Cingular, which absorbed AT&T Wireless in October 2004 when it was purchased by SBC and BellSouth (and now owned by new AT&T and BellSouth), will also have its name dropped in favor of the AT&T name.
From MSNBC: After spending millions of dollars to rebrand AT&T Wireless Services Inc. stores as Cingular stores and hundreds of millions of dollars more on marketing the new Cingular after its $41 billion acquisition of AT&T Wireless in October 2004, Cingular will now become AT&T if the merger with BellSouth is completed.
So for all of those who at one time had AT&T Wireless as your cell provider and stuck with them through the Cingular Wireless purchase and are still with them, you'll now be moved back to the (new) AT&T brand. I would have been one of them had my compnay not switched to T-Mobile 3 weeks ago.
I used to work for a certificate authority (disclaimer: it wasn't Verisign), and the weakest link in any security is always the end user.
During my tenure, we were issued hardware tokens that had our individual cert on it, and we could use the cert for any number of things (such as email authentication, email signing, logging into online banking, encrypting and storing documents using an electronic vault, etc). But it was also inconvenient as we had to be using a machine that could read and utilize the USB token.
If you had physical access to someone's hardware token, it wasn't difficult to use it to pretend you were someone else. End users select very week passwords, usually have the passwords to their tokens written down on post-it notes stuck to their screen or on their desk, and people in general are just too trusting.
As other posters have mentioned, you could ask a end user to USPS their hardware token to you with their password and all other relevent information, and many end users would probably do it without question.
Why hasn't digital certificates become more mainstream? Its still too inconvenient in many cases, and, it doesn't fix the weakest link - the end user.
People today demand convenience, and having to carry around a physical hardware token to do things on-line just is not convenient, especially when you find yourself in front of a computer that doesn't have USB, doesn't know how to read the USB token, or doesn't have the appropiate software to utilize the hardware token in the first place.
Its harder to increase the capacity of a fault tolerant system - at some point you reach a limit as to how many CPUs and memory you can add, and to a lesser extent, the amount of disk (assuming you use a storage area network).
With a cluster, you simply add another machine to the cluster when you need more computing power. You can also take a single machine off the cluster for upgrades, hardware troubleshooting, or to reallocate the single machine to do something else.
As other posters have said, a large factor in deciding what to do depends on the application. Google wouldn't be where they are today if they used a fault tolerant system instead of the massive cluster technology they use today. In fact you could say that Google has built a fault tolerant system using cluster technology.
On the other hand, there are some apps (such as databases) that are tricky to cluster right where the performance/benefit outweighs the problems associated with it.
Part of the issue is that there are people who do bad things out there. And when bad things happen (Oklahoma City, 9/11, murder, kidnapping) people begin to ask why law enforcement wasn't able to stop the bad people before the bad thing happened.
I think that many of the laws that are put in place because of this are really overreaching, but on the other hand, if you were doing something illegal and found out that, starting the next day your phone was going to be tapped, you were going to be followed, and your every move was going to be scrutinized because law enforcement *thought* that you were doing someting illegal, you would most likely, overnight, come up with a game plan to make it look like you were just an ordinary law abiding citizen.
Sure there are people who abuse their power, and that is where the problem lies - it isn't necessarily with the law itself, its with the people who enforce the law thats the problem.
We in the US battle over whether its constitutional to have "under god" in the pledge of allegiance and whether "free speach" really means free speach.
Another analogy - corporations will (well, okay, they should) put a lot of time and effort into network security because it only takes one person on the inside, who has inside knowledge, to steal company data (whether it be customer data such as SSNs and credit card info or other confidential data). If everyone were trustworthy, there would be no need for network monitoring for threats. Likewise, if everyone were trustworthy and always obeyed the law and never did anything illegal, we wouldn't have all of these laws that dictate basically that we have no privacy anymore.
The problem is, how do you know before something bad happens who the bad people are?
