Sure, especially when you consider that one of the problems Apple had with IBM/Motorola is that they were always in short supply of chips. Apple was constantly delayed in releasing new models because their processor suppliers weren't meeting their estimates.
I'm not sure if this is what people are talking about, but a DRM scheme under a GPL license would provide programmers and users more freedom than closed-source DRM. It would defeat one of the problems with DRM: non-portability. For example, I can't take my iTunes music and play it (easily) on a Linux computer, but if FairPlay were open to everyone, I probably could. If FairPlay were something that could be ported to other operating systems and devices, people wouldn't need to worry as much about losing access to their iTunes media someday.
Of course, there's the problem here: can open-sourced DRM schemes be secure, or are they inherently more crack-able? I don't know for sure. That's a level of security beyond my knowledge, but I would guess that it'd probably be easy to strip FairPlay if you had access to the iTunes source code.
And what about people buying Windows in the first place? Last I checked, they don't update the CDs every time there's a security patch, and many OEMs don't patch before they send the machine out the door--they just install the latest service pack and let the user install the updates.
Unless Microsoft is going to be releasing operating systems more frequently, you'll need some sort of versioning to allow for enitre stable builds after the gold-master, so that they'll be releasing updated retail versions and so OEMs can standardize on newer builds.
Do you need to pay for a subscription to OneCare for that?
Anyway, there are several products to log user activity and restrict web access to inappropriate sites. I've never noticed this feature in OneCare, but I'm sure it's fine (OneCare in general seems to do a decent enough job). But if you aren't worried about monitoring people or locking their accounts down in specific ways, you don't need special software, a domain, or group policies. For the most part, having people work in User accounts will protect the system from serious damage.
You're right. It isn't necessarily sufficient to put a password on the BIOS. If the kids can get a moment alone with the computer, it doesn't necessarily take long to crack open the case and pull the battery. At the very least, if you're going to rely on a BIOs password, make sure the cases are the kind that you can put a pad-lock on them. One way or the other, you need to restrict physical access to the machine itself, or it isn't secure against someone who knows what they're doing.
And what do you do about the IT personnel who have rights sufficient to circumvent logging or alter the logs? The difference from you DMV situation is that you're talking about logging random DMV workers, and not the person who set up the system and maintains it, therefore having read/write access to everything.
If you don't have a chain of trust in your IT department you're fucked... even if you do spend bank on "secure internal IT infrastructure."
Seriously. I've been very open with my employers about this in the past-- that part of the job of an IT person is to be trustworthy, more so than some other jobs. By the nature of the job, you have a level of technical knowledge that your employers don't, and with that knowledge you could often destroy their business in a matter of hours.
I've been asked, hypothetically, how do they put systems in place to guard against me going rogue and screwing their network up (back when I was basically the network admin). My answer was: you don't. They had in mind things like, "We could set folder permissions so only HR people had access, but domain admins didn't". Yeah, that'll work.
I told them, "With most security measures like that you could limit my access, but it might make my job harder, limit my ability to fix things quickly/easily/transparently, and wouldn't be effective at stopping me if I wanted to do damage." Along with everything else, they were asking me to lock myself out. If I weren't trustworthy, how would they know I didn't leave a hole in the security for myself?
That doesn't mean you can't put some guards in place, or restrict certain levels of access to only high-level IT people. Still, management needs to understand that, at some point, you're handing the keys of the kingdom over to someone, or else you can't run a network or helpdesk system. Therefore the best security measure possible takes place in the job interview. Hire someone competent and trustworthy.
Yeah, people don't get what's going. In the first place, e-mail isn't a secure form of communication. It's usually transmitted unencrypted, and often your authentication to your e-mail server isn't encrypted. Whoever is running your e-mail server, whether it's your ISP or Google, can read your e-mail if they really want, and mostly you're relying on them to be disinterested in the matters you're sending back and forth. People should understand this.
