Maybe I was a bit harsh, but statements like "Can't Lock Linux Down" tends to lead one to believe that the knowledge being imparted is inaccurate.
I guess to further this, why do we need to lock things down further? Remove any packages that aren't needed, install only what is needed. I think in the same way it shouldn't be necessary to lock down windows as much as we do, but unfortunately it is forced upon us due to the many nasties floating around the internet. I think businesses need to think differently, trying to apply old practices used on the windows platform to the linux platform is probably quite unnecessary.
Which probably works rather well in a Technology based company. But in an Industry where technology is far from the focus and appears as "cost" of doing business to the higher ups and a proportion of the users have trouble using their mice, love screen savers and porn, your thinking has to change. Then there are viruses, malware, smitfraud etc that are so prevalent in even the most "innocent" of sites, you just can't blame them for having a laptop popping up with Antivirus 2009 etc.
For our next implementation I want to lock things down further as currently it's hard with the types of Apps people require that need admin rights (unless our department pays to get things re-written this won't change and we don't have the budget for that!). I'm thinking sudowin may be the answer.
Huh wah?? Obviously you must be from a parallel universe, rather uninformed or a clever troll. I manage the desktop branch of a medium - large sized organisation and the amount of pain involved in locking machines down in the distributed workforce age is quite painful. Sure there are apps to aid this (we employ ZenWorks) and they do work really well, but you can't have used anything more then a default install of Ubuntu. Honestly the amount of fine grained control mixed with sudo (neither run-as or UAC are sudo, they impersonate another user rather then privilege escalation) you get with *nix environment is leaps and bounds ahead of Windows. Admittedly group policy has some nice default templates, but as soon as you step an inch outside the norm (which is hard not to) be prepared for pain, so much so that the only place we employ GP is on our Terminal Services boxes. Even then a lot of the "Lock Down" is pretty much just obscuring things without actually adding any security.
Nice try, but I suggest you undertake a bit of a learning curve and you will be enlightened.
You obviously don't have to support a corporate user base. BES absolutely kicks ActiveSync's butt. MS are only just starting to get _some_ of the features RIM have had for years. But then again, my opinion of the whole blah vs. blah is horses for courses. The Blackberry is handsdown the best choice for a corporate manager on the move, but outside of that, unless you are way way obsessed with your email then maybe. Even then I probably wouldn't recommend it.
Indeed, but 5.5 years is a long time in the technology, so what might be fine now will may well be completely different by then. And note it's not being subsidised by the rest of Society, it is forcing providers not to lag and provide substandard service.
If every person in Australia could access a 1Mb service with no stupid caps and exorbitant pricing, I'm sure we'd be leaps and bounds ahead technology wise. 1.5Mbps would kill me, I'd be spending a lot of time waiting for the things I need to do my job. At any rate, there is no harm in technological advance, I say why hold back, why put limits. People thought Tesla was crazy, with his lightning bolts and all, but his inventions and research are in use all around us.
Isn't this just an extension of the universal service obligations commonly associated with telephone, electricity etc.?
Having said that, I don't really see the need for 100 Mbps internet access for everyone - it's expensive to provide, and what very important services does it provide that 1 Mbps won't?
Lots of things, trust me, the more bandwidth people can get access to, the more uses people will find. Imagine streaming blu-ray quality films to your lounge room over the internet? That's one example and there will be many others.
Just putting my 2c in regarding the summary and the comments
Distributed how? As in not in a office? Again, I thought we were talking about businesses.
Indeed and having all the PC's in labs might have worked 15 years ago, but I can tell you right now out of the 200 machines we support directly, about 20 are desktops that never move, about 80 we see regularly and about 100 we don't see until the lease expires. So your proposal to send an image at boot time is (with no risk of failure, because failure in the outback of Australia is not an option)
"Keyloggers could still capture the input from the Host OS."What about a Windows XP Live CD? I can understand why businesses are afraid to run Linux, it's unfamiliar to their IT and their employees, but I don't understand why they still deal with XP running from hard drives.
