They're only charging you $4K/year? I guess that is the 100 user license?
I tried to get them to use an open-source solution with no luck. If it didn't run under Windows and cost a fortune, they weren't interested.
I would love to use an "open source solution".
However, I have had no success finding such a beast.
Can you point me at a stable URL (not IP) blocking package which will run with (Solaris8|FreeBSD)+Squid, and for which we can purchase a subscription to a oft-updated list of "non-business use" sites, sorted by category?
Until then, Secure Computing will get their $$,$$$/year for SmartFilter.
There is one very interesting feature of SmartFilter that I find redeems many of the flaws in this particular "censorware".
SmartFilter offers four possible results for each category when a user attempts to visit a site on the filter list:
Permit. Access is allowed, but logged by user-IP, URL, and category (if any)
Deny. Block access, return a HTML page explaining what was blocked, and why. Same logging.
Delay.. Access is permitted, but page returns after a delay (default 30 seconds). Same logging.
Here is the interesting one:
Coach.. Access is blocked, but permit the user to 'click through' to the actual page. Either way, log access.
With the 'Coach' option, nobody is actually blocked from accessing any web site. However, for each new access to any 'questionable' site (based on categories from the SmartFilter database), the user is presented with warning page, and the opportunity to choose to continue, with the knowledge that their actions are logged and may be reviewed.
The default HTML pages that SmartFilter ships with are rather boring. I've made a few changes to the 'Coach' page HTML to make it very clear what is going on -- bright icons and background, big WARNING banner at the top, and the text of our official "Internet Access Policy" (just in case the user somehow missed it when they signed their employment paperwork).
I'm hoping that 'coaching' will cut down on web access abuse and wasted time, while still allowing people to get to sites that they really need to access for their job, without getting people fired.
And best of all, the warning page breaks the never-ending cycle launched by those damn porn-site popup ads!
I disagree, this journalist didn't just "not take a side". He totally ignored one side giving it short shrift at best.
Any real journalist would have asked about the legal implications. They would have also asked about the moral
implications of stealing somone elses bandwidth. To not truly mention those things shows the authors LACK of
journalistic integrity (you know, get the full story, the truth).
To paraphrase one of my favorite unattributed quotes "Do not attribute to malice what can adequately be explained by ignorance"
I suggest that this journalist didn't ignore one side so much as he was ignorant of the technical details of how exactly the self-proclaimed spam king goes about his "business".
He has clearly violated the AUP of almost any provider he has touched. (i.e. he disregards the rules of the road)The paper merely says that it's anti-spam activists got him cut off, not his actions. Not mentioning a BREACH OF CONTRACT seems rather *ahem* slanted
Evidence suggests that Scelson had "pink contracts" with his providers, such that the ISPs were aware of and tacitly permitted his spamming activity, until the ISP finally would break the contract under pressure from anti-spam activists. So no, Scelson did not violate his contract -- his ISP did, then paid him off when he sued THEM for breach of contract.
've seen those companies that require you to get IT for every little thing. The usual result-- IT cops a major attitude, nothing gets
installed, everything breaks, and no one gets a damned thing done.
And it sucks to be in IT at those companies as well -- having to process a ticket for each individual user who "needs" some new paint program installed, and the executive (aka "VIP" ticket) that wants Solitare and minesweeper re-installed on his company supplied ultra-thin laptop.
The alternative is no cake walk -- thousands of users with WinAmp and Comet Cursor installed, worms, viruses and malware everywhere.
All it does is throw white noise on the cell phone carrier frequencies out of a directional antenna to cover a specific area. It's got to be cheaper than repanneling the entire facility. Sure you get a recurring power cost, but a small low power radio transmitter dosen't use that much power to begin with.
Active jamming will 'leak' outside the theater, interfere with users on public streets, which violates FCC (and likely the Japanese equivalant) regulations.
The "Popular Science" article is technically weak, the scenario described is more fear-mongering than actual facts. For example:
Because Mark's e-mails travel across the Web,
copies of them may also reside in the computers of
the various service providers that carry Internet
traffic. These files, and all of Mark's other Internet
activity, are accessible to the government.
