You will hear of such users now, I think. Gnome has become much too large to be reliable or even stable anymore I have clients preferring to use CygWin's X windows, and ssh access to X applications, rather than use current Linux releases and deal with the excessive bloat of Gnome.
If it takes too long to boot, to switch appications, to accept input, has too short a battery life, or cannot keep with simple video applications due to hardware limitations, the architectural fanboys are not going to be enough of a market to keep it in business. Small sales won't bring down the cost of manufacturing to compete.
I'm afraid that you're going on to expose part of the underlying problems. 100,000 individually built, individual managed servers are likely to suffer 50,000 catastrophic failures for dozens of different reasons, ranging from lost passwords, accidental deletion with no snapshots, hardware failures, breakins due to incompetence such as using FTP, breakins because they choose terrible passwords, and others. These are _precisely_ why so many people are going to cloud services
Frankly, many of the "just ask around" answers you'll find even from technical friends, are horrible and have profound consequences to the safety or reliability of your data. I make quite a bit of my own salary helping companies clean up the results of technologically skilled admins. Many of them didn't bother, or didn't know how, to run real backup services and the results are devastating.
I'm afraid that, in this day and age, with the monitoring of FTP logins in man-in-the-middle attacks worldwide, no public facing FTP server should be considered "private". FTPS or FTPS or any of several other good protocols all can help with this. But I've encountered far too many environments where people use the same password for their FTP, and their email access, and insist on making it publicly available. Then they wonder why their systems get broken into.
> Of course, the railgun has a much longer range, a much higher speed,
The railgun range today is effectively _zero_. High velocity rounds have been launched from test guns, but none have actually successfully hit a moving target without a pre-plotted course for the target, nor have any significantly sized railguns been successfully tested from a portable platform. They also wear out so fast that the mass and resources saved on ammunition are effectively taken up by the necessary spare parts for the railgun itself. I'm afraid they're much like dotcom business plans. The drawing on the back of the napkin looks fabulous, but the actual engineering has turned out to have real limits.
Then you often cannot publish, nor can you discuss details of your work with the best non-military people in the field. You can also wind up ordered to commit illegal or unconstitutional acts with no safe legal or political recourse. Do remember that Edward Snowden was a contractor and reported illegal activity to his superiors, and was told to "shut up" before he want to the press with very solid proof of illegal and abusive and unconstitutional activity by parts of the federal government.
There's still Snap-On, but oh my, are they expensive. And it's very, very hard to find a Snap-On truck to try out the tools at: I've made friends with a car mechanic who lets me know when they're visiting. Screw drivers that _fit a human hand_, and whose grips do not wear out in a year, and pliers that do not have their teeth fray are well worth the money I can now afford for a few better tools.
30 minute cell phone screen repair was a real winner. All the cell phone vendors wanted me to leave my phone overnight. I couldn't easily give up my mostly intact Iphone to repair the screen until I spent the time for a latte waiting for my local Radio Shack repair center to do a very good job. But when I coundn't find wire cutters in the largest local Radio Shack, I was pretty shocked.
It's an ice cream shop. If it's like my favorite ice cream shop, that menu can change 3 times in one hour as the ice cream as ice cream is used up and new ice cream taken out for use, or as some of their dozens of flavors run out near the end of the business day.
This takes time and is prone to forgetting. It also requires keyboard space somewhere unlikely to wind up covered with product. That counter space is _expensive_, every foot not in use for real service is lost to profit.
> ou are forgetting that the default for SSH is to abort during a MITM
With stolen hostkeys on the same IP address? Or by presenting a new host IP in DNS with their own MITM keys, connecting to an unencrypted login transaction logger, and recording the user login attempt and passwords, then using them next time to connect to forward the connection to the relevant upstream host? Or any of a dozen other MITM approaches?
I've been through just such an attack. Fortunately, the person doing the attack gave themselves away by failing to deal with 'ssh-agent' based connections, which is when I got called: key based access to the attacked server stopped working.
