function in the worm from ever kicking off. Then download the M$ tool :
KB823980Scan.exe
and scan for unpatched machines. Then re-evaluate and redefine the duties of a sysadmin (ie patch management) as well as where you want to use M$ products.
Actually pointing the DNS to 127.x.x.x really doesn't do much. While it does point it back at itself, the SYN flood isn't strong enough to take itself out. With this worm you really need multiple hosts to DoS another.
The best way to deal with the worm is to return a null value in DNS. This ensures the SYN flood never gets started.
We played with the worm at work in order to try and limit its damage. We found (like a lot of other companies) that if we poisoned our internal DNS by returning a null value for a DNS query for 'windowsupdate.com' that the worm stays in its propagation mode, and does not enable the SYN flood mode.
If you do a lookup on 'windowsupdate.com' today you'll notice there is no A record entry. So the magnitude of the coming SYN flood will be minimal. Granted there may be some hosts out there with the entry cached, but their effect should be minimal. Although I would have loved to see MicroSoft get blasted this weekend (and next week when all the returning people turn on their infected workstations at work), I really did not want to see our WAN links and firewalls get flooded.
I don't know about anyone else, but MicroSoft's help on this from a corporate standpint was piss poor. I am a security engineer in a Fortune 100 company with 30,000+ employees. Despite all the millions we blow on M$ products every year, we were unable to get a dedicated M$ resource for this event. Any questions we had were forwarded to a "representative", and answered hours later with the answer usually being "patch your boxes". Gee thanks for the obvious answer M$, now how about some guidance from a holistic standpoint. They were unable to share any real analysis of their exploit, or what to expect. I can only imagine what little help smaller companies, and consumers received.
M$, take note: If you are going to produce the most easily exploitable code on the planet, then you better damn well get a dedicated security staff and make them available for events like these. Especially for large companies that have been fooled into thinking that M$ products are "enterprise ready" and that patch management for their is a no brainer. Since things only seem to be getting worse for you (and the rest of us), I would also suggest you ramp up on the number of resources you make available. It's time to get serious.
One other interesting point is that although the SYN flood has been averted, the worm author was still successful in DoS windowsupdate.com by forcing them to take it down. It will be interesting to see how long the DNS entry is missing. Knowing how ineffective patching is I don't expect to see 'windowsupdate.com' anytime soon.
Seems to be a lot of comments about firewalls and FTP from people who obviously don't work with them. Remember there are three basic types of firewall technology: packet filters, proxies, and stateful inspection.
Packet filtering alone is always a problem because you have to open up all of the high ports.
Proxy firewalls and FTP (active or passive) are a no brainer as long as either feature has been enabled. Remember that proxies "watch" the conversation so it will manage the connection if it's data coming back to the client on port 20, and will recognize the 'pasv' command in the command channel.
Stateful Inspection firewalls include proxying code for the major protocols ie FTP, HTTP, Telnet, etc. So you are covered here as well.
If you are having problems using FTP through a firewall then you are probably:
-Are being blocked intentionally
-Have a lazy security admin who hasn't updated the firewall in five years
-Have a stupid router jockey "securing" the network with router ACLs (packet filters).
As long as you are using a major firewall release like Checkpoint, PIX, Netscreen, IPTables, etc, that is up to date there will not be an issue getting FTP to work.
"When Windows NT/2k/XP won't boot (BSOD on bootup) you're often up a creek without a paddle. At least with Linux you can get the system up with a bootable CD or boot floppy."
w2k does have a packet filter. It's located under the "security profile." I am using it right now and it is configured to only accept sshd (Cygwin of course), and blocks all netbios.
I also use it for creating IPSEC tunnels to other servers. The only part I don't like is that there is no good logging for it. In otherwords I can't track the traffic that I have blocked. It's no iptables, but it does a good job in helping secure a networked device.
How did you get MCSA certified without knowing this? RTFM
Look at the salary surveys. What's the average income for someone just got out of college? Probably not 55k a year.
So here's the choice:
Four years in college, $40,000 to $100,000 in debt, average $25k to $30k starting.
One year on help desk, study at night, take MCSE test on side. MCSE average salary around $55k.
Hmmm not too hard of a decision.