Just trying to count the number of technical mis-statements in those two sentences alone makes my head hurt.
Trust old telnet works fine, unless you are worried about people seeing your passwords, and everything you are doing.
And you're not?
That is the point of ssh; it encrypts what you do, including passwords so it can not be seen by people on the same network segment.
That is one of the many points of SSH. The protocol also supports public-key authentication, so you don't need a "shared secret" (reusable password) at all. The protocol also provides authentication that you are really talking to the remote server you think you are, preventing MITM attacks (e.g. spoofing DNS so your telnet session goes through my server). SSH also offers compression, for faster file transfers. And port forwarding, including X11. and much more.
A difficult password is just as important on telnet
as in is on ssh because they can still be cracked either way.
It is unlikely that anybody is going to bother cracking your telnet password- if they don't sniff it, then there are few scenarios where somebody has the ability to obtain the shadow file from a server but does not already have root.
One issue with password cracking and sniffing is that it is critical to have a unique password for every site you have accounts at.
Under SSH, I can set up systems so that password logins only work on the physical console, not over the network. I can create a strong private key (passphrase protected) and install my public key on the remote servers, using the same key for many different servers without the security issues that come from using the same password across disparate sites.
Packet sniffing traffic that crosses your ISP and then the public Internet is definitely a serious and real risk.
PatJensen asks:
Is there a tool that allows you to force the switch to forward ethernet frames so they can be sniffed without switch administrator access?
There are tricks to force the switch to 'flood' ethernet frames (overflow the CAM table, etc). Two common attacks against switched segments are MAC spoofing (easily detected and protected against on Cisco) and ARP spoofing (more difficult to protect against).
There is also a tool to permit packet sniffing, see ettercap on Sourceforge.
Ettercap is a multipurpose sniffer/interceptor/logger for switched
LAN. It supports active and passive dissection of many protocols
(even ciphered ones) and includes many feature for network and
host analysis.
Ettercap is actively being used by the "black hat" community, and has been found on compromised systems on switched LAN segments "in the wild".
f you can define a snort rule that would pick up some tell-tale of a yahoo IM message, you could then have an 'active response' that would send a tcp reset to each end of the connection spoofed to be from the remote end. This is also effective for blocking gnutella traffic.
Good idea. I've been looking at sniffer logs, and the Yahoo messenger packets are distinctive. OTOH, I'm not sure that sending a RST for the connection after the telltale traffic has already gone through is going to solve the issue -- Yahoo's software is agressive about re-establishing the HTTP tunnel connection.
Eventually people will give up trying to use yahoo's messenger and witch to something more subversive. when will an icmp-echo reply based IM service get started? That's what the world _really_ needs.
I can see AIM adding this to their long list of protocols over which they will tunnel.
What kind of idiot sets up a "firewall" and then goes on to permit ICMP echo packets?
I was setting up a machine as a gift for a relative, and I ended up purchasing one via the "Dell@Home" discount program offered by my employer.
I was able to configure the machine exactly as I chose, including de-selecting the included WinModem, and increasing RAM+HD storage. Final price, after free shipping and a rebate, was less than I would have paid to buy the parts separately.
Another advantage to buying from a big commercial vendor, when I move out of state, my relative won't have to call me long distance or wait for me to visit in order to get technical support.
The first book in the series was Harry Potter and the Philosopher's Stone, published in the UK in 1997. When the book was released in the US, the title was changed to Harry Potter and the Sorcerer's Stone.
If your CPQ is like my CPQ keyboard, it isn't SCSI, it just uses a similar connector to a Mac PowerBook SCSI plug. It's plain
ol PS/2 with the audio wires running out to a speaker and some plugs on the keyboard.
(Apologies if you do actually have a SCSI keyboard!)
As far as I know, there is no such thing. Too bad, now I want one.
I've seen ads on PowerMac "wanted" boards for a "SCSI keyboard", I'm wondering if this is just confusion related to connectors, or a brand name?
I wouldn't worry about restrictions on the sales of used books until long after CD resale becomes illegal.
There is one fly in the ointment- I have seen stories regarding restrictions on the resale of books that include CD-ROMs, related to the licensing of the software on the included CD.
