No, and if they don't, wheather here, or in Mozambique, they can't get shell access either.
are they all familiar with strong passwords?
No, I assign the passwords, because I can't trust the users to do this. Yet, it's not difficult to get a user to tell you their password. It's sad, but true.
must all of your shell users be allowed to ssh from anywhere in the world?
If they need shell access, yes. This is rare though.
if many of your users have laptops that come and go from the building, just setup a seperate subnet for those users with strong firewall protection so it creates a separation between them and your critical systems.
If I protect my network from my laptops, then I have only servers (and only 25 desktops) to protect. Then, I'm back to trying to use a personal firewall on every system we have. Check my other posts in this story to see how that's going. (not well).
after reading your reply, it is becoming clear that all of your backend network glue is all handled my Microsoft machines
Sadly, no. I only have a few Windows servers, all of my other servers run Linux (RedHat ES 2.1 and 3). However, 90% of my network is transient Windows XP laptops. All of the solutions that I can find are based on an Army of nailed down desktops that never turn off, and will always be able to quickly submit to the will of a domain controller.
if you think that usability is sacrificed because of security, then you really have a lot of learning to do.
Read this essay:
http://www.fourmilab.ch/documents/digital-imprimat ur/
I found it quite interesting. And I find it's very easy to fall victim to this mentality. Why is WebEx the most successfull internet service company ever. Before two years ago, I used to be able to do software demos/desktop sharing and meetings with simple free software offerings. Now, due to firewalling, everyone has to pay WebEx for a really, painfully, simple service that used to be readily availble for free (NetMeeting, VNC, CUSeeMe, you name it). That's 0.30 to 0.50 cents per user per minute for something that should be free. Why? Because so many have freely and willingly sacrificed usability for security.
However, I would really be interested in any counterpoints. While others may think me a loud-mouth, I will listen, and on occasion will change my position if given a convincing argument.
I've stated before (although not in this thread) that I am, indeed, a PHB.
To think that management looks to me for any sort of guidance is just, well, wrong.
Really, what I'd be very interested to find out, is how many 'otherwise successful' attacks have really been stopped by firewalls. Give me hard data, and I'll consider it on it's merits. I ran SNORT here for one month, and after searching through the logs (which I didn't complete for another two months) I didn't see anything that wasn't known. Known as in valid traffic, script kit, already patched vulnerability/virus, tons of http attempts, or standard port scanning.
On the other hand, does Email scanning count? I do that. I have more "otherwise successful" crap blocked at my mail server than anything the SNORT logs could muster. Most of this is down-right ingenius "trick the user" stuff.
Hey, AdWare, MalWare - is there a firewall that blocks this? I guess I have to set policies on the Windows systems to keep people from installing crap over Intenet Explorer. What do you do about users that have to be on the road? What do I do when a user runs into a problem while off-site, and needs to install a particular software package (VPN package, for instance) to get through their difficulty?
What about the worst threat, viruses. I do run AntiVirus software. Does that count? Viruses are far worse than most of these security exploits, in that the virus usually hits before the update is available. Yet, few of them are firewall stoppable.
Most network tools are based on desktops that never move, and never turn off. Those packages are all useless to me. 90% of my network is made of laptops.
So, if I set up a firewall to protect my 6 internet servers, then this will do nothing to protect me from my own laptops that are returning home from a trip of abuse. I've looked at personal firewalls, and haven't found a single one that is both usable and non-intrusive. ZoneAlarm for instance, you have to go hunting to get it to stop advertising to you at how much it's helping you out by blocking all those 'bad nasty scans', and asking you if you want to block access to your mail server because it's "port scanning" you on port 119 every time you send an Email. There have been two users that used ZoneAlarm, and both of them have managed to block their own access to either the Mail server or the entire 'home office' network because they were listening to "helpful suggestions" from the software. Pilot run over, next program...
I'm evaluating Windows XP SP2, Release Candidate 2 to see if this will fit the bill, but so far, no. I'm looking into the policy settings to see if I can get a decent setup that is not interruptive of the computer's user. I'm not really hopeful.
