Hell, on the OpenVMS side, it wouldn't shock me a bit to find out that they don't even HAVE a team any more that's capable of porting it to other architectures. They likely say they do, to fulfill government contracts that specify that OpenVMS can't be orphaned, but I wonder what the reality is.
Me as well. I just got a "new" laptop, a Latitude e6510, from the Dell Outlet. It has a 15" 1920x1080 screen and I'm very happy indeed. I would have bought a new e6520, but some idiot at Dell decided people want 15" laptops with a numeric keypad, which made it nearly two inches wider than the e6510 with the same screen size.
I think this system would be much more suited to developers than the XPS 13 - it's very rugged and not very heavy, not all THAT much bigger than the XPS, and has a modular bay that you can put a second hard drive in if you want.
Battery life is somewhat of a con, though - mine has a quad-core i7 and gets maybe 2.5 hours running Ubuntu 12.04 with the standard six-cell battery. But I run on power 95% of the time and it's a small price to pay for all this power, the thing is a speed demon to me after using my XPS M1330 for four years.
I'm certainly not reading a 400 page tome on my phone.
Why not? I do it all the time. Reading the Steve Jobs biography now. Aldiko rocks, and I always have my phone with me. In my pocket. And everyone thinks I'm checking email when I'm really reading a book.
I have employees who are allowed to come in to the VPN with their home (non-corporate-managed) machines, and no restrictions on their network traffic. I'm working on changing that but it hasn't happened as yet. Additionally, I have way too much experience with malware running on Windows machines while their installed antivirus software is happily telling anyone who asks there's nothing wrong at all.
You need to stop thinking about internal risks in terms of deliberate actions by malicious employees (which is still a risk) and start thinking more in terms of the malware they're almost inevitably running and what actions it can take without their knowledge. This is a highly wormable exploit - think SQL Slammer. I would suggest you consider your soft center as well as your hard crunchy outside for this one.
That does not follow. The original discoverer might have disclosed it to other resources who leaked it, or leaked it himself.
If that exact packet is an obvious way of doing it, it could also have been an independent discovery.
Why doesn't it follow? This has been a risk since day one of Microsoft's advance notification program.
In this article, Luigi Auriemma, the guy who discovered the flaw and reported it to Microsoft, explains the changes he made to the packet and the fact that the same packet was in the released exploit code.
First of all, your ever-so-awesome RDP changes that started with Vista don't seem to have helped a ton here, unless you took the non-default step of turning on NLA which breaks accessing the server from XP clients that haven't had an upgrade to the RDP client.
Secondly, given the choice between opening RDP to a Windows box or SSH to a Linux box, I'll place my bets on SSH any day of the week. OpenSSH was designed from the start to be a highly-secure protocol. It has, of course, had to evolve over the years to stay ahead of threats just as RDP has. But looking at the history of RDP and the changes that MS has had to make to the protocol, I think it's pretty clear at this point that "giving the user a remote graphical interface" was quite a bit higher of a priority than security from the beginning.
Encryption != security. Thanks for proving my earlier point about people often making that mistake.
Well, for starters, because Web servers don't run as SYSTEM for quite some time now.
And in any case, opening up port 80 from the Internet to an internal server, rather than one on a DMZ designed to do nothing but host Web content is just as insanely stupid. Same goes for port 443, even though I've lost count of the number of times people have told me 443 is okay "because it's secure!".
Because this one is bigger than usual - I know of quite a few small companies that use RDP as a "poor man's VPN" and open it from their internal server(s) directly to the Internet. Insanely stupid and I've never allowed any SMBs that I've set up to do it, but it definitely happens quite a bit.
Interestingly, scanning for 3389 over the Internet has been quite prevalent for quite awhile. I'm sure there are many, many bad guys out there with big lists of system IP addresses all set to go once this (inevitably) turns into a remote code exploit rather than just a DoS.
Yes. The guy who discovered it reported it to both the TippingPoint Zero Day Initiative and to Microsoft, and sent them the packet that triggers the exploit. That exact same packet showed up in this exploit, meaning somebody either at ZDI or Microsoft or part of the MAPP program leaked it.
So much for responsible disclosure! Although as soon as I saw that TippingPoint had released a signature for this on Tuesday, I figured that would be enough information for people to figure out what was up. Leaking the exact packet made things even easier and quicker, though.
