Most switch used in a business should support arbitrary port mirroring. That is you can duplicate the input out put or both of any port to any of the the other ports. Good equipment will even support remote mirroring and will be able to encapsulate the traffic on one port and send it all to some other location of your selection.
What planet are you on? CryptoAPI is only easier if all you want is the most basic web server certificate functions. As soon as you start wanting to do any custom subjects or anything else even slightly outside the the nine dots CryptoAPI is a confusing mess.
The reasons for returning to the Americans was plenty obvious to even the most uneducated git. There were tons of resources there the Europeans wanted. The lumber alone would have been enough to make it worth while. The English were already having problems finding trees big enough for ships masts at home. There was also great fishing, fur, and gold.
The moon on the other hand seems to have very little to offer, at least that we are interested in at the present enough to justify a trip. Add to that the little problem of our lacking a space vessel that can carry a meaningful amount of cargo.
A record company is first and for most a marketing agency, public opinion is everything to them. Which is why we need to make sure the head lines always LABEL who they really are, dont let them hide behind the RIAA. The headline should be the, RIAA representing Sony BMG, has filed suit against....
NewYorkCountryLawyer is so upset because the defense perused a largely untried legal theory when there was not reason to do so. The exposure to the defendants could have been very much reduced in other ways. I think your judgment of him is a little harsh.
These guys did not do what was probably best for their client. That is not proper acting for an attorney. I also point out there is perhaps a reason the expression "Those who can't teach." has been around for so long.
If you contribute you are just handing money to the wrong side that will be used to persecute (not prosecute) the next victim. NYCL is right the case could have been handled differently and while we don't know everything I do think we know enough to say it should have.
I feel for the defendants, I really do but bankruptcy law is there to protect them. Bankruptcy is something everyone naturally wants to avoid if they can but the rest of us need to keep in mind the bankruptcy is a way out of trouble for people that are already in too deep.
The defendants have already had their lives ruined by the RIAA, making theirs a little less sucky at the expense of helping the RIAA do it to someone else; is not noble cause.
This really does not defeat TrueCrypt. All it does is read the date after its decrypted and before it gets to the OS. It also can only read the data after the real key has been presented. I think the take away here is disk encryption is not a silver bullet. You can't sit there and say "My disk is encrypted my data is safe." Its not safe while the machine is on an in the unlocked state. Any other malware running on the system can send or leak data all over the place. You have to trust the entire stack or have defenses in place at every layer.
All disk encryption can accomplish is: 1. If someone steals the system while off or locked and does not already have the key they can't get the data 2. The system cannon be modified offline with out the key
It can't really do anything more than that. TC is not broken its just not a defense against other software that can get ahold of the disk layer.
Suppose I walk into a bank during hours after the manager has opened the vault. I point a gun at him, hand him a bag and tell him to start loading it up. I then leave with the money. The vault is not broken. Its just that it only protects the money while its closed. If I showed up in the middle of the night broken and got the goods then the vault would be broken; but a day light robbery is just exploiting another weakness in the system.
Speaking as someone who has been a Lifeguard, you are kinda right. You want to sit at the center of the long side of the pool so the worst case distance you might have to travel to get to a distressed swimmer is minimized.
I don't think getting past the other lap swimmers is likely to be a problem , certainly never was for me anyway. You have your big red float to fend them off with when needed and so they see you coming.
The issue is you can't keep a good watch on the swimmer in the near lane. You are in a raised chair or if that is not installed an upright type lawn chair right at the edge of the pool. When the near lane swimmer is in the central area of the pool (closest to you) they are below your field of vision where you can see most of the pool. This is why they usually locate a second guard at the opposite side; if there are enough swimmers to justify one. He or she will actually be able to watch your side of the pool.
Red Cross LGs are trained to keep an eye out below them when working alone, this is not ideal though because it adds time to your total survey of the pool.
Someone is going to point out that that can't be more than part of a second and so what. Nope you also can't see people who are under water due to reflections and other lensing properties. So you need to actually keep track of how many people are in the pool and where they are, if you have to re-sight them each time because you move your head such that they leave your peripheral vision it takes more time to keep that count.
