Basically the only way to detect intrusions on these systems is to have A) a characterization of their nominal protocol behavior including bandwidth usage patterns, connection/disconnection behaviors and other such information in addition to the basic port/service stuff. B) Have a list of the cloud servers they normally contact under standard operation, and C) Have regular automatically installed updates for A) and B) as the owner of the device screws with firmware and/or CDN contracts or the CDN itself makes changes and D) have some sort of alerting system that tells you when the nominal behavior pattern has been broken, but does not generate so many false alarms that you start to ignore said alerts and E) Have a device inline, sniffing, or on a mirror port capturing all traffic on the segment.
The big problem is C) because it requires a steady supply of manpower. Which is why companies pay more for the subscriptions on most NGFWs these days than they do for the hardware.
Pretty much precisely: we pay our diplomats/politicians/experts to take the best of the risky choices available. Just because they picked the best risks to take, does not mean they weren't risks. Then when some of the risks don't pan out well, we blame the diplomats/politicians/experts for taking the wrong risks in hindsight. Then we run to a "change agent" because well "what do we have to lose."
As a nation we often behave like one of those sad cases you hear about where some guy panicked during the recession, withdrew everything from his 401k, and bought into an Alpaca farm and ended up eating instant ramen for his entire retirement.
1) It's probably not possible, and definitely not before many of these people suffer for (more) years in horrible living conditions 2) We get a lot smaller field to recruit future America-friendly arabic-passable intelligence assets from. 3) The "culture clash" is actually healthy and makes our society more robust long-term 4) We will have much less influence over the region due to having citizens with influence/interest in the region. 5) It's actually more expensive than adding taxpaying population.
While there are dupes a lot of those stories are actually different stories on the same subject.
It is important for consumers of recycling services to be informed of this (It would be more useful to have a list of bona-fide recyclers) and not everyone reads every article in the feed, so it's not a huge deal to have periodic reminders on the subject -- though, the actual dupes we could do well without. In other words if we all just pointed a problem out once when it is first discovered and then never mentioned it again, a lot less people would know about it.
Reminds me I have a cellar full of old PCBs to eventually figure out who to dispose it with.
Yeah but all the promo photos make them look like they have chiclets, so you have to really dig if you want to make sure you have real buttons. Personally I can't stand having these on screen -- I want to be able to have my thumb on the button, feel that it is in the right place, be prepared to press it, but not press it until/unless I actually want to. So, yet another reason Apple products have never had any appeal to me goes onto the pile.
Moreover once the anti-tobacco movement started, they often played the role of useful idiots to the national tobacco industry, by promoting an abstinence-only mentality that prevented the development of harm-reduction products. Also it won't be long before I have to scramble to find materials to roll non-radioactively-fertilized clove cigarettes because apparently anything flavored with cloves is attractive to children -- which you would not know from their attitudes towards the Christmas ham. Now, not that there isn't a big problem with the Indonesian tobacco industry and child farm labor/safety, but this will also ruin a significant portion of that country's economy, given traditional clove cigarettes is a principal export. Guess which country's tobacco industry hopes to gain customers from that move?
They probably got suckered into VPC and similar, guess what I dont care what they say all stacks share a single failure domain, dont get me wrong they are great but you need at least A+B stacks.
Yeah and reading release notes is an easy way to convince yourself that unless you need something like VPS or are cheesing license limits on a management platform, stacking should just be purged entirely from your configurations.
Smart IT people build data centers out of heterogeneous hardware and set it up to degrade gracefully when something fails.
That would always be a preferred model, if you have that kind of budget, but...
Blame the PHB/CTO not the hardware.
...I'd say the equipment vendors should share some of that blame. I don't work anywhere near the 5 9's area and even I find some really appalling feature bugs introduced on even routine patchlevel upgrades. Stuff like the combination of DHCP-snooping/arp-inspection/source-lockdown on a port, which is the right way to configure access ports for anyone who gives a flip about security in depth, suddenly blocking all traffic after an upgrade. This is in general availability software releases. Things that clearly should be getting tested in QA are being left up to the customers to discover. We're no longer customers but unpaid beta testers.
Now with an access switch I can make up for the slack and script up some tests and a test environment. With a core switch an operation like mine doesn't just have a test switch sitting around, so it's hit the button and hope.
If the vendors want places like us to try the new fancy features they force feed to the sales reps, they'll have to up the game because A) kicking the tires on routine software upgrades saps the time we would normally use to kick the tires on a new feature and B) repeatedly finding bugs that would have really horribly screwed over your infrastructure during these tests tends to encourage a minimalist design approach.
Equipment vendors simply are not doing their job in the post race-to-the-bottom era.
Actually, this only works out if you have a lot of semi-technical people that enjoy re-training staff and keeping them busy. Heavy techs are too zoned in on their current projects to deal with this. For a college with this many IT staff, they really should have plenty of those, though, or they hired wrong.
5. Set up an external monitor of your ex-services so you can laugh when the replacements drive the car into the ditch. 6. Get friendly with the most likely tech services agency that will inevitably be called in to clean up the mess, so they can call you with offers for consulting, but tell them they have to charge 2x-3x what you were making per hour.
