Umm... first of all, the U.S. entered the war in force by mid-1942, when Russia was on the ropes at Stalingrad. The Battle of Britain was won, but invasion of the UK was certainly still possible if teh Soviets capitulated. American bombing of continental transport and oil fields greatly exacerbated the German logistical problems that prevented them from victory at Moscow and Stalingrad. Perhaps the tide would not have turned at Stalingrad if the Germans had been able to get another few armored divisions to von Paulus, pushing the Soviets completely across the Volga...
Also, you are totally forgetting about the war in the Pacific against Japan. The U.S. fought (mostly) alone a heavily industrialized and militarized nation of 100+ million people for the duration of the war.
Well, you can also apply group policies to local machines by distributing appropriate.POL files. You do have some sort of automated software installation process, don't you?
Also, mobile users do not need administrator access to their own machines. We have 30% mobile population, and not a single one has admin or even power user rights to their own machine.
The only issue with them not being admins is printer driver installation at remote sites. We solved that problem by pre-loading a bunch of Lexmark, HP, etc. drivers on all machines, and letting plug-n-play take care of driver installation. We get maybe one or two calls a year where we have to remote control the user and to a runas on their machine to install a driver as administrator.
Windows Group Policy can block MSN messenger (or any application, really) from running on any machine to which the policy applies. You can even block apps by the executable's filename or even SHA-1 hash, or allow only approved apps to run.
If you're not using Active Directory and Group Policy to manage your Windows 2000/XP workstations... well, it's time to step out of the late 90's, man.
All he had to do was turn on the built-in firewall for his dial-up connection BEFORE he connected to the internet. No blaster worm, no problem other than the long download wait.
Any decent systems administrator approaches Windows secuirty in this way: Firewall FIRST, then download patches, then download and update AV software.
Most american ISPs (dial-up and broadband) now turn on the XP firewall when you install their custom dialer/spyware/etc. installs, which is a good thing. Having SP2 preinstalled will be better.
Canada has far more guns per capita than the U.S., but a fraction of the gun violence. How do you explain that?
The problem with violence in America has nothing to do with guns. It has everything to do with several generations of American children being given "choices" during their formative years, instead of discipline. Nothing is a child or teen's fault; malicious or criminal behavior in children is forgiven, not punished, and labeled a "disorder".
Dr. Spock, my hippie aunt, and the nearly discipline-free U.S. public schools have brought us where we are today.
Re:Please.. Mr Blunket/Random authority.. Get a cl
on
Cry To Beat Iris Scanners
·
· Score: 2, Interesting
ID checkpoints are good for one thing: they offer security officers an opportunity to study the behavior of people in line. I knew a bouncer in college who could spot fake IDs without looking at the cards themselves. He had experience, trianing, and intuition about the behavior of underage people trying to get into bars, and he was very accurate.
ID checkpoints will only catch the stupid criminals based on the ID itself. But even a well-trained terrorist will have trouble not showing some nerves while being ID-checked by a uniformed officer. With proper training and experience, security officers could identify a pool of people with anamolous behavior that require further watching/screening.
Of course, the TSA probably doesn't train people in behavior observation, and the employees are low-paid and not well motivated. As Bruce Schneier said on the same subject: "We're taking smart people and replacing them with dumb technology, to the detriment of security."
There are a lot of potentially terrific applications for P2P.
Really? What are they?
No P2P application I've ever heard of has sustained a business, not-for-profit, or social movement for long. They all end up being used to violate copyright law, or to waste time flitring with strangers. Even FreeNet consists mostly of (really slow) file-swappers, instead of the oppressed Chinese reformists envisioned by its authors.
I mean, if you really know of a "terrifc application" for P2P, go out make some freaking money!
And don't try to use BitTorrent as an argument. Yeah, it's used to distribute Linux ISOs, but 90+% of BitTorrent traffic is copyrighted movies, music, and warez.
When you find a bug in a Microsoft product, can you really get hold of the programmers? Is the helpdesk really helpful?
Yes, they actually are helpful, and they will bring in development resources when needed. Without too much griping.
A lot of noise was made back in the late 90s by MCPs and other Microsoft-trained people in the field about the poor quality of Microsoft Product Support Services (PSS). This has changed drastically for the better. Now when I call PSS, I get the usual "just checking to see if you're an idiot" guy on the phone, wow him with a bunch of knowledge about the system and the problem, and get kicked up to a higher-level tech almost immediately.
