Not to mention anything encrypted via AH+ESP is actually useless. Oh and tunneling? How often would they drop at the expense of one router failing. There is no mention either about trust factors. Would these nodes+receivers be configurable to accept certifications, preshared keys, MD5 (or better) checksums. This has gotten to be the biggest *cough* rip off of stating "Hey I invented P2P!... But its for routers! And uh, its connectionless so don't expect error control or recovery! Isn't that cool!"
Firstly, this might work for P2P, DHCP, home based (l)users, but it would never be functional in a real world business network. For one, lets take into consideration security. How would this network carry IPSec tunnel information. Those packet headers need to stay in tact not come from ranDumb address. Not only that, they're introducing n+r number of failures where n = number of nodes and r = number of receivers. Secondly sequencing... Would be a nightmare. How would each node know sequencing. What happens if one fails, the sender would have to resend to ALL routers since there is no mention of a mechanism to detect which sequence went where in this topology. Finally... Anything that has to do with governments and routers leads me to remember AT&T and the NSA's taps... First of all, I don't want/need anyone managing my traffic nor would I want to configure this nightmare. It reeks worse than IS-IS + OSPF + MOSPF + MCAST combined on steroids... (My CCIE R&S/Security lab)
To say... I pity you guys/gals in England. And I thought we had a police state here in the United States. At least we keep ours under differing names (TIA/ONI/DCS1000+2000+3000+4000) and flush the minds of the people with news on Bratney, Lindsay, Paris, etc. to keep them dumb. You guys get no break.
In the article... "You'll watch a program when it's convenient for you instead of when a broadcaster chooses to air it." I wonder if he'll soon say... "You'll watch a program when it's convenient for your broadcaster to decipher whether or not by you watching it, it is not pirated, the operating system pushing your media center is not pirated, it has passed the then behemoth MPAA/RIAA/DoJ/DHS joint task force aptly named NOMIND or "National Oversight on Mentally Intergrating National Deficencies" benchmark tests which include:
1) Methods to ensure proper copyrighted procedures (RIAA)
2) Methods to ensure proper filtering and re-programming the American Apple Pie way (MPAA)
3) Methods to ensure political correctedness (addenDumb to new DoJ/Christian Law "Thou shall not criticize thine government" doctrine)
4) Methods to ensure Osama is not in your living room and or you are not exporting crypto to him or his terrorist via any methods including telekinesis.
Will Moreno be able to pilot the penguin-tipped Indy car to victory next week at the 91st Indianapolis 500? No they won't. Haven't you seen the latest latest latest news? Because the car is using Linux anywhere whether its on a sticker, under someone's breathe, it should be obvious that the car its owner, its pit crew, and the tires have infringed on MS patents. I thought you knew by now that Microsoft patented Indy 500.
While I don't believe in censorship, this will likely last extremely briefly. For one, pedophiles will likely lurk there... Secondly, judging by what the US government is doing - censoring troops from MySpace, etc, soldiers will likely post videos there to the dismay of politically idiotic government who will call for a ban... Not to mention moronic terrorists using it as a forum to post their hatred. Hey I'm all for it, but expect it to last no more than a half a year.
A highly complex safety-critical system? Oh you're right. It's ok if it fails. Its not like its safety-critical or anything. Besides it was only the network that caused it to collapse. You're right no need to wave a magic wand and have people collaborate on setting up something that works. We'll wait for true blue self defending/repairing networks to be available and let the network fix itself. Wow. Do you by any chance work for Cisco or someone else spouting these "Next generation self defending networks"?
Firstly you need to draw up a business plan for yourself and keep in mind the lifetime expectency for technology is about three years. So ask yourself some broad/basic questions and go from there
1) What are your goals. Are they to save money?
2) Do you truly believe you will need "Gold/Platinum" support?
3) Can we get by without some of the big guys? (Dell/HP/etc.)