Whether you love Micro$oft or not, or think all MCSEs are crap, you do have to admit that they have a good system that can give entry level people a foot in the door.
hell go all the way and get that MBA next! I can't believe how naive the postings on this forum are. Let's get real.
I dropped out of college after four years and have been in IT for eight years. The smartest, most productive people that I have worked with have all been college drop outs. This is across the board whether they are programmers, networkers, sysdmins, PMs or managers. These people tend to be the most motivated. Why? Because they are working in an industry that they chose and love. They didn't let a major dictate the type of work they would have to do for the rest of their lives. They didn't want to be limited by the useless classes they would be forced to take: FORTRAN, women's studies, interpretive dance, blah, blah, blah. They wanted to contribute now, not later. The (very profitable, well paying) fortune 500 company I work at doesn't require degrees to get into the IT department. They're more concerned with what you've done the past five years, not where you sat.
Why should I have to go $100,000 in debt and wait five years to work in IT? If you are in IT ask your professor when was the last time he/she setup a load balanced firewall for a fortune 500 company? When was the last time they architected a QoS solution? When was the last time they implemented a failover solution using BGP and OSPF? The answer will be never. IT professors do not work/live in the real world. They hide out in their little offices while the rest of the IT world (often open source) dictate their future.
A college degree is a piece of paper. It used to be that going to college was something prestigious. The GI bill after WW2 pretty much changed that. Anyone can go to college regardless of their GPA, intelligence, or finances. We have all been sold a lie that a college degree would get us a great job. Now that almost everyone has a college degree so they are telling us we need to get Masters or PHD to further distinguish ourselves. Sure some fields like engineering, medicine, or science should require degrees. By why should anyone need a degree to design websites, run a business, or paint? Don't fall for this trap.
Hey if you like college then have fun. But don't think for a second that you are something special, or have something that a non-traditional person doesn't. Are we so snobbish on this forum that we would only work with degree'd people? Then you better start wiping off that open source software you're using, because guess what, it might have been written by a college drop out! Eeeeek!
Yeah I agree. The price of pinball today definitley doesn't help. When the new games started charging.50 and.75 a game I stopped playing them. Not to mention how lame most pinball ames have been in the past 10 years.
Some of the best arcade/college rec memories I have are playing Taxi, Pinbot, Cyclone and Big Guns for a quarter. You could tell they were made by people who loved pinball. Those were well designed games that didn't have to worry about someone like Disney approving the "theme." I guess for me pinball died in the early 90s.
I'm hoping in the near future we start to see pinball halls with collections of the good games. Hmmmm maybe I could quit the day job....
Slashdot Mirror
The main factor for Check Point's acquisition was for the RNA technology and the way that the rest of SourceFire's products fit into a centralized management architecture (like Check Point's). Check Point's firewalls have been doing IPS/IDS firewalling for some time. Now combine the existing technology with SourceFire's passive IDS approach and you have quite an interesting technology. Check Point is constantly pushing the envelope and it would have been exciting to see what this would have brought.
As far as all the "US gov't doesn't use Check Point" consider this: one of Check Point's largest customers is the U.S. Army. So we can pretty much put that to rest.
Let's put another one to rest: this whole "Check Point sucks because its all closed source and they make money" is tiring. While yes Check Point's security applications are closed source, the development platform for all the apps is Linux. Check Point's own hardened Linux version SecurePlatform is available at no extra cost, is supported without extra cost and is the preferred platform. Download a version and see for yourself http://www.vmware.com/vmtn/appliances/. You'll see that Check Point makes extensive use of OSS, and even contributes back to the community from what I hear.
Check Point is a strong advocate for Open Source where it makes sense, and I don't think they need to apologize for being profitable when US based companies like Cisco and Microsoft make billions off the crap they have slopped together.
This whole Israeli "back door" thing is ridiculous, and stings of anti-semetic conspiracy. Israel has consistently been the US's most staunch ally (when allowed). What possible benefit would Israel or Check Point gain by allowing a backdoor to be widely distributed throughout the world? Think about it, Check Point has been in business for 13+ years, and has hundreds of thousands of Internet perimeter firewalls out there in operation. Don't you think that if there was a deliberate back door that it would have been found by now. Yeah those crazy Jews are out for world domination again. Ridiculous.
