...the precident set here is that sysadmins can no longer choose to install software at will.
Perhaps it's a precedent for telling sys admins to stick to their jobs and keep the best interests of their employers in mind when installing software. This isn't about "sys admins choosing" it's about the appropriate use of someone else's property.
When I discovered that a developer had installed SETI on my co's production ecommerce servers ("but I nice'd it!") I had the loser fired -- after disabling the software. Am I against SETI? No (nor am I "for" it; I don't care). But the purpose of our servers, bandwidth, etc., is not racking up points in the SETI project.
Now, we have other servers that are intended for fun and exploration. But our production servers?
I refer, in part, to the ash tray with the lit Winston cigarette eternally burning on the front left of Walter Cronkite's desk during his readings of the evening news.
While it wasn't burning eternally, it was burning an eternity ago -- er, how many/.'ers do you think even know who Cronkite is?
You're 24 and worried about slowing down your career for a 3-year stint in CS? Do you realize how very young you are? If you enrolled RIGHT NOW you'd be 27 with experience, maturity and a degree. Probably you'd have to wait a semester to start, so you'd be 28.
I went to work at 24 without finishing my IT degree. When I was 26 I was a lead developer with a lot of responsibility and one day my boss was rambling about the state of the industry and said, "...for example, if you had a degree, I'd have to pay you twice what you're making now." I resigned within the week and enrolled that semester. I graduated at 27 and have not looked back since. Now at 34 my degree is hardly an issue, but it's there. If it weren't opportunities I've had may not have been available. Whatever...
Umm...how exactly did you notice this? Were your customer's passwords stored clear-text?
Umm...by the way...where was it that you worked, again?
This illustrates a larger problem: one password used in various settings. The password may be "23H&*sSie2@slo" but if you've used it in two places it's not secure. If you use this at, say, Wells Fargo and, say, Slashdot then CowboyNeal may be helping himself to a little X-Mas bonus...
I told my brother that I love the holidays - it gives me more time to get my work done.
It's good to know I wasn't the only one working on non-service/tourism-related tasks this holiday season. My workstation of choice: laptop running Linux (2.4.7) and Win4Lin. This gives me a complete web application development environment so that my HTML, SOAP-XML, RDBMS system can be fully developed without an Internet connection. When Ricochet was alive, I didn't need a self-contained system to work at relatives homes, local taverns, the beach (yes, SoCal resident here), on the train... But now I can (and do) work anywhere & everywhere.
Ignoring MS won't make it go away. Besides, MS is a real, honest-to-Allah monopoly. I haven't seen the stats but I imagine the User Agent most commonly found in/.'s combined access_log is some combination of Windows/MSIE (heck, since my Toshiba is in the shop today getting a new motherboard -- I dropped it and broke the PCMCIA connector...Toshiba's warranty service rocks -- I'm contributing "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)" to the log), so look at it as a community service. Whether or not/. mentions MS will have no bearing on MS' successful and ubiquitous advertising efforts (even Linux Mag is infected with MS ads).
I'm at the karma cap, and I've been oscillating between 47 and 50 for some time. Does anyone else in that situation agree with my Modest Karma Proposal?
No agreement here. Yeah, I watched my karma sink to the 50 cap due to some comments being overrated and thusly reassed by subsequent moderators and I've been fluctuating between 47 - 50 points for...how long has the cap been in place?...well, since 2 weeks after the cap was put in place. Yeah I hate it when I have a day of +5's and the only change in karma comes when I make a really lame post and it gets -1'ed. But, come on. This is really no big deal. All you have to do to rectify the situation is post intelligently (and/or homourously) and you'll cap out again. Once you're at 47, being modded up too high and down a bit evens out. Actually, my theory is that if you hit 50 and stay there very long you're not taking enough risks in your postings and are too intent on keeping the precious '50' score. Perhaps the best sign of community involvement is a karma of 47. It shows appreciation from others for you efforts but also that you're pushing the limits to keep things interesting.
Besides, being at 50 is no different, in effect, than being at... what's the magic number for +1 Bonus?... it's not as if you get more moderator points for being at 50 or that you get to see stories 5 minutes before anyone else...
