If these turkeys didn't posses the ability to cause significant disruption to most businesses they visit, they'd be a complete joke.
# California has the highest portion of workers in small business and a higher-than-average use of volume licensing, which may lend itself to lax software management. These factors push the state's piracy rate to 25%, one-quarter above the national average.
So they're blaming Microsoft, one of their members, in part for pushing up piracy in California?
# Florida had the lowest use of volume licensing and the smallest percentage of PCs and software purchased from non-brand-name sources, resulting in a 19% piracy rate, slightly below the national average.
So we should eliminate non-brand-name PCs to reduce piracy?
# In Illinois, 61% of consumers said they installed new software on older computers in 2007, compared to a national average of 51%. This helped drive the state's piracy rate above the national average, to 22%.
Yes, you're automatically a pirate if you install that copy of software package X on a new computer. I personally enjoy this one since when I recycle computers, the recycling place tosses any MS disks/manuals/licenses in the appropriate garbage bin. They use Ubuntu. Obviously, this copy of Windows XP that I bought in 2002 is pirated because I've installed it on 3 computers and removed it from 2 computers I donated.
My theory on the whole Vista debacle is that autocorrect in MS Word owned Vista. Ballmer was typing in better features but it got autocorrected to bloated features.
Telco's and cables companies are rational utility maximizing decision makers. That means if they can save a buck by eliminating a service they will. I really like alt.certification.* and comp.* but apparently it's more important for Cuomo to get headlines and ISPs to save a buck.
I ran across this on Wikipedia: http://en.wikipedia.org/wiki/Usenet#History
Over time, the amount of Usenet traffic has steadily increased. It is important to note, however, that much of this traffic increase reflects not an increase in discrete users or newsgroup discussions, but instead the combination of massive automated spamming and an increase in the use of.binaries newsgroups in which large files (frequently pornography or pirated media) are often posted publicly. A small sampling of the change (measured in feed size per day) follows:
No citation of course. The propaganda machine is in full force.
IOS supports unequal cost load balancing with various routing protocols like RIP. You can do per packet or per destination. You can get a used 3640 for fairly cheap and throw in a 4 port ethernet network module and use it as a WAN router. If you needed rendundancy, get a 2nd one and use HSRP. You'd also need at least 2 switches and have a trunk going from switch to switch as well as to both routers. Sounds complex but is really easy to implement with a little bit of networking and IOS knowledge. All the people recommending DSL + Cable are right, DSL + DSL = not redundant.
If they knew this:
Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000
If you know the source address[es] of the attack, why not block that address on the routers or firewalls until your ISP can block them upstream?
Preamble
The Preamble to the Bill of Rights:
THE Conventions of a number of the States, having at the time of their putting up with Comcast, expressed a desire, in order to prevent misconstruction or abuse of its powers, that further declaratory and restrictive clauses should be added: And as extending the ground of public confidence in the ISP, will best ensure the beneficent ends of its institution.
Articles:
1. Comcast shall be entitled to oversell bandwidth at a ratio of not less than 20 to 1.
2. Comcast shall not upgrade it's infrastructure without additional public funding.
3. Comcast shall have monopoly rights in as many markets as possible.
4. Comcast shall not be liable for anything or to anyone except it's shareholders.
5. The list goes on...
I think the brain trust at Comcast realized that they could turn torrent users to their advantage. I suspect sometime in the future they'll push a P4P client that has content delivery network written all over it. You can see the beginnings of this with Bittorrent 6.0+.
I think this may have something to do with BitTorrent DNA. It's a content delivery network. It's comes with BitTorrent 6.0.3. I think someone at Comcast had the bright idea that if data has to travel less distance (hops) then it would improve network congestion.
What's also great about the Comcast *choice* is that in markets where the consumers only option is Comcast / T1 / ISDN then you really get to see the best *service* they have to offer at a really great price. Due to various circumstances, like a mountain blocking satellite access and being 25,000 loop feet from a CO, I have 3 real options. Dual Channel ISDN, a T1 line or basic Comcast cable internet. The prices are around $100, $450 and $50 respectively. I have relatives and friends that live in other metro areas that pay less for the same Comcast service.
