Or the anonymous coward. Sourefire isn't totally open source.
Look at it another way and pretend to have a brain for a moment. Even with closed source software, it is possible to determine the components that make up the software and what each of them do (reverse engineering), this is what I do for a living. This is also a painstaking process for anything complicated. Then consider that you are also buying a physical box from them, which means in turn you have to audit all the firmware on the machine as well, and you have to do this for *every* *single* machine you buy from them (or at least once per release version/changed binary checksums). This holds true even if the project is open source. Why on earth would you do that? Is that how you want your tax money spent?
Now also think about things like technical support, where you would be giving information away to a foreign national about your IDS setup. This becomes an incredibly high risk situation, as you are not only talking to a foreign national who exists outside of your control (read: laws), but also exists at the other end of phone lines which are also beyond your control, so even if the person you're talking to is honest there is no control over whether all phone calls get routed through a central monitoring station or similar. The same can be said about emails and such as well.
Then consider that we are talking about Israel, not Canada here. Israel is considered a 'sensitive country' throughout most of the US Government. This means they maintain and employ an active intelligence program against the United States, or in layman's terms "they're doing a lot of spying on us". This puts them up there with countries like China, Russia, Iran and so on.
When you start looking at it, it begins to make sense why they wouldn't want a foreign based company owning their most used IDS solution.
I cannot say checkpoint doesnt have a firewall somewhere in the.gov but I can say that I know my agency cannot use checkpoint, and I know that I've never seen checkpoint being used anywhere.
Really, as a foreign national you can't even enter a building that has a classified section to it without going through literally months of hurdles, I can assure you that this was indeed a huge deal for the government.
While I don't necessarily agree with the premise, here is the 'real deal', it doesn't surprise me to see this come up as this issue was raised when they were first bought behind closed doors where I work.
Basically, throughout the US government, there are 'sensitive countries', some of them are obvious: China, Russia, etc. Some of them are non-obvious: Uzbekistan, Sudan, etc. Some of them don't really make a lot of sense because we've already given them so many secrets/money/etc: Israel (keep in mind your grandparents are probably older than the Israeli nation state yet Israel is the world 4th largest nuclear superpower, obviously we gave them a slight helping hand).
That said though, the Israeli's are obviously not satisfied with nuclear secrets and billions of dollars in military aid, as they have routinely and agressively committed acts of espionage against the US. Checkpoint was already rejected in many government agencies because of these reasons.
Snort is used throughout many areas of the government, entire facilities are built around the various NIDS systems on the market (ISS, Snort, NSAs, etc), however most often the backbone of these facilities is Snort. Which when you consider that checkpoint was already rejected, and then sourcefirce is bought this creates a crisis as now a company that was rejected owns the code being run in numerous installations throughout the country and world, which means a whole lot of trouble for a lot of people. So in that sense, trying to stop them makes some sense, as this means it wouldn't leave tons of people scrambling to fix the problem due to a 'fluctuation in the open market'.
Whats stupid to me is that these types of things should be planned on and contingencies created when you start using an product, because we failed to plan doesn't mean its the fault of sourcefire or anyone else. Really what you guys should see this as is similiar to the government speaking on blackberries behalf in court because a shutdown of their services would affect many feds.
The worry is that a product used by the government for security will be owned by a foreign-based company, this part kinda makes sense as Israel, despite being an allie is considered a sensitive country in most departments. This means basically that Israel is a coutry that actively engages in espionage against us, which makes the deal even more of an issue for them.
I don't fully agree with the government trying to stop the deal though, lack of planning on the governments part shouldnt constitute an emergency on checkpoints.
I seriously doubt that, as someone who has routinely flown all over the country with all sorts of weird electrical equipment, it always surprises me that they don't bat an eye. Additionally, if you pay attention, *a lot* of people have their cellphones turned on during the flight. The risk overall simply has to be overrated because airplanes aren't falling out of the sky all the time as result of people leaving their cellphones on.