You need to know when your count decreases its because someone got out of the pool so you need to spot them doing that. Its unnerving to say the least when you don't catch that. Suddenly your fifteen swimmers is fourteen and you have to find out why fast.
It should probably apply to everyone and vary depending on the type of connection you have. A three phase connection for a business should be more than a two phase or possibly even single ( old enough service ) for a residence. Naturally the cost per KWH should come down as well to reflect that the margin per KWH need no longer cover grid upkeep.
Now the environmental, cap and tax, tree hugging lobby will scream bloody murder because this will incentivize the use of more power not less. If you pay $X to have electrical service period, and then $Y per KWH than the marginal cost of X goes down as you use greater multiples of Y.
So while it will still be true that the fewer KWH you use the less you pay, the savings will be much, for residential users probably vanishingly small. So nobody will bother investing in more efficient appliances, lighting, or heat because it will offer no ROI.
Even at high voltage the loss with DC would be much greater than with AC, which is why AC was finally chosen for transmission, that and its better at the end point for running appliances with motors, not an issue for lights and those were the two applications for electrical service when it was first commercialized.
My firends and I used to do it with floppy disks all the time. You could wedge a frew more seconds of audio on those if you dispensed with the file system. We could play them directly from the disk too. It was sorta like a tape deck, but with one song tapes.
Right I think the message though should be; if you are not going to take your time to understand why its broken and if its still safe to use for your application and are going to just use something else instead than make that something else another well known well researched standard.
For example MD5 is broken, so you decided to use sha1 --good idea MD5 is broken, so you decided to write your own hash function --bad idea
You could argue that but I might argue that NULL in not a valid character in an FQDN. It is by extension not a valid character in the CN attribute of a certificate issued for an FQDN. I have not looked at the code but the cert parser probably decrypts the certificate looks at the length of the string copies that many bytes into some other data structure null character inclusive, as well as everything beyond it just like it should.
Then some other code looks at the data obtained from the SSL cert now stored in that internal struct which contains pointers to null terminated strings, a perfectly correct, perfectly common practice in C,C++ and loads of others. There is no checking of those strings for embedded NULLs because there should never be one, as stated above. I would say for a security function this classifies as a bug. They only reason I say that is in a security function one has to assume the input will in fact be malicious much of the time and violate all sorts of standards, rules, and conventions.
So yes firefoxes SSL validation should be more rigorous in its input validation and toss out a cert as bad if it contains characters that would not be permissible in any given attribute.
Really the problem lies though with the CA. They should also be doing that input checking, and not issuing certificates no permissible characters for any given attribute. A CA is after all supposed to be authenticating that this entity really is who they claim to be. If they claim to be something that can't exist, because it has an illegal name as in this case, then they must by definition be false and should have been rejected.
It comes do to who was responsible for what. The browsers job is really only to verify that the certificate is valid. It was it has a valid signature from the CA. The CA job was to validate the information on the certificate before issuing it, they failed.
Which makes sense on a desktop pc or even a server where you can have gobs of ram. There are lots places where it still makes little sense to use three bytes that way; places where you might need / want to implement DNS. I would hate to throw three bytes per string away on an carrier class router or switch for instance.
You are right about the original promise of OO. The trouble is it really got going about the same time the world started getting connected. Suddenly lots of people had lots of stuff floating around that you really could not trust.
If you pass me some data structure Its much more manageable for the programmer than an object. Its possible though proven far from trivial, I can write a parser that will not crash and not be exploited no matter what data you send in however badly corrupted, intentionally or otherwise. I can then write a program around it that will no do something the user won't like when it encounters bad data.
