Schlemphfer writes: "You can forget about using private email or surfing the web while at work if these bozos have their way. And judging by the Reuters article, it looks like they might. Basically what they're doing is trying to scare senior management into thinking that allowing employees unrestricted use of the net will cripple a company with viruses and lawsuits."
Gads, a tad bit reactionary, aren't we???
First, any company that doesn't take, at least, modest precautions in blocking certain types of e-mail attachments, or abusive downloadable web content is foolish, and, IMHO, acting negligently towards their own fiduciary responsibility, or toward their Internet neighbors.
I've been long sickened by the number of automated attacks that my IDS picks up. How long has CodeRed and Nimda been around??? Too many of these are comprimised hosts supported by corporate networks of some sort.
Second, there's little "right" involved in your use of corporate assets such as personal computers and networks. It's a kindergarten mentality to expect a company to be required to provide you with resources to order the latest teen-pop drivel, or whatever it is you just _have_ to buy during work hours.
That said, I (and many of those within my company) couldn't do our jobs as developers without net access. Any company which starts arbitrarily blocking access to the Internet without properly judging the necessary impact to their workers is also foolish.
If your company manufactures pencils, then OK, they can probably get away without providing unrestricted access to the Internet without any negative impact on their workforce. On the other hand, if your company develops software, etc... the impact would be substantial.
It's all a matter of degree, and like most things on this planet, the right solution lies in moderation.
Was this REALLY worth a Slashdot news item? I do not see how this is news in that a) it's not anything new, or hasn't been bandied about ad nausem; and b) common sense tells me that the submission itself is borderline troll. Seriously, timothy, did you think this was news???
It'd be nice to be able to moderate story submissions in addition to comments.
However as far as I can tell, you've got no claim on me re: "as far XXX," damnit! (;) )
Mmm...and re: the typos, I am claiming my official "cut me some slack" card today. My message was typed only about an hour after my first root canal. Laughing gas does wonders for one's typing. Mmm..and Hydrocordone helps, too!
Wireless suffers from same problems that many other network mediums have. If you take a broadcast network topology, without physical access restrictions (ie. someone can plug into your hub, or tap a thin-net connection) then you're in the exact same position. The only differences (and, yes, these are big) is that: a) you don't need a wire to connect to the network, and b) until fairly recently few even recognized the problems associated with wireless--or specifically that a lot of the problems associated with traditional topologies--apply.
People assumed that WEP protected them, and that was it. If you didn't (or don't) build in additional security measures, then sure...you're pretty vulnerable, kind-of like if you had a network that had cat-5 jacks in public areas attached to a broadcast network.
You can't just go off and say "802.11" is broken--it's not. Its not secure, but then again, very few things are. You do caveat your statement with the clause about encryption, but if you design your network with such measures as an afterthought, then duh...
Nothing you state is wrong per se, it just seems like you've been watching a few too many TechTV shows.
The short of it is this: Wireless technologies were made consumer-friendly way to rapidly. Think about how quickly home wireless bridges have been adopted. In the past year alone the growth in that market has grown almost exponentially. Any technology, which requires a certain amount of knowledge or expertise to deploy properly, that is rapidly made a consumer-class item is going to run into similar adoption difficulties.
Yeah...tell me about it. At least the books that my dept. liked were old standbys: Dragon book (compilers), Comer books for networking (since the course was taught by comer) etc.., so you could usually find them used for good prices.
And, more importantly, useful in your professional career if you stick with it.
My college text books fell into one of two categories--those worth keeping, and those not. Funny, the courses whose text books fell into the former category were, almost without exception, the classes that I learned the most, and actually retained the knowledge.
Funnier yet still, is that the same applied to a number of courses outside the CS cirriculum--there was an English for Writers course which had a number of excellent books, which are still on my shelf. Same for two Physics courses.
Most of the math books I used actually kind-of sucked, so I don't have a single text book from any of those courses. Instead I've supplemented my collection with books that have much more useful content, like a couple of Linear Algebra texts, and a Statistics Analysis Process book that have proven helpful in the CG projects I've worked on.
So, unless you really need the cash, take a second look at some of your text. You will probably intuitively know which will be useful down the road a bit.
