Apparently fucktard is your native language. How is sending information to an unconfirmed destination any different than allowing anyone to view the data? Oh right, IT'S NOT.
Because they don't understand crypto _at all_. You cannot divorce authentication from encryption. Encryption without authentication is worse than useless, because it gives you a _false_ sense of security. Users see the little padlock and go "oh yay, it's secure!" meanwhile they are sending all their bank account information to the Russian mafia via a man-in-the-middle attack with a simple self-signed certificate.
If you want the browser to accept all encryption offers regardless of authentication, fine, go ahead, but then remove all visual cues in the browser that the connection is encrypted. Change the URL to begin with "http" instead of "https", remove the padlock, remove any indication that the connection is secure, _because it's not_.
Do the above and move all the visual "security" cues to be tied to proper authentication. Guess what? You have pretty much the same thing as right now, only you spent thousands of man-hours and caused millions of needless software upgrades to accomplish exactly nothing.
People who rant about Firefox's _proper_ scary enforcement of authentication failures are the same kinds of people who think that they can implement their own home-grown encryption algorithm in a few hours and their software will be "secure", use two-letter database passwords, but think it's fine "because it requires a password", implement RC4 so that it's totally vulnerable to reply attacks, or any other of the myriad of amateur mistakes software developers with _no background in security what so ever_ make on a daily basis, which is a primary reason why software today is so terribly insecure.
Get a freakin clue people. If you aren't trained for security, don't pretend you know anything about it and especially don't complain about reasonable and well thought-out security measures. Also, don't try to add security to your application if you have no idea what you're doing. Either license a commercial encryption toolkit and _pay careful attention to the documentation_, or hire a real security developer to do the security design.
Scratch that, why don't you take a page from Microsoft and actually get some security training instead of pretending like it has nothing to do with you. Microsoft has actually made huge leaps forward in the security of their software since they started forcing developers to take security training. Sadly the rest of the industry is years behind and not really getting better.
My wife has an iBook 14"/1.2GHz, which I think has the same graphics card and has 384MB DDRam. It works well on her machine, but you do need to keep the clippling plane down at low (which is the default).
In my PowerBook 15"/1GHZ with a 64MB ATI card and 768MB DDRam, I could increase the clipping levels to "medium", but I did notice some frame rate degradation in areas with a lot of players or objects. I think the low bus speed on the laptops is probably the limiting factor.
The only things I'd add is that, based on my experience with the original Diablo (admittedly not an MMORPG per-se), Ultima Online, and Everquest this is by far the most fun game to play.
For instance, level advancement doesn't feel like a root canal gone horribly wrong (like it did in Everquest). One of the really clever things Blizzard did with the UI was make the "XP bar" take up about 90% of the width of your screen, so no matter how little XP you receive for an action, you can see it advance. The one little trick alone goes a long way to easing the frustration in other games, such as UO where you would practice a skill forever to get it to move 0.1 points, or in EQ where you could fight for hours without your XP bar moving by a single pixel (in EQ the XP bar was maybe 5% of the width of your screen).
The UI is more intuitive than others I've used, but I still found myself lost on a few occasions and that caused extreme frustration. If you turn off the tutorial pop-ups (which can be annoying), you'll have to hunt around to get the right screen for things like trade skills (professions). I certainly didn't expect to find them in my spellbook!
The quest system in this game is OUTSTANDING!!! I cannot believe the sheer volume of quests, and the thought that was put into them. None of the quests feel like after-thoughts and they all seem very natural to the flow of the game. Just when you start wondering how long until your next level up, you return to town and complete a few quests and BAM, next level!
The pace of the game is quite fast in other areas, too. Combat is very fast and furious, perhaps a bit too fast for my taste. I tend to like being deliberate in my actions, and since I don't have the nano-second twitch abilities of a console gamer, it takes me a little time to deliver the right sequence of skill uses (especially on a laptop keyboard). My wife also has trouble keeping up in combat because she's not used fast-paced computer games.
I will point out that this is the first MMORPG that she's ever been remotely interested in. She detested EQ and refused to play it, but she's been drawn right into WoW even so far as to pursue her in-game professions with great gusto. So fellow geeks, there is hope yet that your SO might join you in your addiction;)
A couple of OSS projects have tried and essentially failed to be stable BGP4 daemons before, but OpenBGPD from the OpenBSD team looks like it's set to succeed where others failed. I understand the FreeBSD team is already including it with their OS and there's supposedly porting work being done to other OSs.
Given the track record of the other OSS routing projects, I would think administrators would be dubious by now, but with OpenBSD's solid track record OpenBGPD should be a safe choice.
The same company (PostX) that provided this solution also has a completely on-line solution that users would access just like webmail; however it's not as convenient. The customer (Schwab) choose to use the off-line method because they thought it would be more acceptable to customers.
All you two-bit Slashdot pundits act like the IT industry and decision makers are idiots and some how a bunch of shiftless websurfers are some how more qualified to run multi-billion dollar companies.
