Yeah, I guess that's true, but in that case it's not really MS being dicks, it's the carrier. That interesting about that Nextel phone, my Sprint Treo was not locked down (even before I upgraded to an unofficial WinMob 6 firmware), I wonder why Sprint/Nextel would choose to lock down some of their phones but not others. I have to say, I would have some very unpleasant words for a person who sold me a phone that does not allow me to install applications (of my choosing) on it.
This is not that big of a deal. I don't like someone else having control over my hardware, but unlike with Apple's phones, nobody is requiring you to get Windows Mobile apps from the Microsoft "marketplace". If you're worried about something like this, then just skip the app store and get the.cab installation file straight from whoever made the software. The great thing about Windows Mobile is that its not locked down like other mobile OS's. You don't have to jailbreak your own hardware just to use it. Hell, you can load up Visual Studio, make a little.NET app for you phone, and install it on your device yourself.
Definitely not an A-7, it only has one engine and the intake is in the nose. It might be a Tornado like someone else said, or a Jaguar (what I'm leaning towards - http://en.wikipedia.org/wiki/SEPECAT_Jaguar)
Complying with this would *NOT* involve removing support for the Open XML formats (.docx,.xlsx,.pptx, etc). This is related to Custom XML, which is described as:
âoeCustom XML is the support for custom defined schemas. Itâ(TM)s that support that allows you truly integrate your documents with business processes and business data. You can define your data using XML Schema syntax, and then you can use that data in your Office documents. By opening up our formats with our reference schemas, and supporting your custom defined schemas, you get true interoperability of your documents.â
I've really been impressed with OpsView. Can't say how well it scales on huge networks (but there are options for having multiple servers). Its based on Nagios, but its a lot less of a pain to configure and has a pretty good web interface. The only thing I don't really like is its graphing functionality. I use Cacti for monitoring bandwidth/server load/etc. But for availability checking OpsView does a fantastic job. I'm using it to monitor maybe twenty devices, including Linux and Windows servers, and HP/Cisco network devices. I tried Zenoss as well, but it seemed awkward to work with. For instance, with Opsview/nagios it's easy to add a check to verify that a DNS server is correctly resolving a record in a particular zone. I remember it was going to be a pain to monitor some of the things I wanted to with Zenoss. Maybe I'm biased because I used plain old Nagios for a while before I tried OpsView and Zenoss.
What manufacturer only has a 1 year warranty on drives!? All the consumer drives that I've seen (on Newegg) have 3 year warranty's, and there's quite of few of the (theoretically) higher quality business drives with 5 year warranties. Man, there's no way I'd touch a HDD that the manufacturer could only offer a 1 year warranty on.
If you're using full disk encryption with BitLocker or TrueCrypt or something then I doubt this would be effective. With both BitLocker and TrueCrypt, the only things that can be loaded without decrypting the drive is the bootloader/BitLocker/TrueCrypt software that prompts for the password or key. Unless someone has found a vulnerability in the actual encryption software that's used, I don't think it would be vulnerable in that way.
In business environments nobody actually bothers with backuping up the notebooks/workstations. You just save your files on a network drive (you can have My Documents redirected to a network share if you want, and even have it cached locally in the case of a laptop). You could also use something like iFolder to sync your files to a server. The servers are either backed up with scripts (for *nix based stuff) or something like Backup Exec (for Windows based servers).
If you want something more similar to rsync, you might look at Microsoft's free Sync Toy. I'm sure there's versions of rsync ported to Windows too.
Corporate versions of Vista require activation:( (though it can be a multi-activation key or with a local server). This is one of the reasons businesses are hesitant to move to Vista.
Yeah I actually did that today to check to make sure that the ports were actually was being randomized before I said they were. I'd never really looked into it much before.
Nope, I'm behind a Cisco router (doing NAT and with a few ACL's). I have a BIND 9 DNS server on Linux and one on windows Server 2008, both of which randomize their source ports.
That's interesting though, I did not realize it was a major problem with consumer stuff. I wonder why those companies have such great difficulty in making their products work properly.
Using a common DNS server also means you are putting a lot of trust in whoever runs that common DNS server. Considering that my internal DNS servers (that use root hints) are not accessible from outside of my networks, I have more faith in the security of my DNS servers than I do in my ISP's (even though the small ISP I use does not try to actively screw me over like some places:). Caching is also not always a good thing, especially when ISP's cache records for far longer than they should. Anyway's, the number of home users running their own DNS servers (using root hints) is small enough to be completely negligible.
Assuming you don't use a transparent proxy, then you would still get false negatives. The "eye chart" test won't work with proxies, not because of caching, but because with a non-transparent proxy Conficker wouldn't see that your computers are actually communicating with the security people's IP ranges.
As someone else posted www.heavens-above.com is pretty good. They don't have the Shuttle's track on there yet but it should be close to the ISS's.
