I would add SageTV http://sage.tv/ along side with BeyondTV. Very nice interface, stable, easy to use. The extras (Movies, YouTube, GoogleVideo, Pictures, etc.) are all work much nicer than on the Tivo. Threw a cheap tuner card (dual analog/ATSC for $69) into a P4 2.8GHz box that wasn't being utilized, random 250GB FireWire HDD -- completely rocks the socks off of ComcastDVR/Tivo, with no monthly cost.
One of the original points of the article (and in some of the comments) is that capchas are at the same time getting more difficult for humans to solve and yet easier for machines to solve. Add onto this the annoyance and traffic with email address verification, and just the fact that I don't necessarily *want* to give my email address to every website out there. Adds up to a burden and annoyance on the users. Remember that they are the ones who make a website worthwhile.
Building some spam fighting techniques into the website directly can mitigate a lot of these problem. Perhaps limit the number of new OpenIDs from the same domain in a given time-window. Plus, upon discovery - it seems like a pretty easy thing to clean out. (DELETE FROM USERS WHERE DOMAIN_NAME="id.spammer.tld") and perhaps (DELETE FROM POSTS WHERE DOMAIN_NAME="id.spammer.tld")
I didn't mean to suggest that OpenID would solve this, but the capcha/email address verification solution isn't working either. It's not stopping the spam, it's not proving that you are dealing with a human.
No, they certainly don't claim this to be a solution to spam. But for it to be used this way, it seems that you would need to run your own identity server - and then it follows back to a domain. If that gets abused, could certainly add those servers to existing RBL's. Configuring forum software and such to do RBL lookups would put less load on them than capcha, and would be less onerous to users.
With all of the mention of privacy, I can't help but think that identity is inescapably linked. Nearly everything that I do is public in some way - unless I do it in my own home, alone, quietly, with the shades drawn. But I do have separate aspects to my life that doesn't necessarily need to be shared universally. I have many identities.
We all do many things with people, our friends, co-workers and acquaintances; but we don't necessarily share those with our other groups. Privacy is important so that we can exercise, explore and express the different aspects of ourselves. The same person can be the quiet & conservative worker, a raver, a revolutionary, devoutly christian and a criminal.
Privacy allows us ownership of our identity and ourselves.
The Dell XPS Gaming laptop has all of those extra lights by design - some of us bought it because of that. Anyways, there is BIOS and software control for those lights - you CAN disable them. If the whole idea of superfluous LED's bothers you - I might suggest you get the plain model instead.
If you are running a Windows domain, you may want to look at RIS (Remote Installation Service). Workstations use PXE to boot over the network and a "image" is placed onto the box. The image is a not quite the same as Ghost in that an actual install (with hardware detection) is performed for each machine, applications are then dumped on top of this. Is quite portable across different machines, not to difficult to get running (no more boot floppys!) and is included with Windows Server.
I believe that the ATI AIW cards that have FM capability show up as another audio source in Windows, you should hopefully be able to use that as your input into either VLC or Windows Media Encoder to stream. You can use Remote Desktop or VNC to control the software (this is the simple answer from someone who doesn't code). Otherwise why not just run an FM tuner into the line-in jack.
I agree with your point, though I would argue that not every photographer is Ansel Adams, nor is every company able to justify a "packet pro". I'm not going to hire a nationally known photographer for my wedding, but rather someone who meets my requirements of skill balanced with cost.
I still think that for many installations something like a Firebox can be learned by the in-house administrator, and will probably meet the security threat/skill/cost equation. I am assuming a fairly straighforward scenario. If their requirements are more complex (VPN's, complex in & out access rule required, many remote sites) then they should definately look at hiring a consultant to set it up and help them maintain - but not every situation requires that.
While I agree that BSD/pf is potentially one of the best, and with no licensing costs perhaps the cheapest - but did you all read the last sentence of the original question?
Getting an OpenBSD box up, configuring the routing and firewall can be learned, perhaps even in a week, but that assumes someone with a pretty damn good low level understanding of networks and protocols. You or I might do this, but it's at the opposite end of the spectrum from Windows/Symantec Firewall.
More details would help a lot (number of systems, incoming connections, type of services provided, etc.), but I do think you can do better. Take a look perhaps at WatchGuard. Nice easy interface, comes with 6 interfaces for various internal & DMZ segments and VPN. You could probably get a pair of X1000's for failover, a couple of years of security service and still be far less than $13,000. Plus I personally think it would be a better setup.