According to MSNBC, the FBI wouldn't have used Carnivor all that much if they were still using it.
he FBI performed only eight Internet wiretaps in fiscal 2003 and five in fiscal 2002; none used the software initially called Carnivore and later renamed the DCS-1000, according to FBI documents submitted to Senate and House oversight committees. The FBI, which once said Carnivore was "far better" than commercial products, said previously it had used the technology about 25 times between 1998 and 2000.
Carnivor was not a system designed to watch Internet traffic 24/7/365 and flag stuff that looked like potential usefull data on random people. It was used to monitor people who were already under investigation.
I don't hear many people cry foul over a regular telephone wiretap, which is done for the same reasons under the same circumstances - they wiretap telephones of people who are already under investigation (I realize that Eschelon is different, but Eschelon is not a telephone wiretap on a suspect's phone. Its a wiretap on all communications, or so some people claim).
And the Patriot Act does require a court order to do most things. Its just that its not the courts that we think about. Its a secret court. There have been articles on the very subject.
I don't believe that the FBI simply randomly picks people to monitor and do searches of houses at random, etc. There is some "oversight", although to most of us, that "oversight" is secret (yes, that can lead to abuse).
That isn't to say that Registrars cannot simply deny the transfer though. The *current* Registrar cannot deny the transfer of a domain to a different Registrar if:
Instances when the requested change of Registrar may not be denied include, but are not limited to:
* Nonpayment for a pending or future registration period
* No response from the Registered Name Holder or Administrative Contact.
* Domain name in Registrar Lock Status, unless the Registered Name Holder is provided with the reasonable opportunity and ability to unlock the domain name prior to the Transfer Request.
* Domain name registration period time constraints, other than during the first 60 days of initial registration or during the first 60 days after a registrar transfer.
* General payment defaults between Registrar and business partners / affiliates in cases where the Registered Name Holder for the domain in question has paid for the registration.
The bottom line to all of this is to provide accurate information with your domain registrations, and, lock the domain so that if your Registrar gets a notice that another Registrar wants to transfer your domain, it can't be transfered, even if you are not contactable (say, on a cruise or something).
Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.
In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed.
Its not that domain owners have 5 days to respond to a transfer request. Its the Registrar where the domain is *currently* registered that has to respond within 5 days to approve or deny the transfer.
This policy was put in place because some Registrars were not being very forthcoming in transfers. In essense, this makes the originating Registrar in a domain transfer not be able to block a transfer by simply ignoring the request.
Registrars are still required to get explicit permission from the domain owners for a transfer. Read the entire policy at the provided link.
Not to mention that the taxpayer money we are paying US contractors to rebuild Iraqi infrastructure is going toward rebuilding infrastructure that was destroyed by the US military, using taxpayer money.
So US citizens paid for destroying Iraq and then are paying for rebuilding it.
I can't find my sources at the moment, but the cost of this test is probably pocket change compared to the money the United States Government has to pay in interest on the loans that were (and are continually) taken out to finance this (and the entire Federal Budget).
This story reminded me of another story that was in the press the past few days about a very expensive spy program that a few US Congressmen critized. We're talking about billions of dollars here.
I have to wonder how long it will be before the US Government files for bankruptcy because of the cost of projects such as this.
Some news sources were talking about how the first phase of this missle defense project is supposed to protect us against a North Korea launched nuclear attack. I'm asking (because I don't fully know), how much of a risk is North Korea in reality?
If you do a google search, you'll find a mixed bag of success and failure with the DirecTivo boxes. I believe that some of the problem lies with the QoS that people's VoIP may have.
Modems and fax machines don't deal well with the packet delays that can occur on VoIP that isn't properly QoS'ed. The problem is that end DSL/Cable users don't have control of the QoS of their VoIP packets beyond their premise equipment, and sometimes not even then. I shouldn't assume this, but I assume that all VoIP providers do pass-through for fax/modem connections to ease the problem somewhat.
Last week I played around with a VoIP box at my house just to see what kind of clarity it had, and, it wasn't nearly as good as my POTS line.
