the problem is that now they can sniff your home network to see what you're doing. They can run a search on your network for any shares/media streams with "pirated" movies/media then start investigating/prosecute you. They could also try to monitor what else you're doing on your network/internet. Before you would hope that the firmware updates wouldn't do that, but if so you could figure out what firmware it was and hold sony responsible. Now they could connect to your ps3 whenever they want and run whatever they want (provided your ps3 is turned on).

On top of that, installing something like this opens a vector for malicious hackers to bypass your firewall/router and have free reign of your home network.

they also only said that mcafee would continue to support amd, not be optimized for it.

i have no idea what point you were trying to make. you can boot os x into run level 3 and do everything from a console if you want. i was just pointing out that of the 3 things he listed 2 of them were the same. I use my OSX macbook almost identically to how I use my linux laptop. I open up firefox, thunderbird and a terminal and I do all of my "computer stuff" through the terminal.

hows the saying go... the friend of my enemy is my friend too?

actually it seems to address that when it states that it can't do stuff without the consumers permission.

OSX is unix with an aqua graphical user interface/theme.

The main reason i see for it is in comparison to most other OSs, everything* can be accessed as a file. This includes most devices and sockets. That has made unix very agile and has allowed it to adapt with the times. The only OS i can think of that goes further than unix in this respect is plan 9, which was also designed by bell labs as the successor to unix. Plan 9 goes as far as allowing peripherals on the network to be accessed as files.

i do agree with you about companies not usually doing an accurate assessment of how much time/money it would cost to fill the gap of a knowledgeable employee leaving but supply and demand has a huge noticeable affect on the IT field. The old developer should have been willing to learn this new technology and hopefully even knew it before the client came asking for it. If the average pay rate is N dollars for someone who knows X technology and the average pay rate N2 for X2 technology is less, then the old developer should have been learning X technology instead of being stagnant. Had this of been the case, the old developer could have got a raise to N dollars and the company could have hired a junior developer that knew X2 technology at a lower rate than N2. Company would have saved money, the old developer would have got a raise and X technology probably would have been developed better.

perhaps if your asshole coworker knew that his coworkers thought he was an asshole he would try not to be? even if he doesn't try to be better what's the worst he's going to do? be an asshole? At some point if he's a big enough asshole he will get fired or at least put in a position where he doesn't interact with his coworkers. The reality of the situation is you're afraid this asshole will not respect you if he knows you think he's an asshole.

As for the "very good, pointed, question" it's really not that good of a question and I wouldn't have answered it either. It is obvious what his answer is to it since he released them. That question is really only valid to find a third parties reaction to what was done and from what I've gathered from wikileaks position is that they believe people need to know this information and they can decide if they need/want it or not.

One thing that no one seems to be paying attention to is that all this information was gathered on an insecure network which could have easily been accessed by any agency who managed to get a VERY low level spy in (or simply breaking into a computer of a low level government employee). Had our government not been doing a HORRIBLE job on network security, these leaks wouldn't have came out and we wouldn't have risked whatever enemies we have being able to access more informative information that isn't being released by wikileaks.

i agree with you about people need to consider watching downloaded tv as tv however I don't think they're quite the same. When you watch cable tv (or OTA broadcasts) 50% of what you watch isn't something you care to watch (commercials filler a 30 minute filler tv show till your next program comes on). With downloaded tv shows you only watch what you want to watch and your (well mine at least) brain stays more alert and doesn't just zone out like a couch potato.

you're confusing the AV market with the security market. the AV market is always behind the new virus'/worms because that's what they do, wait for some virus to come out and once it gets popular create a definition for it. The security industry on the other hand is constantly finding and reporting new vulnerabilities in software. Sure there's still something to be desired with the security vendors but they are definitely stepping up to brawl with state funded players. Well maybe not qualys or rapid 7, they're too busy boasting and lying (respectively) to their customers to bother producing anything useful.

"While Microsoft is chided for creating more insecurity than security, it is worth noting that no organization in the world has spent more on training its staff and developers on security than Microsoft. "

That's not worth noting at all, microsoft has a bigger staff than any software development company in the world. Them spending $10 to train each employee on security would still be more than spending $100,000 to train each employee at a small 9 employee security firm.

if you have physical access to the network you can simply spoof the proxy (or a target on the network). This would be especially easy to do since that proxy is being used to encrypt traffic for the network and would therefor be sending plain text over the network.

I have no idea what you're trying to argue because on one hand you want everything encrypted but on the other hand you have no problem with everything being plain text over the dmz. I also just noticed you said "Using a DMZ is secure, since the unencrypted network is not publicly visible." which is scary.

I'm not about to waste the time pricing out anything because I simply know that 3 servers cost more than 1. You could as you said buy a card which will encrypt the data for you however if you're building a server farm, one of those is going to add on about a 1/3 of the cost of each server (based on the last time i saw the price of one which was probably 5 years ago). Can you even do https over an rsa card? because the whole point here is to make traffic for public websites (and other services) encrypted.

I never said that there's no value in an it department that loses money, I said that there's no value in an it department if it's losing money for the company. That's why companies create budgets for departments, they know that having this department can increase their sales X dollars so the company will be willing to spend X - Y dollars on it.

Finally regarding context, there are much more efficient ways of removing context than trying to encrypt everything. Just because all you have is a hammer doesn't mean everything is a nail.

uhmm actually i work in the security industry and your setup just failed a simple pci audit.

"A diskless, OS-less proxy is virtually impossible to compromise"
If you think this is a valid statement you have no business maintaining any network.

I also have no idea what point you're trying to argue. I simply said that providing encryption for all traffic of a high traffic site isn't practical. If you have a high traffic site, then most of your data sent doesn't need to be secure. Of course there are a few exceptions such as banks, but then they should be used to not being practical and can afford a more expensive set up.
You in turn have argued that you should encrypt all traffic over the internet but its ok to have plain text over your internal network.

The reality of it is that there are budgets that IT departments have to stay within otherwise there's no reason for them to have a site/network/whatever because they'll be losing money on it. Encrypting all your traffic when in reality only 0.001% needs to be encrypted will balloon your costs.