The GPS-16-lvs is an OEM-model Garmin receiver with WAAS/DGPS.
This is only a receiver, with single cable ending in a RJ-45 connector for serial and power.
I power the unit from the laptop's keyboard port (lvs == low-voltage supply), using a handcrafted converter to split serial to a Cisco-standard RJ-45 from the Garmin's RJ-45.
One feature not requested -- the GPS-16 provides a PPS output, making it suitable for use as a very accurate time source for NTP or simply for timestamping.
I've seen two movies with digital projectors. One was in Paramus, NJ several years ago, and the picture was absolutely perfect. The other was in Framingham, MA last month, and the picture was poor. You could see the pixels in some scenes, and it was obvious in the closing credits. The image just didn't feel as sharp as I would have expected.
I saw Episode 1 in digital at McClurg Court (downtown Chicago) and it was absolutely perfect.
I watched AotC at the 'Star Southfield', (a "digital" theater outside of Ann Arbor, Michigan) and it sucked. Visible pixels, bad anti-aliasing on the titles, it looked like a bad DVD transfer.
It's not clear if the difference is due to the theater, the type of digital technology (new Boeing transmission system) or what. I suppose I could go back to McClurg and watch AotC there and see if it is any better.
Many, many people have this problem. Nobody has a fix.
The Palm V digitizer bug is pretty well known, but Palm will not acknowledge that there is a problem.
The OS upgrade has not helped.
In many systems, the "floppy drive bay" is specific to floppy drives, with an odd mounting mechanism.
A generic 3.5" drive bay could work for zip, floppy, HD, or anything else in that form factor, just as the 5.25" drive bays were once meant for the 5.25" floppy disk drives.
Anybody remember 8" floppies? Does anybody still have a drive and OS capable of reading these monsters?
Ok, so this means I can sue all the dealerships who've sold me cars over the years because the gas tank wasn't full when I bought them? Cool!
One of the cool things about the dealership where I bout my last new car, the last thing the salesman did after signing the papers, was ride with me to the gas station across the street and fill up the gas tank.
A huge difference with what HP is doing is that the auto manufacturer is not also the sole warranty-accepted source of gasoline for your new car.
Does this refer to people who apply bumper stickers to your car without your consent, like those eco-maniacs that were on the news recently for applying stickers to SUVs?
I'd love to catch somebody try that on one of my vehicles, except that I'd probably spend more time in jail than he would in the hospital...
Women who "want an abortion" are not making the choice just because they "want to get rid of the baby". If that was the case, they would carry to term and give the child up for adoption.
Women who want an abortion generally choose abortion because they do not want to be pregnant. There is a difference.
In some cases, the women need an abortion because they have a medical condition which makes carrying a child to term potentially life threatening. In fact, pregnancy itself is a serious risk for any woman.
Abortion is far safer than carrying a pregnancy to term.
Death occurs in 0.4 of 100,000 abortions performed within the first eight weeks of
pregnancy -- the time during which more than half of abortions occur.
Death occurs in 1 of 100,000 abortions performed during the first 20 weeks
of pregnancy, but 88 percent of abortions occur within the first 12 weeks of
pregnancy. Only 1.5 percent of abortions occur after 20 weeks. So the risk
of maternal mortality is at least seven times greater than the risk of death resulting from safe and legal abortion.
The HIPAA regulations provide some rather severe penalties for privacy violations.
The privacy provisions of the federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), apply to
health information created or maintained by health care providers who engage in certain electronic transactions, health
plans, and health care clearinghouses.
In HIPAA, Congress provided penalties for covered entities that misuse personal health information.
Civil penalties. Health plans, providers and clearinghouses that violate these standards will be subject to civil liability. Civil money penalties are $100 per violation, up to $25,000 per year for each requirement or prohibition violated.
Criminal penalties. Congress also established criminal penalties for certain actions such as knowingly obtaining protected health
information in violation of the law. Criminal penalties are up to $50,000 and one year in prison for certain offenses; up to $100,000 and up to five years in prison if the offenses are committed under "false pretenses"; and up to $250,000 and up to 10 years in prison if the offenses are committed with the intent to sell, transfer or use protected health information for commercial advantage, personal gain or malicious harm.