However, I've had others swear by their VoIP. It seems to me that there is still just too many variables in the IP infrastructure for the experience of VoIP to be uniform. Not to mention the issues with power outages, 911 service, and the like.
Another thing to note is that having voice mail sent to email is not a feature of VoIP per sey. We are currently implementing an email system that has this ability, given that you have the right voice mail equipment. While there are some features that VoIP does offer that can't be done with POTS and appropiate equipment, many of the features being touted as "VoIP only" features can be done with POTS.
That said, about 5 years ago I was involved in a project to roll out VoIP in a new building (about 300 people, a call center of about 10 stations included). We used Cisco equipment and had two 24 channel trunks come in from POTS (one for local, one for long distance). Once it was up and running, the sound quality was nearly as good as POTS - we did have a slight echo once in a while, but other than that, it was great. We, of course, had complete control over the network, so doing QoS and stuff like that with voice packets was easy.
VoIP, if done right, can be nearly as good as POTS in terms of sound quality, if not better. But given all the variables (phone, DSL/Cable router, your ISP, the POTS/Internet interface, etc), there are just too many places that can cause quality to suffer. And the problem becomes worse if you try and use a fax machine over a VoIP line, which doesn't have a high tolerance for packet delay.
Skip the technical details
on
Security Alert
·
· Score: 2, Insightful
I just spent the past few days with my spare time cleaning up a friend's computer. It was a mess with spyware/adware and possibly some maleware.
The advice I gave them is to never download anything from the Internet that seems "cool" or promises "this or that". Sure if you are downloading an update to software you already use, its okay. But you don't need this new cool search bar for IE, a search tool that promises to be intelligent and show (a.k.a. pop-ups) only ads you'd be interested in, and you don't need to keep up with the Jones with every "cool" spyware software.
Explaining how these things are dangerous has little affect on the "normal" computer user who doesn't know the difference between a DSL/cable router and a hub, who doesn't know how the Internet works (such as how TCP works, packets, routing).
I've found that simply telling them to not do it is the most effecitve thing I can do. Most users won't understand the technical details. But they will understand if you simply say to not download it because if you do it enough, your computer will become unusable.
This change doesn't affect anything but the root maps for.com/.net, which contain nothing but NS records for domains.
All that VeriSign is doing is making changes to domains (i.e, new domains, deleted domains, and changing DNS servers for a domain) become visible in the root maps sooner.
For example, if I wanted to move a DNS server for domain x.com, currently, I'd log into my registrar's on-line update program, change the DNS IP address, and wait up to 12 hours for the root map for.com to advertise the new IP address of my DNS server for domain x.com. With the changes, the.com root map will advertise the change within 5 minutes of me making the change. Any queries looking up my NS record after this will see the new IP address for my DNS server(s). Note, however, that DNS servers could have your NS info cached from a lookup that occured 10 minutes before you changed the info, so it could take those DNS servers a while to see the updated information in the root maps.
If I simply wanted to move a web server from IP address a.b.c.d to IP address w.x.y.z in the same domain, and I'm not moving the DNS server, VeriSign increasing the updating of root maps doesn't have anything to do with this.
For those who do make changes to domain information (i.e, IP addresses for DNS servers), or add new domains, this will be a definate plus.
We are currently using AIT-3 media, at a cost of about $43 a tape, with a 100 Gbyte native capacity (200 Gbyte comressed). With 200 Gbyte of data on a 8mm form factor, its hard to see that tapes are going out anytime soon. AIT-4 is coming out this year and will have double the capacity of AIT-3. I don't follow LTO much, but I'm sure their capacity is increasing all the time too.
Also imagine trying to do disk drive rotation for off-site storage versus the same thing for tapes. I'd prefer tapes any day given the delicate nature of disk drives.
The issue here is trust. Sure I can roll my own SSL cert. I can roll a SSL cert for, say www.bankofamerica.com and claim that I'm from Bank of America.
The idea of a certificate authority is to provide a method for verifying that the person or entity who is requesting a certificate (be it SSL or S/MIME or whatever) is really who they say they are.
