The sad part is that this is barely news in WV. Oh, there have been numerous lawsuits over the years challenging each of the companies mentioned above for various abuses, often with commercials and mailers asking you to contact Dewey, Cheatum, and Howe, attorneys at law or some such nonsense. I moved away six years ago and I still get mailers today for class-action suits from my time there.
I played baseball at the parks across Viscose Road from the industrial park mentioned in the story. My mom worked in Nitro along that same road where there was an EPA Superfund cleanup site for Fike Chemical. They found all kinds of junk there, including hydrogen cyanide and methanethiol. There was also a tremendous tire warehouse fire about five years ago near the industrial park mentioned in the story. The story goes on and on, and has ever since the nitrocellulose plant was built in 1917 for World War I.
It's unfortunate, but coal and chemicals (and medical services for those dealing with coal and chemicals) are the only kind of work that is generally available in that area. It provided a good living for the time, but left a pretty awful legacy now that those jobs are packing up and leaving.
There are many, many ways to deal with this, but fortunately while DoD says "update to this specific version," what they really mean is "close this specific vulnerability." Get used to hearing about IAVMs and VMS (Vulnerability Management System).
Taking the case of OpenSSL specifically, it's not uncommon for there to be patches released for vulnerabilities affecting a previous version. If you're using a vendor like Redhat (and in the mind of DoD, Redhat/SuSE = Linux, and nothing else) what you'll end up with is a version of OpenSSL that appears vulnerable, but in fact has a backported patch applied to the vulnerable distribution. Once you've applied the updated RPM, you can say in good conscience that you've mitigated the vulnerability, and you can close the finding.
Where it gets stickier is where you have code that depends on a specific version of a library that might be vulnerable. In that case, you need to dig in and understand the specific uses and how you might be able to mitigate the vulnerability by turning off a publicly listening service or applying some strict file controls, or maybe you don't exercise the vulnerable function in the library and can justify it that way.
Ultimately, you have to be able to convince your DAA (Designated Approving Authority) to accept the risk. If you can't immediately close the issue, you have the option of doing a POAM (Plan of Action and Mitigations) that will outline how you're going to mitigate the issue until you can close it.
There are a ton resources, but specifically I'd start here:
http://iase.disa.mil
You also might find this interesting as a way to secure Redhat machines:
http://people.redhat.com/jnemmers/STIG/
Feel free to contact me if you have more specific questions as well.
Here's the crucial difference. The plans for the W80 nuclear warhead are classified information. The source code for PGP is not. Now, it may be encumbered by things such as copyright or intellectual property rights, but that doesn't stop the rights holder from using those rights. Likewise, the crypto boards themselves may be considered munitions, but the documentation describing the capabilities and interfaces are intellectual property covered by copyright at best.
Ghost can do this. What you want to do is create a "master" computer with all of your applications on it. Then, use SysPrep (Google is your friend) to create an abbreviated install. Once you've run SysPrep, boot into Ghost and make your image.
It is very interesting and appropriate to mention the whole Stephen Glass/TNR angle, especially since Adam Penenberg and others at Forbes Digital were responsible for bringing that matter to light. What's old is new again...
TORQUE (Tera-scale Open-source Resource and QUEue manager) is a resource manager providing control over batch jobs and distributed compute nodes. It is a community effort based on the original *PBS project and has incorporated significant advances in the areas of scalability, fault tolerance, and feature extensions contributed by NCSA, OSC, USC, the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many other leading edge HPC organizations.
Competitors are always threats in a sense, but maybe not to the extent that someone would characterize them with as strong a word as "threat". It's all a matter of semantics.
At the risk of running afoul of the anti-upgrade/anti-microsoft sentiments on Slashdot, it should be noted that the next version of Office (which just went beta 2), in combination with Windows Server 2003 and Exchange 2003 (Titanium) will allow remote users to use the native Outlook client to connect to an Exchange server using XML-RPC over HTTPS. This should allow remote users to dump the need for VPN if all they're doing is connecting to Exchange. Combined with some strides that Microsoft has made in making Outlook work better in an offline/caching mode, this is a really decent solution for using Outlook if you're a remote user.
So far as OWA, Titanium has a much better interface than Exchange 5.5 (ugh) and even Exchange 2000. OWA will support creating and editing server-side rules, and now includes integrated spell-checking, so if the Windows Server 2003/Exchange 2003/Outlook 2003 combination is too daunting (either financially or technically), Exchange 2003 OWA would be a good second choice.
