They're actually not free to test and such... time taken out for this testing is time taken out of other projects and slipping deadlines. Sr. Management typically has tight expectations for timelines and budgets.
With a predictable schedule, you can schedule resources up front to make sure you're actually addressing things without letting the major projects drop.
Life in a large company is a different world.
Plus, once you've announced the patches, you've increased the threat exposure by several orders of magnitude. Without the corporations able to schedule those resources, you increase the likelyhood that they will actually get hit before they have a chance to respond.
I've installed Windows dozen's of times, and have always had to manually configure that option. It wasn't an MS default. If it was preinstalled by your vendor, its your vendors fault. If it was the Domain Admin (as in another post), its the Ops folks' fault (or more likely their management's fault)
The only way this becomes Microsoft's fault is if you extend fault to include the need to be patched in the first place. (Or having the ability to configure autoupdate in such a way that it doesn't bother 99% of folks out there)
Note: I manage an environment with tens of thousands of Windows machines. Auto-update/install/reboot is turned on for most of them.
I recently started driving a stick-shift car, and I'm much more careful about the speedup/slow down thing, because there's less effort involved. I've also started riding a motorcycle, and noticed the same thing.
When I get back into my automatic, I feel the urge to crank it, but I can sense the engine-work much better now, and I've seen my mileage go up without having to really do much. (That is, getting used to driving the stick got me used to the good habits already)
But our department doesn't have the clout to override the other VPs desire to keep that functionality.
In fact, I think part of the argument is that we can't respond to their needs quickly enough, partly because we're running around dealing with stuff we wouldn't have to if we were allowed to do things right =-/
> That may have been back when you worked there, but it's quite obvious that it's not the case now.
You just say they don't do the blocking... you don't assert in any fashion how they benefit from it. There's a vast difference between an ISP who can't be bothered to block traffic, and one who is in collusion with the spammers.
I personally hate that my ISP blocks port 25 outbound. I wish they did something more intelligent like tracking spam complaints back to the subscriber and blocking port 25 for those subscribers, or issuing a warning or something...
> The sad thing is that most people who report spam are the idiots of the Internet who don't understand things like joe-jobbing, etc
How is this a sad thing?
As long as the reports go to someone who is smart enough to understand those things, the reports can help.
The only downside I can think of is that they may believe that AOL is actually sending out these messages, and AOL is a bad company to deal with... I can see how that's sad for AOL, but I didn't realize there were alot of AOL supported on slashdot =-) (or earthlink, or msn, or whoever...)
A few may actually behave like this, but I'd be willing to bet that the majority aren't. I've worked for a large ISP, and we worked with others to fight this stuff. Spam represented a great waste of our resources, and a great distraction to actually providing an actual product for our customers.
I've worked for a very large ISP, and we never responded to them, but we took action on every single report.
Often, just counting against a mailhost for eventual blockage and upline reporting... but it helped block spam from other people (and more spam to yourself) at the least.
>But I suppose that blocking a legitimate use is easier than arguing with the ??AA's.
Why the conspiracy? Isn't it even remotely possible that the ??AA's had nothing to do with it? Why can'y we just take the word at face value and believe that there is enough bandwidth being used by this stuff to be really expensive?
So you block some legitimate use... There are typically other ways of getting those materials anyway, so no major harm done.
Or do you really believe that p2p is mostly used for Linux ISO torrents?
Guess what? Where I am you can't telnet in to my box, even though it's directly connected to the Internet. There are legitimate uses for telnet (just may not be smart... but that's a value call... why aren't more people complaining the same way about port 23 restrictions that are around?)
> There is no justification for saying that file sharing as a whole is illegal
But they're not saying that... they're saying that file sharing as a whole is not allowed on their net... They've done the cost/benefit analysis and come up with that plan.
There are other ways to get those high traffic materials, and many universities will mirror those sorts of things locally anyway so you don't have to worry about hitting the original servers anyway.
Lets say you have an 4 OC-12s (no idea what they'd actually have) That's about 2400mbps of bandwidth. (4&~600 mbps payload)
Lets say you have 24,000 students, and 10% of them are doing p2p => 2,400 sharers That's 1mbps per sharer to saturate your connection which is not really a large amount.
In this scenario, unless you bring your cap below that, you won't affect existing sharing. And if you drop it below that, you really start to impact real work/research.
Doing an across the board limit just doesn't work well, and even if you factor in exceptions.. you're still going to have a large chunk that use their excepted connection for p2p.