If you hand me an object then I have data and executable code. Its pretty hard for me to know whats going to happen. Even if some MMU and threading tricks were used to keep your code only executing on the data in the object there are still a huge number of risks. One would need to do input validation all the output of all the agreeded upon generic interfaces in the object model. Then if you have a generic that say returns pointers to object specific functions you have to check what those are going to do. Again even if you keep it trapped in some small memory sandbox, you can still get DOSed, how do you know the code ever returns, what if it has a halt instruction? It might be you can get around these and other security issues with a software interrupt to break out after some value of to much time elapses, or built and entire java like VM to run th e object in. It gets really complex really fast, any time you think about bringing outside code under the umbrella of your process.
COM sorta works like what I described above and as you stated its brittle. Interprocess OO made sense in the LAB its to risky in the real world most of the time.
Sometime they don't want to understand and they don't want to know. They are not negligent if they did not know, they have insurance against theft. Lots of business might be happier locking the door with a deficient (but not terribly so) and figure on filing an insurance claim if something even happens than with spending $$$ to build the uncrackable system.
When the insurance industry starts doing IT security audits and adjusting rates accordingly you will Management change their minds on security spending.
I think you intended to say evolution rather than Darwinism. Darwinism implies a social policy of letting evolution run its course in human society unhindered rather then the natural process of evolution itself. Darwin probably would not have supported such a policy himself.
I also take issue with your implied assertion that the process has been running in reverse. I don't think the process can run in reverse. The fittest always are more successful at procreation than the unfit. Its a matter of being fit for the particular situation. It so happens that I and again I would suppose you based on your comment don't approve of the results. Sadly I think living in our society makes a your typical lard ass perfectly fit or at least no less fit as a result of their obesity.
Now if some new forms of disease we can't easily and cheaply treat start attacking people with more fat cells then the obese will again be less fit in the new situation, and we probably will see a trend to slimmer folks again.
The issue is there is lots of politics wrapped up in both sides of the debate. The "consensus" view folks have been caught multiple times ignoring data, changing data, and adjusting their models until they get the results the politicians securing funding for their research want.
These people are fundamentally without credibility at this point. They have as group demonstrated an in ability to perform unbiased research and present unbiased results.
Their theories play out over a long period of time. Their models often can't be tested because we don't have adequate data from far into the past. They data we do have from the past is often suspect, its called that and dismissed when it appears to dispute the climate change model, its excepted as gospel when it appears to confirm. We don't have much in the way of experimental confirmation in the physical world.
Whenever the public is addressed its always "dire consequences", "the sky is falling", "we are all going to burn", "we are all going to freeze", "we are all going to starve" hyperbole. Its clear to any thinking person they are trying to create fear and panic. They have been saying the end is neigh for thirty years now and our day to day lives are so far not different at all, as a result. Basically it feels allot like the FUD the anti-climate change lobby also spreads.
I therefore have to obey the cautionary principle. I see no reason to alter a behavior unless I *know* continuation of that behavior has negative consequences and that the alternative behaviored I am going to select is at least very likely to offer a better outcome.
We are simply not there with climate science. I know the argument that by the time we are it might be to late, but that is the way it is. What if we find for instance that cuting carbon emissions lowers the CO2 PPM and crops are no longer as productive and people start staving in less developed nations? Is that good? C02 is an effective plant fertilizer you know.
When climate scientists start making all the original source data available to the public, and present their findings in a clear not fear mongering way; I might be inclined to listen. Until then I can't do anything other the vehemently advocate public policy SHOULD NOT BE CHANGED and do what is most economical for me on a personal level.
That is the attitude that may cause us to loose. Freedom can only be obtained and maintained with vigilance. We must never think its impossible to be deprived of our freedom and must always remain wary of those who would seek to curtail it. The war is never over so long as overly ambitious and overly greedy individuals exist.
The other thing one needs to consider is if you say "payroll system" and "1975" than it is almost certain to be anything and everything but a payroll system.
As you point out Payroll is much more complex then most people figure at first blush. Its also worth considering that in the 1960's and 1970's vendors like IBM and Control Data, were still figuring out how to market computers to the private sector. The killer app was payroll. At the time you got the COBOL or ADA source as well. Databases were typically formated files.