I am certainly not a security expert, but this seems like a potential weak point. If they can automatically change the rules the firewall uses, then in theory someone else could as well, if they cracked the update protocol.
It all depends upon the security posture of your company. The same question can be made of outsourcing security services in general. Some companies are too small and/or do not have the internal expertise to property manage an integrated solution, and rely on services and solutions from third party companies. In essense, you are putting you the family jewels in someone else's hands.
So, allowing your firewall/ids to go out and fetch the latest ruleset may be OK if you're already willing to trust as it is.
Not saying that I don't consider it a problem--it's just something that has to be taken in check with your needs and resources.
Given the recent Enron fiasco on top of the general Bad Economy Thing (BETtm), things in Houston are pretty bad. Compaq, one of the areas larger tech employers has done significant layoffs, too.
I am still employed, thankfully, but my company has also done layoffs, which means more work--fewer people.
I moved down to Houston a year ago, and damnit, I want the economy rebounded already so I can get the hell out of here!;)
When a.bat file can wipe your harddrive you don't have any security.
Hmm...making a similar generality one could retort:
"When a init.d script can wipe your harddrive you don't have any security."
The real point you're trying to make is--when it is so dirt simple to make AND remotely install a.bat file to wipe your harddrive, you don't have any security.
That this is in large part due to the nature of Open vs. Closed source applications. Linux is open, and a lot of the bugs tracked are found because of just that--it's open, and people can look inside and see. Windows is closed, and has statstically significant (understandment) fewer eyes examining it.
So, measuring how secure an OS (and OS) is, by the number of items in (NT)Bugtraq is a red herring.
So.. if a company lobbies against this law, wouldn't that open them up to criticizm? I mean, it'd essentially be like them saying "we don't want to be responsible for our insecure software."
Sounds logical, but I doubt it. Think about the pro-tobacco lobby. They manage to garner support for their efforts without too many people in the public noticing that they're supporting a substance that kills people. What's a little bit of insecure software compared to that??
I still smoke, and still use "insecure" software regardless. The American Public is a very funny thing sometimes.
Does Microsoft even have a case? Do they really want to bring attention to this subject? I am a purchasing manager for a company - and their heavy-handedness doesn't exactly make me what to run out and buy their products.
Of course they have a case! They have gobs of money. If you have gobs of money, you can start a case (legal) about almost anything.
The question you're really asking is are they right? Will a court find so? The answers to those two questions are not necessarily the same.
Yes, production companies have been getting on the CG bandwagon (like for the last decade, folks) but right now there are a lot of jobless folks in the industry--people with years of professional modelling/animation/compositing experience.
In six months, this, like the tech industry in general, may be a happier place, but they're hurting right now, too.
"...but you can always say "answer the questions you like, combine some, and skip some if you like..."
Hmm...perhaps your suggestion should be floated to mainstram media too... I can see it now. Barbara Walter's Interview with Osama Bin Laden.
BW: "Osama-Why did you arrange to kill 4,000+ Americans? What is your favorite color?"
OBL: "Brown."
Ok...so/. isn't really a traditional journalism outlet, however given as much criticism as they recieve for that fact, why would they want to go further against basic standards of journalism? You do not let your interviewee pick the questions. If you do, your interview becomes no more than a sales pitch for them.
This is a problem dealt with frequently, particularly during election cycles.
Not true, Timothy. Transmeta chips are faring very well in bladed servers. Check out
http://www.rlxtechnologies.com/product/. There've been a few Slashdot stories about us, and there've been some big name competitor products pop up recently, which is a good thing, 'cause it brings acceptance to a new market.
This thread is about laptops specifically, but you made a pretty large generalization, Timothy, and I just wanted to clarify it a little bit.
I second this recommendation. I remember playing the original Spy Hunter after music lessons at the neighboorhood mall. This version is highly entertaining!
I love the transform between car and boat, car and motorcycle, etc... Weapons are cool. Nice graphics.
All in all, one of the few games worth the $$ to play.
Having gone through hell with NSI in various capactities over the last decade, I've found that the one way to get reliable support from them is to use the phone. Call their 1-800 number, and stay on hold.
