And yet, brilliant thinkers, scientists, philosophers, politicians etc. have risen from the East. Why, every day in the US, there's some kind of revolt against Asians robbing 'intelligent' jobs from the West. Freedom is good in the hands of those who respect and value it - censorship tends to move people towards alternate avenues for enjoyment - and these are normally much better.
Please cite for me one, just one, "revolt" over Easterns taking jobs from Westerns. Censorship does nothing more than restrict alternative viewpoints. Nothing. And brilliant thinkers arise from the entire world - no matter what harsh or lavish (perhaps arguable) conditions they live in.
" And you can bet your dictator trodden ass... Well I say, "FUCK THAT!""
See I take language for granted. I live in a society that generally gives me the liberty of expressing my viewpoints with whatever language I use. And the last time I checked "fucking" wasn't violent.
And yet you can't see that you're being a hypocrite?? The problem is not with open relays etc.. most Easterners are peace loving, and wouldn't resort to violence or guns despite rising costs, unemployment etc. By nature, most of them are peaceable. I was once amazed at the depth of knowledge exhibited by Slashdotters on an article on MP3 on rifle magazines - so many seemed to know about guns, rifles, magazines, pitch, bore, etc.. it was a scary thought.
In fact the problem is with open relays. Guess what pal - contrary to your jaded viewpoint - bad people exist everywhere. They exist in the USA, they exist in China, they exist in Russia, they exist in France, they exist in Pakistan, and they exist in Canada. Bad people (and stupid people, obviously) are everywhere. But by your logic, if you leave a bottle of cleaning fluid on your floor and your neighbors 3 year old feeds it to your 1 year old who dies - well shit... thats the governments fault! SMTP for all its done is a dangerous protocol if not properly secured and administered. You share an unwritten responsibility when you run an email server to run it properly. Take some responsibility for yourself! As for most Easterners being "peacable". History would prove that Easterners are no more "peacable" than westerners. Oddly enough, when it comes to Easterners-vs-Easterners, they might even be considered worse.
And I tolerate your viewpoints just fine. The difference is, where I come from I'm allowed think and say "they are idiotic".
Welcome to lifestyles of the Rich and Famous "The Authoritarian Edition".
I really suppose you have a kid (I do, and can state my personal thoughts on this matter). There's very little chance of parental censorhip succeeding with kids - why? Bcos kids are kids, that's all. This is a matter where Western and Eastern thinking differs a lot - the value of state censorship.
I do have a kid, two in fact. And you can bet your dictator trodden ass that I MUCH prefer setting the limits for my children, than having my government do it for me. Where the system breaks down, is with poor parenting - NOT "kids being kids". Basically all you are saying to the world is, "I can't manage my own life - please mister government man can you take care of that for me?" Well I say, "FUCK THAT!"
And in regards to you other idiotic statements...
Western societies are generally more tolerant - lax, according to the Earterners, and are driven by capitalism. They tend to focus on rights, rather than duties. This could explain the recent orders permitting gays and lesbians, as well as the inaction on spam.
Yes, I suppose thats why most of the spam I receive come from relays in China, Indonesia, Thialand, etc... I will grant you that it is mostly Westerners using these open relays - but if these governments are so on the ball and looking out for their citizens seems to me this wouldn't be an issue. But hey, I live in one of the states with real anti-spam laws. You've got me totally baffled on the gay rights equates to spam thing though...
Earterners generally focus on duties, role models, censorship and even punbishment for acts considered normal in the West. The internet brigs out this dichotomy bcos it's an open network. Thus govt. censorship is a preferred and better solution in Eastern societies - Thailand being one.
You stick with your authoritarian view. Because really - your governement knows what is best for you and your ilk. "The value of state censorship"... yeah, you hang onto that it'll be worth a lot one day...
I usually don't add quotes to my posts. And god knows I'll catch major shit for posting an Ayn Rand one...
I wouldn't usually reply to this type of post because, no one will ever read it. But I'm a little fucked up, and bored - so why not...
You are absolutely correct. However, being a fan of Ellison's vision, I do still see a pristine vacancy for Linux's ass on the desktop. Cheap, stable, tightly access controlled Linux desktops. Either imaged, or networked served - or both.
Now I haven't ever attempted a test deployement of such a solution myself. But my guess is that these types of questions are easily answered...
Can I lock down user menu and icon choices on the desktop and individual applications on a per user or per group basis?
