I'm so glad my entire network is running Linux.:) I swear there is some major virus every goddamn week. Linux has it's own problems, but I am glad I can do something about them. I wonder how long it will take for businesses to realize that running around chasing exploits and viruses isn't a good way to make use of your technical support staff time.
Generally my only problem is that windows takes twice the memory and disk to run the same crap and still runs anything with a GUI slower. I've used Firefox, GIMP, and more on Windows but for people who don't want to keep upgrading hard drives, memory , and cpu with every interation of the OS just to be able to use Office-type applications. The only app that cannot be replaced for me is certain games, but one could argue that I spend too much time doing that anyway. There is nothing wrong with finding more productive and enriching activities to occupy my time.:)
My wife uses a p3 500mhz w/128 megs of ram. It runs like a dying dog under WinXP and is extremely nice on Linux (even feels "fast".) People that want cpu power for their buck whether they run a p2/300 or a amd64 have no alternative to Linux really. FreeBSD has a feature gap, and the other BSD's are good at special "niches" that really cease to matter when a Linux box can do it. (I really want to love BSDs, but without good SMP they really are way behind.) I do realize outside of the kernel level NetBSD=FreeBSD=Linux.:)
I run Linux on a p2/300 and it runs quickly and well... Try the same with WinXP (and no apps installed!) This brings me to the other thing I enjoy about Linux... I have the choice to remove certain services and add features that may increase my system performance. In Windows there is nearly nothing you can do but spend more money (on hardware or special software.) I tweaked an Athlon 1gz in WinXP and even after all the tuning possible it still runs half as fast as it does on Linux. What exactly are these people doing with all the clock cycles? I run a comparable set of apps say xfce4, xmms, openoffice, and firefox and I still have enough clock cycles left to rebuild my entire distro from source and run apache, samba, and some other servers without it effecting my activities AT ALL. Try that in Windows buddy!:)
Windows is bloatware, and people get tired of having to sacrifice the performance they need for the extra crap that they do not. Things don't look good for Microsoft at all.
As long as you aren't using passwords that are straight out of the dictionary (this is like 3rd grade people) you should be fine even with something like this being available. I suggest quit using passwords, and use passphrases instead. Someone MD5ing phrases will have to look for months not days.. Change your passphrase like every three months and you'll never have a thing to worry about. The only problem is that md5 has a pretty limited key space and "foo" might equal "TheLastStand" so someone may come up with an equivalent key. Regardless, md5 is designed to keep people from being able to easily come up with these passwords or alter a file it is not designed to keep people off of your computer and it is still much better than crypt. Being able to reverse an md5sum isn't going to get someone on your system that hasn't already got in. Make sure root cannot log on to your box and a user cannot su without being in wheel so if someone does crack the md5 they have no hope of getting any more rights than they already have. Configure a script to run to alert you right away if someone attempts to su but gets canned because of not being in the wheel group. Really stuff unix people should have been doing all along
They require paper proof which doesn't mean that the digital property hasn't been misappropriated from its true owner. As it stands now if someone stole your server key and you wanted to use it on their own box they can, and you cannot revoke it and have your CA reissue your cert the way it should work. Sure, the user of that site gets a browser message but big whoop... people are used to pop ups and just click shit away that they don't care to see.
This physical paper trail does nothing to increase the security of the browser, it only works to increase the security of the information the CA has.
Someone can forge documents and open up a site in your name and since you cannot "revoke" a cert there is no way for you to shut them down once the process is completed. All it takes it a little bit of letterhead, a borrowed ID, and some other (possibly faked) documentation. The last time I got a cert I lied about 90% of the information.. I think the only thing that was true was the phone number. Let's fact it... The CA has no authority to shut down your key once it is issued (since there is no revocation mechanism) and once you get past the screen it is game over. That basically means these certificates are worthless for identifying people since a particular cert doesn't identify a particular host or person since they are never EVER revoked... These companies are primarily concerned with making money rememeber.... Too much scrutiny is an empty wallet... It is not in their interest to turn you away... (you are a guarranteed $200 every 1-2 years, after all)
If there was a good PKI that all the web browsers in the world could plug into this wouldn't be a problem at all. But these browser guys are competing and patenting, and I doubt it will ever happen.
Exactly how many certificates have you seen revoked?
And how many of these revocation lists are going around? I agree that the implementation of the certs is screwy, since basically it means nothing at this point other than the fact that you are communicating over SSL. Basically from a browser standpoint the implementation of certificates is completely worthless since the authentication checking is just not there. The X.509 cert's were originally designed to completely authenticate that you are talking to the host/person you intended to. Since browsers currently do absolutely nothing but a check vs. the public CA key basically any cert the CA issued regardless of status (other that those that have expired with time) are complete valid certs. They could have been forged, stolen, or otherwise abused but we trust them anyway... Really a sad state of things.... X.509 revocations do exist, but since there really is no universal Public Key Infrastructure (for the non-security guru), or rather the browsers don't even TRY or HAVE A WAY to validate them in most cases they really don't mean much at all...
Yea, I remember it... But, if you use anything mozilla like you can import the CA cert of any certificate authority you'd like. I am not sure how you do this with IE (since I wiped that right the hell off my boxes, my windows boxes don't even use it).
There is precisely no reason why these "authorities" should be getting any money... The servage is cheap since it doesn't even involve talking to their servers, just checking acceptance via a signing key... ANYONE can do that..! NO infrastructure!
There's nothing wrong with caning. Have you ever been to Singapore? It's a great place. Indeed, my favorite place in the world. Caning is a pretty effective deterrent for a lot of things. So are the hefty fines + rigorous enforcement they impose.