The ISS will be almost directly overhead where I am (Indiana) tomorrow night, I'm hoping the shuttle will be visible as well. I don't know how close they are in their orbits right now though.
msi files are no longer recommended by Microsoft for pushing out software via Group Policy. they now recomemd you drop 50000 for a copy of MOM.
Nice MS bashing there. Pushing out MSI's via GPO's is still supported and works just fine. Its not as powerful as using some of Microsoft's other products, but a lot of people use it and it works fine for relatively simple/small software. And btw, MOM has absolutely nothing to do with pushing out software. MOM is used for monitoring. Systems Center Configuration Manager (formerly SMS) can push out software (and do some other things too I believe, I've never had a reason to use it though).
Yeah, somewhat. Though, she was just saying what she thought the court's view of it would be. From how she said it, I don't think she necessarily agreed with how it should be.
I can see how it might be considered legal. NDA's are generally legal and you don't necessarily have the right to say anything you want (slander/defamation, false advertising, etc). It would be interesting to see the outcome of a case on this. I guess I feel that free speech is important in commerce so that a consumer can determine what product/service they want to purchase. Blocking free speech for this (and other agreements, like where Oracle tries to prevent people from publishing benchmarks) hurts competition.
This was actually brought up my commercial law class this morning. Our professor's opinion was that it was probably legal if just a few doctors were doing it. But, if all doctors in an area were doing it and it was not possible to obtain medical care without agreeing to this, it's possible that courts may not recognize the contract, because it was a "contract of adhesion".
While it doesn't look like this is why Colorado is trying to discourage people form using FF, there are some big reasons why its difficult to securely deploy FF in organizations.
Namely, the fact that Mozilla *still*, for some amazing reason, refuses to release an official MSI version of Firefox. Even though its one of the most requested features/changes. Yes, I'm aware that there are a few third parties that repackage Firefox as an MSI. But if they ever want Firefox to be adopted by larger organizations they have to make it easy to deploy and administer an official version of Firefox.
Without an MSI, there is no easy way to update Firefox on a large number of computers without going from computer to computer and logging in as an administrator. That's an unacceptable solution in most organizations (at least ones that have a clue and don't give all users local admin rights).
I generally agree with what you say, one side note though, VMWare ESX can actually share memory between different VM's if the contents of it are the same.
http://www.vmware.com/pdf/esx3_memory.pdf (see page 4)
DNS spoofing is its own problem; if they own DNS they have you anyway.
To some extent that's true, but at least in theory proper SSL could warn the user that something's wrong, because the cert the attackers have wouldn't be valid.
Slashdot Mirror
Windows XP had _nothing_ in common with ME whatsoever.
Yeah, I guess that's true, but in that case it's not really MS being dicks, it's the carrier. That interesting about that Nextel phone, my Sprint Treo was not locked down (even before I upgraded to an unofficial WinMob 6 firmware), I wonder why Sprint/Nextel would choose to lock down some of their phones but not others. I have to say, I would have some very unpleasant words for a person who sold me a phone that does not allow me to install applications (of my choosing) on it.
This is not that big of a deal. I don't like someone else having control over my hardware, but unlike with Apple's phones, nobody is requiring you to get Windows Mobile apps from the Microsoft "marketplace". If you're worried about something like this, then just skip the app store and get the .cab installation file straight from whoever made the software. The great thing about Windows Mobile is that its not locked down like other mobile OS's. You don't have to jailbreak your own hardware just to use it. Hell, you can load up Visual Studio, make a little .NET app for you phone, and install it on your device yourself.
Definitely not an A-7, it only has one engine and the intake is in the nose. It might be a Tornado like someone else said, or a Jaguar (what I'm leaning towards - http://en.wikipedia.org/wiki/SEPECAT_Jaguar)
I've really been impressed with OpsView. Can't say how well it scales on huge networks (but there are options for having multiple servers). Its based on Nagios, but its a lot less of a pain to configure and has a pretty good web interface. The only thing I don't really like is its graphing functionality. I use Cacti for monitoring bandwidth/server load/etc. But for availability checking OpsView does a fantastic job. I'm using it to monitor maybe twenty devices, including Linux and Windows servers, and HP/Cisco network devices. I tried Zenoss as well, but it seemed awkward to work with. For instance, with Opsview/nagios it's easy to add a check to verify that a DNS server is correctly resolving a record in a particular zone. I remember it was going to be a pain to monitor some of the things I wanted to with Zenoss. Maybe I'm biased because I used plain old Nagios for a while before I tried OpsView and Zenoss.
Yes it is recurring, because you have to pay it every month to be able to listen to > 40 hours / month.
So they don't let you skip more than a few songs an hour even if you have the paid subscription?
What manufacturer only has a 1 year warranty on drives!? All the consumer drives that I've seen (on Newegg) have 3 year warranty's, and there's quite of few of the (theoretically) higher quality business drives with 5 year warranties. Man, there's no way I'd touch a HDD that the manufacturer could only offer a 1 year warranty on.