Instead of complaining to your campus IT folks about how this smacks of censorship, suggest ways they might get around the issue on the technical front. Here (Marshall University) we do traffic shaping on our internet connection, limiting P2P and game traffic during the day to something like 10% of our available bandwidth, and when 5 pm rolls around, the limits come off, and it's essentially a free-for-all.
The product we use is the Packeteer Packetshaper. AFAIK (I'm not in the telecom area), this allows us to shape our traffic and place higher priority on "legitimate" traffic during the day. I have no idea what the pricing is on this beast (expensive, I think), but it has allowed us to continue to allow all traffic without resorting to more draconian methods.
I've personally found UltraEdit-32 to be a fine low-cost ($35) editor for use in Windows. There are wordlists available for just about any programming/markup language you should need, and the inclusion of column editing, bracket matching, side by side diffs, and a relatively robust macro recorder make this a really good tool.
As I sit here wondering if my Excite@Home service will be killed off sometime over the night, it came to me that the bondholders really shouldn't have any say in this. Unless I'm totally off the reservation here (and my knowledge of bankruptcy law approaches nil), don't the owners (read: people who own @Home stock) have the final say here, or is it the judge in the bankruptcy case? I seem to remember learning in my finance classes that stockholders are the owners, the equity-holders, and bondholders are basically second-class citizens, because they aren't really owners of the company, they just finance debt.
Mea culpa, mea maxima culpa. I was incorrect when I stated the Republican party requested the ballots, but the court case is still outstanding. Until that issue is decided, the results are still up in the air.
Take a minute and look at the issues still outstanding at the time this story was posted.
- The opinion by the US Supreme Court just sends the case back to the Florida Supreme Court for reconsideration and clarification. If the FL SC justifies their actions a little better, then the ruling is not vacated.
- There is still a lawsuit pending on whether or not to include thousands of ballots in some of the counties where Republican party officials requested absentee ballots instead of the voter or their family, who are the only ones who can legally request a ballot. If the absentee ballots are thrown out in that county, there could be a net loss of ~3500 votes for Bush.
It's been said before, and it will be said again, but the Slashdot editors need to be a little more judicious on their decisions to post articles, especially when all of the facts are not clearly understood or presented.
Connell makes some really good points, especially concerning the user, and how they perceive a computer. I think it's important for us to remember back to when we first started working with computers (for me, it was a 286...others have been at it longer;-). Most of us didn't have a clue at first, but through trial and error, we figured it out. What most of us forget is that most people don't have time for trial-and-error. Sure, we whine and complain that Linux could be used on the desktop, that nearly everybody, if they really, really wanted to, could use Linux for all of their computing needs. However, in order to do that, we are asking these users to basically forget most of what they know of computers, and re-learn. From a pragmatic point of view, this isn't going to happen.
Perhaps then, the Linux/Open Source community needs to focus on how to attract first-time computer users. Focus on kids coming up, wanting to use computers. Form LUGs that give away old computers with Linux pre-installed, to make use of old equipment that won't run the latest and greatest from Microsoft. Before long, these will be the ones clamoring to have Linux everywhere, who won't have to unlearn years of frustration and backwards-thinking in order to do things right.
The above comments are not necessarily flames or anything else however does sporting minutiae such as the super bowl actually count as something that is technically noteworthy? Theoretically if the entire human race is enslaved by reptilian creatures from the planet zoron it shouldn't appear on slashdot unless they make the drivers that run their spaceships opensource and run on linux.
You know, I always thought that/.'s slogan was "News for Nerds. Stuff that Matters. For a large part of the general population (and even some nerds) Super Bowl Sunday has become an unofficial holiday, focusing around a sporting event, which has become a Pretty Big Place to introduce the masses to some nifty technology (someone's already mentioned the 1984 Apple Macintosh ad, I'm sure).
To be honest, I really didn't think that/. would even mention the Super Bowl, but it's not like we're discussing the game here. The post IMHO is more than justifiable as stuff that matters, at least to some.
Right now, users will put up with the problems of Windows because they seem trivial to the (currently) steep learning curve of Linux. When it comes down to it, the new computer user is going to use what everyone else uses, and right now, that's Windows. They use Windows because when they don't know how to do something, they can ask the guy in the next cube, or next door, or the neighbor's kid. They don't use Linux becuase they *can't* ask the guy in the next cube, or next door, or the neighbor's kid (although that's changing).
If the os isn't easy to use, or at least have millions of other people who know how to use it, users won't use it on their desktop. When it gets easier to use than Windows (even one specialized distribution), Linux will make it's way to everyone.
I don't think the author meant to ditch Linux as we know it and make it completely end user safe. A new distribution with a simplified installation method, intuitive gui, easy application installation, and access to a CLI is necessary for the vast majority of Windows users out there who use Windows because it has most of these features. I think Linux can do this and do it better than the boys in Redmond.