Haha! Singapore. I have to laugh at you. This is a place where you cannot dance in a club without a license, you are fined for spitting, gum ($1000-$2000 fine) is illegal, you cannot forget to flush a toilet without a $500 fine. Singapore may be a beautiful place, but we all are human and what are you supposed to do when you screw up with minor infractions? In Singapore, you go poor quickly. If you don't get poor, you are caned with a rattan stick dipped in brine (yeowy) and if you really screw up you are hanged (but that doesn't mean you killed someone since that punishment is given for much lesser crimes than USA.) These people eat dogs and bird puke, that pretty much says it all. I have a cousin-in-law from Singapore and probably know more about it than you... She didn't want to live there, why the hell would you?
However, the law itself is not unjust. The penalty is just a bit over the top.
This is an understatement. Jail time for what? Dubbing an extremely shitty copy of the movie that you probably wouldn't watch if you couldn't download it? Where is the "loss" involved? You likely wouldn't have downloaded if you really liked it, and probably only "cammed" it for a friend who wasn't sure they'd like it at all.
Next we'll be cutting your hand off if you stole a piece of candy at the grocery store (even accidentally) and handing out the cane lashes.
These aren't hallmarks of a good society, they are indicators of an oppressive form of government where the well-being of its citizens matters less than the well-being of the corporations and the system used to keep them down.
I wouldn't take a bullet for Halliburton, and that's what you're doing if you join the army now. And before you get all patriotic, remember how many americans got fired this year due to american corporation offshoring. I'm very patriotic and loyal to my fellow americans, but I will not look the other way when we are being raped by our system.
Probably logging, alerts, vpn, and better nat / port forwarding, Transparent proxying, and snmp. It is nice to know when you are being hacked.:) What are you, "most users" or a slashdot geek?:)
- Mind
It is a supreme waste of time. As is the "war" on terror, and the liberation of Iraq. I have nothing against helping the Iraqis acheive their own freedom with assistance (supplies), but sending Americans or anyone else there to die is pointless. Other countries helped the US liberate itself from British rule, but that didn't mean that they came to fight our war. There will always be "nutcase whackos" and having a war on terror will do nothing, as mother nature will always make more.
Back to the topic, however. I think it is completely not American to have the government involved in what is completely a civil matter in both an idealogical and practical sense. This issue should be company vs. individual (the one causing the damages), and for monetary loss not jail time. The US government is treading on the line of civil revolt, and it can and will happen if corporations continue to rule the government more than the people do. People are willing to be governed when they have a say, but not when there are tiers or classess. (People that have X million for Sentor X vs. people who have just a vote paper.) Any sensible person can see that any candidates speech is "voter spin" for the paper, and they vote with the people lining their wallets. Do I want the corporations controlling my life? Do you?... It pains me to see the government even considers this issue as something worth talking about, and it shows you exactly how far gone the system is.
Its just a matter of time before shit hits the fan and the "American way" will be just a cruel joke. Taxation and money will be the new devils, and freedom and barting of goods and services will win. Sounds impossible? Realize that fundamentally everything made and done costs nothing, it all comes out of the ground or air and time is only worth what is paid for it. If goods are exchanged freely and services are then we are no longer the slave labor of the government, we have freedom to choose worth based on the importance of resources to us.
So what do we do without a system like that which we have now? Good neighbor policy sounds like a good start.You help me, I help you. No money exchanged, and nothing to tax. There are those that believe that we must have money, taxes, etc, etc, but those are those people that also believe things cannot change. Some of us know better. Money is only as important as you make it, and when you have to pay a tithe on every purchase, your paycheck, and any other gain monetarily you are offically a vassal of the US Government.
This is why you buy a real firewall like sonicwall (relatively cheap). It's a one time expenditure that lasts virtually forever and insures that you are completely invulnerable to 99% of everything out there. Maybe you people like reloading machines all fucking day, but $400 one time (maybe less if you shop around) and you get a firewall adequate for 10 users with vpn, load balancing, transparent proxy, client virus scanner support (it makes sure all connected clients are up to date) and all kinds of other cool things. I've had mine since 2000 and I have never had need or reason to upgrade. The newer boxes are almost the same thing with a slightly slimmer form factor. This box does more crap than nearly every other firewall besides Checkpoint and is the best value. No software upgrades (sonicwall supports them for life) and a very agreeable licensing package.
- Mind
This is slashdot, per the submission form requirements any title with the word "Linux" must be spammed to all quadrants of the known universe regardless of the fact that most people really don't care about Linux. Slashdot has gone from "geeky but useful information" to "geeky and insignificant information". Fold your chairs, put them against the wall, kneel, and pray for real news at slashdot.
All you people have to talk about is cpu fans! Shoot yourselves now, please!
This is silly stuff really... If you outlaw weapons all that happens is that the criminals have them and the good people don't. I live near Chicago where guns are completely illegal in the city limits. Do you think these gun bans stop the crime? People die to guns in the city every day. People still get shot in the UK and the quicker you snap out of the coma the better off you will be. You cannot ignore problems like this and expect them to go away. A predator always goes in for the easy kill first and if you haven't anything to fight back with you are at their mercy. Murdered, Raped, Robbed, Stabbed, Shot.. I rather have none of the above... With a gun the assailant is going to be thinking the same thing you are... "Ohh shit!! Run!!!" Mission Accomplished. If I were a criminal I would be doing my crimes in an area where they cannot retaliate. Wouldn't you?
Gun accidents do happen but cars kill more people, and typically in more gruesome ways. We aren't banning cars are we?