Since people had the source "develops" were expensive and hard to find. They would just build on what they had. The next thing you know the "payroll" system is the contact relations manager, its the general accounting package, its the general HR management package, and it plans the breakfast menu.
Sure all the stuff gets parted back out over time but then you have all the new apps reaching into the old system's database and still using it, so its other functions continue to work; and lord only knows what calling into it for this reason and that. Lots of it is probably not documented, some of it is an Access application on some secretary in building fours desk.
You don't learn about these things often until you break them. Honestly for a project like this you might very well need to interview everyone who has an administrative position on campus; to truly get it right.
Still so far even with all that in mind this sounds like its outrageously expensive; and its been done other places so it is possible. I have been a party to parts of it at and F50 (with stuff going back to only the mid 80s) and its bear but you can do it.
While the green brats won't let anyone get away with it any more the best "cheap" road surface is dirt with as much used motor oil slicked over it as you can get your hands on. They used to do this in rural NC when I was there and after a few years you have something a whole lot like asphalt that does not pot hole.
Fine but the city was basically destroyed. When it was built it made sense powered freight transportation and fishing were both important so it was logical to construct cities on the coast. Its not reasonable to pick up and move a perfectly good city but when its devastated to the degree New Orleans was why should we rebuild it? Why not move the entire thing 50 miles inland? A short (cheap to replace) stretch of rail road could connect the docs to the city and other ground transport. Moving freight by rail is very cheap, so no problems there. The fishermen would have a little longer commute again they could use the rail in and out at night, as well as to haul their catch back.
If public money is going to be used for disaster relief ( and I agree that it should be in most cases ) then their should at least be some plan to avoid or mitigate the potential loss from future disasters. So I agree with the parent. Its ok if you want to live below sea level in a hurricane zone but if you want but if you expect to use my nickel to rebuild your city after its destroyed then I get to at least insist you put it some place more sensible given the modern world.
Most switch used in a business should support arbitrary port mirroring. That is you can duplicate the input out put or both of any port to any of the the other ports. Good equipment will even support remote mirroring and will be able to encapsulate the traffic on one port and send it all to some other location of your selection.
What planet are you on? CryptoAPI is only easier if all you want is the most basic web server certificate functions. As soon as you start wanting to do any custom subjects or anything else even slightly outside the the nine dots CryptoAPI is a confusing mess.
The reasons for returning to the Americans was plenty obvious to even the most uneducated git. There were tons of resources there the Europeans wanted. The lumber alone would have been enough to make it worth while. The English were already having problems finding trees big enough for ships masts at home. There was also great fishing, fur, and gold.
The moon on the other hand seems to have very little to offer, at least that we are interested in at the present enough to justify a trip. Add to that the little problem of our lacking a space vessel that can carry a meaningful amount of cargo.
A record company is first and for most a marketing agency, public opinion is everything to them. Which is why we need to make sure the head lines always LABEL who they really are, dont let them hide behind the RIAA. The headline should be the, RIAA representing Sony BMG, has filed suit against....
Dear commodore64_love,
NewYorkCountryLawyer is so upset because the defense perused a largely untried legal theory when there was not reason to do so. The exposure to the defendants could have been very much reduced in other ways. I think your judgment of him is a little harsh.
These guys did not do what was probably best for their client. That is not proper acting for an attorney. I also point out there is perhaps a reason the expression "Those who can't teach." has been around for so long.
If you contribute you are just handing money to the wrong side that will be used to persecute (not prosecute) the next victim. NYCL is right the case could have been handled differently and while we don't know everything I do think we know enough to say it should have.
I feel for the defendants, I really do but bankruptcy law is there to protect them. Bankruptcy is something everyone naturally wants to avoid if they can but the rest of us need to keep in mind the bankruptcy is a way out of trouble for people that are already in too deep.
The defendants have already had their lives ruined by the RIAA, making theirs a little less sucky at the expense of helping the RIAA do it to someone else; is not noble cause.