My first question in a job interview is: Are you publicly traded?
"Yes" means you are choosing to work for technophobic investors who know nothing about what you do and live every day with
their finger on the trigger of the stock which either financed your first year's salary or provides sufficient cash flow to maintain that
salary. Investors are emotional and stupid. The memo itself actually says that the company is being forced by the market to sit on
top of huge heaps of cash in order to make the numbers dance the right way on their financials.
That's an odd point of view. Those issues are the same at any newly founded business, whether public or private.
My worst work experiences have been at pre-IPO and immediately-post-IPO dot-com's. I've worked for years at established, Fortune 1000, publically traded companies, and never had any of the problems you describe:-)
Perhaps a more telling question is:
"When did you go public? (When) do you plan to go public?"
here is no reason for you to put up with this sort of behavior from management. QUIT! Taking the pay cut and grumbling under your breath will get you nothing in life and will tell management you can be easily rode for future abuse.
My gut reaction would be the same, but after thinking this through, I agree with Ark:
While I certainly agree in principle, it isn't always that easy when you have a family to support and things such as that. The other thing to consider is that quitting is what these guys want you to do. If you quit they don't have to pay the state the unemployment tax for you, among other things.
...
In the same way, 50% salary isn't great, and you should start looking for a new job immediately, but don't quit if you need that money to survive.
So while my gut reaction would be "quit", it would be better to take a couple of hours each day (your employer certainly isn't paying you for a full day anymore!) and seriously start hunting for a better job.
Why give them the satisfaction of making you quit?
Slashdot Mirror
However, I have had no success finding such a beast.
Can you point me at a stable URL (not IP) blocking package which will run with (Solaris8|FreeBSD)+Squid, and for which we can purchase a subscription to a oft-updated list of "non-business use" sites, sorted by category?
Until then, Secure Computing will get their $$,$$$/year for SmartFilter.
SmartFilter offers four possible results for each category when a user attempts to visit a site on the filter list:
- Permit. Access is allowed, but logged by user-IP, URL, and category (if any)
- Deny. Block access, return a HTML page explaining what was blocked, and why. Same logging.
- Delay.. Access is permitted, but page returns after a delay (default 30 seconds). Same logging.
- Coach.. Access is blocked, but permit the user to 'click through' to the actual page. Either way, log access.
With the 'Coach' option, nobody is actually blocked from accessing any web site. However, for each new access to any 'questionable' site (based on categories from the SmartFilter database), the user is presented with warning page, and the opportunity to choose to continue, with the knowledge that their actions are logged and may be reviewed.Here is the interesting one:
The default HTML pages that SmartFilter ships with are rather boring. I've made a few changes to the 'Coach' page HTML to make it very clear what is going on -- bright icons and background, big WARNING banner at the top, and the text of our official "Internet Access Policy" (just in case the user somehow missed it when they signed their employment paperwork).
I'm hoping that 'coaching' will cut down on web access abuse and wasted time, while still allowing people to get to sites that they really need to access for their job, without getting people fired.
And best of all, the warning page breaks the never-ending cycle launched by those damn porn-site popup ads!
To paraphrase one of my favorite unattributed quotes "Do not attribute to malice what can adequately be explained by ignorance"
I suggest that this journalist didn't ignore one side so much as he was ignorant of the technical details of how exactly the self-proclaimed spam king goes about his "business".
Evidence suggests that Scelson had "pink contracts" with his providers, such that the ISPs were aware of and tacitly permitted his spamming activity, until the ISP finally would break the contract under pressure from anti-spam activists. So no, Scelson did not violate his contract -- his ISP did, then paid him off when he sued THEM for breach of contract.The alternative is no cake walk -- thousands of users with WinAmp and Comet Cursor installed, worms, viruses and malware everywhere.
Passive signal attenuation does not.
Just trying to count the number of technical mis-statements in those two sentences alone makes my head hurt.
Popular? Yes.
Science? Barely.
One issue with password cracking and sniffing is that it is critical to have a unique password for every site you have accounts at.