Does the licensing allow it? I don't think OEM licensing does. Maybe for Businesses with OBLs etc, but what about home users? What about getting a live disc, as far as I'm aware you have to create it, which isn't exactly hard(I use BartPE to speed up making our system images), but it isn't exactly a walk in the park, especially if you have painful network card drivers.
IMO, the path of least resistance in this scenario is certainly a linux LiveCD. Download, put in drive, boot up, open a browser and hey presto your banking.
Even 10+ yrs ago when I was in college they'd re-image the OS onto the hard drive within seconds over the network with every boot-up on PCs in the computer lab, and this was back on Pentium II PCs and 100mbit. Sounds like a pain for IT but it really made things much easier, just have one image of XP on a central server and update that and every PC that's rebooted throughout the entire campus pulls the same image over the network. Why don't they have a system like that? No virus or malware or problems with crashing, just reboot the PC and everything's back to normal.... hmm, actually this is starting to sound pretty good, I should do this at home.... thanks slashdot!
All well and good if all your PC's are in labs, doesn't quite work so well for a distributed work force. It's a battle we face at work and something we ponder everyday on how we can do it better.
Gah gotta reply to myself, Really should check my links work before posting, getting close to sleep time and my submit finger is being a little trigger happy! Pirate Party Australia
The case is only just beginning, don't pass judgement yet. Don't forget the Aussies fighting spirit, that iiNet appears to be proudly displaying. If you are Australian and you are reading this, there are things you can do, talk about it, write to your poli's, join the Pirate Party AU
Believe me, speaking as an Australian this isn't our line of thought. From iinet's news:
For the record, iiNet doesn't support any breaches of the law, including copyright theft. On the contrary, iiNet has led the industry with legal content offerings through our Freezone, including agreements with iTunes, ABC iView, Xbox, the West Australian Symphony Orchestra, Cruizin', Macquarie Digital TV, Barclays Premier League Football, Super 14 Rugby, Drift Racing 2007 and classic highlights of golf's four Majors.
We don't believe we should take any action which could result in the disconnection of a customer's service, based on poorly supported allegations. AFACT are asking us to be the investigator, judge and executioner despite their failure to provide us with tangible evidence.
The approach that AFACT has taken is akin to arguing that if a person were to use Australia Post to deliver a pirated DVD, Australia Post has authorised the pirated content on the DVD by delivering it.
And it seems, iinet's line of thinking, is more along the lines of what sensible aussies are thinking.
Given that one needs to buy a car, and you need one with sedan-type 4-person seating, what car purchase would you say is "greener" (lower pollution and minimizing fossil fuel consumption over its life)?
Not what I was saying. It gets used as "I'm Green" icon and far too often. You can survive without a car, you can survive by not using it as much and you can be green in many other ways without spending a bucket load on a car. Horses for courses really.
an electric engine with the same amount of horsepower is 5-10 times lighter and smaller than its petrol-powered cousin. So, it isn't the engine that's the problem with electric cars, but the batteries.
And how you generate/transport the power to charge them.
Also if you have to replace the batteries every 5 years from lack of use because you only use it to do the shopping on the weekend.
Being Green isn't about buying a "green" car, it's about changing the way you consume and how much you consume. It's a far far more complicated thing to quantify than a lot of people make out. That quote from green cars makes a lot of assumptions.
Well they are more of a fad/statement then anything else. You don't buy a Prius to be "green", you buy one to say "Look at me, I care about the environment". Now that may come off a bit trollish, but that certainly is the reality of the situation.
True enough point. But I can understand that people like that kind of functionality. It would be an awesome thing indeed if the ipod was like that, but then it would be harder to force you into using a complete apple stack.
Something I wish my ThermalTake Armor had! It's a pretty nice case, but damn I wish I bought the Aluminium model. Between the ups, my server and my PC that I moved around on the weekend, my back is a tad sore!
Slashdot Mirror
Maybe I was a bit harsh, but statements like "Can't Lock Linux Down" tends to lead one to believe that the knowledge being imparted is inaccurate.
