Slashdot Mirror

• RIAA throws a lot of money at Obama, obama installs their lawyers in DOJ
• Microsoft throws a lot of money at the Obama campaign, Obama campaign streams inaguration using Silverlight.

Of course, that's common sense. Now let's hope this example is a sign of things to come:

• Microsoft throws a lot of money at MLB, MLB uses silverlight to stream their games...only this time, it dosen't work out after they realize what a stupid move it was.

OpenSolaris also runs on IBM Mainframes. From what I understand IBM has been working on this as well.

OpenSolaris on Power was a project of OpenSolaris but I'm not sure how far that got.

It's not like water cooling is new.

Nah, it's much simpler than that:

Obama campaign tech rep: "Hey, guys, Microsoft will throw a lot of money at us if we use their brand. Why not?"

Netflix executive: "Hey, guys, Microsoft will throw a lot of money at us if we use their brand. Why not?"

etc. etc.

VCenter is NOT the management client. However, I do believe VMWare is developing a cross platform VI Client.

That is absolutely lovely, but that actually proves my point. The unit of measure "kilobyte" was defined LOOOOOONG before 1998; LOOONG before 1988; LONG before 1978 and I would venture to guess long before 1968 even though a kilobyte in those days was ridiculously expensive and hard to imagine. But I'll see your one link:

http://www.tekmom.com/buzzwords/zdkilo.html

And raise ya three:

http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212444,00.html
http://www.answers.com/topic/kilobyte
http://www.pcmag.com/encyclopedia_term/0,2542,t=kilobyte&i=45822,00.asp

And there are a LOT more places that state what I learned over 30 years ago. Best not to redefine units of measure. It confuses things especially when referencing older works using those measures. It also confuses and sometimes even angers the consumer. But let's look at it another way -- one day, you just might end up with less than a gallon or litre of gasoline one day because someone decided it would be okay to change a unit of measure to something they found more convenient. But that shouldn't bother you should it?

I can't see a situation where 64Gb of fast storage is worth that amount of money + time + hassle + 64Gb of RAM + potential firmware problems + interface cabling + ... The bottlenecks in anything serious are going to be elsewhere.

If you think this is pricey, you should see what the guys who run EVE online paid for the RAMSAN units they have backing their databases -- over $150 per gig. CCP claims a 4000% percent performance increase, as a result of the upgrade, however.

There are definitely plenty of IO-bottlenecked servers out there that could benefit dramatically from a good SSD solution. But yeah, if you're just gaming and posting to slashdot, a $600 consumer-grade SSD isn't really going to make much of a difference in your desktop rig.

You mean, this Scott McNealy? The one who said Linux is for hobbyists, not enterprise?

Teh funny, it hurts. I even think it's called "eating crow" in U.S.

When you can't beat 'em... Right, Scott?

Interesting. It is always nice to learn something new. Incidentally, VMware also has the ability to share memory between VMs (and of course it doesn't pose a security risk). I imagine that DLLs that use that feature might have a reason for it (maybe the clipboard uses shared memory? I imagine it could be more efficient than message passing.)

Don't buy an SSD to store a large database that gets lots of updates!

Don't buy a cheap, consumer grade SSD for a large database that gets lots of updates.

On the other hand, if it's in your budget, and you don't have any other options, *do* buy an enterprise SSD array that's actually up to the task -- CCP claims a 4000% increase in performance after switching to an SSD-based solution for their game, EVE Online.

However, the solution they're working with was priced somewhere around $150 per gig as of a year ago. Consumer SSDs are currently priced around $2-3/gig, based on newegg price quotes elsewhere in this thread.

Use portable firefox then on a memory stick.

How can I do this if the only Internet cafe around has filled the USB ports with epoxy as an anti-virus measure? Some Internet cafes in public libraries have been known to do this.

The boards are fine (made by Foxconn I believe). They just don't have as many "offerings" as others. e.g. more ports, overclocking (remember Intel was the first to lock their FSB), etc. Also while Intel does CPUs great, chipsets aren't their strong point (same could be said for AMD).