You'll do the punch button shuffle for a few minutes, and then will stay on hold for a very long time. However, you will finally get through to someone who can, more likely then not, help you.
I've spent MANY MANY MANY (did I say lots) of hours on the phone with NSI over the past decade. Every time I get highly annoyed, and rack up the cost of my time spent in my head. But it will get you results.
Then, when things are working, then transfer your domain to another registrar, and don't do it again. This thread has plenty of recommendations, so I'll just leave it at that.
It's a difficult prospect to provide some kind of visualization of the things we do every day, geared to a movie-going audience. Given that the net, etc... hadn't hit the social conciousness, I think they did a pretty fantastic job of relaying something that a non-geek can understand. The idea of interconnected nodes on a meshed network isn't something that comes to someone not in our crew.
For movies like Hackers (and yes, Sneakers, too--don't get me started on bogus crypto in movies) you just have to set aside your cinicism, and enjoy the music, and the visuals.
Let me recommend another movies whose visuals and musical score are astounding, and should be in any audio/vidiophile's collection: baraka.
http://us.imdb.com/Title?0103767
If you've not seen it, rectify the situation immediately.;)
I think core to this particular issue is mindset. System Admins have been, for years, told to upgrade--stay current with security patches for your particular operating system.
Router/Switch maintenence is different. How many Cisco users out there a familiar with the "fix on fail" SOP. I've found many a tier-1 support staffer reluctant to let you run off patching things that may not need it.
Routers/Switches are very commonly more important (read: requires less downtime) than any single machine on a network. In an environment like Exodus, Level 3, GlobalCenter,..., downtime on a core switch is serious business. If it's working, there's a definite desire to not break it.
I identify with this mind set (and if you don't you're probably not a very good admin---running apt-get update/apt-get upgrade every day on a production system is a BAD, no...REALLY BAD idea.) However, let me say clearly, that this is obviously a wrong way to think about things.
How do you tell what ROM/BIOSs to flash? What patches to install? You have to do your research. If you blindly install a new super duper patch, and it breaks NFS on your server, you probably should've read the ChangeLog or Release Notes--it probably mentioned that something changed, or theres a dependancy--or worse yet, that there are configurations with which the patch is incompatible. It happens.
There's no easy way, than to understand what you're doing. Read the docs. You have to be willing to dedicate the time to make sure you're doing the right thing, and your bases are covered.
If you don't--you deserve what you get. If you don't learn from the experience, that'll probably include being fired.
Not preaching here...just passing along uncomfortable experiences.
"Yeah, um...hi. Cisco support? I just installed this patch, and..." Ugh.
I won't repeat the comments that have been continually repeated (read beaten to death,) but will come up with two that I've not seen:
1) use the right names, damnit. They're Transporters and Phasers. Etymological progression does change words as a language evolves, however, we're just talking a period of 150 years. I'm not saying it's totally out of the question that they'd become a linguistic commonality, changing their tense, etc... it just seems that they made a point of "unfamiliarizing" them with the technology to specifically unfamiliarize it. Well, duh. It just annoyed me, and I'll leave it at that.
2) just a guess, but the fuzzy dude in the temporal communications pire is probably the talking vulcan guy from the beginning trying to convince the head-strong humans to just leave it to the vulcans. IMHO, they left the voice too intact. This is not a spoiler as it is just a guess. Also, that guy's name is Gary Graham, who played Det. Matthew Sikes on Alien Nation (TV not the movie.) Don't know why I know that.
Now, I will repeat one common thread...all ST pilots have pretty much sucked. Chosing to judge an ST series by the pilot is obviously universally stupid, and you all know that.
> "Gartner's recommendations ignore the fact that > security is an industry-wide challenge, and
> serious vulnerabilities have been found in all > server products and platforms," said Jim
> Desler, a Microsoft official. "IIS is as secure > as our competitors' products, and what
> differentiates Microsoft is our industry-
> leading response process."
And the Linux/Open Source/GNU/Slashdot/Freedom Fighters of the World/Whatever everywhere collectively respond: "Oh, is THAT what you call it?"
Check out
http://www.rlxtechnologies.com/. We've got Scyld stuff running very well. Processors are not very beefy, but we can get 24 of 'em in three rack units (or 336 in a 42U rack), and have some very nice tools to manage the whole shebang. Very little power required, easy to wire.