However, the second component here is that, if you can't trust your IT staff, you are in big trouble. The reason is this: even if you put security measures in place to restrict IT access to e-mail messages, your IT staff is going to have to put that in place. If you can't trust the person who institutes your security, you won't know for sure whether they left themselves a back-door in. Basically, you're trying to lock people out of a system that they've set up themselves, and they know the system better than you do (or you probably wouldn't have hired them).
So the best solution-- the only solution-- is to hire IT people you can trust. When you hand over control of your network to someone, imagine it being like handing over keys to a storage room with all your information in it, with only their integrity to keep them from browsing through it.
As an aside: you should also be careful about the communications you have through your office e-mail. Even well-intentioned trustworthy support personnel might stumble across it while fixing problems or troubleshooting. Take it from a guy who's accidentally stumbled across e-mail from an executive's mistress before. I was just browsing trough our spam filter to look for false positives, and there it was. I wasn't looking for it, wish I hadn't seen it, and didn't want to know, but there it was. So as a rule, if you have personal information you wouldn't feel comfortable telling your IT people (like that you're having an affair and doing coke on weekends), don't talk about it in your work e-mail account.
You don't even have to go very far with this: just give them "user" accounts. Windows comes with three main user groups built-in: administrators, power users, users. Unless someone has messed things up, "users" shouldn't be able to install things or mess with the actual system.
Now, the other part of this (and this is important) is that you have to find a way to restrict student's access to the physical machines as much as possible. The ideal would be to put the actual machine in a locking cabinet or something (with some amount of air-flow so they don't overheat). If you really want to keep the computers secure, you don't want those kids getting access to so much as a CD-ROM drive or USB port. Really, a simple lock-down will keep most kids out of trouble, but you never know when some kid is going to figure out how to reset your Windows admin password with a Linux live CD.
Sure, that might be true if we were, for example, contemplating every possible scenario of extra-terrestrial visitation. What happens if Jesus comes from planet Nebulon riding a purple dragon? Yeah, that probably not worth wondering about. Quantum computing, on the other hand, is something being worked on right now. If there are going to be security flaws fundamental to the technology, it might be worth thinking about.
Your other example, will we overtax our natural resources if we can stave off death for hundreds of years? That sounds like a real problem to me. Given that we're already taxing our natural resources, it seems worthwhile to question whether we're heading for a serious overpopulation problem given birth rates and life expectancy. I don't see why we shouldn't be thinking about it.
I think you're right except for the "too early to think about it" part. Why wouldn't we want to think about the possible consequences of our inventions? Must we make all our mistakes and screw things up before we start thinking about them, or can't we try to consider the problems we might be inventing in order to avoid them?
Supposedly part of the problem was incorrect application of thermal grease at the factory (or so I've heard). I have an early-model MacBook Pro, and it does feel hot in your lap. However, the PowerBooks I've owned also ran hot, and I don't find it unbearably so (though I rarely wear shorts).
I'm not an engineer, but I've always been under the impression that the issue was just a design-choice at Apple. They want a high-performance machine packed into a small case without using loud fans. The solution they've chosen is to make the case out of metal so that the case itself acts as a heat-sink. The result is that the components don't over-heat, but unfortunately owners who sit the machine on their laps do overheat. It might be better for your lap, but it would be worse for the components if the case were well-insultated, because then the heat would stay inside the computer itself.
Other manufacturers tend to get around the problem by having thicker designs and more fans. Apple decided to favor those of us who want slim designs, low noise, and typically place the laptop on a desk or table while using it anyway.
Look, depending on what, exactly, you consider to be "comparable" systems, you might get cheeper or more expensive. Does the Dell have the same exact processor? Same video card? Same quality display? All the same ports? The same drives? What about extras (built-in iSight, for example)? You'll never get an exact match-up. You have to estimate and weigh some things out.
However, I wouldn't compare Apple's products to Dell's consumer line. If you're going to compare the Macbook to something, try the Lattitude line, not Inspiron. If you want to compare the Mac mini to something, choose the ultra-small form factor Optiplex. For a workstation, compare Apple's to the Precision line.
I'm not saying that you won't be able to find good deals at Dell, but I think if you compare Apple and Dell fairly, you'll have to admit, at the very least, that Apple computers aren't unreasonably expensive.
