Not really, we have an SSL VPN which we can use to grant external access if needed, and for one or two users we do have 3rd party remote support software enabled. Access is generally granted a day at a time, and it's a few seconds work to enable it as needed.
Yes, there's still a risk of a work related site being infected, but bear in mind that to infect us it's got to get past: - A work related site must be infected (generally quite specialist sites, without a lot of traffic, so not prime hacking targets) - That site must also be one on our trusted list and able to run scripts - The virus scripts have to be running from that site (and not just redirected from elsewhere) - The virus can't download anything (we whitelist file downloads too - executable content isn't allowed) - The virus will have to be able to work with user permissions - It will also have to avoid a very up to date AV install and firewalls on our individual machines.
Generally, anything that can get past that lot is going to be very new, and probably capable of infecting our machines using current 0-day vulnerabilities.
However, so far we've been lucky, and yes, I do consider it luck. While I think ours is better than most, no AV protection scheme is perfect and I think it's only a matter of time until we do get infected by a virus. That's why we're looking to improve our backups and response times. All our work and servers are thoroughly backed up, the next stage is to improve backups of desktop computers so that we can recover from a site wide virus outbreak in a couple of hours.
The aim here is not to stop infection completely, that's impossible, our aim is to reduce downtime. We've done the first step which is to minimise our risk of infection, the next step is to minimise the recovery time when that happens.
> Do you really expect us to believe that the only secure way of accessing an Office Doc is to quarantine it. > I thought you had the system totally locked down and AV on all desktops?
As far as I'm concerned, yes. There are far too many vulnerabilities in office docs, and no way for me to lock those programs down. The primary aim of our security practices is to stop malware coming into the building, once it's in we're pretty much screwed. AV is the last line of defence, and one I don't particularly trust these days.
Blocking executable viruses and securing the web browser is easy. Securing Outlook and Office programs is a pain, but fortunately it's not proving too much hassle to manually vet these and we catch 5-6 documents a week that aren't caught by the AV scanning on our email gateway.
I just don't trust AV scanning these days, there's always a window of opportunity for any new virus, and too many viruses are sneaking in under the radar. In the last 18 months I've submitted four previously unknown viruses to the AV companies, two of which weren't detected at all by either Sophos, Symantec or AVG after booting from recovery CD's.
> What are those specialist apps. Do you mind telling me what sector your business is in?
Our sector - structural steelwork, and off the top of my head a quick list of some of our specialist software would be: AutoCAD, Design Review, Strucad, Xsteel, GoData, Farm Design, Multisuite, Procad, Fabtrol, Dema, Union2, Fastrak, Tedds.
None of these are minor, most are absolutely core programs that are vital to our business. To the best of my knowledge, *none* are available under Linux, and at least 4 require some serious graphics capabilities that rule out virtual machines or wine.
Ok, you've got open LDAP authentication. Now make it as easy to use as Active Directory Users & Computers, with all the functionality (we use a *lot* of it - have you got support for Microsofts IAS there?). You're also missing Group Policy. That sets all our security policies, it configures our computers, and installs all our software.
Ok, you can do security updates. How about deploying software? What about configuring policies for things like disabling CD-ROM drives, enforcing screensaver timeouts, etc.
> I am surprised as my personal experience is a bit different
I've been doing this a while:) Most of this lot is second nature to me.
> What else do you do apart from locking down and patching?
Everything:-) I'm your proverbial jack of all trades, responsible for: Servers, Databases, Intranet, Security, Backups, Software Development, Helpdesk, Software Installation, Printers (up to A0), Fax machines, Scanners
We have 13 servers and over 100 individual pieces of software on this network. There are also a further 20+ legacy in house applications in use (mainly visual C++ v5, with the odd visual basic v5 one), and about half a dozen modern ones (developed with visual studio.net or 2005). We have five database servers, a wiki, an intranet, an email server, two firewalls. We run Windows (NT - 2003), Linux, OpenSolaris and ESX, with the Citrix server having been retired.