Otherwise, I could yell atop a hill about how a firewall would be "a good thing", without actually solving anything. If you'd rather invest in a company that buys a firewall without looking into it in some detail, then there's nothing I can say.
I slept well while MyDoom brought Seagate Corporate to it's knees. I had to rebuild one test system that had been off-line for the month previous. Seagate must be secure because they have firewalls. *shivers*
If the release candidate works in my environment without issues, I could glean the functionality now if I don't have that one in a thousand setup that SP2 hasn't already been tested and corrected against.
Even if it doesn't pass my environment, I can be prepared for the issues to test against when the final version does arrive.
Careless is in the eye of the beholder. When you can say with a straight face that none of your users will compromise your super-expensive VPN, I'll know that you don't have users.
To my management, CEO, VP Sales, VP Operations, etc. They all ask for an actual risk to cost analysis. And instead of asking for one from one of thousands of people who make their money selling firewalls, I've actually put together an analysis that is appropriate for my network.
First and foremost, my network servers (the expensive bits) are made for internet servicing. I could firewall them to a degree, but many ports are required to remain open for these servers to offer the services that they do.
The only solution that would "work" to some degree, would be to put "personal" firewall software on every single unit in the company. However, this is too easy to shut off, and honestly, it failed at cost-to-usability (maybe XP service pack 2).
My management likes being able to use the Internet for what it was intended to do. That's not being careless, that's not spending hundreds of thousands of dollars on something that will make management feel good while leaving my network in the same state it was - - waiting for user abuse.
That said, yes, my router blocks certain things - unroutable and private network inbounds, for instance. But very little at the "port" level. When XP Service Pack 2 ships - I very well use the built-in firewall on this (but maybe not - I haven't been satisfied with release candidate 2 yet - too intrusive). I may end up deploying Service Pack 2 - and sending out a policy to set it how I want so the users don't get a chance to be confused by a butt-load of "Are you sure?", and "You are vulnerable" dialogs.
And yes, I have a 24 hour patch - test cycle before unleashing holy hell on the systems. Microsoft's Software Update Services (SUS) is a great tool for this level of control without sacrificing functionality or "hoping" that Microsoft will get it right every time.
I've been a Linux user for over 6 years, a UNIX Administrator for 8 years, and a Windows Administrator for 10 years.
If someone is determined to get into my machines (that means, without a script kit), then I am fully aware that all they have to do, is ask one of 80% of my users the right questions, and they'll have a password, through VPN or Firewall or anything short of GOD himself protecting my network, that person will get in. How's that for reality awareness?
In the mean time, the real-world issues that my users run into every day, tell me that I'm removing much more functionality than I am adding by putting in a firewall.
To complete your list;
Exploit
Announcement / Initial target identified, etc
Patch or Fix
Reverse info from patch and announcement turns into many varieties of script kit
Security awareness
CNN report about the casualties
The rest of the world (that knows how) starts to consider patching their systems, too.
I know that if my network is directly targeted by someone with both knowledge, skill and cunning, that they'll be able to break in. That's a reality that I can't control, simply because I have users.
When you say I'm new, I'd call you new. First is the discovery of computing, then is the technical side, and the geek stuff. Next is the realization that the geek stuff can be used to do nasty things. Where you are, is the realization that something should be actively done to stop it at all costs (sacrificing usability). Then there is multiple failures to realize the perfectly secure network (because of those damned user needs). Then, you will settle to where I've come to rest. Do what you can, don't sacrifice usability for security unless the security issue is critical and obvious (Clear and Present danger) - lest you have rogue users who will get the CEO to force you to bypass the rules.
Get smacked by a know-nothing CEO a few times then you'll realize that regardless of the size of the network, unless their security problems have been front page on the Wall Street Journal (rare), that security is not a priority.
What I do. Let every user know that I won't be able to get their stuff back if they let their computer get out-of-date. Let every user know what steps they have to take, weekly, to avoid the worst-case-scenario.
Other mitigating factors: 95% of my systems are laptops. They come and go on a daily basis. If they are not patched, the can and will come back with all the latest worms. In the last 5 years, I've never had a "new" worm successfully comprimise more than 2 computers. Every time, it's know-it-all users who think that the rules don't apply to them.