There are many others out there also, but I have had success installing these for folks who want to manage the setup themselves.
On Television: Avoid the channels that run an exceptionally high ration of ads to program, use PVR to skip ads, or more recently use NetFlix to watch an entire TV series all at once - sans ads.
Magazines: I have stopped buying as many magazines as I used to (30+ month), get the content online. It's too much trouble to wade through some magazines anymore with a 50% ad ratio.
Radio: Don't listen to commericial radio at all anymore, just streaming stations online (KEXP & BassDrive) and PodCasts (Public Radio, IT Conversations).
Internet: I absolutely use a pop-up blocker and some minor ad-filtering. Why should loading a page from a site require a dozen DNS lookups to other domains? To read a fairly simple web page (30K or so of real information) requires 200K to download with all of the ads nowadays.
Postal: 99.9% of ad-mail goes straight to the recycle bin.
Movie Theatre: Rarely go - Can't see the value in paying $9.00 to see 15 min. of ads before the movie in a crappy, sticky theatre.
Personal: I don't wear anything that sports any kind of blatant logo. You won't see me sporting Nike or Hilfiger ever.
I understand that many companies are complaining of decreasing margins (though I'm not sure I believe it) and that ads, sponsorships, product placements, etc. are ways to shore up their business models. The reality is that their incessant bombardment is driving me away as a customer. This has significantly impacted my buying decisions, which ultimately will impact their poor business models. Maybe if they spent a little less on advertising and just offered a decent product - their margins would be fine.
Offers VoD service. They have ~40 or so 'channels' covering cartoons, sports, movies, travel, adult, indie & music. Service is roughly $10/mo. with some individual programs having a small charge.
Their service does require a set-top box from them right now, which runs WinXP-Embedded and contains an OEM MSI motherboard. Their docs specifiy that they are using WindowMedia9 with DRM to deliver the content. They are claiming that you will be able to use their service with a PC soon (WinXP-MCE).
I don't mean to suggest that it is trivial or easy in the slightest. I certainly wouldn't boast that I would be able to not only find the evidence, but also meet the burden of evidentiary procedure. I think that the procedures are just a system, a very specific system, but one that also fairly absolute and follows some logic.
I do agree that geeks are prone to the practical (or at least what seems to be in their mind) which leads them to taking the direct route rather than the proper route. I still think that I would fall on the side of a geek learning the proper procedure rather than investigators learning computers. Computers are a much broader system, with far fewer constants or logic.
A computer tech. under the mentoring of an investigator would work the best I think.
I teach both networking and computer security. In my classes I have had personal experience with "Computer Crime Investigators". Most of them are officers who have gone to $20-50,000 (not exaggerating) worth of training in a few weeks that they don't understand, got a few "law enforcement only" utilities (Knoppix has better tools) that they can run. They are no better at understanding technology than your average office user. If they can't click a button in their tools and have all of the evidence discovered, analyzed and spit out in a non-technical report - they generally won't get much. Add a sprinkle of encryption and they are baffled. There are those who are quite skilled, but as with most things - they are few and far between.
For example: I have a friend who works in IT for a law enforcement agency. He constantly gets calls from their computer forensics specialist asking for help on why his station won't boot. Usually it's because he overwrote his boot sector while ananyzing a drive (I don't understand either).
Unfortunately the prevailing opinion is that teaching a street cop technology is easier than teaching a tech the intracate details of law enforcement. The higher ups don't realize that any IT persons job is basically an daily investigation. I think the answer is to pair up the two, but again, none of these agencies has asked me.
While the damage was great, it was not complete. One of the lead posts refers to someone who is sending/receiving SMS messages down there - so at least one tower is still operational. I would also believe that some of the telco CO's are still standing & operating.
If T-Mobile wanted to set up shop down there -- they could make it work.
While others are donating real money out of their personal pockets, T-Mobile is donating a couple of hundred dollars worth of Wi-Fi. How about handing out some of the cheap pre-paid phones with service. Or better yet, some communications centers with computers and phones that people can come and try to get a message out to their families.
A couple of trucks with personnel, generators, multiple GPRS data connections, computers and a dozen cell phones - might cost $50-60,000 (being generous). Far less than one television ad with what's-her-name, and would actually be of some use to those in Louisiana.
I keep a small USB stick around for misc. projects like this. Any modern mobo will boot from a USB device.
