Because Outlook Express is a pretty mediocre piece of software all the way around?
2. doesn't support IPsec tunnel?
Huh? Windows supports IPSec tunnels just fine, as long as you aren't using Win95/98/ME. You aren't using ME, are you?
3. still supports Frontpage?
Umm, because it's a successful commercial product? Duh? Perhaps you meant to ask why they don't improve FrontPage in any meaningful way?
4. doesn't let you see whats going on (netstat on unix shows process related to the socket opened, windows does not)
NETSTAT -O on Win XP and Win 2003 shows the PID; run TLIST from the Resource Kit or TASKLIST on XP/2003, or simply look in Task Manager to identify the process.
Why is the only way to somewhat-secure Windows limited to buying third-party apps?
It isn't, but as long as the majority of Windows admins display your level of ignorance and incompetence, the third-party vendors will continue to do a brisk business with folks who'd rather click a big friendly button than RTFM.
I'd love to hear the explanation of just whom, exactly, that terminology is supposed to offend, and why.
"The County of Los Angeles actively promotes and is committed to ensure a work environment that is free from any discriminatory influence be it actual or perceived."
It's a license for idiocy. There doesn't have to actually be any "discriminatory influence;" all that is required is for at least one person to imagine that there is.
"We would request that each manufacturer, supplier and contractor review, identify and remove/change any identification or labeling of equipment or components thereof that could be interpreted as discriminatory or offensive in nature..."
And there just isn't any end to what *could* be interpreted as discriminatory of offensive, if you're sufficiently creative in your stupidity.
I'd be tempted to complain that labelling electrical and telecommunications plugs and jacks as "male" and "female" is offensive, and insist on the removal of all such plugs. Oh, and while they're at it, they need to change the name of the county, since "Los Angeles" might be offensive to atheists and non-Hispanics.
I feel very sorry for the county workers (not to mention the citizens!) who have to suffer under "leadership" like this.
The white paper is surprisingly detailed, which makes it actually useful - it even mentions specific non-Microsoft products (such as Trend Micro Viruswall.)
But security through obscurity is alive and well at Microsoft. Tell me, when you select "store password using reversible encryption" in Active Directory, what algorithm is used to (reversibly) encrypt the user passwords? Where are the published specifications for PPTP? For MS-RDP? Obscurity goes hand-in-hand with closed source.
Note that, especially for corporate security, obscurity is a legitimate component of "defense in depth." I might mandate standards-based encryption; maybe even open-source firewalls based on an open-source OS. But it's none of yer business what kind of firewall or IDS or smart cards I'm using. That's for me to know, and you to try to find out.
What is unfortunately obscure in this white paper is the name(s) of the author(s). I know a few people involved with security at Microsoft. I was curious whether any of them had a hand in this. But there's no indication of authorship at all. I suppose it was written by the collective. How's that for obscure?
"Just out of curiosity, how do you run SMS on Win95?"
Of course you can't run SMS on Win95, but there is a client - as there is for 3.11. Since you described "a disparate network comprising...3.11, 95, NT, 2000, XP" I figured that there was a server or two in there. If they're all workstations, then I would have to leave my office.
"As for 3.11, you might want or need to run it on modern hardware because the old hw is on the point of failure and the proprietary app it is running cannot be easily replaced. At least you own the licence..."
Nowadays, I'd use the magic of VMWare.:>)
"Typical staffing ratios that I have seen (and I am sure you will beg to differ) are approx 1/30 users for windows and 1/100 users for unix."
Why would I beg to differ? Most Windows networks aren't run well. And even when they are, you'd still probably have a higher staffing ratio than a UNIX network.
Sorry about your mail server. But then, there's no point replacing SENDMAIL with Exchange unless you're taking advantage of Exchange's groupware capabilities. If it's just an SMTP/POP3 replacement, then it is a waste of time and money.
"A guy who can maintain era 3.11? 95? NT? 2000? XP? I know one or two guys who can do them all. A guy who can do software upgrades on a disparate netowrk comprising all of those systems in an afternoon without leaving his office?"
That's not really all that hard, especially with the right tools. Although I'd question what kind of software upgrades you'd be installing on 3.11 systems.