Where the fuck is the "cheaper than the $300 Walmart Box" network pc with optional integrated smart card or biometric authentication?
At what point will local root exploits in common distributions become a thing of the past? Kernel mods are flowing, 2.5 looks good, but I think we are still years off. Given the right circumstances this could easily be much worse than a simillar situation in Microsoft land....
So. Its happening. I look toward it effecting the controlled corporate networks long before the casual home user - but hey, isn't that how Microsoft worked it? I work on a state wide network of about 9000+ users. Fully 85% of those users have no need for a desktop in the traditional sense of the word - though they use their 2-5 computer applications for 30-70% of the day. Drop the $250 (low estimate) Microsoft tax from PCs purchased (OS and Office). Thats nearly a 2 million dollar savings. Given a well optimized desktop, a lean kernel, a minimal applications I could easily pair down hardware requirements as well...
Sigh... now if I could only figure out how to fix those 1000+ pointy hairs into beleiving the don't need to sync their PDAs to their shared calendars, and that Outlook does in fact suck as an email client. I can dream...
You know, I am really torn as to whether or not this is a troll or if you genuinely believe the points listed in your rant.
Neither, but given space, time, and "slashdot post interest" limitations I simply could not expound any further than I did. Though I challenge you to find something wrong with what I said.
Aside from all the "dot com days arrogance sucked" redundant grand standing, do you truly believe that information security is limited to port scanning a publicly accessible machine or running an IDS? If so you are so sorely mistaken it is almost funny.
I absolutely do not believe these are the limits, foundations, or anything else other than tools. However, I challenge you to find me a security company that approaches a prospective client with "Well then, lets start with your data classification list. Whats that? You don't have one..."
Many people who criticize the need for security professionals or companies tend to fall back on that argument. It's as if the whole of data storage and accessibility revolves around web services and related public utilities. Here's a news flash for you...most security compromises come from within the organization compromised.
I don't recall criticizing the need for all security professionals. I'm sorry if it read that way. This was a very directed rant at particular companies and the way they do, or attempt to do, business.
[skipping some of the lighter stuff]
Sorry, I'm not going to quote these but just answer them outright... I know it makes the thread less readable to some, but this html formating is making me tire and I have work to do...
1) Yes. Having worked in three organizations over the past 8 years in which administration of user accounts was both centralized and distributed -- as well as doing much research on the subject of authentication and in particular password management schemes -- I can assure you that there is no easy solution to this problem. What I've found works best, and most cheaply is a strongly worded policy, backed up by an implemented authentication policy that is actually enforced. And to the best of your ability centralize the backend for this authentication. Sadly in mainframe environments which are surrounded by Unix/NT servers this is no cheaply or easily implemented solution.
2) I'm starting to wonder where these questions are going... If you are an IT professional at a corporation who's CEO can't think of minor physical security, let alone data security, and you as an administrator or developer can't convince him otherwise, it may be time to move on.
3) Incredibly easy. Perhaps you should have read some of my earlier posts before asking some of these questions. You seem to be bent on bringing up issues which any competent in-house security group should have asked years ago.
4) Code auditing is probably one of the most important futures of the security industry as a whole.
5) yawn... and whats your "security company" going to do. Some will sell you monitoring services, at an INCREDIBLY jacked price. What are those monitoring services doing? Issuing email alerts that could just as easily been implemented by a competent admin.
There is so very much more to the security field than what you seem to think
Given the amount I posted I'm not sure how you could expect to know what I know about IS. Given that I've been a "security professional" for the past 5 years of my life and hold a couple of industry respected (but in my view completely worthless (CISSP/GIAC)) certifications I suppose I could attempt to dazzle you with my brilliant insights on IPV6, my opinions on anomalous packet identification, or why I think moving forward that client authentication and secure code reviews will be the backbone of the IS field future. But thats pointless.
If most management types realized security is truly a form of insurance they might treat it differently (insurance and
The insanity of 'white-hat' security companies will surely come to an end sooner rather than later. Securing the corporate or home network simply isn't that difficult anymore.
Thats not to say that in some way these prepubescent, security Scooby Doos don't have their place. But today, they are simply usurped by competent system and network administrators and the forethought of coders to write code with security in mind.