Otherwise, I could spend $250,000 (I'm not kidding on the price here) on security measures that would be quickly offset by a user lending his account info to a "friend". That's not to say that I ship systems with every possible service enabled. That's not to say that I think Mal-Ware won't happen (it has). But my incidents have been, in every case, less severe than companies around me where my friends work.
So, you can say I'm lucky, you can say that I've not presented a good target, that's fine. What I'm saying is that I live in the world where some 60% of people keep a key outside their house, but within 6 feet of the outside walls. You're only as strong as your weakest user, regardless of how much technology you dump into security. I choose to live out on the edge, and I've yet to be sorry about that decision.
In the mind of a USER, yes, Internet Explorer _is_ the internet. Most users think there is a "different" connection for Email, a "different" connection for Instant Messenger. I think it's very appropriate for the context of the story.
Absolutely! An unpached RedHat 6.2 will become a zombie just as fast (if not faster) then an unpached Windows XP or 2000 machine.
The only difference is that the newer Linux installs ask you how you want the firewall configured (with a pretty secure setting as the "click next" default).
To be perfectly fair there wasn't a NON-Internet Explorer specific security patch for Win98 for the last two years of active support.
ME of course, doesn't have to be secure, it will crash itself.
XP with SP2 will start shipping within 6 weeks of final release. It's currently under Release Candidate status, meaning it should be no more than 10 years away. (That was very sarcastic, really it should be within the next 60 days unless something really bad happens with the test code).
A well patched system, Linux or Windows, doesn't need a firewall.
"WHAT YOU SAY!?"
I run a corporate network without a firewall. Every time a major issue comes around and destroys every freaking company around me, I go by with maybe two systems effected. Why? I stay up-to-date on all patches, and I keep relatively SANE security policies in place.
A firewall is a lot less necessary than firewall vendors would have you believe. My experience is that firewalls breed a false sense of security. Someone goes home over the weekend with a laptop - and comes back with a zombie virus/worm/etc. that goes and infects everything while the IT department is "taking their time" evaluating a security update for a month (I do 24 hour tests).
Why not firewall, is the other thing I hear. Mostly, it's so that every one of my systems can be an internet service provider. That's what the internet is about. Enabling users to say, hey - I've got that file right here on my local FTP, come get it. Here, log onto my VNC desktop, and I'll show you.
Firewalls create industries like WebEx. Because technology has come from 'wow, I didn't know you could do that,' to, 'I didn't know you could do that because I'm firewalled.'
Finally, "It doesn't happen very often," quite clearly means that it has happened. Call it pre-teen style bitching if you will, but a lawsuit should have never been threatened (AFAIK, a lawsuit never actually went to court). Is someone finds a vulnerability, full disclosure should not be the only method to have Microsoft take you seriously. My teen years are LONG behind me, maybe I'm just sick of having to deal with Microsoft's crap since Windows for Workgroups 3.11 (when the problems started for me).
WinDrivers.com - is very much a Windows community site (there are others as well). Most Windows admins I know belong to this site. There are forums there, but there's not so much flame-wars about design (something they have no control over), but there are wars over the best default security settings to leave lUsers with, etc.
It's good reading for anybody interested, however, unlike slashdot, registration is required.
In the real world, where I work, I run a Hybrid network where I'm still waiting for Windows XP Service Pack 2 to come out in a finalized form because I don't have an option to pull just the parts that I need, and SP2 RC2 is not quite ready to unleash on my network (although I have actively TESTED it). Of course, this just fixes some vulnerabilities that have existed for over a year.
Don't tell me that I, as a Windows User and Administrator, don't care. While I've ignored this kernel issue over the weekend, I get to actively compile come kernel patches and test those. I'll bet, even before my testing, that I'll be able to have a production solution by tomorrow. Even if SP2 releases this afternoon, I'll still have to test it before deployment, so the Linux solution will be in production first.
Here is a perfect example of the difference between
the Open Source way and a proprietary way.