I guess to further this, why do we need to lock things down further? Remove any packages that aren't needed, install only what is needed. I think in the same way it shouldn't be necessary to lock down windows as much as we do, but unfortunately it is forced upon us due to the many nasties floating around the internet. I think businesses need to think differently, trying to apply old practices used on the windows platform to the linux platform is probably quite unnecessary.
Which probably works rather well in a Technology based company. But in an Industry where technology is far from the focus and appears as "cost" of doing business to the higher ups and a proportion of the users have trouble using their mice, love screen savers and porn, your thinking has to change. Then there are viruses, malware, smitfraud etc that are so prevalent in even the most "innocent" of sites, you just can't blame them for having a laptop popping up with Antivirus 2009 etc.
For our next implementation I want to lock things down further as currently it's hard with the types of Apps people require that need admin rights (unless our department pays to get things re-written this won't change and we don't have the budget for that!). I'm thinking sudowin may be the answer.
Huh wah?? Obviously you must be from a parallel universe, rather uninformed or a clever troll. I manage the desktop branch of a medium - large sized organisation and the amount of pain involved in locking machines down in the distributed workforce age is quite painful. Sure there are apps to aid this (we employ ZenWorks) and they do work really well, but you can't have used anything more then a default install of Ubuntu. Honestly the amount of fine grained control mixed with sudo (neither run-as or UAC are sudo, they impersonate another user rather then privilege escalation) you get with *nix environment is leaps and bounds ahead of Windows. Admittedly group policy has some nice default templates, but as soon as you step an inch outside the norm (which is hard not to) be prepared for pain, so much so that the only place we employ GP is on our Terminal Services boxes. Even then a lot of the "Lock Down" is pretty much just obscuring things without actually adding any security.
Nice try, but I suggest you undertake a bit of a learning curve and you will be enlightened.
Nah She'll be back!
Sweet, the Terminator sitting on my Keyring may see action once again!
You obviously don't have to support a corporate user base. BES absolutely kicks ActiveSync's butt. MS are only just starting to get _some_ of the features RIM have had for years. But then again, my opinion of the whole blah vs. blah is horses for courses. The Blackberry is handsdown the best choice for a corporate manager on the move, but outside of that, unless you are way way obsessed with your email then maybe. Even then I probably wouldn't recommend it.
LMAO, I can't wait to have kids, I'm sure my Fiance will be pleased when the time comes.
Indeed, but 5.5 years is a long time in the technology, so what might be fine now will may well be completely different by then. And note it's not being subsidised by the rest of Society, it is forcing providers not to lag and provide substandard service.
If every person in Australia could access a 1Mb service with no stupid caps and exorbitant pricing, I'm sure we'd be leaps and bounds ahead technology wise. 1.5Mbps would kill me, I'd be spending a lot of time waiting for the things I need to do my job. At any rate, there is no harm in technological advance, I say why hold back, why put limits. People thought Tesla was crazy, with his lightning bolts and all, but his inventions and research are in use all around us.
Isn't this just an extension of the universal service obligations commonly associated with telephone, electricity etc.?
Having said that, I don't really see the need for 100 Mbps internet access for everyone - it's expensive to provide, and what very important services does it provide that 1 Mbps won't?
Lots of things, trust me, the more bandwidth people can get access to, the more uses people will find. Imagine streaming blu-ray quality films to your lounge room over the internet? That's one example and there will be many others.
Aren't we talking about businesses?
Just putting my 2c in regarding the summary and the comments
Distributed how? As in not in a office? Again, I thought we were talking about businesses.
Indeed and having all the PC's in labs might have worked 15 years ago, but I can tell you right now out of the 200 machines we support directly, about 20 are desktops that never move, about 80 we see regularly and about 100 we don't see until the lease expires. So your proposal to send an image at boot time is (with no risk of failure, because failure in the outback of Australia is not an option)
"Keyloggers could still capture the input from the Host OS." What about a Windows XP Live CD? I can understand why businesses are afraid to run Linux, it's unfamiliar to their IT and their employees, but I don't understand why they still deal with XP running from hard drives.