That $55 ($50 for basic + $5 for 2nd dynamic IP) a month buys me:
FTP upload QOS
RDP QOS, This is a great one, I have 2 IP's but they're on different subnets so RDP packets are routed a few hops over Comcast and they QOS that protocol. I can't RDP to my Cisco lab in a different room without getting at least 4 disconnects an hour + massive latency)
Spoofing RST packets if you try to share anything via torrent
Throttling [latency + bandwidth] your whole connection [http, smtp, etc.] when downloading via torrent
What ethics?
on
Ethics In IT
·
· Score: 3, Informative
Maximizing shareholder value > anything else. Seriously, ethics? I'm in the SMB consulting industry. I sign NDA's on a regular basis with consulting companies so when the consulting company violates an ethical obligation to a client I'm contractually bound not to say anything. 13 passwords all the same for 13 company's but they (not me) billed their managed services as following best practices. PPTP VPN instead of LT2P/IPSEC (a stand alone certificate server = $), no account auditing(disk space = $), no logon failure limits(disrupted users = lost $), no port security at the switch (network admin = $), etc... I've yet to run across a salesperson that didn't upsell/oversell. I think most techs realize what's ethical behavior and what's not but they get pressured into not saying anything by management and sales.
Here's a scenario that happened to me in 2006. I had a contract terminated with no reason given. 4 days before the contract was terminated I sent a memo to the CEO (I reported to him) about sending bulk email without an opt-out option and without the companies physical address. I included relevant state and federal laws regarding the issue, mainly the Can Spam Act. 3 days before the contract was terminated the CEO confronts me in front of the whole office about how they were the following the law. I flatly told him I wouldn't send them or train anyone to send them until they added physical contact information and a way to opt-out. This was in front of his entire office staff. I wanted to discuss it in private and he wanted to discuss it in front of everyone. Friday, my contract got terminated, no reason given. Take a guess as to why it was terminated?
use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network ("Premises LAN"), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers;
That had one had me laughing. I have a Cisco lab with a bunch of routers and switches. I connect to it remotely. The Cisco access server I use violates the TOS. Apparently, it's ok for me to use RDP because I can set that up on a client but not an access server even though I pay for the connection and I am the only one using it. I was planning on putting in a L2TP/IPSEC VPN box but that would violate the TOS also (no servers). There's something wrong when almost anything you do violates the TOS.
use or distribute tools or devices designed or used for compromising security, such as password guessing programs, decoders, password gatherers, unauthorized keystroke loggers, analyzers, cracking tools, packet sniffers, encryption circumvention devices, or Trojan Horse programs. Unauthorized port scanning is strictly prohibited;
It's a good thing that they put 'compromising security' because all the tools I use are for 'testing security'. Also, doesn't Mcrapfee, that Comcast distributes free to it's customers, violate the TOS because it performs an ANALYSIS on your systems memory/storage?
Small businesses for the most part don't give a crap about license compliance. I've consulted for over 20 businesses in the last 10 years and one thing I always offer to do is a license check. Besides a software audit team I was a part of at a fortune 500 company...I've never seen any business care about license compliance. I've had to explain more than once that buying one copy of a program doesn't mean you can install it on every machine. I point out the BSA whistle blower website and ask if they've fired anyone lately? This is when the, "It won't happen to me" mentality kicks in. It would take from a week to a month to audit a small enterprise (10-50) users. It doesn't cost that much and there's free tools available for tracking assets. The real problem are that small businesses are cheap, the owners resent anyone coming in and telling them that HAVE to do anything and the law in that area is hardly equitable since it was bought and paid for by the BSA.
Someone, somewhere, did something that caused power outages. I'm glad the CIA is on top of this and providing useful information.
This article could apply to Northern California a few weeks ago. This tree haxored my local power grid by using the extremely clever, falling on top of the lines DOS exploit. I'm just left wondering how it tried to extort money.