It is in fact true that the number one flaw of the encryption was its implementation, but lets consider the one message that this project has decrypted. The post-1939 engima encryption, at its greatest strength had 23,276,989,683,567,292,244,023,724,793,447,227,628 ,130,289,261,173,376,992,586,381,072,041,865,764,8 82,821,864,156,921,211,571,619,366,980,734,115,
647,633,344,328,661,729,280,000,000,000,000,000 possible configurations, roughly 2×10^145. Which, you must consider that there is roughly 10^80 atoms estimated in the known universe, although in practice the complexity was 10^23.
Now lets take all of the available information at face value and presume everything everyone says about that message is correct, this is to say that it was transmitted in mid-1942, but shows up in war diaries for U-264 in 1930. This would leave one to assume that it was retransmited 12 years later for whatever reason.
As I understand it, all navel encryption between May 7, 1941 and June 1941 were decrypted, and post June 1941 'most' of the encryption was cracked using a banburismus machine, the banburismus had some limitations, one important one was that 200 messages had to be transmitted that day. Then consider that by 1945 we could crack 'most' engima encryption within a few days.
All things considered, we have few probable options, we can reasonably conclude that when the message was intercepted we either were not able to crack the encryption, or had such a backlog of messages to decrypt that it wasn't done, and because classified military information is only important so long as its relevant (i.e. decrypting a message that states when D-Day would occur, and where a month after the invasion is useless), its probable to think that we either couldnt or didnt crack the decryption in time for it to be useful, and therefore as stated the message was secure, in that the encryption lasted longer than the lifetime of the message.
The premise that the end of the war made it irrelevant is silly because that means we had a backlog of about 3 years. In addition, this message was transmitted in the middle of a transition in our decryption to something that was not 100%.
Many components of their OS, are however under GPL'd code, they have a lot of code borrowed from various KDE projects, in fact if I had to guess actual numbers, I'd say more of their backend userspace code is external source than written at apple, and in fact, a quick grab of The darwin 10.4.5 x86 source code list run through grep and wc -l reveals the following:
Projects under the APSL: 112
Projects under 'Other' licenses: 135
Without really looking into the subject, I'd say that at least in userspace, more of OSX is GPL than not.
Moved away, to what exactly? Nothing on the market performs in that arena as well as SGI did, then you run into all sorts of applications that only exist under SGI, etc so on and so forth.
You'd probably wonder what fields of medical research use SGI boxes as well, but if you've ever stepped foot in that industry you would find tons of SGI boxes specifically made for super high end graphics all over the place.
Enron routinuely created artificial shortages of energy in order to cause price spikes and profit from it, the california power outages, which as I understand it, they had a large part in, was a huge success for them and given a little while longer, could've potentially saved them from their impending doom (provided they changed their business practices), the point was people didn't simply move to other sources of energy when artificial outages were created.
Artificially causing spikes in oil price just causes more people to seek other energy sources
It worked for Enron.. at least for a while, and california still uses electricity (and they didnt crash because everyone changed energy sources either)
So you finally made it to level 99 and as you approach the last boss the perl program crashes with a message about a missing module! Surely you say, this is not possible perl detects the missing module during compilation.
Quickly I retort, try chrooting a perl script some time, especially one that has a function in a module that has a use statement in it and watch your scripting language fall apart.
Seriously folks, this is part of the perl dementia. perl is great as a general system glue/sh scripting replacement, its good for cgi's, but stop trying to do everything in scripting languages, in every single real world implementation ive seen its either failed misrebly or performed misrebly. Please grow up and use a real language when you have real tasks to accomplish.
While what you said is generally correct, I will point out that anyone with access to the HDD (or an image of the disk, which can be done across the network) can access EFS encrypted files, your password is not required, both Encase and FTK support it, and I'd imagine pretty much everything does. I do this all the time at work, so EFS is essentially 'trashware'. Unless something dramatic changes in Vista, the UK doesn't need a backdoor to the encryption, they just need the physical disk, which in LEO situations, is pretty common.
If someone really wants to encrypt their data, using pgpdisk or similar is a much better solution.
I agree in the basics, but really what my point was that the passage of time, or the change of events is inevitable and will happen, whether you perceive it or not, and that therefore regardless of what term you give it, time exists.