There are goods and bads, however, the information
is readily available. There are patches that "work",
even before a full explanation is available. Now,
thousands of people are actively working on a
solution, if they so choose. If they don't choose,
they can use the proprietary code method - wait for
the official vendors to release a patch.
In proprietary land, a vendor would first sue the person
who released the information. Then, the re-iteration
that you won't be vulnerable if you use a "properly
configured firewall," then they'd start
working on a fix.
At the penetration depth described, it may cause skin cancer - but even that is questionable. Honestly, the ADS sounds much safer than rubber bullets - which are (happens often) fatal if used incorrectly.
My only concern would be how "directed" this beam is. As crowd control it would probably be necessary to be able to cover a wide arc without disturbing innocent people in nearby businesses.
The purpose for the Markland antanna is "stealth" - it can turn on and off and re-tune itself on the fly. It is also a directional antenna. The antenna in this story is a smaller form factor for a wide frequency range omni-directional antenna.
Your's is a good supporting point (although you probably don't think so).
You either buy the part, 05K2765, that's broken, or you repair or fabricate the part yourself.
Using wire and a soldering iron ($12 if you don't own one).. Depending on the purpose of the surface mounts, I'll bet I could fabricate it in just less than the time to money ratio. The current part is probably repairable, with carefull enough hands, for even less.
However, the "surface mounts" also speak to the - no room in such a small chassis - that I originally mentioned. The fact that they had to do surface mounts into a running cable, speaks volumes to how hard they needed to work within the alloted space.
Bottom line, even here, is that the laptop, to you, is clearly not worth the cost to repair. If you're going to spend that kind of time/money, it may as well be on a new system. You've reached your device's just-replace-it point.
This guy explains the "laughing stock" and "bought by VIA" parts very well. It was really a great interview to read (maybe you should try it).
It immediately occured to me that this guy is very good at thinking out of the box. A processor company is not an easy thing to create, especially with a startup budget as low as 15 million US.
Now they have been through 5 major product revisions and are currently shipping 1GHz PIII compatible processors that don't need a fan.
Technically, I'm not laughing. Personally, I'm wondering if I should send him my re'sume'.
If your willing to search, you never have to throw anything away, but that's also a lot of work. If I think my time is worth, even as little as $15 an hour, I couldn't repair / upgrade a Palm/WinCE device for less time than the money required to buy a new one (well, maybe a high-end WinCE device).
It's throw-away lock-in. Same thing that happened to Televisions and VCRs 20 years ago. Standardizing the parts and interfaces won't help - the labor required is simply too time conssuming.
Laptops are amazingly upgradable, and even those are less and less apt to be worth the time required. You mention driver circuits, but really - there are somewhere around 80 different driver circuits in current use for laptop displays. Yet, there are some 500 laptop models out there. And without the the driver circuit, the Liquid Crystal display is far cheaper than an integrated unit would be. So, I think that part of your argument is counter-productive. LCD + accompanying driver costs a lot more money, yes. However, the video card hardware can be configured to talk to most of the driver circuits (they are close to standarized at the interface level). Again - it's just a lot of work.
When you don't have the 90% air that most PC chasis hold, you can't have big bulky large finger capable standard connectors between every part. Sometimes, you have to route your signals through flat cables or custom bundles.
Really that pain-in-the-ass to price point is even hitting PCs. Once a computer is more than 3 years out of date, it actually becomes cheaper to simply buy a package deal. If you really liked your case, swap it, the case was free with the bundle - along with yet another floppy and CD-ROM. As prices drop, the three years will turn to 6 months. Or about the same period between major CPU/architecture performance boosts.
My point about David Letterman - - he owns and uses a TiVo and talks about it on air often. That makes him a self-appointed spokesman.
I can't find any information on the web where Letterman has a marketing deal directly with TiVo, bet even so... by speaking about it as much as he does, that's a lot of good press. If he had a quarter-million dollar custom job as you describe, it would probably get talked about.
So, why turn my back on cheaper hardware (TiVo), for a slightly lower subscription service (Any of the alternatives) just to use a fully Open product (TiVo runs on Linux, too).
