The "Cisco" RV042 (http://www.newegg.com/Product/Product.aspx?Item=N82E16833124160&Tpk=RV042) supports this, by having two WAN Ethernet ports. Plug them both in and go. Relatively inexpensive at $180, sometimes you can find deals online for them. I say "Cisco" because I think the hardware is just rebranded "Linksys" gear from before the merger.
Full disclosure is ONLY the ethical approach when you're working with a bloated company like Microsoft that cannot make commitments to fix problems. I'm head of QA at a software company and when a security problem is discovered in one of our products it is resolved within days, not weeks because I go to the head developer of the product directly for the fix. Our software is used worldwide and we take security very seriously. Of the security bugs I've handled during my time here that were not discovered internally, only one was reported to us privately and we had a fix in 2 days which was pushed out to customers the day after that build passed QA (4 days total for a fix). The rest were published as zero-day exploits online and got the exact same level of attention and focus, which is fixing it immediately.
During the process I stayed in touch with the person who reported it, providing updates and information about what steps we were taking, and also ensured they got credit for the find. I realize that a product like Windows can't be fixed in that short of a time, but the communication is the most important part of this process and it has to assure the bug reporter that their information is being taken seriously and acted upon. The burden here is on the software company, not on the reporter, because that reporter has to gauge their next move based on whether the developers will act on that information appropriately.
If Tavis tried to get a commitment from Microsoft for a fix and was blown off, good on him for reporting this publicly and getting a fire under their asses.
To the security researchers of the world - PLEASE, give the developers a chance to respond before assuming the worst.
A lot of end-users seem to complain about cryptic error messages that make no sense, eventually becoming densitized and giving up on the idea of being a valuable asset in troubleshooting.
A lot of admins complain about users who don't follow clear-cut, step-by-step directions who become burnt out by the apparent lack of interest the end users have in doing anything to help at all, even when it's clearly laid out.
I type away frenetically on a mail when all of a sudden a window pops up, takes focus, gets the space bar and disappears.
Now what the #£$ did it say? I will never know.
There is probably no other programming practice that pisses me off as much. Use needy windows if you have to, but capturing focus is the worst. So, how many people here have accidentally sent passwords to their work buddy because their IM program stole focus?
I have a lot of respect for computer users who get thrown in with software that sports poorly written error messages and excessive numbers of confirmation-required dialogs, forcing them to learn to just "click past" to get their work done. I respect these people when they understand to call tech support and follow directions as they are clearly provided.
I have no respect for computer users who refuse to follow clearly provided directions and then blame tech support. True story:
Me: Okay, in this command prompt we opened up I need you to type "ipconfig", spelled like "India", "Papa", "Charlie"... then hit "Enter" on the keyboard. Him: Okay, I typed that in but it just says "not recognized as a valid internal or external command" Me: Can you read back to me what you typed in before hitting "Enter"? Him, Angry: I don't get it, I typed "I" then a space, and then "Configure" just like you told me to!
Or...
Me: Okay, in the lower-left hand pane of the window there is a Log Pane that shows the error message I need to assist you. What does it say? Him: I don't know what you're talking about, there's no error in the lower-right hand part of the screen! Me: No sir, I need you to look in the lower-left hand part of the screen - what error does it say? Him: I'm telling you, there's no message, it just won't connect! Me: Okay, in that case can you just read off the last line of text in the lower-left hand corner of the screen? Him: It says "Error, could not open SFTP connection on port 22, connection timed out..."
There are shitty tech support people out there who give vague directions and then get pissed at their users because they can't magically extrapolate details or directions. I despise these people because they give decent support techs a bad name. However, I submit we'd have a lot fewer pissed off/burnt out support techs if more computer users were able to follow basic directions.
For Valentines this year, I am taking my girlfriend out to the Mitchell Park Domes - she gets to enjoy more flowers than I could possibly afford to buy her that will not die in a week and it will cost me less than buying plain-jane roses. Then we'll be off to get sushi at a nice restaurant. Not so much of a stunt as an unconventional and romantic day that we're more likely to remember than "Oh, you got me chocolate!".
I would say that their continual refusal to acknowledge or resolve clear and present security flaws along with their aggressive attempts to litigate against anyone independently testing their systems is reason enough for the reactions you see here.
So, how much did Sony pay to get free advertising in disease form?
And shouldn't most doctors nowadays already be familiar with "gaming sores" from the NES when they were in their twenties or younger?
