Me as well. I just got a "new" laptop, a Latitude e6510, from the Dell Outlet. It has a 15" 1920x1080 screen and I'm very happy indeed. I would have bought a new e6520, but some idiot at Dell decided people want 15" laptops with a numeric keypad, which made it nearly two inches wider than the e6510 with the same screen size.

I think this system would be much more suited to developers than the XPS 13 - it's very rugged and not very heavy, not all THAT much bigger than the XPS, and has a modular bay that you can put a second hard drive in if you want.

Battery life is somewhat of a con, though - mine has a quad-core i7 and gets maybe 2.5 hours running Ubuntu 12.04 with the standard six-cell battery. But I run on power 95% of the time and it's a small price to pay for all this power, the thing is a speed demon to me after using my XPS M1330 for four years.

Why not? I do it all the time. Reading the Steve Jobs biography now. Aldiko rocks, and I always have my phone with me. In my pocket. And everyone thinks I'm checking email when I'm really reading a book.

I have employees who are allowed to come in to the VPN with their home (non-corporate-managed) machines, and no restrictions on their network traffic. I'm working on changing that but it hasn't happened as yet. Additionally, I have way too much experience with malware running on Windows machines while their installed antivirus software is happily telling anyone who asks there's nothing wrong at all.

You need to stop thinking about internal risks in terms of deliberate actions by malicious employees (which is still a risk) and start thinking more in terms of the malware they're almost inevitably running and what actions it can take without their knowledge. This is a highly wormable exploit - think SQL Slammer. I would suggest you consider your soft center as well as your hard crunchy outside for this one.

Why doesn't it follow? This has been a risk since day one of Microsoft's advance notification program.

In this article, Luigi Auriemma, the guy who discovered the flaw and reported it to Microsoft, explains the changes he made to the packet and the fact that the same packet was in the released exploit code.

Wow. Shill much?

First of all, your ever-so-awesome RDP changes that started with Vista don't seem to have helped a ton here, unless you took the non-default step of turning on NLA which breaks accessing the server from XP clients that haven't had an upgrade to the RDP client.

Secondly, given the choice between opening RDP to a Windows box or SSH to a Linux box, I'll place my bets on SSH any day of the week. OpenSSH was designed from the start to be a highly-secure protocol. It has, of course, had to evolve over the years to stay ahead of threats just as RDP has. But looking at the history of RDP and the changes that MS has had to make to the protocol, I think it's pretty clear at this point that "giving the user a remote graphical interface" was quite a bit higher of a priority than security from the beginning.

Encryption != security. Thanks for proving my earlier point about people often making that mistake.

Well, for starters, because Web servers don't run as SYSTEM for quite some time now.

And in any case, opening up port 80 from the Internet to an internal server, rather than one on a DMZ designed to do nothing but host Web content is just as insanely stupid. Same goes for port 443, even though I've lost count of the number of times people have told me 443 is okay "because it's secure!".

Because this one is bigger than usual - I know of quite a few small companies that use RDP as a "poor man's VPN" and open it from their internal server(s) directly to the Internet. Insanely stupid and I've never allowed any SMBs that I've set up to do it, but it definitely happens quite a bit.

Interestingly, scanning for 3389 over the Internet has been quite prevalent for quite awhile. I'm sure there are many, many bad guys out there with big lists of system IP addresses all set to go once this (inevitably) turns into a remote code exploit rather than just a DoS.

Yes. The guy who discovered it reported it to both the TippingPoint Zero Day Initiative and to Microsoft, and sent them the packet that triggers the exploit. That exact same packet showed up in this exploit, meaning somebody either at ZDI or Microsoft or part of the MAPP program leaked it.

So much for responsible disclosure! Although as soon as I saw that TippingPoint had released a signature for this on Tuesday, I figured that would be enough information for people to figure out what was up. Leaking the exact packet made things even easier and quicker, though.

Gee, I do so love it when I get three days to deploy a critical patch throughout my entire production environment. That makes for some wonderful conversations with the admin staff, let me tell you!

Read books on your phone, as I do with Aldiko on my Android phone, and there's nothing to sneak.

I'm thinking Ubuntu for Android would be pretty darn perfect for this. Run ICS on it when it's a phone or a tablet, and run full-on Ubuntu, with access to the Android files, when it's a laptop. Geek nirvana, if you ask me!