A firewall really isn't redundant. At home, maybe, but what percentage of the firewall market do you think home users make up? Compared to corporates running huge datacenters?
Of course, you're absolutely correct. Anyone who thinks that a single security device/solution will solve all their problems is barking. I was thinking from a more datacenter-oriented point of view, whereby I have lots of boxes, which may all only run a couple of services each (I have webservers, FTP servers, DNS servers, DB servers etc). The rules governing what data can go from A to B tend to get quite complex, and a centralised firewall solution to managing this is the most secure and maintainable.
Of course basic security procedures that you described should be applied over and above a firewall.
I'm not sure the the comments about firewalls are accurate. Sure, if every software maker paid attention well to security, then we'd be in a lot better position than we are now, but I'm not necessarily sure that building firewall-level security into every application is a good thing.
For example, if I want to restrict the access to a particular service to a few ip addresses, I'm more likely to do this on my firewall than on the service myself. Sure, the people who make the service could include that functionality, but I like the separation of security out away from the application. I like the fact that I control all my access in one place, and not across hundreds of application-specific config files. I believe modern filewalls can do all sorts of clever things such as coping with DoS attacks, stateful examination of network traffic etc etc etc. Can you imagine what it would be like if every single service had that functionality built in, but implemented slightly differently and with slightly different types of weakness in each one? Think of the duplicated functionality and bloat!
There's no such thing as software which is immune to malicious attack, but I like to keep my security weaknesses all in one place, and minimize them buy buying my firewalls from a company that has track record and experience in security issues, rather than a company that makes an ftp server for a living.
It's the support. Company A spends a large amount of money buying (say, Microsoft/Cisco/whatever) and at the same time takes out an expensive support contract. Company B uses FOSS.
Something goes wrong. Company A gets on the phone, and they have an engineer on-site within the hour, and the problem is fixed within 3 hours. Total cost? Loss of 3 hours business + SLA payouts.
Company B runs around for a bit trying to figure out what the hell it might have been, before flash-hiring a bunch of software consultants (thing $$$) to try and figure out what the problem is. These consultants probably resort to asking the question as to what went wrong on the FOSS's community forum. Problem eventually gets solved in 3 days. Total cost? Company B goes out of business.
FOSS is fantastic, but big corporates don't have time for it. They can't afford to have downtime (total significance depends on what business they're in, but in the business I work for, you lose a minute's worth of data, people buy from your competitor) and so buy the only thing on the market that comes with a decent support contract. This just happens to be stuff that's expensive in the first place (Windows etc).
As has been mentioned earlier, Universities are fine. If their phones/IT goes down, they don't lose money. Business is not like that.
This is interesting - for $300 they've created something that beats me spending my own time and money on building myself. Previously when I've seen "silent" under-the-tv boxes, they've been closer to $800. This is enough to make the average geek think "I'll just build one myself". That, however, takes time and effort, and there's no guarantee that it'll work properly at the end of it.
To get a barebones, including a nice case and decent psu for this price makes it worthwhile getting over a diy system. Only question is, does it suck because it's cheap?
Competing with one huge dominating company by using lots of little small companies to eat away at various markets it's in (as we have today with firefox, oo.org, google all nibbling at the markets that ms is in) OR Competing with one huge dominating company by getting one medium-sized company (google) to buy all the company's around it and essentially have a two-player marketplace.
I'm not actually sure which I'd prefer. The second model seems to be working in the CPU market, but that's not exactly comparing like with like. Hmmmm....
Well, that's what happens when you try and introduce a complex topic like network security into the consumer market, and subsequently fail at that task. They (the software manufacturers) fail not only in raising a suitable amount of awareness (if every single computer on the planet was behind a firewall, how many worms/malware would this stop?), but they also fail to do the job properly (not blocking outbound traffic) for those who do install their software.
Look at it this way. Every day, thousands of pictures get published by Reuters. Sure, every single one of them should be checked for people who manipulate them improperly, and this one was really laughably bad, but mistakes do happen.