It probably never occurred to you that the people in charge made well-informed decisions that 95% of their customers love. It's the totally anal-retentive less than 5% of people who have issues with it.
If you guys got your way, you would have a system so completely over-engineered that no one could manage to use it. Just the attitude of everyone ridiculing phishing victims for being victimised, that's ridiculous. The target user audience is not technically adept and you need to take that into account when you design a system.
If good security was all you needed, every e-mail sent today would use S/MIME encryption and signing, but guess what, your encryption actually has to be USEABLE and manageable. I've seen a few posts in this thread along the lines of "use PGP: problem solved". Sure, that solves the identity problem but who's going to teach millions of luddites how to use it? Are Slashdot readers going to start hosting free community seminars on how to install and use PGP? I'll believe that when I see it.
In the mean time, the push delivery systems are a good compromise.
Actually there are several encrypted messaging companies that use this model as at least one of their options. There are two main reasons why this "push" method is used:
1.) Because the user can access their statements even if they're not on-line (although the contents stay encrypted on their hard disk).
2.) Because the financial institution chooses when they want to use their bandwidth to send the messages and doesn't receive random spikes that they would get if the user was "pulled" back to the site to view the content.
Of the two, obviously #1 is the overwhelming reason.
Several encrypted messaging providers also use a method that was patented by my employer (Tumbleweed Communications) that simply sends a notification message that allows the user to "pull" the data down from a secured webserver over an SSL connection. The user enters their credentials to the webserver (which can use a Single Sign-On system, or a variety of other methods) and at that point they may veiw the message and it's contents.
The draw-back of this method is that the user must be connected to view the information. If they download it to their desktop, it's not encrypted at rest on their machine. it also forces the provider to use more bandwidth and servers, but that's fairly trivial compared to other factors.
The argument essentially boils down to convenience vs. security, and in the real world convenience wins every time end-users are involved. Financial institutions want to provide services that are easy to access and give their users the relevant account information in readily usable formats. Statements can be delivered electronically more cheaply than in paper via the mail, and most times customers actually prefer it.
The other aspect which many people don't consider is that it's also vary possible for rogue postal employees to hijack data in transit, or for someone to simply steal it from your mail box before you pick up your mail. Given that, electronic delivery is actually a security improvement over the traditional paper statement delivery.
Also, it's worth noting that this entire method of encrypted delivery was invented because encrypted e-mail had such a poor adoption rate. Client support for S/MIME is excellent, but no one knows how to use it and organizations don't want to maintain the PKI that it takes to "do it right". Support for OpenPGP is much less ubiquitous and it's just as confusing to users. Add to that the fact that many users have a webmail account as their primary point of contact (Hotmail, Yahoo!, Gmail, etc) and none of those will support S/MIME or OpenPGP encryption (at least, not to my knowledge). You need a way to communicate with those folks.
Medium-strength security that is easy-to-use is a whole lot better than near bullet-proof security that only a few percent of the population will tolerate learning and using.
State of Colorado is strictly a Windows(TM) shop. I know this because we're in the middle of a software deal with them right now and they refused to consider our software for any platform other than Windows, and made a huge point of telling us that they're EOLing all their proprietary UNIX boxes and moving their functions to Windows.
They even know that many outside organizations that their systems interface with don't use Windows, but they view those shops as having irrational fear of Microsoft.
Anyone can feel free to disagree with them, but you have to admit it makes administration and architecture a lot more simple if you only have on OS vendor.
It's called Barracuda, and they practically give it away for free. That's not to say that the quality is any good, but it's exactly what you're asking for.
For other OSS anti-spam projects to beat? I have to ask, because in every bake-off of contest with the leading commercial tools, SA has been thurougly beaten and plagued with both high false negative and high false positive rates. The dependence on PERL also makes it significantly slower than other solutions, except of course those built on PERL as well (like Sophos').
SA is no where near the class of accuracy of CipherTrust, Proofpoint, Tumbleweed, or any of the other major anti-spam vendors.
I'm sick and tired of people holding our Barracuda as some kind of measuring stick for anti-spam methods.
1.) Barracuda is just a SpamAssassin bundle with a nice interface and some REGEX updates. There isn't any contrast between SpamAssassing and Barracuda, the one is simply a super-set containing the other.
2.) Barracuda has less than 2 percent of the market share, while other companies have significantly more! (link is to IDC data, I couldn't readily find it other than on CipherTrust's site). Further, most of Barracuda's customers are educational insituations and other tiny entities that don't have the budget to spend on a real solution. They have virtually none of the Fortune 500 (maybe two or three customers in that bracket, total). If they were so great, a lot more large enterprises would have adopted their solution.
For some reason OSS zealots have a love affair with Barracuda, because their product is nearly 100% an OSS bundle and because they advertise on/., I guess. Curiously, there are other products out there primarily built on OSS as well, such as McAfee's e250/500/1000 product line (who is also interestingly #2 in the secure content management appliance marketshare with nearly 20%, or 10 times Barracuda's share)
You should all should quit being blind zealots and do some objective research, the Barracuda product isn't even close to being the best in it's space. On the other hand, that would be so un-Slashdot to actually take an objective look at an issue and not comment on things you don't understand.