Microsoft PSS will spend days or weeks of man-hours finding and fixing an obscure problem that only my systems are having, all for $295. Usually, it's a configuration thing, a setting that we flipped back in the day for some reason that has been migrated forward over a few upgrades.
If it turns out that an outright bug is responsible, PSS refunds your $295, figures out a workaround, gets the developers to make a patch, and notifies you when it is available.
I have even had Microsoft engineers and developers work with Cisco engineers to figure out a strange authentication issue caused by a Cisco router sending out-of-order UDP packets over load-balanced T1 lines. Microsoft released a workaround in a few days, and a patch in a few weeks, just to compensate for a Cisco bug that I found!
And no, I am not a premier support customer, or even from a large company. I run the network for a 100-seat not-for-profit organization. Not bad support for $295 per incident. Do you think some OSS programmer is going to expend such time and effort for my issue without me paying him more than $295?
Are Microsoft products (Office, in this case) really more bug-free than the major alternatives?
It's certainly better than most other commercial software houses. Have you ever actually tired to use a CA product in a production environment? No fun.
Hushmail already provides exactly the privacy features you describe service for a fee starting at $30 US per year. Without advertising and privacy concerns.
Why bug Google about encryption and privacy? Google is designing Gmail for my mom, who is more than willing to trade a bit of privacy for a free ad-supported email account. She will never use S/MIME, PGP, or anything else like it, since it is too confusing (both conceptually and from a UI standpoint).
If you're concerned about privacy, pony up the less than $2.50 US per month to Hushmail, which specifcally caters to your needs and concerns.
Re:Why are spammers doing this?
on
Paid To Spam
·
· Score: 1
I don't think you know what the hell you're talking about. RBLs do not work in practice.
In my experience administering email server for hundreds of real corporate users, "moderate" RBLs like SpamCop are only about 60% effective at blocking spam. They also produce false positives in the 2% area, which is completely unacceptable in a business environment. Don't even talk to me about SPEWS - yeah, it gets more than 95% of spam, but it also generated 30% or more in false positives during our tests. A lot of people think RBLs "work great", because the quantity of spam spam does indeed go down. But most never even measure the false postive rate - their "good" inbound messages are just sent to/dev/null.
Per-recipient statistical (Bayesian) filtering programs like SpamBayes result in greater than 98% spam capture rate and less than 0.1% false positives.
Also, a good statistical filter is by it's nature a much more intelligent take on the RBL concept, since netblocks and individual addresses are used as spam clues from the Received headers. But now they have probabilities associated with them, rather than being simple "all or nothing" indicators as in an RBL. These "sending host" probailites are only one piece of the puzzle, and are weigthed intelligently with the rest of the message content.
Basically, RBLs were a hack put together in the early days of the spam war. Yes, they encouraged spammers to turn to Trojanned machines as a means of distribution. But spammers may have done that anyway, in order to limit their anonimity in light of spam legislation. In any case, my experimental evidence seems to indicate they are unable to cope with the new spam landscape. The time of the RBL has passed.
Statistical content filters simply work much better than RBLs in practice, which is why you see them on Yahoo, Hotmail, and in every new enterprise-class filtering product.
That said, I'm all for ideas like SPF (which we have implemented), and work-alikes such as Yahoo Domain Keys and Microsoft's domain signatures. If we feed that sort of information into statistical filters, we'll be able to build our own customized domain reputaion lists very quickly. Filtering will be that much more accurate, and less CPU intensive.
...but it doesn't bounce those messages back to the pricks who sent them.
Yours is a really, extraordinarily bad idea that has unfortunately found more than a few misguided sysadmins to implement it.
Spammers forge their return addresses and domains these days, so all you're doing is wasting more internet bandwidth on spam and possibly screwing over some poor schmoe who is getting Joe-jobbed by a spammer.
What's the difference between this and PGP? Other than the latter being well-understood, well-researched, and already in widespread use?
The fact that this requires a key exchange first, and then a password for authentication, gives it absolutely zero advantage over PGP. I dowbt there's even a computational advantage.
I'd like to give the guy the benefit of the doubt, but he's pushing snake-oil. This thing also smells like a "Computer Applications 206" semister-project in the making to me. I'd give him a B for the analysis, and knock that down to a C+ because his solution is so unoriginal.