Besides the investment, there's just the issue of how efficient text is. Really, I would expect slashdotters, the people who are still using a CLI and text-only web browsers, to understand that flashy graphics that don't do anything aren't always going to work out.
Now, I'm not saying that 3D just won't ever catch on. Yes, I do expect that one of these days there will be a successful mix of a MMORPG and these social networking sites, perhaps resulting in a game with no game, so to speak. Just a big virtual world to wonder about, meet people, make friends, etc. I guess it could even be the next big social networking idea.
But will it replace computing as we know it? Nah. The idea will only find success when it's restricted and targeted, refined for a specific purpose. Games and social networking make sense. It won't be a suitable replacement for everything. HTTP/HTML, FTP, email, the modern desktop OS-- these things are sticking around for a while still.
We actually measured trouble calling stats at one of the larger companies I worked for, and the number of calls dropped tremendously when admin rights were taken away. People had fewer problems and greater up-time. Most people were eventually happier that way (at least when I talked to people I was supporting at the time). Admittedly, there were a few malcontents who weren't happy no matter what. I've had users admit to me before that they just weren't comfortable not having admin rights, even though things did run better after I'd fixed their systems and locked them down.
I've never locked down a machine without ensuring that all the user's apps would still work, and I generally didn't get complaints from users. Now maybe I was just some sort of miraculous desktop-support god, but I wasn't doing anything above and beyond common sense. You log in with a restricted account and test everything.
Maybe you've just never had decent desktop support.
Sorry, it was just that you talked about IT like they were an outside group, and it didn't occur to me that you would get any flack from wanting to use Ethereal if you were in any kind of support position. It wasn't clear to me that you were in IT, as lots of people have heard of Ethereal. I've just never worked in a situation where the security vs. desktop support vs. network support vs. whatever are so fragmented that the security guys would freak at even a desktop guy (who are, in my experience, considered low-man on the totem) installing Ethereal. We worked as a team, more or less. Sure, sometimes the corporate guys would come in and step on some toes, but they rarely knew what was going on at a given site unless it had an impact on the WAN. The security guys used Ethereal themselves, so it certainly wasn't off-limits to IT.
But I have had plenty of tinkerers who would screw up their own systems and the network. Guys who thought they were being clever and "fixing" and "optimizing", but their equipment was always broken and misconfigured as a result. I'm not talking about people from the shipping department, but CS grads in various positions, decently high-level, often programmers. Mostly, it was a bunch of know-it-alls who ran their own home networks, and thought that entitled them to play "IT" and do things like install Ethereal and try to diagnose their own issues. By the time they were through "fixing" an issue, all they had accomplished was to create more work for IT. People like those should be have their computers locked down hard and fast.
Interesting theory, but it makes me wonder, what about you and me, Mr. AC? You're an anonymous coward, and it would take a little bit of work for anyone here to get my real name. So why aren't we yelling "shitcock" at each other?
Are we allowed to divide our "Normal People" into "real normal people" and "closet fuckwads"?
Instead, he's created software that unlocks and stays unlocked. It just looks like a thinly-veiled tool for piracy.
I *wish*! What he's created, apparently, is software that allows other devices to play FairPlay-protected files, and other media vendors to sell FairPlay-protected files. But it seems that what he isn't providing is a way to strip the DRM and leave a plain AAC file.
I think there are a lot of people here who would just have greater piece of mind if they could buy stuff from iTunes without having it DRM-encumbered, so I'd really rather he were working on fixing Hymn for iTunes 7, and including support for stripping DRM from movies.
And no, I don't download or distribute anything pirated.
Well, I'm no one. I'm just a guy on slashdot. But if I were his IT guy, I might be exactly the person to tell him "no".
When I was working with programmers, the deal was that if the software guys wanted support from us on a system, then they didn't get admin rights on that system. So developers might have an IT-provided box for e-mail/web browsing and programming, and then they had their own development boxes on a separate network. They could do whatever they wanted on the dev boxes, and we might help them, but it was key that it wasn't our (the IT dept.'s) responsibility to fix what the software developers broke.