And believe me, I've simplified things wherever possible. This network is horribly, horribly complex. It took me nearly two years to familiarise myself with it, and we really do use everything I've
Yup, that'll be IT god power. Folks like me who need web access to do their job have it, but it's definately not the standard configuration. And we don't have any problems with productivity thanks, everything people need to perform their jobs is on their machines, tested and working, and because IT aren't constantly firefighting problems we can respond to requests quickly.
Locked down computers might not work for you, but for an awful lot of jobs they work just fine.
lol, trust me, it would take a lot longer to get this network working under linux than windows, and that's before you count the couple of dozen specialist apps that simply don't exist in Linux. Linux is good, but it really isn't the answer to everything. I'm not aware of anything that as easy to use and effective as group policy for securing computers and deploying software. I can rollout new versions of some of our apps to 100+ computers in under ten minutes of my time (and that includes the download!).
Having said that, my own workstation is running Ubuntu 8.10, and we have a good few Linux servers now:-)
However, I think you'd be surprised just how low maintenance this lot is. Yes, it took some setting up, but we're reaping the benefits now. To give just one example, patching software is something we can do in our own sweet time, even though we use WSUS we run 2-3 months behind and let other people do the testing:)
As I've said many times, patches are nowhere near as high a concern if you lock things down in the first place, and Microsoft do provide some pretty good tools for doing that in Windows (namely Group Policy).
Our protection against viruses is pretty thorough, and we've not had a sniff of an infection in 3+ years:
- All of our machines have filtered access to the outside world - Staff can only visit work related sites during working hours (enforced at the firewall) - No website can run any kind of script unless approved by IT (takes 5 mins or so to approve) - All CD-ROM drives are disabled on machines. - Users do not have permission to install USB drives - Autorun is disabled site wide via group policy - Downloads of executables, zips, etc is disabled at the firewall - Emails are also filtered, and in addition all Office Documents are quarantined before manual release. - Oh, and AV on all desktops (Sophos), updating within 15 mins of new virus definitions coming out.
Over the last 2 years, I've only seen three security warnings from Microsoft which we're not already exempt from because of the mitigating factors, and while this might sound over the top, it doesn't get in the way of our users doing their work, and takes under a single man hour each day for the IT department to manage. Quiet days probably only take up 15 mins or so.
Although to be honest, I still don't consider this a final solution. Future plans include:
- Whitelisting of all executable software - Full DR procedure for desktops (to allow quick recovery when we do get hit by a virus) - Physical isolation of key machines to protect them in case of an outbreak
You're absolutely, 100% positive that there's no watermark buried in there, digitally signed by apple and stating the e-mail address the music was sold to? I'll take back my comment if Apple have done this half heartedly, but I actually think the music industry would have wanted them to do a decent job of it, and that means changing the address is not going to be easy.
No, it might not stop a determined hacker, but it's going to stop the average joe which is the main point of measures like this.
And until these can be hacked, they are pretty useful as an identification method. I'd also expect Apple to have procedures in place for updating the standard should anybody work out how to hack the information in the files.
To quote the article, "the researchers implanted cylinders with a diameter of 8.5 millimeters into mice". To be honest, if they can survive that, I'm not overly surprised cancer didn't kill them. What kind of super mice are we breeding here?
I think this might be a case of the cure being worse than the disease. If you take 10cm as the average size of a lab mouse, and scale that implant up to people size (160cm), that treatment means implanting a cylinder with a 13.6 centimeter diameter.
13.6 centimeters? Holy fuck. If I ever get testicular cancer you can count me out of this cure...
Exactly. My first thought on reading this was "sweet, somebody's finally gone about it the sensible way".
I mean seriously, I've been waiting for somebody to implement this for nearly 10 years now. It's an obvious way to combat piracy since you can identify the source of the leak, and it's a massive benefit that digital distribution offers the record labels. Users get cheaper tracks and can download them instantly from the comfort of their own home. Record labels get to discourage piracy and have an easy way to track down the source when it happens.
Honestly, it's such a simple solution I thought there must have been something I was missing for the record companies to not implement this. It's win win as far as I can see.