To phrase it another way, it currently takes 23 hours and 56 minutes for a full revolution of the planet earth (and an additional 4 minutes for any one point to have sunlight on it again). If we all suddenly became ignorant of the 'time terminology', there would still be day and night, and it wouldn't happen instantiously, it would still take 23+ hours to occur each time, even if we called them something different and changed our scales.
If time is merely a construct that we mortals created, explain how objects age exactly? I mean, even if everyone and everything said 'time no longer exists', things will still age, people and creatures would still die of old age. The elements would eventually deteriorate most everything, etc. The measurement of time itself is a man-made construct, but the existence of it in itself is very much a reality.
That's impressive, but that would make you an exceptional case.
While statistics would agree with you, I really don't feel I am an exceptional case. Once you learn how to read, everything is possible, you just have to dedicate your time and effort to it and become convinced it is possible given enough time. It really bothers me to see people who feel they're stuck and would rather flounder than change the situation, simply put if you don't like where you are in life, change it- and eventually it will change.
If you are a "social engineer", and are designing some kind of social system, then you have to design it with the TYPICAL case in mind, and not the exceptional. In the situation of being trapped by self-destructive behavior, most people will find it difficult to find the path out without some help.
But that trap is just like the trap most drugs provide, purely mental. I really hate to quote Jesse Jackson, however I've always liked the quote- 'the problem is that people are too busy pushing dope into their veins instead of hope into their brains'. I realize that sounds quite hippy-esque, and I recognize that not every story will end in success, however people don't put forth enough effort. I used to be homeless, for about 2 years, at one point my home was a 280zx that I bought for $5 (dealership special sale where they sell a lot full of cars heavily discounted, and advertise the $5/$1 dollar car, and there are only one or two of them on the lot). Everything I owned, my entire life was in that car, and one night it broke down and I left it for the night, when I returned the next day everything i owned had either been stolen or strung out over the next few miles, and the car was totally trashed. So with that said, I now owned what I was wearing, and now didn't even have a place to sleep. Eventually I got a job in fast food, and in fact during that time period I indeed went through several fast food jobs, I started saving that money, I started using public access terminals and going to the library and learning about computers, repeat this for a long period of time and finally I met someone on their way to arizona who wanted to know if I wanted to go with them, I caught a break basically, and I went and worked in debt collections and moved into an apartment, but kept teaching myself. I then got into the state university there, but ended up getting kicked out the first semester because I was not ready yet (drugs), but not before I first landed a job with them, I worked for them for a short period of time, but naturally I lost the job when they found out why I had been kicked out of school (I was actually breaking tresspassing laws by going to work everyday).
But! the die was cast by that point, I had managed to get contracts on the side, I had done presentations in front of the local lugs and internal (to the.edu) groups, simply put I had made a name for myself through raw determination to make sure I changed my situation, I did. Fast forward aprox 7 years, I turn 25 this month, I've worked for banks, credit card processing companies, web hosts, and currently hold contracts with the federal government and run my own consulting firm (of 1). which also has contracts with the federal government. I've done everything from tech support and system administration, to kernel and userspace system programming. I know several high level languages and assembly for 4 different arch's, and my current position is doing mostly security research and incident response, and have done damn well at it.
My point is slightly off topic to what we are discussing, but the moral is simple: if a person wants to, they can. I'm not saying its easy, but nothing worthwhile is accomplished without hard work-- the difference between hard and impossible is a million miles wide. And no one has any excuse for not being able to get where they want to, they just need to know, not think, but know they don't want to be where they are and then spend every moment working towards th
funny, i did grow up in the 'wrong neighborhood' and 'wrong family'. I'm also a convicted felon with a long history of drug abuse. Luck has nothing to do with it, its all about drive, determination and skill.
Slashdot Mirror
Or the anonymous coward. Sourefire isn't totally open source.
Look at it another way and pretend to have a brain for a moment. Even with closed source software, it is possible to determine the components that make up the software and what each of them do (reverse engineering), this is what I do for a living. This is also a painstaking process for anything complicated. Then consider that you are also buying a physical box from them, which means in turn you have to audit all the firmware on the machine as well, and you have to do this for *every* *single* machine you buy from them (or at least once per release version/changed binary checksums). This holds true even if the project is open source. Why on earth would you do that? Is that how you want your tax money spent?