Imagine if I could roll my own drivers licence. I could claim I'm anyone I want to be. Remember a couple of years back when someone supposidly was able to get a cert from Verisign in Microsoft's name, claiming that they worked for Microsoft?
I used to work for one of Verisign's big competitors (and yes they are still in business). We asked for a lot of information so that we could verify that the requester was who they said they were.
While I agree that having older operating systems can pose a security risk, with proper administration, you can reduce that greatly.
Our older RedHat systems don't run all the default services. In fact, most of them can only be gotten to (from the outside) on port 80 and or 443, which runs the latest and greatest Apache/Java/Tomcat. Sure, inside we also have ssh access, but with a firewall and intrusion detection between it and the Internet, its a good bet that port 80/443 is all thats open. We have most of nfs, ftp, telnet, smtp, snmp, pop, imap, finger, echo, nis, and any other service turned off. If they are not running, they are not vulnerable.
Running something like Apache 2.0.48 on RH 7.2 isn't necessarily going to be any less secure than running Apache 2.0.48 on RHEL 3.0. Any successful compromise of Apache is likely to be due to Apache, not the underlying OS. Fixing Apache, not upgrading the OS, would be the solution here, assuming you build Apache yourself from source, which I tend to do.
I am curious: are you still getting bugfixes and security updates for your redhat 7 systems? It seems hard to believe that someone still maintains the package tree for distributions that old, especially since redhat itself seems to have abandoned them.
We probably are not as concerned about bug-fixes and security updates as we should be, and this is a problem with old versions of distros. I mean you can no sooner do an upgrade of some Linux distro than you find out that the version you upgraded to is going to be EOL'ed in the next year, and the vendor recommends you upgrade yet again just to keep up (and get support).
We don't do security updates on a regular basis on our older RedHat servers simply because, support for those versions are hard to find anymore. Most of them don't even face the Internet (you'd have to break in elsewhere first), and we mostly use java/tomcat/apache/Oracle downloaded (and upgraded on a needs basis) from their respective vendors and don't rely on RedHat to keep us up to date with the apps we use. If we find a bug that needs to be fixed, it has always been with the third-party vendor supplied software, not RedHat.
If RedHat were Debian, I bet that v7.2 would still be the stable release - which means we'd still have full support...
Usually when I purchase hardware, Windows drivers do come with the hardware. Often times, however, there are newer drivers available on the hardware vendor's website. I've never been charged to go to a vendor's website and download updated, binary-only Windows drivers for the hardware I bought.
Similarly, I don't see why hardware vendors need to suddenly charge for, or deny access to, drivers to hardware you legitametly purchased. If I run Debian, I should be able to install a x86 Linux driver for whatever hardware I own, whether or not I got it from Debian or the vendor itself. I've had to grab drivers off of vendor websites for some of our newest machines at work because RHEL 2.1 doesn't come with the drivers, and RHEL 3.0 was unworkable due to Oracle install problems. I was never asked what Linux distro I was running.
It doesn't matter whether the binary-only device driver is for Windows, Linux, Solaris, HPUX, or what have you. If I have the binary, and I have the OS the binary is for, and the hardware, I can reverse-engineer it to at least some extent. Sure it can be put under the DMCA and made illegal to do so, but the DMCA is US law. How about someone in Asia, or Russia, or some contry in Africa. Does the DMCA apply in every country?
Although I am disappointed that Sarge will take a bit longer, for my two servers at home, Woody has been rock solid. Sure I grabbed, compiled, configured, and am running 2.6.4 on one of them, but its still Woody under the hood. If I need something newer than what Woody has, I grab the source and build it myself (OSS is great because of this). I like machines that just run and don't need to be upgraded every other month. The bleeding edge releases of other vendors simply doesn't offer anything I need for a web, mySql, Sendmail/Postfix , and DNS server.