I actually don't mind if the chipset doesn't have every bell and whistle, all I really care about is stability.

To intel's credit I've found their motherboards have stability that almost approaches some of the old SPARC, PA-RISC, Power & Alpha Boxen I still have in-play.

That said, we would all be in a much better position if there was still a viable alternative architecture in the market place (HPC and embedded aside). The intel guys have certainly pulled some clever tricks to take their Instruction Set Architecture, which is so badly designed you'd have to wonder if it wasn't a conscious choice, and make it perform so well.

I still wonder though what might have been if the process engineers at intel had been given a descent ISA design. Although the biggest problem isn't the performance, or indeed the power consumption (there have been plenty of posts pointing out that these obstacles have been reduced in their magnitude), but ultimately the x86 ISA is still a security nightmare, and is only getting worse due to some new features, as well as some crufty ones.

You might of course just use any hard drive imaging tool, but this is rather slow and clumsy, and it will use a lot of disk space (which isn't necessarily a problem if you really wanna burn a DVD every time). It might be easier and quicker to use one that supports incremental backups. I like Acronis True Image a lot but it is not free.

If you mainly want to document changes done to a running system over time, virtualisation products might fit your purposes well. Most of them have some sort of ability to make snapshots. The popular free VMware Server only allows a single snapshot, but Sun's xVM is every bit as good and does multiple snapshots easily.

That would be insightful, if it were not so clearly wrong. Plenty of spammers target specific individuals; see http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1259674,00.html for a specific example. Now, one could argue that targeting IT professionals would be an exercise in futility. Would you bet your livelihood on it? Would you bet access (possibly high-trust access, depending on how high up this IT professional is) to your company's network on it?

Because that's what's at stake. It's not a question of sending email selling \/|agra to these people. It's a question of a very specific, highly targeted spam operation with the express purpose of getting access to the networks of these specific individuals, in the hopes that they can provide the access the infiltrator would want to the company as a whole.

Now, I am not saying that this is a big deal; it's not like these emails wouldn't have been available from some other source than this email list. However, I will say that by completely dismissing an entire segment of spam email, that of targeted emails to specific individuals, you are unnecessarily lulling both yourself and anyone who reads your comment into a false sense of security. Highly targeted spam is a real risk; don't discount it as a very real attack vector. You must be ever vigilant, and I don't think you can be with that kind of attitude.

It sounds like a blind resource consumption attack against SYN-cookie implementations, no? (Without SYN-cookies, the attack is trivial, just spoof SYNs).

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html

SYN-cookies are a simple idea. Upon receiving a SYN, rather than creating all the state, the server returns a SYN/ACK with the SEQ value = H(IP,ACK value). Thus when it sees the ACK packet it can check that the value is returned, and then create all the state.

If this is the case, it seems to require that a SYN-cookie be predictible, that the attacker can probe a client to predict what H(IP,ACK value) is. IF that is the case then there is an easy fix: simply use more and better random data as salt in a better hash function.

Simply because ANY blind resource consumption attack against a SYN-cookie server requires knowing what the SEQ value from the server for the SYN/ACK in order to establish a connection by sending the proper ACK (and then some data to load the server further).

If the attacker can't predict the SYN/ACK's SEQ value, it can't construct a proper ACK and cause the server to consume resources.

Here's a better story with more info: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html Looks like they're able to mess with the session parameters, as you said.

Neither interview nor Link provides much information about the kind of attack. Between the lines they seem to be doing something with the ressource usage by manipulating tcp session parameters. But that's idle speculation for now.

Looks like you may be onto something; found this writeup with a bit more detail: New attacks reveal fundamental problems with TCP

Don't know enough about TCP/IP to comment, but maybe someone else here could elucidate or elaborate?