To me, if TiVo's the best, and still cheaper (at least for the first couple of years of use), why use homebrew except for bragging rights?
Uh, again - me, sure. My mother, no way in hell would she do that. Hell, my wife is really computer savvy, but that's far to much of a pain in the ass for her as well.
Also, I remember the last company to say they would keep a product free, just fill out this form.
It's a subscription at a different price. Time vs. Money.
That's where TCO analysis comes into play. How much is it worth to you to have someone send you the updated stuff, automatically, over the life of the hardware as compared to the do-it-yourself DVR?
I doubt that I could build a computer to do what TiVo does for less than twice what a TiVo costs (just the hardware), add monthly fees - and I'm thinking that it would take two or three years to break even.
This stuff is really cool - and I like the fact that a single system can stream video across my home, but I wouldn't realistically use this.
Finally, with David Letterman (Late night talk-show host, for those whom don't know) plugging TiVo continuously on his show... I doubt that TiVo is going away anytime soon.
Slashdot Mirror
No, and if they don't, wheather here, or in Mozambique, they can't get shell access either.
are they all familiar with strong passwords?
No, I assign the passwords, because I can't trust the users to do this. Yet, it's not difficult to get a user to tell you their password. It's sad, but true.
must all of your shell users be allowed to ssh from anywhere in the world?
If they need shell access, yes. This is rare though.
if many of your users have laptops that come and go from the building, just setup a seperate subnet for those users with strong firewall protection so it creates a separation between them and your critical systems. If I protect my network from my laptops, then I have only servers (and only 25 desktops) to protect. Then, I'm back to trying to use a personal firewall on every system we have. Check my other posts in this story to see how that's going. (not well).
after reading your reply, it is becoming clear that all of your backend network glue is all handled my Microsoft machines
Sadly, no. I only have a few Windows servers, all of my other servers run Linux (RedHat ES 2.1 and 3). However, 90% of my network is transient Windows XP laptops. All of the solutions that I can find are based on an Army of nailed down desktops that never turn off, and will always be able to quickly submit to the will of a domain controller.
if you think that usability is sacrificed because of security, then you really have a lot of learning to do.
Read this essay: http://www.fourmilab.ch/documents/digital-imprimat ur/
I found it quite interesting. And I find it's very easy to fall victim to this mentality. Why is WebEx the most successfull internet service company ever. Before two years ago, I used to be able to do software demos/desktop sharing and meetings with simple free software offerings. Now, due to firewalling, everyone has to pay WebEx for a really, painfully, simple service that used to be readily availble for free (NetMeeting, VNC, CUSeeMe, you name it). That's 0.30 to 0.50 cents per user per minute for something that should be free. Why? Because so many have freely and willingly sacrificed usability for security.
However, I would really be interested in any counterpoints. While others may think me a loud-mouth, I will listen, and on occasion will change my position if given a convincing argument.
To think that management looks to me for any sort of guidance is just, well, wrong.
Really, what I'd be very interested to find out, is how many 'otherwise successful' attacks have really been stopped by firewalls. Give me hard data, and I'll consider it on it's merits. I ran SNORT here for one month, and after searching through the logs (which I didn't complete for another two months) I didn't see anything that wasn't known. Known as in valid traffic, script kit, already patched vulnerability/virus, tons of http attempts, or standard port scanning.
On the other hand, does Email scanning count? I do that. I have more "otherwise successful" crap blocked at my mail server than anything the SNORT logs could muster. Most of this is down-right ingenius "trick the user" stuff.
Hey, AdWare, MalWare - is there a firewall that blocks this? I guess I have to set policies on the Windows systems to keep people from installing crap over Intenet Explorer. What do you do about users that have to be on the road? What do I do when a user runs into a problem while off-site, and needs to install a particular software package (VPN package, for instance) to get through their difficulty?
What about the worst threat, viruses. I do run AntiVirus software. Does that count? Viruses are far worse than most of these security exploits, in that the virus usually hits before the update is available. Yet, few of them are firewall stoppable.
Most network tools are based on desktops that never move, and never turn off. Those packages are all useless to me. 90% of my network is made of laptops.
