...before you can start thinking about replacing everything with BSD or Macs.
It sounds like there are lots of problems, and you aren't going to be able to fix them all at once. Try and point out, in as professional a way as possible, what the risks are. What exactly would be lost if machine X, for which there is no backup, failed?
From a functional standpoint in a teaching environment, there may well be very valid reasons to keep using Microsoft products. Like it or not, that's what people will probably end up using in the outside world, assuming that their job is a little more fulfilling then "do you want fries with that?
There are also very valid reasons for NOT using Microsoft servers as infrastructure (cost of sale being an obvious one) but you aren't going to be able to get close to influencing any decisions if you're just seen as some sort of zealot.
So be helpful, be "a team player" and try and change the world a bit at a time, not all at once.
Oh, and the very best of luck. With water coming through the wall it sounds like you might need it.
S&N's a big company, active not just in the UK - anywhere there you go you can see their brands and products. I can't imagine that anything like that amount of money is going into online casinos in the long, or even the short, term.
Am I missing something here - do people really spend as much on poker as on beer?
The Thames Barrier makes sense because it's cost-effective - one relatively small barrier prevents a lot of damage.
The comparison between the UK and NL North Sea coasts is interesting. On much of of the UK's coast there are no sea defences at all, but in Holland the sheer scale of them has to be seen to be believed. I guess that the reason is that people in the UK have a choice (to be flippant - how many people would miss Norfolk?) - one part of the country is tipping into the sea as another part is rising out of it. In Holland it's not quite that simple - if you retreat into "safe" areas you may well end up speaking German.
That said - Holland still suffers from flood problems, such as when rivers from Central Europe carry floodwater in. There's not a lot you can do about that. And somehow, I suspect that moving the Port of Amsterdam and Europoort et al to higher ground isn't going to work.
I strongly suspect that the statements put about to retailers earlier this year (along the lines of "if you haven't installed Chip and Pin kit you're liable for any fraud") were somewhat overhyped.
"If a retailer does not have a chip and PIN acceptance device after January 1, 2005 and the use of such a device could have prevented the fraud from occurring, the retailer may bear the cost of a fraudulent transaction. This will depend upon the terms and conditions between that retailer and its acquiring bank."
Obviously, if the bank can show that the merchant was negligent, they've probably got a case - just the same as they would have in the pre chip-and-pin world.
As to any shift of liability onto the consumer, it's again (notwithstanding applicable laws) down to the agreement between you and your bank. If, in the light of having to effectively disclose your PIN every time you use your card and you're present, you think that you're at risk of getting shafted, it may be time to change your bank (or start paying by cash).
With regard to applicable laws, it's worth mentioning that (in the UK) credit cards are about the safest way to buy stuff remotely thanks to the legal requirements of the distance selling regulations: http://www.dti.gov.uk/ccp/topics1/ecomm.htm
As to whether chip-and-pin is necessarily any more secure than a "signature" I couldn't say. APACS clearly think so, but I'll still be furtively covering my hand while typing a PIN in...
Er, have you got any actual evidence for that statement?
Even going back 30 years (yes, I am nearly that old) there were plenty more combinations than that. There was a problem with wear (hence the old "one old Ford key fits all" joke from the 1970s).
>... order key dupes using the number stamped on the key...
No, you'll need the master key, a bent dealer, a VERY good story or some combination of the above.
>... the VIN is visible on modern cars through the windshield...
No (well, not in Europe anyway - not sure about elsewhere). Everything I've driven outside of Europe has been a rent-a-car and those do have a number on a plaque behind the windscreen.
> If someone wants it, they can take it.
That, however, is absolutely spot on. If they want it badly enough, they'll tow it away.
It depends on in which decade the car was made. Yes, if you stick 12v across the starter, it'll turn over. Chances are, with anything made in the last 5-10 years, nothing more interesting will happen (this is in Europe - may be different where you are of course).
Every car that I've had that's been made since the mid 1990s has had a standard-fit immobiliser. Even not taking that into account, what happens in the engine depends not just how much you're pressing the right-hand pedal, on a whole lot of other stuff as well. I once had a 1992 Citroen that refused to go over 40mph because the potentiometer detecting accelerator pressure failed. It wasn't truly "drive-by-wire", but the pedal angle was used to control (among other things) the amount of air getting into the engine. Having previously driven cars with a more "agricultural" approach to engine control, when this happened it was something of a shock.