As I write this my karma is at 50. I expect to be in the good land of 45-47 shortly...
Word. It's really a hassle to be a 1099 "employee", and I've never tried Corp-to-Corp. I lust after the simplicity of being a W2 Employee. No "April Surprises" there.
Concentrate on your work, skills, and Fragging. Leave the IRS stuff to HR.
Strange you feel compelled to give this advice, since anyone capable of running the 2.5.x series would understand this implicitly... Afterall, no distro with a GUI installer and free penguin squeeze toy will be deploying the 2.5 series... The advice is sound, though.
I *love* driving into BC from Bellingham, WA for a night on the town, getting my auto serviced at the dealership, etc. Thanks, Canada, for helping make my dollar go so far!
effect (N.B., not semantic, just the rendering effect) LIke:
this
Compared to
this
.
Have you ever wanted to add a long "pause" or separation between paragraphs? Use clusters of <p> <br> <p>.
I always like seeing people stretch the limits of allowed HTML here on/.
Sometime ago a poster
A poster created
created "call out" segements
cool
callouts...
to her/his posts using/. tags. Neat effect. I tried to imitate it and found that the preview process mangled the Comment-box contents. Moral: becareful.
As a non-gamer (well, the last game I played seriously was UltimaII on my Apple IIe -- I was in High School) I too stared at the title for a moment while my brain entered a race condition...
Wow - a lot of angst in that post there...hope everything's ok...
Anyway, as a residential user who mainly uses his broadband connection to work from home I could not agree with you more. As a matter of fact, I could not agree with you at all. If it were not for the ability to control my servers remotely over my broadband connection then I would not HAVE a broadband connection. I don't do anything else online to justify the $50/mo expense. I hardly think I'm alone, and I doubt my provider would push this issue, either -- UNLESS I made demands for support...or...*ding*
[Lights On]
...try to sue my ISP for damage to my business becaue of some outtage or other service interruption.
My bet is that these clauses exist only as a defense from support requests / lawsuits.
What stresses their service more: CNN video streaming or SSH connections to my servers?
Are you sure this isn't just their way of not supporting your VPN? There are similar requirements that you use Windows or Mac OSes, Netscape/IE and these rules are simply to shield tech support from alternative OS/browser questions but I've never received a notice to shut off my Linux systems running SSH, CIPE, Apache (not on port 80), FTP, etc....I also don't call their support and ask how to configure httpd.conf...
The C|Net article mentions that Toshiba cancelled a Crusoe laptop due to these delays. IBM already said it would not do Crue, so I will probably never get a Crusoe. (I love the point-stick...it's one of those "requirements" I have...)
This story just posted at C|Net. More bad news for Transmeta. $1 Million in revenue for 4th Quarter. Yikes - that's low. There are Yahoo!Stores with higher quarterly revenue than that. This is the main reason there are no Crusoe laptops available: these chips were supposed to be available in June 2001 and now won't be in volume production until (nearly) 2 Qtr 2002.
I watched the unveiling of Transmeta online and was holding off making a laptop purchase for a couple months after waiting to get a Crusoe...but I gave up (and the PictureBooks was not interesting in anyway). Out of sight out of mind.
So, now I'm starting to consider getting a new laptop and passing my current Toshiba 2805 to my dear wife. I have a lot of requirements -- 15" LCD, speed, harddrive, RAM,... but I honestly could not care less about the processor manufacturer and would NOT buy a laptop just because of the processor.
However, to exploit the vulnerability, "attackers would probably need control of a Web server so that they could control the information sent in the HTTP header," Wysopal said. As a result, attacks could be traced to the malicious site.
Reading this one would think, "Oh, no problem. What webmaster would create a trackable exploit?" (ignore comp-u-geek for a moment).
Add this exploit to wide-open server crack Code Red2/ Nimda...you've got a clear way for a third party to cause a *huge* disaster.
My logs are *STILL* full of Code Red 2 and Nimda attacks (running appache, so I don't care). How long until these OpenDoor servers are "patched" with the malformed MIME header exploit?
Slashdot Mirror
I haven't thought about this in years, but it might be interesting to "fake banner ad" collectors:
- fake Law.com banner or, if that becomes unavailable, fake Law.com banner.
