Re: sub $500-750 CPE firewall for voip-centric application

[amuse]

What PFSense currently lacks in brand name recognition, they can make up
with by the fact that they offer paid support at very affordable levels.

I'd go with https://store.pfsense.org/SG-2440/ ($499 each) and a quote for
professional services  (
https://store.pfsense.org/Professional-Services.aspx ) to back that up.

On Thu, May 5, 2016 at 10:53 AM, Ken Chase  wrote:

> Looking around at different SMB firewalls to standardize on so we can start
> training up our level 2/3 techs instead of dealing with a mess of
> different vendors
> at cust premises.
>
> I've run into a few firewalls that were not sip or 323 friendly however,
> wondering
> what your experiences are. Need something cheap enough (certainly <$1k,
> <$500-750 better)
> that we are comfortable telling endpoints to toss current gear/buy
> additional gear.
>
> Basic firewalling of course is covered, but also need port range forwarding
> (not available until later ASA versions for eg was an issue), QoS
> (port/flow
> based as well as possibly actually talking some real QoS protocols) and VPN
> capabilities (not sure if many do without #seats licensing schemes which
> get
> irritating to clients).
>
> We'd like a bit of diagnostic capability (say tcpdump or the like, via
> shell
> preferred) - I realize a PFsense unit would be great, but might not have
> enough brand name recognition to make the master client happy plopping
> down as
> a CPE at end client sites. (I know, "there's only one brand, Cisco."
> ASA5506x is a
> bit $$ and licensing acrobatics get irritating for end customers.)
>
> /kc
> --
> Ken Chase - Guelph Canada
>

Re: sub $500-750 CPE firewall for voip-centric application

[amuse]

+1 to a "Can you substantiate that claim please?" sentiment here.  I've
used it for years and found it to be reliable, flexible, feature-filled.
And having the BSD CLI fully available has been a godsend.

On Fri, May 6, 2016 at 12:01 AM, Mark Tinka  wrote:

>
>
> On 6/May/16 02:18, g...@1337.io wrote:
>
> > If you are considering pfSense, I would urge you to look at OPNsense
> > instead. The pfSense code is horrible!
>
> Can you explain?
>
> We've been reasonably happy with it, running it since 2012 on dozens of
> boxes for our corporate network and as OpenVPN servers.
>
> Mark.
>

Re: sub $500-750 CPE firewall for voip-centric application

[amuse]

One question I have is:  Is there any reason to believe that the source
code for Sonicwall, Cisco, etc are any better than the PFSense code?  Or
are we just able to see the PFSense code and make unfounded assumptions
that the commercial code is in better shape?

On Fri, May 6, 2016 at 9:39 AM, Mel Beckman  wrote:

> I, too, was not impressed with PFSense’s code. I’ve had to dig into it a
> couple of times to troubleshoot weird failure modes. I finally gave up. My
> time is too valuable, and the price of modern firewalls is fair for the
> value you get in serious regression testing and support.
>
> Also, I would not characterize PFSense as “reliable”. My PFsense boxes
> still require periodic reboots due to memory leaks, and sometimes just lock
> up. Yes, that happens with commercial boxen, but those events are far more
> rare.
>
>  -mel
>
>
> > On May 6, 2016, at 9:24 AM, Nick Hilliard  wrote:
> >
> > amuse wrote:
> >> +1 to a "Can you substantiate that claim please?" sentiment here.  I've
> >> used it for years and found it to be reliable, flexible, feature-filled.
> >> And having the BSD CLI fully available has been a godsend.
> >
> > The code quality is terrible in a 1990s sort of way.  I.e. no separation
> > of code, html, logic, data structure or anything else.  Everything is
> > jumbled in together using coding methodologies which don't scale and
> > which make it almost impossible to audit in a meaningful way.
> >
> > Specific problems:
> >
> > 1. the installation image ships with static dh params files, e.g.
> >
> >>
> https://github.com/pfsense/pfsense/blob/master/src/etc/dh-parameters.1024
> >
> > This is a really bad idea and someone should issue a CVE for it.  The
> > reasons are clearly explained at:
> >
> >> https://weakdh.org/
> >
> >> https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html
> >
> > 2. http params validation: a cursory glance at the output of "grep -r
> > _GET pfsense/src" show that the authors did not use any http parameters
> > validation.  In addition, the output of $_GET is used unsafely in
> > multiple locations.
> >
> > 3. the output of "grep -wr exec pfsense/src | grep 'rm -rf'" shows what
> > looks like exploitable problems due to poor shell escaping.
> >
> > This isn't an audit or anything, btw.  It's the result of a couple of
> > minutes glancing over the code.  I'm sure an audit would produce a lot
> more.
> >
> > Nick
>
>

Re: sub $500-750 CPE firewall for voip-centric application

[amuse]

Don't forget ponying up the fees and charges for paying the auditors -
which is why most OSS projects don't end up going through them.