Gee, I do so love it when I get three days to deploy a critical patch throughout my entire production environment. That makes for some wonderful conversations with the admin staff, let me tell you!
Re:That's why I like the basic Kindle
on
The eBook Backlash
·
· Score: 1
Read books on your phone, as I do with Aldiko on my Android phone, and there's nothing to sneak.
I'm thinking Ubuntu for Android would be pretty darn perfect for this. Run ICS on it when it's a phone or a tablet, and run full-on Ubuntu, with access to the Android files, when it's a laptop. Geek nirvana, if you ask me!
One little glitch - if you've kept up on the history of this case and read the trial pleading PDF files, you would know that this laptop in fact had a broken screen when it was seized. That's definitely a help to her here.
They do this to avoid 5th Amendment implications of forcing the defendant to "speak" (or type) a passphrase that could incriminate themselves. Saying that they don't want to know the passphrase, just get the encrypted files, supposedly gets them past this.
Personally, I think that's total BS - the act of using the passphrase to provide the evidence is just as testimonial. But this issue hasn't gotten to a court that matters much yet.
So the path to making better software is to make it more obfuscated and less user friendly? Making it easier for those poor dudes is what MS has been doing for 20 years, and why they finally made some inroads into the market.
No, the path to making better software is to make people understand the ramifications of their actions, and understand not to take those actions unless they understand the consequences, which Microsoft has, in my opinion, been horrible at.
Here's a great example: several times, I've been called in to undo the effects of Windows Load Balancing, a technology Microsoft created to do load balancing in the OS, rather than requiring a separate device. It works by tricking the switch into flooding all incoming packets to a virtual IP to all ports in the broadcast domain where that IP is located.
Once a few years back, I had to go to a "company town" in Indiana that was networked using bridging all over the place. Some consulting company set up a system for them that used three servers with WLB and plopped it right in the middle of this network. I looked at the instructions they followed - they were basically, "to set up WLB, click here, then next, next, finish".
The result of this: everything coming in to these servers was flooded everywhere, including out the 802.11b access points they used on their manufacturing floor. Over 40 MBPS worth. That didn't work too well.
The problem is that, by creating a nice simple interface where you get the impression that everything is SOOO EASY, Microsoft gives people with no clue the impression that they're Windows admins who know what they're doing.
I'll agree, in the aggregate, that it matters less whether there's a GUI or a CLI, but not having a quick and simple interface does help raise the bar a bit and provide a different view, so it doesn't look like the desktop a given clueless user feels familiar with.
Part of the appeal of a windows server is that the poor dude who is asked to do all the IT stuff, but isn't actually an IT guy has a much lower barrier to entry in understanding 'Windows that happens to be a server' than trying to understand 'LAMP'.
No, that's part of the problem of a Windows server, in my experience.
Although I suppose I shouldn't bitch too much, as it's made me quite a bit of money over the years fixing the idiot braindead mistakes these "poor dudes" make.
I will say that this has been a major pain for me - I run nothing but Ubuntu at home and already spend enough time dealing with my kid's school's insane focus on Microsoft technologies.
Now, one of the most important sites for my kids to use (Aleks) is totally broken with Open Java. It was enough of a pain with Oracle's Java, but now it's unusable.
Thanks a lot Oracle! Wouldn't want anyone actually using your software or anything.
Go here and read about the Indian Hills Theater in Omaha.
I used to absolutely LOVE going to this theater, even up to 1999. It was wonderful, it was an experience, it was truly a nice place to be. It was pretty much the only thing I missed about Omaha when I moved to Colorado in 2000.
Now, since 2000 when the nearby hospital tore it down despite the objections of a ton of people, it's a parking lot.
And now, I watch movies at home on my 60" LED screen.
Sadly, it looks like the one in Denver (Littleton, actually) won't be opening until "late 2012" - they're just tearing things down now to make room for it in Aspen Grove. Still, it'll be a 7-screen complex, one of which is a small one with only 28 seats so it does sound cool.
Hmm, this IMU is a 1.1 by 1.6 inches circuit board with not many components on it, so not much. Even if we're talking mil-spec, I have a feeling they could squeeze one in.
Slashdot Mirror
Hell, on the OpenVMS side, it wouldn't shock me a bit to find out that they don't even HAVE a team any more that's capable of porting it to other architectures. They likely say they do, to fulfill government contracts that specify that OpenVMS can't be orphaned, but I wonder what the reality is.