4) Is there room for savings/alternatives? (Dotproject vs. MS Project... Surgemail vs. Exchange + Outlook)
For 50 users, I'll give you a summary of what I worked with at one point a while back... Computers were a combo of Gateway and Acers we purchased off an auction lot. Most were from a business that went under. Minus HD's... We spent about $100.00 each for about 70 machines. Disks? We brought them in a lot as well. Servers, we purchased our own 1 Sun Netra 1 280r off of eBay for databases. Total cost about 500.00 for the servers. We purchased a brand new 2U server from Tiger and slapped on Linux for LAMP stuff and used SugarCRM, Surgemail, and Dotproject. Surgemail itself saved us big bucks from having to be scammed into using MS Exchange, etc.. Dotproject saved us from buying Project Server which we would have needed for what we needed to do. At first project managers didn't like it, but they also had Project on their personal machines anyway... They got over it. Project + Exchange for that SoHo (3 offices 70 or so people) would have been in excess of about 40k. (remember... seats, etc.). We ran NFS, Samba, and a couple of other things which were transparent to the layfolk. Bottom line we spent under 20k setting it up. Our most expensive purchases were Netscreen's to keep things secured (VPNs). Those cost us about 3k each.
After yet re-reading, I find this government even more insanely stupider than I would have hoped for... Such failures are common among PLC and supervisory control and data acquisition (SCADA) systems, because the manufacturers do not test the devices' handling of bad data, said Dale Peterson, CEO of industrial system security firm DigitalBond.
"What is happening in this marketplace is that vendors will build their own (network) stacks to make it cheaper," Peterson said. "And it works, but when (the device) gets anything that it didn't expect, it will gag." So you mean to tell me pretty much there is no enforcement for manufacturers to maintain compliance on their products even if those products are going into a nuclear *ANYTHING... Which on the worst case scenario could cause catastrophe, yet we have regulatory commissions on the flow of ketchup, regulatory commissions/directions/etc., on weight loss products, lipsticks, etc. (FDA), but this place is not concerned with nuclear plants. Sinful.
Firstly I would re-design that entire infrastructure and rid that power plant of incompetent IT people. Secondly I would hold those in power responsible for 1) not having failover measures in place 2) not having a stable and robust enough infrastructure in place 3) obviously not being SCADA compliant. If they can't pass IT security implement simplistic measures such as a properly designed network, it makes me wonder about the physical security aspects of it. What am I paying higher taxes for everytime the gov cries about strenghtening infrastructure when they couldn't even avoid something as stupid and as simple as a 1) safe 2) stable network. Why wasn't there any failover who knows. Insanity when three different agencies can all come down on one agency instead of WORKING with that agency to take corrective measures. US Tax dollars at work. We need to redesign infrastructure and some of these idiots in office.
Microsoft says New York Stock Exchange infringes on Microsoft's patent "Letter C in System". Microsoft broad patent invoking the use of the letter C on a file system has some industry experts worried. "We were completely unaware that Microsoft had the rights to the letter c on any operating system. This is going to cost us enormously. We thought we would save twice as much money, but with this frivolous lawsuit pending, we stand to lose four times as much" stated an anonymous expert at the NYSE." Microsoft's shared plummeted after an irrate Linux developer injected a logicbomb code on NYSE servers.
This reminds me of 2001 Chinese hackers said Tuesday they have begun to hit American computer networks with denial-of-service attacks, and also claim to have placed mass-attack tools into four large American computer networks. A new alert from the FBI-led National Infrastructure Protection Center (NIPC) confirms that hackers have been particularly active over the past two days. The distributed-denial-of-service attacks on the Department of the Interior's National Business Center, the U.S. Geological Survey's site and Pacific Bell Internet Services are among the largest so far. (Is This World Cyber War I).
Economics will eventually take a big hit in the future with regards to cyberwarfare. A lot of times I'll read articles and comments with "so what better computers then people". Often those commenting don't think about the repercussions that come from a collapsed economy... That will lead to a shoddier quality of life, more crime and eventually more violence. Isn't this the case for the gaming community with so called "Gold Farmers" from China waging off-line attacks now... Meaning people actually escalating a scenario to non Internet mediums...