On Fri, May 6, 2016 at 11:41 AM, Keith Stokes  wrote:

> I've been told by various PCI auditors that a noncommercial/FOSS firewall
> could pass as long as you have implemented the necessary controls such as
> encryption/logging/management and passing actual testing.
>
> --
>
> Keith Stokes
>
> > On May 6, 2016, at 1:31 PM, Mel Beckman  wrote:
> >
> > The question of code quality is always a difficult one, since in FOSS
> it’s public and often found lacking, but in private source you may never
> know. In these cases I rely on the vendor’s public statements about their
> development processes and certifications (e.g., ICSA). Commercial products
> often disclose their development processes and even run in-house security
> threat research groups that publish to the community.
> >
> > There are also outside certifications. For example, www.icsalabs.com<
> http://www.icsalabs.com> lists certifications by vendor for those that
> have passed their test regimen, and both Dell SonicWall and Fortinet
> Fortigate are shown to be current. PFSense isn’t listed, and although it is
> theoretically vetted by many users, there is no guarantee of recency or
> thoroughness of the test regimen.
> >
> > This brings up the question of whether PFSense can meet regulatory
> requirements such as PCI, HIPAA, GLBA and SOX. While these regulatory
> organizations don’t require specific overall firewall certifications, they
> do require various specific standards, such as encryption strength,
> logging, VPN timeouts, etc. I don’t know if PFsense meets these
> requirements, as they don’t say so on their site. Companies like Dell
> publish white papers on their compliance with each regulatory organization.
> >
> > -mel
> >
> >
> > On May 6, 2016, at 11:05 AM, Aris Lambrianidis  <mailto:effulge...@gmail.com>> wrote:
> >
> > amuse wrote:
> > One question I have is:  Is there any reason to believe that the source
> > code for Sonicwall, Cisco, etc are any better than the PFSense code?  Or
> > are we just able to see the PFSense code and make unfounded assumptions
> > that the commercial code is in better shape?
> > Perhaps not. In fact, probably not, judging by the apparent lack of
> > audit processes for say,
> > OpenSSL libraries re-used in commercial products.
> >
> > It still doesn't detract from the value  of what people are aware of, in
> > this case,
> > pfSense code quality.
> >
> > Aris
> >
>

Re: students questions

[amuse]

You can use Google Domains to register a domain and then use that as your
email within GMail.

https://support.google.com/domains/answer/3251241?hl=en

On Mon, Jul 25, 2016 at 9:11 AM, sam  wrote:

> Hello if this is not appropriate for this list please excuse me and
> disregard this email. I thought of no better place than this place however
> if there is a better place for this email please advise and I will direct
> the email and the student to the questions.
>
> I received an email form a student this morning asking the following
> questions.
> 1.  Are there any email providers that market to professional but offer
> a student rate or are of good quality but inexpensive etc..
>
> 2.  I have looked at the Microsoft exchange server in the cloud while
> it
> looks promising it does not seems to fit my cost ratio
>
> 3.  I would mainly like to be able to have a professional email address
> so when I apply for jobs and other business of that sort I can be seen as a
> professional and to gather my email from various sources i.e. Gmail,
> Hotmail
> etc. and to present a more professional appearance to my work and school
> work etc..
>
>
>
> I responded that he should look at google apps, however his questions got
> me
> thinking and I google around for an answer to give him, however I am not as
> well versed as I should be in the cloud besides for backup service and
> active directory management. I would like to know if you guys have any
> places I own give the student.
>
>
> Thanks
> Samual
> Office of technology education
>
> Please excuse grammar and spelling errors as this was typed on a
> smartphone.
>
>
>
> -BEGIN PGP MESSAGE-
> Version: GnuPG v2
>
> owFdVAtsFEUYbqkQvPQoGgpUHo5FzEHKUcqr2FCoILY8pFCQR1Jlbnf2brndnXVm
> t9fjFSOCFtBUimjBNtJCI5AIFOQhFbSgxAgURQIo8rKIaUTTVBERxH9274rlcpfb
> 2fn/b77/+79/yr1JCV0TScLQ81mX05oSv24JJMxZP+ZGPtE0ilQFWSGVI/ga1ELY
> NBk1mYotghTK3D1N5RYyNYI5QaRUsuFPJwgbMpJVzkgQM9kNJDpWNT8qgBW1gyEL
> UQVQUYBYFmGAgCUCW9hwo911iEZICew6RAgjggnumNJOxMGPM8FyicpdGgUoomoa
> sGFEsgRMLFLsiRW3bJkYsEOd5cs24ZZKDe73egoQ5BC1hMgQHUuD83Tg0J4ljtYp
> M1QjiDAPiz8Bo1AQMCJW9wGR1zPMj5xPHiOxirARjVNntESVCeNCBgvpmIWJQws2
> FMI5YGANBWyhnAL13yfBREdABwx4oGqQUhmOxZpqRZ141SClJjE4VIKIJfmvvlLn
> 9WTFqBSgEIb3GqVhUacr0TRVYpRTxRI9haYEQSfCnFYYToCkUVtGkZCqQVMsJ5sL
> orrKRdHwSqbEtQ0nROeiDgXe6lEkUe5QVikIMrydRYTamgxVq4YWBVeFiUgJgEAB
> zXl0WOKOYsQ6KcsMXiFOgRAxAAucCiDCGgtpgDutpkJuUAPoiViquCpzyixIkKC/
> AVEjpGP+4DGOVSgKYgdDjzdMgXJRCWYqtcXhNpOgYtVP/Og5sZ+B8qnlBArN4yAm
> UBU9w8I15IFzTJNghg3JKRjOiVAWdhK5FKJUc9cCDcyJkPsTJuUmNWQiuyUJT4cc
> MUVXREfBEEEQEeB5RvtMCeO2exNCLDG3Vuizo6rhuNidnXgqozashaKgFDZ4BBCE
> JMJSIVW/Dwvi6+5twVEEbhEEL7kwFoetGC9QuoONAoSD8bkDH8BS2DYdt6mSO8FY
> ssQx7gRTFgWTGDhIdJDR326cuGPCBo2I+yJKbRS0ozzmG5gy574QLGjEcIn/b/z9
> MTVngdnByV5PEdZhguBhuqIIIsIwRAoZVKNBMIBsS8LBRiytsMMFGGRYh/F1O2eC
> CEJPwhiF2cbcvTMi4iFqgjIAAqMM8ZYZogZxmJR16vtQQmLXhC6dO4nrOMHzcPf4
> HX1lZMrtpMXDM+ftvL7Oc7V7y5oF/sNjKk+l7Mr9nQQWdvlW2pmknlp+7vGc5rsZ
> plKfdP3MrDtZ4S8b7/0yUL634+OKtwu9F36aNzmw+c3GwP59Y+f6sof+NWtagnW6
> fvvKaxNHlc2+lH/+yfU/D/lg8Onvvqqvz1g9s7ri2dTK6ak1ZxsSq349M6P12PSj
> Ff7RV7In59+yW58YtfiN6hHW9/4iVsX63t1mp51U01O+aPCkKgPeinqtCbt6k9oP
> UZ8B/RXfp59sKn5q0I4Zrd0KG7VFM7f3qBh7zB52ee+2C1OSD2x5/XgZe/Usa/ot
> reGdjNGh4p2Dt/zQduxE9b8NzX2Ti1bU7Njwnpl2boRP2tP0uS/vwv6LgTGD0s+Y
> f+fW6X/glpu9D437qLJ1LV7X3OtmwchFvjvrtFUvZC1flpgdJs3+rav6VfXvZmS3
> bFx6Ut2aeevA8dZ/LvqkouKNNT2u8aljlz82aUVb79bnB/65enxyy5L9RnmS52DO
> o20r26bOn1t46GDpKPvI3vpb41bMTrd6NY+P1r2WenjRxEsvLqC1czOz5uyaXz0n
> r8f5JRs2bV3ax/dS3chlJ2xf9e5Ma3TnnH63NynXOl2sThzx7pArFXTg7mGD/Pt6
> BtdWPpNXUj6pLP3p67Wh9xP31BypOlc8M6u0TfXmTkuxa298M6E0+Ui/NRWb0xt7
> 7mnKrWPlRWkHShf/+EjOlP8A
> =cNlY
> -END PGP MESSAGE-
>
>

Re: Suggestions for a more privacy conscious email provider

[amuse]

You can cut down significantly on SPAM by simply dropping any email with a
gtld which didn't exist prior to 2001. Give it a try!