Netgear is notorious for not interoperating with other WiFi vendors. If I recall, they're not even allowed to use the WiFi logo because they're not compliant.
So falling $13B short of expected sales and shipping less than 6,000 units in Q2 is considered a success? The only vendor to ship over 300 units was HP. Compare that to say, Apple who shipped 13,000 Xserves, which arguably are the biggest competitor to Itanic in the clustering market for universities and super-computer centers. If we look at the Opteron, that shipped 60,000 (of course it's usually not a direct one to one vs. Itanic, but you get the idea).
For over a decade of R&D and combine billions from Intel and HP, that has to be a major failure. Just the fact that they're adding 64bit extensions to Xeon shows you that Itanium is failing to gain the server market share that they planned on and now they have to plug the holes by beefing up their low-end server gear.
Now comes news from IDF that HP is adding more Opteron kits to it's lineup with 4 way boxes and blades. Hmmm, that doesn't sound like a company that has faith in Itanium to me, and they were the second largest investor!
There is of course the old saying "no one ever got fired for buying IBM", but I wonder if in a few years there won't be a rash of firings for "buying Intel" when Itanics platform support is still lagging terribly behind other architectures.
I saw it in a "complete family tree of UNIX", which I'm furiously trying to locate. I also found http://www.macintouch.com/mxs.html which near the very top is talking about how the interface is heavily NeXT and not like traditional Mac OS, granted it's quite old information, but that tends to confirm what I gathered informally from other sources.
Note that both OS X and OS X server are heavily based on BSD, but it seems (again, from informal observation) that the consumer version is much more FreeBSDish and the server version is much more Machish.
I'll try to find some better info when I get home.
"I'm looking at running a modified linux kernel on x86, x86-64, PPC & Itanium"
Assuming your goal is to create a pretty desktop OS like OS X, why would you run it on Itanium? Itanium is designed specifically as a "RISC killer" for high-end RISC/UNIX shops (and it's failing miserably, I might add). To my understanding, OS X Server isn't even the same code-base as normal OS X. Supposedly it's more NeXTish. The point is that Apple's servers don't really run the same OS that their desktops and laptops do.
It always strikes me as funny when Linux people whine about the lack of a Linux distribution that works like OS X. Hmmm, maybe that's because Apple pays developers market wage to create their interface, rather than relying on community contributions by random, unaccountable people? Also, it seems that the Enlightenment WM is really supposed to mimmic OS X, so perhaps the lament should be "I wish there was a WM..." rather than "I wish there was a distro...". Besides, if you recognize that OS X is so much better, why don't you just buy a system with OS X? Do you not believe in paying for quality, or should everything just be handed to you on a silver platter?
Then again, that's the problem with the Linux community. Instead of contributing towards a common project and common goals, everyone goes off and totally duplicates the effort of everyone else. You end up with dozens of WMs, dozens of text editors, dozens of e-mail clients, a dozen web browsers, hundreds of OSs (that's what a distro is, after all) and not ONE of them approaches the quality of a commercial OS.
If free software is ever going to approach the quality of commercial software, people have to stop this assinine "I'll start my own ___" mentality and learn to work in productive teams. The Apache web server and OpenSSL should be examples of how to do things. There aren't 10 different common SSL implementations in Open Source.
Getting slightly back on topic, BSD should serve as a good example for how to do OSS right. Have large groups of developers working on an integrated project, i.e. a whole OS. Pick one default for everything, and don't duplicate effort all over the place. There are only really four free BSDs (Dragonfly, Free, Net, Open) and they share code heavily. The default installations have one sane selection for each task, and you can add more from ports if you really, really feel like it. Development is a lot more cohesive and as a result, the BSD releases tend to work a lot more reliably. Imagine that!
Well I think the response to Real Networks pretty much fits the description...
As for the cheerleading squad, you can't go 6 inches on/. these days without running into some *n*x junky singing the praises of Apple. Just look at *n*x conventions and tradeshows over the last two years, the amount of laptops with an Apple on the lid is staggering.
OS X is not "secure" because it uses Open Source, it's less targeted because it has far less market share and Apple changes enough stuff that straight BSD and/or GNU vulnerabilities can't be exploited the same way as on other platforms (not to mention different byte code!).
I'll also remind everyone that it has had it's share of URI handler problems, but of course people will claim they only had those problems because they used a closed-source browser. Well I've seen enough Mozilla and Opera security patches that I don't buy that one.
So really, there are two reasons why Mac OS has not had mass exploits: 1.) Obscure 2.) Not an emotional target
People have an irrational hate for Microsoft and even when presented with easier opportunities elsewhere, will often prefer to write exploits for Microsoft products. That's not going to change any time soon, and given Apple's rabid fan base and rapidly swelling Open Source cheerleading squad, it's only likely to go the other way.