A person guilty of an offence under this section shall be liable--
(a)
on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
(b)
on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
Corporations are the last entities that should be consulted regarding morality and ethics. They don't have any because you can't reconcile utility maximizing behavior with behavior that is contrary. Corporations are limited only by what they can get away with or what they think they can get away with. http://www.time.com/time/magazine/article/0,9171,501040705-658372,00.html
What about the drug company's? Aren't there some African states that refused to be extorted on licensing arrangements for AIDS drugs? I know I'm supposed to be conditioned that protecting IP is good but isn't saving lives better?
I would expect corporations to want to protect assets. If they can condition the general public to believe...then their stock becomes more valuable which is what it's all about. The unfortunate thing is we let corporations get in a position to dictate morality and ethics when they should have no part in the debate.
The workshops I attend now are usually sponsored by local users groups like SFNTUG. The presenters have to deliver because the people they are presenting to are their peers or potential customers.
My university had a Workshop on how to get an IT job for people in the CIS program. They had a panel of local business people answering questions from students. One of them was the owner of a security consulting firm. He responded to a question about how many applicants per entry level job he gets with the answer of 5000+. A lady sitting in from Student Services who sponsored the workshop asked how one would get noticed for position like this. He says work experience. She asks, how do you get work experience if companies only want to hire people with work experience for entry level jobs? Not a single one of them even took a shot at answering that one.
I noticed from the article that $25,000 was the budget for implementing a fully functional plan. In addition the consultants must be experienced. Developing the plan is his job but I'm guessing his non-profit is not only cheap but has unrealistic expectations regarding what a disaster recovery plan that is fully functional entails. Being realistic, if their IT infrastructure gets wiped out by a flood, why bother with disaster recovery...they probably don't have the budget to replace anything before the insurance kicks in let alone have any type of backup sites/redundant infrastructure/replacement personnel available.
Another implication of the article is that only large consulting firms can do a quality job that adheres to best practices. "I'd like access to the same expertise that my colleagues at larger companies have." Could he really mean, he'd like the same expertise that his colleagues have at larger companies but for $15/hr. Isn't that what Craigslist is for?
I got out my bullshit bingo card and almost won...
strategic concerns
providing outstanding technology to our colleagues
strategic value
operational excellence
operational excellence
technological vision
technical vision
business vision
operational excellence
tried-and-true management principles
best practices
If only the same phrases weren't used over and over.
I started out with the old @Home service which was 10mbps/10mbps. Then TCI took over, then ATTBI took over and finally Comcast took over. I now pay $20 more for ~4mbps/~350kpbs. The last time I called Comcast to complain was when there DNS servers on my segment were down for over 8 hours. They took the easy way out and said because I was using Linux they couldn't offer any support.
What makes it even better is that Comcast disables SNMP on cable modems so you can't even monitor the crappy service. Then there's the whole P2P mess. When Ubuntu 7.10 came out I downloaded it via a torrent and even with 30 peers and a bunch of seeders I was getting 30kpbs. I eventually had to download the ISO via HTTP.
I'm 25,000 loop feet from a CO so no DSL and there's a mountain blocking satellite access.
The FCC needs to step up and deal with Comcast in any market where there is no competition. Oh wait,they already are; DCAS/Cablecards, no more exclusive apartment contracts, 30% market share cap, etc...
I had to get a laptop for my dad. Apple was out because there price point was just way to high. So it left me with 2 options, Linux or Windows. My laptop has Ubuntu on it and I let my dad play around with it. But, he wound up getting Vista Ultimate 64-bit. What a @)(#$($ nightmare it was installing drivers (Printer, UPS, etc). The actual drivers for the devices integral to the notebook were fine though.
Vista is so slow. My Ubuntu (7.10) notebook (P4 2.8GHz, 512MB RAM, 5400 RPM drive) boots in 1/4 the time it takes his system (T7200 Core 2 Duo, 7200 RPM hard drive, 2GB RAM) to boot. They really need to change the name of Vista to ME II to fully capture the user experience.
I haven't had a single enterprise customer that I consultant for enquire about upgrading to Vista. One of them is making noises about switching to Linux and just using Terminal Services for any Windows apps they need to make available.