On Dec 4, 2017 22:57, "Stephen Satchell"  wrote:

> On 12/04/2017 06:47 PM, Lyndon Nerenberg wrote:
>
>> Last week we found out that Helpscout sends email from AWS servers.
>>
>> Thank you, Helpscout, for forcing me to lift the AWS blocks on my
>> incoming MTAs, that were cutting down my incoming spam scanning load by a
>> factor of two.  At least.
>>
>
> If I may make a suggestion:  rate-limit incoming connections from AWS,
> with a pinhole for Helpscout.  Spammers try only one if they are doing
> direct SMTP; legit mail servers will retry failed transmissions.
>
> I used to do this with Postfix at the edge of a Web host network.
>
> (Yes, yes, I know that compromised PHP scripts will inject mail into a
> real mail server, so rate-limiting only spreads out the pain.)
>

Re: Suggestions for a more privacy conscious email provider

[amuse]

I run my own mailserver...


​

On Mon, Dec 4, 2017 at 3:00 PM, Grant Taylor via NANOG 
wrote:

> On 12/04/2017 03:47 PM, Brad Knowles wrote:
>
>> The concept is sound, but attempting to use your $5 VPS as your outbound
>> mail relay is only going to end in pain and tears -- your VPS cannot have
>> or build a good enough reputation to get reliable delivery to the big mail
>> providers.  You need to use an outbound mail relay that already has a good
>> reputation, and that works hard to continue to maintain that reputation.
>>
>
> My experience shows otherwise.
>
> I've been using a VPS as my primary mail server for > 2 years and have
> only been black listed once.  Even that was a 12 hour automated listing
> because I sent one message to an address I had not used in 7 years, which
> had since been converted into a spam trap.
>
> I've also known others that use VPSs for this exact thing with
> considerable success.
>
> As for handling your inbound mail, use something like imapsync and then
>> effectively treat your IMAP provider as a POP3 provider instead, and
>> download/delete the messages from their system as soon as they have been
>> copied to your local system.
>>
>
> Why?  Having a different provider handle inbound will require them
> supporting your domain(s).  Why not handle inbound email directly?
>
> The bad guys could tap into the stream of mail that flows through that
>> system, but they wouldn't be able to get into your archive of old mail
>> without breaking into the box sitting in your house.
>>
>
> S/MIME / PGP  }:-)
>
>
>
>
> --
> Grant. . . .
> unix || die
>
>

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

[amuse]

Back in the day, only Ph.D's used the internet, so they were the sysadmins.

These days, I recommend that system administration be only allowed for
card-holding responsible people who have proven their technical abilities.
Then, when you get awarded your Ph.D, they can take your sysadmin card back.

On Tue, Dec 5, 2017 at 8:33 AM, Leo Bicknell  wrote:

> In a message written on Tue, Dec 05, 2017 at 06:49:43AM -0800, Stephen
> Satchell wrote:
> > The NSF in particular ran the 'Net like bouncers do in a strip club:
> > you break the rules, you go.  No argument.
>
> I'm not sure I've ever seen a more inaccurate description of the NSF.
> What in the world are you talking about?
>
> > The original trust model for the Internet was based on this unrelenting
> > oversight.  You didn't expect Bad Things(tm) because the consequences of
> > doing them was so severe:  banishment and exile.  Also, the technical
> > ability required to do Bad Things(tm) wasn't easily won.  Accessing the
> > 'Net was a PRIVILEGE, not a right.  Abuse at your own peril.
>
> Oh wait, you took the BS to a new level.
>
> There was no banishment and exile.  This was before we knew of buffer
> overflows, spoofing, and so on.  I remember the weekly sendmail buffer
> overrun bugs, the finger back bombs, the rlogin spoofing attacks.
> Turns out bored college students were very good at creating mischeff.
>
> There was no banishment.  There were plenty of bad things.
>
> > Ok, I'll shut up now.
>
> Good plan.
>
> --
> Leo Bicknell - bickn...@ufp.org
> PGP keys at http://www.ufp.org/~bicknell/
>

Re: [OPINION] Best place in the US for NetAdmins

[AMuse]

Don't forget that, while Virginia has MAE-EAST, the Bay area was the 
sister location: MAE-WEST.  MAE WEST now sits on the property of the 
NASA Ames Research Center, another excellent local employer and center 
for high-tech research and development.  They do ultra-high-speed 
networking research in particular, and have lots of interconnects down 
south to JPL and other universities and centers.