Note, it's not that I dislike Apple. Personally I run OpenBSD on most of my machines because I'm a paranoid nutcase, and I got Apple laptops for the family (which you can have when you pry them from my cold, dead fingers). I'm actually a huge fan, but at least I have some prospective.
And by the way, for all the people claiming Apache hasn't had as many exploits as IIS, I think you'll find that if you include common Apache modules (which are similar to IIS in functionality) in your comparison that it will be very close, if not worse for Apache. Think about it, mod_ssl, mod_php, mod_proxy, mod_rewrite, etc... That's a lot of vulnerabilities that have been discovered.
None of my Windows boxes have ever been rooted, either. What's your point? You can secure any OS, so what's really important is the default state. Someone who immediately connects a box with Red Hat to a network will get rooted just as fast as someone who connects a default install of Win2K.
Where are mod points when I need them?
on
OpenBSD Vulnerabilty
·
· Score: 2, Interesting
Clearly the parent has been in the security or networking business for more than a few years.
In fact, I recall when RH7.0 came out and was followed almost immediately by 7.1 because of so many remote holes. I've seen several friends have their Linux boxes rooted, and I'm moderator on a Linux forum where we get at least one person a week (some times one a day) asking how they can repair their system because it was cracked.
On the other hand, none of my OpenBSD boxes have ever been cracked... come to think of it, none of my Windows or Mac boxes ever have been, either.
You said yourself that they aren't doing anything unique. Other solutions employ connection blocking as well. Their claim is to process a certain number of messages per second/hour/day/whatever, not connections. There is no possible way you can process as many messages as they say, using SpamAssassin and a bunch of PERL plug-ins.
Compare all the stuff you mentioned as what Barracuda does, vs. what the widely acknnowledged "fastest" SMTP appliance does... IronPort (which, by the way is a competitor to the company I work for) just has a totally speed optomized MTA with a little speedbump of a Brightmail filter (which is itself fairly fast, but then IronPort took out a bunch of Brightmail's filter to make it even faster).
Now an IronPort box will send out about 600,000 messages per hour in spam cannon mode. Depending on the model, and the creative license taken by their sales rep, they claim to process between 100,000 to 300,000 messages per hour inbound. Keep in mind this is with an MTA written strictly for speed and one of the faster spam filters (certainly it runs rings around SpamAssassin, I've seen both in action).
Flat out, Barracuda are lying when they say an individual box can handle n million messages per day. Fantastic claims like 115 messages per second are absolutely ludicrous. That works out to 414,000 messages per hour. You'd be lucky to get a Beowolf cluster of ____ to process that many messages per hour through a SpamAssassin filter (or for that matter, anything written in PERL).
As for doing it better, cheaper, etc probably 5-10 other companies do spam-blocking better than Barracuda, and most of them have the same degree of maintanence (some significantly less).
As for cheaper, there's no way any company can do it that cheaply, including Barracuda. I gaurantee they're taking a big loss on what they're shipping today, but they don't have a real company's business model, they're trying to get acquired. Barracuda are only aiming for market share, that's it. If they had to feed themselves by their sales rather than their funding, they would starve.
The other competitors aren't charging more because they're price-gouging, they're charging that much because they need to in order to sustain a business (in fact some of them, like IronPort are actually burning their money very quickly).
Using Open Source doesn't magically mean they have zero overhead. All the other companies selling e-mail security appliances use a substantial amount of Open Source code, although most of them aren't dumb enough to use SpamAssassin (with the exception of McAfee and Sophos).
That's OK, though. The Slashdot army can continue to delude themselves into thinking that Open Source automatically means software so cheap that any individual person can buy enough software to support a large enterprise. I wonder who Joe will work for that will pay him that much if all the software is free, though?
Barracuda sells SpamAssassin with a bunch of plugins, installed on Linux, installed on sweat-shop-special PC hardware. They aren't "hardware devices" with an ASIC and real firmware.
They call their Linux OS "firmware", but that doesn't change the fact that it's installed on a hard disk drive and the internals of the box is no different from a 1U or 2U rackmount server that you'd get from Dell, IBM, HP, etc (except that the name-brand hardware is probably 10 times more reliable than the no-name crap that Barracuda uses and has real field service people).
Go ahead, order one of their trial units and open it up.
By the way, anyone familiar with the performance of SpamAssassin and Bayesian will immediately notice that Barracuda's throughput claims are a total farce. Not even the IronPort boxes which run on high-speed hardware (name-brand, SCSI, striped RAID) on a hacked Qmail on a hacked (to the point of unreliability) FS claim the speed that Barracuda claims, and IronPort is widely regarded as the fastest e-mail appliance in existence.
If a pure spam cannon doesn't even claim to process messages as fast as a stock Linux box loaded down with SpamAssassin, how much credibility are you going to give to Barracuda?
Slashdot Mirror
Apparently fucktard is your native language. How is sending information to an unconfirmed destination any different than allowing anyone to view the data? Oh right, IT'S NOT.
