I actually do repair a large number of motherboards that fail. Most are just a couple bad caps. The shipping is more expensive than the caps and under $5 usually fixes replacing board completely.
Yes, but every caching raid setup I've ever used also has a battery backed cache and some form of iLO/DRAC type monitoring to insure the battery is working as expected. Having two separate battery systems fail is pretty bad luck, and if your luck is THAT bad then you likely had your NVRAM fail from exhausting the write limit, which is more of a concern to me than a power loss.
Not sure you understand rfc1918, as 10/8 is listed right there as private IP space at the top of page 3... I mean the others are wrong unless bainbridge island recently became it's own country, but let's not confuse things more than they need to be!
Absolutely dead on. Rats love the plastic sheathing on cat 5 like nothing else. I can't tell you how many times I've had to rerun cables at one customer's business because of rats and mice. Things would start flaking out and it would be a rat chewed cable 9 times out of 10 (the other times it would be a leaky roof). I even told them that they could get a good exterminator for less than they were paying me to re-pull wires.
Ultra VNC can be run as reverse vnc and will even build a little self-contained executable that is preconfigured. Install the remote on her end and all she will need to do is doubleclick. You can point it at a ddns resolver if you don't have a static IP. There is also the old school remote assistant built into windows which works ok.
That said, I would suggest moving her from xp to windows 7. It is much more secure and you can change most things to "classic" mode to make them look XP like to make learning easier.
You can also install a router capable of running clamav or some sort of scanning to check those incoming wallpaper executables etc. for trojans and that might make life a little easier.
Oh, and if hardware upgrades are ever on the map, consider a mirrored raid. Harddrives for home use are cheap and most motherboards support raid1 nowadays, so considering how few people actually make backups this might be a lifesaver for her and one less headache for you too. It won't protect from everything a good backup will, but it will save her from a sudden disk failure and the built in backup on windows 7 is sufficient for many home users.
It isn't all cuts some are overruns.
New rules and budget cuts:
-Bids must stay in budget. Companies aren't allowed overruns of several billions after accepting a contract. If they can't stay in their budget they get to eat the cost (I'm looking at your Lockheed Martin). DoD also can't ask for bids until their requirements are complete and can't go changing them after the bid is accepted without approval of the changes by the contractor. If they don't like it let the military build it internally instead of by contractors. The benefit here is we can see that labor, parts, etc is expensive versus projects that result in statements like "that plane is too expensive"
-remove standing armies from allied countries. Go ahead and keep the bases and staff with maintenance so they are ready if needed, but no need to keep people fed and deployed, let them eat at home and train here on U.S. soil.
-Covert operations budgets must be disclosed. We don't need a line item but we need general ledger numbers for review. no more free reign to play James Bond. We need to know that transport costs are $x and weapons are $y and cash expenses for "diplomatic reasons" are $z
-Get rid of all your overpriced Raytheon contracts for simulators and hire a few games programmers directly into the armed forces to design them internally. use jet footage from training and other missions to develop more realistic scenarios.
-Create an anonymous report that can be filed for overpriced parts and prosecute profiteers (I'm looking at you Boeing with your $7 gears you charged over $600 for)
-Don't use contracted labor for facilities and cafeterias and food overseas. I've heard horror stories of electricity so bad vets still check their showers at home before getting in years later and at the prices they charged we could have flown the whole facility over by concord after building a new concord.
-Get vets from each of the armed forces together to make further recommendations for their branch. They've been there and I guarantee they can tell you where there are large amounts of wasted money.
So yes, I've dealt with it. The easy solution is go wired for a while, setup a honeypot and track them down. Once you know where they are let them know you are less than pleased and if they don't stop there will be a call to the FCC and local authorities as well as a civil suit for harassment. If you can't go wired Lower your ACK timing and transmit power so they can't get a good signal without standing on your doorstep. switch to a certificate based system instead of a password based system with a new ssid. On the new system setup a proxy that requires additional authentication to reach the internet. Assign static macs to your own devices and block all other local IPs via iptables to prevent them from self-assigning one.
As for deauthentication attacks, the best bet is to find them and ans send over a nastygram.
Yes, since there is clearly no way to check an https connection for dangerous content. It would be wonderful if administrators of intranets had a tool that could look Deep into the Packets flowing through their network and Inspect them for malicious content... we could even call it something like "DPI" for short.
Kia might sound funny, but they are actually pretty good cards for the money. I've never had any mechanical problems with mine. The only complaints I can even try to come up with are that the remote entry loses it's programming (but the key works fine) and the paint on plastic parts (bumpers, door handles) has started to peel after 8 years of sitting outside in Florida. The Honda I had previously had more work performed and worse paint by the time it was at 5 years and that wasn't a half bad car either.
