Let's say you're running a network of 160 desktops. 20 of those people would like to bring in their personal laptop, a Mac, Ipaq, etc. You then have to consider the security of the other 140 desktops. Corporate IT will be held responsible if YOUR personal laptop screws their network. YOU will not. So if someone "slips something by" Corporate IT, and it screws something, is virus infected, not locked down, then it is suddenly their problem to fix.
Can't always batter the Braindead IT Department. Companies have standards for a reason. I can't trust that J Random Developer knows how to secure his shit. In fact, I would always, 100% of the time, bet that he doesn't. After seeing some of the poorly maintained, hacked 10 ways from sunday developer desktops I have, my default policy would be to say "no".
Of course, now that I've tried it, I'm going to immediately switch it back:-). Having the mid screen have different terminals open on it, and switching virtual desktops between them outweighs my window dragging ability. But now that I know, I can use this on other systems. Cool.
At work I run two machines, a Linux machine with 3 monitor Xinerama and a headless Windows2k Server. My leftmost screen is browsers and terminals, mid screen holds all my rdesktop (terminal server) connections, with one virtual destktop dedicated to a fullscreen, borderless session with my 2k Server for Outlook and, when I need it, IE. Third screen holds Evolution and GAIM/Kopete, depending on whether Kopete is feeling happy that day.
I've found this setup to be great, the middle monitor works well for switching between terminal servers.
My question though, is how to get "real" multi-head in XFree86. Xinerama works very well, but I sometimes want to drag a window between desktops, without paying for a commercial X.
Out of work for 18 months, give or take a little consulting. Lived off credit cards slowly circling drain...
Hired at DigitalGoods.com (saw brushed metal conference room door, oddly shaped, very colorful furniture, conf. rooms named after foreign currency, thought "uh oh").
Two weeks later, boss on vacation, I get a note at my desk to see HR Manager. HR Manager hands me a key and a note that I'm supposed to disable the accounts of 40% of the staff, including one of the internal IT Ops people (I was Production Ops).
Week after that, the Dev's and IT kind of revolt. They demand to be able to do Java/Unix bootcamp project in addition to regular workload since we all know we're going to get whacked and want a resume builder.
Total of 6 weeks with the company, we're all killed. I got 3 paychecks. Made far more during the shutdown as a consultant doing liquidation, inventory kind of stuff. Bought much gear off the liquidators at less than bargain basement prices.
Overall I think it was one of the COOLEST jobs I've had. Although I was only there briefly, I got to work with some of the best people ever, made contacts, and was able to find new jobs for several of my ex fellow cow-orkers.
Very valuable, got good bootcamp-type experience with some stuff, won a dollar on an uptime bet that could never be proven/disproven, and got lots of gear cheap. Of course it helps that I found another job quickly that time.
You didn't mention your region, but I know of several in the greater Boston area. My personal favorite was Winter, Wyman and Company (if you know Waltham, you'll pick it up). They also have offices in NYC and DC from what I gather.
I was job hunting in the summer of 2001, which was no easy time for a network admin with a history of Web businesses to be looking. My rep spent up to 2 hours at a time just playing "Yes/No" with openings, rapid fire with:
Description, Responsibility, Skill Set, Yes or No. There were TONS of openings, even as times were getting tougher by the day.
You'll note that she screened every opportunity with me before sending my resume in on a bad fit. I went on like two or three interviews, all of which would have been good fits. I sent three associates to her, all of which got great leads, two of whom got terrific jobs.
I found that the best strategy was to have a stable of between 5 and 10 firms, checking in on one or two per day for a two week cycle. That way you're not just bugging the crap out of them, but they're not forgetting about you either.
My Winter Wyman rep left shortly after I got a job (on my own, no headhunter involved), to pursue a career in hospitality, I guess the dotcom crash hit everyone, but I'd still give the firm my business.
As I was interviewing for my current position, she was giving me negotiation tips and training, as well as helping me brush up my cover letter and resume. Because we had established a relationship, as you say. I had given her two good people, for whom she got paid, and she helped me out, just to keep me interested in the company for the next time I was job-seeking.
I like 'em, but disks die way more often than I would think. Much of our storage is way offsite, as in, I couldn't get to it in an emergency within about 2 days. Their support is good, but they have serious problems with address changes. We've had about 6 or 7 instances of disks being shipped to an old address, and we just keep updating them. Gets old.
