No movies will teach you about real skills needed for efficient project management. People who possess those skills are usually busy doing something else and consider their PM as pure overhead. It doesn't mean you have to be harsh with them. I mean help them as much as you can, sometimes, they might even cover your ass and take the hit for you if they are good PM.
Lucky you, I am still eavesdropping on dial tones and deciphering by matching to digits. I am also faking dial tones and making long distance calls by whistling.
What will it look like if I ever go into one of those mobile OSes from the security standpoint compared to less mobille OSes? I haven't touched mobile OSes even remotely yet. I understand the apps ecosystem might cause problems not directly linked to the OS but still, overall?
It makes sense. I have always said that keeping your kids in an aseptic environment is not helping them to build resistance for when they get out to the real world at some point.
Do you remember that South Park episode where the parents would get their kids with other sick kids for them to also get sick? Well, there is some truth to it...
large numbers of dropped packets (esp. packets over 4000-5000 bytes) in exchange for almost-no-dropped packets.
hmmm... try playing with MTU, packets over 4000-5000 bytes?
I have an MTU of 576 in similar setups. VOIP works flawlessly and I have 0 dropped packets. Using qdisc, I use htb, to do traffic shaping is recommended too. The important thing is to keep your cable-modem empty...
Ok, you bar them after sending them to honey pots, profiling them and making sure you can't profile (learn from them) anymore.
Barring IPs is like patching holes in a steam locomotive boiler. I have always felt like it was a desperate move to hide all kinds of incompetencies but now I do it.
Yep, and I do not disagree with the GP. If he had read more closely, it is clearly stated that I bar them manually.
$ grep -c US/etc/rc.d/badiptobar-longterm 22
grep -c US/etc/rc.d/badiptobar 326
As far as barring whole netblocks, I hope you are using ipset as stated in my OP: http://ipset.netfilter.org/
For some reason, there is this huge stigma against not being available to countries and regions you couldn't possibly give a shit about.
Well, I believe in that. I just bar offending IPs more easily if not on my whitelisted country list. That's all. I do not bar any network range in advance unless they offend my systems and even then, I bar them one IP at the time. I never bar netblocks.
On top of being written in assembly, I will even run version 2 as a daemon so 0 fork since my daemon will be single threaded with a single waiting thread listening for input.
We would have to wait and see for side effects for 12 hours work sessions I sometimes spend in front my 3 22 inches flat screens.
For extended periods of time like these, I am not sure yet how my head would feel after with a virtual desktop. Think about people complaining about getting headaches watching 3D movies for example.
Ok, they still hit me but this is minimal traffic since I do not reply.
1) Have iptables log and automatically bar offenders not on whitelisted countries. 2) Use mod_security and do the same for web traffic. 3) Bar the rest manually to avoid barring myself or my customers... (about 20-40 a day)
It has become a pain but what else could you do?
Numbers of IPs currently barred (use ipsets !!!!): $ grep -c ./etc/rc.d/badiptobar 4667
Bar them automatically if not from whitelisted countries and if on any blacklist: SecRule GEO:COUNTRY_CODE \ "@pm CA FR BE US CH GB AU IL NO NZ" \ "id:'10501', \ phase:1,nolog,pass,skipAfter:END_RBL"
Or the black holes, due to gravitational forces affecting each other, grow in size at a rate than looks faster than the speed of light thus making them look closer.
Whatever it is, I heard that the space time continuum is affected in areas where black holes are present. It might then be hard to "see" what is really happening. The links in the summary state they aren't sure about what is going on yet.
28 high-energy neutrinos, great! Nuclear submarines can now communicate at faster rates than 1 bit/s while deep under water without raising an antenna wire to the surface!
The Tesla has a 180% efficiency battery wise. You get 1.8 time the energy you put in the batteries on output. So the 68% is fossil fuel is canceled out.
Slashdot Mirror
Google does a good job at this with YouTube.
I am not saying you are wrong, I have seen it being suggested, but it has never flown on governmental projects.