I'm guessing you didn't buy them with Linux on them... or prove it was a hardware issue. They have no reason to support something they didn't ship. Sure the support varies but their pro server support is actually decent if you get the right person on the other end. I had a case where teaming 2 nics caused windows to eat crap and die inexplicably and getting it back up was quite the ordeal. I couldn't even keep it stable long enough to unteam or remove the drivers (even in safe mode). Fortunately they did have documentation on the problem - a broadcom driver had a problem with a particular firmware set when teaming was used. I managed to flash the firmware update from a usb flash drive which got me to the point I could at least boot into safe mode and delete the drivers and then get a working older version of the driver from Dell's site up and running and teaming reconfigured. This was on an poweredge r610 btw. I feel bad for the poor sap who ran into this first and having dell support saved me unnecessary downtime, especially since there is no mention of this problem anywhere on broadcom's website. That said for 99% of the issues I've ever run into having on-site spares and a good internal KB has been far more effective than paying for Dell's support, but if it is free with the server why not use it...
not all of us consider that tiny. There are still a few programmers out there who recognize that doing everything high-level using huge libraries isn't necessarily the only option for a modern os. My favorite are there guys: http://www.menuetos.net/
Not linux, but definitely cool.
yes, but there are other ways of securing these service accounts and the ssh keys have no business in any location that is network accessible and shouldn't be of danger even if they are (since their access should be very limited in scope).
Exactly! chroot it, limit ssh by IP and run a second script on the server to do any additional housekeeping (move files/change permissions as necessary and cleanup). You shouldn't allow an unprotected key for an account with access to anything of value on your server. Being lazy isn't an excuse. You can be lazy and maintain security, it just takes a few extra minutes to set it up correctly the first time.
actually that is hardly correct. While it is hard to distinguish "work" from non-work activities in a hunter-gatherer society (thus your 24/7) if we use standard methods to delineate these activities you will find that most hunter-gatherers dedicated only 12-18 hours per peek to work-comparable activities. That is overly broad, but don't think you've got it so great. You work a lot more to watch tv than our ancestors (and some current cultures) do to watch the stars. It is all a matter of perception and values.
The setup of these systems is actually rather interesting from a FOSS perspective. They appear to run a redhat derivative and squid and use some interesting tricks to control access to the network. I figure the squid is probably caching locally on the plane to lower the bandwidth consumption, but haven't really invetigated too far.
The network routing is more interesting: If you hard code the DNS they will tamper with the route and either null route you or redirect to their sign-up page. But there are some exceptions, such as google for example: if you force https you can access google and related results just fine, but attempting to access gmail (even via mail.google.com) will result in a timeout even over https. You can also access a few sites for free such as amazon. Since you can hard-code the related IP addresses for google or amazon, it has been theorized that you could setup a proxy via google's servers or amazon's servers and get out that way by directing all lookups to that IP address from your hosts file or equivalent. When authenticating directly they appear to use ARP records to determine who is restricted and who isn't, so arp or mac spoofing would probably allow a non-paying customer to use a paying customer's credentials (albeit at the expense of probably making both connections pretty intolerable). The routing is most likely handled within the plane after a global sign-in is performed, but I haven't confirmed this.
Don't hire your boss, find a different job! The idea that someone is qualified to hire their own superior is so asinine that it could only come out of a corporate red-tape nightmare so awful it is doomed to an epic fail. If the company had any idea about how to manage whatsoever then they would either have someone higher-up the ladder do the hiring or move someone qualified up from within. Run! Run now! Run fast!
nonsense. how about upsert in mysql? Has to be done as a merge in mssql. Kinda killed your code for mysql and it works for everything argument. Not to mention the inefficiency of not being able to implement vendor specific options. sure you can limit yourself to vanilla sql, but if you want to get work done you pick a tool and use it. If you can get all the vendors to agree I'd be happy as pie, but claiming that is reality now is disingenuous.
as someone who runs deep packet inspection on a few networks I can tell you a) it is pretty easy to tell what shouldn't be passed through and b) a little sand in the underwear bites - Throwing in some junk data in the right ratio can wreak havoc on an ssl encapsulated torrent connection. Send all you want over ssl but it will be throttled and so much garbage by the end you won't want to waste your time after a few days.
I can also tell you it is pretty easy to block this even without deep packet inspection. Hint: dns tends to be required to get your torrent information in the first place, and it is pretty easy to send you a response from my dns server that looks like a response from your manually configured dns server. You won't know the difference and will just assume thepiratebay is down.
Slashdot Mirror
I actually do repair a large number of motherboards that fail. Most are just a couple bad caps. The shipping is more expensive than the caps and under $5 usually fixes replacing board completely.
Yes, but every caching raid setup I've ever used also has a battery backed cache and some form of iLO/DRAC type monitoring to insure the battery is working as expected. Having two separate battery systems fail is pretty bad luck, and if your luck is THAT bad then you likely had your NVRAM fail from exhausting the write limit, which is more of a concern to me than a power loss.