It's not just China (in fact, the bloke from SecurityFocus says this towards the end). I tend to see logs containing a lot of stuff from China, Taiwan and Korea, but also Argentina, Italy, France, Canada and the US. If you blacklisted every country which turned up unannounced in your logs you'd soon run out of countries to ban.
However, the question should be asked - who, exactly, do you expect to legitimately want to access your server? If it's a group of friends accessing some common stuff on one machine, it should be accessible to those people only.
It's not going to be practical to do this with www.bigcompany.com, but instead of starting with the assumption that, for example, an ssh server should be open to all but password protected start from the other end - ask what subnets should be able to access it.
I'm not sure I'd call the original article "a good commentary" either - it does look like someone had a requirement to submit something to the Register and it got rather closer to pub opening time then planned before he submitted it. You can almost see the "Will this do?" on the end (or maybe I've just been reading Private Eye too much).
Realplayer 10 doesn't support Realplayer 2 "out of the box". It will happily connect to Real to download said codec if you want - although obviously this assumes that Real will always be with us.
(and despite just having written the same thing in reply to another topic on the same page, no, I'm not on comission or have any connection with the company).
It supports multiple projects and tasks, with text notes behind each. The downside is that it's Windows only and doesn't run under Wine, so it may well not be any use to you.
I'd certainly vote for keeping as much stuff in text files as possible.
Whilst I can understand the wish to store images and handwritten annotations, it'll be difficult to search for the idea that you were trying to get down with the annotation. Long-term, it'd be easier to store images as files, and annotate them in separate text files. Convert PDF files to text (having access to the source of pdftotext helps here!). Email is mostly text anyway...
It's easy to cross-reference from one file to another (and if you stick to text you won't have the hassle of the delay that a word processor or PDF viewer would impose going from one to another).
Personally I use "emacs" to edit notes files behind "Above & Beyond" (but the first of these isn't compulsary and the second is no help to you as it's Windows only), and a bit of self-discipline to put the same info in the same place at the top of each one.
You do, sure, and I do (actually on Windows it's Foobar rather than Winamp), but most people really don't see the need to use anything other than the defaults that come with their computer.
If it ain't broke, why fix it - and even if it is, people still need to know that there is an alternative and how to install it.
Both among friends and family and at work, the majority are still IE users. Hardly anyone on XP has disabled XP's attempts to process zip files (which it seems to do really badly), and most still use "default" installs of WMP or Real (with whichever was installed last grabbing all the extensions).
As long as it works "well enough", they're willing to put up with it. Maybe they've tried to install software that "looked attractive" before but it turned out to be riddled with spyware - so they're resistant to change.
When I read it yesterday I was surprised that the BBC didn't appear to do any fact checking or analysis but just ran DSG's PR intact. Maybe journalism is on holiday in Tuscany at the moment with the rest of the meeja.
It's an mp3 player stereo component. Why is the OS relevant?
Should I care what operating system my car runs, or my fridge or my washing machine? If it does its job (be that keeping beer cold, washing clothes, or playing MP3s) I really don't care - and I'm someone who already uses someone else's cast-off PC as a "networked MP3 player".
Yes, back in the last century when CDs were new there were demos on TV of people "drilling a hole in a CD and it still playing".
The trouble is, they were drilling between the end of the recorded section (which, as everyone here will know but no-one then did) starts from the inside out rather than (as with an LP) from the outside in. It's about as relevant as drilling a hole in between the end grooves of an LP.
Unless anyone can quote an example to the contrary, I can't see a situation where any in-car system allows code to be uploaded easily or by accident - or even how an attack such as a buffer overflow could be used to infect the engine management system et al.
However, car manufacturers want to save money and using one data path through the car would do that.
There were certainly similar concerns a few years ago (around the time that people started chipping Sierra Cosworths - that shows you how long ago this was) that since the ABS and engine management systems were interlinked, screwing around with the former (by remapping it) "could" (in the mind of some journo down the pub who needs to get some copy in by 4pm) affect the latter. Whether it ever did or not was a different matter.
The cars that I'm familiar with are all highly modular all have audio that works independently of climate control, and independent again of control of stuff like the 4wd system, EMS, ABS, EBD and all the other TLAs that modern cars tend to have. The reason that it's all modular is simple - you can get different versions of the same car with or without 4wd or climate control. I know that some manufacturers in some models (BMW springs to mind) use embedded versions of Windows to control the in-car bits and bobs like sat nav etc, but I suspect that this has little connection with the EMS other than indicating "sport mode" etc. I don't have a BMW and so can't verify this, though.