ITMLS can transfer licenses. I'm sure other places can too. They've always been good to us.
Not always. My company has bought several TB of used NetApp, and our vendor is able to transfer licenses, with full authorization from NetApp. My guess is that this isn't that rare, they still get our money for support anyway.
I used to have my system call the pager directly. Add a bunch of waits if your pager has a message like "after the beep, enter your numeric message". Do/not/ use 911 as any part of the message. I must have called 911 about 20 times during initial setup before they called me and said they were sending a car, and I knocked it off.
Works well though, and just make it a unique numeric page and you'll know exactly what it means.
Take NetCraft stats with a Big Grain of Salt (big grains of salt, heh). If a site is "Akamized", as this one was, or is otherwise distributed, you'll see the OS of the front end, not what the site actually runs. You'll note that NetCraft lists "linux" for the Akamai site.
Good enough Plan, totally. In fact, I agree that systems should ship by default with everything disabled, like OpenBSD, requiring the user to re-enable. It would be easy for Microsoft to make a wizard for this behavior too, sort of like:
"It looks like you're trying to establish a network share, would you like to enable CIFS?"
"It looks like you're using RPC on a routable IP address, are you sure you're firewalled?"
Ideally, that would be pretty sweet. Just a one-time popup that wouldn't annoy admins too much, but would give end users at the very least a shot at knowing they're vulnerable.
But the original poster can't blame only MS for making a sub-standard OS, it's really an industry issue. WU-FPTd and Sendmail run by default on a lot of systems, many times without the user knowing.
My rant was the product of 2 days of non-stop forensic analysis, but still, it's more than just Microsoft's problem.
+5 Interesting? How about r-utils? How about Samba, Samba will happily share out any interface you want. DHCPD, that bites a lot of home firewall hobbyist types by running happily on their external interface. lpd, jeez, tell me if you've heard this one before.
How exactly would MS know which interface is "Internet Facing". If Windows sees a NIC with a "public" IP, it shouldn't allow RPC? Many networks don't rely on NAT for their warm fuzzy security feelings. Many networks have lots of machines with "non-private" IPs on secretaries desktops. If they protect their network appropriately, they're safe.
Not everyone uses NAT. Some people even think that NAT is ugly, broken and gives a very false sense of security.
Combine this with a form of fusion, well, I bet we could start some shit. We wouldn't even need the sun anymore.
What did that mean anyway "Combined with a source of fusion"...Why not JUST USE FUSION? Rather than running that whole scam trying to make people slaves. Works OK for the sun.
My service with SprintPCS has always been great, I travel a bit down the eastern seaboard and it's always good. My (corporate policy) Nextel phone doesn't even work at my desk.
Nextel is going the Extra Mile and screwing with their towers to provide better signal strength to our building, but that was a promise from two months ago, that we haven't seen the fruits of.
I've yet to meet someone who says "Yeah, my Nextel? This thing is GREAT!" the way I could about my StarTac with Sprint.
The only tool I always keep nearby is a Snap-On ratchet screwdriver. Sure, they're a bit more expensive than your Home Depot Ratchet Special, but they're much smoother and not made out of some crappy aluminum looking alloy that's easily gouged up.
They're meant to work, hard, consistently. And they do!
I'm amazed that Microsoft didn't already have a linux farm running years ago. It's not like they're not knowledgable about these things, they used Xenix for their mail for the longest time, and they had the large Hotmail FreeBSD farm to deal with.
<speculation>
What better way to ensure total non-compatability than running the other guys gear in house and tweaking your protocol appropriately.
</speculation>
I guess we can understand why they got their SCO ducks in a row before deploying Linux though. They are safe from any SCO damage, and they can now use it for their FUD-machine "Before we could safely install this "Free" OS, we had to mitigate the risk of prosecution, since, unlike US, no Linux vendor indemnifies their clients...blah...blah".
I must think that if 5 out of every 100 Ford Expeditions exploded every day (twice?), that Ford would be very quickly bankrupt, or at least seriously rethinking their design choices.
In any "physical" industry, Bill Gates would be a Hundredaire instead of a Billionaire. It's all fun and games until someone loses an eye, and few, if any, people ever lost an eye because Windows crashed again.