We have machines at work that are currently running Redhat 7.2. A couple are RedHat 8, 9, and RHEL 2.1. Why are they not all running the latest and greatest RedHat? Because we either can't afford the downtime (not to mention configuration) to upgrade every time that RedHat comes out with its next release, or the bleeding edge releases break things. Unless a newer release provides some feature/function that we need in production and we can't get any other way, we don't upgrade each time a release comes out. We've even downgraded a couple of machines from RHEL 3.0 to 2.1 because getting some Oracle software installed was near imposible (even with Oracle consultants on-site!)
I'd much have a rock solid server that performs its job all the time than have a bleeding edge server that requires 2 or 3 upgrades a year just to stay bleeding edge.
I don't recall the US constitution saying anything about the right to advertise...
It seems that in today's world, everything is tied to the first amendment of the US Constitution - the right to free speech. While advertisers have the right to free speech, they certainly don't have the right to force me to fork over money in order for them to exercise that right. I pay for my bandwidth. I own my computer. Its my personal property. I paid for that stuff. Advertisers can't simply stick a billboard in my front yard, without my permission (and without proper zoning laws, et al), and claim the first amendment to do so. They certainly have the right to advertise, but they don't have the right to arbitrarily decide where they can advertise. My yard is private property and owned by me. So is my computer hard drive.
I live in Utah, and this is one law which I do fully support. Its not targeting spyware where the user has been informed and concents to the installation. Its simply telling spyware companies to stop installing stuff without the user knowing whats being installed. If Joe User wants the spyware installed and knows full well what it does, then let Joe User install it.
I read a statement today about the lawsuit that asked the question: what would the founding fathers think of how the US Constitution is being used today to justify just about anything?
Slashdot Mirror
From MSNBC: After spending millions of dollars to rebrand AT&T Wireless Services Inc. stores as Cingular stores and hundreds of millions of dollars more on marketing the new Cingular after its $41 billion acquisition of AT&T Wireless in October 2004, Cingular will now become AT&T if the merger with BellSouth is completed.
So for all of those who at one time had AT&T Wireless as your cell provider and stuck with them through the Cingular Wireless purchase and are still with them, you'll now be moved back to the (new) AT&T brand. I would have been one of them had my compnay not switched to T-Mobile 3 weeks ago.
You can get the details of the spacecraft from Goddard Space Flight Center.
Falcon-1 was built by SpaceX, which is not a part of the Sea Launch consortiun. See this wikipedia entry.
During my tenure, we were issued hardware tokens that had our individual cert on it, and we could use the cert for any number of things (such as email authentication, email signing, logging into online banking, encrypting and storing documents using an electronic vault, etc). But it was also inconvenient as we had to be using a machine that could read and utilize the USB token.
If you had physical access to someone's hardware token, it wasn't difficult to use it to pretend you were someone else. End users select very week passwords, usually have the passwords to their tokens written down on post-it notes stuck to their screen or on their desk, and people in general are just too trusting.
As other posters have mentioned, you could ask a end user to USPS their hardware token to you with their password and all other relevent information, and many end users would probably do it without question.
Why hasn't digital certificates become more mainstream? Its still too inconvenient in many cases, and, it doesn't fix the weakest link - the end user.
People today demand convenience, and having to carry around a physical hardware token to do things on-line just is not convenient, especially when you find yourself in front of a computer that doesn't have USB, doesn't know how to read the USB token, or doesn't have the appropiate software to utilize the hardware token in the first place.
With a cluster, you simply add another machine to the cluster when you need more computing power. You can also take a single machine off the cluster for upgrades, hardware troubleshooting, or to reallocate the single machine to do something else.
As other posters have said, a large factor in deciding what to do depends on the application. Google wouldn't be where they are today if they used a fault tolerant system instead of the massive cluster technology they use today. In fact you could say that Google has built a fault tolerant system using cluster technology.
On the other hand, there are some apps (such as databases) that are tricky to cluster right where the performance/benefit outweighs the problems associated with it.
I think that many of the laws that are put in place because of this are really overreaching, but on the other hand, if you were doing something illegal and found out that, starting the next day your phone was going to be tapped, you were going to be followed, and your every move was going to be scrutinized because law enforcement *thought* that you were doing someting illegal, you would most likely, overnight, come up with a game plan to make it look like you were just an ordinary law abiding citizen.