>> Catastrophe is a critical factor in most evolutionary history.
> Citation, please.
Wikipedia has a fairly good entry on "Catastrophism", and another on "Punctuated equilibrium". But even without large scale events such as dinosaur killer asteroids or the evolution of photosynthesis poisoning most species with much higher concentrations of volatile oxygen, the are much smaller and more frequent effects. Forest fires are a crtical factor in breeding jack pine trees, floods are vital to the fertility of the ecosystem near river banks, and hurricanes spread species throughout their trail and profoundly affect the ecology and evolution of areas that are likely to endure hurricanes. And catastrophes can and do create a "founder effect", where a small number of introduced species members become a new species quite quickly in their new environment.
Do I need to find individual links links for each of those?
Catastrophe is a critical factor in most evolutionary history. Practices and traits that were successful, successful enough to become part of the biology or lifesstyle of an organism, often fail as circumstances change. I'm afraid that abrupt changes in environment are a common, through often unpredicatable, factor in many species.
> With a large enough sample size, the effects of time can be eliminated from the statistics.
Oh, dear. This is so wrong, on so many levels, I'm having difficulty even knowing where to start. But "time" is one of the most critical axes in any systems involving feedback and cannot be safely ignored.
"Template based deployment" is not "guest OS customization". Re-arranging disk sizes, RAM and network configurations, and even system hostnames and credentials are considerable extra work.
> A recent GAO report said that $106 BILLION was spent by the US government through 2010 on global warming research
Im staring at the Forbes report at http://www.whitehouse.gov/site.... Note that a lot of that money is involved in "clean" energy projects which have dual or triple use: reducing pollution, improving arable land, water management, emergency planning for coastal areas, and switching from unsustainable fuel resources to sustainable, less greenhouse gas producing fuels.
I'm also afraid you're comparing apples to oranges. Most of the federal budget is not "advertising" to compare to oil companies, it's a great deal of real work with multiple scientific. urban development, and economic uses. If you compare it to the amount of money oil companies spent on drilling for new oil or on research to expand their markets, you'd have a better scale.
> It doesn't help when scientists pushing the fear also push the politics.
Given the resistance to basic knowledge, informing the public and other scientists is part of their role as scientists proving their science. Given their humanity, getting other humans to act on that knowledge to make money, improve lives, or prevent disaster is a logical and natural behavior. Why would you be surprised if, in some cases, it goes beyond mere publication to outright political advocacy?
This has happened repeatedly. The most notorious example is the "IBM Deskstar", which failed en masse after consistent amounts of use. They destroyed RAID arrays around the world because the individual drives could not be replaced fast enough to secure the data before multiple drives went offline simultaneously.
> If the employees are turning on their personal hotspots and using that, you don't have a security problem.
If they connect anything that lives inside your network, at any time, or that even has a VPN connection your internal networks at any time, you have a security problem. It may be one you choose to accept as a matter of policy, but the risk is very real. Worse. Most admins simply do not have the tools are buy-in to review and monitor systems for gateways, remote console access, or network tunnels that may expose your internal network through precisely such a hotspot or modem access.
I agree that by current regulation you may not run a hotspot jammer. The FCC regulations are quite clear about this, partly because they block other cellular communications and services such as telephones and GPS. But I'm afraid I disagreee vehemently with you that their use does not constitute "a security problem".
Just like modems on laptops or in the server room are not a security risk?
The problem is that people can, and do, connect the same device simultaneously to the hotspot or the modem and to the internal network. And then they port forward. I've certainly caught people doing this, especially among non-technical staff who try out "this cool thing they read about". I'm afraid it's often even worse among software architects who use passphrase free SSL or SSH keys "to save time", who lock their passwords to never expire, and who are very careful never to explain what they're doing to anyone else.