If you're using full disk encryption with BitLocker or TrueCrypt or something then I doubt this would be effective. With both BitLocker and TrueCrypt, the only things that can be loaded without decrypting the drive is the bootloader/BitLocker/TrueCrypt software that prompts for the password or key. Unless someone has found a vulnerability in the actual encryption software that's used, I don't think it would be vulnerable in that way.
In business environments nobody actually bothers with backuping up the notebooks/workstations. You just save your files on a network drive (you can have My Documents redirected to a network share if you want, and even have it cached locally in the case of a laptop). You could also use something like iFolder to sync your files to a server. The servers are either backed up with scripts (for *nix based stuff) or something like Backup Exec (for Windows based servers). If you want something more similar to rsync, you might look at Microsoft's free Sync Toy. I'm sure there's versions of rsync ported to Windows too.
Corporate versions of Vista require activation :( (though it can be a multi-activation key or with a local server). This is one of the reasons businesses are hesitant to move to Vista.
Yeah I actually did that today to check to make sure that the ports were actually was being randomized before I said they were. I'd never really looked into it much before.
Nope, I'm behind a Cisco router (doing NAT and with a few ACL's). I have a BIND 9 DNS server on Linux and one on windows Server 2008, both of which randomize their source ports.
That's interesting though, I did not realize it was a major problem with consumer stuff. I wonder why those companies have such great difficulty in making their products work properly.
Using a common DNS server also means you are putting a lot of trust in whoever runs that common DNS server. Considering that my internal DNS servers (that use root hints) are not accessible from outside of my networks, I have more faith in the security of my DNS servers than I do in my ISP's (even though the small ISP I use does not try to actively screw me over like some places :). Caching is also not always a good thing, especially when ISP's cache records for far longer than they should. Anyway's, the number of home users running their own DNS servers (using root hints) is small enough to be completely negligible.
Assuming you don't use a transparent proxy, then you would still get false negatives. The "eye chart" test won't work with proxies, not because of caching, but because with a non-transparent proxy Conficker wouldn't see that your computers are actually communicating with the security people's IP ranges.
As someone else posted www.heavens-above.com is pretty good. They don't have the Shuttle's track on there yet but it should be close to the ISS's.
The ISS will be almost directly overhead where I am (Indiana) tomorrow night, I'm hoping the shuttle will be visible as well. I don't know how close they are in their orbits right now though.
msi files are no longer recommended by Microsoft for pushing out software via Group Policy. they now recomemd you drop 50000 for a copy of MOM.
Nice MS bashing there. Pushing out MSI's via GPO's is still supported and works just fine. Its not as powerful as using some of Microsoft's other products, but a lot of people use it and it works fine for relatively simple/small software. And btw, MOM has absolutely nothing to do with pushing out software. MOM is used for monitoring. Systems Center Configuration Manager (formerly SMS) can push out software (and do some other things too I believe, I've never had a reason to use it though).
Yeah, somewhat. Though, she was just saying what she thought the court's view of it would be. From how she said it, I don't think she necessarily agreed with how it should be. I can see how it might be considered legal. NDA's are generally legal and you don't necessarily have the right to say anything you want (slander/defamation, false advertising, etc). It would be interesting to see the outcome of a case on this. I guess I feel that free speech is important in commerce so that a consumer can determine what product/service they want to purchase. Blocking free speech for this (and other agreements, like where Oracle tries to prevent people from publishing benchmarks) hurts competition.
This was actually brought up my commercial law class this morning. Our professor's opinion was that it was probably legal if just a few doctors were doing it. But, if all doctors in an area were doing it and it was not possible to obtain medical care without agreeing to this, it's possible that courts may not recognize the contract, because it was a "contract of adhesion".
While it doesn't look like this is why Colorado is trying to discourage people form using FF, there are some big reasons why its difficult to securely deploy FF in organizations.
Namely, the fact that Mozilla *still*, for some amazing reason, refuses to release an official MSI version of Firefox. Even though its one of the most requested features/changes. Yes, I'm aware that there are a few third parties that repackage Firefox as an MSI. But if they ever want Firefox to be adopted by larger organizations they have to make it easy to deploy and administer an official version of Firefox. Without an MSI, there is no easy way to update Firefox on a large number of computers without going from computer to computer and logging in as an administrator. That's an unacceptable solution in most organizations (at least ones that have a clue and don't give all users local admin rights).
I generally agree with what you say, one side note though, VMWare ESX can actually share memory between different VM's if the contents of it are the same. http://www.vmware.com/pdf/esx3_memory.pdf (see page 4)
No Vmware ESXi doesn't require an extra management server. That's only for Virtual Center, which is not free.
A lot of business class notebooks have smartcard readers.
DNS spoofing is its own problem; if they own DNS they have you anyway.
To some extent that's true, but at least in theory proper SSL could warn the user that something's wrong, because the cert the attackers have wouldn't be valid.