This might sound silly... that is, until you've worked in helpdesk/network support for a company of any decent size. Before these rules were in place, the software guys would install all sorts of spyware and crap, erase system files they shouldn't, and generally screw up their own systems. Then IT would have to run around all over the place fixing these issues because the software guys couldn't even check their e-mail anymore. The IT dept was short-staffed as it was, and we didn't have the resources to deal with the stupid mistakes.
Part of the problem was that these guys were over-confident of their abilities just because they had bachelors degrees in CS. Being a programmer doesn't mean you understand what goes into corporate desktop support. When you've worked in support long enough, you start to learn how important stability is, and how much you need to be careful even when "everything should be fine!" You start to figure out that you need broad policies that don't allow users more access/power than they absolutely need, and you can't play favorites. I don't care if you're a developer or a secretary, if I have to fix your computer, you're a "user" to me, and users shouldn't have admin rights on their computers. Users shouldn't be installing Ethereal.
... And I did say that I don't know the background of the guy I was responding to. Maybe he's entirely correct to handle things how he did. However, when I read his description, I had more sympathy for the IT guys.
I usually don't respond to trolling ACs, but in case anyone misreads what I'm saying, that last line is mostly a joke. I am currently working in IT, and I don't break things generally. However, when it comes to my own system and my own data, the truth is that I am far sloppier than working on someone else's system/data. There are lots of reasons for this, but the truth is, my own work system would be far more stable if I treated it like I treat other people's work systems.
However, I have different goals for my desktop system, and stability isn't really one of them (testing is), which is why I don't honestly wish that someone would lock me out. However, it's true that if you gave my desktop my standard Windows image (which is what's on pretty much everything else) and took away my admin rights, then yes, it would enjoy much better up-time.
Use SSH for what? A makeshift VPN? And SSL is good so long as the sites you're using use it, but I'm sure there are sites doing things in plain text that people would prefer to keep private. I've seen webmail that uses plain-text passwords, and you wouldn't believe the shit that some people have in their e-mail.
I guess I'm suggesting that we should be telling the general public to be careful about their internet usage on public WiFi. If we're scaring them a little unnecessarily, it might still be better than not scaring them enough. After seeing enough people with some level of identity theft, my advice to everyone is, if you aren't sure about anything on the internet, be paranoid. Don't put anything on the internet you wouldn't want people to know about, don't ever click a link to your bank's page, but always enter it in the address bar yourself or use your own bookmark, and never enter a password or personal information unless the address starts with "https://".
I tried to install Ethereal to diagnose some issues on the LAN that normal host-based diagnostics would never catch. Had to do with EBCDIC-ASCII translations, so each host always disagreed with what was sent out on the wire. IT security freaked, calling it a "hacker's tool". I explained patiently that our LAN was segmented enough that they needn't worry, I wasn't about to be stealing the CEO's password. Still no go.
You know, having worked in IT, my inclination is to say that users shouldn't be doing that stuff. You're network is segmented enough? Unless you're in charge of IT security, it's not your job to decide that. I don't know what you're background in particular was, but I used to work for an engineering firm that made software (among other things). The programmers were constantly telling us that they needed to be able to install software, that they knew how to run their own machines, that they understood software better than we did, etc. And guess what? Those were the same guys whose computers were *constantly* broken. They did tons of stupid stuff because they didn't know what they were doing. Some of the best guys were tinkerers, who had been fixing computers for years, but didn't understand that working IT is different. In a business setting, mistakes and errors can have totally different ramifications.
So I'm not saying you did the wrong thing, but that it should have been your IT staff to do it. If you have a bad IT staff, that's a separate problem, but they're right to try to discourage you from tinkering around on your own. Being your own IT person is like being your own doctor, or a lawyer representing himself in court. It's just a bad idea.
Personally, I sometimes wish I had someone else who would lock me out of administering my own machine to keep me from fucking around and breaking things.
In the same vein, I was thinking "Congress". Not the Library of Congress, but the actual, you know, Congress. How many congressmen could be bought for $100M? I'm not sure, you'd probably have to ask the RIAA/MPAA, but maybe it would be enough to push through some meaningful copyright reform.