I just come back to what my mother told me once. "If you don't want someone else to read it never write it down"
This really does not defeat TrueCrypt. All it does is read the date after its decrypted and before it gets to the OS. It also can only read the data after the real key has been presented. I think the take away here is disk encryption is not a silver bullet. You can't sit there and say "My disk is encrypted my data is safe." Its not safe while the machine is on an in the unlocked state. Any other malware running on the system can send or leak data all over the place. You have to trust the entire stack or have defenses in place at every layer.
All disk encryption can accomplish is:
1. If someone steals the system while off or locked and does not already have the key they can't get the data
2. The system cannon be modified offline with out the key
It can't really do anything more than that. TC is not broken its just not a defense against other software that can get ahold of the disk layer.
Suppose I walk into a bank during hours after the manager has opened the vault. I point a gun at him, hand him a bag and tell him to start loading it up. I then leave with the money. The vault is not broken. Its just that it only protects the money while its closed. If I showed up in the middle of the night broken and got the goods then the vault would be broken; but a day light robbery is just exploiting another weakness in the system.
Speaking as someone who has been a Lifeguard, you are kinda right. You want to sit at the center of the long side of the pool so the worst case distance you might have to travel to get to a distressed swimmer is minimized.
I don't think getting past the other lap swimmers is likely to be a problem , certainly never was for me anyway. You have your big red float to fend them off with when needed and so they see you coming.
The issue is you can't keep a good watch on the swimmer in the near lane. You are in a raised chair or if that is not installed an upright type lawn chair right at the edge of the pool. When the near lane swimmer is in the central area of the pool (closest to you) they are below your field of vision where you can see most of the pool. This is why they usually locate a second guard at the opposite side; if there are enough swimmers to justify one. He or she will actually be able to watch your side of the pool.
Red Cross LGs are trained to keep an eye out below them when working alone, this is not ideal though because it adds time to your total survey of the pool.
Someone is going to point out that that can't be more than part of a second and so what. Nope you also can't see people who are under water due to reflections and other lensing properties. So you need to actually keep track of how many people are in the pool and where they are, if you have to re-sight them each time because you move your head such that they leave your peripheral vision it takes more time to keep that count.
You need to know when your count decreases its because someone got out of the pool so you need to spot them doing that. Its unnerving to say the least when you don't catch that. Suddenly your fifteen swimmers is fourteen and you have to find out why fast.
It should probably apply to everyone and vary depending on the type of connection you have. A three phase connection for a business should be more than a two phase or possibly even single ( old enough service ) for a residence. Naturally the cost per KWH should come down as well to reflect that the margin per KWH need no longer cover grid upkeep.
Now the environmental, cap and tax, tree hugging lobby will scream bloody murder because this will incentivize the use of more power not less. If you pay $X to have electrical service period, and then $Y per KWH than the marginal cost of X goes down as you use greater multiples of Y.
So while it will still be true that the fewer KWH you use the less you pay, the savings will be much, for residential users probably vanishingly small. So nobody will bother investing in more efficient appliances, lighting, or heat because it will offer no ROI.
Even at high voltage the loss with DC would be much greater than with AC, which is why AC was finally chosen for transmission, that and its better at the end point for running appliances with motors, not an issue for lights and those were the two applications for electrical service when it was first commercialized.
My firends and I used to do it with floppy disks all the time. You could wedge a frew more seconds of audio on those if you dispensed with the file system. We could play them directly from the disk too. It was sorta like a tape deck, but with one song tapes.
Right I think the message though should be; if you are not going to take your time to understand why its broken and if its still safe to use for your application and are going to just use something else instead than make that something else another well known well researched standard.
For example
MD5 is broken, so you decided to use sha1 --good idea
MD5 is broken, so you decided to write your own hash function --bad idea
You could argue that but I might argue that NULL in not a valid character in an FQDN. It is by extension not a valid character in the CN attribute of a certificate issued for an FQDN. I have not looked at the code but the cert parser probably decrypts the certificate looks at the length of the string copies that many bytes into some other data structure null character inclusive, as well as everything beyond it just like it should.