The point is that this is one company that truely prides itself on its impartiality and freedom from bias. It makes the effort, which is a lot more that can be said for other news agencies. Sure, mistakes happen, and sometimes a reporter with a bias can put put an unfair spin on a story that gets through the editors. Doesn't make the editor a co-conspirator in the evil axis of biased reporting. This is a company that refused to use the word "terrorist" in the reporting of the 9/11 attacks because the word is emotive and its use implies an opinion of a side that has been picked. "One man's terrorist is another man's freedom fighter" is a phrase that was bandied around at the time. Instead, they'll use (and did use) the word "gunman" or "hijacker", because that's the fact that should be reported. The US media had an outcry, Reuters stuck by their guns, and they were right. "Terrorist" is an emotive word and shouldn't be used in fact-only reporting. Whether someone is a terrorist or not is for editorials and politicians to opinionate themselves over. A news agency should just report the facts, and Reuters try damn hard. Don't knock them completely just because they made a mistake which they corrected as soon as they could.
Depends on how you define desktop. It's not just grandma sitting at home checking her email. For that, she could use a P3.
I'm talking about people who work at home, but could still use the ability to handle more threads at once. Like working on a big spreadsheet, and then switching tasks to access or word whilst it's doing a big calculation. These aren't CAD-designing "power users", these are people using their PC.
Intel saying "We don't think the market is ready yet" = Intel saying "We can't do this yet".
Of course the market wants 8 cores. The market would take 32 cores and a pony if you shipped it. I've got plenty of uses for 32 cores. And a pony, come to think of it.
Intel saying "The market doesn't need 8 cores" = Intel saying "We can't really engineer 8 cores right now, we've hit some trouble".
Of course the market would like 8 cores. Markets are greedy for new stuff, that's how you keep on making money. Intel's covering their ass for putting 8 cores on their roadmap for anytime soon.
Ok, so someone sues AT&T for providing the government with data, and the judge rules that by even revealing whether this is the case or not would give away information about how the government gets it's data.
Does anyone else think that's slighty worrying? Now this has happened, no-one can ever sue any firm that may or may not be involved with helping the government out with intelligence, because the information resulting from such a case would lead to information becoming public domain about how the government performs its intelligence ops. So we're all screwed.
What I'd like to know is that if it's the case where you're only allowed to watch it, say twice, does it count if you start to watch it? I mean, it's a film, so it's going to be longer than an hour. What if I pay my $28, download it, start to watch it and get a BSOD because I've got a buggy codec (and also, hey, it's windows)? I reboot, do the same to make sure it wasn't a freak incident and it BSOD's again. So now I've started to play it twice (say my limit is two) and been unable to watch more than 5 seconds of it and can't fix the problem and watch it again because the file's gone and locked itself.
Do I get my money back?
Not even that, lets say I get an hour through my hour and a half film, and there's a corruption in the file which causes it to stop playing. The player crashes, so I load it up again, navigate to 59 mins and it crashes again. Do I get my money back? How do I prove that it was corrupted on download and that I didn't fire up notepad and let my mind go beserk.
This isn't so much of a problem for music, because the files are relitively small. With film, I'd guess that there is a higher chance of a problem just because the files are bigger and the codecs more complex.
This is a good idea, although distribution is a problem. The key could be sent in an encrypted mail to the user, with the password set to something specified in another encrypted mail. Once you've got the problem about giving the user a key and telling them the passphrase, you've actually got something that's pretty damn secure.
Interesting. If we have laws in countries which protect specific groups of people (for example, "journalists"), we should probably define better what a "journalist" is. Wikipedia reckons it's
journalist simply meant someone who wrote for journals... In the past century it has come to mean a writer for newspapers and magazines as well... Regardless of medium, the term journalist carries a connotation or expectation of professionalism in reporting, with consideration for truth, fairness, balance, decency and ethics.
That said, dictionary.com says that a journalist is:
1. One whose occupation is journalism.
2. One who keeps a journal.
Wonderfully insightful there. in any case, it seems that the definition is vague enough to say that a journalist is "anyone who frequently writes and publishes current affairs information", which neatly covers newspapers, magazines and bloggers (despite the fact that their "consideration for truth, fairness, balance, decency and ethics" is sometimes highly questionable). This should be enough to put an end to the "lets sue people with no money and aren't corporations" madness that apple seem to have been infected with.
Every day, we see more and more silly things to do with GPS and Google Earth. I, for one, embrace silliness.