Just to say it out loud...I work there, so it's a blatant self-promotion, I guess. But it is a bad ass little product that packs a punch.
Slashdot Mirror
Gads, a tad bit reactionary, aren't we???
First, any company that doesn't take, at least, modest precautions in blocking certain types of e-mail attachments, or abusive downloadable web content is foolish, and, IMHO, acting negligently towards their own fiduciary responsibility, or toward their Internet neighbors.
I've been long sickened by the number of automated attacks that my IDS picks up. How long has CodeRed and Nimda been around??? Too many of these are comprimised hosts supported by corporate networks of some sort.
Second, there's little "right" involved in your use of corporate assets such as personal computers and networks. It's a kindergarten mentality to expect a company to be required to provide you with resources to order the latest teen-pop drivel, or whatever it is you just _have_ to buy during work hours.
That said, I (and many of those within my company) couldn't do our jobs as developers without net access. Any company which starts arbitrarily blocking access to the Internet without properly judging the necessary impact to their workers is also foolish.
If your company manufactures pencils, then OK, they can probably get away without providing unrestricted access to the Internet without any negative impact on their workforce. On the other hand, if your company develops software, etc... the impact would be substantial.
It's all a matter of degree, and like most things on this planet, the right solution lies in moderation.
Was this REALLY worth a Slashdot news item? I do not see how this is news in that a) it's not anything new, or hasn't been bandied about ad nausem; and b) common sense tells me that the submission itself is borderline troll. Seriously, timothy, did you think this was news???
It'd be nice to be able to moderate story submissions in addition to comments.
Heh...dude, you missed my "as far as" joke in my reply. I'm disappointed! ;)
-db
LOL!
;) )
Ok ok...I'll give you the points on that.
However as far as I can tell, you've got no claim on me re: "as far XXX," damnit! (
Mmm...and re: the typos, I am claiming my official "cut me some slack" card today. My message was typed only about an hour after my first root canal. Laughing gas does wonders for one's typing. Mmm..and Hydrocordone helps, too!
Your message is a tad bit sensationalized.
Wireless suffers from same problems that many other network mediums have. If you take a broadcast network topology, without physical access restrictions (ie. someone can plug into your hub, or tap a thin-net connection) then you're in the exact same position. The only differences (and, yes, these are big) is that: a) you don't need a wire to connect to the network, and b) until fairly recently few even recognized the problems associated with wireless--or specifically that a lot of the problems associated with traditional topologies--apply.
People assumed that WEP protected them, and that was it. If you didn't (or don't) build in additional security measures, then sure...you're pretty vulnerable, kind-of like if you had a network that had cat-5 jacks in public areas attached to a broadcast network.
You can't just go off and say "802.11" is broken--it's not. Its not secure, but then again, very few things are. You do caveat your statement with the clause about encryption, but if you design your network with such measures as an afterthought, then duh...
Nothing you state is wrong per se, it just seems like you've been watching a few too many TechTV shows.
The short of it is this: Wireless technologies were made consumer-friendly way to rapidly. Think about how quickly home wireless bridges have been adopted. In the past year alone the growth in that market has grown almost exponentially. Any technology, which requires a certain amount of knowledge or expertise to deploy properly, that is rapidly made a consumer-class item is going to run into similar adoption difficulties.
And, more importantly, useful in your professional career if you stick with it.
My college text books fell into one of two categories--those worth keeping, and those not. Funny, the courses whose text books fell into the former category were, almost without exception, the classes that I learned the most, and actually retained the knowledge.
Operating Systems, Hardware Design, Networking, Programming Languages, etc...
Funnier yet still, is that the same applied to a number of courses outside the CS cirriculum--there was an English for Writers course which had a number of excellent books, which are still on my shelf. Same for two Physics courses.
Most of the math books I used actually kind-of sucked, so I don't have a single text book from any of those courses. Instead I've supplemented my collection with books that have much more useful content, like a couple of Linear Algebra texts, and a Statistics Analysis Process book that have proven helpful in the CG projects I've worked on.
So, unless you really need the cash, take a second look at some of your text. You will probably intuitively know which will be useful down the road a bit.