Since 1996 at least. As I recall, it was part of the reason a lot of non-MS database vendors at the time were squealing about SQL Server 6 posting such good TPC scores with minimal RAM on NT4. Claims of "Cheating", pre-optimization, special OS hooks, etc. Turned out it was just good caching algorithms and good filesystem performance.
Anyway, disk throughput on our 1996-era NT servers simply blew away our NetWare boxes, even though the hardware was similar. And don't get me started about how bad the I/O was on our HP-UX boxes was back then...
Believe it or not, there are (some number greater than ten) smart people working in Redmond, and they do occasionally get something right. I'm glad to see Linux get similar features, presuming the algorithms are original and not patent-encumbered (that's all we need now.)
Yes, OS X, BSD, and the various Linux distributions (i.e. Debian, Mandrake, SUSE, or RedHat ). All easy to install, all easy to maintain, all easy to use.
You, sir, smoke crack. There is no freaking way my sister, Mom, or Dad could ever install any current Linux distribution without several hours of my help. Not Fedora or Mandrake. Certainly not a BSD or Debian.
However, two of these nearly computer-illiterate people were able to install Windows XP on new hard disks without any of my help (Mom got stuck with her not-included printer driver). They were even able to turn on the built-in firewall and automatic updates with less than 5 minutes of instruction from me.
Pre-installing Linux/BSD distros may help here, giving the person a browser and office quite out-of-the-box. But as soon as they want to install QuickBooks, a mapping program, or to play a new game, the feces will hit the fan. You expect Dad to learn how to use apt-get and understand library dependencies?
Linux is "easy to maintain"? Certainly not in this sense. On a windows box, to install something, they just drop in the CD, and click on the "yes, install it" pop-up (which they can, since they have local admin rights on their Windows box). Completely insecure, and it hides a lot of options and information that an experienced user would want. But it's almost totally Dad-proof.
I'll give you OSX - and it's what I recommend to non-techinical people. (It still has the problem of most users running with root-like power by default, though). But people always seem to go with the "cheaper and I already know Windows" box from Dell just to spite me.
The EU is now a very strong force to be reckoned with.
Bullshit. Economic power is a small part of the equation. Is Japan a "force to be reckoned with"? I say, you need some guns to go with all that butter, Europe.
The U.S. military could wipe the continent clean of socialist/elitist Europeans with moderate effort. Even without the Brits backing us.
A few well-placed Tomahawks, a three-hour firefight, and all of us uncouth Americans could party in France like it's 1941!
"What?! Over? Did you say over? Nothing is over until we decide it is! Was it over when the Germans bombed Pearl Harbor? Hell no! And it ain't over now!"
Dude, ever hear of Cogent? 100 Mbps for $1000/month? There are a quite a few other fiber-to-the-business companies out there, at least in downtown Chicago. Some of them even use things like free-space optics to get from building-top to building-top instead of running fiber in the streets.
Exactly what "metorpolitan area" are you in, anyway? Anything smaller than Indianapolis doesn't matter to the Ethernet-metro-LAN types, at least not yet.
Hyperthreading CPU's - how many processor licences do you need? Remember that windows NT4.0 came with a 4 cpu licence, but a hyperthreaded P4 uses up all of XP's (2) processor licences, and if you want to run even a dual processor motherboard its deemed a server.
Wrong. Hyperthreading CPUs are still counted as one CPU for MS licensing purposes. It is physical CPUs that count. So you can still use a motherboard with two Hypterthreaded P4s (resulting in four logical processors) on an MS product licensed for two CPUs.
I had this confirmed by my MS licensing representaive before buying my first dual Hyperthreaded-Xeon server.
Assuming you own something, rent an apartment, have a job, or have a credit card, I'll bet your real name is out there somewhere on the Internet.;-)
Equifax, TransUnion, Lexis-Nexis, et. all. charge for many web-based searches, but you can still find out an alarming amount about someone by posing as a potential creditor and paying the fees.
Hey SatanicPuppy, where'd you get that quote for your sig? Google has only one other reference to it, on a post from a guy calling himself "vDopple". It was also unattributed on that page.
Did you make it up yourself? It sounds like something Twain, Churchill, or P.J. O'Rourke might have said.
In any case, I want to steal it as a sig for my personal email. If you're the author, how should I attribute it? As "Slashdot user #611928"?
