I have been asked on a number of occasions to set up an FTP server.
You would not believe the trouble I have had suggesting SSH/SCP - even from people who develop on Unix and use SSH to log in all day long. I've tried providing a web interface, I've tried providing a link to WinSCP, I've tried pre-installing WinSCP on the person's PC before it even goes on their desk.
In almost every case, it was pretty damn obvious that the person asking for an FTP server had already decided that they were going to have an FTP server, and would not even discuss the idea that there might be alternatives.
Switching traffic doesn't necessarily do you much good. Tools like hunt allow you to hijack active TCP streams relatively easily, and it's quite hard to do much about it.
I can thoroughly recommend it. My current employer is a technology company and I'm a Unix sysadmin - on the face of it, outsourcing email when you've got that much talent onsite sounds bonkers.
However, when I did the arithmetic, it worked out more expensive just to pay the colo fees for geographically redundant MX servers than it was to get Google.
That was before I assigned any value to:
Spam filtering that damn well works. Sorry, SpamAssassin, but filtering 95-98% of spam is not good enough when your domain receives something like 20,000 emails per day.
Calendars and contacts that sync with iPhone, Android and Outlook.
Webmail that doesn't make you want to gouge your own eyes out. (You already get both of these with Exchange, of course, but unless you have damn good connectivity, a reliable connection for people who are on the road basically forces you to put the server in a colo. Oh look, more money.)
Shared documents and sites. Akin to (though, to be fair, not as sophisticated as) Sharepoint.
My time in keeping the servers updated, secured and wrestling with an ever increasing volume of spam.
Answering the inevitable "I didn't get this email from Fred, what happened to it?" (The answer was invariably along the lines of "It was delivered to your inbox at 10:30", but if you're being asked those questions it basically means that people can't find their own email. Most people are remarkably bad at using rules to sort their email and prefer to simply hit the search box.)
Hardware and backup media for email.
If you're an Exchange user (we weren't), saved CALs.
Which is precisely why he's writing sense and you're writing on slashdot.
How about routers running VXWorks? Or some other OS? Have you tested all of those too? Go back in time a few years, VXWorks didn't even include a TCP/IP stack, you had to put in your own, so you'll have to test every implementation.
How about Cisco's kit? Do they make assumptions in their OS? Older versions, do they work?
Okay, so that all works. Firewalls - they tend to block addresses they don't recognise. Are you going to ask the entire world to reconfigure their firewalls (and upgrade if the firmware won't let them designate 240.0.0.0/4 as valid)?
If you're going to audit and potentially upgrade all this equipment, you may as well go over to IPv6 and be done with.
The real world is a lot more pragmatic than a lot of people on/. would like to admit. You're not expected to physically go and meet everyone you buy services from and analyse how their product is delivered with a fine-toothed comb, and you're certainly not expected to run everything yourself. It's quite adequate for them to offer a contract which says "we'll keep your data confidential".
You can't stop someone suing you if they want to but you can show that contract to a judge and demonstrate that you did everything you reasonably could - with emphasis on the word "reasonably".
1. Outsourcing is not new. Outsourcing of something which includes confidential information isn't that new either. If it wasn't, there would be no such thing as external companies providing HR advice, payroll services, there wouldn't be patent lawyers, independent accountants....
2. The great majority of businesses aren't Fortune 500 megacorps. They're small businesses - under 100 staff. They almost certainly outsource a number of services anyway - and they certainly don't have a CIO. This is the sort of business that Google Apps is absolutely made for - by the time you've bought a half-decent server, licensed something like Exchange and paid someone to come in and set it up for you, you could have bought Google Apps for your entire staff for four years. And you still won't have reliable webmail for anyone who's on the road, unless you want to buy a leased line or hosting in a data centre - which for the small company is an expense they can ill afford.
I'd say he'll probably have an easier time than if he hadn't found this.
A week from now, the first hit on Google for his name will be this story. Amusing, and must have given him the shock of his life, but won't seriously concern anyone.