Also, engine management systems are designed to cope with analogue sensors that fail, and cope with "unexpected input" by moving to a "get you home" mode. Problems with other computer systems are often caused by failure to predict unexpected inputs.
I suppose that it's feasible that a badly setup bluetooth phone could allow the radio volume to be turned off by an "attacker", but I can't see much else happenning.
Doesn't everyone who leaves ssh open and unrestricted by IP for any length of time see people trying to brute-force it with password lists?
That said, there's no guarantee that it really is a malicious act on behalf of that other business - could be someone came through them to get to you "for a laugh", or the office junior or someone's 12-year-old messing about.
Oh - and document everything, and make sure that if asked how you knew exactly when something happened (such as when something happened) you have an answer (e.g. an ntp log or something).
What do the job descriptions say? What are you likely to spend your time doing during, say, the first 6 months? What are the prospects going forward? Which do you think you might enjoy doing more?
Slashdot Mirror
...before you can start thinking about replacing everything with BSD or Macs.
It sounds like there are lots of problems, and you aren't going to be able to fix them all at once. Try and point out, in as professional a way as possible, what the risks are. What exactly would be lost if machine X, for which there is no backup, failed?
From a functional standpoint in a teaching environment, there may well be very valid reasons to keep using Microsoft products. Like it or not, that's what people will probably end up using in the outside world, assuming that their job is a little more fulfilling then "do you want fries with that?
There are also very valid reasons for NOT using Microsoft servers as infrastructure (cost of sale being an obvious one) but you aren't going to be able to get close to influencing any decisions if you're just seen as some sort of zealot.
So be helpful, be "a team player" and try and change the world a bit at a time, not all at once.
Oh, and the very best of luck. With water coming through the wall it sounds like you might need it.
A Reuters report from yesterday suggested a valuation for Partygaming (after the slide) of "about the size of Scottish and Newcastle":
e uters/2005/09/07/business/bruisedpartygamingsettoe nterftse100.html&template=/money/feeds/story_templ ate.html
http://www.tiscali.co.uk/news/newswire.php/news/r
S&N's a big company, active not just in the UK - anywhere there you go you can see their brands and products. I can't imagine that anything like that amount of money is going into online casinos in the long, or even the short, term.
Am I missing something here - do people really spend as much on poker as on beer?
The more normal approach is one of "managed retreat".
? lang=_e®ion=Environment%20Agency%20Wales
One example here:
http://www.environment-agency.gov.uk/news/1145746
The Thames Barrier makes sense because it's cost-effective - one relatively small barrier prevents a lot of damage.
The comparison between the UK and NL North Sea coasts is interesting. On much of of the UK's coast there are no sea defences at all, but in Holland the sheer scale of them has to be seen to be believed. I guess that the reason is that people in the UK have a choice (to be flippant - how many people would miss Norfolk?) - one part of the country is tipping into the sea as another part is rising out of it. In Holland it's not quite that simple - if you retreat into "safe" areas you may well end up speaking German.
That said - Holland still suffers from flood problems, such as when rivers from Central Europe carry floodwater in. There's not a lot you can do about that. And somehow, I suspect that moving the Port of Amsterdam and Europoort et al to higher ground isn't going to work.
I strongly suspect that the statements put about to retailers earlier this year (along the lines of "if you haven't installed Chip and Pin kit you're liable for any fraud") were somewhat overhyped.
s /ready/shift_liability.html admits:
Actually it would depend on the small print of the Ts and Cs between the bank and merchant, as APACS http://www.chipandpin.co.uk/business/card_payment
"If a retailer does not have a chip and PIN acceptance device after January 1, 2005 and the use of such a device could have prevented the fraud from occurring, the retailer may bear the cost of a fraudulent transaction. This will depend upon the terms and conditions between that retailer and its acquiring bank."
Obviously, if the bank can show that the merchant was negligent, they've probably got a case - just the same as they would have in the pre chip-and-pin world.
As to any shift of liability onto the consumer, it's again (notwithstanding applicable laws) down to the agreement between you and your bank. If, in the light of having to effectively disclose your PIN every time you use your card and you're present, you think that you're at risk of getting shafted, it may be time to change your bank (or start paying by cash).