I agree with you on the networking/programming ideas, and again I am an IT guy (Administration, and now Network Security). There are times when you can use a butter knife to turn the screw, and times when you need a torx (may they burn in hell). The counter-argument for what you're saying however is equally valid. One could state that if a generic and easy tool does the required job then knowledge of the complex methodology is not required..NET isn't the development bonus, it's their ide and tools which make it possible for the programmer to spend more time programming and less jacking with cvs and makefiles. Even better,.NET is highly abstracted from the hardware which means someone can design well performing code without coding to the machine. I'm from the old days, but even I can see where this equates to money saving. Quicker builds, better ide, and better api = the win. I love Linux, but have you tried to code a Window app for it? It's a friggin nightmare... The api are object oriented for the most part nor do they let you do anything in less than 1000 lines of code. To recommend this situation to anyone you would have to be insane.
Large corporations use Linux, but no one else can afford to which is all I've been saying. As far as competency, who said I wasn't well versed in Linux? I've been a UNIX admin for many years, and a Windows Admin several years previous to that (everyone has to eat). Linux is not less or more secure or more reliable than windows it's just void of same level of scrutiny.
Just because IBM can afford to be wrong doesn't mean I can. Install and configure DHCP, DNS, SMTP, and HTTP on your windows box and on your Linux box and see who is done first. The Windows guy will always win, and time is worth more than idealism to most people, myself included. Have the Windows guy lock it down security-wise and it will still be done before the Linux/UNIX person has even finished the initial configuration. I've worked with both systems, and I am not being paid to lie about it so what exactly is my incentive to misinform anyone?
As far as confidence that Microsoft will fix their software, just remember they have more money to throw at it and much more to lose than anyone else if they do not. They could decide to scrap the entire code base, start from scratch, weather that whole storm on their reserve cash, and come up with a completely new (but compatible) Windows system without the old problems. The problem here is money, not ability, and Microsoft can afford to pay the best software engineers. Linux is being constructed by Joe Nobody for the most part, with Linus' name tacked on top of the list of credits. Linux is where Windows is trying to leave (a utility OS) and you will find years down the line that utility is a vulnerablity. The Windows people have figured out that this utility comes at a price, and are trying to keep it in check.
The real problem isn't Microsoft, but the entrenched idealists that believe you can have security AND utility. Sorry guy, but I hate to break the news -- features = vulnerabilites. The more features you have the more problems come with it(there is more to go wrong.) But, conversely, without features you do not need the OS.
As far as Windows causing me trouble; I have not been hit by Melissa's, Sasser's, or anything else nor have any of the machines which I maintain for my clients. My internet connection itself is firewalled with a sonicwall firewall appliance, my machines are zonealarmed, and virus scanned. I apply my updates. I've used Internet Explorer, but prefer Mozilla (it's just faster)... I've used Outlook just like everyone else, and still have never been infected. (Gee people, it is possible to turn off scripting for e-mail) I've never been hit by any viruses, but I get a lot of mail for mailing lists (which means I see all the virused attachments). If I can be virus/trojan free for the last ten years running Windows I could honestly say that anyone can do it. If you are lazy, stupid, ignorant, or delusional that's not Microsoft's problem. Just because you know how to install Linux doesn't mean that the other terms do not apply. Infact, I would say that not knowing how to properly secure Windows boxen would negate the relavance of any UNIX knowledge you have; since you are likely just as knowledgable of that security as well.
I currently work in Network Security, so maybe I might know more than I divulge.:)
This is apples and oranges really, windows software is going through some evolution (as all OS do) and they are trying to "Do the Right Thing" in terms of what I've seen with 2003 Server, etc. I'd expect more of the same with Longhorn. Is it perfect? No, but neither is the Linux approach which amounts to "get lucky and find/read the right manual" or pray...
I'm neither a
Windows or Linux nazi, I simply use what gets me where I need faster. Any software that tries to do as much as Microsoft's is going to run into these problems, as "breadth of features" usually translates into increased security risks. In the beginning of Windows we were not desiring to pay for the security, but rather the utility of the systems. This has consequences, obviously, and we are seeing them now. Any system with these levels of complexity is going to run into these issues sooner or later.
Is that Microsoft's fault or ours? They are like every other successful company, and they try to give people what they want. They tried to give us what we wanted way back, but times have changed and now we want something different. Microsoft has the ability to change tracks however, and you will see the security issues start to dwindle in the near future. This is a growth process and converting Windows from a utility to a security platform is going to have some bumps.
Another issue is scale... There are millions of people trying to break (intentionally or accidentally) Windows vs. a few geeks playing with their toy OS in their basement. That doesn't mean those systems are more secure, it simply means that they are less tested.
Security through obscurity isn't security, even with an open source OS.
These people obviously don't have anything to do but putz around with their operating system. Why are they employed? The defaults that are good for you may not be good for me, and vice-versa. I like linux, but if I hand a cd to my wife and ask her to get it running I will be rushed to the nearest mental hospital. This is how the non-geek world looks at you when you ask them to use something that is not Windows or Windows-like. Fanaticism is not advocacy it's religion, learn to see through your own beliefs rather than be deluded by them. OSX would have to enter the race before it could be considered, it is being used by affluent-eclectic types that wouldn't fit the mold of a normal human being. Real business types consider the health of their vendor before purchasing... and Apple's is extremely poor.
Reason #1 - If you do not know UNIX nor does your staff you might as well not have it there because you cannot properly configure it or maintain it. Learning UNIX is ok for the IT world, but completely out of scope for the rest of the world. Windows is easier to maintain mostly because every critical app can be set to auto-update. (The ideal scenario) You are telling people to learn chinese just so they can order a meal when they already know english. They just want to eat, and see no reason nor need to do things another way when what they know is good enough.