Think back to the burgeoning days of online commerce and the cavalier "Internet for everyone!" in the workplace roll outs. Book wise MCSEs, trench hardened Oracle/Solaris admins, and street savvy (but cowboyish) Linux/BSD admins were all the pointy haireds had to turn to. It was a friggin free-for-all against many up and coming businesses as well as some borderline brave industry Goliaths seeking a swim in the paranah infested Internet soup. Networks and software were regularly blasted through by kids with code they hadn't written themselves. Sometimes it happened due to the poor design of deployed code. Sometimes it happened because the attacks themselves were mini-masterpieces. But whatever the reason, in a space where people could be anonymous supervillans, the will of the Internet (of the people) to communicate persevered. The Internet infrastructure, and the networks attached to it, and the people running them all got a little bit smarter and a lot wiser.
Tell the guy in the suit you want to sell him a network security auditing tool (or service), because he doesn't have the man power to do it in house. He may be willing to pay. Tell the manager of a group of coders you want to sell her your competence and third party viewpoint of the security of their code. She may be willing to pay. Tell me you want to sell me a 250,000 dollar piece of network auditing code, or scan my network from the outside to tell me where my vulnerabilities lie without knowing my network already, or bebop around my 30,000+ user network analyzing a bunch of known signatures and I'll tell you to go back to the drawing board and tell me why your first answer wasn't to invest in a competent enough staff to make you obsolete.
The wake up call has already been dialed by the customers at large. The VC money won't last forever. And almost none of you are as cool as you made yourselves out to be. I suppose in the end it will be just as amusing to watch you tear at each other in a corporate environment with lawyers and press releases as it was to watch you tear at each other r00ts and mailing-list posts.
Sure IBM has a past history of being very supportive of the Linux community. But who do you want attempting to legally guide the future of Linux? SCO or IBM?
Its not supposed to matter how big you are in court - unfortunately it does matter.
Real world experience is where its at. Know your packets first and your policies second - but keep in mind that both are equally important.
I've met plenty of tools that have "jumped into security". They try to talk a good game of the which type of firewall is better than what, and why PKI solves or doesn't solve everything. In reality they don't know squat and have even less of a clue on how to apply their solutions to the real world.
The best general network security people I've met are those who understand the systems they are protecting and have the power to tell management and developers 'no'. But apply it only when they absolutly have to. Business has to get done - but when the cost of doing that business unnecessarily puts your assets at risk, it is imperative to have the power to tell people no.
Books, classes, certs all have some value - but for me... if I'm not sitting there dealing with it, configuring it, and applying it to a homemade or real world situation... I'll never get as much out of it.
Yes, but really - why not go see the real Jeckle and Hyde when LXG comes out?
I'll see both... the tank tossing scene from The Hulk looks way too cool to miss on the big screen. And I'm hoping Connery can pull off Quatermain in LXG. Just hoping they don't waterdown Hyde too much from Alan Moore's vision.
You know it seems to me that this tool would actually serve a legitimate use if it forced PPV broadcasts in the clear without making me click through. I could then have the TiVo record what I wanted, when I wanted, from PPV.
Hell I don't mind paying for, but that click-through-to-order shit makes it a pita to use with the TiVo.
Actually where they leave the user is in a position to change platforms. If you can't see that and take advantage of it when it happens then you, sir, are neither a deep thinker nor much of a visionary.
"Does my investment in Micrsoft cost me more than it would cost me to switch Operating Systems and deploy, in some cases the same applications - and in some cases new ones that do the same thing?"
If the answer is no - you stay. If the answer is yes - you move. Not a lot of deep thought required.
You're... I know I know... I suck.. I'm an idiot... I have no grasp of English... My argument is moot because I typo, can't spell and make run on sentances.... blah blah blah
Every vendor Microsoft, Apple, Sun, Red Hat, Debian can create an incident where a patch breaks a vendors application.
I've personally seen it happen with 4 out of the 5 vendors already. Deal with it. AFAIK there is still no forced patching. Your OS doesn't just up and DIE if you decide not to patch your OS because you are aware that patching will create problems for you.
On another note - Certainly Slashdot leans a little left politically and leans a lot toward "open solution" computing but everything about this story just reaks. "windows-ain't-done-while-competing-apps-still-run dept." -- GIVE ME A BREAK. If that were the goal, Microsoft would quickly be driving itself out of business. "... but they really should have done so when they designed Windows" -- again, who are you trying to fool here?? The same argument could be said for every operating system in mass production use today.
Give it a rest. Your just starting to look foolish now.
Most every metropolitan business that included employees that carry laptops or have desktop computers which I have ever been - provided internet access to their employees already.