It all depends upon the security posture of your company. The same question can be made of outsourcing security services in general. Some companies are too small and/or do not have the internal expertise to property manage an integrated solution, and rely on services and solutions from third party companies. In essense, you are putting you the family jewels in someone else's hands.
So, allowing your firewall/ids to go out and fetch the latest ruleset may be OK if you're already willing to trust as it is.
Not saying that I don't consider it a problem--it's just something that has to be taken in check with your needs and resources.
MESSAGE READS:
PROJECT WILDFIRE. STOP.
Ok...what the hell is this lameness filter crap all about. I try to reply with a simple teletype-ish reply, and...grr...
Now I understand what people have been complaining about.
Given the recent Enron fiasco on top of the general Bad Economy Thing (BETtm), things in Houston are pretty bad. Compaq, one of the areas larger tech employers has done significant layoffs, too.
;)
I am still employed, thankfully, but my company has also done layoffs, which means more work--fewer people.
I moved down to Houston a year ago, and damnit, I want the economy rebounded already so I can get the hell out of here!
Hmm...making a similar generality one could retort:
"When a init.d script can wipe your harddrive you don't have any security."
The real point you're trying to make is--when it is so dirt simple to make AND remotely install a .bat file to wipe your harddrive, you don't have any security.
Just makin' the statement a little more precise.
And yes, I am a right-brained word fettishist. ;)
That this is in large part due to the nature of Open vs. Closed source applications. Linux is open, and a lot of the bugs tracked are found because of just that--it's open, and people can look inside and see. Windows is closed, and has statstically significant (understandment) fewer eyes examining it.
So, measuring how secure an OS (and OS) is, by the number of items in (NT)Bugtraq is a red herring.
Sounds logical, but I doubt it. Think about the pro-tobacco lobby. They manage to garner support for their efforts without too many people in the public noticing that they're supporting a substance that kills people. What's a little bit of insecure software compared to that??
I still smoke, and still use "insecure" software regardless. The American Public is a very funny thing sometimes.
Of course they have a case! They have gobs of money. If you have gobs of money, you can start a case (legal) about almost anything.
The question you're really asking is are they right? Will a court find so? The answers to those two questions are not necessarily the same.
Gads...
Yes, production companies have been getting on the CG bandwagon (like for the last decade, folks) but right now there are a lot of jobless folks in the industry--people with years of professional modelling/animation/compositing experience.
In six months, this, like the tech industry in general, may be a happier place, but they're hurting right now, too.
-db
Ehhh, who's counting anyways...
No wait...we are.
Hmm...
;)
"...but you can always say "answer the questions you like, combine some, and skip some if you like..."
/. isn't really a traditional journalism outlet, however given as much criticism as they recieve for that fact, why would they want to go further against basic standards of journalism? You do not let your interviewee pick the questions. If you do, your interview becomes no more than a sales pitch for them.
Hmm...perhaps your suggestion should be floated to mainstram media too... I can see it now. Barbara Walter's Interview with Osama Bin Laden.
BW: "Osama-Why did you arrange to kill 4,000+ Americans? What is your favorite color?"
OBL: "Brown."
Ok...so
This is a problem dealt with frequently, particularly during election cycles.
This thread is about laptops specifically, but you made a pretty large generalization, Timothy, and I just wanted to clarify it a little bit.
Requisite disclaimer: I obviously work for RLX.
Dude. You're totally missing the point. There are no Weirding, Wierding, or however the hell you might like to spell them, modules.
;)
If you wish to disagree, please provide a chapter/paragraph reference to such a mention in ANY of the books. I dare you. No, I double dog dare you.
I second this recommendation. I remember playing the original Spy Hunter after music lessons at the neighboorhood mall. This version is highly entertaining!
I love the transform between car and boat, car and motorcycle, etc... Weapons are cool. Nice graphics.
All in all, one of the few games worth the $$ to play.
Having gone through hell with NSI in various capactities over the last decade, I've found that the one way to get reliable support from them is to use the phone. Call their 1-800 number, and stay on hold.
You'll do the punch button shuffle for a few minutes, and then will stay on hold for a very long time. However, you will finally get through to someone who can, more likely then not, help you.