I pretty much ignore any sentence that includes the three components of "only difference" "trump" and "clinton" because that's a sure sign the sentence is pure bullshit.
...or Cardassians? It was simpler before DS9 when there were just Klingons and Romulans. Now I can't keep track of evil forehead alien and/or jersey empires.
No, he's icky because he exploited financially vulnerable people with a fraudulent get rich quick scheme. He basically hard-sells the American Dream and then absconds with the money, delivering nothing in return -- not what he promised, and nothing else of value. And he's lent his name and done appearances for other multi-level marketing schemes basically just designed to trick people poor enough to seek supplemental income into giving up what little they already have.
This tells you a lot about what he thinks about the middle and lower classes -- they are just there for him to extract power, fame, and wealth from, and if he hurts them in the process, he really could not give a turd.
The key difference between a private company and a government pissing away money and man hours is one is using their shareholders money and the other is using the tax payer's money
Governmental bureaucracies generally reward tenure over competence, and competitive businesses generally reward competence over tenure
I've seen zero evidence to support this contention. I've worked in state government and private edu, and have friends working in private com. We all have the same exact stories to tell about the crazy.
The company that gets paid or the government that puts out contracts and never gets value?
False dichotomy, the answer is "both." Just because the contractor is some of the time also dishonest, does not mean they are not incompetent as well. While you could argue they are competent at getting payed, that does not make them a competent provider, just a thief.
The director of the FBI laid out everything needed to prosecute me
Apparently AC forgot he wasn't trolling under a fake "ImHillaryClinton" username on the board.
Comey did not lay out sufficient details to prosecute. Or he would have. And no, she quite clearly didn't reach the bar of "lying to congress" either, if you actually review the statements, what she knew when she said them, and the facts known about the specific emails in question.
ISTR from the last time I tried to tame Chrome into something actyally useful, you define a fake search engine that just turns a URL into itself, and set it as the default. Then wish they hadn't taken the separate search engine box away, ponder whether you want to install a giant bundle of apps just to get things working sanely and deal with it when they break during upgrades, then run apt-get remove chrome.
Slashdot Mirror
This is why you need to learn to write legibly. You know, sort of like handwriting, unless apparently, you are a doctor.
Basically the only way to detect intrusions on these systems is to have A) a characterization of their nominal protocol behavior including bandwidth usage patterns, connection/disconnection behaviors and other such information in addition to the basic port/service stuff. B) Have a list of the cloud servers they normally contact under standard operation, and C) Have regular automatically installed updates for A) and B) as the owner of the device screws with firmware and/or CDN contracts or the CDN itself makes changes and D) have some sort of alerting system that tells you when the nominal behavior pattern has been broken, but does not generate so many false alarms that you start to ignore said alerts and E) Have a device inline, sniffing, or on a mirror port capturing all traffic on the segment.
The big problem is C) because it requires a steady supply of manpower. Which is why companies pay more for the subscriptions on most NGFWs these days than they do for the hardware.
Pretty much precisely: we pay our diplomats/politicians/experts to take the best of the risky choices available. Just because they picked the best risks to take, does not mean they weren't risks. Then when some of the risks don't pan out well, we blame the diplomats/politicians/experts for taking the wrong risks in hindsight. Then we run to a "change agent" because well "what do we have to lose."
As a nation we often behave like one of those sad cases you hear about where some guy panicked during the recession, withdrew everything from his 401k, and bought into an Alpaca farm and ended up eating instant ramen for his entire retirement.
Problems with that idea:
1) It's probably not possible, and definitely not before many of these people suffer for (more) years in horrible living conditions
2) We get a lot smaller field to recruit future America-friendly arabic-passable intelligence assets from.
3) The "culture clash" is actually healthy and makes our society more robust long-term
4) We will have much less influence over the region due to having citizens with influence/interest in the region.
5) It's actually more expensive than adding taxpaying population.
While there are dupes a lot of those stories are actually different stories on the same subject.
It is important for consumers of recycling services to be informed of this (It would be more useful to
have a list of bona-fide recyclers) and not everyone reads every article in the feed, so it's not
a huge deal to have periodic reminders on the subject -- though, the actual dupes we could do well
without. In other words if we all just pointed a problem out once when it is first discovered and then
never mentioned it again, a lot less people would know about it.
Reminds me I have a cellar full of old PCBs to eventually figure out who to dispose it with.
Yeah but all the promo photos make them look like they have chiclets, so you have to really dig if you want to make sure you have real buttons. Personally I can't stand having these on screen -- I want to be able to have my thumb on the button, feel that it is in the right place, be prepared to press it, but not press it until/unless I actually want to. So, yet another reason Apple products have never had any appeal to me goes onto the pile.