Fine... so restrict p2p only on the "excepted" connections? But now you're playing the same game just on a smaller field, and that field will keep growing as well. You've just put the problem off a bit.
I dont' know how to solve the problem, but bandwidth limits don't strike me as a good approach./twiddle those numbers all you want... I bet there's only a small cosm in which limiting bandwidth will make sense, and I doubt that will map to many major universities.
Why can't the create a service that the folks can install as part of a standard corporate image, managed by GPO, allowing regular users to trigger a mount...
Not a total solution, but it's at least a way to allow a corporation that wanted to use it to not open things up entirely. (Though in the large corps I've worked with, if you don't have a recovery key, you're out of the running... they want to be able to get into an employees secured data after they've been terminated...)
I don't know the folks involved, but I've been in similar situations... I've bypassed many systems over the years.
Initially, rolling the clock back did it, but most systems started paying attention to that, and it wouldn't work. When it didn't work for enough times in a row, that particular tool slid to the back of the tool belt, and if you don't use a tool enough, you can forget about it entirely.
Alternatively, I've run into the situation where adjusting the clocks wasn't an option because of other stuff running on the systems.
...Unless your Execs all like the way calendar items and mail items comingle... and your case management team is using an Exchange integrated tool... and on and on.
Depends on your setup... I've been on a fairly large Exchange/Outlook setup for several years (~20k users), and on several smaller ones previously, and you know how many security problems we actually experienced as a result?
So, if we assume correlation = causality, then the more sunspots there are, the better off I am personally?! And by the logic in some of the other posts, more sunspots = global warming.
So...
The marketers are obviously right. Consume, consume, consume for a better tomorrow!
Slashdot Mirror
They're actually not free to test and such... time taken out for this testing is time taken out of other projects and slipping deadlines. Sr. Management typically has tight expectations for timelines and budgets.
With a predictable schedule, you can schedule resources up front to make sure you're actually addressing things without letting the major projects drop.
Life in a large company is a different world.
Plus, once you've announced the patches, you've increased the threat exposure by several orders of magnitude. Without the corporations able to schedule those resources, you increase the likelyhood that they will actually get hit before they have a chance to respond.
I've installed Windows dozen's of times, and have always had to manually configure that option. It wasn't an MS default.
If it was preinstalled by your vendor, its your vendors fault.
If it was the Domain Admin (as in another post), its the Ops folks' fault (or more likely their management's fault)
The only way this becomes Microsoft's fault is if you extend fault to include the need to be patched in the first place. (Or having the ability to configure autoupdate in such a way that it doesn't bother 99% of folks out there)
Note: I manage an environment with tens of thousands of Windows machines. Auto-update/install/reboot is turned on for most of them.
I recently started driving a stick-shift car, and I'm much more careful about the speedup/slow down thing, because there's less effort involved.
I've also started riding a motorcycle, and noticed the same thing.
When I get back into my automatic, I feel the urge to crank it, but I can sense the engine-work much better now, and I've seen my mileage go up without having to really do much. (That is, getting used to driving the stick got me used to the good habits already)
I just called to check on contract ends dates. After I got my info they asked me why I wanted to know.
So, I told them...
And she emphatically said that Verizon Wireless doesn't share any of its records with government agencies without a subpoena.
Yeah, I completely trusted that answer =-)
So, if I pull a gun in a bank and just as I'm about to yell "This is a stickup" someone takes me down...
Is my only crime that of brandishing a weapon?
> Nothing is as black-and-white as you make it out to be
I'm Off-topic, but that's a pretty black-and-white statement.
It just made me chuckle =)
Developers who just want things to work... and they know a server "x" that does what they want.
When you get an organization large enough to have hundreds of VPs, you also have the other flotsam that comes with them.
I'd love to do this in my org... a large company.
But our department doesn't have the clout to override the other VPs desire to keep that functionality.
In fact, I think part of the argument is that we can't respond to their needs quickly enough, partly because we're running around dealing with stuff we wouldn't have to if we were allowed to do things right =-/
>I'm sure glad I don't smoke anymore. It sure would be a pain in the ass.
I don't think you're doing it right
> That may have been back when you worked there, but it's quite obvious that it's not the case now.
You just say they don't do the blocking... you don't assert in any fashion how they benefit from it.
There's a vast difference between an ISP who can't be bothered to block traffic, and one who is in collusion with the spammers.
I personally hate that my ISP blocks port 25 outbound. I wish they did something more intelligent like tracking spam complaints back to the subscriber and blocking port 25 for those subscribers, or issuing a warning or something...
> The sad thing is that most people who report spam are the idiots of the Internet who don't understand things like joe-jobbing, etc
How is this a sad thing?