Not sure you understand rfc1918, as 10/8 is listed right there as private IP space at the top of page 3... I mean the others are wrong unless bainbridge island recently became it's own country, but let's not confuse things more than they need to be!
Absolutely dead on. Rats love the plastic sheathing on cat 5 like nothing else. I can't tell you how many times I've had to rerun cables at one customer's business because of rats and mice. Things would start flaking out and it would be a rat chewed cable 9 times out of 10 (the other times it would be a leaky roof). I even told them that they could get a good exterminator for less than they were paying me to re-pull wires.
Ultra VNC can be run as reverse vnc and will even build a little self-contained executable that is preconfigured. Install the remote on her end and all she will need to do is doubleclick. You can point it at a ddns resolver if you don't have a static IP. There is also the old school remote assistant built into windows which works ok. That said, I would suggest moving her from xp to windows 7. It is much more secure and you can change most things to "classic" mode to make them look XP like to make learning easier. You can also install a router capable of running clamav or some sort of scanning to check those incoming wallpaper executables etc. for trojans and that might make life a little easier. Oh, and if hardware upgrades are ever on the map, consider a mirrored raid. Harddrives for home use are cheap and most motherboards support raid1 nowadays, so considering how few people actually make backups this might be a lifesaver for her and one less headache for you too. It won't protect from everything a good backup will, but it will save her from a sudden disk failure and the built in backup on windows 7 is sufficient for many home users.
It isn't all cuts some are overruns. New rules and budget cuts: -Bids must stay in budget. Companies aren't allowed overruns of several billions after accepting a contract. If they can't stay in their budget they get to eat the cost (I'm looking at your Lockheed Martin). DoD also can't ask for bids until their requirements are complete and can't go changing them after the bid is accepted without approval of the changes by the contractor. If they don't like it let the military build it internally instead of by contractors. The benefit here is we can see that labor, parts, etc is expensive versus projects that result in statements like "that plane is too expensive" -remove standing armies from allied countries. Go ahead and keep the bases and staff with maintenance so they are ready if needed, but no need to keep people fed and deployed, let them eat at home and train here on U.S. soil. -Covert operations budgets must be disclosed. We don't need a line item but we need general ledger numbers for review. no more free reign to play James Bond. We need to know that transport costs are $x and weapons are $y and cash expenses for "diplomatic reasons" are $z -Get rid of all your overpriced Raytheon contracts for simulators and hire a few games programmers directly into the armed forces to design them internally. use jet footage from training and other missions to develop more realistic scenarios. -Create an anonymous report that can be filed for overpriced parts and prosecute profiteers (I'm looking at you Boeing with your $7 gears you charged over $600 for) -Don't use contracted labor for facilities and cafeterias and food overseas. I've heard horror stories of electricity so bad vets still check their showers at home before getting in years later and at the prices they charged we could have flown the whole facility over by concord after building a new concord. -Get vets from each of the armed forces together to make further recommendations for their branch. They've been there and I guarantee they can tell you where there are large amounts of wasted money.
So yes, I've dealt with it. The easy solution is go wired for a while, setup a honeypot and track them down. Once you know where they are let them know you are less than pleased and if they don't stop there will be a call to the FCC and local authorities as well as a civil suit for harassment. If you can't go wired Lower your ACK timing and transmit power so they can't get a good signal without standing on your doorstep. switch to a certificate based system instead of a password based system with a new ssid. On the new system setup a proxy that requires additional authentication to reach the internet. Assign static macs to your own devices and block all other local IPs via iptables to prevent them from self-assigning one. As for deauthentication attacks, the best bet is to find them and ans send over a nastygram.
Yes, since there is clearly no way to check an https connection for dangerous content. It would be wonderful if administrators of intranets had a tool that could look Deep into the Packets flowing through their network and Inspect them for malicious content... we could even call it something like "DPI" for short.
The tupelo price isn't just for the taste, it is because true tupelo honey won't sugar on you like regular honey will.
Kia might sound funny, but they are actually pretty good cards for the money. I've never had any mechanical problems with mine. The only complaints I can even try to come up with are that the remote entry loses it's programming (but the key works fine) and the paint on plastic parts (bumpers, door handles) has started to peel after 8 years of sitting outside in Florida. The Honda I had previously had more work performed and worse paint by the time it was at 5 years and that wasn't a half bad car either.