It is no secret that Check Point is run by mad scientists who make great product, but don't have a clue when it comes to running a business (well maybe just the bribing part). Could it be that Check Point maybe didn't grease Washington the way it should have? Could it be that Sam Nunn being on the board of directors for direct competitor of Sourcefire and Check Point's might have had something to do with this? Could it be that market powerhouses like Cisco who spend more money on marketing the mythical "self-defending network" than actually fixing their sh!t helped put a stop to this?
Follow the money. It was big businees and big Bush that killed this deal. And yes Check Point is a $Billion+ company so I'm sure they will survive (sniff sniff), but how does this play into the mythical "global free market" we keep hearng about? Is protecting stagnant companies like ISS and Cisco what is really best for the security market and the rest of us?
I am surprised at the sheer amount of outdated advice regarding firewalling and security design. The days of static firewall rules/ACLs are long over. It used to be sufficient to block the *duh* ports: telnet, SMB/CIFS, your basic LAN traffic that no one from the Internet should ever be connecting to. This is the approach you take with a router ACL, M$ IPSec client, IPtables, PF, etc. None of these technologies help much anymore. The vast majority of attacks are not at the firewall, or looking for open ports that shouldn't be open.
The vast majority of attacks are directed at the applications behind the firewalls. To defend against these types of attacks you need something that goes deeper than layer 3 and 4 (address, port). Modern firewalls are able to look into the payload and determine what type of traffic it is passing. Remember everyone allows port 80, and 443 to be open. Guess what ports the attackers are exploiting? That's right, the port that you leave open to access your web app. That's where they fire off buffer overflows, SQL/LDAP/Command injection, cross site scripting, etc. How is a Cisco ACL, Cisco reflexive ACL, IP Chains, PF, Smoothwall (read legacy) firewall going to protect your environment? It won't. You need something with more intelligence built into it: Deep packet inspection and IPS are the technologies. OSS falls pretty short when it comes to firewalling. The days of the sub $100 firewall doing anything useful are long over. People stop kidding yourselves.
AFA zombies, those are installed (unknowingly) by the end user. How do you address these? Two approaches: the endpoint, and the perimeter. From an endpoint you need to rely on anti-virus, and a personal firewall that capable of identifying malware on the host. The personal firewall needs to identify the malware and control the TCP/IP stack to the point that it does not allow that malware to 'phone home' with the user's acount information (username/password). I am not aware of an OSS project that can do this on the endpoint.
From a perimeter standpoint, the firewall has to (again) be able to identify the traffic in the payload: the good from the bad. You may have some luck with a product like SNORT which will be able to identify some forms of malware. If you want, you could even put something like this inline as an IPS. You are relying on signatures, but it is certainly better than a legacy firewall. There are several commercial firewall products that perform this function quite well, but they are fairly expensive (or are they when you consider the cost of a work/break-in/disaster?). IPtables, PF, Smoothwall, ACLs will do nothing to stop zombie traffic. They will simply allow it out with all of the other legitimate HTTP/DNS/HTTPS traffic. You hope is that the legacy firewall could be quickly (manually) reconfigured to block on src/dst/port. Remember though, these attacks are mostly automated now, and happen at the speed of light. You cannot react that fast.
Several people have mentioned looking at Cisco's designs. Give me a break. Cisco is a connectivity company, not a security company. Anyone in the security industry know what a complete joke the SAFE is. It isn't a security architecture, rather it is a scam to convince people to buy 6500s and utilize VLANs as a way to 'safely' segment their network. What the networkers failed to realize was that the segmentation was virtual, and defeatable. VLAN spoofing, MAC spoofing, VLAN hopping (etc) are very real exploits http://www.monkey.org/ For guaranteed segmentation, you need physical separation: different switches for each segment. SAFE is a series of commercials and ads whereby Cisco attempts to calm your VP or CIO by claiming their products are secure simply by including 'Cisco' and 'Secure' in the same breath. your management sees this enough and they start to believe it. Information security professionals do not use Cisco or Microsoft products: networkers and sysadmins do. Stop kidding yourself with the VLAN and ACL approa
Might seem like a good deal until you consider the cost. After you purchase a 6500 chasis, and load it with dual power supplies, two supervisor cards (they run the IOS, you will need the good ones), you are probably looking at $70k to $100k. Now double that configuration for HA (two redundant switches). Now add in the IBM mystery cards, think these will be cheap? Seems pretty expensive for just getting your foot in the door.