Hahaha, yeah, not one of their better decisions that one. Gets me constantly, and it's worse if you regularly use tasks. One wrong ctrl-f, and your task has disappeared to be replaced with an e-mail attachment.
I agree, the ribbon was a great idea. However, the major problem I have with it is that it breaks UI consistency on the windows platform. Up to now, Microsoft have pushed a consistent UI design for all windows apps, and that is one of the hidden strengths of windows, with their own apps being pretty much flagships for the best practices.
With Office 2007 this has all been thrown out of the window. Now one of the flagship apps for the operating system completely ignores the recommended UI design, and worse, it's own design is patented and protected and developers are prohibited from using that design for any competing software.
That is why I'm against introducing Office 2007 in our organisation. Keeping a consistent UI across multiple programs means we don't need to worry about training our staff, and trust me, two types of UI would *really* confuse some of our users.
Now had they done it properly, and introduced the ribbon as a new recommended UI for windows, with Office 2007 demonstrating how it should be used, I would have been all for the idea. Unfortunately, Microsoft as usual put marketing, sales and legal ideas ahead of anything technical, practical, or secure.
Not really what I'm thinking of, aren't they the guys who blocked wikipedia a short while ago, for a whole load of people who never opted in to anything.
What I'm getting at is a full content rating / blocking system, available on an opt-in basis at the ISP level, so parents or users could call up and block all 18+ content, 15+ content, etc... By implementing it at the ISP level you're providing a useful service to parents of teenagers since 90% of the time those kids are going to know the workarounds for pretty much anything installed on the local computer.
And it would be really easy to inform people about it. You would first of all have a leaflet that ISP's could provide with their sign up packs, and for parents you could very easily have this information handed out by schools.
No bigger at all. It's not gravity that makes sledgehammers work (you can use them sideways quite happily) - it's acceleration. Or rather the sudden declaration of a rather large weight in very little space.
Remember, f=ma, and when the space you have to decelerate is so small, a, and consequently f are going to be very large indeed, probably a couple or three orders of magnitude higher than the force you used to accelerate the hammer in the first place.
While like everybody else here I'm absolutely opposed to anybody censoring my internet connection, I wonder if the politicians have ever thought that this could maybe be a public service that people could opt in to?
A decent content rating system that's made available by any ISP to customers who want to use it, with an independent body doing the ratings could be very useful to people who actually do want their content filtered. I can see it being useful to parents, some old folk would certainly use it, as would a few religious types.
Done as an opt in system (maybe even opt out at a push) it could achieve pretty much the same results, without antagonising all of us who feel we're old enough and mature enough to decide what we want to see.
What gets me is that the media can report all this garbage, with no research, no medical training, and no scientific training, yet we as a society allow them to do this without making any attempt to make them act responsibly.
If reporters or newspapers regularly print scare stories without adequate research, or something like this which is practically designed to scare parents without giving them the full story, they should be prosecuted. They are making a profit out of playing on people's fears, why on earth do we allow that?
Surely there would be a case for Reckless Endangerment or Child Endangerment if papers create scares like this, but then make no effort to correct their mistakes when scientific testing proves them wrong? Yes, papers are sometimes made to print apologies, but they are tiny and hidden out of the way. In cases like this, it would be fairer (and safer!) to make papers print a big "We're sorry" article, given exactly the same attention as the original story. And if that means running it on the front cover for a month, with regular follow up articles, then so be it.
The media have a huge effect on the public, they need to take responsiblity for their actions.
Well that's just roaming profiles done wrong. Done properly it only loads a maximum of 30MB of data off the network, and won't add more than a few seconds to your logon time, even on 100MB networks.
We've used roaming profiles for years and they're more than worth it. If a users computer dies, we can simply drop in the spare from IT and they're back up and running in just a few minutes.
It's something that's annoyed me for ages in Windows too. If I have over a gig of physical memory available, for the love of God don't start swapping out applications that I'm actually using.
I'll accept that I'm a power user, and that not everybody switches regularly between a dozen applications, but there's still no excuse for swapping stuff out when there is bucket loads of memory free. I mean, 1GB is around four times the original requirements for running Windows XP, that's not a small chunk of memory to have lying around.
