Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment As much as I hate to mention the "O" word ... (Score 1) 87

It wasn't even *close* to cheap (either in implementation or ongoing support) but we added OIM (Oracle Identity Manager) to our existing Oracle suite of products (we have tons of databases, and Oracle owned "Health Sciences" apps, so we were already in bed with the devil to begin with) It uses SOA for workflows and approvals, and we built a series of templates for system access. Employee A starts the company as a Tech Writer? Automatically provision AD, OID, exchange, home directory, 5 shared folders, 3 sharepoint sites, and the QA logging application. (You get the idea) It also has the ability to provide self service, so if the previously mentioned user wants access to the Oracle Health Sciences cluster, he clicks the button next to it on the menu ... and the OHS Admin, and his manager get emails with links to approve. Getting buy in from the business for this kind of spend took almost 2 years, and 9+ months to implement (defining workflow, approvers etc takes waaaay longer then you think it will!) The legal dept is also in love with the idea they can now request access reports for users, which makes the process of external audits go from days or information gathering .... to an automated email. At least for us (medium sized company, ~10,000 employees, currently growing at a rate of 75 a week) this has been a long trip... its not something you can simply bang out over a weekend with a 6 pack of Mtn. Dew and a spare server.

Comment Re:What's the point of the NSA knowing everything? (Score 1) 569

Correct, the first rule of playing Global Thermonuclear War isn't "not playing" (in this case that ship has long ago sailed) its: "not showing your enemies what capabilities you have." That missing Malaysia airlines jet? You know at least 2 countries have realtime satellite data of nearly every square inch of earth, and could have tracked the image of the plane to where it crashed ... but did they? No. That would have displayed what resolution objects could have been identified at. Its fully possible that every Skype call, cell call, and land line ends up as a .wav file on some fansy-pants NSA storage cluster but it will be a cold day in heck before Joe Q Public Cop would have know of its existence, let alone be able to submit a request for use.

Comment Re:Hardware is trusted (Score 2) 83

I would also settle for something that several of my (way old) Compaq servers had ... a second BIOS, SoftPAQ screw up your servers BIOS? Set a jump and boot from the factory fresh second BIOS (then re-flash the primary BIOS with a known good copy.) In modern systems just leave the default BIOS upgradeable (or a least require a PIN to update / trusted CA cert for enterprise deployments) and have a hardware button inside that can write the v1.0 BIOS code over the current chip. In this example the v1.0 BIOS can be hardware read-only (ROM-BIOS) as well.

Comment Re:Hard To Imagine... (Score 5, Insightful) 191

I can picture the situation quite clearly: "I'm very sorry Mr. Surface Pro 5 Owner, but with the current release cycle your hardware will no longer be supported at the end of this year... and we do not offer subscriptions for legacy hardware." At least with Windows XP, Mac OS 10.5.x, etc "sunsetted" OSs can continue to be used (albeit with increased security risk) perpetually. Will Microsoft offer this same policy with 365 users as feature and requirements outstrip aging hardware? I think not.

Comment Next: Firefox Gold (Score 1) 132

Anyone remember Netscape Gold? How long will we have to wait for email client, news reader, and Kitchen Sink(tm) to be bundled back in?

So much for a lightweight browser and codebase (Firefox has already marched past that line in the sand, but this is a monumental increase to the marching speed) Not to mention the potential security implications for managed desktops.

Comment Lots of solutions ... (Score 2) 284

Assuming you have managed switches a simple crontab entry pointing to a shell script can open a connection to the switch an admin down the port that its plugged into. If you want to get really fancy you can have the outbound traffic going via a transparent squid proxy / iptables so you can tell when the port is in use, and keep logs of the connection state.

You can also go with a non-NAT firewall (bridge mode), which will block incoming connections while the device / people on the inside wont know anything is there.

Honestly a timer on an unmanaged switch isn't a bad solution, it takes any technical skill out of the equation, its (assuming the timer doesn't fail) hack proof, and does not require and maintenance / patching to keep secure.

Comment Not the only element running low... (Score 1) 270

It will be interesting to see what happens then the global supply of helium runs out in a few years, apparently we have about 25 to 35 years left.

Its not just used for your kids birthday balloons (in fact that gas is likely second-hand / reused gas in the first place) it used to cool MRI machines.

Time to buy a couple of tankers and invest in a long term profit :)

Comment First impressions (Score 2) 424

Having jumped this morning on the download train, I think I've now got everything back up and running, Parallels v7 required a reinstall (it uses kernel extensions so I'm not surprised that it needed an over-the-top reinstall) The odd one was Firefox not allowing me to download anything (even with a control-click save-as) the solution to that one was to clear my download history (why that fixed it ... I have not idea)

Fink is proving to be a total pain in the ass to get working again, not to mention xcode apparently now requires a developer-enabled apple account to download and install the command line tools via the GUI (you can still download the tools via the developer website)

Ah the fun of running a new .0 release of software on the day it comes out :)

Comment Check with your local power company! (Score 1) 341

As others have mentioned, I would as your local power company, our local provider (Duke Energy) offers something called StrikeStop (http://www.duke-energy.com/strikestop/) which offers whole-house protection (and they install it on the power meter, which is a nice bonus) at ~160$ installed it was a no-brainer decision for me considering it offers insurance along with it.

Comment Re:It's all the customers' fault... (Score 1) 406

Speculating here ... since the only people that can have unlimited are the ones that have been grandfathered into it, and that was over two years ago (I think) my guess is that everyone in that group is now legally in the clear to pack up their stuff and walk to the exit whenever they want to.

Nothing recedes like success. -- Walter Winchell