Then some other code looks at the data obtained from the SSL cert now stored in that internal struct which contains pointers to null terminated strings, a perfectly correct, perfectly common practice in C,C++ and loads of others. There is no checking of those strings for embedded NULLs because there should never be one, as stated above. I would say for a security function this classifies as a bug. They only reason I say that is in a security function one has to assume the input will in fact be malicious much of the time and violate all sorts of standards, rules, and conventions.
So yes firefoxes SSL validation should be more rigorous in its input validation and toss out a cert as bad if it contains characters that would not be permissible in any given attribute.
Really the problem lies though with the CA. They should also be doing that input checking, and not issuing certificates no permissible characters for any given attribute. A CA is after all supposed to be authenticating that this entity really is who they claim to be. If they claim to be something that can't exist, because it has an illegal name as in this case, then they must by definition be false and should have been rejected.
It comes do to who was responsible for what. The browsers job is really only to verify that the certificate is valid. It was it has a valid signature from the CA. The CA job was to validate the information on the certificate before issuing it, they failed.
Which makes sense on a desktop pc or even a server where you can have gobs of ram. There are lots places where it still makes little sense to use three bytes that way; places where you might need / want to implement DNS. I would hate to throw three bytes per string away on an carrier class router or switch for instance.
You are right about the original promise of OO. The trouble is it really got going about the same time the world started getting connected. Suddenly lots of people had lots of stuff floating around that you really could not trust.
If you pass me some data structure Its much more manageable for the programmer than an object. Its possible though proven far from trivial, I can write a parser that will not crash and not be exploited no matter what data you send in however badly corrupted, intentionally or otherwise. I can then write a program around it that will no do something the user won't like when it encounters bad data.
If you hand me an object then I have data and executable code. Its pretty hard for me to know whats going to happen. Even if some MMU and threading tricks were used to keep your code only executing on the data in the object there are still a huge number of risks. One would need to do input validation all the output of all the agreeded upon generic interfaces in the object model. Then if you have a generic that say returns pointers to object specific functions you have to check what those are going to do. Again even if you keep it trapped in some small memory sandbox, you can still get DOSed, how do you know the code ever returns, what if it has a halt instruction? It might be you can get around these and other security issues with a software interrupt to break out after some value of to much time elapses, or built and entire java like VM to run th e object in. It gets really complex really fast, any time you think about bringing outside code under the umbrella of your process.
COM sorta works like what I described above and as you stated its brittle. Interprocess OO made sense in the LAB its to risky in the real world most of the time.
Sometime they don't want to understand and they don't want to know. They are not negligent if they did not know, they have insurance against theft. Lots of business might be happier locking the door with a deficient (but not terribly so) and figure on filing an insurance claim if something even happens than with spending $$$ to build the uncrackable system.
When the insurance industry starts doing IT security audits and adjusting rates accordingly you will Management change their minds on security spending.
I find your ideas fascinating and wish to subscribe to your news letter!
I am not a doctor but I have trained as on in Second Life.
I think you intended to say evolution rather than Darwinism. Darwinism implies a social policy of letting evolution run its course in human society unhindered rather then the natural process of evolution itself. Darwin probably would not have supported such a policy himself.
I also take issue with your implied assertion that the process has been running in reverse. I don't think the process can run in reverse. The fittest always are more successful at procreation than the unfit. Its a matter of being fit for the particular situation. It so happens that I and again I would suppose you based on your comment don't approve of the results. Sadly I think living in our society makes a your typical lard ass perfectly fit or at least no less fit as a result of their obesity.
Now if some new forms of disease we can't easily and cheaply treat start attacking people with more fat cells then the obese will again be less fit in the new situation, and we probably will see a trend to slimmer folks again.
The issue is there is lots of politics wrapped up in both sides of the debate. The "consensus" view folks have been caught multiple times ignoring data, changing data, and adjusting their models until they get the results the politicians securing funding for their research want.