1) bootdisk.com - get a DOS floppy image 2) dd if=image.img of=/dev/sda1 3) mount and place flash program and BIOS image on memory stick 4) Reboot machine (changing boot order if necessary)
What else are you going to do with that old 16MB thumb drive.
This is precisely the correct answer. Not iptables/smoothwall/shorewall/other_*nix_box_inbet ween answer. Read the question folks, supply the simplest effective answer, preferrably using the tools that come with the operating system.
Don't ANY of the CEO/CIO's, auditors or even PR people at these places read the news.
Doesn't even one of them think for a moment - "Huh? I wonder what we are doing to make sure that this doesn't happen to us?"
I'm not one for endorsing additional legislation - but perhaps if we held officers liable (SarbOx style maybe) for these breaches, then maybe someone will start to care.
I think what might make it special (and worth $120 perhaps) is the 4 Ports of GigEthernet, WPA Personal/WPA Enterprise, SPI firewall, QoS with apps predefined. It's a lot out of the box, and probably worth it to a lot of people. I am guessing that you won't find comparable features (hardware especially) in anything under $100.
Me personally, I am happier with a $70 Linksys WRT54GS running OpenWRT http://www.openwrt.org/ I can load QoS, VPN, different firewall options, VoIP,....... as needed. It's probably not for the home user though.
Most of those coming to the class may not have the same learning style as yourself.
Most instructors (technical) that I have known are self-taught on most topics. They learn by researching on the internet and trying on their own and skim reading books. They often don't take classes. I wouldn't recommend applying your learing preferences to those whom are coming to take your class.
I have found that the participants in my classes want to have a book. They use it as an anchor or outline to the class, a place to take notes and as a reminder as to some of the topics. The real information is still in my notes on the board and examples on the projector.
I have tried to teach without the book (ordering error) and it just hasn't gone well. The class tries to focus so hard on taking exact notes that they don't actually absorb any of the material. Plus they like to have the reference later.
Slashdot Mirror
I would add SageTV http://sage.tv/ along side with BeyondTV. Very nice interface, stable, easy to use. The extras (Movies, YouTube, GoogleVideo, Pictures, etc.) are all work much nicer than on the Tivo. Threw a cheap tuner card (dual analog/ATSC for $69) into a P4 2.8GHz box that wasn't being utilized, random 250GB FireWire HDD -- completely rocks the socks off of ComcastDVR/Tivo, with no monthly cost.
One of the original points of the article (and in some of the comments) is that capchas are at the same time getting more difficult for humans to solve and yet easier for machines to solve. Add onto this the annoyance and traffic with email address verification, and just the fact that I don't necessarily *want* to give my email address to every website out there. Adds up to a burden and annoyance on the users. Remember that they are the ones who make a website worthwhile.
Building some spam fighting techniques into the website directly can mitigate a lot of these problem. Perhaps limit the number of new OpenIDs from the same domain in a given time-window. Plus, upon discovery - it seems like a pretty easy thing to clean out. (DELETE FROM USERS WHERE DOMAIN_NAME="id.spammer.tld") and perhaps (DELETE FROM POSTS WHERE DOMAIN_NAME="id.spammer.tld")
I didn't mean to suggest that OpenID would solve this, but the capcha/email address verification solution isn't working either. It's not stopping the spam, it's not proving that you are dealing with a human.
No, they certainly don't claim this to be a solution to spam. But for it to be used this way, it seems that you would need to run your own identity server - and then it follows back to a domain. If that gets abused, could certainly add those servers to existing RBL's. Configuring forum software and such to do RBL lookups would put less load on them than capcha, and would be less onerous to users.
Perhaps if more sites embraced OpenID...
1) I wouldn't have to register at confirm at 40,000 different websites
2) They wouldn't have to screw around with scripts & captcha's
With all of the mention of privacy, I can't help but think that identity is inescapably linked. Nearly everything that I do is public in some way - unless I do it in my own home, alone, quietly, with the shades drawn. But I do have separate aspects to my life that doesn't necessarily need to be shared universally. I have many identities.
We all do many things with people, our friends, co-workers and acquaintances; but we don't necessarily share those with our other groups. Privacy is important so that we can exercise, explore and express the different aspects of ourselves. The same person can be the quiet & conservative worker, a raver, a revolutionary, devoutly christian and a criminal.
Privacy allows us ownership of our identity and ourselves.
The Dell XPS Gaming laptop has all of those extra lights by design - some of us bought it because of that. Anyways, there is BIOS and software control for those lights - you CAN disable them. If the whole idea of superfluous LED's bothers you - I might suggest you get the plain model instead.
