When you talk about alternatives to Active Directory you need to be specific as to what features of Active Directory you refer to. Active Directory is a lot of things: Distributed multi-master database, Authentication provider, Authorization provider, Configuration management system, and more. The Active Directory infrastructure provides: File services, Print services, Group policy, LDAP, DNS, DHCP, and other services.
I haven't read in detail about Samba 4, and it appears that the Samba Wiki is down at the moment, but there is a decent description on the Fedora Project site. According to the Fedora site, Samba 4 includes the ability to be a domain controller and implements the Kerberos stack, but it is not clear that it provides the centralized configuration management that Active Directory does. This centralized management (Group Policy) and the ability to delegate administration (Organizational Unit based delegation) are very powerful features of Active Directory and what keep large organizations on the platform.
If what all you are looking for is a shared account database and the ability for multiple workstations to authenticate against it, Samba 4 may be just the ticket. If however you are looking for a replacement for Active Directory at an enterprise level, I doubt it is there yet.
While your approach is the right idea, it it way too complicated. I use an Asterisk distribution and simply ask the caller to "Press H if you are human". If the caller doesn't press 4, my phone doesn't ring. Most robo call systems don't connect the human on the other end until the target answers. By the time their human operator gets on the phone, they have missed my recorded instructions. I have been running this for several months and it has been 100% effective.
ABS is pretty much needed now. When every other car around you can stop very quickly in an emergency situation, you are very likely to crash if your stopping distance is longer than everyone else's. [...] I resisted ABS as long as I could, and had many close calls where a car in front of me was stopping without looking like they were giving a lot of thought or effort, and I was doing all I could to avoid them.
If the car in front of you stops without warning and you are at risk of rear ending it, then you are following too closely. It is your job as a driver to know your stopping distance for the current driving conditions (car, road, weather, etc.) and maintain appropriate following distance.
If you like to tailgate, I suppose you could argue that you need ABS, but I would recommend not tailgating instead.
That all being said, I like ABS and choose to drive a car with ABS, but I don't think it should be required on all cars.
Don't forget plenty of open wall space (in addition to rack space). Lots of equipment is still designed to mount on a wall and accessible wall space is a common limiter in telco rooms. Things like punch down blocks, telephone switches, T1 and other data termination gear, door access (card key) systems, alarm systems, etc. are common examples.
In Oregon (which is 100% vote by mail), there is also a bar code on the mailing envelope. You sign the mailing envelope and your signature is verified against the one on file. The bar code is not a problem however because your actual ballot is in a separate "secrecy" envelope that you put inside the mailing envelope. There are no identifying marks on the secrecy envelope or the ballot itself. At the elections office one person verifies your signature, marks the record that you have voted, and takes the secrecy envelope out of the mailing envelope. The secrecy envelope is placed in a big box. Next, someone else take the big box, extracts the ballots from the secrecy envelopes and feeds the ballots into a scanner (they are "bubble sheet" ballots), where they are tallied. Representatives from the political parties and the public are encouraged to watch the process in person.
For those that don't like the concept of paying postage to vote, there are a wide variety of locations where you can hand deliver your ballot.
For those not in the US, Oregon is a state in the Northwest portion of the country.
"Please ensure your seat backs and tray tables are in the fully upright and locked position. Please ensure that all electronic devices are switched off at this time. Once the captain has indicated that it is okay, certain electronic devices may be used in flight; please check the magazine in the seat back pocket. Some devices may not be used at any time in the flight, these devices include remote control devices, radios, chocolate bars,..."
The articles reference warnings to the public to "stay back" if you see it, but don’t seem to really describe what it looks like. It has been described as a rod, so it's a cylindrical shape, but what size? Would it be similar to a pencil, hot dog, can of soda, 5 gallon paint bucket, oil barrel, what? Is it in a container? If so, what size and color? Bigger than a bread box?, etc
Well, he could act. And then make the press release. To me, that's the better course of action. It would prove he means business.
You're missing the point. Action is undesirable. Threat of action means that people scratch their heads and wonder what it means, what the fallout could be, if their political careers might be impacted.
Also you can only take a given action once. Once you have forced SSL, you don't get to force SSL again. If on the other hand you threaten action and you get what you want, you can threaten action again in the future. Sure it is possible that someone may call your bluff and if you threaten action too many times without following through you will be dismissed as "crying wolf", but you at least get a couple of chances.
First - read all the posts about referring to someone as a "fan" - you definitely want a "professional"
I would press the candidate on their understanding of the Active Directory Administrative and Security models. Have them explain to you how to use the native tools to ensure that configuration on servers and workstations is correct and centrally managed (via Group Policy). Have them explain how Group Policy works. Have them explain what Organizational Units are for and how delegation works in conjunction with them. Have them explain how the auditing system works (how you know that someone has tried to access a file that they don't have permission to, or that an important security setting has changed.) Have them explain how to use the performance monitoring tools to track down a performance problem or resource bottleneck. Have them describe to you how Kerberos works in the Windows world.