Now I'm not saying I'd expect you to be spanking to porn using your work connection, but personally, I don't want to see you spanking to porn wirelessly in the park or the local coffee shop either.
Most corporate users who use PCs and do not work in the IT department need the following...
Browser Email 2-3 Corporate Apps Word Processing
Thats it... You will have some that require spreadsheets, calendaring, and document sharing - but really thats about it.
Making the argument against this type of decision from the point of view of a PowerUser, or Developer is pointless. Yes if all your apps are only available on Windows, it won't work for you. But you are not 90% of all desktop users.
Linux has a long way to go simply because of the pre-existing comfort level most corporate users have with 2K/XP (95/98).
- security ? XP with no services is secure enough behind a corporate firewall
Hmmm... Instant Messaging... IE... Outlook... Word... Excel... ID10T users installing virus/backdoors. I'm not saying you wouldn't face some of the same issues on a Linux desktop - because you would. But in my opinion on the desktop, security is a wash. You either have intelligent users or you don't.
- CPU efficiency ? When running Office and Outlook as sole applications on a 2GHz PC, you've got to go pretty ballistic to get inefifcient.
Well actually its more like Office, Outlook, Excel, Corporate Apps (TN3270? Java? VB? C? Fat/Thin), IE... Certainly still plenty of power left over at 2GHz. But in most corporate offices I've been in over the past 2 years there are more P2s than P4s. Heh, and even the P4s still dog it on some Java apps.
- open source ? You really thing any desktop user gives a flying donkey ?
No I tend to think that the IT Director footing the bill for OEM pricing of Office; EOL licensing upgrades; and sick subscription pricing for everything MS might give a flying donkey.
- commandline unix underpinnings ? see 2 remarks above
No I don't really see this as an argument either. But it seems to me you just threw it in to give the illusion of a better argument too, so...
Personally I'd hate to see what you attempted to put in front of them. But lets use your example against your argument anyway. MacOS X. Argument over. Opensource on the desktop can work. Red Hat has now seen it work and they are obviously going to try to duplicate Apple's success (much as Apple did after seeing Opensource succeed).
The only way the change will take place is through sheer force of will from corporate executives who believe they can in fact save money from making the change.
I purchased a year long stay with WineX from Transgaming around 4-5 months back. Unfortunately I realized through personal experience that WineX, while a novel idea for a company, is inherently flawed for online games you might want to play.
Counter-Strike. I got to play this game for all of 4 days before Valve's Anti-Cheat code kicked in on the servers, and I've never been able to play under Wine or WineX again. We heard over and over again that a fix was in the works... just wait for the next release... etc... Well months later the next release is here and from the looks of the forums - no fix.
I'd see this as being a problem for not only C-S, but just about any other game that might involve hack/cheat checks in grapihcs code, or file structure, or libraries in general.
Still. The Transgaming folks (Gavriel!) have done an excellent job getting the cream of the crop working fairly well under Linux. Just don't expect your games to work through every patch.
I wonder if HP realizes the shitstorm it just released on itself, every other OS manufacturer out there, and every other company and individual that codes publicly released software.
In the recent past the community itself made a reasonable effort to begin notifying developers that they had bugs in their code and give them a reasonable ammount of time to fix said code and deploy patches before making the bugs public. It wasn't a perfect system and not everyone played by the "rules" but at least people seemed to want to behave responsibly.
Now HP has thrown down the gauntlet, and given the one finger salute to every uber haxor, wannabe, script kiddie, grey hat, glam hungry geek on the planet.
Gee the "New HP" sure is acting like some old ignorant twits. You cannot police what you cannot control. And as quickly as the "security community" tried to legitimize themselves - many of them can vanish right back under the limitless depths of the ether.
Mmmmm peer to peer websurfing, mailing lists and newsgroups. Masked behind proxy after proxy. Hosted on a million webservers. *Homer Gurgle*
Yeah this is a troll. Had the guy used thumbnails so that people might be able to choose the images they wanted to see the site might have been up longer. Whatever.
Slashdot Mirror
What kind of dream world are you living in?
... Well I say, "FUCK THAT!""
And yet, brilliant thinkers, scientists, philosophers, politicians etc. have risen from the East. Why, every day in the US, there's some kind of revolt against Asians robbing 'intelligent' jobs from the West. Freedom is good in the hands of those who respect and value it - censorship tends to move people towards alternate avenues for enjoyment - and these are normally much better.