So, if I set up a firewall to protect my 6 internet servers, then this will do nothing to protect me from my own laptops that are returning home from a trip of abuse. I've looked at personal firewalls, and haven't found a single one that is both usable and non-intrusive. ZoneAlarm for instance, you have to go hunting to get it to stop advertising to you at how much it's helping you out by blocking all those 'bad nasty scans', and asking you if you want to block access to your mail server because it's "port scanning" you on port 119 every time you send an Email. There have been two users that used ZoneAlarm, and both of them have managed to block their own access to either the Mail server or the entire 'home office' network because they were listening to "helpful suggestions" from the software. Pilot run over, next program...
I'm evaluating Windows XP SP2, Release Candidate 2 to see if this will fit the bill, but so far, no. I'm looking into the policy settings to see if I can get a decent setup that is not interruptive of the computer's user. I'm not really hopeful.
Otherwise, I could yell atop a hill about how a firewall would be "a good thing", without actually solving anything. If you'd rather invest in a company that buys a firewall without looking into it in some detail, then there's nothing I can say.
I slept well while MyDoom brought Seagate Corporate to it's knees. I had to rebuild one test system that had been off-line for the month previous. Seagate must be secure because they have firewalls. *shivers*
My best analogy for firewalling is buying a high security door while leaving the window closed, but not locked.
Careless is in the eye of the beholder. When you can say with a straight face that none of your users will compromise your super-expensive VPN, I'll know that you don't have users.
To my management, CEO, VP Sales, VP Operations, etc. They all ask for an actual risk to cost analysis. And instead of asking for one from one of thousands of people who make their money selling firewalls, I've actually put together an analysis that is appropriate for my network.
First and foremost, my network servers (the expensive bits) are made for internet servicing. I could firewall them to a degree, but many ports are required to remain open for these servers to offer the services that they do.
The only solution that would "work" to some degree, would be to put "personal" firewall software on every single unit in the company. However, this is too easy to shut off, and honestly, it failed at cost-to-usability (maybe XP service pack 2).
My management likes being able to use the Internet for what it was intended to do. That's not being careless, that's not spending hundreds of thousands of dollars on something that will make management feel good while leaving my network in the same state it was - - waiting for user abuse.
That said, yes, my router blocks certain things - unroutable and private network inbounds, for instance. But very little at the "port" level. When XP Service Pack 2 ships - I very well use the built-in firewall on this (but maybe not - I haven't been satisfied with release candidate 2 yet - too intrusive). I may end up deploying Service Pack 2 - and sending out a policy to set it how I want so the users don't get a chance to be confused by a butt-load of "Are you sure?", and "You are vulnerable" dialogs.
And yes, I have a 24 hour patch - test cycle before unleashing holy hell on the systems. Microsoft's Software Update Services (SUS) is a great tool for this level of control without sacrificing functionality or "hoping" that Microsoft will get it right every time.
If someone is determined to get into my machines (that means, without a script kit), then I am fully aware that all they have to do, is ask one of 80% of my users the right questions, and they'll have a password, through VPN or Firewall or anything short of GOD himself protecting my network, that person will get in. How's that for reality awareness?
In the mean time, the real-world issues that my users run into every day, tell me that I'm removing much more functionality than I am adding by putting in a firewall.
To complete your list;
- Exploit
- Announcement / Initial target identified, etc
- Patch or Fix
- Reverse info from patch and announcement turns into many varieties of script kit
- Security awareness
- CNN report about the casualties
- The rest of the world (that knows how) starts to consider patching their systems, too.
I know that if my network is directly targeted by someone with both knowledge, skill and cunning, that they'll be able to break in. That's a reality that I can't control, simply because I have users.When you say I'm new, I'd call you new. First is the discovery of computing, then is the technical side, and the geek stuff. Next is the realization that the geek stuff can be used to do nasty things. Where you are, is the realization that something should be actively done to stop it at all costs (sacrificing usability). Then there is multiple failures to realize the perfectly secure network (because of those damned user needs). Then, you will settle to where I've come to rest. Do what you can, don't sacrifice usability for security unless the security issue is critical and obvious (Clear and Present danger) - lest you have rogue users who will get the CEO to force you to bypass the rules.