From the press-release:
Large blocks also provide a clear path for future gains through further increases in block size.
Seems to imply that the standard does perhaps address variable block sizes.
Just to add to your list of resources, a few MSI's for opensource apps are located at:
http://msi-repository.sourceforge.net/
If you are running a Windows domain, you may want to look at RIS (Remote Installation Service). Workstations use PXE to boot over the network and a "image" is placed onto the box. The image is a not quite the same as Ghost in that an actual install (with hardware detection) is performed for each machine, applications are then dumped on top of this. Is quite portable across different machines, not to difficult to get running (no more boot floppys!) and is included with Windows Server.
b rary/c62e5951-5eb9-42f1-95ae-490e5d7a55511033.mspx /
Good starting point: http://technet2.microsoft.com/WindowsServer/en/Li
I believe that the ATI AIW cards that have FM capability show up as another audio source in Windows, you should hopefully be able to use that as your input into either VLC or Windows Media Encoder to stream. You can use Remote Desktop or VNC to control the software (this is the simple answer from someone who doesn't code). Otherwise why not just run an FM tuner into the line-in jack.
I agree with your point, though I would argue that not every photographer is Ansel Adams, nor is every company able to justify a "packet pro". I'm not going to hire a nationally known photographer for my wedding, but rather someone who meets my requirements of skill balanced with cost.
I still think that for many installations something like a Firebox can be learned by the in-house administrator, and will probably meet the security threat/skill/cost equation. I am assuming a fairly straighforward scenario. If their requirements are more complex (VPN's, complex in & out access rule required, many remote sites) then they should definately look at hiring a consultant to set it up and help them maintain - but not every situation requires that.
While I agree that BSD/pf is potentially one of the best, and with no licensing costs perhaps the cheapest - but did you all read the last sentence of the original question?
Getting an OpenBSD box up, configuring the routing and firewall can be learned, perhaps even in a week, but that assumes someone with a pretty damn good low level understanding of networks and protocols. You or I might do this, but it's at the opposite end of the spectrum from Windows/Symantec Firewall.
More details would help a lot (number of systems, incoming connections, type of services provided, etc.), but I do think you can do better. Take a look perhaps at WatchGuard. Nice easy interface, comes with 6 interfaces for various internal & DMZ segments and VPN. You could probably get a pair of X1000's for failover, a couple of years of security service and still be far less than $13,000. Plus I personally think it would be a better setup.
There are many others out there also, but I have had success installing these for folks who want to manage the setup themselves.
On Television: Avoid the channels that run an exceptionally high ration of ads to program, use PVR to skip ads, or more recently use NetFlix to watch an entire TV series all at once - sans ads.
Magazines: I have stopped buying as many magazines as I used to (30+ month), get the content online. It's too much trouble to wade through some magazines anymore with a 50% ad ratio.
Radio: Don't listen to commericial radio at all anymore, just streaming stations online (KEXP & BassDrive) and PodCasts (Public Radio, IT Conversations).
Internet: I absolutely use a pop-up blocker and some minor ad-filtering. Why should loading a page from a site require a dozen DNS lookups to other domains? To read a fairly simple web page (30K or so of real information) requires 200K to download with all of the ads nowadays.
Postal: 99.9% of ad-mail goes straight to the recycle bin.
Movie Theatre: Rarely go - Can't see the value in paying $9.00 to see 15 min. of ads before the movie in a crappy, sticky theatre.
Personal: I don't wear anything that sports any kind of blatant logo. You won't see me sporting Nike or Hilfiger ever.
I understand that many companies are complaining of decreasing margins (though I'm not sure I believe it) and that ads, sponsorships, product placements, etc. are ways to shore up their business models. The reality is that their incessant bombardment is driving me away as a customer. This has significantly impacted my buying decisions, which ultimately will impact their poor business models. Maybe if they spent a little less on advertising and just offered a decent product - their margins would be fine.
AdBusters (http://www.adbusters.org/
www.akimbo.com
Offers VoD service. They have ~40 or so 'channels' covering cartoons, sports, movies, travel, adult, indie & music. Service is roughly $10/mo. with some individual programs having a small charge.
Their service does require a set-top box from them right now, which runs WinXP-Embedded and contains an OEM MSI motherboard. Their docs specifiy that they are using WindowMedia9 with DRM to deliver the content. They are claiming that you will be able to use their service with a PC soon (WinXP-MCE).