And actually, this gripe was the main factor in migrating my computers over to Ubuntu a few months back. I got so fed up of waiting for windows that I decided to give it a try. It's definately a bit rough around the edges, but I haven't had to wait for a single application to get paged back from disk, it's far, far more responsive and there's no way I'm going back to windows now.
So far the longest I've gone between reboots is about 3 weeks, and at the end of that I still had under 50MB paged to disk. That's a massive difference to windows where I can have 1.5GB paged out by the end of the week, and I'm running more apps under Ubuntu too!
Well, since The Register don't seem to want to print my comment*, I'll repeat it here:
"I think this is a bit of scaremongering that's missing one vital point:
When an ISP throttles UDP packets because somebody is using excessive bandwidth, they'll be dropping packets *from that source*.
So while.torrent moving to UDP is going to affect VOiP and games, the effects of that will be *restricted to the person using excessive bandwidth* via bittorrent. There's no reason it would affect anybody else, and I doubt ISP's are going to be dumb enough to block packets at random.
Unfortunately that kind of blows the articles entire premise out of the water."
Myx
* Posted at 12:40pm, ten minutes after the article appeared, at a point where there were no other comments on the article. 3 hours later there are 37 comments, but no sign of mine. Now it may be that they've just been overwhelmed with comments, but I'm a suspicious soul at times...
Slashdot Mirror
Not really, we have an SSL VPN which we can use to grant external access if needed, and for one or two users we do have 3rd party remote support software enabled. Access is generally granted a day at a time, and it's a few seconds work to enable it as needed.
Yes, there's still a risk of a work related site being infected, but bear in mind that to infect us it's got to get past:
- A work related site must be infected (generally quite specialist sites, without a lot of traffic, so not prime hacking targets)
- That site must also be one on our trusted list and able to run scripts
- The virus scripts have to be running from that site (and not just redirected from elsewhere)
- The virus can't download anything (we whitelist file downloads too - executable content isn't allowed)
- The virus will have to be able to work with user permissions
- It will also have to avoid a very up to date AV install and firewalls on our individual machines.
Generally, anything that can get past that lot is going to be very new, and probably capable of infecting our machines using current 0-day vulnerabilities.
However, so far we've been lucky, and yes, I do consider it luck. While I think ours is better than most, no AV protection scheme is perfect and I think it's only a matter of time until we do get infected by a virus. That's why we're looking to improve our backups and response times. All our work and servers are thoroughly backed up, the next stage is to improve backups of desktop computers so that we can recover from a site wide virus outbreak in a couple of hours.
The aim here is not to stop infection completely, that's impossible, our aim is to reduce downtime. We've done the first step which is to minimise our risk of infection, the next step is to minimise the recovery time when that happens.
> Do you really expect us to believe that the only secure way of accessing an Office Doc is to quarantine it.
> I thought you had the system totally locked down and AV on all desktops?
As far as I'm concerned, yes. There are far too many vulnerabilities in office docs, and no way for me to lock those programs down. The primary aim of our security practices is to stop malware coming into the building, once it's in we're pretty much screwed. AV is the last line of defence, and one I don't particularly trust these days.
Blocking executable viruses and securing the web browser is easy. Securing Outlook and Office programs is a pain, but fortunately it's not proving too much hassle to manually vet these and we catch 5-6 documents a week that aren't caught by the AV scanning on our email gateway.
I just don't trust AV scanning these days, there's always a window of opportunity for any new virus, and too many viruses are sneaking in under the radar. In the last 18 months I've submitted four previously unknown viruses to the AV companies, two of which weren't detected at all by either Sophos, Symantec or AVG after booting from recovery CD's.
> What are those specialist apps. Do you mind telling me what sector your business is in?
Our sector - structural steelwork, and off the top of my head a quick list of some of our specialist software would be: AutoCAD, Design Review, Strucad, Xsteel, GoData, Farm Design, Multisuite, Procad, Fabtrol, Dema, Union2, Fastrak, Tedds.