These people are fundamentally without credibility at this point. They have as group demonstrated an in ability to perform unbiased research and present unbiased results.
Their theories play out over a long period of time. Their models often can't be tested because we don't have adequate data from far into the past. They data we do have from the past is often suspect, its called that and dismissed when it appears to dispute the climate change model, its excepted as gospel when it appears to confirm. We don't have much in the way of experimental confirmation in the physical world.
Whenever the public is addressed its always "dire consequences", "the sky is falling", "we are all going to burn", "we are all going to freeze", "we are all going to starve" hyperbole. Its clear to any thinking person they are trying to create fear and panic. They have been saying the end is neigh for thirty years now and our day to day lives are so far not different at all, as a result. Basically it feels allot like the FUD the anti-climate change lobby also spreads.
I therefore have to obey the cautionary principle. I see no reason to alter a behavior unless I *know* continuation of that behavior has negative consequences and that the alternative behaviored I am going to select is at least very likely to offer a better outcome.
We are simply not there with climate science. I know the argument that by the time we are it might be to late, but that is the way it is. What if we find for instance that cuting carbon emissions lowers the CO2 PPM and crops are no longer as productive and people start staving in less developed nations? Is that good? C02 is an effective plant fertilizer you know.
When climate scientists start making all the original source data available to the public, and present their findings in a clear not fear mongering way; I might be inclined to listen. Until then I can't do anything other the vehemently advocate public policy SHOULD NOT BE CHANGED and do what is most economical for me on a personal level.
That is the attitude that may cause us to loose. Freedom can only be obtained and maintained with vigilance. We must never think its impossible to be deprived of our freedom and must always remain wary of those who would seek to curtail it. The war is never over so long as overly ambitious and overly greedy individuals exist.
The other thing one needs to consider is if you say "payroll system" and "1975" than it is almost certain to be anything and everything but a payroll system.
As you point out Payroll is much more complex then most people figure at first blush. Its also worth considering that in the 1960's and 1970's vendors like IBM and Control Data, were still figuring out how to market computers to the private sector. The killer app was payroll. At the time you got the COBOL or ADA source as well. Databases were typically formated files.
Since people had the source "develops" were expensive and hard to find. They would just build on what they had. The next thing you know the "payroll" system is the contact relations manager, its the general accounting package, its the general HR management package, and it plans the breakfast menu.
Sure all the stuff gets parted back out over time but then you have all the new apps reaching into the old system's database and still using it, so its other functions continue to work; and lord only knows what calling into it for this reason and that. Lots of it is probably not documented, some of it is an Access application on some secretary in building fours desk.
You don't learn about these things often until you break them. Honestly for a project like this you might very well need to interview everyone who has an administrative position on campus; to truly get it right.
Still so far even with all that in mind this sounds like its outrageously expensive; and its been done other places so it is possible. I have been a party to parts of it at and F50 (with stuff going back to only the mid 80s) and its bear but you can do it.
While the green brats won't let anyone get away with it any more the best "cheap" road surface is dirt with as much used motor oil slicked over it as you can get your hands on. They used to do this in rural NC when I was there and after a few years you have something a whole lot like asphalt that does not pot hole.
Fine but the city was basically destroyed. When it was built it made sense powered freight transportation and fishing were both important so it was logical to construct cities on the coast. Its not reasonable to pick up and move a perfectly good city but when its devastated to the degree New Orleans was why should we rebuild it? Why not move the entire thing 50 miles inland? A short (cheap to replace) stretch of rail road could connect the docs to the city and other ground transport. Moving freight by rail is very cheap, so no problems there. The fishermen would have a little longer commute again they could use the rail in and out at night, as well as to haul their catch back.
If public money is going to be used for disaster relief ( and I agree that it should be in most cases ) then their should at least be some plan to avoid or mitigate the potential loss from future disasters. So I agree with the parent. Its ok if you want to live below sea level in a hurricane zone but if you want but if you expect to use my nickel to rebuild your city after its destroyed then I get to at least insist you put it some place more sensible given the modern world.