Please cite for me one, just one, "revolt" over Easterns taking jobs from Westerns. Censorship does nothing more than restrict alternative viewpoints. Nothing. And brilliant thinkers arise from the entire world - no matter what harsh or lavish (perhaps arguable) conditions they live in.
" And you can bet your dictator trodden ass
See I take language for granted. I live in a society that generally gives me the liberty of expressing my viewpoints with whatever language I use. And the last time I checked "fucking" wasn't violent.
And yet you can't see that you're being a hypocrite?? The problem is not with open relays etc.. most Easterners are peace loving, and wouldn't resort to violence or guns despite rising costs, unemployment etc. By nature, most of them are peaceable. I was once amazed at the depth of knowledge exhibited by Slashdotters on an article on MP3 on rifle magazines - so many seemed to know about guns, rifles, magazines, pitch, bore, etc.. it was a scary thought.
In fact the problem is with open relays. Guess what pal - contrary to your jaded viewpoint - bad people exist everywhere. They exist in the USA, they exist in China, they exist in Russia, they exist in France, they exist in Pakistan, and they exist in Canada. Bad people (and stupid people, obviously) are everywhere. But by your logic, if you leave a bottle of cleaning fluid on your floor and your neighbors 3 year old feeds it to your 1 year old who dies - well shit... thats the governments fault! SMTP for all its done is a dangerous protocol if not properly secured and administered. You share an unwritten responsibility when you run an email server to run it properly. Take some responsibility for yourself! As for most Easterners being "peacable". History would prove that Easterners are no more "peacable" than westerners. Oddly enough, when it comes to Easterners-vs-Easterners, they might even be considered worse.
And I tolerate your viewpoints just fine. The difference is, where I come from I'm allowed think and say "they are idiotic".
Welcome to lifestyles of the Rich and Famous "The Authoritarian Edition".
I really suppose you have a kid (I do, and can state my personal thoughts on this matter). There's very little chance of parental censorhip succeeding with kids - why? Bcos kids are kids, that's all. This is a matter where Western and Eastern thinking differs a lot - the value of state censorship.
I do have a kid, two in fact. And you can bet your dictator trodden ass that I MUCH prefer setting the limits for my children, than having my government do it for me. Where the system breaks down, is with poor parenting - NOT "kids being kids". Basically all you are saying to the world is, "I can't manage my own life - please mister government man can you take care of that for me?" Well I say, "FUCK THAT!"
And in regards to you other idiotic statements...
Western societies are generally more tolerant - lax, according to the Earterners, and are driven by capitalism. They tend to focus on rights, rather than duties. This could explain the recent orders permitting gays and lesbians, as well as the inaction on spam.
Yes, I suppose thats why most of the spam I receive come from relays in China, Indonesia, Thialand, etc... I will grant you that it is mostly Westerners using these open relays - but if these governments are so on the ball and looking out for their citizens seems to me this wouldn't be an issue. But hey, I live in one of the states with real anti-spam laws. You've got me totally baffled on the gay rights equates to spam thing though...
Earterners generally focus on duties, role models, censorship and even punbishment for acts considered normal in the West. The internet brigs out this dichotomy bcos it's an open network. Thus govt. censorship is a preferred and better solution in Eastern societies - Thailand being one.
You stick with your authoritarian view. Because really - your governement knows what is best for you and your ilk. "The value of state censorship"... yeah, you hang onto that it'll be worth a lot one day...
I usually don't add quotes to my posts. And god knows I'll catch major shit for posting an Ayn Rand one...
It is a sin to write this.
- Anthem
I wouldn't usually reply to this type of post because, no one will ever read it. But I'm a little fucked up, and bored - so why not...
...
You are absolutely correct. However, being a fan of Ellison's vision, I do still see a pristine vacancy for Linux's ass on the desktop. Cheap, stable, tightly access controlled Linux desktops. Either imaged, or networked served - or both.
Now I haven't ever attempted a test deployement of such a solution myself. But my guess is that these types of questions are easily answered...
Can I lock down user menu and icon choices on the desktop and individual applications on a per user or per group basis?
Where the fuck is the "cheaper than the $300 Walmart Box" network pc with optional integrated smart card or biometric authentication?
At what point will local root exploits in common distributions become a thing of the past? Kernel mods are flowing, 2.5 looks good, but I think we are still years off. Given the right circumstances this could easily be much worse than a simillar situation in Microsoft land.