(An interesting side note, both accounts related to the above-linked sites have been cancelled for some time, but the pages are still accessible).Perhaps it's a precedent for telling sys admins to stick to their jobs and keep the best interests of their employers in mind when installing software. This isn't about "sys admins choosing" it's about the appropriate use of someone else's property.
When I discovered that a developer had installed SETI on my co's production ecommerce servers ("but I nice'd it!") I had the loser fired -- after disabling the software. Am I against SETI? No (nor am I "for" it; I don't care). But the purpose of our servers, bandwidth, etc., is not racking up points in the SETI project.
Now, we have other servers that are intended for fun and exploration. But our production servers?
While it wasn't burning eternally, it was burning an eternity ago -- er, how many /.'ers do you think even know who Cronkite is?
Funny, whenever I type "CELESTE * from" I know it's time to call it a night...
Mathematical breakthrough from the same county that gave us the Butterfly Ballot Balyhoo? Hard to believe. ;-)
Anyway, they're still working on tiny "bit strings" due to not yet overcoming the "temporal contraint" barrier. So, don't get all excited just yet.
The parent post is udder cow poo.
(If this is already a feature then, well, disregard this notice and thank you for your payment.)
- business.com sold for -- I kid you not -- $7.5M US in November of 1999. What were they thinking?
Apparently (by looking at the link) they were thinking, "Yahoo!".I went to work at 24 without finishing my IT degree. When I was 26 I was a lead developer with a lot of responsibility and one day my boss was rambling about the state of the industry and said, "...for example, if you had a degree, I'd have to pay you twice what you're making now." I resigned within the week and enrolled that semester. I graduated at 27 and have not looked back since. Now at 34 my degree is hardly an issue, but it's there. If it weren't opportunities I've had may not have been available. Whatever...
- While working in technical support, I noticed
Umm...how exactly did you notice this? Were your customer's passwords stored clear-text?Umm...by the way...where was it that you worked, again?
This illustrates a larger problem: one password used in various settings. The password may be "23H&*sSie2@slo" but if you've used it in two places it's not secure. If you use this at, say, Wells Fargo and, say, Slashdot then CowboyNeal may be helping himself to a little X-Mas bonus...
Or, look on the back of the card to read the PIN written by the card holder who can't be bothered to memorize that pesky 4-digit number.
It's good to know I wasn't the only one working on non-service/tourism-related tasks this holiday season. My workstation of choice: laptop running Linux (2.4.7) and Win4Lin. This gives me a complete web application development environment so that my HTML, SOAP-XML, RDBMS system can be fully developed without an Internet connection. When Ricochet was alive, I didn't need a self-contained system to work at relatives homes, local taverns, the beach (yes, SoCal resident here), on the train... But now I can (and do) work anywhere & everywhere.
Sad, isn't it?
>>No Nimda for me, no Sircam, no other elite macro viruses.
/scripts/root.exe?/c+dir HTTP/1.0" 404 339 "-" "-"
/MSADC/root.exe?/c+dir HTTP/1.0" 404 337 "-" "-"
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 347 "-" "-"
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 347 "-" "-"
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 361 "-" "-"
/_vti_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 378 "-" "-"
/_mem_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 378 "-" "-"
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c 1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 4
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 360 "-" "-"
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 360 "-" "-"
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 360 "-" "-"
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 360 "-" "-"
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 344 "-" "-"
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 344 "-" "-"
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+d ir HTTP/1.0" 404 361 "-" "-"
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 361 "-" "-"
I believe you'd only see Nimda if you run a webserver. I get TONS of these:
209.88.229.62 - - [17/Oct/2001:14:46:38 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:41 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:42 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:43 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:47 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:47 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:48 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:49 -0700] "GET
04 394 "-" "-"
209.88.229.62 - - [17/Oct/2001:14:46:50 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:51 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:51 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:52 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:53 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:54 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:58 -0700] "GET
209.88.229.62 - - [17/Oct/2001:14:46:58 -0700] "GET
I believe these are the droppings of Nimda...
