Does verizon offer broadband solutions where they have deployed fiber for last mile? There are a number of communities in the DC metro area that were built out fiber, but verizon doesn't have a consumer grade broadband option for those customers, other than IDSL or some such other acronym with "DSL" in it.
and if they used ingress filtering, we'd have no reason to worry about spoofed ips during ddos attacks.
and if they paid attention to their SMTP and proxy servers, we'd have less spam to worry about.
and if they separated their networks, and kept outside access to a bare minimum (DNS, SMTP, HTTP, FTP,...) they'd have another layer of protection when some cracker tries to get at their database.
and if a bullfrog had wings, he wouldn't bump his ass. least that's what my mom says...
That's the point. They want you to buy the Advanced Server release. It will be supported longer.
I buy my servers 1 year warranty. The bigger problem I have is the developers put on custom builds of everything and their documentation is shady. So, it's just another excuse to slap their knuckles and build the server in a way that is easier to upgrade.
Then, when they want some new feature (last week's adventure was netatalk compatible with OSX), I'm not going to say "Goddammit this is fucking ancient! What the hell am I going to do with this?!?!?!?!"
This thread is up around 500 posts at my threshold, but I haven't yet seen listed:
Walter M. Miller Jr - Canticle for Leibowitz, which usually gets mentioned when we have this discussion.
Robert Silverberg - Nightwings and Up the Line were both good. Both recently republished works from the 1960s.
Robert Anton Wilson - what kind of crack is this man on? Can he even function in society? fnord.
Margaret Atwood - The Handmaid's Tale. I've had to read this a couple times for classes, but I had first read it for pleasure. Her other works that i've picked up aren't in the same vein as this one.
19th century Russian lit is another place to go. Tolstoy, Dostoyevsky.
For other good novels, I look up the current AP English reading list, or go to college bookstores for the English 100 books, the point being to read something that may inspire thinking. (too much hemingway, though, people, come on!)
It just depends what you're looking for. Schoolboy escapism, cross cultural narrative, etc. There are dozens of fabulous suggestions in this thread now, and if you're sticking in the SF/F world, you've got plenty to work on. Hugo winners, Nebula winners, now we've basically got the/. award winners.:)
Oh, yeah, go for the Rushdie. He has a great mix of books out. In addition to Ground, Haroun and the Sea of Stories is a nice light novel about a storyteller and his son. Has some humorous bits and some really funny characters. Reads like a folktale.
Eric S. Nylund - Signal to Noise and A Signal Shattered
Someone else in reply to this post suggested Noon, but I just can't get through his stuff. Anybody wants my mostly unread copy of Vurt, you're welcome to it.
I would whole-heartedly disagree with the Lethem recommendation, and replace it with something good, like Silverberg, though his stuff is from the 1960's. Maybe James Morrow.
I kept waiting for something interesting, or witty, or just humorous in Gun, which was really just a march toward a "man has sex with a sheep" situation crossed with Kangaroo Jack and a splash of freezing bad guys, ala Minority Report.
As a harassed citizen, I strongly support the proposed national do-not-call database.
I simply do not see it as the role of the federal government to encourage the continuance of an industry by ignoring the concerns of the public.
At a time when the number of older Americans is going to grow tremendously, their protection from scam artists and con men is more important than providing jobs for the semi-literate scum who interrupt their dinners.
The American economy doesn't need irate consumers. It needs people to stabilize their credit and be responsible with their money. This does not include purchasing magazines, aluminum siding or family portraits from businesses they do not know.
The DMA's half-hearted attempts to appease the American public with their sorry excuse for a do-not-call list has finally been recognized for what it is - a sham. And the public has finally raised their voice and asked the government to devise a more rigorous scheme to curtail the amount of intrusions we must incur simply by having a telephone number.
As a consumer, I can only hope that the Federal goverment will continue to persue these avenues and also address the problem of unsolicited email in the future. Until that time, however, I fully expect the DMA to stand up for the thieves and spammers so that I might also increase the size of my penis by three inches while refinancing my mortgage and protecting my Windows computer from viruses. Being that I have neither a penis, a mortgage, or a computer running Windows, I will rejoice when legislation is passed to finally put an end to unsolicited email, as well.
