Security: Oh the exploits they are a coming

Let's face it nothing is secure but somehow pundits want to argue that option A is always better than option B. George Ou of TechRepublic is one of the most vocal bloggers on the ZDNet boards and his views, though not entirely without points, don't always seem to fit as many situations as I think he'd like.

In one of his more recent posts he notes again his support of Vista's newer granular security and the idea that you don't need AV. While I agree with him in that AV software is a severe performance drain and that the improvements to Vista's security layers should help, I also realize there are circumstances where you can't use the security model that George advocates.

Case in point: The mobile worker/field worker. I myself spend about half my day on other customers' LAN's more than my own employer. Relying on restricted local permissions isn't going to cut it, by the nature of my work, I have to do a lot of my work as an Administrator or Power User. The fact that I am also relatively "naked" from myself to the wire means I can't rely on gateway AV. In a Utopian world everybody else would implement the same level of security and be equally protected, but that just doesn't happen.

The idea that an "end user" can get along fine with restricted permissions is something that I've had to tackle for a long while as a support person. Let's say for instance you've got a remote customer and you're trying to assist them with something using a remote access tool like LiveMeeting for WebEx. Oops they aren't an admin user, they can't even install ActiveX applets. Well hey great... Even if code signing applied here, most system admins would limit the installation of anything out side of corporate standard.

Now am I saying the various *nix flavors fix this to a T? No, not really. Unix's standard permissions system is definitely long in the tooth, but it is still one of the easiest to get a grasp on initially as an admin (at least I thought so). The problem with high granularity security is that you can find yourself trying to heard cats. You have so many security policies defined, so many exceptions defined that you can't trace back what happened in your AD without having a well structured change log/management system. Now while that works if you're a large organization try to picture it from the perspective of the smaller business or the small IT shop.

In the end there's no one all answer, I feel there's definitely room for layered security but it has to be applied appropriately and with scrutiny and care.

Testing of new photogear

Well had a few items on my wishlist that I finally got just prior to a photoshoot with members from 808cosplay and Kawaii-Kon forum goers. Among the hardware I got to try out, a San Disk 4GB Ultra III card. Helped during the burst sequences. A flash diffuser/filter (hehe cheapo simple plastic that it is) and a replacement Domke photographers vest.

Now I admit the vest, well makes me looking f'in' dorky. But I enjoy it since I can keep spare batteries, my cleaning gear, filters, you name it. Doesn't hurt that the vest also saves my shirts from getting ruined if I have to go prone for a low angle shot.

The new CF card was also great, replacing my 4GB Microdrive as my RAW/high cap memory option, the card was barely half full by the end of the day (mostly cause I shot JPG this time around). Burst write speed was very good and in the earlier part of the shoot came in very handy.

Unfortunately since I don't have any flash photography w/o the filter on I really didn't have a good comparison but I did see the impact in terms of reducing excessive bounce back and flare so I'm happy with the purchase. Click here for the cosplay webgallery

Photo by Zarli Win

Black Friday... Why?

Now I'll be honest and say that Black Friday is one of those days that has perplexed me to no end. Any which way you look at it, it's an excuse for people to convince themselves that staying up all night after a turkey dinner and camping the local electronics store or chain store. For what though? Saving a on some electronics?

I'm all for saving money, god knows with the way the economy is we could use the extra dollars, but there's a finite limit. The one time I actually shopped on Black Friday was in SF and it wasn't pretty. Having stuff pulled from my hand while shopping in a Macy's and seeing folks at a Target have stuff swiped from their shopping carts was just nuts.

What happened to the idea that the holidays are for spending time with your family? Enjoying the season? No instead we have, "ZOMG microwaves take an extra 30% off!!" Is this what parents are teaching their kids these days? That the all mighty sale is the rally cry for the family unit in America? If that's the case, let me tell you I'd just as rather pay the normal price.

Is anybody secure? I don't think so

Today must be Vraxx bashes on ZDnet articles day or something. ZDNet UK article discussing the notion was former US security adviser Howard Schmidt to the House of Lords. His talktrack focused on the idea that small businesses just "don't get security". Now far be it for me to contend that small businesses don't get it, the tone of the article however almost suggests that big businesses DO get it. The truth of the matter is, in most cases security, though important takes a fundamental back seat to deadlines and business objectives.

I've seen some great security schema and system administrators in businesses ranging from the mom and pop shop to the large corporate site. The House of Lords seems to forget that there's two aspects to every security issue. Large scale sites are often hard pressed to be able to lock down _everything_ w/o testing and evaluation. Smaller businesses can move more quickly to plug up security issues. Granted a smaller business may not always have the manpower but hell, neither does big business when you look at track records. Human behavior, human limitations will always play a role, no matter which size business you're talking about. In the end it doesn't matter how large the company is, it matters how well structured security is for it.

Negative Press -- Linux in the hotseat

Well several articles are out regarding the reversal of several high profile Linux conversions. Case in point the Birmingham City Council recently halting the continuation of a project to convert stations and public access systems to Linux. Novell's recent strategic alliance and the general slow-down of the FOSS/Linux hype engine.