Last week, they'd have seen the same thing as Garcia.
you can filter by business type - and there are some well-known names there.
I can't say I'm surprised. The value for money versus any Microsoft product is night and day - you get more services for about a third the price. (The balance has started to tilt back; when I first said that the closest alternative was hosted Exchange from a major reseller, that's not the case any more).
Know what? I think Ballmer knows, somewhere in his wizened black little heart, that quite a few of Microsoft's products are not actually particularly good.
That's not been a huge problem in the past, mainly because the competition was frequently just as awful and even if it wasn't, their position in the market meant "nobody got fired for buying Microsoft" became the mantra for many IT directors of the late '90s-early '00s, just as "nobody got fired for buying IBM" was the mantra for their predecessors. Now we're finally starting to see some healthy competition opening up in parts of the industry where previously there was almost none, and my God it's a breath of fresh air.
Very true, but if you can't compose an image or reliably focus on the right part of it, a €1000 lens is just another penis extension. The most important component in great photography (as opposed to glorified holiday snaps which are just slightly sharper than what you see out of a cheaper camera) is the thing directly behind the camera pressing the shutter release.
I would compare it to forcing garages to take unroadworthy cars off the road - regardless of who is at fault, the car is a hazard to other road users.
Many parts of the world already have something like this - the UK has the MOT test, for instance. Annual test for vehicles over 3 years old, if your car fails you can't drive it. (Fairly meaningless test because it just proves your car was OK when it was in the garage. If something then falls off 100 yards down the road, that's the driver's problem.)
Neither do I, but 5 minutes googling will tell you that we do have such machines, but you can't use them for more than a few hours at a time. Fine for surgery, pretty useless for pneumonia.
(A bit further reading will suggest that there do exist machines which aren't as limited - I wonder if you're getting to the edges of what is possible and what is very much post-doctoral research stuff at this point?)
Those in power have been absolutely terrified of any means of free (as in speech, not neccessarily beer) communication since more-or-less forever. You only have to look at the history of the printing press to see that.
Usually some sort of compromise is thrashed out, and I'd be astonished if that didn't happen here. History has shown that some sort of attempt at control is more or less inevitable, the only question is "will it be subject to checks and balances or will it be a case of some unelected Internet Warden having the power to spy on whoever they like whenever they like for any reason they like?"
Windows doesn't bring in all that much money. Most people simply don't buy it retail. The real money is in the "software assurance" program, and in Office. Get rid of those, and Microsoft is a perennial money loser.
And linux has been used as a threat to dump the software assurance program, which most businesses don't need, since they can now get by with doing a cheap hardware refresh instead with the money they save. Desktops no longer cost $2k apiece.
The only reason anyone would buy a Windows site license is not for software assurance, it's because the OEM license has a clause which says "if you are the end user rather than the OEM, you're not allowed to use this as the basis for an image you roll out to your desktop PCs." - there's no such clause on the site license. Having said that, things like DeCrapifier and Ninite make most of the things you'd have to do to have an image unnecessary.
I can actually understand that. Many people who aren't in an industry that demands real IT literacy don't really understand their computer, they just click the "third icon from the left" or what have you.
The benefit that Windows (still) offers is Active Directory - or, more accurately, the schema and how Windows makes use of it. Virtually every conceivable configuration option for Windows, IE, Office and a few other products besides is pre-cooked and you just need to click a box in the right place for the configuration to be automagically applied to every PC in the entire organisation. Nothing that slick exists for Linux, and the last thing the IT department needs is a bunch of "third icon from the left" people calling up and asking how to get Outlook under Linux.
It's not quite as simple as that. When they're talking about Serious and Organised Crime, they don't mean "serious criminal allegations about an organisation". They mean organised criminal gangs (which are probably about Number 3 on the Official UK List of Things to be Scare the Population With, directly under terrorists and paedophiles).