Now also think about things like technical support, where you would be giving information away to a foreign national about your IDS setup. This becomes an incredibly high risk situation, as you are not only talking to a foreign national who exists outside of your control (read: laws), but also exists at the other end of phone lines which are also beyond your control, so even if the person you're talking to is honest there is no control over whether all phone calls get routed through a central monitoring station or similar. The same can be said about emails and such as well.
Then consider that we are talking about Israel, not Canada here. Israel is considered a 'sensitive country' throughout most of the US Government. This means they maintain and employ an active intelligence program against the United States, or in layman's terms "they're doing a lot of spying on us". This puts them up there with countries like China, Russia, Iran and so on.
When you start looking at it, it begins to make sense why they wouldn't want a foreign based company owning their most used IDS solution.
I cannot say checkpoint doesnt have a firewall somewhere in the .gov but I can say that I know my agency cannot use checkpoint, and I know that I've never seen checkpoint being used anywhere.
Really, as a foreign national you can't even enter a building that has a classified section to it without going through literally months of hurdles, I can assure you that this was indeed a huge deal for the government.
While I don't necessarily agree with the premise, here is the 'real deal', it doesn't surprise me to see this come up as this issue was raised when they were first bought behind closed doors where I work.
Basically, throughout the US government, there are 'sensitive countries', some of them are obvious: China, Russia, etc. Some of them are non-obvious: Uzbekistan, Sudan, etc. Some of them don't really make a lot of sense because we've already given them so many secrets/money/etc: Israel (keep in mind your grandparents are probably older than the Israeli nation state yet Israel is the world 4th largest nuclear superpower, obviously we gave them a slight helping hand).
That said though, the Israeli's are obviously not satisfied with nuclear secrets and billions of dollars in military aid, as they have routinely and agressively committed acts of espionage against the US. Checkpoint was already rejected in many government agencies because of these reasons.
Snort is used throughout many areas of the government, entire facilities are built around the various NIDS systems on the market (ISS, Snort, NSAs, etc), however most often the backbone of these facilities is Snort. Which when you consider that checkpoint was already rejected, and then sourcefirce is bought this creates a crisis as now a company that was rejected owns the code being run in numerous installations throughout the country and world, which means a whole lot of trouble for a lot of people. So in that sense, trying to stop them makes some sense, as this means it wouldn't leave tons of people scrambling to fix the problem due to a 'fluctuation in the open market'.
Whats stupid to me is that these types of things should be planned on and contingencies created when you start using an product, because we failed to plan doesn't mean its the fault of sourcefire or anyone else. Really what you guys should see this as is similiar to the government speaking on blackberries behalf in court because a shutdown of their services would affect many feds.
The worry is that a product used by the government for security will be owned by a foreign-based company, this part kinda makes sense as Israel, despite being an allie is considered a sensitive country in most departments. This means basically that Israel is a coutry that actively engages in espionage against us, which makes the deal even more of an issue for them.
I don't fully agree with the government trying to stop the deal though, lack of planning on the governments part shouldnt constitute an emergency on checkpoints.
I seriously doubt that, as someone who has routinely flown all over the country with all sorts of weird electrical equipment, it always surprises me that they don't bat an eye. Additionally, if you pay attention, *a lot* of people have their cellphones turned on during the flight. The risk overall simply has to be overrated because airplanes aren't falling out of the sky all the time as result of people leaving their cellphones on.
It is in fact true that the number one flaw of the encryption was its implementation, but lets consider the one message that this project has decrypted. The post-1939 engima encryption, at its greatest strength had 23,276,989,683,567,292,244,023,724,793,447,227,628 ,130,289,261,173,376,992,586,381,072,041,865,764,8 82,821,864,156,921,211,571,619,366,980,734,115,
647,633,344,328,661,729,280,000,000,000,000,000 possible configurations, roughly 2×10^145. Which, you must consider that there is roughly 10^80 atoms estimated in the known universe, although in practice the complexity was 10^23.