Reason #2 - If it can be done on Windows, it can be done faster. Again, doesn't matter for the bigger companies out there but for medium to small operations where many times the "Resident Guru" is employed in some other department than IT. Fiddling with manuals, learning commands, scripting functionally, and what not are seen as severe wastes of time (and they are, time not working.) Applicationwise, the performance is about the same, but the learning curve for UNIX is insane... and a waste of time... for most
Reason #3 - All software has bugs and vulnerablities, the only difference is you need to be a native speaker of the chinese to understand your problem in FreeBSD/Linux/etc. This is not a free OS selling point, but a rather large pain in the ass. Who is required to provide your freeOS patch? No one. Another hard sell, obviously. This firewall commentary is pointless as well, as if you install zonealarm or other 3rd party security software your needs can be met and supported by the developer. I would pay $50 per machine for an easy to use firewall w/anti-spyware functions, wouldn't you?
This is a completely pointless argument. For one thing, Microsoft as made the operating system "auto-updateable." Yes, go into WinXP System Icon and look at YOUR automatic updates tab and note that you can configure it to install critical updates automatically at a certain time every day (lunch hour maybe?) and you are immediately protected from the Sasser viruses without any of your own intervention. Microsoft enabled the software to do the right thing, unfortunately nothing keeps people from being stupid or lazy. I would dock the paychecks for the IT department for not going in to configure the software properly and not doing their job. If these people were patched up (the patch was released April 13th) they could not get Sasser... Imagine that..
On another subject does zonealarm cost so much that it's not economical to install? What's is it $40 or 50 USD? That would be an hour or two of your time in greenbacks, but it solves the tracking cookie/spyware/virus transmission (oddball programs) problems and you can configure it to lock out modifications. Clicking open the programs and clicking "Allow to use the Internet" is too hard for people?
I agree with you on having patch cds included with recently purchased copies of the operating system, but there are arguments against that as well such as lulling the user to believe they are "patched up" without it really being true because they got some two month old update cd. Just some food for thought.
Despite the apparent Slash-Spin of this article it should be noted that Microsoft released the patch for this vulnerablity over two weeks ago, per:
MS's Security Bulletin on April 13th (this is a week before Sasser "hit".) Microsoft did their job, but can the UK Coastguard do theirs? Apparently not... It is so easy to point the finger at the provider or some anonymous joe on the Internet, but it is so hard to take responsibilty for your own lack of action. It's the UK Coastguard's job to apply their patches in a timely fashion so that the services they render can be reliably delivered.
It's possible to get these notices emailed to you as soon as they're available. These people should be fired, er wait.. in UK... sacked.
The people that think neo-stonehenge is more important than this need to be summarily shot, drawn, quartered, and forced to watch Friend's episodes until completely unmasculated.
That's because your video card probably has a brooktree tv encoder whether or not it is actually hooked up to anything (sometimes OTHER models of your card have it, and the manufacture is copying a reference design). The drivers aren't probably smart enough to tell, thus you are screwed simply if you have the encoder, The problem with that is that virtually every nvidia card past riva tnt2 has this encoder. I wonder when these guys will get the idea that maybe some normal users are putting their computer in their living room with the tv and would simply like to output their digital media for their own use. Whoever figures this out probably will be the "next big thing" in video cards simply because modern cpu's are good enough to take over most of the video processing. Poly pushing and texture speeds are nice, but mean nothing/little in regard to dvd/mpeg/whatever playback.
Casino's advertise the number of decks because they are often required to by state laws. The number of decks changes the play dynamics pretty drastically. Most casino dealers are taught to cut the high cards out of the shoe. At the end of a long night you could have 80% of the ten cards out of the shoe... One and two deck games are much more fair, in that order. Trust me, it happens.:)
BWJones said:
Hopefully if you are in science, you are doing what you do for reasons other than financial gain. Ideally, one should be doing what they are doing in science to make a difference.
--- snip
Why does our culture believe scientists have to work for free? Without these people -YOU- wouldn't have a job, or even a career to get into. Scientists should be highly paid... You are replacable, and they're not.
Ask yourself who is more important to the future of humanity: The monkey turning the wrench, or the guy designing wrenches? The monkey's job doesn't EXIST without the wrench designer -- he cannot turn the bolt with his hands. Where are all these magic "jobs" going to be when innovation is completely stifled by poor compensation toward the people that create the "brain-trust" of the future? The only thing that keeps jobs here in the US is being ahead of the curve. Falling behind means there is no reason to choose you over the people in Europe or Asia... Progress is the "niche" which divides the poor from the rich countries... We are going to be poor because we are assassinating the opportunities for the people who create more opportunities!
Scientists need incentives to stay interested in their fields, and it's hard to do so when your family is starving. All this really means is we're going to run into a new dark age because the scientists have the brains to realize that a plumber can provide better for himself and his family. The would-be scientists will still probably dabble in their spare time, but dollars are dollars... and most of us can count well...
Inflation also means that $80,000 now is worth $40000 in 20 years... Get ready for the big downhill...
Historically, scientists in the old days were well paid -- maybe even rich... The people with the money (governments & rulers & rich sponsors) saw those people as irreplacable assets. Just to give you an idea... What was really invented in the 20th century? Transistors , Nuclear Physics, and powered vehicles... Many other discoveries which were refinements of those, or supporting... In the 1700's to 1800's -- Symbolic Algebra, Trig, Calculus and nearly all of the math we use to day were perfected (understand how hard this is without the concept of a slide rule, or a calculator!) and physics was mostly solidified. These mathematical inventions were the REASON our inventions happened, and without them we wouldn't have cars, computers, or nuclear technology. Our future depends on funding the people coming up with, testing, and developing ideas.