It just replicates in more subtle ways which you apparently missed.
No movies will teach you about real skills needed for efficient project management. People who possess those skills are usually busy doing something else and consider their PM as pure overhead. It doesn't mean you have to be harsh with them. I mean help them as much as you can, sometimes, they might even cover your ass and take the hit for you if they are good PM.
Lucky you, I am still eavesdropping on dial tones and deciphering by matching to digits. I am also faking dial tones and making long distance calls by whistling.
https://en.wikipedia.org/wiki/Phreaking
(also, don't make false bomb threats. They're stupid)
Does this mean real ones are smart?
What will it look like if I ever go into one of those mobile OSes from the security standpoint compared to less mobille OSes? I haven't touched mobile OSes even remotely yet. I understand the apps ecosystem might cause problems not directly linked to the OS but still, overall?
It makes sense. I have always said that keeping your kids in an aseptic environment is not helping them to build resistance for when they get out to the real world at some point.
Do you remember that South Park episode where the parents would get their kids with other sick kids for them to also get sick? Well, there is some truth to it...
https://en.wikipedia.org/wiki/Chickenpox_(South_Park)
large numbers of dropped packets (esp. packets over 4000-5000 bytes) in exchange for almost-no-dropped packets.
hmmm... try playing with MTU, packets over 4000-5000 bytes?
I have an MTU of 576 in similar setups. VOIP works flawlessly and I have 0 dropped packets. Using qdisc, I use htb, to do traffic shaping is recommended too. The important thing is to keep your cable-modem empty...
http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
Well, I guess it wouldn't have been UUOC either way.
Just use CVS /duck
Barring IPs is stupid in the first place ;-)
In short, you bar them because you are sick of profiling them and you now have too many to profile compared to a few years ago..
Ok, you bar them after sending them to honey pots, profiling them and making sure you can't profile (learn from them) anymore.
Barring IPs is like patching holes in a steam locomotive boiler. I have always felt like it was a desperate move to hide all kinds of incompetencies but now I do it.
I bar them one IP at the time. I never bar netblocks.
Makes profiling them much easier. You gather much more data this way.
Yep, and I do not disagree with the GP. If he had read more closely, it is clearly stated that I bar them manually.
$ grep -c US /etc/rc.d/badiptobar-longterm
22
grep -c US /etc/rc.d/badiptobar
326
As far as barring whole netblocks, I hope you are using ipset as stated in my OP:
http://ipset.netfilter.org/
For some reason, there is this huge stigma against not being available to countries and regions you couldn't possibly give a shit about.
Well, I believe in that. I just bar offending IPs more easily if not on my whitelisted country list. That's all. I do not bar any network range in advance unless they offend my systems and even then, I bar them one IP at the time. I never bar netblocks.
Thanks, you made me design the optimal solution.
On top of being written in assembly, I will even run version 2 as a daemon so 0 fork since my daemon will be single threaded with a single waiting thread listening for input.
if echo "CA FR BE US CH GB AU IL NO NZ IP" | grep -q -w -i -e "$COUNTRY"; then
echo $COUNTRY is AOK with me
Nah, this is way to slow for me, version 2 will be written in assembly because then it will be lightning fast...
We would have to wait and see for side effects for 12 hours work sessions I sometimes spend in front my 3 22 inches flat screens.
For extended periods of time like these, I am not sure yet how my head would feel after with a virtual desktop. Think about people complaining about getting headaches watching 3D movies for example.
The concept sure sounds great although.
Well not on my sites.
Ok, they still hit me but this is minimal traffic since I do not reply.
1) Have iptables log and automatically bar offenders not on whitelisted countries.
2) Use mod_security and do the same for web traffic.
3) Bar the rest manually to avoid barring myself or my customers... (about 20-40 a day)
It has become a pain but what else could you do?
Numbers of IPs currently barred (use ipsets !!!!): /etc/rc.d/badiptobar
$ grep -c .