I regularly read articles about terrorists using cell phones to trigger bombs. The Thai government seems to be particularly worried about this; two years ago I blogged about a particularly bizarre movie-plot threat along these lines. And last year I blogged about the cell phone network being restricted after the Mumbai terrorist bombings.
Seven million Americans - one in every 32 adults - were behind bars, on probation or on parole at the end of 2005, according to the U.S. Justice Department. Of those, 2.2 million were in prison or jail, an increase of 2.7 percent over the previous year, according to a report released Wednesday. Source
I seriously wonder what these companies will do when just about everyone of legal voting age has had some kind of a run in with the law. Interestingly, in Sweden and some other Euro countries (states whatever they call themselves now), its illegal for an employer to ask these same questions... "Have you ever been convicted of..." buck stops there in Europe. Better would be to ask "Are you qualified for the job... If you've ever been convicted of anything, do you think it will hinder you from the position you are applying for..." Or something carefully worded along those lines.
SEC Requires it for financial firms. I had to go through this when I did contract work for IBM because they were contracted to do work for a bank. If she has nothing to hide, what's the big deal. I have a record and I fully disclosed it in my application prior to even taking the fingerprints. I still got the contract work although I may be a rare exception. This is a funny stance employers will have to look at in the near (and I mean near future). Here in the US, 1 in every about 50 or so citizens has been either incarcerated or has a record. In 2001 it was 1 in every 87. What will US firms do when this number comes down to 1 in 10. Outsource America entirely...
You know, I've despised Dell for years but I have to give some credit to them for not wanting to support certain (l)users. E.g. Customer buys a Dell loaded with Crapafee Virus scanner... Crapafee acts up... (l)User calls Dell. Another example... (l)User craps out their machine with infestations of malware and junkware... (l)User calls Dell bitching and moaning... My analogy on it all... "You buy a Honda. Then go out and buy a Harmon Kardon radio system for it... Radio acts up..." Why in the world would you bring it to Honda? 1) Its not Honda's problem. 2) Its not Honda's problem and 3) Its not Honda's problem. I've had the unfortunate circumstance of calling Dell in Colorado (Colorado, New Delhi that is), and have had my issues resolved quickly. On the other hand I won't beat around the bush and tell whomever firsthand. Look I rebooted, I did this, I did that. And to make things more dramatic, I scour Google for error codes on hardware so I can bypass all the fuzzy "read from the script Mandinipuor" garbage tech support spews... Its not always Dell's fault some of the idiots are luzers
Ive got the security tool you need
on
Security Metrics
·
· Score: 4, Funny
So I change my Caller ID to 1800MASTERCARD and call a ranDumb stranger "Hi this is Jesse James from Mastercard calling to confirm your credit card number..." Think it doesn't work. Can't blame people for being trusting/stupid.
You didn't read the fact that I said it could go either way for both parties and in the end it will only matter to them. Say what you will about precedence but the fact is, caselaw changes often. The problem with this case will be keeping the jury from falling asleep because they will (repeat WILL) be bored by a case which can be pretty long, too technological for them to comprehend. My case lasted one week and a juror slept (not kidding) and was given a warning. Do you think that juror had any idea or cared what went on? I was 27 when I was in court. My peers? Oh those guys/gals... They were 50ish computer phobes... And so the questioning began for prospective jurors "What's your favorite tv show?... Law and Order" (good juror said the prosecutor...) "What's your profession?... I'm a copyright lawyer for a dotcom"... (you are the weakest link... said the prosecutor). If you've never been to a trial or sat on jury duty you shouldn't comment because you won't know the TRUE mechanisms of how it really works regardless of the outcome. The outcome means nothing to the jurors at the end of the day, most will want to get out of jury duty and just get back to normal life duties.
Slashdot Mirror
Not to mention anything encrypted via AH+ESP is actually useless. Oh and tunneling? How often would they drop at the expense of one router failing. There is no mention either about trust factors. Would these nodes+receivers be configurable to accept certifications, preshared keys, MD5 (or better) checksums. This has gotten to be the biggest *cough* rip off of stating "Hey I invented P2P!... But its for routers! And uh, its connectionless so don't expect error control or recovery! Isn't that cool!"
