Protecting the children is absolutely a necessary thing to be doing, and I can not agree more with the general sentiment. However I don't see that lack of network access is going to affect the children's ability to traffic in sexting or other similar acts, only cover the ass of staff when it happens on school grounds. They are still able to be prosecuted for negligence without the devices on the network, and I'm sure if we went and looked there would be at least one case where this happens. At least when you put the student owned devices (SOD) on the network they can be monitored. There is plenty of software and hardware available to listen and watch, you can enable client isolation on your AP's and log everything through a local jabber server as a just in case. This doesn't stop something like apple's AirDrop or even point-to-point wifi, so your AP's are set to nuke any rouge AP's around the place, and so on.

There are a lot of SOD's moving into schools and corporations now, many of them are driven from the (probably incorrect) viewpoint of beancounters or upper management. Wrong or otherwise, we need to adapt or die - and if adapting means we have to change our field a bit and stop thinking of how many units are in the empire, instead thinking of how we monitor and control the devices that are out there then that is what needs to happen.

And it's going to cut down on budget as well. A lot of people complain that they need that big a budget. That might have something to do with it.

Domain security isn't always the answer - what it does appear to be is a series of IT people screaming "my kingdom, my kingdom!" especially with the move to student owned devices. Thankfully a lot of technicians are coming around on actually securing their shit rather than hiding it (my personal favourite: Poor home folder permissions because group policy says you can't connect directly to UNC paths or run scripts or open cmd.exe etc.). Missing simple features like transparent proxying over just lopping them off at the firewall is a sign of a technician who is going to be left behind very quickly - especially with the android/iOS revolutions that are streaming through schools at the moment.

In the past I've supplied myself and clients with something simple like a HP 4500. You can get them for ~$80AU depending where you go (sometimes as high as $150 - still nowhere near the 5 digit range). It has, among other things, a decent scanner and an automatic feeder. I suggest the HP, not because I'm affiliated, but because the earlier models cost about the same, and used to survive scanning POD documents in warehousing/ transport offices, so I've always stuck with them.

Real men log in as root and never touch the su commans

I just thought he was quoting the new blue ray "special edition" release. Nooooooooooooooooooooo.

Yes and I frequently do. I find it hard to believe that there is a situation where being able to run 100m in less than 10 seconds is a survival skill. But then I'm an advocate of letting the Olympians use as many drugs as they like to see what the human potential is (and what we can do for our soldiers when we colonize other planets), so maybe I'm not the best person to be actually answering your rhetorical question.

Wasn't that the company pretty recently who said they did this... that they "accidentally" made a web accelerator when they were doing some security work? Has google bought them out or are they ripping them off. Maybe I read it on the sophos naked security feeds, but I can't find it.

I would think the true measure of a foe is how long they can go without you killing them, in which case the current [insert-"terrorist"-here] are pretty damned superior foes. Technology means shit if it's not implemented correctly and with properly trained people - Just because you're rocking around in a marauder doesn't mean a skinny can't come up behind you and crack your head open with a rock.

You get checkpoint FDE for free on Windows?

Ah but that's bullshit in and of itself. You extend the AD schema... ONCE... and you can plug the workgroup manager into it and do apple-equivalent of group policy management on all the machines. The apple kit binds out of the box, and will do authentication, password changes and everything. There are only two points of difficulty that I've seen so far: DFS support is, for lack of a better word, shit. You can get DAVE but fuck that, so you plug the mac's onto the source servers rather than the DFS and it's not that big a deal, just a minor headache if you don't know about it.

The other PITA is auto enrollment for certificates in a 2 factor environment, but even that is pretty easy to get around, a few roll your own scripts and a couple of minor changes and you can programatically create and install the certificate on each machine - as part of the deployment process.

Network deployment tools... what? ARD, DeployStudio, fucking SSH will let you do network deployment. So you can't give your users an SCCM interface - it's only relatively new tech and if you desperately need it, sounds more like you're a shitty admin than against Mac. A decent linux admin should be able to translate their skills straight across with only a minor GUI changeover point, and I know I can Netboot a mac from a BSD server

All in all though, the right tool for the right job, but blatant ignorance of either platform hurts both platforms market share in different places (and lets face it, group policy is loads better than workgroup manager just for the built in defaults).

A lot of low-price packages in regional australia do. Low price here meaning $30/month or so.

It could be useful in conjunction with a more traditional controller. Maybe someone could use an Xbox type controller to navigate the device to a particular area, swapping to body tracking for brief periods to negotiate tricky geometry. Once the tracking becomes advanced enough it might be worth doing.

The last thing I'd want to see is any company, at all, automatically fucking with my MBR just because it doesn't think it matches what they consider a standard MBR. If they can't do that then they can't remove the rest of the infection and the botnet guys can just upload a new one to circumvent the patch.

I say straight out and with a serious look on my face: My rate is $350 AU an hour, and I need the first hour up front. Strangely, some people are actually willing to pay me for that (because they know and trust my work over the faceless muppets at the local "computer" store), so I get paid for it occasionally, or people go the hell away. Win-Win.

Sometimes you don't want to put your fingers anywhere near the site, be it for building security or whatever the reason. The continued proliferation of people who consider that you can just beat someone with a rubber hose for a password, or read it off a post it note so who would bother breaking this algorithm are entirely unhelpful to fostering a secure environment. Just because there are easy methods of physical access, doesn't mean every cracker out there is using them, just like not every cracker out there runs a giant DDoS botnet.

90% of the time I will perform a pentest completely over the wires, just to prove this exact point.

ICANN have been regurgitating this gTLD rubbish for years, trying all different angles to attract interest. So far it has been an epic fail. It must be hard for them to see big companies shelling out measly $30/year for their TLD.