Slashdot Mirror
Did anyone else think this when they read the article?
reboot the router
press break during boot
confreg 2142
put in new password or nuke the startup
confreg 2102
reload router
What am I missing? It's easy to root a Cisco router if you have physical access to it.
So they're blaming Microsoft, one of their members, in part for pushing up piracy in California?
So we should eliminate non-brand-name PCs to reduce piracy?
Yes, you're automatically a pirate if you install that copy of software package X on a new computer. I personally enjoy this one since when I recycle computers, the recycling place tosses any MS disks/manuals/licenses in the appropriate garbage bin. They use Ubuntu. Obviously, this copy of Windows XP that I bought in 2002 is pirated because I've installed it on 3 computers and removed it from 2 computers I donated.
I hope they don't take out comp.* in this slash and burn campaign.
You may be in luck. VMWare has beta support for directX. http://www.vmware.com/support/ws55/doc/ws_vidsound_d3d.html
My theory on the whole Vista debacle is that autocorrect in MS Word owned Vista. Ballmer was typing in better features but it got autocorrected to bloated features.
Telco's and cables companies are rational utility maximizing decision makers. That means if they can save a buck by eliminating a service they will. I really like alt.certification.* and comp.* but apparently it's more important for Cuomo to get headlines and ISPs to save a buck. .binaries newsgroups in which large files (frequently pornography or pirated media) are often posted publicly. A small sampling of the change (measured in feed size per day) follows:
I ran across this on Wikipedia:
http://en.wikipedia.org/wiki/Usenet#History
Over time, the amount of Usenet traffic has steadily increased. It is important to note, however, that much of this traffic increase reflects not an increase in discrete users or newsgroup discussions, but instead the combination of massive automated spamming and an increase in the use of
No citation of course. The propaganda machine is in full force.
IOS supports unequal cost load balancing with various routing protocols like RIP. You can do per packet or per destination. You can get a used 3640 for fairly cheap and throw in a 4 port ethernet network module and use it as a WAN router. If you needed rendundancy, get a 2nd one and use HSRP. You'd also need at least 2 switches and have a trunk going from switch to switch as well as to both routers. Sounds complex but is really easy to implement with a little bit of networking and IOS knowledge. All the people recommending DSL + Cable are right, DSL + DSL = not redundant.
The FCC really step in and say you guys need to come with a CIR in the context of best effort delivery and stick with it.
Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000
If you know the source address[es] of the attack, why not block that address on the routers or firewalls until your ISP can block them upstream?
Preamble The Preamble to the Bill of Rights: THE Conventions of a number of the States, having at the time of their putting up with Comcast, expressed a desire, in order to prevent misconstruction or abuse of its powers, that further declaratory and restrictive clauses should be added: And as extending the ground of public confidence in the ISP, will best ensure the beneficent ends of its institution. Articles: 1. Comcast shall be entitled to oversell bandwidth at a ratio of not less than 20 to 1. 2. Comcast shall not upgrade it's infrastructure without additional public funding. 3. Comcast shall have monopoly rights in as many markets as possible. 4. Comcast shall not be liable for anything or to anyone except it's shareholders. 5. The list goes on...
I think the brain trust at Comcast realized that they could turn torrent users to their advantage. I suspect sometime in the future they'll push a P4P client that has content delivery network written all over it. You can see the beginnings of this with Bittorrent 6.0+.
I think this may have something to do with BitTorrent DNA. It's a content delivery network. It's comes with BitTorrent 6.0.3. I think someone at Comcast had the bright idea that if data has to travel less distance (hops) then it would improve network congestion.
Not only that but when their DNS servers go down, you'll get name resolution errors even faster.
What's also great about the Comcast *choice* is that in markets where the consumers only option is Comcast / T1 / ISDN then you really get to see the best *service* they have to offer at a really great price. Due to various circumstances, like a mountain blocking satellite access and being 25,000 loop feet from a CO, I have 3 real options. Dual Channel ISDN, a T1 line or basic Comcast cable internet. The prices are around $100, $450 and $50 respectively. I have relatives and friends that live in other metro areas that pay less for the same Comcast service.