I've spent MANY MANY MANY (did I say lots) of hours on the phone with NSI over the past decade. Every time I get highly annoyed, and rack up the cost of my time spent in my head. But it will get you results.
Then, when things are working, then transfer your domain to another registrar, and don't do it again. This thread has plenty of recommendations, so I'll just leave it at that.
Funny, Open Source software can have a patch out within a few days, why can't Microsoft?
;)
^days^hours
ok, come on guys.
;)
It's a difficult prospect to provide some kind of visualization of the things we do every day, geared to a movie-going audience. Given that the net, etc... hadn't hit the social conciousness, I think they did a pretty fantastic job of relaying something that a non-geek can understand. The idea of interconnected nodes on a meshed network isn't something that comes to someone not in our crew.
For movies like Hackers (and yes, Sneakers, too--don't get me started on bogus crypto in movies) you just have to set aside your cinicism, and enjoy the music, and the visuals.
Let me recommend another movies whose visuals and musical score are astounding, and should be in any audio/vidiophile's collection: baraka.
http://us.imdb.com/Title?0103767
If you've not seen it, rectify the situation immediately.
-db
I think core to this particular issue is mindset. System Admins have been, for years, told to upgrade--stay current with security patches for your particular operating system.
..., downtime on a core switch is serious business. If it's working, there's a definite desire to not break it.
Router/Switch maintenence is different. How many Cisco users out there a familiar with the "fix on fail" SOP. I've found many a tier-1 support staffer reluctant to let you run off patching things that may not need it.
Routers/Switches are very commonly more important (read: requires less downtime) than any single machine on a network. In an environment like Exodus, Level 3, GlobalCenter,
I identify with this mind set (and if you don't you're probably not a very good admin---running apt-get update/apt-get upgrade every day on a production system is a BAD, no...REALLY BAD idea.) However, let me say clearly, that this is obviously a wrong way to think about things.
How do you tell what ROM/BIOSs to flash? What patches to install? You have to do your research. If you blindly install a new super duper patch, and it breaks NFS on your server, you probably should've read the ChangeLog or Release Notes--it probably mentioned that something changed, or theres a dependancy--or worse yet, that there are configurations with which the patch is incompatible. It happens.
There's no easy way, than to understand what you're doing. Read the docs. You have to be willing to dedicate the time to make sure you're doing the right thing, and your bases are covered.
If you don't--you deserve what you get. If you don't learn from the experience, that'll probably include being fired.
Not preaching here...just passing along uncomfortable experiences.
"Yeah, um...hi. Cisco support? I just installed this patch, and..." Ugh.
I won't repeat the comments that have been continually repeated (read beaten to death,) but will come up with two that I've not seen:
1) use the right names, damnit. They're Transporters and Phasers. Etymological progression does change words as a language evolves, however, we're just talking a period of 150 years. I'm not saying it's totally out of the question that they'd become a linguistic commonality, changing their tense, etc... it just seems that they made a point of "unfamiliarizing" them with the technology to specifically unfamiliarize it. Well, duh. It just annoyed me, and I'll leave it at that.
2) just a guess, but the fuzzy dude in the temporal communications pire is probably the talking vulcan guy from the beginning trying to convince the head-strong humans to just leave it to the vulcans. IMHO, they left the voice too intact. This is not a spoiler as it is just a guess. Also, that guy's name is Gary Graham, who played Det. Matthew Sikes on Alien Nation (TV not the movie.) Don't know why I know that.
Now, I will repeat one common thread...all ST pilots have pretty much sucked. Chosing to judge an ST series by the pilot is obviously universally stupid, and you all know that.
> "Gartner's recommendations ignore the fact that > security is an industry-wide challenge, and
> serious vulnerabilities have been found in all > server products and platforms," said Jim
> Desler, a Microsoft official. "IIS is as secure > as our competitors' products, and what
> differentiates Microsoft is our industry-
> leading response process."
And the Linux/Open Source/GNU/Slashdot/Freedom Fighters of the World/Whatever everywhere collectively respond: "Oh, is THAT what you call it?"
Gads.
Just to say it out loud...I work there, so it's a blatant self-promotion, I guess. But it is a bad ass little product that packs a punch.