Here's a link to an article in English:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html

From the article:

Many TCP servers use a technique known as a SYN cookie in order to prevent attackers using spoofed IP addresses from launching SYN flood denial-of-service attacks against them. The cookie is essentially a chosen TCP initial sequence number that is calculated using some specific hashed metadata that reflects the details of the specific TCP connection. Once the client returns a correct packet to the server, the server knows that the client isn't using a forged IP address.

Sockstress computes and stores so-called client-side SYN cookies and enables Lee and Louis to specify a destination port and IP address. The method allows them to complete the TCP handshake without having to store any values, which takes time and resources. "We can then say that we want to establish X number of TCP connections on that address and that we want to use this attack type, and it does it," Lee said.

network printers with Postscript, ph34r my remote !factorial attacks!

some of them also do email and can be owned for more attacks, some are phone/fax/copier/printers giving you the scope for spam faxing and premium rate dialling attacks.

Plus do you really want remote access to print queues at a UK govt. dept.

HP Printers FTP Server Denial Of Service

Should network printers be patched?

Idle scanning using a network printer & nmap

I am heartened by your blasé approach, there's plenty of fun waiting out there for inquiring minds.

But with competition from non-Windows PCs (both Macs and Acer/Dells running Linux) and from alternative server software (open source servers, which power more web servers than Windows Server), Microsoft is now finding its air supply getting cut off while its proprietary business model is poisoned by the insidiously opportunistic spread of open source.

Actually Microsoft's server market share is growing absolutely and in terms of market share. According to Geekpedia Linux's server markiet share is plummeting. Microsoft's consumer market share is what's declining, more are buying Macs and Linux. However the consumer market is growing itself.

Microsoft is fundamentally screwed.

Not quite, Microsoft isn't down much from it's peak.

Falcon

IANAL. This is why most companies spend some money developing a retention policy and planning its implementation. It requires a bit of time from every employee to decide if a piece of information is something that requires short term, long term or permanent storage but if you get people into the habit of sorting things like email into folders that reflect the company retention policies (which need to be pretty clear and well planned both from an IT and a legal perspective) then you can reduce the cruft you retain considerably.

With clear policies on when the various categories of information can be safely and legally deleted you can reduce the storage costs and simplify the e-discovery phase if it comes up.

Likewise you need good planning and employee training on what to do when a Hold is placed. Ie, if your company enters litigation, you will place a hold on data deletion and *NOTHING* gets deleted so that the courts can't find you guilty of attempting to hide information from them in a litigation.

Any company that doesn't come up with a retention policy that takes everything into consideration, doesn't train its employees on those policies and doesn't practice what it has decided will be its policy is in for a world of hurt when suddenly its in court and has to produce emails from a specific individual or individuals from 3 years ago etc.

If your employees can generate 10Gb of data during the course of a year, then they can learn how to apply retention principles to it while they do so. Its just one more aspect of the job.

Now there are various attempts at software to automatically filter and organize your data - email and documents etc - according to key words and phrases, email addresses etc. I believe some of them are pretty well evolved and take a lot of the burden off your employees - and cover you when those employees can't be bothered to do what they should be doing according to the rules, but I have no experience with how well these work.

Here's an article on email retention (from a quick google search, no idea how well its written)
http://searchstorage.techtarget.com/tip/0,289483,sid5_gci1212767,00.html

http://searchmobilecomputing.techtarget.com/sDefinition/0,,sid40_gci214574,00.html Used by the UK police very successfully. In service now. "In recent years, when European disasters have struck, emergency response teams from several European nations had a difficult time communicating with each other, due in part to the lack of standardization in their mobile radio equipment. The TETRA standards evolved to answer this communication challenge as well as others faced or anticipated by the European Commission (EC) in its efforts to unify European countries. Based on digital, trunked radio technology, TETRA is believed to be the next-generation architecture and standard for current, analog PMR and PAMR markets. TETRA actually takes its features from several different technological areas:? mobile radio, digital cellular telephone, paging, and wireless data. " Disclaimer - I think it brilliant because my father and myself worked on the design and implementation of some of the first UK trials.

