Or are you assuming the person who posted this question is HR?
If you are saddened that someone is questioning the validity of your authority as a member of the IT priesthood, I am saddened that you would resort to misdirection in your pathetic attempt to misdirect the debate.
Or not. Who knows whether you did that consciously?
The reason I got modded up today is probably timing as much as anything. But more and more IT people are recognizing that we simply have too much dependence on specialty in our modern society.
What is really sad is that the current state of IT is such that it requires specialists to manage. We've overbuilt.
Data is valuable because management thinks it is valuable.
Bribing people to be ethical is probably more effective than attempting to force them to be ethical, but both approaches have limits, and the limits hit a lot earlier than managers want to believe.
Teach everyone management skills and get rid of the management specialization. Great idea.
I'd go for that, too.
But information technology is so fundamental to communication, freedom, management, and just basically living, that we should not be turning it all over to specialists.
I live in a middle-class neighborhood, and the cops regularly patrol the roads from the station out to try to discourage purse-snatchings and the like. (We have one knife-wielding wild man in the neighborhood, but so far he hasn't stabbed anyone.)
Organized crime comes in all stripes here, although most gun use is between competing organizations.
(The pachinko parlors are generally implicitly understood to have connection to organized crime.)
There is a lot of stress here, so your experiment with hand guns would not be wise. Nor would a similar experiment with knives be wise. (Stress, not the weapon, being the issue.)
It's still relatively safe, but that will probably change with the new generation, who are being mostly raised without religion, but really aren't being provided with any good philosophical basis for moral or ethical behavior to replace it.
While I won't argue with the idea that you should replace the system admin if you can't trust him/her, there is a fundamental problem when we separate managing data from managing people.
No, our current managers should not be trusted with their own networks, at least not most of them.
But management schools that don't teach enough applied systems management and enough information technology that someone graduating with a management degree could be expected to safely manage disconnected keyservers and a small, highly secure subnet for critical data, well, such schools are not teaching management.
They're only teaching how to either party or crack the whip or both.
(Why flamebait? That is, I would assume the -1 is about the urge to mod things we don't like down. Maybe we need a +1 flamebait, if we are going to insist on calling inconvenient truths flamebait.)
How can someone who can't manage data and networks manage people?
Of course, the managers would hire IT specialists to actually do most of the work, but if managers are able to maintain a small, secure network for the sensitive data, they can set it up as a sub-net, and keep the sensitive stuff off the main network.
And, of course, management trained in IT would be better able to evaluate the costs/benefits/risks in hiring vs. outsourcing for their situation.
Of course, when I say that, I also say, by implication, that he should learn enough to manage a small-scale (Linux or BSD) mail server for-sensitive-mail-only.
Management that doesn't understand enough small-scale IT to handle the sensitive stuff is not management.
More to the point, if you can't manage data, you can't manage people.
Gun laws do work, sort of. But, as the gun lobbiests say, when you outlaw guns, only the outlaws... .
Oh, and then there are knife crimes and poisonings and whatever. Elementary schools have to lock their gates and watch them with video cameras to keep the crazies with knives out. Just in case, really. It doesn't happen very often.
But it is still safe for two women to walk alone at night in much of Japan. Most of the time. I'm not sure whether that's a cause or an effect here.
There is some data that a sysad, whether internal or external, should not be trusted with.
Basic system administration should be required for business and management degrees, enough to maintain the disconnected key server and the separated subnet that handles all the most sensitive data.
I'm not really up on C++0x (eh, well) concepts, but, while I appreciate the concept (ehem) of trying to help the guy reading the code to read the minds of the original developers, I have to question the wisdom of trying to shoehorn the wisdom of the ages into a programing language. Especially, if we try to shoehorn the wisdom of the ages in via a generic (erk) mechanism.
Wisdom is experience, experience is what you get in specific application, after reflection.
I could see some use, possibly, for making exceptional code explicit and keeping the generic stuff implicit, but only if we can all agree beforehand what is exceptional and what is generic. Huge semantic issues, huge context issues, and it seems to me we must be careful when trying to drag the entire mental state context of the programer into the code.
We still seem to be fighting the battle of implicit linkage. How does a programer make the linkage explicit when he or she doesn't know what most of his or her assumptions were until after the third or forth major bugs with that section of code have been found? (Speaking of an example of the benefit of "many eyes",....)
(Oh, and, please don't tell me that somebody is still enamored with the concept of writing bug-free code in the first pass. When are we, as a profession, going to recognize that bugs are a necessary part of the design process?)
Overloading English is not going to help, either, I think, although it will cause one set of problems for people fluent in English, and a different set for those who are not.
(No, I'm not sure of what I'm trying to say, other than that putting something called concepts into C++ is probably byting off more than any committee I know of can chew.)
and the kneejerk reaction is not as valid as it once was, but have you tried talking him into giving up MSWindows?
I know, I know, easier said than done, and, these days, even Linux and BSD are having a hard time staying clean. (I'm sure that costs Billy G. a small donation or two a week. Sorry. You didn't want to hear that, either. I didn't say it.)