Ah, yes. Another whiny little post about RPM-based distros.
As another responder so aptly pointed out, the package management system has nothing to do with security, unless you are using file verification as part of your security plan (which isn't a bad idea.. do "rpm -Va" for system-wide verification of all files known about in the rpm database).
However, if you have to support real-world applications, and not just your webserver at the other end of your cable modem, there is another aspect to system security and stability, and that is THIRD PARTY VENDOR SUPPORT.
Now, I realize that the number of guys on/. who actually do stuff for a living that doesn't include final exams is minimal. However, if my boss/engineering staff/customer wants a product for a specific purpose, say, backups, or CRM, or CMS, I don't have the power to say "well, sorry, but we only run StinkyFeet Linux, not Blue Bonnet like that vendor requires". If they don't can me, they'll just go with a Windows-based app to get around that headache.
So then, what good does it do to have several distros around? They all run the SAME PACKAGES, imagine that! And when there is a hole in OpenSausageStuffer on an RPM-based distro, there is going to be a hole in OpenSausageStuffer on a non-RPM-based distro. The Horror!
So instead of having one distro network-wide, which has the same version/feature set across all systems, and the same cronjobs for updates, etc, i now have several, because some fool decided that he didn't have the time to make the appropriate decisions and shut things off. hmmm...
And that doesn't even get into the headache of trying to deploy my own packages, or dealing with the preferences of my users, or with the terms of a contract.
In short, being a stick in the mud about distros isn't going to gain you anything. And not learning how to do your own security in favor of a crutch like Bastille isn't going to gain you anything either. Jay has a good idea, and it's great for noobs, but if I'm paying you (or if you're paying me) to secure a system you better fucking know exactly what is going on. And when security requirements change, you better be able to handle it. Relying on someone else's idea of secure is a place to start, not the final answer to your own security. Security is a process, not a product, no matter what your little imagination tells you.
When it comes to system security, the best distro for the job is the distro you know the best, not the/. poster's favorite distro. A newbie to HandCreamBSD isn't going to be any better off than a newbie to Blue Bonnet Linux.
The only kernel issue i've had on my machines is that the/boot partition (on vendor-installed boxen) is too freaking small to pull their kernels down with up2date and keep the old ones around with the new ones, especially with big Dell boxes (SMP, bigmem...sweet machines, really)
but that is being fixed, according to bugzilla.
but, since it's Red Hat, carry on with your bitching. red hat's customers, partners, and resellers are obviously smoking crack, and you are obviously grand 1337 master of the server room.
:P
Wasn't that better than me adding to your "Troll" total?
And yet religion doesn't prevent or treat those things...
Take, for instance, the Amish and Mennonites. They are a closed gene pool and have the market cornered on weird genetic diseases, weird shit like kidneys not working correctly in addition to the cliche six fingers. see here and here
As for eugenics, would we have eugenics without anti-semites like Henry Ford and Adolf Hilter?
Religion isn't the moral compass that people want it to be. It's a method for identifying yourself , your group affiliation, and your place in the world. It's just as easily bastardized for inhumane purposes as anything else.
Cashier's checks look different at every bank. You can't expect the FedEx guy to whip out his cel phone and call the bank right at the guy's doorstep to check out the legitimacy of the paperwork.
He's just the messenger.
's almost as bad as relying on the manager at McDonald's to catch counterfeit $20s.
Mac users are a posse, man. They're like one big inbred family. They trust other Mac users 'cause they have some bizarre kinship for being on the short end of the tech stick.
Hence, the female stars wearing shoes all the time. I'm sorry, but high heels in bed is just going to rip up the sheets. And heels around the pool? Are you insane? Who wants a nice tan with shoe lines?
But it's really just about having a great pair of... shoes. Yeah, shoes.
While throttling is an interesting idea, it can be no replacement for methods that have been available for some time.