Because they don't understand crypto _at all_. You cannot divorce authentication from encryption. Encryption without authentication is worse than useless, because it gives you a _false_ sense of security. Users see the little padlock and go "oh yay, it's secure!" meanwhile they are sending all their bank account information to the Russian mafia via a man-in-the-middle attack with a simple self-signed certificate.
If you want the browser to accept all encryption offers regardless of authentication, fine, go ahead, but then remove all visual cues in the browser that the connection is encrypted. Change the URL to begin with "http" instead of "https", remove the padlock, remove any indication that the connection is secure, _because it's not_.
Do the above and move all the visual "security" cues to be tied to proper authentication. Guess what? You have pretty much the same thing as right now, only you spent thousands of man-hours and caused millions of needless software upgrades to accomplish exactly nothing.
People who rant about Firefox's _proper_ scary enforcement of authentication failures are the same kinds of people who think that they can implement their own home-grown encryption algorithm in a few hours and their software will be "secure", use two-letter database passwords, but think it's fine "because it requires a password", implement RC4 so that it's totally vulnerable to reply attacks, or any other of the myriad of amateur mistakes software developers with _no background in security what so ever_ make on a daily basis, which is a primary reason why software today is so terribly insecure.
Get a freakin clue people. If you aren't trained for security, don't pretend you know anything about it and especially don't complain about reasonable and well thought-out security measures. Also, don't try to add security to your application if you have no idea what you're doing. Either license a commercial encryption toolkit and _pay careful attention to the documentation_, or hire a real security developer to do the security design.
Scratch that, why don't you take a page from Microsoft and actually get some security training instead of pretending like it has nothing to do with you. Microsoft has actually made huge leaps forward in the security of their software since they started forcing developers to take security training. Sadly the rest of the industry is years behind and not really getting better.
My wife has an iBook 14"/1.2GHz, which I think has the same graphics card and has 384MB DDRam. It works well on her machine, but you do need to keep the clippling plane down at low (which is the default).
In my PowerBook 15"/1GHZ with a 64MB ATI card and 768MB DDRam, I could increase the clipping levels to "medium", but I did notice some frame rate degradation in areas with a lot of players or objects. I think the low bus speed on the laptops is probably the limiting factor.
This review pretty much sums it up.
;)
The only things I'd add is that, based on my experience with the original Diablo (admittedly not an MMORPG per-se), Ultima Online, and Everquest this is by far the most fun game to play.
For instance, level advancement doesn't feel like a root canal gone horribly wrong (like it did in Everquest). One of the really clever things Blizzard did with the UI was make the "XP bar" take up about 90% of the width of your screen, so no matter how little XP you receive for an action, you can see it advance. The one little trick alone goes a long way to easing the frustration in other games, such as UO where you would practice a skill forever to get it to move 0.1 points, or in EQ where you could fight for hours without your XP bar moving by a single pixel (in EQ the XP bar was maybe 5% of the width of your screen).
The UI is more intuitive than others I've used, but I still found myself lost on a few occasions and that caused extreme frustration. If you turn off the tutorial pop-ups (which can be annoying), you'll have to hunt around to get the right screen for things like trade skills (professions). I certainly didn't expect to find them in my spellbook!
The quest system in this game is OUTSTANDING!!! I cannot believe the sheer volume of quests, and the thought that was put into them. None of the quests feel like after-thoughts and they all seem very natural to the flow of the game. Just when you start wondering how long until your next level up, you return to town and complete a few quests and BAM, next level!
The pace of the game is quite fast in other areas, too. Combat is very fast and furious, perhaps a bit too fast for my taste. I tend to like being deliberate in my actions, and since I don't have the nano-second twitch abilities of a console gamer, it takes me a little time to deliver the right sequence of skill uses (especially on a laptop keyboard). My wife also has trouble keeping up in combat because she's not used fast-paced computer games.
I will point out that this is the first MMORPG that she's ever been remotely interested in. She detested EQ and refused to play it, but she's been drawn right into WoW even so far as to pursue her in-game professions with great gusto. So fellow geeks, there is hope yet that your SO might join you in your addiction
A couple of OSS projects have tried and essentially failed to be stable BGP4 daemons before, but OpenBGPD from the OpenBSD team looks like it's set to succeed where others failed. I understand the FreeBSD team is already including it with their OS and there's supposedly porting work being done to other OSs.
Given the track record of the other OSS routing projects, I would think administrators would be dubious by now, but with OpenBSD's solid track record OpenBGPD should be a safe choice.
The same company (PostX) that provided this solution also has a completely on-line solution that users would access just like webmail; however it's not as convenient. The customer (Schwab) choose to use the off-line method because they thought it would be more acceptable to customers.
All you two-bit Slashdot pundits act like the IT industry and decision makers are idiots and some how a bunch of shiftless websurfers are some how more qualified to run multi-billion dollar companies.
It probably never occurred to you that the people in charge made well-informed decisions that 95% of their customers love. It's the totally anal-retentive less than 5% of people who have issues with it.
If you guys got your way, you would have a system so completely over-engineered that no one could manage to use it. Just the attitude of everyone ridiculing phishing victims for being victimised, that's ridiculous. The target user audience is not technically adept and you need to take that into account when you design a system.