4667
Block user agents:
SecRule REQUEST_HEADERS:User-Agent \
"@pm AhrefsBot Ezooms Aboundex 360Spider Mail.RU_Bot crawler.sistrix.net \
SemrushBot SurveyBot Netseer panscient.com ADmantX ZumBot BLEXBot UnisterBot \
seoprofiler EasouSpider" \
"id:'12050',\
phase:1,nolog,deny"
SecRule REQUEST_HEADERS:User-Agent \ /etc/httpd/extra/sec-blacklist-barip-user-agent" \
"@pmFromFile
"id:'12051',\
phase:1,nolog,deny,exec:/usr/local/bin/modsecwritebadiptobartofile"
Bar them automatically if not from whitelisted countries and if on any blacklist:
SecRule GEO:COUNTRY_CODE \
"@pm CA FR BE US CH GB AU IL NO NZ" \
"id:'10501', \
phase:1,nolog,pass,skipAfter:END_RBL"
SecRule IP:PREVIOUS_RBL_CHECK "@eq 1" "phase:1,id:'11000',t:none,pass,nolog,\
skipAfter:END_RBL_LOOKUP"
SecRule REMOTE_ADDR "@rbl sbl-xbl.spamhaus.org" "id:'11010', \
phase:1,nolog,deny,msg:\
'IP address that has abusable vulnerabilities: sbl-xbl.spamhaus.org:\
%{request_headers.user-agent}',\
setvar:ip.spammer=1,expirevar:ip.spammer=7200,setvar:ip.previous_rbl_check=1,\
expirevar:ip.previous_rbl_check=7200,exec:/usr/local/bin/modsecwritebadiptobartofile"
SecRule REMOTE_ADDR "@rbl bl.blocklist.de" "id:'11011', \
phase:1,nolog,deny,msg:\
'IP address that has abusable vulnerabilities: bl.blocklist.de:\
%{request_headers.user-agent}'\
setvar:ip.spammer=1,expirevar:ip.spammer=7200,setvar:ip.previous_rbl_check=1,\
expirevar:ip.previous_rbl_check=7200,exec:/usr/local/bin/modsecwritebadiptobartofile"
etc. etc. etc. etc. etc.
Have iptables log and bar offenders if not on whitelisted country
# cat baripifex
#!/bin/sh
IP=${1}
COUNTRY=`su tester -c "/usr/local/bin/geoiplookup ${IP}"`
###echo $COUNTRY
###echo $RBLCHECK
WHITE_LISTED_COUNTRY=false
for WHITE_COUNTRY in CA FR BE US CH GB AU IL NO NZ IP
do
WHITE_LISTED_COUNTRY=${WHITE_LISTED_COUNTRY}`echo -n $COUNTRY | grep -i $WHITE_COUNTRY`
done
if [ "$WHITE_LISTED_COUNTRY" = "false" ] /home/ls/pub/mybin/baripnoout $IP $COUNTRY baripifex
then
echo -n barred
else
echo -n noaction
fi
etc. etc. etc. etc. etc.
Or the black holes, due to gravitational forces affecting each other, grow in size at a rate than looks faster than the speed of light thus making them look closer.
Whatever it is, I heard that the space time continuum is affected in areas where black holes are present. It might then be hard to "see" what is really happening. The links in the summary state they aren't sure about what is going on yet.
https://en.wikipedia.org/wiki/Spacetime
28 high-energy neutrinos, great! Nuclear submarines can now communicate at faster rates than 1 bit/s while deep under water without raising an antenna wire to the surface!
http://physicsworld.com/cws/article/news/2012/mar/19/neutrino-based-communication-is-a-first
While at it: Or used it as a cover while in fact moving to work for them...
The Tesla has a 180% efficiency battery wise. You get 1.8 time the energy you put in the batteries on output. So the 68% is fossil fuel is canceled out.
You would have even more chance than with a soda vending machine to earn a Darwin Award:
http://darwinawards.com/darwin/darwin2001-25.html
We fill up ourselves in most gas stations, now we have car vending machines. Next, fix your car yourself in human less garages.
This is really great news.