So. Its happening. I look toward it effecting the controlled corporate networks long before the casual home user - but hey, isn't that how Microsoft worked it? I work on a state wide network of about 9000+ users. Fully 85% of those users have no need for a desktop in the traditional sense of the word - though they use their 2-5 computer applications for 30-70% of the day. Drop the $250 (low estimate) Microsoft tax from PCs purchased (OS and Office). Thats nearly a 2 million dollar savings. Given a well optimized desktop, a lean kernel, a minimal applications I could easily pair down hardware requirements as well...
Sigh... now if I could only figure out how to fix those 1000+ pointy hairs into beleiving the don't need to sync their PDAs to their shared calendars, and that Outlook does in fact suck as an email client. I can dream...
You know, I am really torn as to whether or not this is a troll or if you genuinely believe the points listed in your rant.
Neither, but given space, time, and "slashdot post interest" limitations I simply could not expound any further than I did. Though I challenge you to find something wrong with what I said.
Aside from all the "dot com days arrogance sucked" redundant grand standing, do you truly believe that information security is limited to port scanning a publicly accessible machine or running an IDS? If so you are so sorely mistaken it is almost funny.
I absolutely do not believe these are the limits, foundations, or anything else other than tools. However, I challenge you to find me a security company that approaches a prospective client with "Well then, lets start with your data classification list. Whats that? You don't have one..."
Many people who criticize the need for security professionals or companies tend to fall back on that argument. It's as if the whole of data storage and accessibility revolves around web services and related public utilities. Here's a news flash for you...most security compromises come from within the organization compromised.
I don't recall criticizing the need for all security professionals. I'm sorry if it read that way. This was a very directed rant at particular companies and the way they do, or attempt to do, business.
[skipping some of the lighter stuff]
Sorry, I'm not going to quote these but just answer them outright... I know it makes the thread less readable to some, but this html formating is making me tire and I have work to do...
1) Yes. Having worked in three organizations over the past 8 years in which administration of user accounts was both centralized and distributed -- as well as doing much research on the subject of authentication and in particular password management schemes -- I can assure you that there is no easy solution to this problem. What I've found works best, and most cheaply is a strongly worded policy, backed up by an implemented authentication policy that is actually enforced. And to the best of your ability centralize the backend for this authentication. Sadly in mainframe environments which are surrounded by Unix/NT servers this is no cheaply or easily implemented solution.
2) I'm starting to wonder where these questions are going... If you are an IT professional at a corporation who's CEO can't think of minor physical security, let alone data security, and you as an administrator or developer can't convince him otherwise, it may be time to move on.
3) Incredibly easy. Perhaps you should have read some of my earlier posts before asking some of these questions. You seem to be bent on bringing up issues which any competent in-house security group should have asked years ago.
4) Code auditing is probably one of the most important futures of the security industry as a whole.
5) yawn... and whats your "security company" going to do. Some will sell you monitoring services, at an INCREDIBLY jacked price. What are those monitoring services doing? Issuing email alerts that could just as easily been implemented by a competent admin.
There is so very much more to the security field than what you seem to think
Given the amount I posted I'm not sure how you could expect to know what I know about IS. Given that I've been a "security professional" for the past 5 years of my life and hold a couple of industry respected (but in my view completely worthless (CISSP/GIAC)) certifications I suppose I could attempt to dazzle you with my brilliant insights on IPV6, my opinions on anomalous packet identification, or why I think moving forward that client authentication and secure code reviews will be the backbone of the IS field future. But thats pointless.
If most management types realized security is truly a form of insurance they might treat it differently (insurance and
The insanity of 'white-hat' security companies will surely come to an end
sooner rather than later. Securing the corporate or home network simply
isn't that difficult anymore.
Thats not to say that in some way these prepubescent, security Scooby Doos
don't have their place. But today, they are simply usurped by competent
system and network administrators and the forethought of coders to write
code with security in mind.
Think back to the burgeoning days of online commerce and the cavalier
"Internet for everyone!" in the workplace roll outs. Book wise MCSEs,
trench hardened Oracle/Solaris admins, and street savvy (but cowboyish)
Linux/BSD admins were all the pointy haireds had to turn to. It was a
friggin free-for-all against many up and coming businesses as well as some
borderline brave industry Goliaths seeking a swim in the paranah infested
Internet soup. Networks and software were regularly blasted through by
kids with code they hadn't written themselves. Sometimes it happened due
to the poor design of deployed code. Sometimes it happened because the
attacks themselves were mini-masterpieces. But whatever the reason, in a
space where people could be anonymous supervillans, the will of the
Internet (of the people) to communicate persevered. The Internet
infrastructure, and the networks attached to it, and the people running
them all got a little bit smarter and a lot wiser.