And I believe Lincoln is actually the largest city in Nebraska on Cornhuskers game days.
I kid, but it's close. You do NOT want to drive on Interstate 80 when most of Omaha is driving to Lincoln for the game.
Funny and true! Their name servers show as domaincontrol.com, which is, in fact, GoDaddy.
wondering how long it will be before Apple has its own armed forces, but...
This would probably be a good place to start.
Uh what? Hopefully I won't hear a "whoosh", but it's "confidant" - as in, someone that can be trusted.
And yes, I'm showing my age - didn't even have to look it up.
I'll be 44 in a couple of weeks.
Another name for this is "job security".
Me as well. I just got a "new" laptop, a Latitude e6510, from the Dell Outlet. It has a 15" 1920x1080 screen and I'm very happy indeed. I would have bought a new e6520, but some idiot at Dell decided people want 15" laptops with a numeric keypad, which made it nearly two inches wider than the e6510 with the same screen size.
I think this system would be much more suited to developers than the XPS 13 - it's very rugged and not very heavy, not all THAT much bigger than the XPS, and has a modular bay that you can put a second hard drive in if you want.
Battery life is somewhat of a con, though - mine has a quad-core i7 and gets maybe 2.5 hours running Ubuntu 12.04 with the standard six-cell battery. But I run on power 95% of the time and it's a small price to pay for all this power, the thing is a speed demon to me after using my XPS M1330 for four years.
I'm certainly not reading a 400 page tome on my phone.
Why not? I do it all the time. Reading the Steve Jobs biography now. Aldiko rocks, and I always have my phone with me. In my pocket. And everyone thinks I'm checking email when I'm really reading a book.
I have employees who are allowed to come in to the VPN with their home (non-corporate-managed) machines, and no restrictions on their network traffic. I'm working on changing that but it hasn't happened as yet. Additionally, I have way too much experience with malware running on Windows machines while their installed antivirus software is happily telling anyone who asks there's nothing wrong at all.
You need to stop thinking about internal risks in terms of deliberate actions by malicious employees (which is still a risk) and start thinking more in terms of the malware they're almost inevitably running and what actions it can take without their knowledge. This is a highly wormable exploit - think SQL Slammer. I would suggest you consider your soft center as well as your hard crunchy outside for this one.
That does not follow. The original discoverer might have disclosed it to other resources who leaked it, or leaked it himself.
If that exact packet is an obvious way of doing it, it could also have been an independent discovery.
Why doesn't it follow? This has been a risk since day one of Microsoft's advance notification program.
In this article, Luigi Auriemma, the guy who discovered the flaw and reported it to Microsoft, explains the changes he made to the packet and the fact that the same packet was in the released exploit code.
Wow. Shill much?
First of all, your ever-so-awesome RDP changes that started with Vista don't seem to have helped a ton here, unless you took the non-default step of turning on NLA which breaks accessing the server from XP clients that haven't had an upgrade to the RDP client.
Secondly, given the choice between opening RDP to a Windows box or SSH to a Linux box, I'll place my bets on SSH any day of the week. OpenSSH was designed from the start to be a highly-secure protocol. It has, of course, had to evolve over the years to stay ahead of threats just as RDP has. But looking at the history of RDP and the changes that MS has had to make to the protocol, I think it's pretty clear at this point that "giving the user a remote graphical interface" was quite a bit higher of a priority than security from the beginning.
Encryption != security. Thanks for proving my earlier point about people often making that mistake.
Well, for starters, because Web servers don't run as SYSTEM for quite some time now.
And in any case, opening up port 80 from the Internet to an internal server, rather than one on a DMZ designed to do nothing but host Web content is just as insanely stupid. Same goes for port 443, even though I've lost count of the number of times people have told me 443 is okay "because it's secure!".
Because this one is bigger than usual - I know of quite a few small companies that use RDP as a "poor man's VPN" and open it from their internal server(s) directly to the Internet. Insanely stupid and I've never allowed any SMBs that I've set up to do it, but it definitely happens quite a bit.
Interestingly, scanning for 3389 over the Internet has been quite prevalent for quite awhile. I'm sure there are many, many bad guys out there with big lists of system IP addresses all set to go once this (inevitably) turns into a remote code exploit rather than just a DoS.
Yes. The guy who discovered it reported it to both the TippingPoint Zero Day Initiative and to Microsoft, and sent them the packet that triggers the exploit. That exact same packet showed up in this exploit, meaning somebody either at ZDI or Microsoft or part of the MAPP program leaked it.