That modem/router is going to get reset again, hit by power or something. Depending on which model you're using, you can install a small Linux or net/openBSD distribution and reconstruct it so you can keep him from resetting it. Or maybe get a low-power PPC or ARM based NAS-type box (like the Kurobako), add disk drive and necessary ports (not sure what you'll need to hook to the WAN in India) to replace it and keep it more under your control.
As advice, it's good. Financially, and time-wise, I'm not able to do it in my house, yet. But it's something we all really need to start doing. Relying on ISPs who have do not have great incentive to help customers keep their kit clean is not a good idea.
If I had a couple of million in capital, I'd take a break and see what kind of packaged solution I could put together and sell -- very small ARM or coldfire processor as a tripwire watchdog, a medium-sized ARM with a small notebook or flash drive for meaningful logs as the firewall/router.
For my purposes, I'd have another ARM processor with a small notebook drive serving DNS on the inside of the LAN. (Stupid ISP is telling me to change my DNS setting to DHCP, so I want to start checking their DNS server against a third-party DNS server.) and another for serving timestamps, and another serving my personal website. And all of these could fit in one small physical box, really.
Or are you talking about the known good machine which he brought with him, running (preferably a stripped down Linux or BSD) in stealth/promiscuous mode?
First, many bot kits now are lower profile, deliberately not taking all the bandwidth available. That's going to reduce activity on the idiot lights.
Second, the odds that the modem/router was itself also compromised are not small, and many of the cheap ones feed the idiot lights through software. (Do I need to say more about that?)
He did say he has since rebuilt the machines, whatever he might have meant by that.
Also, the way I read it, he was saying he'd logged into the router/modem. (Which was also probably also compromised, but at least he wouldn't be sharing desktops with it.)
If the bogus netstat (and other utilities) are already part of the rootkit the skript ciddey downloaded, it doesn't cost the skript ciddey any more effort, and is even less likely to be noticed than strange output in netstat.
When I ran it this morning, it brought up more useful information.
Well, on the third page, I found this link to a pdf on the manufacturer's site. It has live links, and nosing around the manufacturer's site might dig up more information.
(I have work tomorrow, got to go to bed, so I'll beg off nosing around, leave it to others.)
Slashdot Mirror
So, was he a good manager?
Nice try.
Or are you assuming the person who posted this question is HR?
If you are saddened that someone is questioning the validity of your authority as a member of the IT priesthood, I am saddened that you would resort to misdirection in your pathetic attempt to misdirect the debate.
Or not. Who knows whether you did that consciously?
The reason I got modded up today is probably timing as much as anything. But more and more IT people are recognizing that we simply have too much dependence on specialty in our modern society.
What is really sad is that the current state of IT is such that it requires specialists to manage. We've overbuilt.
Data is valuable because management thinks it is valuable.
Bribing people to be ethical is probably more effective than attempting to force them to be ethical, but both approaches have limits, and the limits hit a lot earlier than managers want to believe.
Actually, I'd rather not trust someone with a degree in management under any of the current programs that I am familiar with.
CAIMLAS suggests teaching everyone management skills and getting rid of managers. I like that idea.
Teach everyone management skills and get rid of the management specialization. Great idea.
I'd go for that, too.
But information technology is so fundamental to communication, freedom, management, and just basically living, that we should not be turning it all over to specialists.
Uhm, no. Gangs are not a non-problem here.
I live in a middle-class neighborhood, and the cops regularly patrol the roads from the station out to try to discourage purse-snatchings and the like. (We have one knife-wielding wild man in the neighborhood, but so far he hasn't stabbed anyone.)
Organized crime comes in all stripes here, although most gun use is between competing organizations.
(The pachinko parlors are generally implicitly understood to have connection to organized crime.)
There is a lot of stress here, so your experiment with hand guns would not be wise. Nor would a similar experiment with knives be wise. (Stress, not the weapon, being the issue.)
It's still relatively safe, but that will probably change with the new generation, who are being mostly raised without religion, but really aren't being provided with any good philosophical basis for moral or ethical behavior to replace it.
While I won't argue with the idea that you should replace the system admin if you can't trust him/her, there is a fundamental problem when we separate managing data from managing people.
No, our current managers should not be trusted with their own networks, at least not most of them.
But management schools that don't teach enough applied systems management and enough information technology that someone graduating with a management degree could be expected to safely manage disconnected keyservers and a small, highly secure subnet for critical data, well, such schools are not teaching management.
They're only teaching how to either party or crack the whip or both.
Perhaps, then, gun laws can be a bit of a red herring?
Most political fantasies, conservative, liberal, whatever, seem to end up that way for some reason.
Wonder if that says something about political fantasies.
(Why flamebait? That is, I would assume the -1 is about the urge to mod things we don't like down. Maybe we need a +1 flamebait, if we are going to insist on calling inconvenient truths flamebait.)
How can someone who can't manage data and networks manage people?
Of course, the managers would hire IT specialists to actually do most of the work, but if managers are able to maintain a small, secure network for the sensitive data, they can set it up as a sub-net, and keep the sensitive stuff off the main network.
And, of course, management trained in IT would be better able to evaluate the costs/benefits/risks in hiring vs. outsourcing for their situation.