Apple, on the other hand, cuts down the quality of their hardware manufacturing processes. And with that decrease in quality, we see incidents like this happening.
This isn't a "hardware manufacturing" problem. The iPods got hooked to a Windows machine, probably during some QA process, and got infected. The hardware is fine.
Sure, especially when you consider that one of the problems Apple had with IBM/Motorola is that they were always in short supply of chips. Apple was constantly delayed in releasing new models because their processor suppliers weren't meeting their estimates.
I'm not sure if this is what people are talking about, but a DRM scheme under a GPL license would provide programmers and users more freedom than closed-source DRM. It would defeat one of the problems with DRM: non-portability. For example, I can't take my iTunes music and play it (easily) on a Linux computer, but if FairPlay were open to everyone, I probably could. If FairPlay were something that could be ported to other operating systems and devices, people wouldn't need to worry as much about losing access to their iTunes media someday.
Of course, there's the problem here: can open-sourced DRM schemes be secure, or are they inherently more crack-able? I don't know for sure. That's a level of security beyond my knowledge, but I would guess that it'd probably be easy to strip FairPlay if you had access to the iTunes source code.
And what about people buying Windows in the first place? Last I checked, they don't update the CDs every time there's a security patch, and many OEMs don't patch before they send the machine out the door--they just install the latest service pack and let the user install the updates.
Unless Microsoft is going to be releasing operating systems more frequently, you'll need some sort of versioning to allow for enitre stable builds after the gold-master, so that they'll be releasing updated retail versions and so OEMs can standardize on newer builds.
Do you need to pay for a subscription to OneCare for that?
Anyway, there are several products to log user activity and restrict web access to inappropriate sites. I've never noticed this feature in OneCare, but I'm sure it's fine (OneCare in general seems to do a decent enough job). But if you aren't worried about monitoring people or locking their accounts down in specific ways, you don't need special software, a domain, or group policies. For the most part, having people work in User accounts will protect the system from serious damage.
You're right. It isn't necessarily sufficient to put a password on the BIOS. If the kids can get a moment alone with the computer, it doesn't necessarily take long to crack open the case and pull the battery. At the very least, if you're going to rely on a BIOs password, make sure the cases are the kind that you can put a pad-lock on them. One way or the other, you need to restrict physical access to the machine itself, or it isn't secure against someone who knows what they're doing.
And what do you do about the IT personnel who have rights sufficient to circumvent logging or alter the logs? The difference from you DMV situation is that you're talking about logging random DMV workers, and not the person who set up the system and maintains it, therefore having read/write access to everything.
Seriously. I've been very open with my employers about this in the past-- that part of the job of an IT person is to be trustworthy, more so than some other jobs. By the nature of the job, you have a level of technical knowledge that your employers don't, and with that knowledge you could often destroy their business in a matter of hours.
I've been asked, hypothetically, how do they put systems in place to guard against me going rogue and screwing their network up (back when I was basically the network admin). My answer was: you don't. They had in mind things like, "We could set folder permissions so only HR people had access, but domain admins didn't". Yeah, that'll work.
I told them, "With most security measures like that you could limit my access, but it might make my job harder, limit my ability to fix things quickly/easily/transparently, and wouldn't be effective at stopping me if I wanted to do damage." Along with everything else, they were asking me to lock myself out. If I weren't trustworthy, how would they know I didn't leave a hole in the security for myself?
That doesn't mean you can't put some guards in place, or restrict certain levels of access to only high-level IT people. Still, management needs to understand that, at some point, you're handing the keys of the kingdom over to someone, or else you can't run a network or helpdesk system. Therefore the best security measure possible takes place in the job interview. Hire someone competent and trustworthy.
Yeah, people don't get what's going. In the first place, e-mail isn't a secure form of communication. It's usually transmitted unencrypted, and often your authentication to your e-mail server isn't encrypted. Whoever is running your e-mail server, whether it's your ISP or Google, can read your e-mail if they really want, and mostly you're relying on them to be disinterested in the matters you're sending back and forth. People should understand this.