Slashdot Mirror
I'm so glad my entire network is running Linux. :) I swear there is some major virus every goddamn week. Linux has it's own problems, but I am glad I can do something about them. I wonder how long it will take for businesses to realize that running around chasing exploits and viruses isn't a good way to make use of your technical support staff time.
-Mind
Generally my only problem is that windows takes twice the memory and disk to run the same crap and still runs anything with a GUI slower. I've used Firefox, GIMP, and more on Windows but for people who don't want to keep upgrading hard drives, memory , and cpu with every interation of the OS just to be able to use Office-type applications. The only app that cannot be replaced for me is certain games, but one could argue that I spend too much time doing that anyway. There is nothing wrong with finding more productive and enriching activities to occupy my time. :)
:)
:)
My wife uses a p3 500mhz w/128 megs of ram. It runs like a dying dog under WinXP and is extremely nice on Linux (even feels "fast".) People that want cpu power for their buck whether they run a p2/300 or a amd64 have no alternative to Linux really. FreeBSD has a feature gap, and the other BSD's are good at special "niches" that really cease to matter when a Linux box can do it. (I really want to love BSDs, but without good SMP they really are way behind.) I do realize outside of the kernel level NetBSD=FreeBSD=Linux.
I run Linux on a p2/300 and it runs quickly and well... Try the same with WinXP (and no apps installed!) This brings me to the other thing I enjoy about Linux... I have the choice to remove certain services and add features that may increase my system performance. In Windows there is nearly nothing you can do but spend more money (on hardware or special software.) I tweaked an Athlon 1gz in WinXP and even after all the tuning possible it still runs half as fast as it does on Linux. What exactly are these people doing with all the clock cycles? I run a comparable set of apps say xfce4, xmms, openoffice, and firefox and I still have enough clock cycles left to rebuild my entire distro from source and run apache, samba, and some other servers without it effecting my activities AT ALL. Try that in Windows buddy!
Windows is bloatware, and people get tired of having to sacrifice the performance they need for the extra crap that they do not. Things don't look good for Microsoft at all.
-Mind
As long as you aren't using passwords that are straight out of the dictionary (this is like 3rd grade people) you should be fine even with something like this being available. I suggest quit using passwords, and use passphrases instead. Someone MD5ing phrases will have to look for months not days.. Change your passphrase like every three months and you'll never have a thing to worry about. The only problem is that md5 has a pretty limited key space and "foo" might equal "TheLastStand" so someone may come up with an equivalent key. Regardless, md5 is designed to keep people from being able to easily come up with these passwords or alter a file it is not designed to keep people off of your computer and it is still much better than crypt. Being able to reverse an md5sum isn't going to get someone on your system that hasn't already got in. Make sure root cannot log on to your box and a user cannot su without being in wheel so if someone does crack the md5 they have no hope of getting any more rights than they already have. Configure a script to run to alert you right away if someone attempts to su but gets canned because of not being in the wheel group. Really stuff unix people should have been doing all along
Remember: Don't Panic!
-Mind
They require paper proof which doesn't mean that the digital property hasn't been misappropriated from its true owner. As it stands now if someone stole your server key and you wanted to use it on their own box they can, and you cannot revoke it and have your CA reissue your cert the way it should work. Sure, the user of that site gets a browser message but big whoop... people are used to pop ups and just click shit away that they don't care to see.
This physical paper trail does nothing to increase the security of the browser, it only works to increase the security of the information the CA has. Someone can forge documents and open up a site in your name and since you cannot "revoke" a cert there is no way for you to shut them down once the process is completed. All it takes it a little bit of letterhead, a borrowed ID, and some other (possibly faked) documentation. The last time I got a cert I lied about 90% of the information.. I think the only thing that was true was the phone number. Let's fact it... The CA has no authority to shut down your key once it is issued (since there is no revocation mechanism) and once you get past the screen it is game over. That basically means these certificates are worthless for identifying people since a particular cert doesn't identify a particular host or person since they are never EVER revoked... These companies are primarily concerned with making money rememeber.... Too much scrutiny is an empty wallet... It is not in their interest to turn you away... (you are a guarranteed $200 every 1-2 years, after all)
If there was a good PKI that all the web browsers in the world could plug into this wouldn't be a problem at all. But these browser guys are competing and patenting, and I doubt it will ever happen.
- Mind
Exactly how many certificates have you seen revoked? And how many of these revocation lists are going around? I agree that the implementation of the certs is screwy, since basically it means nothing at this point other than the fact that you are communicating over SSL. Basically from a browser standpoint the implementation of certificates is completely worthless since the authentication checking is just not there. The X.509 cert's were originally designed to completely authenticate that you are talking to the host/person you intended to. Since browsers currently do absolutely nothing but a check vs. the public CA key basically any cert the CA issued regardless of status (other that those that have expired with time) are complete valid certs. They could have been forged, stolen, or otherwise abused but we trust them anyway... Really a sad state of things.... X.509 revocations do exist, but since there really is no universal Public Key Infrastructure (for the non-security guru), or rather the browsers don't even TRY or HAVE A WAY to validate them in most cases they really don't mean much at all...
-Mind
Yea, I remember it... But, if you use anything mozilla like you can import the CA cert of any certificate authority you'd like. I am not sure how you do this with IE (since I wiped that right the hell off my boxes, my windows boxes don't even use it).