And while there's quite a few companies I would dearly love to see investigated under that kind of statute, the world tends to be rather more pragmatic than that and if an organisation by and large benefits society, IME they're generally not likely to find themselves being effectively outlawed.
I don't think it's much to worry about. EMI, like any record company, own a vast amount of IP and that has real value (even if EMI don't seem to know quite how to make the best of it). Some enterprising person would step in, buy and cash in on the IP, more or less guaranteed.
Funny, the user I have who uses Android - their device doesn't show up as one I can remote wipe. 'Course, it's entirely possible their device is connecting via IMAP.
Doesn't work so well if the underlying documents are scans of paper documents - I don't know if Google's PDF searching deals with OCR'ing text. And even if it does that assumes the scans are actually stored in a reasonably well-known format like PDF.
AFAICT (and I am neither American, nor a lawyer), the argument goes something like this:
"Of course you're free to travel without being searched! However, the law says nothing about the modes of transport employed - as long as there is a way to travel without the search, you can take that instead. What was that you say? You do not want to drive and there's no practical public transport from Boston, MA to San Francisco, CA? Well, not driving is your decision, but I don't really see how it's the government's problem"
If you're using Google for Domains Premier Edition (ie. the one you pay for), and very likely Educational (seeing as that's basically Premier only it's offered free to educational institutions), the answer is "yes".
The admin can, through the user control panel, click on a user and right at the bottom is a list of all supported smartphones they've connected with and the option to remotely wipe them individually. IIRC, you can remotely wipe iPhones but for some reason not Android phones. I know of at least one user with a Blackberry I can't see a wipe option for, but it's possible they've configured it to get email via IMAP.
I'm not sure if Google have updated their API to support this - if they have, it'd be reasonably trivial to write a Python script that automagically wiped all devices a user had ever used immediately before closing their account.
So - and this is a genuine question, I really don't know the answer - if my iPhone is remotely wiped, can I easily restore from that backup? Or will iTunes spot that it's been remotely wiped and dutifully wipe the backups as well unless I take steps to prevent that?
Slashdot Mirror
I have been asked on a number of occasions to set up an FTP server.
You would not believe the trouble I have had suggesting SSH/SCP - even from people who develop on Unix and use SSH to log in all day long. I've tried providing a web interface, I've tried providing a link to WinSCP, I've tried pre-installing WinSCP on the person's PC before it even goes on their desk.
In almost every case, it was pretty damn obvious that the person asking for an FTP server had already decided that they were going to have an FTP server, and would not even discuss the idea that there might be alternatives.
Switching traffic doesn't necessarily do you much good. Tools like hunt allow you to hijack active TCP streams relatively easily, and it's quite hard to do much about it.
I can thoroughly recommend it. My current employer is a technology company and I'm a Unix sysadmin - on the face of it, outsourcing email when you've got that much talent onsite sounds bonkers.
However, when I did the arithmetic, it worked out more expensive just to pay the colo fees for geographically redundant MX servers than it was to get Google.
That was before I assigned any value to:
I figured if you can't beat 'em, join 'em.
Which is precisely why he's writing sense and you're writing on slashdot.
How about routers running VXWorks? Or some other OS? Have you tested all of those too? Go back in time a few years, VXWorks didn't even include a TCP/IP stack, you had to put in your own, so you'll have to test every implementation.
How about Cisco's kit? Do they make assumptions in their OS? Older versions, do they work?
Okay, so that all works. Firewalls - they tend to block addresses they don't recognise. Are you going to ask the entire world to reconfigure their firewalls (and upgrade if the firmware won't let them designate 240.0.0.0/4 as valid)?
If you're going to audit and potentially upgrade all this equipment, you may as well go over to IPv6 and be done with.
Very easily.
The real world is a lot more pragmatic than a lot of people on /. would like to admit. You're not expected to physically go and meet everyone you buy services from and analyse how their product is delivered with a fine-toothed comb, and you're certainly not expected to run everything yourself. It's quite adequate for them to offer a contract which says "we'll keep your data confidential".