However, the second component here is that, if you can't trust your IT staff, you are in big trouble. The reason is this: even if you put security measures in place to restrict IT access to e-mail messages, your IT staff is going to have to put that in place. If you can't trust the person who institutes your security, you won't know for sure whether they left themselves a back-door in. Basically, you're trying to lock people out of a system that they've set up themselves, and they know the system better than you do (or you probably wouldn't have hired them).
So the best solution-- the only solution-- is to hire IT people you can trust. When you hand over control of your network to someone, imagine it being like handing over keys to a storage room with all your information in it, with only their integrity to keep them from browsing through it.
As an aside: you should also be careful about the communications you have through your office e-mail. Even well-intentioned trustworthy support personnel might stumble across it while fixing problems or troubleshooting. Take it from a guy who's accidentally stumbled across e-mail from an executive's mistress before. I was just browsing trough our spam filter to look for false positives, and there it was. I wasn't looking for it, wish I hadn't seen it, and didn't want to know, but there it was. So as a rule, if you have personal information you wouldn't feel comfortable telling your IT people (like that you're having an affair and doing coke on weekends), don't talk about it in your work e-mail account.
You don't even have to go very far with this: just give them "user" accounts. Windows comes with three main user groups built-in: administrators, power users, users. Unless someone has messed things up, "users" shouldn't be able to install things or mess with the actual system.
Now, the other part of this (and this is important) is that you have to find a way to restrict student's access to the physical machines as much as possible. The ideal would be to put the actual machine in a locking cabinet or something (with some amount of air-flow so they don't overheat). If you really want to keep the computers secure, you don't want those kids getting access to so much as a CD-ROM drive or USB port. Really, a simple lock-down will keep most kids out of trouble, but you never know when some kid is going to figure out how to reset your Windows admin password with a Linux live CD.
Sure, that might be true if we were, for example, contemplating every possible scenario of extra-terrestrial visitation. What happens if Jesus comes from planet Nebulon riding a purple dragon? Yeah, that probably not worth wondering about. Quantum computing, on the other hand, is something being worked on right now. If there are going to be security flaws fundamental to the technology, it might be worth thinking about.
Your other example, will we overtax our natural resources if we can stave off death for hundreds of years? That sounds like a real problem to me. Given that we're already taxing our natural resources, it seems worthwhile to question whether we're heading for a serious overpopulation problem given birth rates and life expectancy. I don't see why we shouldn't be thinking about it.
I think you're right except for the "too early to think about it" part. Why wouldn't we want to think about the possible consequences of our inventions? Must we make all our mistakes and screw things up before we start thinking about them, or can't we try to consider the problems we might be inventing in order to avoid them?
Supposedly part of the problem was incorrect application of thermal grease at the factory (or so I've heard). I have an early-model MacBook Pro, and it does feel hot in your lap. However, the PowerBooks I've owned also ran hot, and I don't find it unbearably so (though I rarely wear shorts).
I'm not an engineer, but I've always been under the impression that the issue was just a design-choice at Apple. They want a high-performance machine packed into a small case without using loud fans. The solution they've chosen is to make the case out of metal so that the case itself acts as a heat-sink. The result is that the components don't over-heat, but unfortunately owners who sit the machine on their laps do overheat. It might be better for your lap, but it would be worse for the components if the case were well-insultated, because then the heat would stay inside the computer itself.
Other manufacturers tend to get around the problem by having thicker designs and more fans. Apple decided to favor those of us who want slim designs, low noise, and typically place the laptop on a desk or table while using it anyway.
Look, depending on what, exactly, you consider to be "comparable" systems, you might get cheeper or more expensive. Does the Dell have the same exact processor? Same video card? Same quality display? All the same ports? The same drives? What about extras (built-in iSight, for example)? You'll never get an exact match-up. You have to estimate and weigh some things out.
However, I wouldn't compare Apple's products to Dell's consumer line. If you're going to compare the Macbook to something, try the Lattitude line, not Inspiron. If you want to compare the Mac mini to something, choose the ultra-small form factor Optiplex. For a workstation, compare Apple's to the Precision line.