I've encountered far too many cases of such setups used for business critical services, unknown to anyone else, that collapse during network cleanup efforts or when the employee finally moves on.
> You seriously think the developers decided any of that?
Yes, they often do. Software developers often have to "sell" their projects at planning meetings. They can choose, and do, which features to emphasize.
> Also, there is nothing inherent in the use of javascript that affects security in any way; a site using multiple
It's complexity, and frequent use to cause the client to do anything other than a simple "pull" of content, create profound vulnerabilities.
> But you're wrong in cases where it is done right
These are increasingly rare. The Slashdot "beta" page is a wonderful example of abusively over-aggressive complexity, at the expense of legibility and usability.
> Loading and rendering only the data that needs to change is *much* faster
But this is not what is happening. It's being used to generate "churn" on the page.
Re:Obligatory reminder that an alternative exists
on
OpenSSL 1.0.2 Released
·
· Score: 1
Hard coded may be too strong. They're certainly the mandated defaults at installation time. Extracting them is a laborious and painful manual process, likely to be overwritten by the very next security update in most packages with most installers. Disabling them disables hosts of automated tools which rely on ordinary HTTPS, and there are certainly core software repositories which rely extensively on ordinary root authorities to verify their SSL signatures. These include Github, bitbucket, sourceforge, and many commercial sites. And they are certainly hardcoded in the sense of "these are the signature authorities used by most vendors".
> Actually, genius, "Javashit", as you call it, when used properly, is leaps and bounds better than iFrames
Neither of which is better than actually keeping the content in clean plain text format. Excess eye candy damages performance and risks security on both ends of a web connection, and also makes the content less accessible to older hardware and to people with visual difficulty or limited mobility. I'm afraid that I _do_ blame web developers, because their excess reliance on eye candy leads to things like the new Slashdot interface.
Slashdot Mirror
This is not a base OS configuration problem. It's a personal taste of working environment problem, especially for your environment's web server needs.
So look to service configuration tools, like cfengine, puppet, chef, or any of the dozens of other tools that already have setups for this.
You will hear of such users now, I think. Gnome has become much too large to be reliable or even stable anymore I have clients preferring to use CygWin's X windows, and ssh access to X applications, rather than use current Linux releases and deal with the excessive bloat of Gnome.
If it takes too long to boot, to switch appications, to accept input, has too short a battery life, or cannot keep with simple video applications due to hardware limitations, the architectural fanboys are not going to be enough of a market to keep it in business. Small sales won't bring down the cost of manufacturing to compete.
I'm afraid that you're going on to expose part of the underlying problems. 100,000 individually built, individual managed servers are likely to suffer 50,000 catastrophic failures for dozens of different reasons, ranging from lost passwords, accidental deletion with no snapshots, hardware failures, breakins due to incompetence such as using FTP, breakins because they choose terrible passwords, and others. These are _precisely_ why so many people are going to cloud services
Frankly, many of the "just ask around" answers you'll find even from technical friends, are horrible and have profound consequences to the safety or reliability of your data. I make quite a bit of my own salary helping companies clean up the results of technologically skilled admins. Many of them didn't bother, or didn't know how, to run real backup services and the results are devastating.
> personal FTP server
I'm afraid that, in this day and age, with the monitoring of FTP logins in man-in-the-middle attacks worldwide, no public facing FTP server should be considered "private". FTPS or FTPS or any of several other good protocols all can help with this. But I've encountered far too many environments where people use the same password for their FTP, and their email access, and insist on making it publicly available. Then they wonder why their systems get broken into.
> Of course, the railgun has a much longer range, a much higher speed,
The railgun range today is effectively _zero_. High velocity rounds have been launched from test guns, but none have actually successfully hit a moving target without a pre-plotted course for the target, nor have any significantly sized railguns been successfully tested from a portable platform. They also wear out so fast that the mass and resources saved on ammunition are effectively taken up by the necessary spare parts for the railgun itself. I'm afraid they're much like dotcom business plans. The drawing on the back of the napkin looks fabulous, but the actual engineering has turned out to have real limits.