Slashdot Mirror
Also, you are totally forgetting about the war in the Pacific against Japan. The U.S. fought (mostly) alone a heavily industrialized and militarized nation of 100+ million people for the duration of the war.
Also, mobile users do not need administrator access to their own machines. We have 30% mobile population, and not a single one has admin or even power user rights to their own machine.
The only issue with them not being admins is printer driver installation at remote sites. We solved that problem by pre-loading a bunch of Lexmark, HP, etc. drivers on all machines, and letting plug-n-play take care of driver installation. We get maybe one or two calls a year where we have to remote control the user and to a runas on their machine to install a driver as administrator.
If you're not using Active Directory and Group Policy to manage your Windows 2000/XP workstations... well, it's time to step out of the late 90's, man.
Unfortunately, chicks like that also mostly imaginary. You've seen The Matrix, Swordfish, and Hackers too many times, my friend.
Any decent systems administrator approaches Windows secuirty in this way: Firewall FIRST, then download patches, then download and update AV software.
Most american ISPs (dial-up and broadband) now turn on the XP firewall when you install their custom dialer/spyware/etc. installs, which is a good thing. Having SP2 preinstalled will be better.
The problem with violence in America has nothing to do with guns. It has everything to do with several generations of American children being given "choices" during their formative years, instead of discipline. Nothing is a child or teen's fault; malicious or criminal behavior in children is forgiven, not punished, and labeled a "disorder".
Dr. Spock, my hippie aunt, and the nearly discipline-free U.S. public schools have brought us where we are today.
ID checkpoints will only catch the stupid criminals based on the ID itself. But even a well-trained terrorist will have trouble not showing some nerves while being ID-checked by a uniformed officer. With proper training and experience, security officers could identify a pool of people with anamolous behavior that require further watching/screening.
Of course, the TSA probably doesn't train people in behavior observation, and the employees are low-paid and not well motivated. As Bruce Schneier said on the same subject: "We're taking smart people and replacing them with dumb technology, to the detriment of security."
Yes, they actually are helpful, and they will bring in development resources when needed. Without too much griping.
A lot of noise was made back in the late 90s by MCPs and other Microsoft-trained people in the field about the poor quality of Microsoft Product Support Services (PSS). This has changed drastically for the better. Now when I call PSS, I get the usual "just checking to see if you're an idiot" guy on the phone, wow him with a bunch of knowledge about the system and the problem, and get kicked up to a higher-level tech almost immediately.
Microsoft PSS will spend days or weeks of man-hours finding and fixing an obscure problem that only my systems are having, all for $295. Usually, it's a configuration thing, a setting that we flipped back in the day for some reason that has been migrated forward over a few upgrades.
If it turns out that an outright bug is responsible, PSS refunds your $295, figures out a workaround, gets the developers to make a patch, and notifies you when it is available.
I have even had Microsoft engineers and developers work with Cisco engineers to figure out a strange authentication issue caused by a Cisco router sending out-of-order UDP packets over load-balanced T1 lines. Microsoft released a workaround in a few days, and a patch in a few weeks, just to compensate for a Cisco bug that I found!
And no, I am not a premier support customer, or even from a large company. I run the network for a 100-seat not-for-profit organization. Not bad support for $295 per incident. Do you think some OSS programmer is going to expend such time and effort for my issue without me paying him more than $295?
It's certainly better than most other commercial software houses. Have you ever actually tired to use a CA product in a production environment? No fun.Why bug Google about encryption and privacy? Google is designing Gmail for my mom, who is more than willing to trade a bit of privacy for a free ad-supported email account. She will never use S/MIME, PGP, or anything else like it, since it is too confusing (both conceptually and from a UI standpoint).
If you're concerned about privacy, pony up the less than $2.50 US per month to Hushmail, which specifcally caters to your needs and concerns.
In my experience administering email server for hundreds of real corporate users, "moderate" RBLs like SpamCop are only about 60% effective at blocking spam. They also produce false positives in the 2% area, which is completely unacceptable in a business environment. Don't even talk to me about SPEWS - yeah, it gets more than 95% of spam, but it also generated 30% or more in false positives during our tests. A lot of people think RBLs "work great", because the quantity of spam spam does indeed go down. But most never even measure the false postive rate - their "good" inbound messages are just sent to /dev/null.
Per-recipient statistical (Bayesian) filtering programs like SpamBayes result in greater than 98% spam capture rate and less than 0.1% false positives.