On 7/26/14, 10:13 AM, Owen DeLong wrote:

Personally, I think the SF bay area has you beat.

Bill, on your list of not so wonderful things in DC, you left off:

Weather
In the sumer, the DC area is, well, what you’d expect from a 
hot, humid, fetid swamp.
In the winter, you can make ice cream outside without rock salt 
(though there’s plenty of
salt available on the roads).
The spring and fall aren’t bad (for about 2 weeks each). 
Otherwise, the weather is not
at all wonderful in that area.

SF has a very wide variety of cultural exhibitions, activities, and 
institutions. We also have nearly as wide a variety of ethnic cuisine as you 
can find in New York (wider than DC/NoVA from what I’ve seen, actually). We 
also have a major concentration of technology and internet-oriented startups, 
including such iconic names as Google, Facebook, Adobe, Dropbox, Netflix, 
Apple, Fry’s Electronics, and more. We’re the only region to have three 
TechShops in addition to a number of other makerspaces and hackerspaces, 
including the original Noise Bridge SF (to the best of my knowledge, the first 
public maker/hacker space in the US, having opened its doors in 2008 (or 
possibly earlier), patterned after such spaces in Europe.

The bay area has great cultural diversity, lots of fun things to do, and is 
within a relatively short drive of mountains, desert, ocean (beaches and cliffs 
available), awesome SCUBA diving, great downhill and XC skiing, hang gliding, 
sailing, and more. There’s a strong and active General Aviation community and 
lots of places to rent airplanes and helicopters.

Contrary to Bill’s claims, we have nearly as many data centers housing lots of 
interconnect, content providers, etc. out here, too. We’re also a primary 
gateway to Asia and the Pacific as well as Australia.

Our weather is pretty much temperate year round.

Owen


On Jul 25, 2014, at 2:31 PM, William Herrin  wrote:


On Tue, Jul 22, 2014 at 7:20 PM, Nolan Rollo  wrote:

I've been trying to decide for a while what makes a good
home for a Network Admin... access to physical, reliable
upstream routes? good selection of local taverns? What, in
your opinion, makes a good location for a Network Admin
and where in the US would you find that?

Hi Nolan,

Back in the days of lore when the Internet ran over telephone lines
instead of the other way around, the most substantial long haul
communications hub in the country was Northern Virginia's Dulles
Corridor. More than any other area, leased lines to and from anywhere
transited northern VA because that's how the long distance telephone
infrastructure was built. Move the call here, switch it, move it back
out. This made it the cheapest place to hub your Internet backbone.
Indeed, the first large Internet Exchange Point, MAE-East was
originally a FDDI ring at 8100 Boone Blvd, Vienna VA in the area known
as Tysons Corner.

The Internet is much more distributed now, but the area still retains
its legacy. Lots of Internet companies continue to house major
facilities here and operations such as ARIN are headquartered here.
More, many of the folks you've come to know on NANOG and in other
forums live and work here.

Bonuses:
With the possible exception of NYC, nowhere in the U.S. has more or
finer quality cultural institutions than DC and its suburbs (Northern
Virginia). The Smithsonian's extensive network of museums, the Kennedy
Center, and so on.
Federal money tends not to wander far, so you'll never want for paying
work in Northern Virginia.
Nowhere I've traveled has a broader selection of good restaurants.
Most places have a local food with a bunch of good restaurants for
that food, but we have all the foods and at least a few restaurants
for each which are exceptional.
Casual conversation is heavy on politics and matters of import

Less than wonderful:
Not the worst traffic in the nation but not far from it
High rent, high cost of living
Political conversation is inescapable



good selection of local taverns?

Octoberfest at the German embassy annex at Dulles Airport. ;)

Regards,
Bill Herrin


--
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: 
Can I solve your unusual networking challenges?

Re: Why the US Government has so many data centers

[amuse]

I can confirm this. I was working at NASA when the last "data call" was put
out.  We had a room with a flight simulator in it, powered by an SGI
Onyx2.  The conversation with the auditor went like this:

Auditor *points at Onyx2*  "Is that machine shared?"
Me:  "Well yeah, the whole group uses it to..."
Auditor: *aside, to colleague* "OK, mark this room down too."

And our flight simulator lab became a data center.