> get in a job with a clearance.
Then you often cannot publish, nor can you discuss details of your work with the best non-military people in the field. You can also wind up ordered to commit illegal or unconstitutional acts with no safe legal or political recourse. Do remember that Edward Snowden was a contractor and reported illegal activity to his superiors, and was told to "shut up" before he want to the press with very solid proof of illegal and abusive and unconstitutional activity by parts of the federal government.
> the risk of somebody doing something nefarious with the information they got it pretty low.
On a case by case baseis, yes. On a wholesale basis, the risk gets quite large, and they _script_ their attacks.
There's still Snap-On, but oh my, are they expensive. And it's very, very hard to find a Snap-On truck to try out the tools at: I've made friends with a car mechanic who lets me know when they're visiting. Screw drivers that _fit a human hand_, and whose grips do not wear out in a year, and pliers that do not have their teeth fray are well worth the money I can now afford for a few better tools.
> you likely won't find anything you want there
30 minute cell phone screen repair was a real winner. All the cell phone vendors wanted me to leave my phone overnight. I couldn't easily give up my mostly intact Iphone to repair the screen until I spent the time for a latte waiting for my local Radio Shack repair center to do a very good job. But when I coundn't find wire cutters in the largest local Radio Shack, I was pretty shocked.
It's an ice cream shop. If it's like my favorite ice cream shop, that menu can change 3 times in one hour as the ice cream as ice cream is used up and new ice cream taken out for use, or as some of their dozens of flavors run out near the end of the business day.
This takes time and is prone to forgetting. It also requires keyboard space somewhere unlikely to wind up covered with product. That counter space is _expensive_, every foot not in use for real service is lost to profit.
> ou are forgetting that the default for SSH is to abort during a MITM
With stolen hostkeys on the same IP address? Or by presenting a new host IP in DNS with their own MITM keys, connecting to an unencrypted login transaction logger, and recording the user login attempt and passwords, then using them next time to connect to forward the connection to the relevant upstream host? Or any of a dozen other MITM approaches?
I've been through just such an attack. Fortunately, the person doing the attack gave themselves away by failing to deal with 'ssh-agent' based connections, which is when I got called: key based access to the attacked server stopped working.
>> Catastrophe is a critical factor in most evolutionary history.
> Citation, please.
Wikipedia has a fairly good entry on "Catastrophism", and another on "Punctuated equilibrium". But even without large scale events such as dinosaur killer asteroids or the evolution of photosynthesis poisoning most species with much higher concentrations of volatile oxygen, the are much smaller and more frequent effects. Forest fires are a crtical factor in breeding jack pine trees, floods are vital to the fertility of the ecosystem near river banks, and hurricanes spread species throughout their trail and profoundly affect the ecology and evolution of areas that are likely to endure hurricanes. And catastrophes can and do create a "founder effect", where a small number of introduced species members become a new species quite quickly in their new environment.
Do I need to find individual links links for each of those?
Catastrophe is a critical factor in most evolutionary history. Practices and traits that were successful, successful enough to become part of the biology or lifesstyle of an organism, often fail as circumstances change. I'm afraid that abrupt changes in environment are a common, through often unpredicatable, factor in many species.
> With a large enough sample size, the effects of time can be eliminated from the statistics.
Oh, dear. This is so wrong, on so many levels, I'm having difficulty even knowing where to start. But "time" is one of the most critical axes in any systems involving feedback and cannot be safely ignored.
"Template based deployment" is not "guest OS customization". Re-arranging disk sizes, RAM and network configurations, and even system hostnames and credentials are considerable extra work.