Tell the guy in the suit you want to sell him a network security auditing
tool (or service), because he doesn't have the man power to do it in
house. He may be willing to pay. Tell the manager of a group of coders
you want to sell her your competence and third party viewpoint of the
security of their code. She may be willing to pay. Tell me you want to
sell me a 250,000 dollar piece of network auditing code, or scan my
network from the outside to tell me where my vulnerabilities lie without
knowing my network already, or bebop around my 30,000+ user network
analyzing a bunch of known signatures and I'll tell you to go back to the
drawing board and tell me why your first answer wasn't to invest in a
competent enough staff to make you obsolete.
The wake up call has already been dialed by the customers at large. The
VC money won't last forever. And almost none of you are as cool as you
made yourselves out to be. I suppose in the end it will be just as
amusing to watch you tear at each other in a corporate environment with
lawyers and press releases as it was to watch you tear at each other r00ts
and mailing-list posts.
Sure IBM has a past history of being very supportive of the Linux community. But who do you want attempting to legally guide the future of Linux? SCO or IBM?
Its not supposed to matter how big you are in court - unfortunately it does matter.
Real world experience is where its at. Know your packets first and your policies second - but keep in mind that both are equally important.
I've met plenty of tools that have "jumped into security". They try to talk a good game of the which type of firewall is better than what, and why PKI solves or doesn't solve everything. In reality they don't know squat and have even less of a clue on how to apply their solutions to the real world.
The best general network security people I've met are those who understand the systems they are protecting and have the power to tell management and developers 'no'. But apply it only when they absolutly have to. Business has to get done - but when the cost of doing that business unnecessarily puts your assets at risk, it is imperative to have the power to tell people no.
Books, classes, certs all have some value - but for me... if I'm not sitting there dealing with it, configuring it, and applying it to a homemade or real world situation... I'll never get as much out of it.
The corporate track:
"So secure, the US Militiary is afraid to fund it."
The foreign government track:
"Empowering nations with secure computing."
The 31337 track:
"Use the OS the governement doesn't want you to."
Yes, but really - why not go see the real Jeckle and Hyde when LXG comes out?
I'll see both... the tank tossing scene from The Hulk looks way too cool to miss on the big screen. And I'm hoping Connery can pull off Quatermain in LXG. Just hoping they don't waterdown Hyde too much from Alan Moore's vision.
You know it seems to me that this tool would actually serve a legitimate use if it forced PPV broadcasts in the clear without making me click through. I could then have the TiVo record what I wanted, when I wanted, from PPV.
Hell I don't mind paying for, but that click-through-to-order shit makes it a pita to use with the TiVo.
Really I'm not trolling. I WANT TO KNOW!
Actually where they leave the user is in a position to change platforms. If you can't see that and take advantage of it when it happens then you, sir, are neither a deep thinker nor much of a visionary.
"Does my investment in Micrsoft cost me more than it would cost me to switch Operating Systems and deploy, in some cases the same applications - and in some cases new ones that do the same thing?"
If the answer is no - you stay. If the answer is yes - you move. Not a lot of deep thought required.
But, you do show significant promise as a troll.
You're... I know I know... I suck.. I'm an idiot... I have no grasp of English... My argument is moot because I typo, can't spell and make run on sentances.... blah blah blah
Microsoft is doing the right thing.
n dept." -- GIVE ME A BREAK. If that were the goal, Microsoft would quickly be driving itself out of business. "... but they really should have done so when they designed Windows" -- again, who are you trying to fool here?? The same argument could be said for every operating system in mass production use today.
Every vendor Microsoft, Apple, Sun, Red Hat, Debian can create an incident where a patch breaks a vendors application.
I've personally seen it happen with 4 out of the 5 vendors already. Deal with it. AFAIK there is still no forced patching. Your OS doesn't just up and DIE if you decide not to patch your OS because you are aware that patching will create problems for you.
On another note - Certainly Slashdot leans a little left politically and leans a lot toward "open solution" computing but everything about this story just reaks. "windows-ain't-done-while-competing-apps-still-ru
Give it a rest. Your just starting to look foolish now.
Most every metropolitan business that included employees that carry laptops or have desktop computers which I have ever been - provided internet access to their employees already.