If good security was all you needed, every e-mail sent today would use S/MIME encryption and signing, but guess what, your encryption actually has to be USEABLE and manageable. I've seen a few posts in this thread along the lines of "use PGP: problem solved". Sure, that solves the identity problem but who's going to teach millions of luddites how to use it? Are Slashdot readers going to start hosting free community seminars on how to install and use PGP? I'll believe that when I see it.
In the mean time, the push delivery systems are a good compromise.
Actually there are several encrypted messaging companies that use this model as at least one of their options. There are two main reasons why this "push" method is used:
1.) Because the user can access their statements even if they're not on-line (although the contents stay encrypted on their hard disk).
2.) Because the financial institution chooses when they want to use their bandwidth to send the messages and doesn't receive random spikes that they would get if the user was "pulled" back to the site to view the content.
Of the two, obviously #1 is the overwhelming reason.
Several encrypted messaging providers also use a method that was patented by my employer (Tumbleweed Communications) that simply sends a notification message that allows the user to "pull" the data down from a secured webserver over an SSL connection. The user enters their credentials to the webserver (which can use a Single Sign-On system, or a variety of other methods) and at that point they may veiw the message and it's contents.
The draw-back of this method is that the user must be connected to view the information. If they download it to their desktop, it's not encrypted at rest on their machine. it also forces the provider to use more bandwidth and servers, but that's fairly trivial compared to other factors.
The argument essentially boils down to convenience vs. security, and in the real world convenience wins every time end-users are involved. Financial institutions want to provide services that are easy to access and give their users the relevant account information in readily usable formats. Statements can be delivered electronically more cheaply than in paper via the mail, and most times customers actually prefer it.
The other aspect which many people don't consider is that it's also vary possible for rogue postal employees to hijack data in transit, or for someone to simply steal it from your mail box before you pick up your mail. Given that, electronic delivery is actually a security improvement over the traditional paper statement delivery.
Also, it's worth noting that this entire method of encrypted delivery was invented because encrypted e-mail had such a poor adoption rate. Client support for S/MIME is excellent, but no one knows how to use it and organizations don't want to maintain the PKI that it takes to "do it right". Support for OpenPGP is much less ubiquitous and it's just as confusing to users. Add to that the fact that many users have a webmail account as their primary point of contact (Hotmail, Yahoo!, Gmail, etc) and none of those will support S/MIME or OpenPGP encryption (at least, not to my knowledge). You need a way to communicate with those folks.
Medium-strength security that is easy-to-use is a whole lot better than near bullet-proof security that only a few percent of the population will tolerate learning and using.
State of Colorado is strictly a Windows(TM) shop. I know this because we're in the middle of a software deal with them right now and they refused to consider our software for any platform other than Windows, and made a huge point of telling us that they're EOLing all their proprietary UNIX boxes and moving their functions to Windows.
They even know that many outside organizations that their systems interface with don't use Windows, but they view those shops as having irrational fear of Microsoft.
Anyone can feel free to disagree with them, but you have to admit it makes administration and architecture a lot more simple if you only have on OS vendor.
Of course, anyone who questions the quality of an OSS project must be "making it up", as we all know OSS projects are above reproach!
E spam_1.html?s=feature for instance? Apparently they require reg now, anonymous/anonymous seems to work. I've seen similar reviews in other (printed) IT pubs, but I haven't been able to find any of them on-line yet.
Well how 'bout http://archive.infoworld.com/article/03/11/14/45F
It's called Barracuda, and they practically give it away for free. That's not to say that the quality is any good, but it's exactly what you're asking for.
For other OSS anti-spam projects to beat? I have to ask, because in every bake-off of contest with the leading commercial tools, SA has been thurougly beaten and plagued with both high false negative and high false positive rates. The dependence on PERL also makes it significantly slower than other solutions, except of course those built on PERL as well (like Sophos').
SA is no where near the class of accuracy of CipherTrust, Proofpoint, Tumbleweed, or any of the other major anti-spam vendors.
I'm sick and tired of people holding our Barracuda as some kind of measuring stick for anti-spam methods.
1.) Barracuda is just a SpamAssassin bundle with a nice interface and some REGEX updates. There isn't any contrast between SpamAssassing and Barracuda, the one is simply a super-set containing the other.
2.) Barracuda has less than 2 percent of the market share, while other companies have significantly more! (link is to IDC data, I couldn't readily find it other than on CipherTrust's site). Further, most of Barracuda's customers are educational insituations and other tiny entities that don't have the budget to spend on a real solution. They have virtually none of the Fortune 500 (maybe two or three customers in that bracket, total). If they were so great, a lot more large enterprises would have adopted their solution.
For some reason OSS zealots have a love affair with Barracuda, because their product is nearly 100% an OSS bundle and because they advertise on /., I guess. Curiously, there are other products out there primarily built on OSS as well, such as McAfee's e250/500/1000 product line (who is also interestingly #2 in the secure content management appliance marketshare with nearly 20%, or 10 times Barracuda's share)
You should all should quit being blind zealots and do some objective research, the Barracuda product isn't even close to being the best in it's space. On the other hand, that would be so un-Slashdot to actually take an objective look at an issue and not comment on things you don't understand.