Sure there are people who abuse their power, and that is where the problem lies - it isn't necessarily with the law itself, its with the people who enforce the law thats the problem.
We in the US battle over whether its constitutional to have "under god" in the pledge of allegiance and whether "free speach" really means free speach.
Another analogy - corporations will (well, okay, they should) put a lot of time and effort into network security because it only takes one person on the inside, who has inside knowledge, to steal company data (whether it be customer data such as SSNs and credit card info or other confidential data). If everyone were trustworthy, there would be no need for network monitoring for threats. Likewise, if everyone were trustworthy and always obeyed the law and never did anything illegal, we wouldn't have all of these laws that dictate basically that we have no privacy anymore.
The problem is, how do you know before something bad happens who the bad people are?
he FBI performed only eight Internet wiretaps in fiscal 2003 and five in fiscal 2002; none used the software initially called Carnivore and later renamed the DCS-1000, according to FBI documents submitted to Senate and House oversight committees. The FBI, which once said Carnivore was "far better" than commercial products, said previously it had used the technology about 25 times between 1998 and 2000.
Carnivor was not a system designed to watch Internet traffic 24/7/365 and flag stuff that looked like potential usefull data on random people. It was used to monitor people who were already under investigation.
I don't hear many people cry foul over a regular telephone wiretap, which is done for the same reasons under the same circumstances - they wiretap telephones of people who are already under investigation (I realize that Eschelon is different, but Eschelon is not a telephone wiretap on a suspect's phone. Its a wiretap on all communications, or so some people claim).
And the Patriot Act does require a court order to do most things. Its just that its not the courts that we think about. Its a secret court. There have been articles on the very subject.
I don't believe that the FBI simply randomly picks people to monitor and do searches of houses at random, etc. There is some "oversight", although to most of us, that "oversight" is secret (yes, that can lead to abuse).
www.icann.org/transfers/policy-12jul04.htm
Instances when the requested change of Registrar may not be denied include, but are not limited to:
* Nonpayment for a pending or future registration period
* No response from the Registered Name Holder or Administrative Contact.
* Domain name in Registrar Lock Status, unless the Registered Name Holder is provided with the reasonable opportunity and ability to unlock the domain name prior to the Transfer Request.
* Domain name registration period time constraints, other than during the first 60 days of initial registration or during the first 60 days after a registrar transfer.
* General payment defaults between Registrar and business partners / affiliates in cases where the Registered Name Holder for the domain in question has paid for the registration.
The bottom line to all of this is to provide accurate information with your domain registrations, and, lock the domain so that if your Registrar gets a notice that another Registrar wants to transfer your domain, it can't be transfered, even if you are not contactable (say, on a cruise or something).
Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.
In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed.
Its not that domain owners have 5 days to respond to a transfer request. Its the Registrar where the domain is *currently* registered that has to respond within 5 days to approve or deny the transfer.
This policy was put in place because some Registrars were not being very forthcoming in transfers. In essense, this makes the originating Registrar in a domain transfer not be able to block a transfer by simply ignoring the request.
Registrars are still required to get explicit permission from the domain owners for a transfer. Read the entire policy at the provided link.
By "list" I mean the "most popular" story list.
I wonder how they came up with the "most popular" stories.
So US citizens paid for destroying Iraq and then are paying for rebuilding it.
This story reminded me of another story that was in the press the past few days about a very expensive spy program that a few US Congressmen critized. We're talking about billions of dollars here.
I have to wonder how long it will be before the US Government files for bankruptcy because of the cost of projects such as this.
Some news sources were talking about how the first phase of this missle defense project is supposed to protect us against a North Korea launched nuclear attack. I'm asking (because I don't fully know), how much of a risk is North Korea in reality?