Moreover once the anti-tobacco movement started, they often played the role of useful idiots to the national tobacco industry, by promoting an abstinence-only mentality that prevented the development of harm-reduction products. Also it won't be long before I have to scramble to find materials to roll non-radioactively-fertilized clove cigarettes because apparently anything flavored with cloves is attractive to children -- which you would not know from their attitudes towards the Christmas ham. Now, not that there isn't a big problem with the Indonesian tobacco industry and child farm labor/safety, but this will also ruin a significant portion of that country's economy, given traditional clove cigarettes is a principal export. Guess which country's tobacco industry hopes to gain customers from that move?
No, just to deplore them.
They probably got suckered into VPC and similar, guess what I dont care what they say all stacks share a single failure domain, dont get me wrong they are great but you need at least A+B stacks.
Yeah and reading release notes is an easy way to convince yourself that unless you need something like VPS or are cheesing license limits on a management platform, stacking should just be purged entirely from your configurations.
Smart IT people build data centers out of heterogeneous hardware and set it up to degrade gracefully when something fails.
That would always be a preferred model, if you have that kind of budget, but...
Blame the PHB/CTO not the hardware.
...I'd say the equipment vendors should share some of that blame. I don't work anywhere near the 5 9's area and even I find some really appalling feature bugs introduced on even routine patchlevel upgrades. Stuff like the combination of DHCP-snooping/arp-inspection/source-lockdown on a port, which is the right way to configure access ports for anyone who gives a flip about security in depth, suddenly blocking all traffic after an upgrade. This is in general availability software releases. Things that clearly should be getting tested in QA are being left up to the customers to discover. We're no longer customers but unpaid beta testers.
Now with an access switch I can make up for the slack and script up some tests and a test environment. With a core switch an operation like mine doesn't just have a test switch sitting around, so it's hit the button and hope.
If the vendors want places like us to try the new fancy features they force feed to the sales reps, they'll have to up the game because A) kicking the tires on routine software upgrades saps the time we would normally use to kick the tires on a new feature and B) repeatedly finding bugs that would have really horribly screwed over your infrastructure during these tests tends to encourage a minimalist design approach.
Equipment vendors simply are not doing their job in the post race-to-the-bottom era.
(Step 7 only necessary if you have been living above your means and not saving)
I've quit a job over less. Not being a slave to your monthly paycheck is quite liberating in this respect.
Actually, this only works out if you have a lot of semi-technical people that enjoy re-training staff and keeping them busy. Heavy techs are too zoned in on their current projects to deal with this. For a college with this many IT staff, they really should have plenty of those, though, or they hired wrong.
5. Set up an external monitor of your ex-services so you can laugh when the replacements drive the car into the ditch.
6. Get friendly with the most likely tech services agency that will inevitably be called in to clean up the mess, so they can call you with offers for consulting, but tell them they have to charge 2x-3x what you were making per hour.
I pretty much ignore any sentence that includes the three components of "only difference" "trump" and "clinton" because that's a sure sign the sentence is pure bullshit.
That's a civil issue
No, It's a character issue.
eeeeeeew! Trump says mean things. He's icky!
No, he's icky because he exploited financially vulnerable people with a fraudulent get rich quick scheme. He basically hard-sells the American Dream and then absconds with the money, delivering nothing in return -- not what he promised, and nothing else of value. And he's lent his name and done appearances for other multi-level marketing schemes basically just designed to trick people poor enough to seek supplemental income into giving up what little they already have.
This tells you a lot about what he thinks about the middle and lower classes -- they are just there for him to extract power, fame, and wealth from, and if he hurts them in the process, he really could not give a turd.
The key difference between a private company and a government pissing away money and man hours is one is using their shareholders money and the other is using the tax payer's money
FTFY.
Governmental bureaucracies generally reward tenure over competence, and competitive businesses generally reward competence over tenure
I've seen zero evidence to support this contention. I've worked in state government and private edu, and have friends working in private com. We all have the same exact stories to tell about the crazy.
The company that gets paid or the government that puts out contracts and never gets value?
False dichotomy, the answer is "both." Just because the contractor is some of the time also dishonest, does not mean they are not incompetent as well. While you could argue they are competent at getting payed, that does not make them a competent provider, just a thief.
He didn't say it specifically had to be a vulgar fraction.
"every irrational number, including pi, can be represented by an infinite series of nested fractions, called a continued fraction:"
Republicans seem much more willing to 'throw the bum out'
Were that true, Trump University in and of itself would have prevented the nomination of the Donald.
The director of the FBI laid out everything needed to prosecute me
Apparently AC forgot he wasn't trolling under a fake "ImHillaryClinton" username on the board.
Comey did not lay out sufficient details to prosecute. Or he would have. And no, she quite clearly didn't reach the bar of "lying to congress" either, if you actually review the statements, what she knew when she said them, and the facts known about the specific emails in question.
ISTR from the last time I tried to tame Chrome into something actyally useful, you define a fake search engine that just turns a URL into itself, and set it as the default. Then wish they hadn't taken the separate search engine box away, ponder whether you want to install a giant bundle of apps just to get things working sanely and deal with it when they break during upgrades, then run apt-get remove chrome.
Doesn't screwing up the while system timestamp make it kinda hard to use cryptosystems that have timestamp-based replay protection, like SNMPv3?