Since you are a Unix fan and possibly a rabid one, the best thing a candidate can do is convince you that they understand Windows administration and that having Windows servers is an okay thing.
The only things I need a button or knob for are adjusting aperture and shutter speed. I have no problem with adjusting other things using a touch screen.
A dedicated (physical) control for exposure and flash compensation is pretty nice as well. I assume that you also include the shutter, focus, and zoom as items that physical controls work better for.
Given that the ISS is ~360 km from the Earth, and it has a 92 minute orbital period, it seems that bombs could be lifted into space, then launched from there. With sufficient supplies and advanced notice you could get enough stuff in position over the long term and deploy in minutes 4500mph = 2km/s and therefore could be at the surface in 180 seconds (3 minutes) once launched. Then there's the issue of changing orbit, which lets assume takes 1 orbit. So you can stike anywhere in the wold in 95 minutes. Can you fuel, prep and deploy a plane in that time? I think not.
Of course you have to get the bomb through the atmosphere and to the intended target without it burning up or exploding on the way down. The bomb would need to be in essence a re-entry vehicle. A lot of stuff can go wrong - like missing your target or filling the atmosphere with something toxic and widespread.
Do I want to pay a broadband tax? No. If I had a choice, would I choose to? Maybe - lots of good discussion here on that very topic. Ultimately will I have that choice? No. That leaves me with: when there is a broadband tax, will I pay it? Yes, yes I will. It is not like I am not going to have broadband Internet.
I used to live next door to a public library that had free wifi.
Guess where the safest spot in the neighborhood was on the graveyard shift?
That's right - the library's parking lot. Without fail, almost every night, there would be a cruiser parked there with the two cops surfing the net.
I guarantee you that this 'emergency switch' would just get used by cops to get free internet access where they're hidin...er, "patrolling".
If a cop or other "first responder" type wants to park on the street near my house and use my net connection, they are welcome to. Having a cop car parked on the street is a nice crime deterrent. Sure there are some bad cops out there, but they are the exception and not the rule, and even in the case of a bad cop - wouldn't you want them on "your side"?
The TRS-80 model II was my very first computer, and I learned basic coding on it. I can't remember the language, but there was a way to create your own games, like Snake and Pong, by using a cartridge, that only loaded the language and a basic compiler.
I wouldn't trust one built 80 years ago. I would be more likely to trust that one built today can run 80 years safely. We have learned a lot since we started making reactors and they have gotten safer over the years. (I know that there aren't reactors that old yet, but the point is the oldest still operating were not designed for that life span; the newer ones have a better chance of being engineered for longer life.)
Why is this sort of crap connected to the public internet?
It is not so much that critical systems are sitting on web pages that anyone on the Internet can directly get to (although it has probably happened), it is more the case that control networks share connections to machines and devices that also have connections to the Internet. If these shared machines get compromised, then there is a path from the Internet to the critical systems.
Ask yourself this question: Can I get to anything "critical" at work when I am at home? or more generally: Can I work remote? If you can, the your "critical" system at work is indirectly connected to the Internet. (Assuming that your remote connection is via your ISP and not some direct dial up or dedicated line to your company.)
"Critical" for your work might only be a financial system, but if you work for a utility company "critical" might be the power grid, the water treatment controls, gas distribution, etc. People who work for utilities and other critical infrastructure like to have remote access as well (convenience, reduced staff, lower costs, etc.) These are the kinds of systems that are the biggest risk (via indirect paths to the Internet).
"It's time to strengthen our defenses against this growing danger" is how the op-ed ends. I agree. I would assume that most would also agree as well.
The challenge of course is agreeing in what does "strengthen our defenses" mean. To me it means disconnecting critical systems from the Internet. Yes, that means that it will take more people to operate those systems and it means less centralization. These things will make it cost more; but security has always (and will always) have a cost in terms of money / resources and convenience. In the case of critical infrastructure, these costs are worth it.
Slashdot Mirror
okay, it whoosed over me too. Anyone care to explain it?
Perhaps he is paying $24 / year to his domain registrar, DNS hoster, etc. (It would be a bit expensive, but it makes a good point)
When you talk about alternatives to Active Directory you need to be specific as to what features of Active Directory you refer to. Active Directory is a lot of things: Distributed multi-master database, Authentication provider, Authorization provider, Configuration management system, and more. The Active Directory infrastructure provides: File services, Print services, Group policy, LDAP, DNS, DHCP, and other services.