Does the licensing allow it? I don't think OEM licensing does. Maybe for Businesses with OBLs etc, but what about home users? What about getting a live disc, as far as I'm aware you have to create it, which isn't exactly hard(I use BartPE to speed up making our system images), but it isn't exactly a walk in the park, especially if you have painful network card drivers.
IMO, the path of least resistance in this scenario is certainly a linux LiveCD. Download, put in drive, boot up, open a browser and hey presto your banking.
Even 10+ yrs ago when I was in college they'd re-image the OS onto the hard drive within seconds over the network with every boot-up on PCs in the computer lab, and this was back on Pentium II PCs and 100mbit. Sounds like a pain for IT but it really made things much easier, just have one image of XP on a central server and update that and every PC that's rebooted throughout the entire campus pulls the same image over the network. Why don't they have a system like that? No virus or malware or problems with crashing, just reboot the PC and everything's back to normal.... hmm, actually this is starting to sound pretty good, I should do this at home.... thanks slashdot!
All well and good if all your PC's are in labs, doesn't quite work so well for a distributed work force. It's a battle we face at work and something we ponder everyday on how we can do it better.
Keyloggers could still capture the input from the Host OS.
No, but yours is ;-)
You should see these punchcards.
You can't show that on here! *averts eyes*
Gah gotta reply to myself, Really should check my links work before posting, getting close to sleep time and my submit finger is being a little trigger happy! Pirate Party Australia
That was close, nearly did that twice in a row!
The case is only just beginning, don't pass judgement yet. Don't forget the Aussies fighting spirit, that iiNet appears to be proudly displaying. If you are Australian and you are reading this, there are things you can do, talk about it, write to your poli's, join the Pirate Party AU
For the record, iiNet doesn't support any breaches of the law, including copyright theft. On the contrary, iiNet has led the industry with legal content offerings through our Freezone, including agreements with iTunes, ABC iView, Xbox, the West Australian Symphony Orchestra, Cruizin', Macquarie Digital TV, Barclays Premier League Football, Super 14 Rugby, Drift Racing 2007 and classic highlights of golf's four Majors.
We don't believe we should take any action which could result in the disconnection of a customer's service, based on poorly supported allegations. AFACT are asking us to be the investigator, judge and executioner despite their failure to provide us with tangible evidence.
The approach that AFACT has taken is akin to arguing that if a person were to use Australia Post to deliver a pirated DVD, Australia Post has authorised the pirated content on the DVD by delivering it.
And it seems, iinet's line of thinking, is more along the lines of what sensible aussies are thinking.
I find I'm pushing Disk/CPU/Network rather then limitations with SCP. I figure the encryption is causing the CPU load, the rest is obvious.
Bullfeathers.
Given that one needs to buy a car, and you need one with sedan-type 4-person seating, what car purchase would you say is "greener" (lower pollution and minimizing fossil fuel consumption over its life)?
Not what I was saying. It gets used as "I'm Green" icon and far too often. You can survive without a car, you can survive by not using it as much and you can be green in many other ways without spending a bucket load on a car. Horses for courses really.
an electric engine with the same amount of horsepower is 5-10 times lighter and smaller than its petrol-powered cousin. So, it isn't the engine that's the problem with electric cars, but the batteries.
And how you generate/transport the power to charge them.
Also if you have to replace the batteries every 5 years from lack of use because you only use it to do the shopping on the weekend.
Being Green isn't about buying a "green" car, it's about changing the way you consume and how much you consume. It's a far far more complicated thing to quantify than a lot of people make out. That quote from green cars makes a lot of assumptions.
Wonder how long Prius batteries will realistically last, especially if they don't get used often.
Well they are more of a fad/statement then anything else. You don't buy a Prius to be "green", you buy one to say "Look at me, I care about the environment". Now that may come off a bit trollish, but that certainly is the reality of the situation.
True enough point. But I can understand that people like that kind of functionality. It would be an awesome thing indeed if the ipod was like that, but then it would be harder to force you into using a complete apple stack.
Something I wish my ThermalTake Armor had! It's a pretty nice case, but damn I wish I bought the Aluminium model. Between the ups, my server and my PC that I moved around on the weekend, my back is a tad sore!