That's great, but it doesn't really tell you anything about how the parts work :)

Sadly that's not going to happen until people put more priority on other people than they do on invisible lines that old dead people drew that really have no purpose other than making us hate each other.

Really, that's all they need to do to secure funding. "We have reliable intelligence saying that somewhere, some how, space terrorists will act terroristly."

What about my welcome?

People don't understand how important GPS is these days. Loran has been more or less shuttered, so there's no real backup. The part that really scares me is that oil rigs are held stationary by massive rotors. Those rotors are controlled by GPS. If they lose signal, imagine every oil rig on earth suddenly snapping off the top of the oil pipelines that are below them. Imagine hundreds of deepwater horizon style events across the entire world.

I'm not a fan of that thinking. A military space race will essentially lead to a new cold war. The last one wasn't very fun. Scientific progress doesn't get the praise it deserves when half the world thinks it will lead to their imminent destruction. Hell, Sputnik had kids hiding under school desks when they should have been celebrating a landmark for our species.

I always wondered about this. How do they define outer space? Above N miles? Outside of the Earth's gravitational pull?

Wave motion gun, obviously.

To this day I have the schematic for an apple 1, but I just can't quite bring myself to attempt it. Plus the fact that a lot of the IC's don't exist anymore could lead to some real headaches. Still, I think it would be a good adventure in learning how to fabricate digital equipment.

No, a firewall is an application, a process that brokers all incoming and outgoing communications and maintains a state table of those inbound and outbound connections. The key there is that it maintains a state table. TCPd is a shim process that acts between inetd and the actual application. It is not a firewall. It doesn't drop packets. It doesn't maintain a state table, so it can't, for instance, handle reflexive policies or tell whether or not a dialog has been established. It does handle access control for applications based on IP. However, there's a difference between a firewall saying "you aren't on my allowed hosts list, DROP" and inetd saying "packets accepted, looks like you want to launch application X, tcpd, is that cool? No? ok, sorry, not allowed. SIGTERM." In the end you get similar results, but they're significantly different processes.

That I will certainly give you :) And we do have some workarounds - namely using hosts.allow and hosts.deny. It still functions essentially the same as a firewall, but it doesn't require the additional process that interferes with their software.

I think you should read the oracle documentation I posted pointing out how oracle functions before you make assumptions about what we are doing (http://docs.oracle.com/cd/B28359_01/network.111/b28316/concepts.htm). We aren't using oracle by choice, it is bundled inside a vendor's application and configured as they need it configured. Hardware is based on their specs. Software is configured based on their specs to maintain support. We are blocking the ports at the network level using a firewall. We are also blocking the ports at a local level using hosts.allow and hosts.deny. You don't NEED to use a firewall process to block things. Tcpd reads hosts.allow/hosts.deny every time a connection comes in and determines whether or not a host is allowed, and also what services are allowed from that host.

Right, we'll tell them and get told "hey, thanks, but Deutsch telekom doesn't want to change, so we're not implementing it." We've tried. We aren't their largest customer by a longshot, and so long as they are providing critical infrastructure for several governments, they're going to move to change things at glacial speeds.

Or they are apps that have been around for 20+ years on solaris, predating stuff like SElinux. They've updated somewhat frequently, but a lot of core technology hasn't changed. Also, the move from unix to linux introduces some interesting issues that show linux's relative immaturity in comparison. For example, linux doesn't handle network multihoming very well in comparison. You can only stipulate a single default gateway normally - you have to set up a workaround by adding additional routing tables, bind each to an interface, create rule and route files, etc, which to my knowledge don't play nice with a number of linux security features. IPTables is notorious for having issues with multihomed linux servers. Point is, saying "you aren't using a firewall and that is wrong!" is a blanket statement that has many exceptions for different situations.

Correct - for all of our telephony servers KSH is set to the default (some weird carry over from the way the vendor software reconfigures linux to act more like earlier solaris did). So, whenever users log in, they're using ksh. Usually folks use their own accounts thanks to centralized auth or they get nastygrams.