Modems and fax machines don't deal well with the packet delays that can occur on VoIP that isn't properly QoS'ed. The problem is that end DSL/Cable users don't have control of the QoS of their VoIP packets beyond their premise equipment, and sometimes not even then. I shouldn't assume this, but I assume that all VoIP providers do pass-through for fax/modem connections to ease the problem somewhat.
However, I've had others swear by their VoIP. It seems to me that there is still just too many variables in the IP infrastructure for the experience of VoIP to be uniform. Not to mention the issues with power outages, 911 service, and the like.
Another thing to note is that having voice mail sent to email is not a feature of VoIP per sey. We are currently implementing an email system that has this ability, given that you have the right voice mail equipment. While there are some features that VoIP does offer that can't be done with POTS and appropiate equipment, many of the features being touted as "VoIP only" features can be done with POTS.
That said, about 5 years ago I was involved in a project to roll out VoIP in a new building (about 300 people, a call center of about 10 stations included). We used Cisco equipment and had two 24 channel trunks come in from POTS (one for local, one for long distance). Once it was up and running, the sound quality was nearly as good as POTS - we did have a slight echo once in a while, but other than that, it was great. We, of course, had complete control over the network, so doing QoS and stuff like that with voice packets was easy.
VoIP, if done right, can be nearly as good as POTS in terms of sound quality, if not better. But given all the variables (phone, DSL/Cable router, your ISP, the POTS/Internet interface, etc), there are just too many places that can cause quality to suffer. And the problem becomes worse if you try and use a fax machine over a VoIP line, which doesn't have a high tolerance for packet delay.
The advice I gave them is to never download anything from the Internet that seems "cool" or promises "this or that". Sure if you are downloading an update to software you already use, its okay. But you don't need this new cool search bar for IE, a search tool that promises to be intelligent and show (a.k.a. pop-ups) only ads you'd be interested in, and you don't need to keep up with the Jones with every "cool" spyware software.
Explaining how these things are dangerous has little affect on the "normal" computer user who doesn't know the difference between a DSL/cable router and a hub, who doesn't know how the Internet works (such as how TCP works, packets, routing).
I've found that simply telling them to not do it is the most effecitve thing I can do. Most users won't understand the technical details. But they will understand if you simply say to not download it because if you do it enough, your computer will become unusable.
All that VeriSign is doing is making changes to domains (i.e, new domains, deleted domains, and changing DNS servers for a domain) become visible in the root maps sooner.
For example, if I wanted to move a DNS server for domain x.com, currently, I'd log into my registrar's on-line update program, change the DNS IP address, and wait up to 12 hours for the root map for .com to advertise the new IP address of my DNS server for domain x.com. With the changes, the .com root map will advertise the change within 5 minutes of me making the change. Any queries looking up my NS record after this will see the new IP address for my DNS server(s). Note, however, that DNS servers could have your NS info cached from a lookup that occured 10 minutes before you changed the info, so it could take those DNS servers a while to see the updated information in the root maps.
If I simply wanted to move a web server from IP address a.b.c.d to IP address w.x.y.z in the same domain, and I'm not moving the DNS server, VeriSign increasing the updating of root maps doesn't have anything to do with this.
For those who do make changes to domain information (i.e, IP addresses for DNS servers), or add new domains, this will be a definate plus.
Also imagine trying to do disk drive rotation for off-site storage versus the same thing for tapes. I'd prefer tapes any day given the delicate nature of disk drives.
The idea of a certificate authority is to provide a method for verifying that the person or entity who is requesting a certificate (be it SSL or S/MIME or whatever) is really who they say they are.
Imagine if I could roll my own drivers licence. I could claim I'm anyone I want to be. Remember a couple of years back when someone supposidly was able to get a cert from Verisign in Microsoft's name, claiming that they worked for Microsoft?
I used to work for one of Verisign's big competitors (and yes they are still in business). We asked for a lot of information so that we could verify that the requester was who they said they were.
You can see some more pictures of this project, along with some of the artist renderings of what the thing will look like when done, here.