I'd like to see a binary Konq distribution for Windows. I got it running from Cygwin, all of KDE3 actually, but I would love just a static binary distribution that my mom could install.
It's fast, it's compliant, and it would make a good Windows half-brother to Safari on Mac.
I wanna see some goofball jump out of a plane with 1/2 TB of NetApp strapped to his back:-).
With that kind of weight, they would have to do RAID1 of the skydiver as well.
Re:Why not a router distro on a bootable cdrom?
on
Linux Router Project Dead
·
· Score: 4, Insightful
Because a router is there to route. A file server is there to serve files. I'm not saying that my home firewall isn't corrupted with files I don't need, but I'm fairly sure that that's why it wasn't a concert of the LRP.
Think of it as the same reason a Cisco 2600 eDonkey client isn't out yet.
However, you do have a cool idea. There are tons of people that would benefit from an easy cd-based distro with firewalling capabilities, plus use the extra room on the CD to store files for an un-corruptable file or webserver installation. Have all logging go to a syslog server of your choice.
I guess something like that would be like: download this.iso, mount it, modify it with the files and change your syslogging settings, httpd.conf, etc, and then burn it and boot it.
Do it up. I'm sure it's been done, but do it better.
Google, while not having a wealth of info on tdko.com, did have some useful bits: groups
I'd heard the name tdko before, I was pretty sure, in the context of a Bonza or Gator or something. They'll change your default search page in IE, etc, this sounds like just another dirty trick. I doubt they compromised the DHCP servers themselves, my guess is that some pop-up or spyware app changed your settings locally. If you did try it from multiple systems, well, they're several of YOUR systems, you may have visited to same site or installed the same spyware on each. I think eDonkey F'd with my default search page IIRC.
Active Dir Application Mode is backported to 2k as well though, so you don't need Win2k3 Server to get it. I was just offered this as a solution by MS, though in my case using a full-blown Domain was the better way, since I need it for authentication, not fancy directory lookups.
Can someone explain how ADAM is different from just running any LDAP server for this purpose? Not that they'll charge for ADAM, but it would be nice to know how cross-platform it is, or if LDAP is better for mixed environments.
I became a Sony Nazi years and years ago with my first Sony 17" Trinitron (For $1005!). Since then I've decided it's all I really want to look at. My wife and I have twin Sony 21" (one HP branded, one Dell), and they both rock. These monitors can be found on the cheap from dying DotComs, or from model retirement. I picked up the HP branded one for $350, brand new in the box from a local retailer who bought two entire skids of 'em when HP changed the bezel or something.
Both of these monsters do 2048x1536 @70hz (one does 75 I think), so you don't go flicker-blind, assuming you have a video card that can support this (ahem, not NVIDIA, they only do 16-bit color @60hz at that rez, all of them).
At work, I'm stuck with 17" Mitsubishi Diamond Plus 72's, and they've got similar quality to the Sony. I probably wouldn't hesitate in buying one of the larger models of Misubishi.
I do believe my next purchase will be a Sony W900 24" widescreen, my wife had one at one of her jobs and it's great for DVD's, since these are bigger than our TV anyway, and it allows you to have two pages open side by side in Quark.
Slashdot Mirror
Let's say you're running a network of 160 desktops. 20 of those people would like to bring in their personal laptop, a Mac, Ipaq, etc. You then have to consider the security of the other 140 desktops. Corporate IT will be held responsible if YOUR personal laptop screws their network. YOU will not. So if someone "slips something by" Corporate IT, and it screws something, is virus infected, not locked down, then it is suddenly their problem to fix.
Can't always batter the Braindead IT Department. Companies have standards for a reason. I can't trust that J Random Developer knows how to secure his shit. In fact, I would always, 100% of the time, bet that he doesn't. After seeing some of the poorly maintained, hacked 10 ways from sunday developer desktops I have, my default policy would be to say "no".
Perfect!
:-). Having the mid screen have different terminals open on it, and switching virtual desktops between them outweighs my window dragging ability. But now that I know, I can use this on other systems. Cool.