None of these are minor, most are absolutely core programs that are vital to our business. To the best of my knowledge, *none* are available under Linux, and at least 4 require some serious graphics capabilities that rule out virtual machines or wine.
> http://www.linuxjournal.com/article/6266 [linuxjournal.com]
> http://en.wikipedia.org/wiki/OpenLDAP [wikipedia.org]
> http://www.bayour.com/LDAPv3-HOWTO.html [bayour.com]
Ok, you've got open LDAP authentication. Now make it as easy to use as Active Directory Users & Computers, with all the functionality (we use a *lot* of it - have you got support for Microsofts IAS there?). You're also missing Group Policy. That sets all our security policies, it configures our computers, and installs all our software.
> http://www.howtogeek.com/howto/ubuntu/configure-how-often-ubuntu-checks-for-automatic-updates/ [howtogeek.com]
Ok, you can do security updates. How about deploying software? What about configuring policies for things like disabling CD-ROM drives, enforcing screensaver timeouts, etc.
> I am surprised as my personal experience is a bit different
I've been doing this a while :) Most of this lot is second nature to me.
> What else do you do apart from locking down and patching?
Everything :-) I'm your proverbial jack of all trades, responsible for:
Servers, Databases, Intranet, Security, Backups, Software Development, Helpdesk, Software Installation, Printers (up to A0), Fax machines, Scanners
We have 13 servers and over 100 individual pieces of software on this network. There are also a further 20+ legacy in house applications in use (mainly visual C++ v5, with the odd visual basic v5 one), and about half a dozen modern ones (developed with visual studio .net or 2005). We have five database servers, a wiki, an intranet, an email server, two firewalls. We run Windows (NT - 2003), Linux, OpenSolaris and ESX, with the Citrix server having been retired.
And believe me, I've simplified things wherever possible. This network is horribly, horribly complex. It took me nearly two years to familiarise myself with it, and we really do use everything I've
Yup, that'll be IT god power. Folks like me who need web access to do their job have it, but it's definately not the standard configuration. And we don't have any problems with productivity thanks, everything people need to perform their jobs is on their machines, tested and working, and because IT aren't constantly firefighting problems we can respond to requests quickly.
Locked down computers might not work for you, but for an awful lot of jobs they work just fine.
Yup, that's why I want to improve our backups.
However, we're pretty low key, and I don't think I've annoyed anybody that much yet :-)
lol, trust me, it would take a lot longer to get this network working under linux than windows, and that's before you count the couple of dozen specialist apps that simply don't exist in Linux. Linux is good, but it really isn't the answer to everything. I'm not aware of anything that as easy to use and effective as group policy for securing computers and deploying software. I can rollout new versions of some of our apps to 100+ computers in under ten minutes of my time (and that includes the download!).
Having said that, my own workstation is running Ubuntu 8.10, and we have a good few Linux servers now :-)
However, I think you'd be surprised just how low maintenance this lot is. Yes, it took some setting up, but we're reaping the benefits now. To give just one example, patching software is something we can do in our own sweet time, even though we use WSUS we run 2-3 months behind and let other people do the testing :)
As I've said many times, patches are nowhere near as high a concern if you lock things down in the first place, and Microsoft do provide some pretty good tools for doing that in Windows (namely Group Policy).
Our protection against viruses is pretty thorough, and we've not had a sniff of an infection in 3+ years:
- All of our machines have filtered access to the outside world
- Staff can only visit work related sites during working hours (enforced at the firewall)
- No website can run any kind of script unless approved by IT (takes 5 mins or so to approve)
- All CD-ROM drives are disabled on machines.
- Users do not have permission to install USB drives
- Autorun is disabled site wide via group policy
- Downloads of executables, zips, etc is disabled at the firewall
- Emails are also filtered, and in addition all Office Documents are quarantined before manual release.
- Oh, and AV on all desktops (Sophos), updating within 15 mins of new virus definitions coming out.
Over the last 2 years, I've only seen three security warnings from Microsoft which we're not already exempt from because of the mitigating factors, and while this might sound over the top, it doesn't get in the way of our users doing their work, and takes under a single man hour each day for the IT department to manage. Quiet days probably only take up 15 mins or so.