- Fact is, bad publicity is still publicity
Ignoring MS won't make it go away. Besides, MS is a real, honest-to-Allah monopoly. I haven't seen the stats but I imagine the User Agent most commonly found in- I'm at the karma cap, and I've been oscillating between 47 and 50 for some time. Does anyone else in that situation agree with my Modest Karma Proposal?
No agreement here. Yeah, I watched my karma sink to the 50 cap due to some comments being overrated and thusly reassed by subsequent moderators and I've been fluctuating between 47 - 50 points for...how long has the cap been in place?...well, since 2 weeks after the cap was put in place. Yeah I hate it when I have a day of +5's and the only change in karma comes when I make a really lame post and it gets -1'ed. But, come on. This is really no big deal. All you have to do to rectify the situation is post intelligently (and/or homourously) and you'll cap out again. Once you're at 47, being modded up too high and down a bit evens out. Actually, my theory is that if you hit 50 and stay there very long you're not taking enough risks in your postings and are too intent on keeping the precious '50' score. Perhaps the best sign of community involvement is a karma of 47. It shows appreciation from others for you efforts but also that you're pushing the limits to keep things interesting.Besides, being at 50 is no different, in effect, than being at ... what's the magic number for +1 Bonus? ... it's not as if you get more moderator points for being at 50 or that you get to see stories 5 minutes before anyone else...
As I write this my karma is at 50. I expect to be in the good land of 45-47 shortly...
Concentrate on your work, skills, and Fragging. Leave the IRS stuff to HR.
Strange you feel compelled to give this advice, since anyone capable of running the 2.5.x series would understand this implicitly... Afterall, no distro with a GUI installer and free penguin squeeze toy will be deploying the 2.5 series... The advice is sound, though.
I *love* driving into BC from Bellingham, WA for a night on the town, getting my auto serviced at the dealership, etc. Thanks, Canada, for helping make my dollar go so far!
gives you a short-cut for the
Too bad you'll be modded down, though...
Anyway, as a residential user who mainly uses his broadband connection to work from home I could not agree with you more. As a matter of fact, I could not agree with you at all. If it were not for the ability to control my servers remotely over my broadband connection then I would not HAVE a broadband connection. I don't do anything else online to justify the $50/mo expense. I hardly think I'm alone, and I doubt my provider would push this issue, either -- UNLESS I made demands for support ...or...*ding*
- [Lights On]
...try to sue my ISP for damage to my business becaue of some outtage or other service interruption.My bet is that these clauses exist only as a defense from support requests / lawsuits.
What stresses their service more: CNN video streaming or SSH connections to my servers?
Are you sure this isn't just their way of not supporting your VPN? There are similar requirements that you use Windows or Mac OSes, Netscape/IE and these rules are simply to shield tech support from alternative OS/browser questions but I've never received a notice to shut off my Linux systems running SSH, CIPE, Apache (not on port 80), FTP, etc....I also don't call their support and ask how to configure httpd.conf...
The C|Net article mentions that Toshiba cancelled a Crusoe laptop due to these delays. IBM already said it would not do Crue, so I will probably never get a Crusoe. (I love the point-stick...it's one of those "requirements" I have...)
I watched the unveiling of Transmeta online and was holding off making a laptop purchase for a couple months after waiting to get a Crusoe...but I gave up (and the PictureBooks was not interesting in anyway). Out of sight out of mind.
So, now I'm starting to consider getting a new laptop and passing my current Toshiba 2805 to my dear wife. I have a lot of requirements -- 15" LCD, speed, harddrive, RAM, ... but I honestly could not care less about the processor manufacturer and would NOT buy a laptop just because of the processor.
- However, to exploit the vulnerability, "attackers would probably need control of a Web server so that they could control the information sent in the HTTP header," Wysopal said. As a result, attacks could be traced to the malicious site.
Reading this one would think, "Oh, no problem. What webmaster would create a trackable exploit?" (ignore comp-u-geek for a moment).Add this exploit to wide-open server crack Code Red2/ Nimda...you've got a clear way for a third party to cause a *huge* disaster.
My logs are *STILL* full of Code Red 2 and Nimda attacks (running appache, so I don't care). How long until these OpenDoor servers are "patched" with the malformed MIME header exploit?