This is the problem with Cisco 65xx solutions, they become very expensive, very quickly. Cisco is pushing hard on this 65xx direction, and not doing very well for technologies outside of switching/routing. On a side note the article mentions the firewall and IDS blades. These do not perform as advertised, and are not Common Criteria certified nor is the IOS. Be careful when considering the 65xxs, a lot of these addons are not ready for prime time....and may never be.
"Presto, instant DOS against your own network. Fun for the whole family!"
Actually this is not what would happen if you use the loopback.
The host spoofs a source address and sends it to its own loopback. This part is not seen on the network with a sniffer (obviously). What is seen though is a RST sent to the spoofed source. There is a chance the spoofed source is a real host on your network, but receiveing a RST for an unestablished connection periodically will not DoS it. The other thing to remember is the RST will have a source address of 127.x.x.x, which will be dropped by any router before it leaves your local segment.
Seeing a lot of RSTs on a segment is a lot less worse (harmless?) than directed SYNs. However the best solution is the null value for DNS queries. This keeps the SYN flood function in the worm from ever kicking off. Then download the M$ tool : KB823980Scan.exe and scan for unpatched machines. Then re-evaluate and redefine the duties of a sysadmin (ie patch management) as well as where you want to use M$ products.
The best way to deal with the worm is to return a null value in DNS. This ensures the SYN flood never gets started.
We played with the worm at work in order to try and limit its damage. We found (like a lot of other companies) that if we poisoned our internal DNS by returning a null value for a DNS query for 'windowsupdate.com' that the worm stays in its propagation mode, and does not enable the SYN flood mode.
If you do a lookup on 'windowsupdate.com' today you'll notice there is no A record entry. So the magnitude of the coming SYN flood will be minimal. Granted there may be some hosts out there with the entry cached, but their effect should be minimal. Although I would have loved to see MicroSoft get blasted this weekend (and next week when all the returning people turn on their infected workstations at work), I really did not want to see our WAN links and firewalls get flooded.
I don't know about anyone else, but MicroSoft's help on this from a corporate standpint was piss poor. I am a security engineer in a Fortune 100 company with 30,000+ employees. Despite all the millions we blow on M$ products every year, we were unable to get a dedicated M$ resource for this event. Any questions we had were forwarded to a "representative", and answered hours later with the answer usually being "patch your boxes". Gee thanks for the obvious answer M$, now how about some guidance from a holistic standpoint. They were unable to share any real analysis of their exploit, or what to expect. I can only imagine what little help smaller companies, and consumers received.
M$, take note: If you are going to produce the most easily exploitable code on the planet, then you better damn well get a dedicated security staff and make them available for events like these. Especially for large companies that have been fooled into thinking that M$ products are "enterprise ready" and that patch management for their is a no brainer. Since things only seem to be getting worse for you (and the rest of us), I would also suggest you ramp up on the number of resources you make available. It's time to get serious.
One other interesting point is that although the SYN flood has been averted, the worm author was still successful in DoS windowsupdate.com by forcing them to take it down. It will be interesting to see how long the DNS entry is missing. Knowing how ineffective patching is I don't expect to see 'windowsupdate.com' anytime soon.
No stupid it's the Gartner group that recommended everyone abandone IIS.
Seems to be a lot of comments about firewalls and FTP from people who obviously don't work with them. Remember there are three basic types of firewall technology: packet filters, proxies, and stateful inspection.
Packet filtering alone is always a problem because you have to open up all of the high ports.
Proxy firewalls and FTP (active or passive) are a no brainer as long as either feature has been enabled. Remember that proxies "watch" the conversation so it will manage the connection if it's data coming back to the client on port 20, and will recognize the 'pasv' command in the command channel.
Stateful Inspection firewalls include proxying code for the major protocols ie FTP, HTTP, Telnet, etc. So you are covered here as well.