That $55 ($50 for basic + $5 for 2nd dynamic IP) a month buys me:
FTP upload QOS
RDP QOS, This is a great one, I have 2 IP's but they're on different subnets so RDP packets are routed a few hops over Comcast and they QOS that protocol. I can't RDP to my Cisco lab in a different room without getting at least 4 disconnects an hour + massive latency)
Spoofing RST packets if you try to share anything via torrent
Throttling [latency + bandwidth] your whole connection [http, smtp, etc.] when downloading via torrent
Maximizing shareholder value > anything else. Seriously, ethics? I'm in the SMB consulting industry. I sign NDA's on a regular basis with consulting companies so when the consulting company violates an ethical obligation to a client I'm contractually bound not to say anything. 13 passwords all the same for 13 company's but they (not me) billed their managed services as following best practices. PPTP VPN instead of LT2P/IPSEC (a stand alone certificate server = $), no account auditing(disk space = $), no logon failure limits(disrupted users = lost $), no port security at the switch (network admin = $), etc... I've yet to run across a salesperson that didn't upsell/oversell. I think most techs realize what's ethical behavior and what's not but they get pressured into not saying anything by management and sales.
Here's a scenario that happened to me in 2006. I had a contract terminated with no reason given. 4 days before the contract was terminated I sent a memo to the CEO (I reported to him) about sending bulk email without an opt-out option and without the companies physical address. I included relevant state and federal laws regarding the issue, mainly the Can Spam Act. 3 days before the contract was terminated the CEO confronts me in front of the whole office about how they were the following the law. I flatly told him I wouldn't send them or train anyone to send them until they added physical contact information and a way to opt-out. This was in front of his entire office staff. I wanted to discuss it in private and he wanted to discuss it in front of everyone. Friday, my contract got terminated, no reason given. Take a guess as to why it was terminated?
That had one had me laughing. I have a Cisco lab with a bunch of routers and switches. I connect to it remotely. The Cisco access server I use violates the TOS. Apparently, it's ok for me to use RDP because I can set that up on a client but not an access server even though I pay for the connection and I am the only one using it. I was planning on putting in a L2TP/IPSEC VPN box but that would violate the TOS also (no servers). There's something wrong when almost anything you do violates the TOS.
use or distribute tools or devices designed or used for compromising security, such as password guessing programs, decoders, password gatherers, unauthorized keystroke loggers, analyzers, cracking tools, packet sniffers, encryption circumvention devices, or Trojan Horse programs. Unauthorized port scanning is strictly prohibited;
It's a good thing that they put 'compromising security' because all the tools I use are for 'testing security'. Also, doesn't Mcrapfee, that Comcast distributes free to it's customers, violate the TOS because it performs an ANALYSIS on your systems memory/storage?
Small businesses for the most part don't give a crap about license compliance. I've consulted for over 20 businesses in the last 10 years and one thing I always offer to do is a license check. Besides a software audit team I was a part of at a fortune 500 company...I've never seen any business care about license compliance. I've had to explain more than once that buying one copy of a program doesn't mean you can install it on every machine. I point out the BSA whistle blower website and ask if they've fired anyone lately? This is when the, "It won't happen to me" mentality kicks in. It would take from a week to a month to audit a small enterprise (10-50) users. It doesn't cost that much and there's free tools available for tracking assets. The real problem are that small businesses are cheap, the owners resent anyone coming in and telling them that HAVE to do anything and the law in that area is hardly equitable since it was bought and paid for by the BSA.
Someone, somewhere, did something that caused power outages. I'm glad the CIA is on top of this and providing useful information.
This article could apply to Northern California a few weeks ago. This tree haxored my local power grid by using the extremely clever, falling on top of the lines DOS exploit. I'm just left wondering how it tried to extort money.
If you break this law, do it in Scotland.
(4)
A person guilty of an offence under this section shall be liable--
(a)
on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
(b)
on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
As mentioned in another response the US limit is 1.6 W/Kg. Here's a listing of some phones http://reviews.cnet.com/4520-6602_7-5020355-1.html?tag=feat.1. Take a look at the difference between the 10 lowest and 10 highest models.