Patching your goddamn systems
ingress and egress filtering of IP addresses, at the local LAN and ISP level, to prevent IP address spoofing
using some common sense when filtering outbound traffic. does my web server need to be able to initialize outbound connections? no? then why does it?
host-based firewalling. reporting based on permitting outbound connections to known services to prevent droning of workstations
get rid of Outlook. if you're going to sit there and tell me that using Outlook is more important than the chance your financial statements, contract bids, salary information, etc gets sent offsite, you're insane
get HR and legal involved in the security policy. make turning off the host firewall and virus protection a terminable offense, up there with trying to access forbidden data
No unencrypted communications with business partners and customers
NAT everyone. Your accountant does not need a publicly-accessible workstation
VPN. It's a nice idea, but do you trust the marketing director's teenage kids on the computer at the other end?
Now. why don't these things happen? Time. Money. Combination of both. Convenience. Lack of understanding on the part of users.
But the big one is the belief that security is a product that can be purchased, that there is a quick fix out there that will solve all your security ills and hide you from all the bad guys.
Security is a PROCESS. Better yet, it's a combination of processes, relating to employees at all levels of your organization, from the CEO to the custodial service contracted by your property manager. Hell, even building safer software isn't going to help you if your users refuse to use it 'cause it's a pain in the ass. Remember, they believe in the panacea of the "single sign-on". They put their passwords on post-its around their workstations. They keep their contacts (oh help us) in their Hotmail addressbook, regardless of how many 'sploits have been uncovered in Hotmail. They're afraid of computers.
Security is expensive. And it should be, because it has to be done right. You need user participation, on all levels. It requires education and training, and a reduction in ease of use.
true. since they all think AOL is the internet anyway, and AOL is dragging their feet with the non-Windows versions.
(shudders convulsively remembering teaching college freshmen how to use a non-AOL browser to search...)
And we all know that it's so much more beneficial to 'know Word' than it is to 'know how to use a word processor', except that your knowledge of Word only applies to one version, since Microsoft's most apparent changes are to move things around in the menus between revs. (which then completely obsoletes all user manuals or instruction materials you may have at your school)
As far as using a cd as a secure server, it is very cool, though I would recommend you build your own and use something like bblcd where you have more control over what's going on.
A bunch of things have to go into a ramdisk to be usable on a run-from-cd distro. That stuff can be altered, and the part you lose is the logs written to harddisk, which is kinda handy to have if something happens.
anyway, it is neat to do. bblcd is easy if you read the directions. knoppix is neat and i gave it out to my students so they could keep their windows machines for their other classes, though the chance of them ever seeing debian in their future jobs is slim to none, and seeing Red Hat only slightly more likely (which is what the class was taught on).
--mandi
Re:The window
on
Due Diligence?
·
· Score: 3, Informative
that's the point of up2date. Neither of those things will happen.
up2date runs with gpg signatures on all packages
and it checks all dependencies. And, since the packages are built by a company trying to guarantee you can run oracle on your box rather than a couple of dudes in a basement, the packages and their dependencies are correct and current.
Slashdot Mirror
does such a product exist?
--mandi
and if they paid attention to their SMTP and proxy servers, we'd have less spam to worry about.
and if they separated their networks, and kept outside access to a bare minimum (DNS, SMTP, HTTP, FTP, ...) they'd have another layer of protection when some cracker tries to get at their database.
and if a bullfrog had wings, he wouldn't bump his ass. least that's what my mom says...
--mandi
I buy my servers 1 year warranty. The bigger problem I have is the developers put on custom builds of everything and their documentation is shady. So, it's just another excuse to slap their knuckles and build the server in a way that is easier to upgrade.
Then, when they want some new feature (last week's adventure was netatalk compatible with OSX), I'm not going to say "Goddammit this is fucking ancient! What the hell am I going to do with this?!?!?!?!"
ah, but anyway.
--mandi
A closer parallel would be the kid who checks your license at the movie theater.
i don't always get carded at the bar, but i usually get carded for R.
--mandi
Walter M. Miller Jr - Canticle for Leibowitz, which usually gets mentioned when we have this discussion.
Robert Silverberg - Nightwings and Up the Line were both good. Both recently republished works from the 1960s.
Robert Anton Wilson - what kind of crack is this man on? Can he even function in society? fnord.
Margaret Atwood - The Handmaid's Tale. I've had to read this a couple times for classes, but I had first read it for pleasure. Her other works that i've picked up aren't in the same vein as this one.
19th century Russian lit is another place to go. Tolstoy, Dostoyevsky.