As long as the reports go to someone who is smart enough to understand those things, the reports can help.
The only downside I can think of is that they may believe that AOL is actually sending out these messages, and AOL is a bad company to deal with... I can see how that's sad for AOL, but I didn't realize there were alot of AOL supported on slashdot =-) (or earthlink, or msn, or whoever...)
"They"?
A few may actually behave like this, but I'd be willing to bet that the majority aren't.
I've worked for a large ISP, and we worked with others to fight this stuff. Spam represented a great waste of our resources, and a great distraction to actually providing an actual product for our customers.
I've worked for a very large ISP, and we never responded to them, but we took action on every single report.
Often, just counting against a mailhost for eventual blockage and upline reporting... but it helped block spam from other people (and more spam to yourself) at the least.
What's really all that wrong about tubes as a layman's descriptor? Like any metaphor it can be taken too far, but the metaphor itself is not bad.
;-)
It's like if you were describing a car... aw never mind
Yeah, I'm an idiot. I got caught up in commenting about sub-things, and forgot the original article!
>But I suppose that blocking a legitimate use is easier than arguing with the ??AA's.
Why the conspiracy? Isn't it even remotely possible that the ??AA's had nothing to do with it?
Why can'y we just take the word at face value and believe that there is enough bandwidth being used by this stuff to be really expensive?
So you block some legitimate use... There are typically other ways of getting those materials anyway, so no major harm done.
Or do you really believe that p2p is mostly used for Linux ISO torrents?
Guess what? Where I am you can't telnet in to my box, even though it's directly connected to the Internet. There are legitimate uses for telnet (just may not be smart... but that's a value call... why aren't more people complaining the same way about port 23 restrictions that are around?)
> There is no justification for saying that file sharing as a whole is illegal
But they're not saying that... they're saying that file sharing as a whole is not allowed on their net... They've done the cost/benefit analysis and come up with that plan.
There are other ways to get those high traffic materials, and many universities will mirror those sorts of things locally anyway so you don't have to worry about hitting the original servers anyway.
Lets say you have an 4 OC-12s (no idea what they'd actually have)
/twiddle those numbers all you want... I bet there's only a small cosm in which limiting bandwidth will make sense, and I doubt that will map to many major universities.
That's about 2400mbps of bandwidth. (4&~600 mbps payload)
Lets say you have 24,000 students, and 10% of them are doing p2p => 2,400 sharers
That's 1mbps per sharer to saturate your connection which is not really a large amount.
In this scenario, unless you bring your cap below that, you won't affect existing sharing.
And if you drop it below that, you really start to impact real work/research.
Doing an across the board limit just doesn't work well, and even if you factor in exceptions.. you're still going to have a large chunk that use their excepted connection for p2p.
Fine... so restrict p2p only on the "excepted" connections? But now you're playing the same game just on a smaller field, and that field will keep growing as well. You've just put the problem off a bit.
I dont' know how to solve the problem, but bandwidth limits don't strike me as a good approach.
I wonder if this continues, if the price for exploits will go down, since they can more quickly get replicated, there may be more of an actual market.
Why can't the create a service that the folks can install as part of a standard corporate image, managed by GPO, allowing regular users to trigger a mount...
Not a total solution, but it's at least a way to allow a corporation that wanted to use it to not open things up entirely. (Though in the large corps I've worked with, if you don't have a recovery key, you're out of the running... they want to be able to get into an employees secured data after they've been terminated...)
I don't know the folks involved, but I've been in similar situations... I've bypassed many systems over the years.
Initially, rolling the clock back did it, but most systems started paying attention to that, and it wouldn't work.
When it didn't work for enough times in a row, that particular tool slid to the back of the tool belt, and if you don't use a tool enough, you can forget about it entirely.
Alternatively, I've run into the situation where adjusting the clocks wasn't an option because of other stuff running on the systems.
...Unless your Execs all like the way calendar items and mail items comingle... and your case management team is using an Exchange integrated tool... and on and on.
And, we're not an all MS shop
Depends on your setup... I've been on a fairly large Exchange/Outlook setup for several years (~20k users), and on several smaller ones previously, and you know how many security problems we actually experienced as a result?
Zero.
So, if we assume correlation = causality, then the more sunspots there are, the better off I am personally?!
And by the logic in some of the other posts, more sunspots = global warming.
So...
The marketers are obviously right. Consume, consume, consume for a better tomorrow!
But these are the folks that argue for intellectual property. My information could easily fall under "intellectual property".