The students were stealing bandwidth from open MediaWiki sites
The fact that some "admin" abandoned a site, with open privileges to post on it, does not constitute theft. I manage servers and write code for a living, and while I'd put a stop to such practices on any site I managed, the use of the term "theft" is laughable.
This is very much reminiscent of Microsoft crying to the media that all their security problems were due to evil hackers, and not their abject failure to follow long-accepted industry practices for code reviews and architecture. My response: cry me a river, and congrats to the grad students for their innovative work in the field of distributed communications.
Do mean you want to act as if you were a rainbow pony whilst killing folks, or manipulate a rainbow pony as if it were a musical instrument? Both have disturbing ramifications, but combined... dear Lord, what hath we wrought?
It's a good idea in theory, but the botnets are smarter than that these days. My server networks get portscanned multiple times a day, and it's inevitably followed up with login attempts (even with non-standard ports) on any hosts that aren't taking aggressive defense measures.
No kidding. Those toys might wind up in the evil hands (errr... other places?) of people of the same gender, hell-bent on corrupting the morals of America with their deviant practices. I guess we've got to ban anything that could conceivably be used in a non-comforming manner.
To defeat zombie attacks, I suck live packets out of my router through a modified soda straw running Linux. You can guess where anything routed to/dev/null winds up.
From a quick look at fail2ban it looks like one of it's features is that the blocking only lasts until the next log rotation.
It's configurable, you can select any period of time for the ban to remain in effect.
I'm still a bit nervous about allowing malicious third parties to effectively write firewall rules for me.
That I completely understand. It's not without its potential hazards, but I think the benefits outweigh them.
some of us don't really know where the next legitimate connection is going to come from
I've been thinking about something like a variant on port knocking, wherein a machine would be make several connections attempts to a non-existent service port from source ports whose numbers add up to some magic number. Filtering would then be disabled for the life of that connection. Maybe someone's already done it.
Amazon has no obligation to advertise (or even sell) books that the company considers detrimental to their business.
You're absolutely right. That said, their affiliates have no obligation to continue promoting their products if they disagree with Amazon's practices. I won't sell their stuff.
I removed all Amazon affiliate links from my sites some time ago for unrelated reasons: extremely low CTR (even on highly relevant articles), "funny" reporting on their stats system that didn't jive with my internally monitored figures, and crappy support.
This gives me yet another reason to steer people away from their programs.
I disagree. Should a new bug arise in openssh, I sure feel a lot better knowing that while I do enforce key-only authentication, I also restrict access to specific IP addresses. It's pretty hard to crack a service that you can't reach on the network due to packet filtering.
I don't allow password-based logins either (SSH keys only), allow SSH only from specific IP addresses, and I use fail2ban across all services that involve any kind of authentication (mail, ftp, http auth, etc). I've got it set to "two strikes and you're out"; every day I still get hundreds (some days thousands) of IPs banned in the logs. It's pretty sad.
I wholeheartedly agree with your point of view, especially the point about happy employees. With a whole lot of folks concerned about their jobs these days, anything a company can do to improve the work environment (especially if it's relatively inexpensive upgrades) could go a long way to improving morale.
That's not what I said; way to put words in a guy's mouth. I'm just interested in a comparison of the culture at other big tech firms as it relates to this article.
I'm typing this reply on a laptop running Ubuntu 8.10. It fits my needs for most development and administration tasks, but the needs of others (such as those interested in running PC-BSD) may vary. I choose hardware and operating system combinations according to the task they're going to perform, with occasional allowances for OS requirements. It's part of the process, and technology marches on.
I'm all for putting a pub in anywhere, including an existing pub (imagine an infinite series of pubs...). That said, does Google have any pubs on their campuses? Honest question, really.
they will be looked after by companies hiring security guards
Having served in the submarine force, I can assure you that the probability of nuclear weapons ever being watched over by average Joe security guards, in a civilian environment, is zero. Government requirements to be anywhere near a nuclear weapon for watchstanding purposes are pretty insane.
For the same reason slavery is always cited as the driving for the American Civil War? While the institution was an abomination of human rights, the war was fought over cotton (economics).
While I understand your point in principle, storage is beyond dirt cheap these days. I have a hard time finding laptops with less than a 100 GB drive, and a 1.5 TB drive can be had for $130 on Newegg.
You just put a big smile on my face. Your post is the reason I write stuff like this, in spite of those who seem all too willing to decry such efforts. Thanks:).
Security is a bit part of the equation. If one service gets exploited, you don't lose your whole production environment to some kid in Ukraine who got lucky with a zero-day exploit.
Security patching can be (and usually is) largely automated, with mail going to folks who monitor patch cycles on the network.
Slashdot Mirror
The students were stealing bandwidth from open MediaWiki sites
The fact that some "admin" abandoned a site, with open privileges to post on it, does not constitute theft. I manage servers and write code for a living, and while I'd put a stop to such practices on any site I managed, the use of the term "theft" is laughable.