Of course, now that I've tried it, I'm going to immediately switch it back
At work I run two machines, a Linux machine with 3 monitor Xinerama and a headless Windows2k Server. My leftmost screen is browsers and terminals, mid screen holds all my rdesktop (terminal server) connections, with one virtual destktop dedicated to a fullscreen, borderless session with my 2k Server for Outlook and, when I need it, IE. Third screen holds Evolution and GAIM/Kopete, depending on whether Kopete is feeling happy that day.
I've found this setup to be great, the middle monitor works well for switching between terminal servers.
My question though, is how to get "real" multi-head in XFree86. Xinerama works very well, but I sometimes want to drag a window between desktops, without paying for a commercial X.
Out of work for 18 months, give or take a little consulting. Lived off credit cards slowly circling drain...
Hired at DigitalGoods.com (saw brushed metal conference room door, oddly shaped, very colorful furniture, conf. rooms named after foreign currency, thought "uh oh").
Two weeks later, boss on vacation, I get a note at my desk to see HR Manager. HR Manager hands me a key and a note that I'm supposed to disable the accounts of 40% of the staff, including one of the internal IT Ops people (I was Production Ops).
Week after that, the Dev's and IT kind of revolt. They demand to be able to do Java/Unix bootcamp project in addition to regular workload since we all know we're going to get whacked and want a resume builder.
Total of 6 weeks with the company, we're all killed. I got 3 paychecks. Made far more during the shutdown as a consultant doing liquidation, inventory kind of stuff. Bought much gear off the liquidators at less than bargain basement prices.
Overall I think it was one of the COOLEST jobs I've had. Although I was only there briefly, I got to work with some of the best people ever, made contacts, and was able to find new jobs for several of my ex fellow cow-orkers.
Very valuable, got good bootcamp-type experience with some stuff, won a dollar on an uptime bet that could never be proven/disproven, and got lots of gear cheap. Of course it helps that I found another job quickly that time.
You didn't mention your region, but I know of several in the greater Boston area. My personal favorite was Winter, Wyman and Company (if you know Waltham, you'll pick it up). They also have offices in NYC and DC from what I gather.
I was job hunting in the summer of 2001, which was no easy time for a network admin with a history of Web businesses to be looking. My rep spent up to 2 hours at a time just playing "Yes/No" with openings, rapid fire with: Description, Responsibility, Skill Set, Yes or No. There were TONS of openings, even as times were getting tougher by the day.
You'll note that she screened every opportunity with me before sending my resume in on a bad fit. I went on like two or three interviews, all of which would have been good fits. I sent three associates to her, all of which got great leads, two of whom got terrific jobs.
I found that the best strategy was to have a stable of between 5 and 10 firms, checking in on one or two per day for a two week cycle. That way you're not just bugging the crap out of them, but they're not forgetting about you either.
My Winter Wyman rep left shortly after I got a job (on my own, no headhunter involved), to pursue a career in hospitality, I guess the dotcom crash hit everyone, but I'd still give the firm my business.
As I was interviewing for my current position, she was giving me negotiation tips and training, as well as helping me brush up my cover letter and resume. Because we had established a relationship, as you say. I had given her two good people, for whom she got paid, and she helped me out, just to keep me interested in the company for the next time I was job-seeking.
I like 'em, but disks die way more often than I would think. Much of our storage is way offsite, as in, I couldn't get to it in an emergency within about 2 days. Their support is good, but they have serious problems with address changes. We've had about 6 or 7 instances of disks being shipped to an old address, and we just keep updating them. Gets old.
ITMLS can transfer licenses. I'm sure other places can too. They've always been good to us.
Not always. My company has bought several TB of used NetApp, and our vendor is able to transfer licenses, with full authorization from NetApp. My guess is that this isn't that rare, they still get our money for support anyway.
I used to have my system call the pager directly. Add a bunch of waits if your pager has a message like "after the beep, enter your numeric message". Do /not/ use 911 as any part of the message. I must have called 911 about 20 times during initial setup before they called me and said they were sending a car, and I knocked it off.
Works well though, and just make it a unique numeric page and you'll know exactly what it means.
You can't sue microsoft for servers you DO patch either. Damned if you do, Damned if you don't.
Take NetCraft stats with a Big Grain of Salt (big grains of salt, heh). If a site is "Akamized", as this one was, or is otherwise distributed, you'll see the OS of the front end, not what the site actually runs. You'll note that NetCraft lists "linux" for the Akamai site.