Slashdot Mirror
The sad part is that this is barely news in WV. Oh, there have been numerous lawsuits over the years challenging each of the companies mentioned above for various abuses, often with commercials and mailers asking you to contact Dewey, Cheatum, and Howe, attorneys at law or some such nonsense. I moved away six years ago and I still get mailers today for class-action suits from my time there.
I played baseball at the parks across Viscose Road from the industrial park mentioned in the story. My mom worked in Nitro along that same road where there was an EPA Superfund cleanup site for Fike Chemical. They found all kinds of junk there, including hydrogen cyanide and methanethiol. There was also a tremendous tire warehouse fire about five years ago near the industrial park mentioned in the story. The story goes on and on, and has ever since the nitrocellulose plant was built in 1917 for World War I.
It's unfortunate, but coal and chemicals (and medical services for those dealing with coal and chemicals) are the only kind of work that is generally available in that area. It provided a good living for the time, but left a pretty awful legacy now that those jobs are packing up and leaving.
There are many, many ways to deal with this, but fortunately while DoD says "update to this specific version," what they really mean is "close this specific vulnerability." Get used to hearing about IAVMs and VMS (Vulnerability Management System).
Taking the case of OpenSSL specifically, it's not uncommon for there to be patches released for vulnerabilities affecting a previous version. If you're using a vendor like Redhat (and in the mind of DoD, Redhat/SuSE = Linux, and nothing else) what you'll end up with is a version of OpenSSL that appears vulnerable, but in fact has a backported patch applied to the vulnerable distribution. Once you've applied the updated RPM, you can say in good conscience that you've mitigated the vulnerability, and you can close the finding.
Where it gets stickier is where you have code that depends on a specific version of a library that might be vulnerable. In that case, you need to dig in and understand the specific uses and how you might be able to mitigate the vulnerability by turning off a publicly listening service or applying some strict file controls, or maybe you don't exercise the vulnerable function in the library and can justify it that way.
Ultimately, you have to be able to convince your DAA (Designated Approving Authority) to accept the risk. If you can't immediately close the issue, you have the option of doing a POAM (Plan of Action and Mitigations) that will outline how you're going to mitigate the issue until you can close it.
There are a ton resources, but specifically I'd start here:
http://iase.disa.mil
You also might find this interesting as a way to secure Redhat machines:
http://people.redhat.com/jnemmers/STIG/
Feel free to contact me if you have more specific questions as well.
Joe Biden: "Governor Palin, I served with Dan Quayle; Dan Quayle was a friend of mine. Governor, you're no Dan Quayle."
Here's the crucial difference. The plans for the W80 nuclear warhead are classified information. The source code for PGP is not. Now, it may be encumbered by things such as copyright or intellectual property rights, but that doesn't stop the rights holder from using those rights. Likewise, the crypto boards themselves may be considered munitions, but the documentation describing the capabilities and interfaces are intellectual property covered by copyright at best.
Ghost can do this. What you want to do is create a "master" computer with all of your applications on it. Then, use SysPrep (Google is your friend) to create an abbreviated install. Once you've run SysPrep, boot into Ghost and make your image.
It is very interesting and appropriate to mention the whole Stephen Glass/TNR angle, especially since Adam Penenberg and others at Forbes Digital were responsible for bringing that matter to light. What's old is new again...
Competitors are always threats in a sense, but maybe not to the extent that someone would characterize them with as strong a word as "threat". It's all a matter of semantics.
Comment from the fork maintainer is here.
At the risk of running afoul of the anti-upgrade/anti-microsoft sentiments on Slashdot, it should be noted that the next version of Office (which just went beta 2), in combination with Windows Server 2003 and Exchange 2003 (Titanium) will allow remote users to use the native Outlook client to connect to an Exchange server using XML-RPC over HTTPS. This should allow remote users to dump the need for VPN if all they're doing is connecting to Exchange. Combined with some strides that Microsoft has made in making Outlook work better in an offline/caching mode, this is a really decent solution for using Outlook if you're a remote user.
So far as OWA, Titanium has a much better interface than Exchange 5.5 (ugh) and even Exchange 2000. OWA will support creating and editing server-side rules, and now includes integrated spell-checking, so if the Windows Server 2003/Exchange 2003/Outlook 2003 combination is too daunting (either financially or technically), Exchange 2003 OWA would be a good second choice.
The product we use is the Packeteer Packetshaper. AFAIK (I'm not in the telecom area), this allows us to shape our traffic and place higher priority on "legitimate" traffic during the day. I have no idea what the pricing is on this beast (expensive, I think), but it has allowed us to continue to allow all traffic without resorting to more draconian methods.