Yeah, let's break authentication. That'll be great. The fact that you generally sound like you know what you're talking about, and have been modded up as "Insightful," but would still suggest that IE "stop interpreting" this kind of URL goes a long way towards showing just how hard it is to make any software idiot-proof.
Especially MS Internet Explorer, which is specifically designed to be used by your average technically-ignorant user - home and corporate.
"None of the Unix or Linux viruses became widespread - most were confined to the laboratory."
It's clear that the author includes worms in his definition of "viruses." The first worm I had ever heard of was the Morris Worm, which most certainly did impact UNIX machines, and was very widespread in terms of percentage of infected machines back in 1988.
I agree with the premise to some degree, but I consider a significant amount of the author's "evidence" to be FUD, distorted or simply wrong.
Between the local radio stations and web radio, why pay?
Are you nuts? This has to be a troll. The evil that is Clear Channel is putting the finishing touches on destroying whatever chance you might have of hearing good commercial radio. Playlists are smaller and lamer than ever. Radio sucks ass.
Launchcast rocked at first, when you could actually use it as a collaborative tool to find new (or new to you) music you liked. But Yahoo and the RIAA have finished turning it into useless poo as well.
Ten years ago, I bought CDs at the rate of 5-10 per week. This calendar year, I have purchased zero. And it isn't because I'm downloading MP3s - I'm not, and never have. It's because the music on commercial radio doesn't appeal to me, and there really isn't any good avenue for finding music I might enjoy among the 90% of music that doesn't get any airplay.
Then again, if you don't own any music at all, I'd conclude that you don't really give much of a damn about music anyway. So what's your point?
OK, then if you've done your part to explain the problem to them, and they're not listening, I suppose it's not your fault. But that doesn't change the fact there's a serious problem here....
Yup, but it often isn't "idiot admins."
Picture a company smaller than yours. A "small business" - ten to twenty-five employees, let's say.
The target market for, god help us, Microsoft Small Business Server. Yeah, the product that's a Domain Controller, SQL server, Exchange server, file server, web server, firewall and proxy server all in one! Joy!
They have one server. With gobs of fragile, interdependent software waiting to go haywire after a bad patch or service pack install.
If they can even afford a full-time admin who can deploy patches as soon as they are released, there is no test server.
Even if their admin or "computer guy" has bothered to make backups, (s)he has to wait until no one is using the system, and then pray that Microsoft (or some other vendor!) doesn't hose them. Because a restore operation isn't going to be quick & easy.
There are a lot of small businesses out there in just this situation, and the folks who support them are often doing the best they can.
Don't even get me started on college campuses. If you think controlling student systems is a pain in the ass, try the faculty.
I don't know what you need to do to fix this problem in your infrastructure--you may have to dramatically cut back on the services you offer to your organization
Do the IT/IS admins in your place of business choose which services to "offer" to the rest of the company? Must be nice to be the BOFH, eh?
Here in the real world, the executives dictate which services will be implemented, under what budget, and according to what timeline. You may be able to suggest a different method of implementation, or maybe even convince them that a given service is unneccessary (yeah, right) but once it's been deployed, there's no way in hell they want to hear about you taking it away from them! If you won't give them what they want, even if it's stupid, they certainly can and will find someone who will.
build your network in a manner to deny any entrance from worms. The exploits are all well known, their propogating ports are well known, build firewalls and DMZ's where appropriate.
Patching isn't your only option.
And firewalls shouldn't be your only defense, or the first dipstick who brings an infected laptop in to work and plugs it into your network will bring all of your unpatched systems down. Firewalls are not enough on a real business or campus network. Firewalls, applying patches, a good antivirus system, and diligent, competent admins are all necessary to prevent and/or contain worm and virus outbreaks.
If you are responsible for a Windows-based network, and your virus control strategy can be described as set-and-forget, you're gonna get hammered.
"Yes, but mainly lawyers and people too dumb to get out of Jury Duty"
In an article which features so many complaints about failure to take personal responsibility, I think it's worth pointing out that responsible citizens do not avoid jury duty.
If we had more smart people stepping up to the plate and serving on juries, we'd help make sure that the bad guys receive appropriate punishments, and that the frivolous lawsuits fail.
