This is little consolation for the plethora of legal music services which tried to get licenses from the music industry for years before closing up shop. Companies like eMusic, MyPlay and even Napster (after the first legal challenges) tried to legally sell music online years before Apple was showered with awards for it's 'innovative' music store.
Many of the product and marketing staff at apple come from these companies, the tech staff who actually developed the technology pretty much got stiffed.
They've got this 'do it all' software which includes blogging alongside other features like file sharing, IM, photo sharing and other tricks.
http://blogs.imeem.com/
Are these kind of hybrid services the next place that things are going?
Any other slashdotter's using the imeem network? They've got this distributed/decentralized social networking and file sharing app which is pretty neat.
http://www.imeem.com/ It's an application that's still in Beta - basicallly takes all the communications stuff we use - IM, mail, blogs, groups, forums, galleries file sharing etc etc and rolls it into one all in one application. Remember that/. story about the bounty for adding file sharing to Gaim the theory was that sharing with friends is more likely to be legal than sharing with every user on the internet. Well these guys must've been way ahead of the curve on that one, the file sharing is just good enough to make it interesting to the p2p crowd. I see that some of the employees came from Napster. They also make a big thing about encrypting all the content in the network to protect you - unlike every other IM app.
It should score huge Kudos points here because the developers say that they wrote te whole thing in C# and they're running the servers on Mono.
The only FPU intensive benchmark I see is POVRay - and the AMD chip wipes the floor with the intel newcomer.
What we need is Doom 3 to be ported to linux so we can get some real benchmarks.
Modern Electronic music frequently features the 'acid' sound which was originally introduced to the Chicago House scene when some producers dicovered the Roland TB 303 automated bass synthesiser and sequencer. It was a pretty cheap piece of equipment and it never sold well. Most of them ended up discarded or in garage sales..... they only sold 20,000 over the 18 months that it was available. It didn't sound anything like that bass guitar it was supposed to be replacing.
However, the pioneering house music producers discovered that if the resonance and accent controls were turned up higher than any sane user had tried before then it produced a distinctive sound. Add some simple sequencing to som knob twiddling, lay it over a drum beat and *bang* that's where acid house came from.
The page does have a link which has a photo of the tiny machine, but you should check out this page for a more detailed history of this accident in electronic music evolution.
The biggest threat is that many scanners have a habit of crashing services which the developers have never encountered. Sadly, for the open source fans out there, Nessus is particularly bad with their QA and crashes all sorts of stuff even when the DoS tests are turned off. Of the commercial applications Qualysguard (www.qualys.com) does a great job of playing softly softly with the network while still detecting more than anything else out there (at least according to the size of their database). Don't bother considering anything else, other commercial scanners are less capable than nessus or qualys.
But..... if you're worried that a security scan is going to cause adverse effects then you've clearly got security issues with your network. If a system dies under the load of a scan, or if some scan script triggers a DoS on your code then it's a sign that your developers and admins aren't doing their job correctly.
Look upon it as a challenge, you should be saying 'Bring it on!'. If you're not confident that an automated security scan won't cause trouble with your system then you should be having nightmares about what a real hacker could do to your network.
It's easily the best product out there with the largest database of detections and reliable ones at that. Nessus is free and maybe has 2/3's of the database that Qualys has. Everyone else is a distant 3rd, with maybe 1/3 of Qualys' database. For a free one off scan I'd suggest you use Nessus because they cost nothing to setup - just find a spare machine and install linux, and you can throw away the host after you've finished with it. One major thing to watch out for with Vulnerability scanners is that you make sure the host they're installed on is properly secured, I heard abotu a company that installed Foundstone's application, which needed an Microsoft SQL database to support the app - guess how many vulnerabilities adding that support machine added to their network? Qualys of course doesn't have any setup worries - either they run the scan from their remote servers, or you get one of their cute little 1u boxes, plug it in, give it an IP and it's done. The other downside to the Nessus solution is that the presentation and management of the results isn't particulalry good, again that's one thing you see in the enterprise solutions, work flow management for rememdiation, as well as a lot of nice looking reports and summaries. If you're scanning your own network the Qualys scanner is a fabulous choice, I think qualys used to offer a pay-per scan service, so maybe you could get a deal for a one time scan. But if it finds any problems with you client then you're going to need to stump up more when the vulnerabilities are supposedly fixed. So... maybe setup a nessus box, and maybe take advantage of Qualys free demo scans. And make sure you get permission. And of course turn off all the nessus tests which crash things.
One possible solution is a commercial Vulnerbility assessment solution such at Qualysguard - it'll scan your network and tell you which machines need updated. You can also go open source with Nessus, but it's UI is a lot weaker and it doesn't feature the task management tools that Qualys has (and you seem to be interested in this).
Of course this will only tell you about software which can be remotely exploited, local updates are somewhat hard;-)
Now that they're not adding new security holes err I mean features then the bugfixes might eventually leave the default windows mail reader in a halfway secure state. Those e-mail viruses will need to find a new way to propagate right?
Integration With Vulnerability Assessment Engines
on
Three Snort Books Reviewed
·
· Score: 3, Interesting
Qualys launched a neat Snort correlation system which works with their scanner - the idea is that if the IDS detects a potential exploit attempt against a target it can check up the vulnerability report on that machine and figure out whether the attack has any chance of working based on the Qualysguard tests.
Nice theory, of course you do need a qualys account which costs a bunch (they do lead the field though), but they reckon it cuts down false alarms by a huge chunk. They launched this at Blackhat this year (along with the law of vulnerabilities) and it's been open sourced (yay!).