I'm not saying that you won't be able to find good deals at Dell, but I think if you compare Apple and Dell fairly, you'll have to admit, at the very least, that Apple computers aren't unreasonably expensive.
Besides the investment, there's just the issue of how efficient text is. Really, I would expect slashdotters, the people who are still using a CLI and text-only web browsers, to understand that flashy graphics that don't do anything aren't always going to work out.
Now, I'm not saying that 3D just won't ever catch on. Yes, I do expect that one of these days there will be a successful mix of a MMORPG and these social networking sites, perhaps resulting in a game with no game, so to speak. Just a big virtual world to wonder about, meet people, make friends, etc. I guess it could even be the next big social networking idea.
But will it replace computing as we know it? Nah. The idea will only find success when it's restricted and targeted, refined for a specific purpose. Games and social networking make sense. It won't be a suitable replacement for everything. HTTP/HTML, FTP, email, the modern desktop OS-- these things are sticking around for a while still.
We actually measured trouble calling stats at one of the larger companies I worked for, and the number of calls dropped tremendously when admin rights were taken away. People had fewer problems and greater up-time. Most people were eventually happier that way (at least when I talked to people I was supporting at the time). Admittedly, there were a few malcontents who weren't happy no matter what. I've had users admit to me before that they just weren't comfortable not having admin rights, even though things did run better after I'd fixed their systems and locked them down.
I've never locked down a machine without ensuring that all the user's apps would still work, and I generally didn't get complaints from users. Now maybe I was just some sort of miraculous desktop-support god, but I wasn't doing anything above and beyond common sense. You log in with a restricted account and test everything.
Maybe you've just never had decent desktop support.
Sorry, it was just that you talked about IT like they were an outside group, and it didn't occur to me that you would get any flack from wanting to use Ethereal if you were in any kind of support position. It wasn't clear to me that you were in IT, as lots of people have heard of Ethereal. I've just never worked in a situation where the security vs. desktop support vs. network support vs. whatever are so fragmented that the security guys would freak at even a desktop guy (who are, in my experience, considered low-man on the totem) installing Ethereal. We worked as a team, more or less. Sure, sometimes the corporate guys would come in and step on some toes, but they rarely knew what was going on at a given site unless it had an impact on the WAN. The security guys used Ethereal themselves, so it certainly wasn't off-limits to IT.
But I have had plenty of tinkerers who would screw up their own systems and the network. Guys who thought they were being clever and "fixing" and "optimizing", but their equipment was always broken and misconfigured as a result. I'm not talking about people from the shipping department, but CS grads in various positions, decently high-level, often programmers. Mostly, it was a bunch of know-it-alls who ran their own home networks, and thought that entitled them to play "IT" and do things like install Ethereal and try to diagnose their own issues. By the time they were through "fixing" an issue, all they had accomplished was to create more work for IT. People like those should be have their computers locked down hard and fast.
Interesting theory, but it makes me wonder, what about you and me, Mr. AC? You're an anonymous coward, and it would take a little bit of work for anyone here to get my real name. So why aren't we yelling "shitcock" at each other?
Are we allowed to divide our "Normal People" into "real normal people" and "closet fuckwads"?
I *wish*! What he's created, apparently, is software that allows other devices to play FairPlay-protected files, and other media vendors to sell FairPlay-protected files. But it seems that what he isn't providing is a way to strip the DRM and leave a plain AAC file.
I think there are a lot of people here who would just have greater piece of mind if they could buy stuff from iTunes without having it DRM-encumbered, so I'd really rather he were working on fixing Hymn for iTunes 7, and including support for stripping DRM from movies.
And no, I don't download or distribute anything pirated.
Well, I'm no one. I'm just a guy on slashdot. But if I were his IT guy, I might be exactly the person to tell him "no".
When I was working with programmers, the deal was that if the software guys wanted support from us on a system, then they didn't get admin rights on that system. So developers might have an IT-provided box for e-mail/web browsing and programming, and then they had their own development boxes on a separate network. They could do whatever they wanted on the dev boxes, and we might help them, but it was key that it wasn't our (the IT dept.'s) responsibility to fix what the software developers broke.