Firstly, this might work for P2P, DHCP, home based (l)users, but it would never be functional in a real world business network. For one, lets take into consideration security. How would this network carry IPSec tunnel information. Those packet headers need to stay in tact not come from ranDumb address. Not only that, they're introducing n+r number of failures where n = number of nodes and r = number of receivers. Secondly sequencing... Would be a nightmare. How would each node know sequencing. What happens if one fails, the sender would have to resend to ALL routers since there is no mention of a mechanism to detect which sequence went where in this topology. Finally... Anything that has to do with governments and routers leads me to remember AT&T and the NSA's taps... First of all, I don't want/need anyone managing my traffic nor would I want to configure this nightmare. It reeks worse than IS-IS + OSPF + MOSPF + MCAST combined on steroids... (My CCIE R&S/Security lab)
To say... I pity you guys/gals in England. And I thought we had a police state here in the United States. At least we keep ours under differing names (TIA/ONI/DCS1000+2000+3000+4000) and flush the minds of the people with news on Bratney, Lindsay, Paris, etc. to keep them dumb. You guys get no break.
I better make my move and trademark Linus before that stupid Charlie Brown character makes a power move...
In the article... "You'll watch a program when it's convenient for you instead of when a broadcaster chooses to air it." I wonder if he'll soon say... "You'll watch a program when it's convenient for your broadcaster to decipher whether or not by you watching it, it is not pirated, the operating system pushing your media center is not pirated, it has passed the then behemoth MPAA/RIAA/DoJ/DHS joint task force aptly named NOMIND or "National Oversight on Mentally Intergrating National Deficencies" benchmark tests which include:
1) Methods to ensure proper copyrighted procedures (RIAA)
2) Methods to ensure proper filtering and re-programming the American Apple Pie way (MPAA)
3) Methods to ensure political correctedness (addenDumb to new DoJ/Christian Law "Thou shall not criticize thine government" doctrine)
4) Methods to ensure Osama is not in your living room and or you are not exporting crypto to him or his terrorist via any methods including telekinesis.
Mickey: Hi kids do you know what copyright is? Kids: Is that when you sued my dead grandmother Mickey? Mickey: That's right kids...
Will Moreno be able to pilot the penguin-tipped Indy car to victory next week at the 91st Indianapolis 500? No they won't. Haven't you seen the latest latest latest news? Because the car is using Linux anywhere whether its on a sticker, under someone's breathe, it should be obvious that the car its owner, its pit crew, and the tires have infringed on MS patents. I thought you knew by now that Microsoft patented Indy 500.
While I don't believe in censorship, this will likely last extremely briefly. For one, pedophiles will likely lurk there... Secondly, judging by what the US government is doing - censoring troops from MySpace, etc, soldiers will likely post videos there to the dismay of politically idiotic government who will call for a ban... Not to mention moronic terrorists using it as a forum to post their hatred. Hey I'm all for it, but expect it to last no more than a half a year.
A highly complex safety-critical system? Oh you're right. It's ok if it fails. Its not like its safety-critical or anything. Besides it was only the network that caused it to collapse. You're right no need to wave a magic wand and have people collaborate on setting up something that works. We'll wait for true blue self defending/repairing networks to be available and let the network fix itself. Wow. Do you by any chance work for Cisco or someone else spouting these "Next generation self defending networks"?
1) What are your goals. Are they to save money?
2) Do you truly believe you will need "Gold/Platinum" support?
3) Can we get by without some of the big guys? (Dell/HP/etc.)