Now I'm not saying I'd expect you to be spanking to porn using your work connection, but personally, I don't want to see you spanking to porn wirelessly in the park or the local coffee shop either.
Most corporate users who use PCs and do not work in the IT department need the following...
Browser
Email
2-3 Corporate Apps
Word Processing
Thats it... You will have some that require spreadsheets, calendaring, and document sharing - but really thats about it.
Making the argument against this type of decision from the point of view of a PowerUser, or Developer is pointless. Yes if all your apps are only available on Windows, it won't work for you. But you are not 90% of all desktop users.
Linux has a long way to go simply because of the pre-existing comfort level most corporate users have with 2K/XP (95/98).
- security ? XP with no services is secure enough behind a corporate firewall
Hmmm... Instant Messaging... IE... Outlook... Word... Excel... ID10T users installing virus/backdoors. I'm not saying you wouldn't face some of the same issues on a Linux desktop - because you would. But in my opinion on the desktop, security is a wash. You either have intelligent users or you don't.
- CPU efficiency ? When running Office and Outlook as sole applications on a 2GHz PC, you've got to go pretty ballistic to get inefifcient.
Well actually its more like Office, Outlook, Excel, Corporate Apps (TN3270? Java? VB? C? Fat/Thin), IE... Certainly still plenty of power left over at 2GHz. But in most corporate offices I've been in over the past 2 years there are more P2s than P4s. Heh, and even the P4s still dog it on some Java apps.
- open source ? You really thing any desktop user gives a flying donkey ?
No I tend to think that the IT Director footing the bill for OEM pricing of Office; EOL licensing upgrades; and sick subscription pricing for everything MS might give a flying donkey.
- commandline unix underpinnings ? see 2 remarks above
No I don't really see this as an argument either. But it seems to me you just threw it in to give the illusion of a better argument too, so...
Personally I'd hate to see what you attempted to put in front of them. But lets use your example against your argument anyway. MacOS X. Argument over. Opensource on the desktop can work. Red Hat has now seen it work and they are obviously going to try to duplicate Apple's success (much as Apple did after seeing Opensource succeed).
The only way the change will take place is through sheer force of will from corporate executives who believe they can in fact save money from making the change.
I suspect that for the majority past history of poorly designed 'on the cheap' products plays a serious role in these types of snap judgements.
Just the same... if your product isn't selling, and your selling it cheap - question your product (or your saleforce) - not the potential customers.
I purchased a year long stay with WineX from Transgaming around 4-5 months back. Unfortunately I realized through personal experience that WineX, while a novel idea for a company, is inherently flawed for online games you might want to play.
Counter-Strike. I got to play this game for all of 4 days before Valve's Anti-Cheat code kicked in on the servers, and I've never been able to play under Wine or WineX again. We heard over and over again that a fix was in the works... just wait for the next release... etc... Well months later the next release is here and from the looks of the forums - no fix.
I'd see this as being a problem for not only C-S, but just about any other game that might involve hack/cheat checks in grapihcs code, or file structure, or libraries in general.
Still. The Transgaming folks (Gavriel!) have done an excellent job getting the cream of the crop working fairly well under Linux. Just don't expect your games to work through every patch.
I wonder if HP realizes the shitstorm it just released on itself, every other OS manufacturer out there, and every other company and individual that codes publicly released software.
In the recent past the community itself made a reasonable effort to begin notifying developers that they had bugs in their code and give them a reasonable ammount of time to fix said code and deploy patches before making the bugs public. It wasn't a perfect system and not everyone played by the "rules" but at least people seemed to want to behave responsibly.
Now HP has thrown down the gauntlet, and given the one finger salute to every uber haxor, wannabe, script kiddie, grey hat, glam hungry geek on the planet.
Gee the "New HP" sure is acting like some old ignorant twits. You cannot police what you cannot control. And as quickly as the "security community" tried to legitimize themselves - many of them can vanish right back under the limitless depths of the ether.
Mmmmm peer to peer websurfing, mailing lists and newsgroups. Masked behind proxy after proxy. Hosted on a million webservers. *Homer Gurgle*
Where is the public domain pr0n?
<imagines the shape of breasts for the colonies of women that grow-up in low grav>
:P)
*homer gurgle*
(Forgot to escape my symbols
*homer gurgle*
Yeah this is a troll. Had the guy used thumbnails so that people might be able to choose the images they wanted to see the site might have been up longer. Whatever.
I dunno, I head Heaven's Gate still has an opening or two...