So much for responsible disclosure! Although as soon as I saw that TippingPoint had released a signature for this on Tuesday, I figured that would be enough information for people to figure out what was up. Leaking the exact packet made things even easier and quicker, though.
Gee, I do so love it when I get three days to deploy a critical patch throughout my entire production environment. That makes for some wonderful conversations with the admin staff, let me tell you!
Read books on your phone, as I do with Aldiko on my Android phone, and there's nothing to sneak.
I'm thinking Ubuntu for Android would be pretty darn perfect for this. Run ICS on it when it's a phone or a tablet, and run full-on Ubuntu, with access to the Android files, when it's a laptop. Geek nirvana, if you ask me!
One little glitch - if you've kept up on the history of this case and read the trial pleading PDF files, you would know that this laptop in fact had a broken screen when it was seized. That's definitely a help to her here.
They do this to avoid 5th Amendment implications of forcing the defendant to "speak" (or type) a passphrase that could incriminate themselves. Saying that they don't want to know the passphrase, just get the encrypted files, supposedly gets them past this.
Personally, I think that's total BS - the act of using the passphrase to provide the evidence is just as testimonial. But this issue hasn't gotten to a court that matters much yet.
So the path to making better software is to make it more obfuscated and less user friendly? Making it easier for those poor dudes is what MS has been doing for 20 years, and why they finally made some inroads into the market.
No, the path to making better software is to make people understand the ramifications of their actions, and understand not to take those actions unless they understand the consequences, which Microsoft has, in my opinion, been horrible at.
Here's a great example: several times, I've been called in to undo the effects of Windows Load Balancing, a technology Microsoft created to do load balancing in the OS, rather than requiring a separate device. It works by tricking the switch into flooding all incoming packets to a virtual IP to all ports in the broadcast domain where that IP is located.
Once a few years back, I had to go to a "company town" in Indiana that was networked using bridging all over the place. Some consulting company set up a system for them that used three servers with WLB and plopped it right in the middle of this network. I looked at the instructions they followed - they were basically, "to set up WLB, click here, then next, next, finish".
The result of this: everything coming in to these servers was flooded everywhere, including out the 802.11b access points they used on their manufacturing floor. Over 40 MBPS worth. That didn't work too well.
The problem is that, by creating a nice simple interface where you get the impression that everything is SOOO EASY, Microsoft gives people with no clue the impression that they're Windows admins who know what they're doing.
I'll agree, in the aggregate, that it matters less whether there's a GUI or a CLI, but not having a quick and simple interface does help raise the bar a bit and provide a different view, so it doesn't look like the desktop a given clueless user feels familiar with.
Part of the appeal of a windows server is that the poor dude who is asked to do all the IT stuff, but isn't actually an IT guy has a much lower barrier to entry in understanding 'Windows that happens to be a server' than trying to understand 'LAMP'.
No, that's part of the problem of a Windows server, in my experience.
Although I suppose I shouldn't bitch too much, as it's made me quite a bit of money over the years fixing the idiot braindead mistakes these "poor dudes" make.
I will say that this has been a major pain for me - I run nothing but Ubuntu at home and already spend enough time dealing with my kid's school's insane focus on Microsoft technologies.
Now, one of the most important sites for my kids to use (Aleks) is totally broken with Open Java. It was enough of a pain with Oracle's Java, but now it's unusable.
Thanks a lot Oracle! Wouldn't want anyone actually using your software or anything.
Go here and read about the Indian Hills Theater in Omaha.
I used to absolutely LOVE going to this theater, even up to 1999. It was wonderful, it was an experience, it was truly a nice place to be. It was pretty much the only thing I missed about Omaha when I moved to Colorado in 2000.
Now, since 2000 when the nearby hospital tore it down despite the objections of a ton of people, it's a parking lot.
And now, I watch movies at home on my 60" LED screen.
Sadly, it looks like the one in Denver (Littleton, actually) won't be opening until "late 2012" - they're just tearing things down now to make room for it in Aspen Grove. Still, it'll be a 7-screen complex, one of which is a small one with only 28 seats so it does sound cool.
Hmm, this IMU is a 1.1 by 1.6 inches circuit board with not many components on it, so not much. Even if we're talking mil-spec, I have a feeling they could squeeze one in.