Although to be honest, I still don't consider this a final solution. Future plans include:
- Whitelisting of all executable software
- Full DR procedure for desktops (to allow quick recovery when we do get hit by a virus)
- Physical isolation of key machines to protect them in case of an outbreak
Hahaha, great analogy. I'd mod you up, but I seem to have lost that ability ;-)
Competition will soon help with that though. And besides, I like all the old stuff :-D
Easily changed. You're sure about that?
You're absolutely, 100% positive that there's no watermark buried in there, digitally signed by apple and stating the e-mail address the music was sold to? I'll take back my comment if Apple have done this half heartedly, but I actually think the music industry would have wanted them to do a decent job of it, and that means changing the address is not going to be easy.
No, it might not stop a determined hacker, but it's going to stop the average joe which is the main point of measures like this.
And until these can be hacked, they are pretty useful as an identification method. I'd also expect Apple to have procedures in place for updating the standard should anybody work out how to hack the information in the files.
To quote the article, "the researchers implanted cylinders with a diameter of 8.5 millimeters into mice". To be honest, if they can survive that, I'm not overly surprised cancer didn't kill them. What kind of super mice are we breeding here?
I think this might be a case of the cure being worse than the disease. If you take 10cm as the average size of a lab mouse, and scale that implant up to people size (160cm), that treatment means implanting a cylinder with a 13.6 centimeter diameter.
13.6 centimeters? Holy fuck. If I ever get testicular cancer you can count me out of this cure...
Exactly. My first thought on reading this was "sweet, somebody's finally gone about it the sensible way".
I mean seriously, I've been waiting for somebody to implement this for nearly 10 years now. It's an obvious way to combat piracy since you can identify the source of the leak, and it's a massive benefit that digital distribution offers the record labels. Users get cheaper tracks and can download them instantly from the comfort of their own home. Record labels get to discourage piracy and have an easy way to track down the source when it happens.
Honestly, it's such a simple solution I thought there must have been something I was missing for the record companies to not implement this. It's win win as far as I can see.
Hahaha, yeah, not one of their better decisions that one. Gets me constantly, and it's worse if you regularly use tasks. One wrong ctrl-f, and your task has disappeared to be replaced with an e-mail attachment.
I agree, the ribbon was a great idea. However, the major problem I have with it is that it breaks UI consistency on the windows platform. Up to now, Microsoft have pushed a consistent UI design for all windows apps, and that is one of the hidden strengths of windows, with their own apps being pretty much flagships for the best practices.
With Office 2007 this has all been thrown out of the window. Now one of the flagship apps for the operating system completely ignores the recommended UI design, and worse, it's own design is patented and protected and developers are prohibited from using that design for any competing software.
That is why I'm against introducing Office 2007 in our organisation. Keeping a consistent UI across multiple programs means we don't need to worry about training our staff, and trust me, two types of UI would *really* confuse some of our users.
Now had they done it properly, and introduced the ribbon as a new recommended UI for windows, with Office 2007 demonstrating how it should be used, I would have been all for the idea. Unfortunately, Microsoft as usual put marketing, sales and legal ideas ahead of anything technical, practical, or secure.
Not really what I'm thinking of, aren't they the guys who blocked wikipedia a short while ago, for a whole load of people who never opted in to anything.
What I'm getting at is a full content rating / blocking system, available on an opt-in basis at the ISP level, so parents or users could call up and block all 18+ content, 15+ content, etc... By implementing it at the ISP level you're providing a useful service to parents of teenagers since 90% of the time those kids are going to know the workarounds for pretty much anything installed on the local computer.
And it would be really easy to inform people about it. You would first of all have a leaflet that ISP's could provide with their sign up packs, and for parents you could very easily have this information handed out by schools.
No bigger at all. It's not gravity that makes sledgehammers work (you can use them sideways quite happily) - it's acceleration. Or rather the sudden declaration of a rather large weight in very little space.