Netgear is notorious for not interoperating with other WiFi vendors. If I recall, they're not even allowed to use the WiFi logo because they're not compliant.
Ahh, at least the culprit is named and shamed!
So falling $13B short of expected sales and shipping less than 6,000 units in Q2 is considered a success? The only vendor to ship over 300 units was HP. Compare that to say, Apple who shipped 13,000 Xserves, which arguably are the biggest competitor to Itanic in the clustering market for universities and super-computer centers. If we look at the Opteron, that shipped 60,000 (of course it's usually not a direct one to one vs. Itanic, but you get the idea).
For over a decade of R&D and combine billions from Intel and HP, that has to be a major failure. Just the fact that they're adding 64bit extensions to Xeon shows you that Itanium is failing to gain the server market share that they planned on and now they have to plug the holes by beefing up their low-end server gear.
Now comes news from IDF that HP is adding more Opteron kits to it's lineup with 4 way boxes and blades. Hmmm, that doesn't sound like a company that has faith in Itanium to me, and they were the second largest investor!
There is of course the old saying "no one ever got fired for buying IBM", but I wonder if in a few years there won't be a rash of firings for "buying Intel" when Itanics platform support is still lagging terribly behind other architectures.
I saw it in a "complete family tree of UNIX", which I'm furiously trying to locate. I also found http://www.macintouch.com/mxs.html which near the very top is talking about how the interface is heavily NeXT and not like traditional Mac OS, granted it's quite old information, but that tends to confirm what I gathered informally from other sources.
Note that both OS X and OS X server are heavily based on BSD, but it seems (again, from informal observation) that the consumer version is much more FreeBSDish and the server version is much more Machish.
I'll try to find some better info when I get home.
"I'm looking at running a modified linux kernel on x86, x86-64, PPC & Itanium"
Assuming your goal is to create a pretty desktop OS like OS X, why would you run it on Itanium? Itanium is designed specifically as a "RISC killer" for high-end RISC/UNIX shops (and it's failing miserably, I might add). To my understanding, OS X Server isn't even the same code-base as normal OS X. Supposedly it's more NeXTish. The point is that Apple's servers don't really run the same OS that their desktops and laptops do.
It always strikes me as funny when Linux people whine about the lack of a Linux distribution that works like OS X. Hmmm, maybe that's because Apple pays developers market wage to create their interface, rather than relying on community contributions by random, unaccountable people? Also, it seems that the Enlightenment WM is really supposed to mimmic OS X, so perhaps the lament should be "I wish there was a WM..." rather than "I wish there was a distro...". Besides, if you recognize that OS X is so much better, why don't you just buy a system with OS X? Do you not believe in paying for quality, or should everything just be handed to you on a silver platter?
Then again, that's the problem with the Linux community. Instead of contributing towards a common project and common goals, everyone goes off and totally duplicates the effort of everyone else. You end up with dozens of WMs, dozens of text editors, dozens of e-mail clients, a dozen web browsers, hundreds of OSs (that's what a distro is, after all) and not ONE of them approaches the quality of a commercial OS.
If free software is ever going to approach the quality of commercial software, people have to stop this assinine "I'll start my own ___" mentality and learn to work in productive teams. The Apache web server and OpenSSL should be examples of how to do things. There aren't 10 different common SSL implementations in Open Source.
Getting slightly back on topic, BSD should serve as a good example for how to do OSS right. Have large groups of developers working on an integrated project, i.e. a whole OS. Pick one default for everything, and don't duplicate effort all over the place. There are only really four free BSDs (Dragonfly, Free, Net, Open) and they share code heavily. The default installations have one sane selection for each task, and you can add more from ports if you really, really feel like it. Development is a lot more cohesive and as a result, the BSD releases tend to work a lot more reliably. Imagine that!
I saw the IPSec update and that makes me a little bit fearful for stability of third-party IPSec tools...
Well I think the response to Real Networks pretty much fits the description...
/. these days without running into some *n*x junky singing the praises of Apple. Just look at *n*x conventions and tradeshows over the last two years, the amount of laptops with an Apple on the lid is staggering.
As for the cheerleading squad, you can't go 6 inches on
OS X is not "secure" because it uses Open Source, it's less targeted because it has far less market share and Apple changes enough stuff that straight BSD and/or GNU vulnerabilities can't be exploited the same way as on other platforms (not to mention different byte code!).
I'll also remind everyone that it has had it's share of URI handler problems, but of course people will claim they only had those problems because they used a closed-source browser. Well I've seen enough Mozilla and Opera security patches that I don't buy that one.
So really, there are two reasons why Mac OS has not had mass exploits:
1.) Obscure
2.) Not an emotional target
People have an irrational hate for Microsoft and even when presented with easier opportunities elsewhere, will often prefer to write exploits for Microsoft products. That's not going to change any time soon, and given Apple's rabid fan base and rapidly swelling Open Source cheerleading squad, it's only likely to go the other way.