I'm guessing you didn't buy them with Linux on them... or prove it was a hardware issue. They have no reason to support something they didn't ship. Sure the support varies but their pro server support is actually decent if you get the right person on the other end. I had a case where teaming 2 nics caused windows to eat crap and die inexplicably and getting it back up was quite the ordeal. I couldn't even keep it stable long enough to unteam or remove the drivers (even in safe mode). Fortunately they did have documentation on the problem - a broadcom driver had a problem with a particular firmware set when teaming was used. I managed to flash the firmware update from a usb flash drive which got me to the point I could at least boot into safe mode and delete the drivers and then get a working older version of the driver from Dell's site up and running and teaming reconfigured. This was on an poweredge r610 btw. I feel bad for the poor sap who ran into this first and having dell support saved me unnecessary downtime, especially since there is no mention of this problem anywhere on broadcom's website. That said for 99% of the issues I've ever run into having on-site spares and a good internal KB has been far more effective than paying for Dell's support, but if it is free with the server why not use it...
Kill switch, yes, but it will beg you not to kill it: http://www.npr.org/blogs/health/2013/01/28/170272582/do-we-treat-our-gadgets-like-they-re-human
Oxford disagrees (about conjunctions, but you are spot on about potatoes): http://oxforddictionaries.com/words/conjunctions It is fine to start a sentence with and.
not all of us consider that tiny. There are still a few programmers out there who recognize that doing everything high-level using huge libraries isn't necessarily the only option for a modern os. My favorite are there guys: http://www.menuetos.net/ Not linux, but definitely cool.
I think you are trying to be funny and failed (also I think you are mixing up chroot and /dev/null)
yes, but there are other ways of securing these service accounts and the ssh keys have no business in any location that is network accessible and shouldn't be of danger even if they are (since their access should be very limited in scope).
Exactly! chroot it, limit ssh by IP and run a second script on the server to do any additional housekeeping (move files/change permissions as necessary and cleanup). You shouldn't allow an unprotected key for an account with access to anything of value on your server. Being lazy isn't an excuse. You can be lazy and maintain security, it just takes a few extra minutes to set it up correctly the first time.
Who exactly is it that isn't password protecting their ssh keys? I mean if you choose to press enter shame on you.
actually that is hardly correct. While it is hard to distinguish "work" from non-work activities in a hunter-gatherer society (thus your 24/7) if we use standard methods to delineate these activities you will find that most hunter-gatherers dedicated only 12-18 hours per peek to work-comparable activities. That is overly broad, but don't think you've got it so great. You work a lot more to watch tv than our ancestors (and some current cultures) do to watch the stars. It is all a matter of perception and values.
The setup of these systems is actually rather interesting from a FOSS perspective. They appear to run a redhat derivative and squid and use some interesting tricks to control access to the network. I figure the squid is probably caching locally on the plane to lower the bandwidth consumption, but haven't really invetigated too far. The network routing is more interesting: If you hard code the DNS they will tamper with the route and either null route you or redirect to their sign-up page. But there are some exceptions, such as google for example: if you force https you can access google and related results just fine, but attempting to access gmail (even via mail.google.com) will result in a timeout even over https. You can also access a few sites for free such as amazon. Since you can hard-code the related IP addresses for google or amazon, it has been theorized that you could setup a proxy via google's servers or amazon's servers and get out that way by directing all lookups to that IP address from your hosts file or equivalent. When authenticating directly they appear to use ARP records to determine who is restricted and who isn't, so arp or mac spoofing would probably allow a non-paying customer to use a paying customer's credentials (albeit at the expense of probably making both connections pretty intolerable). The routing is most likely handled within the plane after a global sign-in is performed, but I haven't confirmed this.
Don't hire your boss, find a different job! The idea that someone is qualified to hire their own superior is so asinine that it could only come out of a corporate red-tape nightmare so awful it is doomed to an epic fail. If the company had any idea about how to manage whatsoever then they would either have someone higher-up the ladder do the hiring or move someone qualified up from within. Run! Run now! Run fast!
oh noes, how are we supposed to get nasa to adopt linux over VxWorks now?
A right to quiet enjoyment is written into laws in many places within the U.S., so yes, you do have that right.
nonsense. how about upsert in mysql? Has to be done as a merge in mssql. Kinda killed your code for mysql and it works for everything argument. Not to mention the inefficiency of not being able to implement vendor specific options. sure you can limit yourself to vanilla sql, but if you want to get work done you pick a tool and use it. If you can get all the vendors to agree I'd be happy as pie, but claiming that is reality now is disingenuous.
as someone who runs deep packet inspection on a few networks I can tell you a) it is pretty easy to tell what shouldn't be passed through and b) a little sand in the underwear bites - Throwing in some junk data in the right ratio can wreak havoc on an ssl encapsulated torrent connection. Send all you want over ssl but it will be throttled and so much garbage by the end you won't want to waste your time after a few days. I can also tell you it is pretty easy to block this even without deep packet inspection. Hint: dns tends to be required to get your torrent information in the first place, and it is pretty easy to send you a response from my dns server that looks like a response from your manually configured dns server. You won't know the difference and will just assume thepiratebay is down.