The "5 9's" of the System z platform weren't exactly meeting the needs of the NYSE (hence their switch to Linux & pSeries):

http://searchdatacenter.techtarget.com/news/article/0,289142,sid80_gci1254860,00.html
http://www.itjungle.com/big/big052008-story01.html

Though, to be fair, the NYSE also had a huge, embarrassing outage of its own in 2006 IIRC (not to mention a well-documented outage in 2001 when from a software bug pushed to their mainframes) - I guess there's no such thing as 100% uptime...

Can you point to any smaller exchanges that use Linux?

No, but I can point to the New York Stock Exchange, which uses AIX and Linux.

Not "probably". It's scarier when a domestic law enforcement agency (like MI5 or FBI) collect this kind of info than when a foreign intelligence service does it (CIA, MI6). The bad new is: when these law enforcement agencies refer to "terrorists", "spies", or "criminals" they're talking about never-convicted, merely-suspected-by-some-white-guy terrorists, etc. Every phone call and unencrypted email message could be read by someone as trustworthy as your last ex-girlfriend. The only thing that is actually preserving our freedoms of speech and movement is that correlating these quantities of data is still a challenge. Not for long.

Check out:
http://security.blogs.techtarget.com/2007/08/29/fbis-dcs-3000-wiretap-system-exposed-to-the-light-of-day/
http://www.wired.com/politics/security/news/2007/08/wiretap
http://www.cbsnews.com/stories/2006/08/30/terror/main1949643.shtml

If it's negligence in case of the company then it does make sense to sue the company. No employee should be running around with a laptop full of SSNs and addresses around (even if they are encrypted). That's negligence and the full force of the law should be brought on those people.

If it's due to a physical theft, say a burglary, you can't do too much about it. You can only review your procedures and make sure it doesn't happen again.

The worst is when companies fail to report it. They're the ones who should be sued to hell and back.

I believe you can route traffic differently within a VPN depending on it's destination with something called split tunnelling. Here
Here is a good explanation.

http://itknowledgeexchange.techtarget.com/cio/the-greatest-cio-threat-of-all-time-women-and-chocolate/ actually, most users are.

Original story here. At least, it seems to be a bit further upstream.

That didn't take long. Not bad for a Friday morning.

The one linked in the summary works for me, but if you are having problems you can see the original, non plagiarized article HERE

Too funny, not on is this article blog spam, it's plagiarised blog spam!

This comment is at the bottom of their board.

Guys: I couldn't find the editor contact info, but you've basically reposted our story from SearchSecurity.com without authorization: http://searchsecurity.techtarget.com/news/...1324395,00.html We'd like the excerpt removed immediately so we don't have to get the lawyers involved. Thank you. Eric Parizo Editor - SearchSecurity.com eparizo@techtarget.com

nice

Maybe they're running because SearchSecurity's lawyers are after them. They accused Neowin to have copied their article at http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html See comment #26 at TFA for details.

No internets for you.

troll

As used on the Internet:

1) As a verb, the practice of trying to lure other Internet users into sending responses to carefully-designed incorrect statements or similar "bait." In a real example, a Usenet newsgroup contributor mentioned the discovery of an ancient African carving containing a list of prime numbers. The contributor further listed some of the prime numbers found and included some numbers that, in fact, are not prime numbers. Other contributors then sent serious replies, correcting the list of prime numbers cited.

No a real SysAdmin doesn't violate good security practices by installing password crackers and checking people's passwords. Those SysAdmins should be instantly fired.

Dude, your pompous, self-righteous attitude makes me believe that you're either a pointy-haired management clown, or what guys in my group call a "Barney". Either way, what you define as a "real" admin is, IMO, an absurd projection of what your anal retentive imagination thinks an admin should be.

Our standard policy is 3 character types, 8 characters or more, and can't repeat last 12 passwords.

Pfft. Big whoop. I'm supposed to be impressed? You can still have weak passwords with that scheme.