I haven't read in detail about Samba 4, and it appears that the Samba Wiki is down at the moment, but there is a decent description on the Fedora Project site. According to the Fedora site, Samba 4 includes the ability to be a domain controller and implements the Kerberos stack, but it is not clear that it provides the centralized configuration management that Active Directory does. This centralized management (Group Policy) and the ability to delegate administration (Organizational Unit based delegation) are very powerful features of Active Directory and what keep large organizations on the platform.
If what all you are looking for is a shared account database and the ability for multiple workstations to authenticate against it, Samba 4 may be just the ticket. If however you are looking for a replacement for Active Directory at an enterprise level, I doubt it is there yet.
While your approach is the right idea, it it way too complicated. I use an Asterisk distribution and simply ask the caller to "Press H if you are human". If the caller doesn't press 4, my phone doesn't ring. Most robo call systems don't connect the human on the other end until the target answers. By the time their human operator gets on the phone, they have missed my recorded instructions. I have been running this for several months and it has been 100% effective.
ABS is pretty much needed now. When every other car around you can stop very quickly in an emergency situation, you are very likely to crash if your stopping distance is longer than everyone else's. [...] I resisted ABS as long as I could, and had many close calls where a car in front of me was stopping without looking like they were giving a lot of thought or effort, and I was doing all I could to avoid them.
If the car in front of you stops without warning and you are at risk of rear ending it, then you are following too closely. It is your job as a driver to know your stopping distance for the current driving conditions (car, road, weather, etc.) and maintain appropriate following distance.
If you like to tailgate, I suppose you could argue that you need ABS, but I would recommend not tailgating instead.
That all being said, I like ABS and choose to drive a car with ABS, but I don't think it should be required on all cars.
He's not "wearing a racoon suit, cosplay style,"
What if he was wearing a raccoon suit, cosplay style? I mean raccoon is good eatin' and why would you waste the fur?
Assuming that you are still living here in the Beaverton, OR area (or I guess even if you are not), what is your favorite restaurant?
Don't forget plenty of open wall space (in addition to rack space). Lots of equipment is still designed to mount on a wall and accessible wall space is a common limiter in telco rooms. Things like punch down blocks, telephone switches, T1 and other data termination gear, door access (card key) systems, alarm systems, etc. are common examples.
In Oregon (which is 100% vote by mail), there is also a bar code on the mailing envelope. You sign the mailing envelope and your signature is verified against the one on file. The bar code is not a problem however because your actual ballot is in a separate "secrecy" envelope that you put inside the mailing envelope. There are no identifying marks on the secrecy envelope or the ballot itself. At the elections office one person verifies your signature, marks the record that you have voted, and takes the secrecy envelope out of the mailing envelope. The secrecy envelope is placed in a big box. Next, someone else take the big box, extracts the ballots from the secrecy envelopes and feeds the ballots into a scanner (they are "bubble sheet" ballots), where they are tallied. Representatives from the political parties and the public are encouraged to watch the process in person.
For those that don't like the concept of paying postage to vote, there are a wide variety of locations where you can hand deliver your ballot.
For those not in the US, Oregon is a state in the Northwest portion of the country.
"Please ensure your seat backs and tray tables are in the fully upright and locked position. Please ensure that all electronic devices are switched off at this time. Once the captain has indicated that it is okay, certain electronic devices may be used in flight; please check the magazine in the seat back pocket. Some devices may not be used at any time in the flight, these devices include remote control devices, radios, chocolate bars, ..."
The articles reference warnings to the public to "stay back" if you see it, but don’t seem to really describe what it looks like. It has been described as a rod, so it's a cylindrical shape, but what size? Would it be similar to a pencil, hot dog, can of soda, 5 gallon paint bucket, oil barrel, what? Is it in a container? If so, what size and color? Bigger than a bread box?, etc
So the paper says we are not sure about the uncertainty principle?
Driving 41 miles at 85 mph vs 75 mph saves a whole 4 minutes.
Seems kinda pointless.
But you can burn a lot more fuel in the process! This is Texas so you get to support local industry as well.
You're missing the point. Action is undesirable. Threat of action means that people scratch their heads and wonder what it means, what the fallout could be, if their political careers might be impacted.
Also you can only take a given action once. Once you have forced SSL, you don't get to force SSL again. If on the other hand you threaten action and you get what you want, you can threaten action again in the future. Sure it is possible that someone may call your bluff and if you threaten action too many times without following through you will be dismissed as "crying wolf", but you at least get a couple of chances.
First - read all the posts about referring to someone as a "fan" - you definitely want a "professional"
I would press the candidate on their understanding of the Active Directory Administrative and Security models. Have them explain to you how to use the native tools to ensure that configuration on servers and workstations is correct and centrally managed (via Group Policy). Have them explain how Group Policy works. Have them explain what Organizational Units are for and how delegation works in conjunction with them. Have them explain how the auditing system works (how you know that someone has tried to access a file that they don't have permission to, or that an important security setting has changed.) Have them explain how to use the performance monitoring tools to track down a performance problem or resource bottleneck. Have them describe to you how Kerberos works in the Windows world.