Slashdot Mirror
then the US could claim that Washington DC was located at God's Longitude - just like the british wanted to do 5 centuries ago. http://www.mikeoates.org/mas/history/lectures/2001 0118.htm
This is little consolation for the plethora of legal music services which tried to get licenses from the music industry for years before closing up shop. Companies like eMusic, MyPlay and even Napster (after the first legal challenges) tried to legally sell music online years before Apple was showered with awards for it's 'innovative' music store. Many of the product and marketing staff at apple come from these companies, the tech staff who actually developed the technology pretty much got stiffed.
They've got this 'do it all' software which includes blogging alongside other features like file sharing, IM, photo sharing and other tricks. http://blogs.imeem.com/ Are these kind of hybrid services the next place that things are going?
Any other slashdotter's using the imeem network? They've got this distributed/decentralized social networking and file sharing app which is pretty neat.
That's 10 times the best chemical engines ever designed.
http://www.imeem.com/ /. story about the bounty for adding file sharing to Gaim the theory was that sharing with friends is more likely to be legal than sharing with every user on the internet. Well these guys must've been way ahead of the curve on that one, the file sharing is just good enough to make it interesting to the p2p crowd. I see that some of the employees came from Napster. They also make a big thing about encrypting all the content in the network to protect you - unlike every other IM app.
It's an application that's still in Beta - basicallly takes all the communications stuff we use - IM, mail, blogs, groups, forums, galleries file sharing etc etc and rolls it into one all in one application. Remember that
It should score huge Kudos points here because the developers say that they wrote te whole thing in C# and they're running the servers on Mono.
The only FPU intensive benchmark I see is POVRay - and the AMD chip wipes the floor with the intel newcomer. What we need is Doom 3 to be ported to linux so we can get some real benchmarks.
Modern Electronic music frequently features the 'acid' sound which was originally introduced to the Chicago House scene when some producers dicovered the Roland TB 303 automated bass synthesiser and sequencer. It was a pretty cheap piece of equipment and it never sold well. Most of them ended up discarded or in garage sales..... they only sold 20,000 over the 18 months that it was available. It didn't sound anything like that bass guitar it was supposed to be replacing. However, the pioneering house music producers discovered that if the resonance and accent controls were turned up higher than any sane user had tried before then it produced a distinctive sound. Add some simple sequencing to som knob twiddling, lay it over a drum beat and *bang* that's where acid house came from. The page does have a link which has a photo of the tiny machine, but you should check out this page for a more detailed history of this accident in electronic music evolution.
The biggest threat is that many scanners have a habit of crashing services which the developers have never encountered. Sadly, for the open source fans out there, Nessus is particularly bad with their QA and crashes all sorts of stuff even when the DoS tests are turned off. Of the commercial applications Qualysguard (www.qualys.com) does a great job of playing softly softly with the network while still detecting more than anything else out there (at least according to the size of their database). Don't bother considering anything else, other commercial scanners are less capable than nessus or qualys. But..... if you're worried that a security scan is going to cause adverse effects then you've clearly got security issues with your network. If a system dies under the load of a scan, or if some scan script triggers a DoS on your code then it's a sign that your developers and admins aren't doing their job correctly. Look upon it as a challenge, you should be saying 'Bring it on!'. If you're not confident that an automated security scan won't cause trouble with your system then you should be having nightmares about what a real hacker could do to your network.
It's easily the best product out there with the largest database of detections and reliable ones at that. Nessus is free and maybe has 2/3's of the database that Qualys has. Everyone else is a distant 3rd, with maybe 1/3 of Qualys' database.
For a free one off scan I'd suggest you use Nessus because they cost nothing to setup - just find a spare machine and install linux, and you can throw away the host after you've finished with it. One major thing to watch out for with Vulnerability scanners is that you make sure the host they're installed on is properly secured, I heard abotu a company that installed Foundstone's application, which needed an Microsoft SQL database to support the app - guess how many vulnerabilities adding that support machine added to their network? Qualys of course doesn't have any setup worries - either they run the scan from their remote servers, or you get one of their cute little 1u boxes, plug it in, give it an IP and it's done.
The other downside to the Nessus solution is that the presentation and management of the results isn't particulalry good, again that's one thing you see in the enterprise solutions, work flow management for rememdiation, as well as a lot of nice looking reports and summaries. If you're scanning your own network the Qualys scanner is a fabulous choice, I think qualys used to offer a pay-per scan service, so maybe you could get a deal for a one time scan. But if it finds any problems with you client then you're going to need to stump up more when the vulnerabilities are supposedly fixed.
So... maybe setup a nessus box, and maybe take advantage of Qualys free demo scans.
And make sure you get permission.
And of course turn off all the nessus tests which crash things.
One possible solution is a commercial Vulnerbility assessment solution such at Qualysguard - it'll scan your network and tell you which machines need updated. You can also go open source with Nessus, but it's UI is a lot weaker and it doesn't feature the task management tools that Qualys has (and you seem to be interested in this). Of course this will only tell you about software which can be remotely exploited, local updates are somewhat hard ;-)
Now that they're not adding new security holes err I mean features then the bugfixes might eventually leave the default windows mail reader in a halfway secure state. Those e-mail viruses will need to find a new way to propagate right?
Nice theory, of course you do need a qualys account which costs a bunch (they do lead the field though), but they reckon it cuts down false alarms by a huge chunk. They launched this at Blackhat this year (along with the law of vulnerabilities) and it's been open sourced (yay!).