If their was a SysAdmin working for me that had password lists of my users on his home computer, not only would I fire him, I'd press charges.

Har, har. Press charges? For what? If the word "security" is mentioned in any way in an admin's job description that will provide cover for use of legitimate security accessment methods like pen-testing, which, ohbytheway, includes password cracking. At most, you could use it as grounds for dismissal if there is a stated company policy prohibiting its use. But charges? Tch, only if you can prove the passwords were used for malicious intent. It's called mens rea. Look it up sometime, whydontcha?

JFC, "It's been 1 hour, 20minutes since you last successfully posted a comment" are any other poor AC's waiting this long between posts, or is it just me /. hates?!

"This circuit uses the 'scratch' as a guide or a switching path for information - like when trains are switched from one track to another - except this switch takes only one picosecond to change tracks. This means that in one second the switch is turning on and off about one million times. We are talking about photonic technology that has terabit per second capacity"

A picosecond is one trillionth (10 -12 ) of a second, or one millionth of a microsecond.

Sorry to disappoint you. this document describes the processes pretty well:
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214299,00.html

I was involved in the architectural design of what was probably the worlds first trusted document delivery networks, designed to serve and deliver legal documents between lawyers. We worked very closely with our local Verisign Agency.

You also get this, and this!
Hurray! Get vista + Ei7 and for no extra charge, dozens of exploits and more malware than you can shake a stick at!!

*stupid git*

Jeez. Perhaps if you use this as an online translator ( http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212181,00.html ), you'll understand what China(as in the country)-Speak is.

"to fix cards that were killed by ECMs"

The cards are not attacked by ECM's but by the EMM's . The ECM's just contain the operational keys to open the stream on the fly.

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci331380,00.html

"Microsoft sucked at it, but their goal of usefulness for an interface over perfecting the "humanity" of it pushed them ahead."

I wonder why the HELL msoft claims mshlp32.exe doesn't "meet their standards". Could it be it is the new place that the NSA/CIA backdoors reside? Or, is it something else.

I use Lotus SmartSuite 9.5 & 9.8, and they are hamstrung in vista. I am considering ways to ask my computer maker to replace my vista disk with XP, if they'll do it if i send in the original media. I don't know why Lotus Approach is one of those apps that has problems running correctly in vista when most of the other SmartSuite apps work fine (for me, so far as I can tell, and other than any official listings in the Lotus knowledge base...)...

This really is a shame. I wish Lotus would do something... like release to Open Source whatever code they DO own, and let Linux hacks restore the functionality that is missing after removing the non-IBM/Lotus-owned code. If they update the tools making the GUI, then SmartSuite could probably have a resurrection/renaissance of sorts.

But, killing the winhlp32.exe and it not working correctly. I went to:

http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1244222,00.html

and still have not been able to get it to run from WITHIN SmartSuite, but at least the thing runs help files if I click them externally. Seems some of the charting elements are opening slowly. I may have to manually rebuild all my database forms one by one to determine the problem. Would be nice if I could find a GUI that TOTALLY mimicked Approach so I could bolt it on top of any underlying db I want or allow others to use, but be OS agnostic. I may have to resort to some of the tools in Linux, finally. But, man, if only IBM/Lotus would allow a handful of Linux programmers privileged access to help IBM do what IBM seems reticent to do, or too loathe to do it with its own resources. Still, the WordPro and Approach, and even 1-2-3 combo would be nice, and seem to offer more than the resurrected/misnamed Symphony is able to do for most users of SmartSuite.

FYI: ATI (who was bought by AMD) just opened their drivers last year. http://enterpriselinuxlog.blogs.techtarget.com/2007/05/09/amd-will-deliver-open-graphics-drivers/ If you try again in about a year (after the open drivers get the major bugs out) it should all work with out an issue.