Corporations are the last entities that should be consulted regarding morality and ethics. They don't have any because you can't reconcile utility maximizing behavior with behavior that is contrary. Corporations are limited only by what they can get away with or what they think they can get away with. http://www.time.com/time/magazine/article/0,9171,501040705-658372,00.html
What about the drug company's? Aren't there some African states that refused to be extorted on licensing arrangements for AIDS drugs? I know I'm supposed to be conditioned that protecting IP is good but isn't saving lives better?
I would expect corporations to want to protect assets. If they can condition the general public to believe...then their stock becomes more valuable which is what it's all about. The unfortunate thing is we let corporations get in a position to dictate morality and ethics when they should have no part in the debate.
The workshops I attend now are usually sponsored by local users groups like SFNTUG. The presenters have to deliver because the people they are presenting to are their peers or potential customers.
My university had a Workshop on how to get an IT job for people in the CIS program. They had a panel of local business people answering questions from students. One of them was the owner of a security consulting firm. He responded to a question about how many applicants per entry level job he gets with the answer of 5000+. A lady sitting in from Student Services who sponsored the workshop asked how one would get noticed for position like this. He says work experience. She asks, how do you get work experience if companies only want to hire people with work experience for entry level jobs? Not a single one of them even took a shot at answering that one.
I noticed from the article that $25,000 was the budget for implementing a fully functional plan. In addition the consultants must be experienced. Developing the plan is his job but I'm guessing his non-profit is not only cheap but has unrealistic expectations regarding what a disaster recovery plan that is fully functional entails. Being realistic, if their IT infrastructure gets wiped out by a flood, why bother with disaster recovery...they probably don't have the budget to replace anything before the insurance kicks in let alone have any type of backup sites/redundant infrastructure/replacement personnel available.
Another implication of the article is that only large consulting firms can do a quality job that adheres to best practices. "I'd like access to the same expertise that my colleagues at larger companies have." Could he really mean, he'd like the same expertise that his colleagues have at larger companies but for $15/hr. Isn't that what Craigslist is for?
I got out my bullshit bingo card and almost won...
strategic concerns
providing outstanding technology to our colleagues
strategic value
operational excellence
operational excellence
technological vision
technical vision
business vision
operational excellence
tried-and-true management principles
best practices
If only the same phrases weren't used over and over.
I started out with the old @Home service which was 10mbps/10mbps. Then TCI took over, then ATTBI took over and finally Comcast took over. I now pay $20 more for ~4mbps/~350kpbs. The last time I called Comcast to complain was when there DNS servers on my segment were down for over 8 hours. They took the easy way out and said because I was using Linux they couldn't offer any support.
What makes it even better is that Comcast disables SNMP on cable modems so you can't even monitor the crappy service. Then there's the whole P2P mess. When Ubuntu 7.10 came out I downloaded it via a torrent and even with 30 peers and a bunch of seeders I was getting 30kpbs. I eventually had to download the ISO via HTTP.
I'm 25,000 loop feet from a CO so no DSL and there's a mountain blocking satellite access.
The FCC needs to step up and deal with Comcast in any market where there is no competition. Oh wait,they already are; DCAS/Cablecards, no more exclusive apartment contracts, 30% market share cap, etc...
I had to get a laptop for my dad. Apple was out because there price point was just way to high. So it left me with 2 options, Linux or Windows. My laptop has Ubuntu on it and I let my dad play around with it. But, he wound up getting Vista Ultimate 64-bit. What a @)(#$($ nightmare it was installing drivers (Printer, UPS, etc). The actual drivers for the devices integral to the notebook were fine though.
Vista is so slow. My Ubuntu (7.10) notebook (P4 2.8GHz, 512MB RAM, 5400 RPM drive) boots in 1/4 the time it takes his system (T7200 Core 2 Duo, 7200 RPM hard drive, 2GB RAM) to boot. They really need to change the name of Vista to ME II to fully capture the user experience.
I haven't had a single enterprise customer that I consultant for enquire about upgrading to Vista. One of them is making noises about switching to Linux and just using Terminal Services for any Windows apps they need to make available.