> A recent GAO report said that $106 BILLION was spent by the US government through 2010 on global warming research
Im staring at the Forbes report at http://www.whitehouse.gov/site.... Note that a lot of that money is involved in "clean" energy projects which have dual or triple use: reducing pollution, improving arable land, water management, emergency planning for coastal areas, and switching from unsustainable fuel resources to sustainable, less greenhouse gas producing fuels.
I'm also afraid you're comparing apples to oranges. Most of the federal budget is not "advertising" to compare to oil companies, it's a great deal of real work with multiple scientific. urban development, and economic uses. If you compare it to the amount of money oil companies spent on drilling for new oil or on research to expand their markets, you'd have a better scale.
> It doesn't help when scientists pushing the fear also push the politics.
Given the resistance to basic knowledge, informing the public and other scientists is part of their role as scientists proving their science. Given their humanity, getting other humans to act on that knowledge to make money, improve lives, or prevent disaster is a logical and natural behavior. Why would you be surprised if, in some cases, it goes beyond mere publication to outright political advocacy?
This has happened repeatedly. The most notorious example is the "IBM Deskstar", which failed en masse after consistent amounts of use. They destroyed RAID arrays around the world because the individual drives could not be replaced fast enough to secure the data before multiple drives went offline simultaneously.
> If the employees are turning on their personal hotspots and using that, you don't have a security problem.
If they connect anything that lives inside your network, at any time, or that even has a VPN connection your internal networks at any time, you have a security problem. It may be one you choose to accept as a matter of policy, but the risk is very real. Worse. Most admins simply do not have the tools are buy-in to review and monitor systems for gateways, remote console access, or network tunnels that may expose your internal network through precisely such a hotspot or modem access.
I agree that by current regulation you may not run a hotspot jammer. The FCC regulations are quite clear about this, partly because they block other cellular communications and services such as telephones and GPS. But I'm afraid I disagreee vehemently with you that their use does not constitute "a security problem".
Just like modems on laptops or in the server room are not a security risk?
The problem is that people can, and do, connect the same device simultaneously to the hotspot or the modem and to the internal network. And then they port forward. I've certainly caught people doing this, especially among non-technical staff who try out "this cool thing they read about". I'm afraid it's often even worse among software architects who use passphrase free SSL or SSH keys "to save time", who lock their passwords to never expire, and who are very careful never to explain what they're doing to anyone else.
I've encountered far too many cases of such setups used for business critical services, unknown to anyone else, that collapse during network cleanup efforts or when the employee finally moves on.
> You seriously think the developers decided any of that?
Yes, they often do. Software developers often have to "sell" their projects at planning meetings. They can choose, and do, which features to emphasize.
> Also, there is nothing inherent in the use of javascript that affects security in any way; a site using multiple
It's complexity, and frequent use to cause the client to do anything other than a simple "pull" of content, create profound vulnerabilities.
> But you're wrong in cases where it is done right
These are increasingly rare. The Slashdot "beta" page is a wonderful example of abusively over-aggressive complexity, at the expense of legibility and usability.
> Loading and rendering only the data that needs to change is *much* faster
But this is not what is happening. It's being used to generate "churn" on the page.
Hard coded may be too strong. They're certainly the mandated defaults at installation time. Extracting them is a laborious and painful manual process, likely to be overwritten by the very next security update in most packages with most installers. Disabling them disables hosts of automated tools which rely on ordinary HTTPS, and there are certainly core software repositories which rely extensively on ordinary root authorities to verify their SSL signatures. These include Github, bitbucket, sourceforge, and many commercial sites. And they are certainly hardcoded in the sense of "these are the signature authorities used by most vendors".
> Actually, genius, "Javashit", as you call it, when used properly, is leaps and bounds better than iFrames
Neither of which is better than actually keeping the content in clean plain text format. Excess eye candy damages performance and risks security on both ends of a web connection, and also makes the content less accessible to older hardware and to people with visual difficulty or limited mobility. I'm afraid that I _do_ blame web developers, because their excess reliance on eye candy leads to things like the new Slashdot interface.