4) Is there room for savings/alternatives? (Dotproject vs. MS Project... Surgemail vs. Exchange + Outlook)
For 50 users, I'll give you a summary of what I worked with at one point a while back... Computers were a combo of Gateway and Acers we purchased off an auction lot. Most were from a business that went under. Minus HD's... We spent about $100.00 each for about 70 machines. Disks? We brought them in a lot as well. Servers, we purchased our own 1 Sun Netra 1 280r off of eBay for databases. Total cost about 500.00 for the servers. We purchased a brand new 2U server from Tiger and slapped on Linux for LAMP stuff and used SugarCRM, Surgemail, and Dotproject. Surgemail itself saved us big bucks from having to be scammed into using MS Exchange, etc.. Dotproject saved us from buying Project Server which we would have needed for what we needed to do. At first project managers didn't like it, but they also had Project on their personal machines anyway... They got over it. Project + Exchange for that SoHo (3 offices 70 or so people) would have been in excess of about 40k. (remember... seats, etc.). We ran NFS, Samba, and a couple of other things which were transparent to the layfolk. Bottom line we spent under 20k setting it up. Our most expensive purchases were Netscreen's to keep things secured (VPNs). Those cost us about 3k each.
After yet re-reading, I find this government even more insanely stupider than I would have hoped for... Such failures are common among PLC and supervisory control and data acquisition (SCADA) systems, because the manufacturers do not test the devices' handling of bad data, said Dale Peterson, CEO of industrial system security firm DigitalBond.
"What is happening in this marketplace is that vendors will build their own (network) stacks to make it cheaper," Peterson said. "And it works, but when (the device) gets anything that it didn't expect, it will gag." So you mean to tell me pretty much there is no enforcement for manufacturers to maintain compliance on their products even if those products are going into a nuclear *ANYTHING... Which on the worst case scenario could cause catastrophe, yet we have regulatory commissions on the flow of ketchup, regulatory commissions/directions/etc., on weight loss products, lipsticks, etc. (FDA), but this place is not concerned with nuclear plants. Sinful.
Firstly I would re-design that entire infrastructure and rid that power plant of incompetent IT people. Secondly I would hold those in power responsible for 1) not having failover measures in place 2) not having a stable and robust enough infrastructure in place 3) obviously not being SCADA compliant. If they can't pass IT security implement simplistic measures such as a properly designed network, it makes me wonder about the physical security aspects of it. What am I paying higher taxes for everytime the gov cries about strenghtening infrastructure when they couldn't even avoid something as stupid and as simple as a 1) safe 2) stable network. Why wasn't there any failover who knows. Insanity when three different agencies can all come down on one agency instead of WORKING with that agency to take corrective measures. US Tax dollars at work. We need to redesign infrastructure and some of these idiots in office.
Microsoft says New York Stock Exchange infringes on Microsoft's patent "Letter C in System". Microsoft broad patent invoking the use of the letter C on a file system has some industry experts worried. "We were completely unaware that Microsoft had the rights to the letter c on any operating system. This is going to cost us enormously. We thought we would save twice as much money, but with this frivolous lawsuit pending, we stand to lose four times as much" stated an anonymous expert at the NYSE." Microsoft's shared plummeted after an irrate Linux developer injected a logicbomb code on NYSE servers.
This reminds me of 2001 Chinese hackers said Tuesday they have begun to hit American computer networks with denial-of-service attacks, and also claim to have placed mass-attack tools into four large American computer networks. A new alert from the FBI-led National Infrastructure Protection Center (NIPC) confirms that hackers have been particularly active over the past two days. The distributed-denial-of-service attacks on the Department of the Interior's National Business Center, the U.S. Geological Survey's site and Pacific Bell Internet Services are among the largest so far. (Is This World Cyber War I).
Economics will eventually take a big hit in the future with regards to cyberwarfare. A lot of times I'll read articles and comments with "so what better computers then people". Often those commenting don't think about the repercussions that come from a collapsed economy... That will lead to a shoddier quality of life, more crime and eventually more violence. Isn't this the case for the gaming community with so called "Gold Farmers" from China waging off-line attacks now... Meaning people actually escalating a scenario to non Internet mediums...
http://www.law.uc.edu/CCL/34ActRls/rule17f-2.html
Triggering Bombs by Remote Key Entry Devices
I regularly read articles about terrorists using cell phones to trigger bombs. The Thai government seems to be particularly worried about this; two years ago I blogged about a particularly bizarre movie-plot threat along these lines. And last year I blogged about the cell phone network being restricted after the Mumbai terrorist bombings.
