From: Ross Dmochowski (rossd_at_cns.me.berkeley.edu)
Date: Wed Aug 27 2003 - 12:48:04 PDT
On Tue, 2003-08-26 at 20:52, Craig Lant wrote:
> I'm using a Tablet PC which locks me into XP
> Pro.
http://linux-tablet-pc.dhs.org
If this project was further along when I was shopping a few months ago,
I would've opted for a tablet, instead of my SL-5600.
> you say "Kazaa"? "Rise of Nations"? "Warcraft III"?
> "Deus Ex"? No. I won't be throwing out my Windows OS any time soon...
You use Kazaa, Craig? I really hope you are joking.
I forgot how important these mission critical business applications
were, or how much they add to the prestige of this University. :-)
And, anyway, can you say "WineX" or "VMWare"? ;-)
Though it is perfectly fine for a game platform, never would anyone
recommend running clustered fluid dynamic simulations on Win32.
Nor any serious scientific or computing application, for that matter.
It is specifically because there is a perceived learning curve
differential that needs to be surmounted. The penetration into the home
market suggest that with regard to TCO, there is less user education
required to when you use Windows.
But to use it, or use it well? hmmmm.
Successes like the K-12LTSP (http://www.k12ltsp.org) show that
if children can learn to use it, I think adults in college
can also learn it easily enough as well.
It is this very "no user education required!" issue that
is part of the problem.
The vast majority of machines compromised in my department
were "administered" by graduate students who were conscripted
into the position. Meaning, while these students are trying to
pass their pre-lim's, quals, etc, and running other sundry
projects for their advisors, doing their research , et alii,
they are expected to spend the time to keep their machines
and knowledge of system administration current.
> We just need to keep those infernal boxes PATCHED!
> Craig
<soapbox>
Please do not take this the wrong way, Craig, but this is easy to say
from the ivory tower you live in. :-)
Windows patch management is a black art, when you talk about
an environment like mine, with Win98/NT/2000/XP mixed, with
tenuous and varying levels of administrative control.
And issues like the fact that SP4 breaks all our AutoDesk software
means just setting Windows machines to auto-update has actually created
just as many service calls as the machines being compromised!
There are ALWAYS going to be unpatched machines that will be
subject to exploitation, from visiting scholars to graduate students
in the research labs. And here in Etcheverry, we have a number of IP
Theives that we really do not who they are, or where in the building
they are, so we can't even tell them the problem, despite the fact they
bring the subnet to a crawl due to ICMP/et alii from their compromised
machines.
(this is really as much of a problem with the fact that Etcheverry has
one of the worst topologies on campus, but far from being an exception,
I think a great many departments are in the same boat... We just
feel the pain here more acutely...)
To think that the systems people in some departments have even
nominal authority over all the machines in their subnets is
far from reality. The vast majority of machines that connect to
the subnets in Etcheverry are NOT managed.
The first line of defense is at the border. Then it is the network
itself.
It should not be left to the last line of defense (the host itself)
before anything is done about the problem.
</soapbox>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Wed Aug 27 2003 - 13:08:47 PDT