Remember, f=ma, and when the space you have to decelerate is so small, a, and consequently f are going to be very large indeed, probably a couple or three orders of magnitude higher than the force you used to accelerate the hammer in the first place.
While like everybody else here I'm absolutely opposed to anybody censoring my internet connection, I wonder if the politicians have ever thought that this could maybe be a public service that people could opt in to?
A decent content rating system that's made available by any ISP to customers who want to use it, with an independent body doing the ratings could be very useful to people who actually do want their content filtered. I can see it being useful to parents, some old folk would certainly use it, as would a few religious types.
Done as an opt in system (maybe even opt out at a push) it could achieve pretty much the same results, without antagonising all of us who feel we're old enough and mature enough to decide what we want to see.
To be honest, when the best browser is only scoring 7/21 they *all* need some work. Focusing on Chrome just means you're ignoring the bigger picture.
Yeah, just like they did when they stopped taking payments to AllofMP3.com.
oh, wait...
What gets me is that the media can report all this garbage, with no research, no medical training, and no scientific training, yet we as a society allow them to do this without making any attempt to make them act responsibly.
If reporters or newspapers regularly print scare stories without adequate research, or something like this which is practically designed to scare parents without giving them the full story, they should be prosecuted. They are making a profit out of playing on people's fears, why on earth do we allow that?
Surely there would be a case for Reckless Endangerment or Child Endangerment if papers create scares like this, but then make no effort to correct their mistakes when scientific testing proves them wrong? Yes, papers are sometimes made to print apologies, but they are tiny and hidden out of the way. In cases like this, it would be fairer (and safer!) to make papers print a big "We're sorry" article, given exactly the same attention as the original story. And if that means running it on the front cover for a month, with regular follow up articles, then so be it.
The media have a huge effect on the public, they need to take responsiblity for their actions.
Well that's just roaming profiles done wrong. Done properly it only loads a maximum of 30MB of data off the network, and won't add more than a few seconds to your logon time, even on 100MB networks.
We've used roaming profiles for years and they're more than worth it. If a users computer dies, we can simply drop in the spare from IT and they're back up and running in just a few minutes.
It's something that's annoyed me for ages in Windows too. If I have over a gig of physical memory available, for the love of God don't start swapping out applications that I'm actually using.
I'll accept that I'm a power user, and that not everybody switches regularly between a dozen applications, but there's still no excuse for swapping stuff out when there is bucket loads of memory free. I mean, 1GB is around four times the original requirements for running Windows XP, that's not a small chunk of memory to have lying around.
And actually, this gripe was the main factor in migrating my computers over to Ubuntu a few months back. I got so fed up of waiting for windows that I decided to give it a try. It's definately a bit rough around the edges, but I haven't had to wait for a single application to get paged back from disk, it's far, far more responsive and there's no way I'm going back to windows now.
So far the longest I've gone between reboots is about 3 weeks, and at the end of that I still had under 50MB paged to disk. That's a massive difference to windows where I can have 1.5GB paged out by the end of the week, and I'm running more apps under Ubuntu too!
Funny on so many levels, oh I wish I had mod points today, I'd send you them all :D
Hahahaha. Mods, this needs to be +1 funny. :-D
Well, since The Register don't seem to want to print my comment*, I'll repeat it here:
"I think this is a bit of scaremongering that's missing one vital point:
When an ISP throttles UDP packets because somebody is using excessive bandwidth, they'll be dropping packets *from that source*.
So while .torrent moving to UDP is going to affect VOiP and games, the effects of that will be *restricted to the person using excessive bandwidth* via bittorrent. There's no reason it would affect anybody else, and I doubt ISP's are going to be dumb enough to block packets at random.
Unfortunately that kind of blows the articles entire premise out of the water."
Myx
* Posted at 12:40pm, ten minutes after the article appeared, at a point where there were no other comments on the article. 3 hours later there are 37 comments, but no sign of mine. Now it may be that they've just been overwhelmed with comments, but I'm a suspicious soul at times...
Yeah, because standards and ideas are so overrated...
Seriously, grow up. This is a well written article with some great ideas that would really benefit Linux if they were adopted by the main distros.