If you brag that you're "smart enough" to get out of jury duty, then don't complain about stupid court decisions, because you're part of the problem!
I wrote a PostScript program to generate Mandelbrot Set images back in '87, when I was learning the language.
It was slower than hell (and I'm not a very good coder anyway, so I'm sure it wasn't very efficient) but it was cool, and the software engineers writing the PostScript clone for our company started using it as a speed test for new revisions of code.
I just thought it was a more interesting project than "Hello World."
Slashdot Mirror
Because Outlook Express is a pretty mediocre piece of software all the way around?
2. doesn't support IPsec tunnel?
Huh? Windows supports IPSec tunnels just fine, as long as you aren't using Win95/98/ME. You aren't using ME, are you?
3. still supports Frontpage?
Umm, because it's a successful commercial product? Duh? Perhaps you meant to ask why they don't improve FrontPage in any meaningful way?
4. doesn't let you see whats going on (netstat on unix shows process related to the socket opened, windows does not)
NETSTAT -O on Win XP and Win 2003 shows the PID; run TLIST from the Resource Kit or TASKLIST on XP/2003, or simply look in Task Manager to identify the process.
Why is the only way to somewhat-secure Windows limited to buying third-party apps?
It isn't, but as long as the majority of Windows admins display your level of ignorance and incompetence, the third-party vendors will continue to do a brisk business with folks who'd rather click a big friendly button than RTFM.
I'd be tempted to complain that labelling electrical and telecommunications plugs and jacks as "male" and "female" is offensive, and insist on the removal of all such plugs. Oh, and while they're at it, they need to change the name of the county, since "Los Angeles" might be offensive to atheists and non-Hispanics.
I feel very sorry for the county workers (not to mention the citizens!) who have to suffer under "leadership" like this.
But security through obscurity is alive and well at Microsoft. Tell me, when you select "store password using reversible encryption" in Active Directory, what algorithm is used to (reversibly) encrypt the user passwords? Where are the published specifications for PPTP? For MS-RDP? Obscurity goes hand-in-hand with closed source.
Note that, especially for corporate security, obscurity is a legitimate component of "defense in depth." I might mandate standards-based encryption; maybe even open-source firewalls based on an open-source OS. But it's none of yer business what kind of firewall or IDS or smart cards I'm using. That's for me to know, and you to try to find out.
What is unfortunately obscure in this white paper is the name(s) of the author(s). I know a few people involved with security at Microsoft. I was curious whether any of them had a hand in this. But there's no indication of authorship at all. I suppose it was written by the collective. How's that for obscure?
Of course you can't run SMS on Win95, but there is a client - as there is for 3.11. Since you described "a disparate network comprising...3.11, 95, NT, 2000, XP" I figured that there was a server or two in there. If they're all workstations, then I would have to leave my office.
"As for 3.11, you might want or need to run it on modern hardware because the old hw is on the point of failure and the proprietary app it is running cannot be easily replaced. At least you own the licence..."
Nowadays, I'd use the magic of VMWare. :>)
"Typical staffing ratios that I have seen (and I am sure you will beg to differ) are approx 1/30 users for windows and 1/100 users for unix."
Why would I beg to differ? Most Windows networks aren't run well. And even when they are, you'd still probably have a higher staffing ratio than a UNIX network.
Sorry about your mail server. But then, there's no point replacing SENDMAIL with Exchange unless you're taking advantage of Exchange's groupware capabilities. If it's just an SMTP/POP3 replacement, then it is a waste of time and money.
But you didn't.
"A guy who can maintain era 3.11? 95? NT? 2000? XP? I know one or two guys who can do them all. A guy who can do software upgrades on a disparate netowrk comprising all of those systems in an afternoon without leaving his office?"
That's not really all that hard, especially with the right tools. Although I'd question what kind of software upgrades you'd be installing on 3.11 systems.
2. Stop interpreting scam-friendly http://ebay.com:url@123456/ urls
Yeah, let's break authentication. That'll be great. The fact that you generally sound like you know what you're talking about, and have been modded up as "Insightful," but would still suggest that IE "stop interpreting" this kind of URL goes a long way towards showing just how hard it is to make any software idiot-proof.