I used to work for a WISP in southeastern WI with coverage in areas that cable/DSL wouldn't touch across three counties. They used Motorola Canopy (see http://en.wikipedia.org/wiki/Canopy_(wireless) and had great success with it. Canopy offers different frequency radios - their 2.4 and 5.2 GHz radios were great for residential in open areas but are LOS-only. 900 MHz radios filled in the gap for that somewhat, but because of high noise floor in that frequency range they were much more prone to interference/high latency. Especially since 900 MHz phones (or as we discovered 5.8 GHz phones, which actually include a 900 MHz backup transmitter), are quite common and resulted in quite the radio ruckus at the end user's site and a lot of wasted field service time.
Don't just pray that the company isn't California-based - pray that this company does not have a single clientin California. According to Cali's Mandatory Disclosure Law, any company that does business in California is required to notify clients in that state of any breaches in security. If the company does have clients in this state, it is legally obligated to disclose to those clients, and if that news reaches the press, they'll do your disclosure for you.
I work at a ISP/WISP - continuous connectivity is not only essential for our ability to do our work, but when a connection fails ANYWHERE (be it a break in our Canopy network, our DS3 going down, or a dialup number being routed improperly) it creates hell for the phone techs in the office (who then proceed to field hundreds of calls relating to it) and our NOC department (which has to try and fix it as quickly as possible with all of the phone techs breathing down their necks. Yeah, it's not the most efficiently managed office.
The internet IS our business, so either it works and we have jobs or it doesn't and our business would go under very quickly.
I work at a medium-sized ISP in southeastern WI, USA, and I'm proud to say that we maintain a strict policy that demands users keep their machines clean. When we see a user spamming or flooding the network with worm traffic etc, we suspend their connectivity until they clean things up. It's a 3 strike system too, so if they can't keep things under control, the third time we catch them at it they are no longer allowed to use our service.
Companies (ISP's especially) need to realize that by taking a serious stand on internal threats like this, they not only keep their own networks clean but slow down the spread of the kind of problems that flood their helpdesks day in and day out. Unfortunately, right now it can be much easier for execs to take a hands-off approach, hence the problems you've had getting bounced around from call to call.
Slashdot Mirror
The "Cisco" RV042 (http://www.newegg.com/Product/Product.aspx?Item=N82E16833124160&Tpk=RV042) supports this, by having two WAN Ethernet ports. Plug them both in and go. Relatively inexpensive at $180, sometimes you can find deals online for them. I say "Cisco" because I think the hardware is just rebranded "Linksys" gear from before the merger.
But honestly, Monica...
...time to order me a club sandwich and a cold Mexican beer to celebrate.
But honestly, Monica...
Full disclosure is ONLY the ethical approach when you're working with a bloated company like Microsoft that cannot make commitments to fix problems. I'm head of QA at a software company and when a security problem is discovered in one of our products it is resolved within days, not weeks because I go to the head developer of the product directly for the fix. Our software is used worldwide and we take security very seriously. Of the security bugs I've handled during my time here that were not discovered internally, only one was reported to us privately and we had a fix in 2 days which was pushed out to customers the day after that build passed QA (4 days total for a fix). The rest were published as zero-day exploits online and got the exact same level of attention and focus, which is fixing it immediately.
During the process I stayed in touch with the person who reported it, providing updates and information about what steps we were taking, and also ensured they got credit for the find. I realize that a product like Windows can't be fixed in that short of a time, but the communication is the most important part of this process and it has to assure the bug reporter that their information is being taken seriously and acted upon. The burden here is on the software company, not on the reporter, because that reporter has to gauge their next move based on whether the developers will act on that information appropriately.
If Tavis tried to get a commitment from Microsoft for a fix and was blown off, good on him for reporting this publicly and getting a fire under their asses.
To the security researchers of the world - PLEASE, give the developers a chance to respond before assuming the worst.
I think we may have chicken-and-egg problem here.
A lot of end-users seem to complain about cryptic error messages that make no sense, eventually becoming densitized and giving up on the idea of being a valuable asset in troubleshooting.
A lot of admins complain about users who don't follow clear-cut, step-by-step directions who become burnt out by the apparent lack of interest the end users have in doing anything to help at all, even when it's clearly laid out.
So, which came first?
I type away frenetically on a mail when all of a sudden a window pops up, takes focus, gets the space bar and disappears.
Now what the #£$ did it say? I will never know.
There is probably no other programming practice that pisses me off as much. Use needy windows if you have to, but capturing focus is the worst. So, how many people here have accidentally sent passwords to their work buddy because their IM program stole focus?
Put an animated gif of shaking boobs over the error message. 100% guaranteed read.
Followed by a 100% guaranteed "gender sensitivity" seminar.
I have a lot of respect for computer users who get thrown in with software that sports poorly written error messages and excessive numbers of confirmation-required dialogs, forcing them to learn to just "click past" to get their work done. I respect these people when they understand to call tech support and follow directions as they are clearly provided.