I'm one of those people that believes that Linux has a good deal of potential, but I've never really been one to advocate a desktop conversion. I still feel that Linux is at its best in the server role. My development stations and network monitoring/system administration systems. Will Linux become a desktop powerhouse? I hope so, but I don't know that that time is now. I'm still hedging my bets that truly significant inroads aren't going to be in place until around 2009 or so. (Don't quote me on this, I'm just doing a rough projection based on how user friendly Linux has been since 1995)

So much to watch, so little time

One of my biggest issues is time management. Between duties at work, duties with family and girlfriend, and well general sanity maintenance (read chores and the like) there never seems to be enough time to just relax and enjoy mindless fun. My usual anime/movie watching time is sadly 8-11. Just enough time to eek in something but half the time i wind up asleep at the 930 mark :|

Thank god there are no late fees with Netflix. Otherwise I'd be in the dog house. So what do you all do to manage your fun time with your flub time?

Linux: Feature Creep In Linux/BSD

Now normally I don't quibble about the types of applications loaded onto a Linux/BSD box, but steadily the average size of a either *nix is growing. Now part of that is to be expected, a larger kernel, more libraries, yet personally I find it interesting that Linux/BSD is just as guilty of feature creep as the Windows world.

Let's face it, with most distributions slapping support for KDE and GNOME, adding multiple desktop managers and several variations of text editors as part of "default" install sets, it's looking a might like the Windows influence. I'll grant you that the basic footprint is still smaller in most cases than a well loaded Windows system but the size delta is shrinking.

Overtime of course I don't doubt that both operating systems will increase in size, unless better, more efficient coding takes place, but it's a little sad to see the general 'minimum' size for Linux/BSD grow. As a tinkerer and SysAd I enjoy being able to fire up a VMWare session and enjoy a distribution or two, but these days the HDD overhead is just getting crazy.

So I tip my hat to the folks like DSL (Damn Small Linux) and other 'live' distributions on a disk. Keep striving to keep it simple, and small.

New Blogger Interface

Well I'm trying out the new blogger beta. So far it isn't that radically different and the front end view for anyone who browses here doesn't really change. We'll see if the modifications in the beta wind up being useful or just a case of feature creep.

Vista, Novell and Microsoft, Red Hat and schtuffs

So of course being a supporter of FOSS, I was keenly watching the news and I have to admit the articles as of late have been interesting. The fact that Vista is on its way to manufacturers and that Novell and MS are forging a business partnership is a bold though not entirely unexpected move.

Red Hat's reaction to all this is about what I expected, but still with recent moves by Oracle to encroach into Red Hat's main line of business and the Novell/MS thing it will be interesting to see how RH adjusts itself to compete with these newer threats.

Personally I think the end user is going to benefit in the long run. I hold quite a few doubts that Oracle will really make too much of a dent in the services arena until at least a year or later. Novell and MS's moves however may have a greater immediate impact. With financial backing and a fairly strong product NMS has more commercial clout to say mainstream IT managers. On the flip side, RH now remains the only truly independent player with sizable market share. While RH critics are in no short supply I think as long as they stay close to the FOSS paradigms they'll keep a good sized user base unless price pressure and lack of business growth keep them down.

We'll have to see how the market shifts now but I for one will watch with interest and hopefully be able to see the benefits of competition for both parties.

Vraxxism: It goes where?!

SC: hey, what's a toilette spray?
SC: do chicks spray that on their butt after they go to the bathroom?
Vraxx: as in eu de toilette?
Vraxx: eau de toilette rather sorry
Vraxx: http://ask.yahoo.com/20030226.html
SC: i was a little off
SC: thanks :D
Vraxx: yes especially considering what end...

*Comment: I did actually have to think about that one. I thought SC meant like FDS or something.

Clarrification on the 5-minute review

OK so I've actually received a few nasty-emails (particularly for my rather low scoring of FFXII. I'd like to clarify the 5-minute review system I use does NOT mean I only played for 5 minutes. It's a review which should be written in roughly 5-minutes.

Now more in depth reviews will be posted to Vraxx.com of course, in which I sometimes revise my score, or go into more detail over the elements behind my review. Until then, sorry these abbreviated reviews will have to suffice.

5 Minute Review: NWN2

Now I admit, I enjoyed the first NWN considerably, due in no small part to the fact that the toolset offered a lot of replay ability once you got past the UI quirks. With Obsidian at the helm, NWN2 looked to be a very ambitious project and it turned out very well in my opinion.

The UI has been in many ways simplified and while at first can be confusing, I found myself adapting to it fairly quickly. The graphics are also significantly improved, however they tax my limited hardware =\ You may want to watch just how many visual features you turn on.

Storyline however is the area that this new iteration of NWN shines. The dialogue, subplots and quests that string you through are varied and interesting. The different paths your character can take are certainly still there (lawful/good, neutral, evil) and some of the jabs and jokes during character interaction are downright hilarious.

If you enjoyed the first NWN and are willing to open yourself to the new UI I think you'll find NWN2 to be a very enjoyable experience. Visually you may need to accept that your hardware might not be up to snuff (sadly as my own gear is) but I think most user will overlook that once they see how fun the gameplay is. I'm rating NWN2 an 8.5/10 at initial glance.