Especially MS Internet Explorer, which is specifically designed to be used by your average technically-ignorant user - home and corporate.
It's clear that the author includes worms in his definition of "viruses." The first worm I had ever heard of was the Morris Worm, which most certainly did impact UNIX machines, and was very widespread in terms of percentage of infected machines back in 1988.
I agree with the premise to some degree, but I consider a significant amount of the author's "evidence" to be FUD, distorted or simply wrong.
Are you nuts? This has to be a troll. The evil that is Clear Channel is putting the finishing touches on destroying whatever chance you might have of hearing good commercial radio. Playlists are smaller and lamer than ever. Radio sucks ass.
Launchcast rocked at first, when you could actually use it as a collaborative tool to find new (or new to you) music you liked. But Yahoo and the RIAA have finished turning it into useless poo as well.
Ten years ago, I bought CDs at the rate of 5-10 per week. This calendar year, I have purchased zero. And it isn't because I'm downloading MP3s - I'm not, and never have. It's because the music on commercial radio doesn't appeal to me, and there really isn't any good avenue for finding music I might enjoy among the 90% of music that doesn't get any airplay.
Then again, if you don't own any music at all, I'd conclude that you don't really give much of a damn about music anyway. So what's your point?
Yup, but it often isn't "idiot admins." Picture a company smaller than yours. A "small business" - ten to twenty-five employees, let's say.
The target market for, god help us, Microsoft Small Business Server. Yeah, the product that's a Domain Controller, SQL server, Exchange server, file server, web server, firewall and proxy server all in one! Joy!
They have one server. With gobs of fragile, interdependent software waiting to go haywire after a bad patch or service pack install.
If they can even afford a full-time admin who can deploy patches as soon as they are released, there is no test server.
Even if their admin or "computer guy" has bothered to make backups, (s)he has to wait until no one is using the system, and then pray that Microsoft (or some other vendor!) doesn't hose them. Because a restore operation isn't going to be quick & easy.
There are a lot of small businesses out there in just this situation, and the folks who support them are often doing the best they can.
Don't even get me started on college campuses. If you think controlling student systems is a pain in the ass, try the faculty.
Enjoy being the BOFH while you can!
Do the IT/IS admins in your place of business choose which services to "offer" to the rest of the company? Must be nice to be the BOFH, eh?
Here in the real world, the executives dictate which services will be implemented, under what budget, and according to what timeline. You may be able to suggest a different method of implementation, or maybe even convince them that a given service is unneccessary (yeah, right) but once it's been deployed, there's no way in hell they want to hear about you taking it away from them! If you won't give them what they want, even if it's stupid, they certainly can and will find someone who will.
Patching isn't your only option.
And firewalls shouldn't be your only defense, or the first dipstick who brings an infected laptop in to work and plugs it into your network will bring all of your unpatched systems down. Firewalls are not enough on a real business or campus network. Firewalls, applying patches, a good antivirus system, and diligent, competent admins are all necessary to prevent and/or contain worm and virus outbreaks.
If you are responsible for a Windows-based network, and your virus control strategy can be described as set-and-forget, you're gonna get hammered.
In an article which features so many complaints about failure to take personal responsibility, I think it's worth pointing out that responsible citizens do not avoid jury duty.
If we had more smart people stepping up to the plate and serving on juries, we'd help make sure that the bad guys receive appropriate punishments, and that the frivolous lawsuits fail.
If you brag that you're "smart enough" to get out of jury duty, then don't complain about stupid court decisions, because you're part of the problem!
-have no idea who said this.
According to this site it's from News Radio.
Yeah, I found it by using Google.
I read it as Port Address Translation. Expansion of acronyms would be helpful in the original post. -Chuck
I wrote a PostScript program to generate Mandelbrot Set images back in '87, when I was learning the language.
It was slower than hell (and I'm not a very good coder anyway, so I'm sure it wasn't very efficient) but it was cool, and the software engineers writing the PostScript clone for our company started using it as a speed test for new revisions of code.
I just thought it was a more interesting project than "Hello World."
Still have the code around here, somewhere.