In what universe? What definition of secure?
Or are you assuming that the guy asking this question doesn't have anything valuable enough?
Your boss was right about that mail server.
Of course, when I say that, I also say, by implication, that he should learn enough to manage a small-scale (Linux or BSD) mail server for-sensitive-mail-only.
Management that doesn't understand enough small-scale IT to handle the sensitive stuff is not management.
More to the point, if you can't manage data, you can't manage people.
Japan has gun crime? (For example.)
Gun laws do work, sort of. But, as the gun lobbiests say, when you outlaw guns, only the outlaws ... .
Oh, and then there are knife crimes and poisonings and whatever. Elementary schools have to lock their gates and watch them with video cameras to keep the crazies with knives out. Just in case, really. It doesn't happen very often.
But it is still safe for two women to walk alone at night in much of Japan. Most of the time. I'm not sure whether that's a cause or an effect here.
There is some data that a sysad, whether internal or external, should not be trusted with.
Basic system administration should be required for business and management degrees, enough to maintain the disconnected key server and the separated subnet that handles all the most sensitive data.
Small networks are not that hard.
I'm not really up on C++0x (eh, well) concepts, but, while I appreciate the concept (ehem) of trying to help the guy reading the code to read the minds of the original developers, I have to question the wisdom of trying to shoehorn the wisdom of the ages into a programing language. Especially, if we try to shoehorn the wisdom of the ages in via a generic (erk) mechanism.
Wisdom is experience, experience is what you get in specific application, after reflection.
I could see some use, possibly, for making exceptional code explicit and keeping the generic stuff implicit, but only if we can all agree beforehand what is exceptional and what is generic. Huge semantic issues, huge context issues, and it seems to me we must be careful when trying to drag the entire mental state context of the programer into the code.
We still seem to be fighting the battle of implicit linkage. How does a programer make the linkage explicit when he or she doesn't know what most of his or her assumptions were until after the third or forth major bugs with that section of code have been found? (Speaking of an example of the benefit of "many eyes", ....)
(Oh, and, please don't tell me that somebody is still enamored with the concept of writing bug-free code in the first pass. When are we, as a profession, going to recognize that bugs are a necessary part of the design process?)
Overloading English is not going to help, either, I think, although it will cause one set of problems for people fluent in English, and a different set for those who are not.
(No, I'm not sure of what I'm trying to say, other than that putting something called concepts into C++ is probably byting off more than any committee I know of can chew.)
and the kneejerk reaction is not as valid as it once was, but have you tried talking him into giving up MSWindows?
I know, I know, easier said than done, and, these days, even Linux and BSD are having a hard time staying clean. (I'm sure that costs Billy G. a small donation or two a week. Sorry. You didn't want to hear that, either. I didn't say it.)
That modem/router is going to get reset again, hit by power or something. Depending on which model you're using, you can install a small Linux or net/openBSD distribution and reconstruct it so you can keep him from resetting it. Or maybe get a low-power PPC or ARM based NAS-type box (like the Kurobako), add disk drive and necessary ports (not sure what you'll need to hook to the WAN in India) to replace it and keep it more under your control.
As advice, it's good. Financially, and time-wise, I'm not able to do it in my house, yet. But it's something we all really need to start doing. Relying on ISPs who have do not have great incentive to help customers keep their kit clean is not a good idea.
If I had a couple of million in capital, I'd take a break and see what kind of packaged solution I could put together and sell -- very small ARM or coldfire processor as a tripwire watchdog, a medium-sized ARM with a small notebook or flash drive for meaningful logs as the firewall/router.
For my purposes, I'd have another ARM processor with a small notebook drive serving DNS on the inside of the LAN. (Stupid ISP is telling me to change my DNS setting to DHCP, so I want to start checking their DNS server against a third-party DNS server.) and another for serving timestamps, and another serving my personal website. And all of these could fit in one small physical box, really.
Next time power goes down, the Linksys is going to be reset.
root kits these days even muck around with bios.
safe mode isn't safe any more. Hasn't been for quite a while.
Or are you talking about the known good machine which he brought with him, running (preferably a stripped down Linux or BSD) in stealth/promiscuous mode?
First, many bot kits now are lower profile, deliberately not taking all the bandwidth available. That's going to reduce activity on the idiot lights.
Second, the odds that the modem/router was itself also compromised are not small, and many of the cheap ones feed the idiot lights through software. (Do I need to say more about that?)
He did say he has since rebuilt the machines, whatever he might have meant by that.
Also, the way I read it, he was saying he'd logged into the router/modem. (Which was also probably also compromised, but at least he wouldn't be sharing desktops with it.)
If the bogus netstat (and other utilities) are already part of the rootkit the skript ciddey downloaded, it doesn't cost the skript ciddey any more effort, and is even less likely to be noticed than strange output in netstat.
Right?
When I ran it this morning, it brought up more useful information.
Well, on the third page, I found this link to a pdf on the manufacturer's site. It has live links, and nosing around the manufacturer's site might dig up more information.
(I have work tomorrow, got to go to bed, so I'll beg off nosing around, leave it to others.)