For other good novels, I look up the current AP English reading list, or go to college bookstores for the English 100 books, the point being to read something that may inspire thinking. (too much hemingway, though, people, come on!)
It just depends what you're looking for. Schoolboy escapism, cross cultural narrative, etc. There are dozens of fabulous suggestions in this thread now, and if you're sticking in the SF/F world, you've got plenty to work on. Hugo winners, Nebula winners, now we've basically got the /. award winners. :)
Have fun.
--mandi
--mandi
--mandi
Peter Watts - Starfish and Maelstrom
Eric S. Nylund - Signal to Noise and A Signal Shattered
Someone else in reply to this post suggested Noon, but I just can't get through his stuff. Anybody wants my mostly unread copy of Vurt, you're welcome to it.
--mandi
I kept waiting for something interesting, or witty, or just humorous in Gun, which was really just a march toward a "man has sex with a sheep" situation crossed with Kangaroo Jack and a splash of freezing bad guys, ala Minority Report.
--mandi
I simply do not see it as the role of the federal government to encourage the continuance of an industry by ignoring the concerns of the public.
At a time when the number of older Americans is going to grow tremendously, their protection from scam artists and con men is more important than providing jobs for the semi-literate scum who interrupt their dinners.
The American economy doesn't need irate consumers. It needs people to stabilize their credit and be responsible with their money. This does not include purchasing magazines, aluminum siding or family portraits from businesses they do not know.
The DMA's half-hearted attempts to appease the American public with their sorry excuse for a do-not-call list has finally been recognized for what it is - a sham. And the public has finally raised their voice and asked the government to devise a more rigorous scheme to curtail the amount of intrusions we must incur simply by having a telephone number.
As a consumer, I can only hope that the Federal goverment will continue to persue these avenues and also address the problem of unsolicited email in the future. Until that time, however, I fully expect the DMA to stand up for the thieves and spammers so that I might also increase the size of my penis by three inches while refinancing my mortgage and protecting my Windows computer from viruses. Being that I have neither a penis, a mortgage, or a computer running Windows, I will rejoice when legislation is passed to finally put an end to unsolicited email, as well.
--mandi
Except the keyboard and mouse.
--mandi
As another responder so aptly pointed out, the package management system has nothing to do with security, unless you are using file verification as part of your security plan (which isn't a bad idea.. do "rpm -Va" for system-wide verification of all files known about in the rpm database).
However, if you have to support real-world applications, and not just your webserver at the other end of your cable modem, there is another aspect to system security and stability, and that is THIRD PARTY VENDOR SUPPORT.
Now, I realize that the number of guys on /. who actually do stuff for a living that doesn't include final exams is minimal. However, if my boss/engineering staff/customer wants a product for a specific purpose, say, backups, or CRM, or CMS, I don't have the power to say "well, sorry, but we only run StinkyFeet Linux, not Blue Bonnet like that vendor requires". If they don't can me, they'll just go with a Windows-based app to get around that headache.
So then, what good does it do to have several distros around? They all run the SAME PACKAGES, imagine that! And when there is a hole in OpenSausageStuffer on an RPM-based distro, there is going to be a hole in OpenSausageStuffer on a non-RPM-based distro. The Horror!
So instead of having one distro network-wide, which has the same version/feature set across all systems, and the same cronjobs for updates, etc, i now have several, because some fool decided that he didn't have the time to make the appropriate decisions and shut things off. hmmm...
And that doesn't even get into the headache of trying to deploy my own packages, or dealing with the preferences of my users, or with the terms of a contract.
In short, being a stick in the mud about distros isn't going to gain you anything. And not learning how to do your own security in favor of a crutch like Bastille isn't going to gain you anything either. Jay has a good idea, and it's great for noobs, but if I'm paying you (or if you're paying me) to secure a system you better fucking know exactly what is going on. And when security requirements change, you better be able to handle it. Relying on someone else's idea of secure is a place to start, not the final answer to your own security. Security is a process, not a product, no matter what your little imagination tells you.
When it comes to system security, the best distro for the job is the distro you know the best, not the /. poster's favorite distro. A newbie to HandCreamBSD isn't going to be any better off than a newbie to Blue Bonnet Linux.