With regard to applicable laws, it's worth mentioning that (in the UK) credit cards are about the safest way to buy stuff remotely thanks to the legal requirements of the distance selling regulations: http://www.dti.gov.uk/ccp/topics1/ecomm.htm
As to whether chip-and-pin is necessarily any more secure than a "signature" I couldn't say. APACS clearly think so, but I'll still be furtively covering my hand while typing a PIN in...
Er, have you got any actual evidence for that statement?
... order key dupes using the number stamped on the key ...
... the VIN is visible on modern cars through the windshield ...
Even going back 30 years (yes, I am nearly that old) there were plenty more combinations than that. There was a problem with wear (hence the old "one old Ford key fits all" joke from the 1970s).
>
No, you'll need the master key, a bent dealer, a VERY good story or some combination of the above.
>
No (well, not in Europe anyway - not sure about elsewhere). Everything I've driven outside of Europe has been a rent-a-car and those do have a number on a plaque behind the windscreen.
> If someone wants it, they can take it.
That, however, is absolutely spot on. If they want it badly enough, they'll tow it away.
It depends on in which decade the car was made. Yes, if you stick 12v across the starter, it'll turn over. Chances are, with anything made in the last 5-10 years, nothing more interesting will happen (this is in Europe - may be different where you are of course).
Every car that I've had that's been made since the mid 1990s has had a standard-fit immobiliser. Even not taking that into account, what happens in the engine depends not just how much you're pressing the right-hand pedal, on a whole lot of other stuff as well. I once had a 1992 Citroen that refused to go over 40mph because the potentiometer detecting accelerator pressure failed. It wasn't truly "drive-by-wire", but the pedal angle was used to control (among other things) the amount of air getting into the engine. Having previously driven cars with a more "agricultural" approach to engine control, when this happened it was something of a shock.
It's not just China (in fact, the bloke from SecurityFocus says this towards the end). I tend to see logs containing a lot of stuff from China, Taiwan and Korea, but also Argentina, Italy, France, Canada and the US. If you blacklisted every country which turned up unannounced in your logs you'd soon run out of countries to ban.
However, the question should be asked - who, exactly, do you expect to legitimately want to access your server? If it's a group of friends accessing some common stuff on one machine, it should be accessible to those people only.
It's not going to be practical to do this with www.bigcompany.com, but instead of starting with the assumption that, for example, an ssh server should be open to all but password protected start from the other end - ask what subnets should be able to access it.
I'm not sure I'd call the original article "a good commentary" either - it does look like someone had a requirement to submit something to the Register and it got rather closer to pub opening time then planned before he submitted it. You can almost see the "Will this do?" on the end (or maybe I've just been reading Private Eye too much).
No, don't laugh.
Realplayer 10 doesn't support Realplayer 2 "out of the box". It will happily connect to Real to download said codec if you want - although obviously this assumes that Real will always be with us.
Before you can worry about reading individual files, you'll need to get them off the backup media.
Assuming that you've got some hardware that can physically read whatever it is, what about the backup software?
For example:
http://support.microsoft.com/?kbid=305381, complete with quote "this behavior is by design".
I suspect that "profit" is actually (4) - (3) is to get a reliable (as in so-reliable-you'd-bet-your-life-on-it) link between home and hospital.
(and despite just having written the same thing in reply to another topic on the same page, no, I'm not on comission or have any connection with the company).
It supports multiple projects and tasks, with text notes behind each. The downside is that it's Windows only and doesn't run under Wine, so it may well not be any use to you.
I'd certainly vote for keeping as much stuff in text files as possible.
Whilst I can understand the wish to store images and handwritten annotations, it'll be difficult to search for the idea that you were trying to get down with the annotation. Long-term, it'd be easier to store images as files, and annotate them in separate text files. Convert PDF files to text (having access to the source of pdftotext helps here!). Email is mostly text anyway...
It's easy to cross-reference from one file to another (and if you stick to text you won't have the hassle of the delay that a word processor or PDF viewer would impose going from one to another).
Personally I use "emacs" to edit notes files behind "Above & Beyond" (but the first of these isn't compulsary and the second is no help to you as it's Windows only), and a bit of self-discipline to put the same info in the same place at the top of each one.
And with Groupwise, your boss can still keep his Blackberry working just like it did with Exchange!
