Correct me if I'm wrong, but PCI compliance doesn't necessarily require a firewall between each system that takes credit cards. It just requires a firewall to protect all the systems that take credit cards. If you have a few POS systems and a SQL server that access credit card info, you don't need a software firewall on each of those systems. You could set up one hardware firewall that protects all of those systems from Internet traffic (and other LAN traffic, if needed).
It depends on what you're talking about, and where. A firewall between the LAN and the Internet, yes. Generally speaking, put it up, and then figure out what needs to be opened.
Beyond that, it starts to get a bit more foggy. Security is often a trade-off between making access too easy for attackers vs. making access to hard for authorized personnel. It's not uncommon for security software to do more harm than good, blocking things that shouldn't be blocked, breaking the networking stack in weird ways. When it comes to software antivirus and firewalls, my view is that you should use the more lightweight, least intrusive solution that meets your needs.
I'm not sure, but it seems to me that the original poster is asking about the built-in Windows firewall. Should that be enabled on all machines?
Honestly, determining whether you need a firewall isn't as simple as "yes, always, all the time" or "no you don't need one." You have to know what the firewall is doing, and what security is required. You can set up a firewall, allow all ports to be forwarded through without inspection, and while you have a firewall, it's not helping you. Or you could have a server running a secure OS with only the vital ports opened, without access to anything other than the Internet, in which case a firewall probably isn't doing you a lot of good.
Also, it seems you're talking about a software firewall installed on the server? I wouldn't trust it. If I'm running Internet accessible servers, I generally want separate hardware firewall, and I want to put those servers into a separate DMZ if I can. I might leave the built-in Windows firewall turned on if it's not causing any problems, but if I have to disable it, I don't worry too much about it because I have the hardware firewall.
A properly secured Linux/Unix server should be able to sit directly on the Internet without issues, but you may as well put it behind the hardware firewall if you have the option.
But are we talking about disabling the built-in software firewall on a machine that's only accessible by other computers on the LAN? That's probably fine. You should have some security preventing unauthorized personnel from accessing the LAN, and I would assume the SQL databse it password protected, right?
I guess my bottom line here is this: Since you can't trust a the built-in Windows firewall to actually protect from very much, you shouldn't worry too much about disabling it. Make sure your network is secure without it.
The sad thing is that the volume of calls is so heavily weighted towards people that refuse to do anything whatsoever on their own before calling and demanding someone else fix it that clued-in customers with real problems are just lost in the noise from their perspective.
Ok, I was giving you the benefit of the doubt, but it seems your argument boils down to "It's useless because I say it's useless. Nevermind that you earlier pointed out that it could be useful, because I decided that it's useless."
Glad we got that sorted out.
It also adds more lines of code that need to be carefully analyzed, audited, and constantly re-audited for exploitable bugs to the codebase.
Web browsers are the main point of vulnerability, they have an absolutely horrible track record for anything related to security. There are several relatively good
You are entitled to your point of view. I personally do not agree.
I like to expose myself to advertising. By seeing what is currently being pushed I know which products to avoid, which is a big time-saver. And the notion that some small payment comes to a website as a result of giving me this information is 100% ok with me.
A "combined score" for speed and ratio is useless, as that relation is not linear.
It seems now that it's not about the relation being linear, but about something else that you won't say. I'm afraid I'm not closer to understanding.
Decompression time is always real time? So it doesn't matter what computer, what processor, the size of the file, the complexity of the file, or even what kind of file it is? Or do you mean that it needs to be able to be done in real-time (or faster) for some particular use a a particular kind of file on a particular platform that you have in mind?
What constant bombing? Hamas has honored truces and cease-fires in the past, it's the IDF that keeps breaking them. How do you think the Palestinians should respond to Israel periodically 'mowing' their families down 'like grass?'
Ultimately you simply cannot keep a nation captive forever, nor can you exterminate them, and Israelis of all people should realize that.
Ok, so let's start from where you're wrong that "What's important is to save space when broadcasting the content." There are other important things.
Next, what would you like to do then? Change this benchmark to measure decompression speed rather than compression speed? Sure, fine. Let's do that.
Without more details it's hard to say, but it sounds like the ad network should file a complaint with the UK and get these overenthusiastic corporate cops charged.
There's a battle to love - ad networks versus the 'city of london.' May they fight forever and leave the rest of us in peace.
I find it surprising and almost funny how much ire this has drawn from people with some kind of weird "purist" attitude about the whole thing.
It doesn't seem "generally useless" to me, but it would be more appropriate to say that it's "useful only in general cases". I would say that in most circumstances, I'd want compression algorithms that balance speed and compression. I often don't zip my files to maximum compression, for example, because I don't want to sit around waiting for a long time in order to save a very small amount of space. I also don't zip without compression, because speed is not that *that* important. I look for compression that's balanced. "Compress it as much as you can without making me sit around and wait for it."
Similarly, if I were ripping CDs to MP3, and you offered me a different format that would save me 1MB per song, I'd jump on board. If you told me that it would save me that space by requiring 1 hour to compress, and then another hour to decompress before I could play it, I'd tell you to fuck off. If you told me it would drain my battery life on my phone to play it, I'd say it's not worth the trouble.
So I don't know if this is the right metric or the most useful metric, but certainly there could be a metric for compression that deals with "total space savings" vs. "time and complexity in compressing and decompressing". Such a metric could actually be a solid indicator of which compression is useful in a vague general sense.
How much time it takes to compress is irrelevant, even if you get diminishing returns the longer you take. What's important is to save space when broadcasting the content.
Well, and also that it can be decompressed quickly and with little processing power, or else with enough hardware support that it doesn't matter. Otherwise, it'd take a long time to access and drain power on mobile devices.