I don't necessarily disagree with you, but as both an avid gamer and an avid reader, I'm not sure I understand why you feel the need to put those two activities at odds.
What's important is that they don't know it doesn't happen.
Sure, we take it for granted that we understand where our network traffic goes and who might care about that, but the average single mom in New York just trying to support her kids has no idea of these things.
What she knows is that a nice man from a very scary organization came by to explain that for only $7,500, she can avoid being sued for millions of dollars - in the old days, we used to call that "extortion" - and she's hoping that by simply appealing to the courts, as an individual, she can find some recourse.
This is important, because it reflects the impact of complicated law governing complicated technology on average citizens who very likely won't understand it.
At CanSecWest last year, there was a great panel discussion on the legality of security testing, accessing secured and unsecured networks, and so on. Many of the audience raised similar metaphors comparing open networks to unlocked doors, cars, homes, etc; the lawyer on the panel then made one of the most astute points I've heard on the subject (which I can only paraphrase now): "Regardless of what they may be *like*, computers and networks are not cars. They are not doors, or houses. The law does not govern computers and networks the way it governs cars and houses; neither does it govern computers and networks based on an arbitrary moral sense of right and wrong." No matter your opinion on the law, it still exists; if you think it needs changing, you need to involve yourself with the government that creates it, or you're hardly in a position to complain about it.
For God's sake, will you please stop beating this issue to death?
No, MacOS will not officially run on non-Apple hardware. Yes, l337 h4x0rs will probably find a way to make it happen. No, it will not be the rosy seamless computing experience MacOS provides on controlled hardware.
Apple's success in OS development is in no small amount tied to their control of the hardware it runs on; don't expect that to go away anytime soon.
Agreed, and our campus instituted a VPN as well; but trying to get faculty and staff to understand its undeniably intimidating use and installation on their random home machines running everything from Windows95 to OSX Tiger (broke the Cisco VPN client for quite a while) has caused the VPN to fall almost by the way in favour of "just make it work". That isn't to say the user is at fault - rather, as admins we need to find a system that meets our requirements (security, stability, etc) without putting onerous demands on our users.
While practically that may be true, at least from a structural and financial perspective, it's more often politics that govern the network policy at large, decentralized Universities.
Try telling your faculty members that they can't access their file server from off-campus; it's not hugely unreasonable, but it just won't go over.
Railing against it doesn't help; instead, you compartmentalize and strengthen your chunk of the network, and lead by example.
Coming from an educational IT background, I can tell you it's not that simple. You can't just say "we need to secure the University's network!" when it's being run by a few hundred different people across a bundle of different departments and faculties, all with their own policies and requirements.
I'd say the original post was the right question, and that the right answer, as many have already noted, is an upstream 'nix box running your choice of firewall - OpenBSD and PF is my favourite flavour, but that's just a personal preference.
Ah, Bennie - what part of that man's interview doesn't conjure the image of a 1920's huckster, cigar firmly chomped, replete with bulging pinstripes? He's stuck on the idea of push media, on the idea that the audience can't modify the material they're consuming. Computers, for the first time, offer a medium on the web and elsewhere that is malleable; I can choose what level of Slashdot thread to read, filter my news by my own preference, organize and reshape that content any way I want before I actually read it - and that's the strength of the web. Things didn't go the old media way on this one, and that's got Bennie upset, because he still lives in a world where media means newspapers, and newspapers mean ads that everyone reads, dammit. Content providers will figure out other ways to leverage money out of the web; the web is the first medium that allows the consumer to provide direct feedback on how they want to see that happen.
Slashdot Mirror
I don't necessarily disagree with you, but as both an avid gamer and an avid reader, I'm not sure I understand why you feel the need to put those two activities at odds.
Sure, we take it for granted that we understand where our network traffic goes and who might care about that, but the average single mom in New York just trying to support her kids has no idea of these things.
What she knows is that a nice man from a very scary organization came by to explain that for only $7,500, she can avoid being sued for millions of dollars - in the old days, we used to call that "extortion" - and she's hoping that by simply appealing to the courts, as an individual, she can find some recourse.
This is important, because it reflects the impact of complicated law governing complicated technology on average citizens who very likely won't understand it.
If there's one thing that irritates me above all others, it's the total inability of humans to contain a discussion on any topic to that topic.
At CanSecWest last year, there was a great panel discussion on the legality of security testing, accessing secured and unsecured networks, and so on. Many of the audience raised similar metaphors comparing open networks to unlocked doors, cars, homes, etc; the lawyer on the panel then made one of the most astute points I've heard on the subject (which I can only paraphrase now): "Regardless of what they may be *like*, computers and networks are not cars. They are not doors, or houses. The law does not govern computers and networks the way it governs cars and houses; neither does it govern computers and networks based on an arbitrary moral sense of right and wrong." No matter your opinion on the law, it still exists; if you think it needs changing, you need to involve yourself with the government that creates it, or you're hardly in a position to complain about it.
Um...monopoly on what, exactly?
For God's sake, will you please stop beating this issue to death? No, MacOS will not officially run on non-Apple hardware. Yes, l337 h4x0rs will probably find a way to make it happen. No, it will not be the rosy seamless computing experience MacOS provides on controlled hardware. Apple's success in OS development is in no small amount tied to their control of the hardware it runs on; don't expect that to go away anytime soon.
I hate to be the guy who says "Search the Frickin' Internet", but... http://search.cpan.org/dist/perl/pod/perlhist.pod It's the maintainer of a given release of Perl.
Agreed, and our campus instituted a VPN as well; but trying to get faculty and staff to understand its undeniably intimidating use and installation on their random home machines running everything from Windows95 to OSX Tiger (broke the Cisco VPN client for quite a while) has caused the VPN to fall almost by the way in favour of "just make it work". That isn't to say the user is at fault - rather, as admins we need to find a system that meets our requirements (security, stability, etc) without putting onerous demands on our users.
Try telling your faculty members that they can't access their file server from off-campus; it's not hugely unreasonable, but it just won't go over.
Railing against it doesn't help; instead, you compartmentalize and strengthen your chunk of the network, and lead by example.
Coming from an educational IT background, I can tell you it's not that simple. You can't just say "we need to secure the University's network!" when it's being run by a few hundred different people across a bundle of different departments and faculties, all with their own policies and requirements. I'd say the original post was the right question, and that the right answer, as many have already noted, is an upstream 'nix box running your choice of firewall - OpenBSD and PF is my favourite flavour, but that's just a personal preference.
Ah, Bennie - what part of that man's interview doesn't conjure the image of a 1920's huckster, cigar firmly chomped, replete with bulging pinstripes? He's stuck on the idea of push media, on the idea that the audience can't modify the material they're consuming. Computers, for the first time, offer a medium on the web and elsewhere that is malleable; I can choose what level of Slashdot thread to read, filter my news by my own preference, organize and reshape that content any way I want before I actually read it - and that's the strength of the web. Things didn't go the old media way on this one, and that's got Bennie upset, because he still lives in a world where media means newspapers, and newspapers mean ads that everyone reads, dammit. Content providers will figure out other ways to leverage money out of the web; the web is the first medium that allows the consumer to provide direct feedback on how they want to see that happen.