You can't stop someone suing you if they want to but you can show that contract to a judge and demonstrate that you did everything you reasonably could - with emphasis on the word "reasonably".
Two issues at stake here:
1. Outsourcing is not new. Outsourcing of something which includes confidential information isn't that new either. If it wasn't, there would be no such thing as external companies providing HR advice, payroll services, there wouldn't be patent lawyers, independent accountants....
2. The great majority of businesses aren't Fortune 500 megacorps. They're small businesses - under 100 staff. They almost certainly outsource a number of services anyway - and they certainly don't have a CIO. This is the sort of business that Google Apps is absolutely made for - by the time you've bought a half-decent server, licensed something like Exchange and paid someone to come in and set it up for you, you could have bought Google Apps for your entire staff for four years. And you still won't have reliable webmail for anyone who's on the road, unless you want to buy a leased line or hosting in a data centre - which for the small company is an expense they can ill afford.
I'd say he'll probably have an easier time than if he hadn't found this.
A week from now, the first hit on Google for his name will be this story. Amusing, and must have given him the shock of his life, but won't seriously concern anyone.
Last week, they'd have seen the same thing as Garcia.
Don't know about Fortune 500 but if you look at:
http://www.google.com/apps/intl/en/business/customers.html
you can filter by business type - and there are some well-known names there.
I can't say I'm surprised. The value for money versus any Microsoft product is night and day - you get more services for about a third the price. (The balance has started to tilt back; when I first said that the closest alternative was hosted Exchange from a major reseller, that's not the case any more).
Know what? I think Ballmer knows, somewhere in his wizened black little heart, that quite a few of Microsoft's products are not actually particularly good.
That's not been a huge problem in the past, mainly because the competition was frequently just as awful and even if it wasn't, their position in the market meant "nobody got fired for buying Microsoft" became the mantra for many IT directors of the late '90s-early '00s, just as "nobody got fired for buying IBM" was the mantra for their predecessors. Now we're finally starting to see some healthy competition opening up in parts of the industry where previously there was almost none, and my God it's a breath of fresh air.
Very true, but if you can't compose an image or reliably focus on the right part of it, a €1000 lens is just another penis extension. The most important component in great photography (as opposed to glorified holiday snaps which are just slightly sharper than what you see out of a cheaper camera) is the thing directly behind the camera pressing the shutter release.
I would compare it to forcing garages to take unroadworthy cars off the road - regardless of who is at fault, the car is a hazard to other road users.
Many parts of the world already have something like this - the UK has the MOT test, for instance. Annual test for vehicles over 3 years old, if your car fails you can't drive it. (Fairly meaningless test because it just proves your car was OK when it was in the garage. If something then falls off 100 yards down the road, that's the driver's problem.)
Neither do I, but 5 minutes googling will tell you that we do have such machines, but you can't use them for more than a few hours at a time. Fine for surgery, pretty useless for pneumonia.
(A bit further reading will suggest that there do exist machines which aren't as limited - I wonder if you're getting to the edges of what is possible and what is very much post-doctoral research stuff at this point?)
Those in power have been absolutely terrified of any means of free (as in speech, not neccessarily beer) communication since more-or-less forever. You only have to look at the history of the printing press to see that.
Usually some sort of compromise is thrashed out, and I'd be astonished if that didn't happen here. History has shown that some sort of attempt at control is more or less inevitable, the only question is "will it be subject to checks and balances or will it be a case of some unelected Internet Warden having the power to spy on whoever they like whenever they like for any reason they like?"
Windows doesn't bring in all that much money. Most people simply don't buy it retail. The real money is in the "software assurance" program, and in Office. Get rid of those, and Microsoft is a perennial money loser.
And linux has been used as a threat to dump the software assurance program, which most businesses don't need, since they can now get by with doing a cheap hardware refresh instead with the money they save. Desktops no longer cost $2k apiece.