Also, a good statistical filter is by it's nature a much more intelligent take on the RBL concept, since netblocks and individual addresses are used as spam clues from the Received headers. But now they have probabilities associated with them, rather than being simple "all or nothing" indicators as in an RBL. These "sending host" probailites are only one piece of the puzzle, and are weigthed intelligently with the rest of the message content.
Basically, RBLs were a hack put together in the early days of the spam war. Yes, they encouraged spammers to turn to Trojanned machines as a means of distribution. But spammers may have done that anyway, in order to limit their anonimity in light of spam legislation. In any case, my experimental evidence seems to indicate they are unable to cope with the new spam landscape. The time of the RBL has passed.
Statistical content filters simply work much better than RBLs in practice, which is why you see them on Yahoo, Hotmail, and in every new enterprise-class filtering product.
That said, I'm all for ideas like SPF (which we have implemented), and work-alikes such as Yahoo Domain Keys and Microsoft's domain signatures. If we feed that sort of information into statistical filters, we'll be able to build our own customized domain reputaion lists very quickly. Filtering will be that much more accurate, and less CPU intensive.
And no, I don't work for them. Just a happy customer.
Spammers forge their return addresses and domains these days, so all you're doing is wasting more internet bandwidth on spam and possibly screwing over some poor schmoe who is getting Joe-jobbed by a spammer.
"A fanatic is one who can't change his mind and won't change the subject."
-Winston Chruchill
The fact that this requires a key exchange first, and then a password for authentication, gives it absolutely zero advantage over PGP. I dowbt there's even a computational advantage.
I'd like to give the guy the benefit of the doubt, but he's pushing snake-oil. This thing also smells like a "Computer Applications 206" semister-project in the making to me. I'd give him a B for the analysis, and knock that down to a C+ because his solution is so unoriginal.
Anyway, disk throughput on our 1996-era NT servers simply blew away our NetWare boxes, even though the hardware was similar. And don't get me started about how bad the I/O was on our HP-UX boxes was back then...
Believe it or not, there are (some number greater than ten) smart people working in Redmond, and they do occasionally get something right. I'm glad to see Linux get similar features, presuming the algorithms are original and not patent-encumbered (that's all we need now.)
However, two of these nearly computer-illiterate people were able to install Windows XP on new hard disks without any of my help (Mom got stuck with her not-included printer driver). They were even able to turn on the built-in firewall and automatic updates with less than 5 minutes of instruction from me.
Pre-installing Linux/BSD distros may help here, giving the person a browser and office quite out-of-the-box. But as soon as they want to install QuickBooks, a mapping program, or to play a new game, the feces will hit the fan. You expect Dad to learn how to use apt-get and understand library dependencies?
Linux is "easy to maintain"? Certainly not in this sense. On a windows box, to install something, they just drop in the CD, and click on the "yes, install it" pop-up (which they can, since they have local admin rights on their Windows box). Completely insecure, and it hides a lot of options and information that an experienced user would want. But it's almost totally Dad-proof.
I'll give you OSX - and it's what I recommend to non-techinical people. (It still has the problem of most users running with root-like power by default, though). But people always seem to go with the "cheaper and I already know Windows" box from Dell just to spite me.
And why post AC if you think you have a legitimate point?
That was "boorish American" joke, by the way
The U.S. military could wipe the continent clean of socialist/elitist Europeans with moderate effort. Even without the Brits backing us.
A few well-placed Tomahawks, a three-hour firefight, and all of us uncouth Americans could party in France like it's 1941!
"What?! Over? Did you say over? Nothing is over until we decide it is! Was it over when the Germans bombed Pearl Harbor? Hell no! And it ain't over now!"
Exactly what "metorpolitan area" are you in, anyway? Anything smaller than Indianapolis doesn't matter to the Ethernet-metro-LAN types, at least not yet.
I had this confirmed by my MS licensing representaive before buying my first dual Hyperthreaded-Xeon server.
Equifax, TransUnion, Lexis-Nexis, et. all. charge for many web-based searches, but you can still find out an alarming amount about someone by posing as a potential creditor and paying the fees.
Did you make it up yourself? It sounds like something Twain, Churchill, or P.J. O'Rourke might have said.
In any case, I want to steal it as a sig for my personal email. If you're the author, how should I attribute it? As "Slashdot user #611928"?