I don't mean to suggest that it is trivial or easy in the slightest. I certainly wouldn't boast that I would be able to not only find the evidence, but also meet the burden of evidentiary procedure. I think that the procedures are just a system, a very specific system, but one that also fairly absolute and follows some logic.
I do agree that geeks are prone to the practical (or at least what seems to be in their mind) which leads them to taking the direct route rather than the proper route. I still think that I would fall on the side of a geek learning the proper procedure rather than investigators learning computers. Computers are a much broader system, with far fewer constants or logic.
A computer tech. under the mentoring of an investigator would work the best I think.
I teach both networking and computer security. In my classes I have had personal experience with "Computer Crime Investigators". Most of them are officers who have gone to $20-50,000 (not exaggerating) worth of training in a few weeks that they don't understand, got a few "law enforcement only" utilities (Knoppix has better tools) that they can run. They are no better at understanding technology than your average office user. If they can't click a button in their tools and have all of the evidence discovered, analyzed and spit out in a non-technical report - they generally won't get much. Add a sprinkle of encryption and they are baffled. There are those who are quite skilled, but as with most things - they are few and far between.
For example: I have a friend who works in IT for a law enforcement agency. He constantly gets calls from their computer forensics specialist asking for help on why his station won't boot. Usually it's because he overwrote his boot sector while ananyzing a drive (I don't understand either).
Unfortunately the prevailing opinion is that teaching a street cop technology is easier than teaching a tech the intracate details of law enforcement. The higher ups don't realize that any IT persons job is basically an daily investigation. I think the answer is to pair up the two, but again, none of these agencies has asked me.
While the damage was great, it was not complete. One of the lead posts refers to someone who is sending/receiving SMS messages down there - so at least one tower is still operational. I would also believe that some of the telco CO's are still standing & operating.
If T-Mobile wanted to set up shop down there -- they could make it work.
While others are donating real money out of their personal pockets, T-Mobile is donating a couple of hundred dollars worth of Wi-Fi. How about handing out some of the cheap pre-paid phones with service. Or better yet, some communications centers with computers and phones that people can come and try to get a message out to their families.
A couple of trucks with personnel, generators, multiple GPRS data connections, computers and a dozen cell phones - might cost $50-60,000 (being generous). Far less than one television ad with what's-her-name, and would actually be of some use to those in Louisiana.
Oh yeah, bring some bottled water with you.
I keep a small USB stick around for misc. projects like this. Any modern mobo will boot from a USB device.
1) bootdisk.com - get a DOS floppy image
2) dd if=image.img of=/dev/sda1
3) mount and place flash program and BIOS image on memory stick
4) Reboot machine (changing boot order if necessary)
What else are you going to do with that old 16MB thumb drive.
This is precisely the correct answer. Not iptables/smoothwall/shorewall/other_*nix_box_inbet ween answer. Read the question folks, supply the simplest effective answer, preferrably using the tools that come with the operating system.
Don't ANY of the CEO/CIO's, auditors or even PR people at these places read the news.
Doesn't even one of them think for a moment - "Huh? I wonder what we are doing to make sure that this doesn't happen to us?"
I'm not one for endorsing additional legislation - but perhaps if we held officers liable (SarbOx style maybe) for these breaches, then maybe someone will start to care.
I think what might make it special (and worth $120 perhaps) is the 4 Ports of GigEthernet, WPA Personal/WPA Enterprise, SPI firewall, QoS with apps predefined. It's a lot out of the box, and probably worth it to a lot of people. I am guessing that you won't find comparable features (hardware especially) in anything under $100.
....... as needed. It's probably not for the home user though.
Me personally, I am happier with a $70 Linksys WRT54GS running OpenWRT http://www.openwrt.org/ I can load QoS, VPN, different firewall options, VoIP,
Most of those coming to the class may not have the same learning style as yourself.
Most instructors (technical) that I have known are self-taught on most topics. They learn by researching on the internet and trying on their own and skim reading books. They often don't take classes. I wouldn't recommend applying your learing preferences to those whom are coming to take your class.
I have found that the participants in my classes want to have a book. They use it as an anchor or outline to the class, a place to take notes and as a reminder as to some of the topics. The real information is still in my notes on the board and examples on the projector.
I have tried to teach without the book (ordering error) and it just hasn't gone well. The class tries to focus so hard on taking exact notes that they don't actually absorb any of the material. Plus they like to have the reference later.