Not as big an impact as you think..
-Mind
There is precisely no reason why these "authorities" should be getting any money... The servage is cheap since it doesn't even involve talking to their servers, just checking acceptance via a signing key... ANYONE can do that..! NO infrastructure!
-Mind
There's nothing wrong with caning. Have you ever been to Singapore? It's a great place. Indeed, my favorite place in the world. Caning is a pretty effective deterrent for a lot of things. So are the hefty fines + rigorous enforcement they impose.
Haha! Singapore. I have to laugh at you. This is a place where you cannot dance in a club without a license, you are fined for spitting, gum ($1000-$2000 fine) is illegal, you cannot forget to flush a toilet without a $500 fine. Singapore may be a beautiful place, but we all are human and what are you supposed to do when you screw up with minor infractions? In Singapore, you go poor quickly. If you don't get poor, you are caned with a rattan stick dipped in brine (yeowy) and if you really screw up you are hanged (but that doesn't mean you killed someone since that punishment is given for much lesser crimes than USA.) These people eat dogs and bird puke, that pretty much says it all. I have a cousin-in-law from Singapore and probably know more about it than you... She didn't want to live there, why the hell would you?
-Mind
However, the law itself is not unjust. The penalty is just a bit over the top.
This is an understatement. Jail time for what? Dubbing an extremely shitty copy of the movie that you probably wouldn't watch if you couldn't download it? Where is the "loss" involved? You likely wouldn't have downloaded if you really liked it, and probably only "cammed" it for a friend who wasn't sure they'd like it at all.
Next we'll be cutting your hand off if you stole a piece of candy at the grocery store (even accidentally) and handing out the cane lashes.
These aren't hallmarks of a good society, they are indicators of an oppressive form of government where the well-being of its citizens matters less than the well-being of the corporations and the system used to keep them down.
I wouldn't take a bullet for Halliburton, and that's what you're doing if you join the army now. And before you get all patriotic, remember how many americans got fired this year due to american corporation offshoring. I'm very patriotic and loyal to my fellow americans, but I will not look the other way when we are being raped by our system.
-Mind
Probably logging, alerts, vpn, and better nat / port forwarding, Transparent proxying, and snmp. It is nice to know when you are being hacked. :) What are you, "most users" or a slashdot geek? :)
- Mind
It is a supreme waste of time. As is the "war" on terror, and the liberation of Iraq. I have nothing against helping the Iraqis acheive their own freedom with assistance (supplies), but sending Americans or anyone else there to die is pointless. Other countries helped the US liberate itself from British rule, but that didn't mean that they came to fight our war. There will always be "nutcase whackos" and having a war on terror will do nothing, as mother nature will always make more.
Back to the topic, however. I think it is completely not American to have the government involved in what is completely a civil matter in both an idealogical and practical sense. This issue should be company vs. individual (the one causing the damages), and for monetary loss not jail time. The US government is treading on the line of civil revolt, and it can and will happen if corporations continue to rule the government more than the people do. People are willing to be governed when they have a say, but not when there are tiers or classess. (People that have X million for Sentor X vs. people who have just a vote paper.) Any sensible person can see that any candidates speech is "voter spin" for the paper, and they vote with the people lining their wallets. Do I want the corporations controlling my life? Do you?... It pains me to see the government even considers this issue as something worth talking about, and it shows you exactly how far gone the system is.
Its just a matter of time before shit hits the fan and the "American way" will be just a cruel joke. Taxation and money will be the new devils, and freedom and barting of goods and services will win. Sounds impossible? Realize that fundamentally everything made and done costs nothing, it all comes out of the ground or air and time is only worth what is paid for it. If goods are exchanged freely and services are then we are no longer the slave labor of the government, we have freedom to choose worth based on the importance of resources to us.
So what do we do without a system like that which we have now? Good neighbor policy sounds like a good start.You help me, I help you. No money exchanged, and nothing to tax. There are those that believe that we must have money, taxes, etc, etc, but those are those people that also believe things cannot change. Some of us know better. Money is only as important as you make it, and when you have to pay a tithe on every purchase, your paycheck, and any other gain monetarily you are offically a vassal of the US Government.
- Mind
This is why you buy a real firewall like sonicwall (relatively cheap). It's a one time expenditure that lasts virtually forever and insures that you are completely invulnerable to 99% of everything out there. Maybe you people like reloading machines all fucking day, but $400 one time (maybe less if you shop around) and you get a firewall adequate for 10 users with vpn, load balancing, transparent proxy, client virus scanner support (it makes sure all connected clients are up to date) and all kinds of other cool things. I've had mine since 2000 and I have never had need or reason to upgrade. The newer boxes are almost the same thing with a slightly slimmer form factor. This box does more crap than nearly every other firewall besides Checkpoint and is the best value. No software upgrades (sonicwall supports them for life) and a very agreeable licensing package. - Mind
All you people have to talk about is cpu fans! Shoot yourselves now, please!
- Mind
Gun accidents do happen but cars kill more people, and typically in more gruesome ways. We aren't banning cars are we?
- Mind
I agree with you on the networking/programming ideas, and again I am an IT guy (Administration, and now Network Security). There are times when you can use a butter knife to turn the screw, and times when you need a torx (may they burn in hell). The counter-argument for what you're saying however is equally valid. One could state that if a generic and easy tool does the required job then knowledge of the complex methodology is not required. .NET isn't the development bonus, it's their ide and tools which make it possible for the programmer to spend more time programming and less jacking with cvs and makefiles. Even better, .NET is highly abstracted from the hardware which means someone can design well performing code without coding to the machine. I'm from the old days, but even I can see where this equates to money saving. Quicker builds, better ide, and better api = the win. I love Linux, but have you tried to code a Window app for it? It's a friggin nightmare... The api are object oriented for the most part nor do they let you do anything in less than 1000 lines of code. To recommend this situation to anyone you would have to be insane.