--mandi
The only kernel issue i've had on my machines is that the /boot partition (on vendor-installed boxen) is too freaking small to pull their kernels down with up2date and keep the old ones around with the new ones, especially with big Dell boxes (SMP, bigmem...sweet machines, really)
but that is being fixed, according to bugzilla.
but, since it's Red Hat, carry on with your bitching. red hat's customers, partners, and resellers are obviously smoking crack, and you are obviously grand 1337 master of the server room.
Wasn't that better than me adding to your "Troll" total?
--mandi
running "strings" on a .doc xml file would dump just the tags.
that would be funny.
--mandi
Take, for instance, the Amish and Mennonites. They are a closed gene pool and have the market cornered on weird genetic diseases, weird shit like kidneys not working correctly in addition to the cliche six fingers. see here and here
As for eugenics, would we have eugenics without anti-semites like Henry Ford and Adolf Hilter?
Religion isn't the moral compass that people want it to be. It's a method for identifying yourself , your group affiliation, and your place in the world. It's just as easily bastardized for inhumane purposes as anything else.
--mandi
Cashier's checks look different at every bank. You can't expect the FedEx guy to whip out his cel phone and call the bank right at the guy's doorstep to check out the legitimacy of the paperwork.
He's just the messenger.
's almost as bad as relying on the manager at McDonald's to catch counterfeit $20s.
Mac users are a posse, man. They're like one big inbred family. They trust other Mac users 'cause they have some bizarre kinship for being on the short end of the tech stick.
Like us here, only with the social stick...
--mandi
Which, of course, is never.
Unless you wanna sleep on the couch...
--mandi
RISC architecture is gonna change everything.
Hence, the female stars wearing shoes all the time. I'm sorry, but high heels in bed is just going to rip up the sheets. And heels around the pool? Are you insane? Who wants a nice tan with shoe lines?
But it's really just about having a great pair of ... shoes. Yeah, shoes.
--mandi
I'm a little more concerned about my freedom to choose, freedom of speech, and freedom (from) of religion under our current regime.
But I am probably just messed in the head.
--mandi
Now. why don't these things happen? Time. Money. Combination of both. Convenience. Lack of understanding on the part of users.
But the big one is the belief that security is a product that can be purchased, that there is a quick fix out there that will solve all your security ills and hide you from all the bad guys.
Security is a PROCESS. Better yet, it's a combination of processes, relating to employees at all levels of your organization, from the CEO to the custodial service contracted by your property manager. Hell, even building safer software isn't going to help you if your users refuse to use it 'cause it's a pain in the ass. Remember, they believe in the panacea of the "single sign-on". They put their passwords on post-its around their workstations. They keep their contacts (oh help us) in their Hotmail addressbook, regardless of how many 'sploits have been uncovered in Hotmail. They're afraid of computers.
Security is expensive. And it should be, because it has to be done right. You need user participation, on all levels. It requires education and training, and a reduction in ease of use.
There is no magic wand.
--mandi
(shudders convulsively remembering teaching college freshmen how to use a non-AOL browser to search...)
And we all know that it's so much more beneficial to 'know Word' than it is to 'know how to use a word processor', except that your knowledge of Word only applies to one version, since Microsoft's most apparent changes are to move things around in the menus between revs. (which then completely obsoletes all user manuals or instruction materials you may have at your school)
--mandi
A bunch of things have to go into a ramdisk to be usable on a run-from-cd distro. That stuff can be altered, and the part you lose is the logs written to harddisk, which is kinda handy to have if something happens.
anyway, it is neat to do. bblcd is easy if you read the directions. knoppix is neat and i gave it out to my students so they could keep their windows machines for their other classes, though the chance of them ever seeing debian in their future jobs is slim to none, and seeing Red Hat only slightly more likely (which is what the class was taught on).
--mandi
up2date runs with gpg signatures on all packages
and it checks all dependencies. And, since the packages are built by a company trying to guarantee you can run oracle on your box rather than a couple of dudes in a basement, the packages and their dependencies are correct and current.
--mandi
I won't tell you why i registered it, but suffice to say it gets about 25 Adult-themed emails a day.
Which isn't bad considering i only ever used it with one merchant, actually. :)
So you can keep all those great offers for yourself. I won't be jealous, i promise!
--mandi