Source
Seven million Americans - one in every 32 adults - were behind bars, on probation or on parole at the end of 2005, according to the U.S. Justice Department. Of those, 2.2 million were in prison or jail, an increase of 2.7 percent over the previous year, according to a report released Wednesday. Source
I seriously wonder what these companies will do when just about everyone of legal voting age has had some kind of a run in with the law. Interestingly, in Sweden and some other Euro countries (states whatever they call themselves now), its illegal for an employer to ask these same questions... "Have you ever been convicted of..." buck stops there in Europe. Better would be to ask "Are you qualified for the job... If you've ever been convicted of anything, do you think it will hinder you from the position you are applying for..." Or something carefully worded along those lines.
SEC Requires it for financial firms. I had to go through this when I did contract work for IBM because they were contracted to do work for a bank. If she has nothing to hide, what's the big deal. I have a record and I fully disclosed it in my application prior to even taking the fingerprints. I still got the contract work although I may be a rare exception. This is a funny stance employers will have to look at in the near (and I mean near future). Here in the US, 1 in every about 50 or so citizens has been either incarcerated or has a record. In 2001 it was 1 in every 87. What will US firms do when this number comes down to 1 in 10. Outsource America entirely...
You know, I've despised Dell for years but I have to give some credit to them for not wanting to support certain (l)users. E.g. Customer buys a Dell loaded with Crapafee Virus scanner... Crapafee acts up... (l)User calls Dell. Another example... (l)User craps out their machine with infestations of malware and junkware... (l)User calls Dell bitching and moaning... My analogy on it all... "You buy a Honda. Then go out and buy a Harmon Kardon radio system for it... Radio acts up..." Why in the world would you bring it to Honda? 1) Its not Honda's problem. 2) Its not Honda's problem and 3) Its not Honda's problem. I've had the unfortunate circumstance of calling Dell in Colorado (Colorado, New Delhi that is), and have had my issues resolved quickly. On the other hand I won't beat around the bush and tell whomever firsthand. Look I rebooted, I did this, I did that. And to make things more dramatic, I scour Google for error codes on hardware so I can bypass all the fuzzy "read from the script Mandinipuor" garbage tech support spews... Its not always Dell's fault some of the idiots are luzers
Guaranteed to protect your investments from intruders no ifs ands or butts
Seems like they sued El Register too! http://www.theregister.co.uk/2007/05/16/ravicher_m icrosoft_oss_patent/ 404! How far are they going now! The sky is falling the sky is falling
So I change my Caller ID to 1800MASTERCARD and call a ranDumb stranger "Hi this is Jesse James from Mastercard calling to confirm your credit card number..." Think it doesn't work. Can't blame people for being trusting/stupid.
Infested with viruses foo foo foo... Ubuntu is not for grannies damnit
Method and apparatus for clicking
Abstract
A click is made when someone's finger presses down on a mouse
Inventors: Microsoft
Assignee: Microsoft
Filed: March 14, 1929
See!
You didn't read the fact that I said it could go either way for both parties and in the end it will only matter to them. Say what you will about precedence but the fact is, caselaw changes often. The problem with this case will be keeping the jury from falling asleep because they will (repeat WILL) be bored by a case which can be pretty long, too technological for them to comprehend. My case lasted one week and a juror slept (not kidding) and was given a warning. Do you think that juror had any idea or cared what went on? I was 27 when I was in court. My peers? Oh those guys/gals... They were 50ish computer phobes... And so the questioning began for prospective jurors "What's your favorite tv show? ... Law and Order" (good juror said the prosecutor...) "What's your profession? ... I'm a copyright lawyer for a dotcom" ... (you are the weakest link... said the prosecutor). If you've never been to a trial or sat on jury duty you shouldn't comment because you won't know the TRUE mechanisms of how it really works regardless of the outcome. The outcome means nothing to the jurors at the end of the day, most will want to get out of jury duty and just get back to normal life duties.