Large corporations use Linux, but no one else can afford to which is all I've been saying. As far as competency, who said I wasn't well versed in Linux? I've been a UNIX admin for many years, and a Windows Admin several years previous to that (everyone has to eat). Linux is not less or more secure or more reliable than windows it's just void of same level of scrutiny.
:)
Just because IBM can afford to be wrong doesn't mean I can. Install and configure DHCP, DNS, SMTP, and HTTP on your windows box and on your Linux box and see who is done first. The Windows guy will always win, and time is worth more than idealism to most people, myself included. Have the Windows guy lock it down security-wise and it will still be done before the Linux/UNIX person has even finished the initial configuration. I've worked with both systems, and I am not being paid to lie about it so what exactly is my incentive to misinform anyone?
As far as confidence that Microsoft will fix their software, just remember they have more money to throw at it and much more to lose than anyone else if they do not. They could decide to scrap the entire code base, start from scratch, weather that whole storm on their reserve cash, and come up with a completely new (but compatible) Windows system without the old problems. The problem here is money, not ability, and Microsoft can afford to pay the best software engineers. Linux is being constructed by Joe Nobody for the most part, with Linus' name tacked on top of the list of credits. Linux is where Windows is trying to leave (a utility OS) and you will find years down the line that utility is a vulnerablity. The Windows people have figured out that this utility comes at a price, and are trying to keep it in check.
The real problem isn't Microsoft, but the entrenched idealists that believe you can have security AND utility. Sorry guy, but I hate to break the news -- features = vulnerabilites. The more features you have the more problems come with it(there is more to go wrong.) But, conversely, without features you do not need the OS.
As far as Windows causing me trouble; I have not been hit by Melissa's, Sasser's, or anything else nor have any of the machines which I maintain for my clients. My internet connection itself is firewalled with a sonicwall firewall appliance, my machines are zonealarmed, and virus scanned. I apply my updates. I've used Internet Explorer, but prefer Mozilla (it's just faster)... I've used Outlook just like everyone else, and still have never been infected. (Gee people, it is possible to turn off scripting for e-mail) I've never been hit by any viruses, but I get a lot of mail for mailing lists (which means I see all the virused attachments). If I can be virus/trojan free for the last ten years running Windows I could honestly say that anyone can do it. If you are lazy, stupid, ignorant, or delusional that's not Microsoft's problem. Just because you know how to install Linux doesn't mean that the other terms do not apply. Infact, I would say that not knowing how to properly secure Windows boxen would negate the relavance of any UNIX knowledge you have; since you are likely just as knowledgable of that security as well.
I currently work in Network Security, so maybe I might know more than I divulge.
This is apples and oranges really, windows software is going through some evolution (as all OS do) and they are trying to "Do the Right Thing" in terms of what I've seen with 2003 Server, etc. I'd expect more of the same with Longhorn. Is it perfect? No, but neither is the Linux approach which amounts to "get lucky and find/read the right manual" or pray...
I'm neither a Windows or Linux nazi, I simply use what gets me where I need faster. Any software that tries to do as much as Microsoft's is going to run into these problems, as "breadth of features" usually translates into increased security risks. In the beginning of Windows we were not desiring to pay for the security, but rather the utility of the systems. This has consequences, obviously, and we are seeing them now. Any system with these levels of complexity is going to run into these issues sooner or later.
Is that Microsoft's fault or ours? They are like every other successful company, and they try to give people what they want. They tried to give us what we wanted way back, but times have changed and now we want something different. Microsoft has the ability to change tracks however, and you will see the security issues start to dwindle in the near future. This is a growth process and converting Windows from a utility to a security platform is going to have some bumps.
Another issue is scale... There are millions of people trying to break (intentionally or accidentally) Windows vs. a few geeks playing with their toy OS in their basement. That doesn't mean those systems are more secure, it simply means that they are less tested. Security through obscurity isn't security, even with an open source OS.
-Mind
These people obviously don't have anything to do but putz around with their operating system. Why are they employed?
The defaults that are good for you may not be good for me, and vice-versa. I like linux, but if I hand a cd to my wife and ask her to get it running I will be rushed to the nearest mental hospital. This is how the non-geek world looks at you when you ask them to use something that is not Windows or Windows-like. Fanaticism is not advocacy it's religion, learn to see through your own beliefs rather than be deluded by them. OSX would have to enter the race before it could be considered, it is being used by affluent-eclectic types that wouldn't fit the mold of a normal human being. Real business types consider the health of their vendor before purchasing... and Apple's is extremely poor.
-Mind
Reason #1 - If you do not know UNIX nor does your staff you might as well not have it there because you cannot properly configure it or maintain it. Learning UNIX is ok for the IT world, but completely out of scope for the rest of the world. Windows is easier to maintain mostly because every critical app can be set to auto-update. (The ideal scenario) You are telling people to learn chinese just so they can order a meal when they already know english. They just want to eat, and see no reason nor need to do things another way when what they know is good enough.
