rm-rf's comments

The whois for the domain is accurate.

And just for kicks, they accidentally open up your files to anyone who knows your e-mail address.

And -

To (hopefully) install a shim that lets them install software that lets their help desk help their customer more effectively. If I were trying to support millions of 'ordinary users' and had them calling me every time anything didn't work the way they expected, I'd want something on their desktop that let me help them (a gotomypc type of agent, for example).

Or - as I picked up from some long forgotten blog post:

If you need Oracle, you'll know it. If you don't know that you need Oracle, you don't need Oracle.

I run MySQL, Oracle SQL Server, hundreds of databases, a couple in the 'many thousands of queries per second' range.

There are reasons for each database platform.

Presumably they have. But given the number of times Safari has been remotely exploitable in the past, that's not necessarily reassuring.

How is this different than Adobe Reader, where the ability to execute code within a document reading application has resulted in world wide exploits of operating systems?

If my document reader can execute any code in any language, then any document that I read has the potential to execute malicious code on my computer, and I now have an exploit vector that I need to consider when downloading documents & opening e-mail attachments.

I understand that the code can be sandboxed, but before I implicitly trust the sandboxing technology, I'd have to see an example of an unexploitable sandbox. I don't know of any - but that doesn't mean they don't exist.

So my ebooks can now contain executable root kits.

Cool.

Agreed - I certainly don't see anything that I'd call 'innovation', and there is nothing on any open source desktop that would send me off to my friends and relatives houses to switch them from OS X or Windows.

How does a retailer using Square manage PCI compliance?

Are retailers using Square automatically non-compliant? My understanding is that PCI Council has not approved mobile applications under PA-DSS, and merchants who accept card using software that is not PA-DSS are automatically non compliant on PCI-DSS.

"* Change the SSH port"

"Why are you doing this? What will you achieve by it?"

Changing the port does not improve security. It does, however:

- dramatically reduce the noise associated with the fleet of password guessing bots that hit open SSH server daily.

- make it reasonable to assume that a password guess attempt is specifically targeting your serve, and therefor consideration for escalation and follow up.

Signal to noise ratio. Less noise make it possible to discover the signal.

"Are they also counting the extra downtime"

With Windows 7, there should be no more (or less) downtime than any other operating system.

"anti-malware packages and so on?"

Anti-virus for a large enterprise can be as cheap as $1/desktop/year.

Automated enterprise patch management is expensive, but when added to MS licensing, you still should be under $100/person/year.

Keep in mind that if you put an OS X or Linux desktop on my enterprise network, I will make you install some form of enterprise grade automated patch management on your desktop. I.E - not only do I need you to have automated patch management, I need to know that you are patched, when you last patched, what you patched, etc; which implies an enterprise class solution.

"in order to Sharepoint be as cost-effective"

I'm curious, do you have any reasonably objective data to back up that statement?

I ran enterprise class document management and collaboration with FOSS tools. At $10/person/year, SharePoint is a steal.

"Mainly because the enterprise is guaranteed to buy at least a few hundred copies."

Or a few thousand, or a few hundred thousand.

One factor likely at play here is the low cost of licensing MS products under the enterprise/volume licensing agreements. Where I'm at it's costing well under $100/person/year to license Windows, Office, Exchange, SharePoint and a few other odds & ends. IIRC, for just under $50/person/year, we get Windows & the basic Office suite, add another $10/person/year to get client access licenses for Exchange & SharePoint; add another $10 for Visio, Project...

It's hard to carry the FOSS banner at that price.

I've seen single line changes cause data loss, corruption, system outages, remote root exploits...

I'm not sure that the number of lines makes the change more or less risky.

I wouldn't. Replication yes. A logical backup? no.

Good paper.

I've been using hybrid hardware/software load balancers since 2004, and over time I came to different conclusions than the author on load balancing algorithms, SSL offload, layer 3/4 vs. layer 7 load balancing, relative performance of SSL on load balancers, etc.

I also place a high value on proxy-capable load balancers for use as a 'control plain' for all ingress into the data centers. I.E. - All Internet accessible content is served by URL filtering, proxy-type, SSL capable load balancers, even if the availability requirements do not warrant redundant web/app servers. This allows us to control access to the application by URL and host header, to filter content as needed, to view and manage the status of all services at a single location, to manage all SSL certs in a single location, to automatically re-direct users to a fail whale when the app is down, etc.

The argument against 'doing it all' with the load balancers generally boils down to performance. My counter to that is my circa 2004 Netscalers have no problems doing 1800 requests/second, all SSL, all proxied, and all content switched/content filtered.

Because of it's market share? Perhaps.

I haven't seen any evidence of that. Do you have some data that you can share?

One thing that I have noticed is that Mozilla tends to push Firefox fixes out as soon as they are ready, rather than waiting for a monthly patch cycle. For a home user, that's probably good (but annoying). For a corporation, it's royal pain.

And install all it's vulnerabilities on your Mac?

And then Firefox will announce a zero-day. What will you have gained?