Now lets take all of the available information at face value and presume everything everyone says about that message is correct, this is to say that it was transmitted in mid-1942, but shows up in war diaries for U-264 in 1930. This would leave one to assume that it was retransmited 12 years later for whatever reason.
As I understand it, all navel encryption between May 7, 1941 and June 1941 were decrypted, and post June 1941 'most' of the encryption was cracked using a banburismus machine, the banburismus had some limitations, one important one was that 200 messages had to be transmitted that day. Then consider that by 1945 we could crack 'most' engima encryption within a few days.
All things considered, we have few probable options, we can reasonably conclude that when the message was intercepted we either were not able to crack the encryption, or had such a backlog of messages to decrypt that it wasn't done, and because classified military information is only important so long as its relevant (i.e. decrypting a message that states when D-Day would occur, and where a month after the invasion is useless), its probable to think that we either couldnt or didnt crack the decryption in time for it to be useful, and therefore as stated the message was secure, in that the encryption lasted longer than the lifetime of the message.
The premise that the end of the war made it irrelevant is silly because that means we had a backlog of about 3 years. In addition, this message was transmitted in the middle of a transition in our decryption to something that was not 100%.
This just goes to show the power of properly implemented encryption.
Many components of their OS, are however under GPL'd code, they have a lot of code borrowed from various KDE projects, in fact if I had to guess actual numbers, I'd say more of their backend userspace code is external source than written at apple, and in fact, a quick grab of The darwin 10.4.5 x86 source code list run through grep and wc -l reveals the following:
Projects under the APSL: 112 Projects under 'Other' licenses: 135
Without really looking into the subject, I'd say that at least in userspace, more of OSX is GPL than not.
I think your problem of perception lies in using unsupported hardware.. That is to say, what hardware are you using that has 24-bit pointers?
Moved away, to what exactly? Nothing on the market performs in that arena as well as SGI did, then you run into all sorts of applications that only exist under SGI, etc so on and so forth.
You'd probably wonder what fields of medical research use SGI boxes as well, but if you've ever stepped foot in that industry you would find tons of SGI boxes specifically made for super high end graphics all over the place.
Enron routinuely created artificial shortages of energy in order to cause price spikes and profit from it, the california power outages, which as I understand it, they had a large part in, was a huge success for them and given a little while longer, could've potentially saved them from their impending doom (provided they changed their business practices), the point was people didn't simply move to other sources of energy when artificial outages were created.
Artificially causing spikes in oil price just causes more people to seek other energy sources
It worked for Enron.. at least for a while, and california still uses electricity (and they didnt crash because everyone changed energy sources either)
So you finally made it to level 99 and as you approach the last boss the perl program crashes with a message about a missing module! Surely you say, this is not possible perl detects the missing module during compilation.
Quickly I retort, try chrooting a perl script some time, especially one that has a function in a module that has a use statement in it and watch your scripting language fall apart.
Seriously folks, this is part of the perl dementia. perl is great as a general system glue/sh scripting replacement, its good for cgi's, but stop trying to do everything in scripting languages, in every single real world implementation ive seen its either failed misrebly or performed misrebly. Please grow up and use a real language when you have real tasks to accomplish.
While what you said is generally correct, I will point out that anyone with access to the HDD (or an image of the disk, which can be done across the network) can access EFS encrypted files, your password is not required, both Encase and FTK support it, and I'd imagine pretty much everything does. I do this all the time at work, so EFS is essentially 'trashware'. Unless something dramatic changes in Vista, the UK doesn't need a backdoor to the encryption, they just need the physical disk, which in LEO situations, is pretty common.
If someone really wants to encrypt their data, using pgpdisk or similar is a much better solution.
Hey, the free market will regulate itself, thats what makes capitalism great..and if it doesn't, well we will just pass a law against it.
Sanctions for China! Dollars for Israel!
I agree in the basics, but really what my point was that the passage of time, or the change of events is inevitable and will happen, whether you perceive it or not, and that therefore regardless of what term you give it, time exists.