I've personally found UltraEdit-32 to be a fine low-cost ($35) editor for use in Windows. There are wordlists available for just about any programming/markup language you should need, and the inclusion of column editing, bracket matching, side by side diffs, and a relatively robust macro recorder make this a really good tool.
Anyone ever seen an iPaq burn before?
Yeah, like us geeks weren't going to find this... Sarcasta.Net
Pics
Thanks for clearing that up. I now remember why I really, really sucked at finance.
As I sit here wondering if my Excite@Home service will be killed off sometime over the night, it came to me that the bondholders really shouldn't have any say in this. Unless I'm totally off the reservation here (and my knowledge of bankruptcy law approaches nil), don't the owners (read: people who own @Home stock) have the final say here, or is it the judge in the bankruptcy case? I seem to remember learning in my finance classes that stockholders are the owners, the equity-holders, and bondholders are basically second-class citizens, because they aren't really owners of the company, they just finance debt.
Mea culpa, mea maxima culpa. I was incorrect when I stated the Republican party requested the ballots, but the court case is still outstanding. Until that issue is decided, the results are still up in the air.
Take a minute and look at the issues still outstanding at the time this story was posted.
- The opinion by the US Supreme Court just sends the case back to the Florida Supreme Court for reconsideration and clarification. If the FL SC justifies their actions a little better, then the ruling is not vacated.
- There is still a lawsuit pending on whether or not to include thousands of ballots in some of the counties where Republican party officials requested absentee ballots instead of the voter or their family, who are the only ones who can legally request a ballot. If the absentee ballots are thrown out in that county, there could be a net loss of ~3500 votes for Bush.
It's been said before, and it will be said again, but the Slashdot editors need to be a little more judicious on their decisions to post articles, especially when all of the facts are not clearly understood or presented.
BetaNews is reporting that Microsoft reps are refuting this news as rumor. Check out the story here.
Connell makes some really good points, especially concerning the user, and how they perceive a computer. I think it's important for us to remember back to when we first started working with computers (for me, it was a 286...others have been at it longer ;-). Most of us didn't have a clue at first, but through trial and error, we figured it out. What most of us forget is that most people don't have time for trial-and-error. Sure, we whine and complain that Linux could be used on the desktop, that nearly everybody, if they really, really wanted to, could use Linux for all of their computing needs. However, in order to do that, we are asking these users to basically forget most of what they know of computers, and re-learn. From a pragmatic point of view, this isn't going to happen.
Perhaps then, the Linux/Open Source community needs to focus on how to attract first-time computer users. Focus on kids coming up, wanting to use computers. Form LUGs that give away old computers with Linux pre-installed, to make use of old equipment that won't run the latest and greatest from Microsoft. Before long, these will be the ones clamoring to have Linux everywhere, who won't have to unlearn years of frustration and backwards-thinking in order to do things right.
The above comments are not necessarily flames or anything else however does sporting minutiae such as the super bowl actually count as something that is technically noteworthy? Theoretically if the entire human race is enslaved by reptilian creatures from the planet zoron it shouldn't appear on slashdot unless they make the drivers that run their spaceships opensource and run on linux.
You know, I always thought that /.'s slogan was "News for Nerds. Stuff that Matters. For a large part of the general population (and even some nerds) Super Bowl Sunday has become an unofficial holiday, focusing around a sporting event, which has become a Pretty Big Place to introduce the masses to some nifty technology (someone's already mentioned the 1984 Apple Macintosh ad, I'm sure).
To be honest, I really didn't think that /. would even mention the Super Bowl, but it's not like we're discussing the game here. The post IMHO is more than justifiable as stuff that matters, at least to some.
Right now, users will put up with the problems of Windows because they seem trivial to the (currently) steep learning curve of Linux. When it comes down to it, the new computer user is going to use what everyone else uses, and right now, that's Windows. They use Windows because when they don't know how to do something, they can ask the guy in the next cube, or next door, or the neighbor's kid. They don't use Linux becuase they *can't* ask the guy in the next cube, or next door, or the neighbor's kid (although that's changing).
If the os isn't easy to use, or at least have millions of other people who know how to use it, users won't use it on their desktop. When it gets easier to use than Windows (even one specialized distribution), Linux will make it's way to everyone.
I don't think the author meant to ditch Linux as we know it and make it completely end user safe. A new distribution with a simplified installation method, intuitive gui, easy application installation, and access to a CLI is necessary for the vast majority of Windows users out there who use Windows because it has most of these features. I think Linux can do this and do it better than the boys in Redmond.