Thank goodness for good sense! The US Patent system is unfortunately broken, handing out patents in this digital age that make little sense, and show little understanding modern technology. Barracuda, as a company, is trying to stop Trend Micro, a patent troll.
Trend was granted a patent that covers scanning files that pass through a proxy. Huh?
Help Barracuda show prior art. Story here:
In the security and networking field, an "air gap" means that two systems are totally separated - no network connection runs between them. So, no pun intended, how could the new Boeing Dreamliner 787 not have an air gap between the flight system and the passenger "browse-the-web" system? That's insane. Literally, if you define "insane" as being out of touch with reality. Who came up with this, and who approved it?
The sad thing is that there are more good ways to handle this than bad ways, and someone chose a bad way.
A little more about Kerberos in 10.5: Interestingly, now in Leopard, each and every 10.5 machine is a Kerberos server. In some ways, very cool. Kerberos on its own is a pretty big topic. My fear is that while it's operating as expected, it's going to catch some people by surprise.
OS X Server has used Kerberos as a single sign-on technology for some time now. It's rare, though, to find a Kerberos server on a workstation, but that's precisely what you'll find on each and every OS X v10.5 workstation. Single sign-on with no infrastructure. Very, very cool. However, it's not really documented very well. Apple just put this kb article on-line, though:
http://docs.info.apple.com/article.html?artnum=306723
Here's hoping to further implementation details!
C'mon.....really! After talking about sensationalism recently, Intego comes up with this winner today:
So, out of the gate, there have been a number of people talking and blogging about security in Leopard from a number of perspectives. Some, though, are just looking for attention. Take the two posts at "Internet Security for Your Mac" warning that people stay away from the new "Back to My Mac" feature:
I answered a message on the OS X Server Administrator's list regarding how to set up a SonicWall Pro Series appliance to authenticate users against OpenDirectory. I promptly started receiving more questions directly from people trying to accomplish the same thing. Since not all lists are attachment-friendly, here are snapshots of the settings I'm using in one case. Please note that a) this could be more secure, and b) I've redacted where necessary.
Data theft should bother everyone. It has happened way too much recently, and for all of the wrong reasons: employee takes data on laptop and leaves it in car, missing unencrypted backup tapes, lax policy on verification, etc. One of the biggest cases was Choicepoint, after which, I had serious doubts about their future. Well, it's always nice to see people learn from their mistakes:
You can 'get root' using sudo or by using su, however, be aware that they handle things a bit differently.
I've still been seeing some debate about which is better: the use of sudo, or simply using root or su. They both have their place, actually, but the point here is that they work differently.
