Domain: certcities.com
Stories and comments across the archive that link to certcities.com.
Comments · 7
-
ulimit
When a particular app goes haywire and starts
... that particular app just gets a NULL back when there is no longer any memory available. ... I would not even begin to think how Linux could handle thisUmmm... forget about the OOM-tuning stuff the other people are preaching, how about the good old ulimit command? It's only been around since... System V Release 4, according to ulimit(3).
http://certcities.com/editorial/columns/story.asp?EditorialsID=214
Maybe Linux's handling of memory limits could be more intelligent (I have no idea), but that's no excuse to ignore basic Unix process accounting.
-
Re:Then why can't I find a friggin job?!!?!
Hang in there; things will work out (they did for me).
-
Certification
A few people have mentioned Red Hat's recent acquisition of jBoss, which I think is important. But something fewer people have mentioned is their certification program. The RHCE exam is a no-nonsense practical, and consistently rates highly in the marketplace: Cert Cities recently named it their number one cert for 2006.
Organizations which are paying the not insignificant cost of a RHEL subscription likely want to make sure that they're hiring people with some basic competencies to manage them. The RHCE cert at least provides that, probably better than any other certifications out there.
(Disclaimers - I recently became an RHCE, but the only Linux distro I'm currently running at home is Ubuntu.) -
Re:IIS is always faster."I assume you've never used IIS 6.0
.... Very very secure, easily arguable moreso than apache."You're shooting for a Funny mod, right? The biggest "advancement" in IIS 6 is that instead of IIS 5.X that that ran 100% in user-mode, IIS 6.X runs as a kernel module
With IIS 6, everything changes. To start with, there's a new piece of kernel mode software: Http.sys. This driver, written by Microsoft, is responsible for receiving all IIS-bound TCP/IP traffic from the TCP/IP stack. Running in kernel mode gives the new driver a huge speed advantage
Which is a cute trick for gaining performance at the expense of security (kinda like the various Linux kernel-web-servers like khttpd)."But why would you believe that? I mean it's not like it's easy to find out.."
Indeed you are correct that it's not easy to find out. Leading security sites all report that it is NOT more secure as you allege. For example, the current rating of IIS 6report from Secunia, (one of the top couple security companies as opposed to merely your anecdotal rumor:
"Microsoft Internet Information Services (IIS) 6 with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical
In contrast, Apache 2.X has the much better rating: "Apache 2.0.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical"
" -
Re:Uhm, right...
re: "Consider this: Microsoft has been ordered not to use the term MSCE in both the United States and Canada because Microsoft does not have the legal right to "certify" people as engineers."
cite?
Canadian Council of Professional Engineers (CCPE) opposes the use of the word "Engineer" in the MSCE designation
-
It certainly helped
A year back I finished my high-schools and got into Network Security Certification track first took ccna then cisco secure pix firewall specialist, cisco secure vpn specialist, cisco secure ids specialist-------And soon after I finished the cs ids I send 14 resumes in which I got a respond from 3 companies, I decide on with $3500 as a Intrusion Detection in charge. [heh-
The only exam which I really wasn't contented with is the CCNA, I felt as if I had already done the exam
summary: Certification does matter these days bt choosing the right one is the choice to be made
---
sig.(rypto* -
focus, value, and experienceI have never heard of the SCP before, and a quick look at it didn't impress me.
There is an article in the September 2001 issue of Secure Computing Magazine. (a "trade rag" - so it never says anything bad about a potential advertiser)
Pay Your Dues by Jay Heiser in Information Security Magazine is also worth reading.
A small reader survey, May 2001 - Talkback.
Security Focus offers several mailing lists that you may wish to subscribe to, or at least read the archives about. In particular Security Certification, CISSP Study, and security-basics. One recent message is certainly worth reading. Similar questions have been also asked in cryptography and firewall wizards - Nov 2001 mailing lists, and I believe has come up several times before.
A review of one IS manager's experience from Computerworld secuirty Column.
A so-so review of different security certificates from CertCities.
The main points I would make are choose a certificate that has the right focus for your career. CISSP is the best known cert, but it is aimed at IT/IS Security Managers and Consultants not at senior technologists / engineers / "in the trenchs" types. The best features of this is requiring 3 years of computer / network / audit security experience and having a broad overview of computing security (the 10 common bodies of knowledge, CBK). This makes it out of reach for many people new to info sec, and that's okay, they likely should focus on another certification anyhow. Next is the SANS/GIAC certificates which are more focused and hands on. The best feature is that they require a "practical" part to the certification, which is doubly good because it is not just exam cramming and lets the student practice her communicaton skills, which is important in the security field since you should be able to work in a team and with others (non-technical other) in an organization outside your team for the common benefit of the business.
Certifications tend to be expensive to get, and don't forget most of them have requirements for maintaince such as x number of contuning education credits, re-examinations, or conference attendance. This is a mixed bag, it is good that it justifies staying up to date, but it can also be very expensive for a member working as a new contractor or for a small company that isn't pre-IPO throwing money around.