On Fri, Mar 11, 2016 at 9:03 AM, Sean Donelan  wrote:

> If you've wondered why the U.S. Government has so many data centers, ok I
> know no one has ever asked.
>
> The U.S. Government has an odd defintion of what is a data center, which
> ends up with a lot of things no rational person would call a data center.
>
> If you call every room with even one server a "data center," you'll end up
> with tens of thousands of rooms now data centers.  With this defintiion, I
> probably have two data centers in my home.  Its important because
> Inspectors General auditors will go around and count things, because that's
> what they do, and write reports about insane numbers of data centers.
>
>
> https://datacenters.cio.gov/optimization/
>
> "For the purposes of this memorandum, rooms with at least one server,
> providing services (whether in a production, test, stage, development, or
> any other environment), are considered data centers. However, rooms
> containing only routing equipment, switches, security devices (such as
> firewalls), or other telecommunications components shall not be considered
> data centers."
>

Re: OT: Voice Operators' Group forming

[AMuse]

I second the idea of google groups or some other group provider;  Yahoo 
groups are known within many circles for having long email delays.



Charles Wyble wrote:



Hiers, David wrote:

Hi NANOG,
I'd like to announce the formation of a NANOG-knockoff group for 
voice operators, the Voice Operators' Group.


Very cool! :)



Voice network operators share many of the same challenges as IP 
network operators; we register with registrars (CILLI, OCN, and ACNA 
as well as ASN and DNS), route traffic (point codes as well as IP 
addresses), resolve names (CNAM as well as DNS), manage reachability 
(to countries, LATAs and NPA/NXXs as well as  to IP networks), and 
deal with equipment issues.


Indeed we do!


NANOG has been so useful at the IP layer that it seems like a good 
idea to try to duplicate it a little further up the stack.  



Yep.



For now, the group is on Yahoo:

http://tech.groups.yahoo.com/group/voip_operators_group/

Of course, we're looking for a better place, name, and charter.



Might I recommend google groups, or puck.nether.org. An IPTV list was 
recently formed.


NAVOG  works for me.

Re: Happy Sysadmin Day

[AMuse]

Patrick:  If you're surprised that someone is conflating 'Happy sysadmin 
day!" with "Hey by the way can you help me figure this out?" then you 
haven't been a sysadmin long enough!   ;)


(yes, I know, you weren't surprised, just taking a lighthearted shot at 
the guy)


Patrick W. Gilmore wrote:


I'm not on the MLC, but this strikes me as silly.

First, isn't outages@ that -> a -> way -> ??

Also, do people honestly think asking "why is L3 having issues" in an 
e-mail "Subject: Re: Happy Sysadmin Day" a good idea?


Perhaps you all need to realize that Ettore was an idiot - making good 
brakes is _hard_... er, sorry. :)

Re: Ready to get your federal computer license?

[AMuse]

Perhaps it's intended to be a workaround to the current problem with a 
lot of government IT Security:  The (big) contractors are told to follow 
IT security guidelines, at which point they point back to their contract 
and say "That's not in the statement of work, lets renegotiate the 
contract and cost it out."


Jack Bates wrote:

Peter Beckman wrote:

 "The proposal also includes a federal certification program for "cyber
 security professionals," and a requirement that certain computer 
systems
 and networks in the private sector be managed by people who receive 
that

 license, CNET said."


Presumably, this is to increase security of private sector networks 
that interconnect with government networks and high risk networks such 
as banks and utilities. Presumably it wouldn't mandate the social 
networking, ESP/ISP sectors.


Jack

Re: Issues with Gmail

[AMuse]

As a government-employed computer security guy who has never owned or 
worn a suit OR tie, I feel entitled to ask...   WTF?


Nick Hilliard wrote:

On 01/09/2009 21:01, Jim Wininger wrote:

Anyone else seeing issues with gmail?


Down, definitely down.  Call the White House!

It should be clear that the root cause here is a lack of regulation, 
so could someone phone Sen. Jay Rockefeller (D-WV) _urgently_ and 
advise him that the only way to stop problems like this happening in 
future is to ensure that the government has a firm grip of the 
steering wheel at all these web2.0 companies.  Also, rather than 
letting these trendy, fashionable Googlers attempt to fix critical 
systems like gmail, that real service problems like this ought to be 
fixed by accredited cyber security professionals, preferably ones 
which can demonstrate their computing ability by wearing a suit and tie.


If we've learned anything in the telecommunications world, it's that 
if any organisation can respond quickly to a problem and deal with it 
efficiently and effectively, it's a Government.


Nick