This is very much reminiscent of Microsoft crying to the media that all their security problems were due to evil hackers, and not their abject failure to follow long-accepted industry practices for code reviews and architecture. My response: cry me a river, and congrats to the grad students for their innovative work in the field of distributed communications.
I want a FPS where I can play a rainbow pony.
Do mean you want to act as if you were a rainbow pony whilst killing folks, or manipulate a rainbow pony as if it were a musical instrument? Both have disturbing ramifications, but combined... dear Lord, what hath we wrought?
It's a good idea in theory, but the botnets are smarter than that these days. My server networks get portscanned multiple times a day, and it's inevitably followed up with login attempts (even with non-standard ports) on any hosts that aren't taking aggressive defense measures.
No kidding. Those toys might wind up in the evil hands (errr... other places?) of people of the same gender, hell-bent on corrupting the morals of America with their deviant practices. I guess we've got to ban anything that could conceivably be used in a non-comforming manner.
And someone would mistake a racy explicit gay romance novel for a children's book?
To defeat zombie attacks, I suck live packets out of my router through a modified soda straw running Linux. You can guess where anything routed to /dev/null winds up.
From a quick look at fail2ban it looks like one of it's features is that the blocking only lasts until the next log rotation.
It's configurable, you can select any period of time for the ban to remain in effect.
I'm still a bit nervous about allowing malicious third parties to effectively write firewall rules for me.
That I completely understand. It's not without its potential hazards, but I think the benefits outweigh them.
some of us don't really know where the next legitimate connection is going to come from
I've been thinking about something like a variant on port knocking, wherein a machine would be make several connections attempts to a non-existent service port from source ports whose numbers add up to some magic number. Filtering would then be disabled for the life of that connection. Maybe someone's already done it.
Amazon has no obligation to advertise (or even sell) books that the company considers detrimental to their business.
You're absolutely right. That said, their affiliates have no obligation to continue promoting their products if they disagree with Amazon's practices. I won't sell their stuff.
grep -v | tail -f running in a screen session for the smart and lazy who frequently suffer from denial of service attacks from botnets.
I removed all Amazon affiliate links from my sites some time ago for unrelated reasons: extremely low CTR (even on highly relevant articles), "funny" reporting on their stats system that didn't jive with my internally monitored figures, and crappy support.
This gives me yet another reason to steer people away from their programs.
tail -f for the bored!
I disagree. Should a new bug arise in openssh, I sure feel a lot better knowing that while I do enforce key-only authentication, I also restrict access to specific IP addresses. It's pretty hard to crack a service that you can't reach on the network due to packet filtering.
I don't allow password-based logins either (SSH keys only), allow SSH only from specific IP addresses, and I use fail2ban across all services that involve any kind of authentication (mail, ftp, http auth, etc). I've got it set to "two strikes and you're out"; every day I still get hundreds (some days thousands) of IPs banned in the logs. It's pretty sad.
somesite.org/wiki/index/cool_tips/code/perl/hello_world.php
That's just wrong.
I wholeheartedly agree with your point of view, especially the point about happy employees. With a whole lot of folks concerned about their jobs these days, anything a company can do to improve the work environment (especially if it's relatively inexpensive upgrades) could go a long way to improving morale.
That's not what I said; way to put words in a guy's mouth. I'm just interested in a comparison of the culture at other big tech firms as it relates to this article.
I'm typing this reply on a laptop running Ubuntu 8.10. It fits my needs for most development and administration tasks, but the needs of others (such as those interested in running PC-BSD) may vary. I choose hardware and operating system combinations according to the task they're going to perform, with occasional allowances for OS requirements. It's part of the process, and technology marches on.
I'm all for putting a pub in anywhere, including an existing pub (imagine an infinite series of pubs...). That said, does Google have any pubs on their campuses? Honest question, really.
they will be looked after by companies hiring security guards
Having served in the submarine force, I can assure you that the probability of nuclear weapons ever being watched over by average Joe security guards, in a civilian environment, is zero. Government requirements to be anywhere near a nuclear weapon for watchstanding purposes are pretty insane.
For the same reason slavery is always cited as the driving for the American Civil War? While the institution was an abomination of human rights, the war was fought over cotton (economics).
I think it may have been better to strip links which contained pedophilia or similar things from those lists before publishing them.
So the organization whose sole purpose is to avoid censorship at all costs should have censored the list?
I think I'd rather listen to Nails n' Chalkboards Greatest Hits.
While I understand your point in principle, storage is beyond dirt cheap these days. I have a hard time finding laptops with less than a 100 GB drive, and a 1.5 TB drive can be had for $130 on Newegg.
You just put a big smile on my face. Your post is the reason I write stuff like this, in spite of those who seem all too willing to decry such efforts. Thanks :).
Security is a bit part of the equation. If one service gets exploited, you don't lose your whole production environment to some kid in Ukraine who got lucky with a zero-day exploit.
Security patching can be (and usually is) largely automated, with mail going to folks who monitor patch cycles on the network.