Our older RedHat systems don't run all the default services. In fact, most of them can only be gotten to (from the outside) on port 80 and or 443, which runs the latest and greatest Apache/Java/Tomcat. Sure, inside we also have ssh access, but with a firewall and intrusion detection between it and the Internet, its a good bet that port 80/443 is all thats open. We have most of nfs, ftp, telnet, smtp, snmp, pop, imap, finger, echo, nis, and any other service turned off. If they are not running, they are not vulnerable.
Running something like Apache 2.0.48 on RH 7.2 isn't necessarily going to be any less secure than running Apache 2.0.48 on RHEL 3.0. Any successful compromise of Apache is likely to be due to Apache, not the underlying OS. Fixing Apache, not upgrading the OS, would be the solution here, assuming you build Apache yourself from source, which I tend to do.
We probably are not as concerned about bug-fixes and security updates as we should be, and this is a problem with old versions of distros. I mean you can no sooner do an upgrade of some Linux distro than you find out that the version you upgraded to is going to be EOL'ed in the next year, and the vendor recommends you upgrade yet again just to keep up (and get support).
We don't do security updates on a regular basis on our older RedHat servers simply because, support for those versions are hard to find anymore. Most of them don't even face the Internet (you'd have to break in elsewhere first), and we mostly use java/tomcat/apache/Oracle downloaded (and upgraded on a needs basis) from their respective vendors and don't rely on RedHat to keep us up to date with the apps we use. If we find a bug that needs to be fixed, it has always been with the third-party vendor supplied software, not RedHat.
If RedHat were Debian, I bet that v7.2 would still be the stable release - which means we'd still have full support...
Similarly, I don't see why hardware vendors need to suddenly charge for, or deny access to, drivers to hardware you legitametly purchased. If I run Debian, I should be able to install a x86 Linux driver for whatever hardware I own, whether or not I got it from Debian or the vendor itself. I've had to grab drivers off of vendor websites for some of our newest machines at work because RHEL 2.1 doesn't come with the drivers, and RHEL 3.0 was unworkable due to Oracle install problems. I was never asked what Linux distro I was running.
It doesn't matter whether the binary-only device driver is for Windows, Linux, Solaris, HPUX, or what have you. If I have the binary, and I have the OS the binary is for, and the hardware, I can reverse-engineer it to at least some extent. Sure it can be put under the DMCA and made illegal to do so, but the DMCA is US law. How about someone in Asia, or Russia, or some contry in Africa. Does the DMCA apply in every country?
We have machines at work that are currently running Redhat 7.2. A couple are RedHat 8, 9, and RHEL 2.1. Why are they not all running the latest and greatest RedHat? Because we either can't afford the downtime (not to mention configuration) to upgrade every time that RedHat comes out with its next release, or the bleeding edge releases break things. Unless a newer release provides some feature/function that we need in production and we can't get any other way, we don't upgrade each time a release comes out. We've even downgraded a couple of machines from RHEL 3.0 to 2.1 because getting some Oracle software installed was near imposible (even with Oracle consultants on-site!)
I'd much have a rock solid server that performs its job all the time than have a bleeding edge server that requires 2 or 3 upgrades a year just to stay bleeding edge.
It seems that in today's world, everything is tied to the first amendment of the US Constitution - the right to free speech. While advertisers have the right to free speech, they certainly don't have the right to force me to fork over money in order for them to exercise that right. I pay for my bandwidth. I own my computer. Its my personal property. I paid for that stuff. Advertisers can't simply stick a billboard in my front yard, without my permission (and without proper zoning laws, et al), and claim the first amendment to do so. They certainly have the right to advertise, but they don't have the right to arbitrarily decide where they can advertise. My yard is private property and owned by me. So is my computer hard drive.
I live in Utah, and this is one law which I do fully support. Its not targeting spyware where the user has been informed and concents to the installation. Its simply telling spyware companies to stop installing stuff without the user knowing whats being installed. If Joe User wants the spyware installed and knows full well what it does, then let Joe User install it.
I read a statement today about the lawsuit that asked the question: what would the founding fathers think of how the US Constitution is being used today to justify just about anything?