Get smacked by a know-nothing CEO a few times then you'll realize that regardless of the size of the network, unless their security problems have been front page on the Wall Street Journal (rare), that security is not a priority.
What I do. Let every user know that I won't be able to get their stuff back if they let their computer get out-of-date. Let every user know what steps they have to take, weekly, to avoid the worst-case-scenario.
Other mitigating factors: 95% of my systems are laptops. They come and go on a daily basis. If they are not patched, the can and will come back with all the latest worms. In the last 5 years, I've never had a "new" worm successfully comprimise more than 2 computers. Every time, it's know-it-all users who think that the rules don't apply to them.
Otherwise, I could spend $250,000 (I'm not kidding on the price here) on security measures that would be quickly offset by a user lending his account info to a "friend". That's not to say that I ship systems with every possible service enabled. That's not to say that I think Mal-Ware won't happen (it has). But my incidents have been, in every case, less severe than companies around me where my friends work.
So, you can say I'm lucky, you can say that I've not presented a good target, that's fine. What I'm saying is that I live in the world where some 60% of people keep a key outside their house, but within 6 feet of the outside walls. You're only as strong as your weakest user, regardless of how much technology you dump into security. I choose to live out on the edge, and I've yet to be sorry about that decision.
In the mind of a USER, yes, Internet Explorer _is_ the internet. Most users think there is a "different" connection for Email, a "different" connection for Instant Messenger. I think it's very appropriate for the context of the story.
The only difference is that the newer Linux installs ask you how you want the firewall configured (with a pretty secure setting as the "click next" default).
While XP users are waiting for Service Pack 2.
ME of course, doesn't have to be secure, it will crash itself.
XP with SP2 will start shipping within 6 weeks of final release. It's currently under Release Candidate status, meaning it should be no more than 10 years away. (That was very sarcastic, really it should be within the next 60 days unless something really bad happens with the test code).
"WHAT YOU SAY!?"
I run a corporate network without a firewall. Every time a major issue comes around and destroys every freaking company around me, I go by with maybe two systems effected. Why? I stay up-to-date on all patches, and I keep relatively SANE security policies in place.
A firewall is a lot less necessary than firewall vendors would have you believe. My experience is that firewalls breed a false sense of security. Someone goes home over the weekend with a laptop - and comes back with a zombie virus/worm/etc. that goes and infects everything while the IT department is "taking their time" evaluating a security update for a month (I do 24 hour tests).
Why not firewall, is the other thing I hear. Mostly, it's so that every one of my systems can be an internet service provider. That's what the internet is about. Enabling users to say, hey - I've got that file right here on my local FTP, come get it. Here, log onto my VNC desktop, and I'll show you.
Firewalls create industries like WebEx. Because technology has come from 'wow, I didn't know you could do that,' to, 'I didn't know you could do that because I'm firewalled.'
Finally, "It doesn't happen very often," quite clearly means that it has happened. Call it pre-teen style bitching if you will, but a lawsuit should have never been threatened (AFAIK, a lawsuit never actually went to court). Is someone finds a vulnerability, full disclosure should not be the only method to have Microsoft take you seriously. My teen years are LONG behind me, maybe I'm just sick of having to deal with Microsoft's crap since Windows for Workgroups 3.11 (when the problems started for me).
It's good reading for anybody interested, however, unlike slashdot, registration is required.
In the real world, where I work, I run a Hybrid network where I'm still waiting for Windows XP Service Pack 2 to come out in a finalized form because I don't have an option to pull just the parts that I need, and SP2 RC2 is not quite ready to unleash on my network (although I have actively TESTED it). Of course, this just fixes some vulnerabilities that have existed for over a year.
Don't tell me that I, as a Windows User and Administrator, don't care. While I've ignored this kernel issue over the weekend, I get to actively compile come kernel patches and test those. I'll bet, even before my testing, that I'll be able to have a production solution by tomorrow. Even if SP2 releases this afternoon, I'll still have to test it before deployment, so the Linux solution will be in production first.