I have no respect for computer users who refuse to follow clearly provided directions and then blame tech support. True story:
Me: Okay, in this command prompt we opened up I need you to type "ipconfig", spelled like "India", "Papa", "Charlie"... then hit "Enter" on the keyboard.
Him: Okay, I typed that in but it just says "not recognized as a valid internal or external command"
Me: Can you read back to me what you typed in before hitting "Enter"?
Him, Angry: I don't get it, I typed "I" then a space, and then "Configure" just like you told me to!
Or...
Me: Okay, in the lower-left hand pane of the window there is a Log Pane that shows the error message I need to assist you. What does it say?
Him: I don't know what you're talking about, there's no error in the lower-right hand part of the screen!
Me: No sir, I need you to look in the lower-left hand part of the screen - what error does it say?
Him: I'm telling you, there's no message, it just won't connect!
Me: Okay, in that case can you just read off the last line of text in the lower-left hand corner of the screen?
Him: It says "Error, could not open SFTP connection on port 22, connection timed out..."
There are shitty tech support people out there who give vague directions and then get pissed at their users because they can't magically extrapolate details or directions. I despise these people because they give decent support techs a bad name. However, I submit we'd have a lot fewer pissed off/burnt out support techs if more computer users were able to follow basic directions.
I can eat glass and it doesn't hurt me!
Google Universal Translate - Offending colleagues in their own language faster and with more energy!
For Valentines this year, I am taking my girlfriend out to the Mitchell Park Domes - she gets to enjoy more flowers than I could possibly afford to buy her that will not die in a week and it will cost me less than buying plain-jane roses. Then we'll be off to get sushi at a nice restaurant. Not so much of a stunt as an unconventional and romantic day that we're more likely to remember than "Oh, you got me chocolate!".
So I may have missed something from the article, but are all forms of public-key encryption vulnerable or just certain algorithms?
You still end up with global causality violation if an object can communicate outside its light cone.
Oh shit, here comes the Eschaton: http://en.wikipedia.org/wiki/Singularity_Sky
Me!
I would say that their continual refusal to acknowledge or resolve clear and present security flaws along with their aggressive attempts to litigate against anyone independently testing their systems is reason enough for the reactions you see here.
So, how much did Sony pay to get free advertising in disease form? And shouldn't most doctors nowadays already be familiar with "gaming sores" from the NES when they were in their twenties or younger?
I used to work for a WISP in southeastern WI with coverage in areas that cable/DSL wouldn't touch across three counties. They used Motorola Canopy (see http://en.wikipedia.org/wiki/Canopy_(wireless) and had great success with it. Canopy offers different frequency radios - their 2.4 and 5.2 GHz radios were great for residential in open areas but are LOS-only. 900 MHz radios filled in the gap for that somewhat, but because of high noise floor in that frequency range they were much more prone to interference/high latency. Especially since 900 MHz phones (or as we discovered 5.8 GHz phones, which actually include a 900 MHz backup transmitter), are quite common and resulted in quite the radio ruckus at the end user's site and a lot of wasted field service time.
Don't just pray that the company isn't California-based - pray that this company does not have a single clientin California. According to Cali's Mandatory Disclosure Law, any company that does business in California is required to notify clients in that state of any breaches in security. If the company does have clients in this state, it is legally obligated to disclose to those clients, and if that news reaches the press, they'll do your disclosure for you.
I work at a ISP/WISP - continuous connectivity is not only essential for our ability to do our work, but when a connection fails ANYWHERE (be it a break in our Canopy network, our DS3 going down, or a dialup number being routed improperly) it creates hell for the phone techs in the office (who then proceed to field hundreds of calls relating to it) and our NOC department (which has to try and fix it as quickly as possible with all of the phone techs breathing down their necks. Yeah, it's not the most efficiently managed office.
The internet IS our business, so either it works and we have jobs or it doesn't and our business would go under very quickly.
I work at a medium-sized ISP in southeastern WI, USA, and I'm proud to say that we maintain a strict policy that demands users keep their machines clean. When we see a user spamming or flooding the network with worm traffic etc, we suspend their connectivity until they clean things up. It's a 3 strike system too, so if they can't keep things under control, the third time we catch them at it they are no longer allowed to use our service. Companies (ISP's especially) need to realize that by taking a serious stand on internal threats like this, they not only keep their own networks clean but slow down the spread of the kind of problems that flood their helpdesks day in and day out. Unfortunately, right now it can be much easier for execs to take a hands-off approach, hence the problems you've had getting bounced around from call to call.
Yay for Farraday cages! lol I wonder if someone already has a patent on those, though...