Soon, we'll be able to draw big maps of the earth showing which countries are happier than others. There could be league tables of happiness, angryness, sadness, fear etc. Maybe entire gambling rings....
Slashdot Mirror
A firewall really isn't redundant. At home, maybe, but what percentage of the firewall market do you think home users make up? Compared to corporates running huge datacenters?
Of course, you're absolutely correct. Anyone who thinks that a single security device/solution will solve all their problems is barking. I was thinking from a more datacenter-oriented point of view, whereby I have lots of boxes, which may all only run a couple of services each (I have webservers, FTP servers, DNS servers, DB servers etc). The rules governing what data can go from A to B tend to get quite complex, and a centralised firewall solution to managing this is the most secure and maintainable.
Of course basic security procedures that you described should be applied over and above a firewall.
I'm not sure the the comments about firewalls are accurate. Sure, if every software maker paid attention well to security, then we'd be in a lot better position than we are now, but I'm not necessarily sure that building firewall-level security into every application is a good thing.
For example, if I want to restrict the access to a particular service to a few ip addresses, I'm more likely to do this on my firewall than on the service myself. Sure, the people who make the service could include that functionality, but I like the separation of security out away from the application. I like the fact that I control all my access in one place, and not across hundreds of application-specific config files. I believe modern filewalls can do all sorts of clever things such as coping with DoS attacks, stateful examination of network traffic etc etc etc. Can you imagine what it would be like if every single service had that functionality built in, but implemented slightly differently and with slightly different types of weakness in each one? Think of the duplicated functionality and bloat!
There's no such thing as software which is immune to malicious attack, but I like to keep my security weaknesses all in one place, and minimize them buy buying my firewalls from a company that has track record and experience in security issues, rather than a company that makes an ftp server for a living.
When, WHEN will Microsoft stop being late to the party?
- Faulty Hardware
- An inability to read
Any guesses which it is this time?It cost $9-15? Isn't that just because most of the stuff was donated?
Sucks.
It's the support. Company A spends a large amount of money buying (say, Microsoft/Cisco/whatever) and at the same time takes out an expensive support contract. Company B uses FOSS.
Something goes wrong. Company A gets on the phone, and they have an engineer on-site within the hour, and the problem is fixed within 3 hours. Total cost? Loss of 3 hours business + SLA payouts.
Company B runs around for a bit trying to figure out what the hell it might have been, before flash-hiring a bunch of software consultants (thing $$$) to try and figure out what the problem is. These consultants probably resort to asking the question as to what went wrong on the FOSS's community forum. Problem eventually gets solved in 3 days. Total cost? Company B goes out of business.
FOSS is fantastic, but big corporates don't have time for it. They can't afford to have downtime (total significance depends on what business they're in, but in the business I work for, you lose a minute's worth of data, people buy from your competitor) and so buy the only thing on the market that comes with a decent support contract. This just happens to be stuff that's expensive in the first place (Windows etc).
As has been mentioned earlier, Universities are fine. If their phones/IT goes down, they don't lose money. Business is not like that.
I'll be able to hook this up to a server and run my console apps at a *really* high resolution.
This is interesting - for $300 they've created something that beats me spending my own time and money on building myself. Previously when I've seen "silent" under-the-tv boxes, they've been closer to $800. This is enough to make the average geek think "I'll just build one myself". That, however, takes time and effort, and there's no guarantee that it'll work properly at the end of it.
To get a barebones, including a nice case and decent psu for this price makes it worthwhile getting over a diy system. Only question is, does it suck because it's cheap?
It'd crack it 10 times quicker if they'd done it in perl :p
Google will buy Firefox!!!!
Seriously, which is the better scenario:
Competing with one huge dominating company by using lots of little small companies to eat away at various markets it's in (as we have today with firefox, oo.org, google all nibbling at the markets that ms is in) OR Competing with one huge dominating company by getting one medium-sized company (google) to buy all the company's around it and essentially have a two-player marketplace.
I'm not actually sure which I'd prefer. The second model seems to be working in the CPU market, but that's not exactly comparing like with like. Hmmmm....
Well, that's what happens when you try and introduce a complex topic like network security into the consumer market, and subsequently fail at that task. They (the software manufacturers) fail not only in raising a suitable amount of awareness (if every single computer on the planet was behind a firewall, how many worms/malware would this stop?), but they also fail to do the job properly (not blocking outbound traffic) for those who do install their software.