Since you are a Unix fan and possibly a rabid one, the best thing a candidate can do is convince you that they understand Windows administration and that having Windows servers is an okay thing.
The only things I need a button or knob for are adjusting aperture and shutter speed. I have no problem with adjusting other things using a touch screen.
A dedicated (physical) control for exposure and flash compensation is pretty nice as well.
I assume that you also include the shutter, focus, and zoom as items that physical controls work better for.
Given that the ISS is ~360 km from the Earth, and it has a 92 minute orbital period, it seems that bombs could be lifted into space, then launched from there. With sufficient supplies and advanced notice you could get enough stuff in position over the long term and deploy in minutes 4500mph = 2km/s and therefore could be at the surface in 180 seconds (3 minutes) once launched. Then there's the issue of changing orbit, which lets assume takes 1 orbit. So you can stike anywhere in the wold in 95 minutes. Can you fuel, prep and deploy a plane in that time? I think not.
Of course you have to get the bomb through the atmosphere and to the intended target without it burning up or exploding on the way down. The bomb would need to be in essence a re-entry vehicle. A lot of stuff can go wrong - like missing your target or filling the atmosphere with something toxic and widespread.
There's nothing special about the first 10 and last 10 minutes of a flight, other than it's the most likely time for a plane to crash land.
Actually the last fraction of a second is the most likely time for a plane to crash land.
Do I want to pay a broadband tax? No.
If I had a choice, would I choose to? Maybe - lots of good discussion here on that very topic. Ultimately will I have that choice? No.
That leaves me with: when there is a broadband tax, will I pay it? Yes, yes I will. It is not like I am not going to have broadband Internet.
I used to live next door to a public library that had free wifi. Guess where the safest spot in the neighborhood was on the graveyard shift? That's right - the library's parking lot. Without fail, almost every night, there would be a cruiser parked there with the two cops surfing the net. I guarantee you that this 'emergency switch' would just get used by cops to get free internet access where they're hidin...er, "patrolling".
If a cop or other "first responder" type wants to park on the street near my house and use my net connection, they are welcome to. Having a cop car parked on the street is a nice crime deterrent. Sure there are some bad cops out there, but they are the exception and not the rule, and even in the case of a bad cop - wouldn't you want them on "your side"?
What we need is the human equivalent of license plate "protectors". I foresee a new fashion trend...
You mean like a hoodie?
The TRS-80 model II was my very first computer, and I learned basic coding on it. I can't remember the language, but there was a way to create your own games, like Snake and Pong, by using a cartridge, that only loaded the language and a basic compiler.
If it took a cartridge, you probably had a TRS-80 Color Computer and not a TRS-80 Model II, which was the version targeted at businesses. I had great fun learning programming on the Model III and 4.
I wouldn't trust one built 80 years ago. I would be more likely to trust that one built today can run 80 years safely. We have learned a lot since we started making reactors and they have gotten safer over the years. (I know that there aren't reactors that old yet, but the point is the oldest still operating were not designed for that life span; the newer ones have a better chance of being engineered for longer life.)
Politics aside, Siemens deserved to be hacked for being so braindead stupid as to actually be using windows as the OS on their controller.
Wow indeed. The controller is an embedded device that doesn't run Windows. It has realtime and footprint requirements that Windows doesn't meet.
Windows can however be the OS used on the administrative computers that send the configuration to the controllers.
Why is this sort of crap connected to the public internet?
It is not so much that critical systems are sitting on web pages that anyone on the Internet can directly get to (although it has probably happened), it is more the case that control networks share connections to machines and devices that also have connections to the Internet. If these shared machines get compromised, then there is a path from the Internet to the critical systems.
Ask yourself this question: Can I get to anything "critical" at work when I am at home? or more generally: Can I work remote? If you can, the your "critical" system at work is indirectly connected to the Internet. (Assuming that your remote connection is via your ISP and not some direct dial up or dedicated line to your company.)
"Critical" for your work might only be a financial system, but if you work for a utility company "critical" might be the power grid, the water treatment controls, gas distribution, etc. People who work for utilities and other critical infrastructure like to have remote access as well (convenience, reduced staff, lower costs, etc.) These are the kinds of systems that are the biggest risk (via indirect paths to the Internet).
"It's time to strengthen our defenses against this growing danger" is how the op-ed ends. I agree. I would assume that most would also agree as well.
The challenge of course is agreeing in what does "strengthen our defenses" mean. To me it means disconnecting critical systems from the Internet. Yes, that means that it will take more people to operate those systems and it means less centralization. These things will make it cost more; but security has always (and will always) have a cost in terms of money / resources and convenience. In the case of critical infrastructure, these costs are worth it.