Under SSH, I can set up systems so that password logins only work on the physical console, not over the network. I can create a strong private key (passphrase protected) and install my public key on the remote servers, using the same key for many different servers without the security issues that come from using the same password across disparate sites.
There is also a tool to permit packet sniffing, see ettercap on Sourceforge.
Ettercap is actively being used by the "black hat" community, and has been found on compromised systems on switched LAN segments "in the wild".
What kind of idiot sets up a "firewall" and then goes on to permit ICMP echo packets?
I was setting up a machine as a gift for a relative, and I ended up purchasing one via the "Dell@Home" discount program offered by my employer.
I was able to configure the machine exactly as I chose, including de-selecting the included WinModem, and increasing RAM+HD storage. Final price, after free shipping and a rebate, was less than I would have paid to buy the parts separately.
Another advantage to buying from a big commercial vendor, when I move out of state, my relative won't have to call me long distance or wait for me to visit in order to get technical support.
The first book in the series was Harry Potter and the Philosopher's Stone , published in the UK in 1997. When the book was released in the US, the title was changed to Harry Potter and the Sorcerer's Stone .
There were other changes as well.
The movie release had the same title change.
I've seen ads on PowerMac "wanted" boards for a "SCSI keyboard", I'm wondering if this is just confusion related to connectors, or a brand name?
Record companies would love to stop used CD sales.
I wouldn't worry about restrictions on the sales of used books until long after CD resale becomes illegal.
There is one fly in the ointment- I have seen stories regarding restrictions on the resale of books that include CD-ROMs, related to the licensing of the software on the included CD.
This is only a receiver, with single cable ending in a RJ-45 connector for serial and power.
I power the unit from the laptop's keyboard port (lvs == low-voltage supply), using a handcrafted converter to split serial to a Cisco-standard RJ-45 from the Garmin's RJ-45.
One feature not requested -- the GPS-16 provides a PPS output, making it suitable for use as a very accurate time source for NTP or simply for timestamping.
I saw Episode 1 in digital at McClurg Court (downtown Chicago) and it was absolutely perfect.
I watched AotC at the 'Star Southfield', (a "digital" theater outside of Ann Arbor, Michigan) and it sucked. Visible pixels, bad anti-aliasing on the titles, it looked like a bad DVD transfer.
It's not clear if the difference is due to the theater, the type of digital technology (new Boeing transmission system) or what. I suppose I could go back to McClurg and watch AotC there and see if it is any better.
Many, many people have this problem. Nobody has a fix. The Palm V digitizer bug is pretty well known, but Palm will not acknowledge that there is a problem. The OS upgrade has not helped.
A generic 3.5" drive bay could work for zip, floppy, HD, or anything else in that form factor, just as the 5.25" drive bays were once meant for the 5.25" floppy disk drives.
Anybody remember 8" floppies? Does anybody still have a drive and OS capable of reading these monsters?
A huge difference with what HP is doing is that the auto manufacturer is not also the sole warranty-accepted source of gasoline for your new car.
Does this refer to people who apply bumper stickers to your car without your consent, like those eco-maniacs that were on the news recently for applying stickers to SUVs?
I'd love to catch somebody try that on one of my vehicles, except that I'd probably spend more time in jail than he would in the hospital...
Really bad idea: Dating a women who works in H.R. in your office.
Women who want an abortion generally choose abortion because they do not want to be pregnant. There is a difference.
In some cases, the women need an abortion because they have a medical condition which makes carrying a child to term potentially life threatening. In fact, pregnancy itself is a serious risk for any woman.
From http://www.plannedparenthood.org/articles/maternmo rt.html:
See also http://www.unfpa.org/mothers/facts.htm
The IT sector in Chicago is not that weak, but Divine is seriously messed up. I'm suprised that any good IT people are still hanging on.
My worst work experiences have been at pre-IPO and immediately-post-IPO dot-com's. I've worked for years at established, Fortune 1000, publically traded companies, and never had any of the problems you describe :-)
Perhaps a more telling question is:
"When did you go public? (When) do you plan to go public?"
Why give them the satisfaction of making you quit?