You jest!
I'm actually going to go do this. I'll do Shakespeare quotes, music tunes, Futurama quotes. Any others?
And banks would never have employee fraud if they had no employees. What's your point?
Look at it this way. Every day, thousands of pictures get published by Reuters. Sure, every single one of them should be checked for people who manipulate them improperly, and this one was really laughably bad, but mistakes do happen.
The point is that this is one company that truely prides itself on its impartiality and freedom from bias. It makes the effort, which is a lot more that can be said for other news agencies. Sure, mistakes happen, and sometimes a reporter with a bias can put put an unfair spin on a story that gets through the editors. Doesn't make the editor a co-conspirator in the evil axis of biased reporting. This is a company that refused to use the word "terrorist" in the reporting of the 9/11 attacks because the word is emotive and its use implies an opinion of a side that has been picked. "One man's terrorist is another man's freedom fighter" is a phrase that was bandied around at the time. Instead, they'll use (and did use) the word "gunman" or "hijacker", because that's the fact that should be reported. The US media had an outcry, Reuters stuck by their guns, and they were right. "Terrorist" is an emotive word and shouldn't be used in fact-only reporting. Whether someone is a terrorist or not is for editorials and politicians to opinionate themselves over. A news agency should just report the facts, and Reuters try damn hard. Don't knock them completely just because they made a mistake which they corrected as soon as they could.
Depends on how you define desktop. It's not just grandma sitting at home checking her email. For that, she could use a P3.
I'm talking about people who work at home, but could still use the ability to handle more threads at once. Like working on a big spreadsheet, and then switching tasks to access or word whilst it's doing a big calculation. These aren't CAD-designing "power users", these are people using their PC.
Intel saying "We don't think the market is ready yet" = Intel saying "We can't do this yet". Of course the market wants 8 cores. The market would take 32 cores and a pony if you shipped it. I've got plenty of uses for 32 cores. And a pony, come to think of it.
Intel saying "The market doesn't need 8 cores" = Intel saying "We can't really engineer 8 cores right now, we've hit some trouble". Of course the market would like 8 cores. Markets are greedy for new stuff, that's how you keep on making money. Intel's covering their ass for putting 8 cores on their roadmap for anytime soon.
Ok, so someone sues AT&T for providing the government with data, and the judge rules that by even revealing whether this is the case or not would give away information about how the government gets it's data. Does anyone else think that's slighty worrying? Now this has happened, no-one can ever sue any firm that may or may not be involved with helping the government out with intelligence, because the information resulting from such a case would lead to information becoming public domain about how the government performs its intelligence ops. So we're all screwed.
I wouldn't pay to download a movie. I'd buy it on dvd.
What I'd like to know is that if it's the case where you're only allowed to watch it, say twice, does it count if you start to watch it? I mean, it's a film, so it's going to be longer than an hour. What if I pay my $28, download it, start to watch it and get a BSOD because I've got a buggy codec (and also, hey, it's windows)? I reboot, do the same to make sure it wasn't a freak incident and it BSOD's again. So now I've started to play it twice (say my limit is two) and been unable to watch more than 5 seconds of it and can't fix the problem and watch it again because the file's gone and locked itself.
Do I get my money back?
Not even that, lets say I get an hour through my hour and a half film, and there's a corruption in the file which causes it to stop playing. The player crashes, so I load it up again, navigate to 59 mins and it crashes again. Do I get my money back? How do I prove that it was corrupted on download and that I didn't fire up notepad and let my mind go beserk.
This isn't so much of a problem for music, because the files are relitively small. With film, I'd guess that there is a higher chance of a problem just because the files are bigger and the codecs more complex.
This is a good idea, although distribution is a problem. The key could be sent in an encrypted mail to the user, with the password set to something specified in another encrypted mail. Once you've got the problem about giving the user a key and telling them the passphrase, you've actually got something that's pretty damn secure.
Every day, we see more and more silly things to do with GPS and Google Earth. I, for one, embrace silliness.
Soon, we'll be able to draw big maps of the earth showing which countries are happier than others. There could be league tables of happiness, angryness, sadness, fear etc. Maybe entire gambling rings....
Dammit :-*(