Reason #2 - If it can be done on Windows, it can be done faster. Again, doesn't matter for the bigger companies out there but for medium to small operations where many times the "Resident Guru" is employed in some other department than IT. Fiddling with manuals, learning commands, scripting functionally, and what not are seen as severe wastes of time (and they are, time not working.) Applicationwise, the performance is about the same, but the learning curve for UNIX is insane... and a waste of time... for most
Reason #3 - All software has bugs and vulnerablities, the only difference is you need to be a native speaker of the chinese to understand your problem in FreeBSD/Linux/etc. This is not a free OS selling point, but a rather large pain in the ass. Who is required to provide your freeOS patch? No one. Another hard sell, obviously. This firewall commentary is pointless as well, as if you install zonealarm or other 3rd party security software your needs can be met and supported by the developer. I would pay $50 per machine for an easy to use firewall w/anti-spyware functions, wouldn't you?
-Mind
This is a completely pointless argument. For one thing, Microsoft as made the operating system "auto-updateable." Yes, go into WinXP System Icon and look at YOUR automatic updates tab and note that you can configure it to install critical updates automatically at a certain time every day (lunch hour maybe?) and you are immediately protected from the Sasser viruses without any of your own intervention. Microsoft enabled the software to do the right thing, unfortunately nothing keeps people from being stupid or lazy. I would dock the paychecks for the IT department for not going in to configure the software properly and not doing their job. If these people were patched up (the patch was released April 13th) they could not get Sasser... Imagine that..
On another subject does zonealarm cost so much that it's not economical to install? What's is it $40 or 50 USD? That would be an hour or two of your time in greenbacks, but it solves the tracking cookie/spyware/virus transmission (oddball programs) problems and you can configure it to lock out modifications. Clicking open the programs and clicking "Allow to use the Internet" is too hard for people?
I agree with you on having patch cds included with recently purchased copies of the operating system, but there are arguments against that as well such as lulling the user to believe they are "patched up" without it really being true because they got some two month old update cd. Just some food for thought.
-Mind
Despite the apparent Slash-Spin of this article it should be noted that Microsoft released the patch for this vulnerablity over two weeks ago, per:
MS's Security Bulletin on April 13th (this is a week before Sasser "hit".) Microsoft did their job, but can the UK Coastguard do theirs? Apparently not... It is so easy to point the finger at the provider or some anonymous joe on the Internet, but it is so hard to take responsibilty for your own lack of action. It's the UK Coastguard's job to apply their patches in a timely fashion so that the services they render can be reliably delivered.
It's possible to get these notices emailed to you as soon as they're available. These people should be fired, er wait.. in UK... sacked.
- Mind
Stonehenge? Who needs one?
o .zealand.reut/index.html
If I was in NZ I would build an enbankment to protect me from the wall of molten acidic volcanic death!
http://www.cnn.com/2004/TECH/science/05/03/volcan
The people that think neo-stonehenge is more important than this need to be summarily shot, drawn, quartered, and forced to watch Friend's episodes until completely unmasculated.
That's because your video card probably has a brooktree tv encoder whether or not it is actually hooked up to anything (sometimes OTHER models of your card have it, and the manufacture is copying a reference design). The drivers aren't probably smart enough to tell, thus you are screwed simply if you have the encoder, The problem with that is that virtually every nvidia card past riva tnt2 has this encoder. I wonder when these guys will get the idea that maybe some normal users are putting their computer in their living room with the tv and would simply like to output their digital media for their own use. Whoever figures this out probably will be the "next big thing" in video cards simply because modern cpu's are good enough to take over most of the video processing.
Poly pushing and texture speeds are nice, but mean nothing/little in regard to dvd/mpeg/whatever playback.
-mind
Casino's advertise the number of decks because they are often required to by state laws. The number of decks changes the play dynamics pretty drastically. Most casino dealers are taught to cut the high cards out of the shoe. At the end of a long night you could have 80% of the ten cards out of the shoe... One and two deck games are much more fair, in that order. Trust me, it happens.
- Mindmaster
--- snip
Why does our culture believe scientists have to work for free? Without these people -YOU- wouldn't have a job, or even a career to get into. Scientists should be highly paid... You are replacable, and they're not.
Ask yourself who is more important to the future of humanity: The monkey turning the wrench, or the guy designing wrenches? The monkey's job doesn't EXIST without the wrench designer -- he cannot turn the bolt with his hands. Where are all these magic "jobs" going to be when innovation is completely stifled by poor compensation toward the people that create the "brain-trust" of the future? The only thing that keeps jobs here in the US is being ahead of the curve. Falling behind means there is no reason to choose you over the people in Europe or Asia... Progress is the "niche" which divides the poor from the rich countries... We are going to be poor because we are assassinating the opportunities for the people who create more opportunities!
Scientists need incentives to stay interested in their fields, and it's hard to do so when your family is starving. All this really means is we're going to run into a new dark age because the scientists have the brains to realize that a plumber can provide better for himself and his family. The would-be scientists will still probably dabble in their spare time, but dollars are dollars... and most of us can count well... Inflation also means that $80,000 now is worth $40000 in 20 years... Get ready for the big downhill...
Historically, scientists in the old days were well paid -- maybe even rich... The people with the money (governments & rulers & rich sponsors) saw those people as irreplacable assets. Just to give you an idea... What was really invented in the 20th century? Transistors , Nuclear Physics, and powered vehicles... Many other discoveries which were refinements of those, or supporting... In the 1700's to 1800's -- Symbolic Algebra, Trig, Calculus and nearly all of the math we use to day were perfected (understand how hard this is without the concept of a slide rule, or a calculator!) and physics was mostly solidified. These mathematical inventions were the REASON our inventions happened, and without them we wouldn't have cars, computers, or nuclear technology. Our future depends on funding the people coming up with, testing, and developing ideas.
- Mind