There are goods and bads, however, the information is readily available. There are patches that "work", even before a full explanation is available. Now, thousands of people are actively working on a solution, if they so choose. If they don't choose, they can use the proprietary code method - wait for the official vendors to release a patch.
In proprietary land, a vendor would first sue the person who released the information. Then, the re-iteration that you won't be vulnerable if you use a "properly configured firewall," then they'd start working on a fix.
My only concern would be how "directed" this beam is. As crowd control it would probably be necessary to be able to cover a wide arc without disturbing innocent people in nearby businesses.
The purpose for the Markland antanna is "stealth" - it can turn on and off and re-tune itself on the fly. It is also a directional antenna. The antenna in this story is a smaller form factor for a wide frequency range omni-directional antenna.
Basically they are apples and oranges.
Will we see this at next year's WiFi Shootout?
No, it's probably delayed because of the Creep Factor story from Earlier
What they meant when they describe "creep" factor.
You either buy the part, 05K2765, that's broken, or you repair or fabricate the part yourself.
Using wire and a soldering iron ($12 if you don't own one).. Depending on the purpose of the surface mounts, I'll bet I could fabricate it in just less than the time to money ratio. The current part is probably repairable, with carefull enough hands, for even less.
However, the "surface mounts" also speak to the - no room in such a small chassis - that I originally mentioned. The fact that they had to do surface mounts into a running cable, speaks volumes to how hard they needed to work within the alloted space.
Bottom line, even here, is that the laptop, to you, is clearly not worth the cost to repair. If you're going to spend that kind of time/money, it may as well be on a new system. You've reached your device's just-replace-it point.
It immediately occured to me that this guy is very good at thinking out of the box. A processor company is not an easy thing to create, especially with a startup budget as low as 15 million US.
Now they have been through 5 major product revisions and are currently shipping 1GHz PIII compatible processors that don't need a fan.
Technically, I'm not laughing. Personally, I'm wondering if I should send him my re'sume'.
It's throw-away lock-in. Same thing that happened to Televisions and VCRs 20 years ago. Standardizing the parts and interfaces won't help - the labor required is simply too time conssuming.
Laptops are amazingly upgradable, and even those are less and less apt to be worth the time required. You mention driver circuits, but really - there are somewhere around 80 different driver circuits in current use for laptop displays. Yet, there are some 500 laptop models out there. And without the the driver circuit, the Liquid Crystal display is far cheaper than an integrated unit would be. So, I think that part of your argument is counter-productive. LCD + accompanying driver costs a lot more money, yes. However, the video card hardware can be configured to talk to most of the driver circuits (they are close to standarized at the interface level). Again - it's just a lot of work.
When you don't have the 90% air that most PC chasis hold, you can't have big bulky large finger capable standard connectors between every part. Sometimes, you have to route your signals through flat cables or custom bundles.
Really that pain-in-the-ass to price point is even hitting PCs. Once a computer is more than 3 years out of date, it actually becomes cheaper to simply buy a package deal. If you really liked your case, swap it, the case was free with the bundle - along with yet another floppy and CD-ROM. As prices drop, the three years will turn to 6 months. Or about the same period between major CPU/architecture performance boosts.
I can't find any information on the web where Letterman has a marketing deal directly with TiVo, bet even so... by speaking about it as much as he does, that's a lot of good press. If he had a quarter-million dollar custom job as you describe, it would probably get talked about.
To me, if TiVo's the best, and still cheaper (at least for the first couple of years of use), why use homebrew except for bragging rights?
Also, I remember the last company to say they would keep a product free, just fill out this form.
It's a subscription at a different price. Time vs. Money.
I doubt that I could build a computer to do what TiVo does for less than twice what a TiVo costs (just the hardware), add monthly fees - and I'm thinking that it would take two or three years to break even.
This stuff is really cool - and I like the fact that a single system can stream video across my home, but I wouldn't realistically use this.
Finally, with David Letterman (Late night talk-show host, for those whom don't know) plugging TiVo continuously on his show... I doubt that TiVo is going away anytime soon.