This might sound silly... that is, until you've worked in helpdesk/network support for a company of any decent size. Before these rules were in place, the software guys would install all sorts of spyware and crap, erase system files they shouldn't, and generally screw up their own systems. Then IT would have to run around all over the place fixing these issues because the software guys couldn't even check their e-mail anymore. The IT dept was short-staffed as it was, and we didn't have the resources to deal with the stupid mistakes.
Part of the problem was that these guys were over-confident of their abilities just because they had bachelors degrees in CS. Being a programmer doesn't mean you understand what goes into corporate desktop support. When you've worked in support long enough, you start to learn how important stability is, and how much you need to be careful even when "everything should be fine!" You start to figure out that you need broad policies that don't allow users more access/power than they absolutely need, and you can't play favorites. I don't care if you're a developer or a secretary, if I have to fix your computer, you're a "user" to me, and users shouldn't have admin rights on their computers. Users shouldn't be installing Ethereal.
... And I did say that I don't know the background of the guy I was responding to. Maybe he's entirely correct to handle things how he did. However, when I read his description, I had more sympathy for the IT guys.
I usually don't respond to trolling ACs, but in case anyone misreads what I'm saying, that last line is mostly a joke. I am currently working in IT, and I don't break things generally. However, when it comes to my own system and my own data, the truth is that I am far sloppier than working on someone else's system/data. There are lots of reasons for this, but the truth is, my own work system would be far more stable if I treated it like I treat other people's work systems.
However, I have different goals for my desktop system, and stability isn't really one of them (testing is), which is why I don't honestly wish that someone would lock me out. However, it's true that if you gave my desktop my standard Windows image (which is what's on pretty much everything else) and took away my admin rights, then yes, it would enjoy much better up-time.
Use SSH for what? A makeshift VPN? And SSL is good so long as the sites you're using use it, but I'm sure there are sites doing things in plain text that people would prefer to keep private. I've seen webmail that uses plain-text passwords, and you wouldn't believe the shit that some people have in their e-mail.
I guess I'm suggesting that we should be telling the general public to be careful about their internet usage on public WiFi. If we're scaring them a little unnecessarily, it might still be better than not scaring them enough. After seeing enough people with some level of identity theft, my advice to everyone is, if you aren't sure about anything on the internet, be paranoid. Don't put anything on the internet you wouldn't want people to know about, don't ever click a link to your bank's page, but always enter it in the address bar yourself or use your own bookmark, and never enter a password or personal information unless the address starts with "https://".
You know, having worked in IT, my inclination is to say that users shouldn't be doing that stuff. You're network is segmented enough? Unless you're in charge of IT security, it's not your job to decide that. I don't know what you're background in particular was, but I used to work for an engineering firm that made software (among other things). The programmers were constantly telling us that they needed to be able to install software, that they knew how to run their own machines, that they understood software better than we did, etc. And guess what? Those were the same guys whose computers were *constantly* broken. They did tons of stupid stuff because they didn't know what they were doing. Some of the best guys were tinkerers, who had been fixing computers for years, but didn't understand that working IT is different. In a business setting, mistakes and errors can have totally different ramifications.
So I'm not saying you did the wrong thing, but that it should have been your IT staff to do it. If you have a bad IT staff, that's a separate problem, but they're right to try to discourage you from tinkering around on your own. Being your own IT person is like being your own doctor, or a lawyer representing himself in court. It's just a bad idea.
Personally, I sometimes wish I had someone else who would lock me out of administering my own machine to keep me from fucking around and breaking things.
In the same vein, I was thinking "Congress". Not the Library of Congress, but the actual, you know, Congress. How many congressmen could be bought for $100M? I'm not sure, you'd probably have to ask the RIAA/MPAA, but maybe it would be enough to push through some meaningful copyright reform.
The hard drive itself is fine, yes.
This isn't a "hardware manufacturing" problem. The iPods got hooked to a Windows machine, probably during some QA process, and got infected. The hardware is fine.