To phrase it another way, it currently takes 23 hours and 56 minutes for a full revolution of the planet earth (and an additional 4 minutes for any one point to have sunlight on it again). If we all suddenly became ignorant of the 'time terminology', there would still be day and night, and it wouldn't happen instantiously, it would still take 23+ hours to occur each time, even if we called them something different and changed our scales.
If time is merely a construct that we mortals created, explain how objects age exactly? I mean, even if everyone and everything said 'time no longer exists', things will still age, people and creatures would still die of old age. The elements would eventually deteriorate most everything, etc. The measurement of time itself is a man-made construct, but the existence of it in itself is very much a reality.
i wish i had modpoints for you, best comment ever.
I've never understood this concept, well not so much the concept but rather how some homosexuals permit and adhere to it.
Omnia praeclara tam difficilia, quam rara sunt-- Ignis aurum probat, miseria fortes viros.
Thank you though.
That's impressive, but that would make you an exceptional case.
.edu) groups, simply put I had made a name for myself through raw determination to make sure I changed my situation, I did. Fast forward aprox 7 years, I turn 25 this month, I've worked for banks, credit card processing companies, web hosts, and currently hold contracts with the federal government and run my own consulting firm (of 1). which also has contracts with the federal government. I've done everything from tech support and system administration, to kernel and userspace system programming. I know several high level languages and assembly for 4 different arch's, and my current position is doing mostly security research and incident response, and have done damn well at it.
While statistics would agree with you, I really don't feel I am an exceptional case. Once you learn how to read, everything is possible, you just have to dedicate your time and effort to it and become convinced it is possible given enough time. It really bothers me to see people who feel they're stuck and would rather flounder than change the situation, simply put if you don't like where you are in life, change it- and eventually it will change.
If you are a "social engineer", and are designing some kind of social system, then you have to design it with the TYPICAL case in mind, and not the exceptional. In the situation of being trapped by self-destructive behavior, most people will find it difficult to find the path out without some help.
But that trap is just like the trap most drugs provide, purely mental. I really hate to quote Jesse Jackson, however I've always liked the quote- 'the problem is that people are too busy pushing dope into their veins instead of hope into their brains'. I realize that sounds quite hippy-esque, and I recognize that not every story will end in success, however people don't put forth enough effort. I used to be homeless, for about 2 years, at one point my home was a 280zx that I bought for $5 (dealership special sale where they sell a lot full of cars heavily discounted, and advertise the $5/$1 dollar car, and there are only one or two of them on the lot). Everything I owned, my entire life was in that car, and one night it broke down and I left it for the night, when I returned the next day everything i owned had either been stolen or strung out over the next few miles, and the car was totally trashed. So with that said, I now owned what I was wearing, and now didn't even have a place to sleep. Eventually I got a job in fast food, and in fact during that time period I indeed went through several fast food jobs, I started saving that money, I started using public access terminals and going to the library and learning about computers, repeat this for a long period of time and finally I met someone on their way to arizona who wanted to know if I wanted to go with them, I caught a break basically, and I went and worked in debt collections and moved into an apartment, but kept teaching myself. I then got into the state university there, but ended up getting kicked out the first semester because I was not ready yet (drugs), but not before I first landed a job with them, I worked for them for a short period of time, but naturally I lost the job when they found out why I had been kicked out of school (I was actually breaking tresspassing laws by going to work everyday).
But! the die was cast by that point, I had managed to get contracts on the side, I had done presentations in front of the local lugs and internal (to the
My point is slightly off topic to what we are discussing, but the moral is simple: if a person wants to, they can. I'm not saying its easy, but nothing worthwhile is accomplished without hard work-- the difference between hard and impossible is a million miles wide. And no one has any excuse for not being able to get where they want to, they just need to know, not think, but know they don't want to be where they are and then spend every moment working towards th
funny, i did grow up in the 'wrong neighborhood' and 'wrong family'. I'm also a convicted felon with a long history of drug abuse. Luck has nothing to do with it, its all about drive, determination and skill.
really? care to explain how I make 100k+ a year in las vegas as a high school and college drop out?