The only reason anyone would buy a Windows site license is not for software assurance, it's because the OEM license has a clause which says "if you are the end user rather than the OEM, you're not allowed to use this as the basis for an image you roll out to your desktop PCs." - there's no such clause on the site license. Having said that, things like DeCrapifier and Ninite make most of the things you'd have to do to have an image unnecessary.
I can actually understand that. Many people who aren't in an industry that demands real IT literacy don't really understand their computer, they just click the "third icon from the left" or what have you.
The benefit that Windows (still) offers is Active Directory - or, more accurately, the schema and how Windows makes use of it. Virtually every conceivable configuration option for Windows, IE, Office and a few other products besides is pre-cooked and you just need to click a box in the right place for the configuration to be automagically applied to every PC in the entire organisation. Nothing that slick exists for Linux, and the last thing the IT department needs is a bunch of "third icon from the left" people calling up and asking how to get Outlook under Linux.
It's not quite as simple as that. When they're talking about Serious and Organised Crime, they don't mean "serious criminal allegations about an organisation". They mean organised criminal gangs (which are probably about Number 3 on the Official UK List of Things to be Scare the Population With, directly under terrorists and paedophiles).
And while there's quite a few companies I would dearly love to see investigated under that kind of statute, the world tends to be rather more pragmatic than that and if an organisation by and large benefits society, IME they're generally not likely to find themselves being effectively outlawed.
I don't think it's much to worry about. EMI, like any record company, own a vast amount of IP and that has real value (even if EMI don't seem to know quite how to make the best of it). Some enterprising person would step in, buy and cash in on the IP, more or less guaranteed.
Even then you're not immune from silly ads going out there. I think the best I ever saw was a charity looking for an IT manager.
The headline of their advert was "We need some help with our IT". The application instructions were "Please email two copies of your CV to ...@..."
Funny, the user I have who uses Android - their device doesn't show up as one I can remote wipe. 'Course, it's entirely possible their device is connecting via IMAP.
Doesn't work so well if the underlying documents are scans of paper documents - I don't know if Google's PDF searching deals with OCR'ing text. And even if it does that assumes the scans are actually stored in a reasonably well-known format like PDF.
Scratch that--the only way we can be PERFECTLY safe is to be dead.
Not entirely true, as it happens. Oliver Cromwell was hanged three years after he died.
And you can guarantee that before such a speech was made, at least one aide would describe giving it as "a courageous decision".
(Obscure "Yes, Minister" reference)
AFAICT (and I am neither American, nor a lawyer), the argument goes something like this:
"Of course you're free to travel without being searched! However, the law says nothing about the modes of transport employed - as long as there is a way to travel without the search, you can take that instead. What was that you say? You do not want to drive and there's no practical public transport from Boston, MA to San Francisco, CA? Well, not driving is your decision, but I don't really see how it's the government's problem"
I'm not sure a free gmail account actually uses ActiveSync (I'd expect it to use IMAP), but I can't imagine why not.
If you're using Google for Domains Premier Edition (ie. the one you pay for), and very likely Educational (seeing as that's basically Premier only it's offered free to educational institutions), the answer is "yes".
The admin can, through the user control panel, click on a user and right at the bottom is a list of all supported smartphones they've connected with and the option to remotely wipe them individually. IIRC, you can remotely wipe iPhones but for some reason not Android phones. I know of at least one user with a Blackberry I can't see a wipe option for, but it's possible they've configured it to get email via IMAP.
I'm not sure if Google have updated their API to support this - if they have, it'd be reasonably trivial to write a Python script that automagically wiped all devices a user had ever used immediately before closing their account.
Okay.
So - and this is a genuine question, I really don't know the answer - if my iPhone is remotely wiped, can I easily restore from that backup? Or will iTunes spot that it's been remotely wiped and dutifully wipe the backups as well unless I take steps to prevent that?