Nope. Not a Q-bert thing... http://en.wikipedia.org/wiki/Zero-Day_Attack http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci955554,00.html# http://netsecurity.about.com/od/newsandeditorial1/a/aazeroday.htm

I have been in IT for an embarrassingly long 28 years. I have seen shortages, and gluts, of IT workers. I have seen strong economies and recessions, I have seen technologies and products come and go.

But one thing never changes, those with a clear agenda: dice, msft, ibm, robert half, tech schools, etc. always claim that IT is great field, and now is a great time to get into IT. These claims are often backed up with some sort of dubious numbers. Speaking as somebody with a degree in math, who has worked on credit scoring systems, and the like, I can assure you that there are people who can make the numbers say whatever somebody wants the numbers to say. Did you know that every time a company requests an h1b, another 5 US jobs are created? It's true, it was in a think-tank report, and bill gates quoted those statistics before the US congress. But, you never seem to see these "happy happy joy joy" surveys from those who don't have an obvious agenda.

Often the claim is that there is some new technology, that will take over the world, and in the near future there will be desperate shortages of people who are qualified to support that technology.

IMO: unless something unforeseen, and unforeseeable, happens, stick a fork in the US IT job market - it's done.

You can probably find a dozen of these types of optimistic articles on any given day. Here is another one from exec at dice.com:

http://searchcio-midmarket.techtarget.com/news/article/0,289142,sid183_gci1313503,00.html?track=NL-973&ad=639083&asrc=EM_NLN_3643525&uid=1339323

Here are a couple of sources on those prefixes which TFA seems to have confused. They agree with each other:
SearchStorage Definitions
Extreme prefixes

This last one mentions even higher prefixes like vendeka (10^33).

Anyway, I emailed them this link to the terms in question, and post it here, for your edification. I have a post-it note on my bookcase with these terms - I think that as time goes on, knowing EXACTLY what each one is will be of some use. Until the oil runs out and we are shivering in the cold, anyway...

;-)

Here's their names, abreviations and their power of ten, so you know how big/small it is.

yocto- y 10^-24
zepto- z 10^-21
atto- a 10^-18
femto- f 10^-15
pico- p 10^-12
nano- n 10^-9
micro- m 10^-6
milli- m 10^-3
centi- c 10^-2
deci- d 10^-1
(none) -- --
deka- D 10^1
hecto- H 10^2
kilo- K 10^3
mega- M 10^6
giga- G 10^9
tera- T 10^12
peta- P 10^15
exa- E 10^18
zetta- Z 10^21
yotta- Y 10^24

RS

It's called a "Joe Job"

It's been around almost as long as spam has.

I was fairly active in chasing down a couple of Australian spammers a few years ago, and had to deal with thousands of bounced responses and constant blacklisting as a result.

Symptoms? the audio driver would just start looping, sometimes just freeze the system or bluescreen. It is generally the result of poor thread management.

Back before SMP went mainstream and was limited to large enterprises, I worked for a company which produced a development and runtime environment for a knowledgebase solution. Lockups and 100% CPU utilization was reported in the field but no one in support could reproduce it - client was threatening to walk. I heard about the support issue and I knew what the problem was right away and had an idea of how to reproduce it, but on a single processor machine everything is serialized anyhow, making it difficult and sometimes impossible to reproduce thread management bugs. At this company I was Sr. QA Engineer (and acting QA director at the time. I HATE being in a director position, at least in QA) and insisted the company release an unused multiprocessor box to QA (it was just sitting in the server room unused). I set up a debug build of the runtime environment on the machine and got about 12 people to hit the machine concurrently with specific requests (previous sessions on a single processor box failed to reproduce it). First attempt, we reproduced it and identified where it was failing (and no it wasn't a machine issue - booting with /OneCPU made the problem unreproducible).

What is a race condition?

http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci871100,00.html

http://en.wikipedia.org/wiki/Race_condition

And a related topic, the deadlock:

http://en.wikipedia.org/wiki/Deadlock

One workaround was intfilter, binding one or two libraries to a single processor, but that didn't solve all the problems with the Creative driver.