If you are having problems using FTP through a firewall then you are probably:
-Are being blocked intentionally
-Have a lazy security admin who hasn't updated the firewall in five years
-Have a stupid router jockey "securing" the network with router ACLs (packet filters).
As long as you are using a major firewall release like Checkpoint, PIX, Netscreen, IPTables, etc, that is up to date there will not be an issue getting FTP to work.
Try this before you post:,
RTFM
What chu talkin bout Willis?
w2k does have a packet filter. It's located under the "security profile." I am using it right now and it is configured to only accept sshd (Cygwin of course), and blocks all netbios. I also use it for creating IPSEC tunnels to other servers. The only part I don't like is that there is no good logging for it. In otherwords I can't track the traffic that I have blocked. It's no iptables, but it does a good job in helping secure a networked device.How did you get MCSA certified without knowing this? RTFM
Keep in mind that C2 systems are not networked.
"just don't bitch about the salary difference between us."
For a second there I thought I was reading a posting from someone "in the know." Then I found your earlier post #4246657
"I am currently finishing up my first B.S. in math, and will finish my second in physics next year."
Hmmm how much they paying you in college? Yeah don't think many of us will "bitch" about the salary difference. LOL busted.Look at the salary surveys. What's the average income for someone just got out of college? Probably not 55k a year.
So here's the choice:
Four years in college, $40,000 to $100,000 in debt, average $25k to $30k starting.
One year on help desk, study at night, take MCSE test on side. MCSE average salary around $55k.
Hmmm not too hard of a decision.
Whether you love Micro$oft or not, or think all MCSEs are crap, you do have to admit that they have a good system that can give entry level people a foot in the door.
hell go all the way and get that MBA next! I can't believe how naive the postings on this forum are. Let's get real.
I dropped out of college after four years and have been in IT for eight years. The smartest, most productive people that I have worked with have all been college drop outs. This is across the board whether they are programmers, networkers, sysdmins, PMs or managers. These people tend to be the most motivated. Why? Because they are working in an industry that they chose and love. They didn't let a major dictate the type of work they would have to do for the rest of their lives. They didn't want to be limited by the useless classes they would be forced to take: FORTRAN, women's studies, interpretive dance, blah, blah, blah. They wanted to contribute now, not later. The (very profitable, well paying) fortune 500 company I work at doesn't require degrees to get into the IT department. They're more concerned with what you've done the past five years, not where you sat.
Why should I have to go $100,000 in debt and wait five years to work in IT? If you are in IT ask your professor when was the last time he/she setup a load balanced firewall for a fortune 500 company? When was the last time they architected a QoS solution? When was the last time they implemented a failover solution using BGP and OSPF? The answer will be never. IT professors do not work/live in the real world. They hide out in their little offices while the rest of the IT world (often open source) dictate their future.
A college degree is a piece of paper. It used to be that going to college was something prestigious. The GI bill after WW2 pretty much changed that. Anyone can go to college regardless of their GPA, intelligence, or finances. We have all been sold a lie that a college degree would get us a great job. Now that almost everyone has a college degree so they are telling us we need to get Masters or PHD to further distinguish ourselves. Sure some fields like engineering, medicine, or science should require degrees. By why should anyone need a degree to design websites, run a business, or paint? Don't fall for this trap.
Hey if you like college then have fun. But don't think for a second that you are something special, or have something that a non-traditional person doesn't. Are we so snobbish on this forum that we would only work with degree'd people? Then you better start wiping off that open source software you're using, because guess what, it might have been written by a college drop out! Eeeeek!
Yeah I agree. The price of pinball today definitley doesn't help. When the new games started charging .50 and .75 a game I stopped playing them. Not to mention how lame most pinball ames have been in the past 10 years.
Some of the best arcade/college rec memories I have are playing Taxi, Pinbot, Cyclone and Big Guns for a quarter. You could tell they were made by people who loved pinball. Those were well designed games that didn't have to worry about someone like Disney approving the "theme." I guess for me pinball died in the early 90s.
I'm hoping in the near future we start to see pinball halls with collections of the good games. Hmmmm maybe I could quit the day job....