Note, it's not that I dislike Apple. Personally I run OpenBSD on most of my machines because I'm a paranoid nutcase, and I got Apple laptops for the family (which you can have when you pry them from my cold, dead fingers). I'm actually a huge fan, but at least I have some prospective.
And by the way, for all the people claiming Apache hasn't had as many exploits as IIS, I think you'll find that if you include common Apache modules (which are similar to IIS in functionality) in your comparison that it will be very close, if not worse for Apache. Think about it, mod_ssl, mod_php, mod_proxy, mod_rewrite, etc... That's a lot of vulnerabilities that have been discovered.
None of my Windows boxes have ever been rooted, either. What's your point? You can secure any OS, so what's really important is the default state. Someone who immediately connects a box with Red Hat to a network will get rooted just as fast as someone who connects a default install of Win2K.
Clearly the parent has been in the security or networking business for more than a few years.
In fact, I recall when RH7.0 came out and was followed almost immediately by 7.1 because of so many remote holes. I've seen several friends have their Linux boxes rooted, and I'm moderator on a Linux forum where we get at least one person a week (some times one a day) asking how they can repair their system because it was cracked.
On the other hand, none of my OpenBSD boxes have ever been cracked... come to think of it, none of my Windows or Mac boxes ever have been, either.
You can find minicom in DarwinPorts. I wish they had ported tip/cu too, though. I'm not a big fan of minicom, but it can get the job done.
You said yourself that they aren't doing anything unique. Other solutions employ connection blocking as well. Their claim is to process a certain number of messages per second/hour/day/whatever, not connections. There is no possible way you can process as many messages as they say, using SpamAssassin and a bunch of PERL plug-ins.
Compare all the stuff you mentioned as what Barracuda does, vs. what the widely acknnowledged "fastest" SMTP appliance does... IronPort (which, by the way is a competitor to the company I work for) just has a totally speed optomized MTA with a little speedbump of a Brightmail filter (which is itself fairly fast, but then IronPort took out a bunch of Brightmail's filter to make it even faster).
Now an IronPort box will send out about 600,000 messages per hour in spam cannon mode. Depending on the model, and the creative license taken by their sales rep, they claim to process between 100,000 to 300,000 messages per hour inbound. Keep in mind this is with an MTA written strictly for speed and one of the faster spam filters (certainly it runs rings around SpamAssassin, I've seen both in action).
Flat out, Barracuda are lying when they say an individual box can handle n million messages per day. Fantastic claims like 115 messages per second are absolutely ludicrous. That works out to 414,000 messages per hour. You'd be lucky to get a Beowolf cluster of ____ to process that many messages per hour through a SpamAssassin filter (or for that matter, anything written in PERL).
As for doing it better, cheaper, etc probably 5-10 other companies do spam-blocking better than Barracuda, and most of them have the same degree of maintanence (some significantly less).
As for cheaper, there's no way any company can do it that cheaply, including Barracuda. I gaurantee they're taking a big loss on what they're shipping today, but they don't have a real company's business model, they're trying to get acquired. Barracuda are only aiming for market share, that's it. If they had to feed themselves by their sales rather than their funding, they would starve.
The other competitors aren't charging more because they're price-gouging, they're charging that much because they need to in order to sustain a business (in fact some of them, like IronPort are actually burning their money very quickly).
Using Open Source doesn't magically mean they have zero overhead. All the other companies selling e-mail security appliances use a substantial amount of Open Source code, although most of them aren't dumb enough to use SpamAssassin (with the exception of McAfee and Sophos).
That's OK, though. The Slashdot army can continue to delude themselves into thinking that Open Source automatically means software so cheap that any individual person can buy enough software to support a large enterprise. I wonder who Joe will work for that will pay him that much if all the software is free, though?
Barracuda sells SpamAssassin with a bunch of plugins, installed on Linux, installed on sweat-shop-special PC hardware. They aren't "hardware devices" with an ASIC and real firmware.
They call their Linux OS "firmware", but that doesn't change the fact that it's installed on a hard disk drive and the internals of the box is no different from a 1U or 2U rackmount server that you'd get from Dell, IBM, HP, etc (except that the name-brand hardware is probably 10 times more reliable than the no-name crap that Barracuda uses and has real field service people).
Go ahead, order one of their trial units and open it up.
By the way, anyone familiar with the performance of SpamAssassin and Bayesian will immediately notice that Barracuda's throughput claims are a total farce. Not even the IronPort boxes which run on high-speed hardware (name-brand, SCSI, striped RAID) on a hacked Qmail on a hacked (to the point of unreliability) FS claim the speed that Barracuda claims, and IronPort is widely regarded as the fastest e-mail appliance in existence.
If a pure spam cannon doesn't even claim to process messages as fast as a stock Linux box loaded down with SpamAssassin, how much credibility are you going to give to Barracuda?