You do, sure, and I do (actually on Windows it's Foobar rather than Winamp), but most people really don't see the need to use anything other than the defaults that come with their computer.
If it ain't broke, why fix it - and even if it is, people still need to know that there is an alternative and how to install it.
Both among friends and family and at work, the majority are still IE users. Hardly anyone on XP has disabled XP's attempts to process zip files (which it seems to do really badly), and most still use "default" installs of WMP or Real (with whichever was installed last grabbing all the extensions).
As long as it works "well enough", they're willing to put up with it. Maybe they've tried to install software that "looked attractive" before but it turned out to be riddled with spyware - so they're resistant to change.
No, there's a 50Mb install CD that's downloadable. Grab that, and let the rest of the installation install over the wire overnight.
And if it was during "Midweek" there's no surprise that you weren't fully awake.
Yes, this is the same press release as the "we're no longer stocking VHS" one.
p ?BV_SessionID=@@@@0184077931.1123587161@@@@&BV_Eng ineID=ccekaddfgghmmhjcflgceggdhhmdgml.0&page=Produ ctList&category_oid=-24719&fm=15&sm=4&tm=1&use_cat egory=true
Except, of course that they still do:
http://www.dixons.co.uk/martprd/store/dix_page.js
When I read it yesterday I was surprised that the BBC didn't appear to do any fact checking or analysis but just ran DSG's PR intact. Maybe journalism is on holiday in Tuscany at the moment with the rest of the meeja.
It's an mp3 player stereo component. Why is the OS relevant?
Should I care what operating system my car runs, or my fridge or my washing machine? If it does its job (be that keeping beer cold, washing clothes, or playing MP3s) I really don't care - and I'm someone who already uses someone else's cast-off PC as a "networked MP3 player".
And $900? Someone is really having a laugh.
Yes, back in the last century when CDs were new there were demos on TV of people "drilling a hole in a CD and it still playing".
The trouble is, they were drilling between the end of the recorded section (which, as everyone here will know but no-one then did) starts from the inside out rather than (as with an LP) from the outside in. It's about as relevant as drilling a hole in between the end grooves of an LP.
It takes a while in terms of elapsed time, but not really in terms of effort. Just download the 50Mb network boot disk and leave for a while.
That's a very good point. Who's going to go into a car dealership and buy a new car "as is"?
Unless anyone can quote an example to the contrary, I can't see a situation where any in-car system allows code to be uploaded easily or by accident - or even how an attack such as a buffer overflow could be used to infect the engine management system et al.
However, car manufacturers want to save money and using one data path through the car would do that.
There were certainly similar concerns a few years ago (around the time that people started chipping Sierra Cosworths - that shows you how long ago this was) that since the ABS and engine management systems were interlinked, screwing around with the former (by remapping it) "could" (in the mind of some journo down the pub who needs to get some copy in by 4pm) affect the latter. Whether it ever did or not was a different matter.
The cars that I'm familiar with are all highly modular all have audio that works independently of climate control, and independent again of control of stuff like the 4wd system, EMS, ABS, EBD and all the other TLAs that modern cars tend to have. The reason that it's all modular is simple - you can get different versions of the same car with or without 4wd or climate control. I know that some manufacturers in some models (BMW springs to mind) use embedded versions of Windows to control the in-car bits and bobs like sat nav etc, but I suspect that this has little connection with the EMS other than indicating "sport mode" etc. I don't have a BMW and so can't verify this, though.
Also, engine management systems are designed to cope with analogue sensors that fail, and cope with "unexpected input" by moving to a "get you home" mode. Problems with other computer systems are often caused by failure to predict unexpected inputs.
I suppose that it's feasible that a badly setup bluetooth phone could allow the radio volume to be turned off by an "attacker", but I can't see much else happenning.
Doesn't he find it difficult to reach the top of the desk?
Doesn't everyone who leaves ssh open and unrestricted by IP for any length of time see people trying to brute-force it with password lists?
That said, there's no guarantee that it really is a malicious act on behalf of that other business - could be someone came through them to get to you "for a laugh", or the office junior or someone's 12-year-old messing about.
Oh - and document everything, and make sure that if asked how you knew exactly when something happened (such as when something happened) you have an answer (e.g. an ntp log or something).
What do the job descriptions say? What are you likely to spend your time doing during, say, the first 6 months? What are the prospects going forward? Which do you think you might enjoy doing more?