Good enough Plan, totally. In fact, I agree that systems should ship by default with everything disabled, like OpenBSD, requiring the user to re-enable. It would be easy for Microsoft to make a wizard for this behavior too, sort of like:
"It looks like you're trying to establish a network share, would you like to enable CIFS?"
"It looks like you're using RPC on a routable IP address, are you sure you're firewalled?"
Ideally, that would be pretty sweet. Just a one-time popup that wouldn't annoy admins too much, but would give end users at the very least a shot at knowing they're vulnerable.
But the original poster can't blame only MS for making a sub-standard OS, it's really an industry issue. WU-FPTd and Sendmail run by default on a lot of systems, many times without the user knowing.
My rant was the product of 2 days of non-stop forensic analysis, but still, it's more than just Microsoft's problem.
+5 Interesting? How about r-utils? How about Samba, Samba will happily share out any interface you want. DHCPD, that bites a lot of home firewall hobbyist types by running happily on their external interface. lpd, jeez, tell me if you've heard this one before.
How exactly would MS know which interface is "Internet Facing". If Windows sees a NIC with a "public" IP, it shouldn't allow RPC? Many networks don't rely on NAT for their warm fuzzy security feelings. Many networks have lots of machines with "non-private" IPs on secretaries desktops. If they protect their network appropriately, they're safe.
Not everyone uses NAT. Some people even think that NAT is ugly, broken and gives a very false sense of security.
Go figure.
Combine this with a form of fusion, well, I bet we could start some shit. We wouldn't even need the sun anymore.
What did that mean anyway "Combined with a source of fusion"...Why not JUST USE FUSION? Rather than running that whole scam trying to make people slaves. Works OK for the sun.
My service with SprintPCS has always been great, I travel a bit down the eastern seaboard and it's always good. My (corporate policy) Nextel phone doesn't even work at my desk.
Nextel is going the Extra Mile and screwing with their towers to provide better signal strength to our building, but that was a promise from two months ago, that we haven't seen the fruits of.
I've yet to meet someone who says "Yeah, my Nextel? This thing is GREAT!" the way I could about my StarTac with Sprint.
The only tool I always keep nearby is a Snap-On ratchet screwdriver. Sure, they're a bit more expensive than your Home Depot Ratchet Special, but they're much smoother and not made out of some crappy aluminum looking alloy that's easily gouged up.
They're meant to work, hard, consistently. And they do!
What better way to ensure total non-compatability than running the other guys gear in house and tweaking your protocol appropriately.
I guess we can understand why they got their SCO ducks in a row before deploying Linux though. They are safe from any SCO damage, and they can now use it for their FUD-machine "Before we could safely install this "Free" OS, we had to mitigate the risk of prosecution, since, unlike US, no Linux vendor indemnifies their clients...blah...blah".
I must think that if 5 out of every 100 Ford Expeditions exploded every day (twice?), that Ford would be very quickly bankrupt, or at least seriously rethinking their design choices.
In any "physical" industry, Bill Gates would be a Hundredaire instead of a Billionaire. It's all fun and games until someone loses an eye, and few, if any, people ever lost an eye because Windows crashed again.
No excuse though.
Summary: Functionally clumsy, but it looks cool!!
That watch is my polar opposite, it seems. (probably true of most geeks).
I'd like to see a binary Konq distribution for Windows. I got it running from Cygwin, all of KDE3 actually, but I would love just a static binary distribution that my mom could install.
It's fast, it's compliant, and it would make a good Windows half-brother to Safari on Mac.
I wanna see some goofball jump out of a plane with 1/2 TB of NetApp strapped to his back :-).
With that kind of weight, they would have to do RAID1 of the skydiver as well.
Because a router is there to route. A file server is there to serve files. I'm not saying that my home firewall isn't corrupted with files I don't need, but I'm fairly sure that that's why it wasn't a concert of the LRP.
.iso, mount it, modify it with the files and change your syslogging settings, httpd.conf, etc, and then burn it and boot it.
Think of it as the same reason a Cisco 2600 eDonkey client isn't out yet.
However, you do have a cool idea. There are tons of people that would benefit from an easy cd-based distro with firewalling capabilities, plus use the extra room on the CD to store files for an un-corruptable file or webserver installation. Have all logging go to a syslog server of your choice.
I guess something like that would be like: download this
Do it up. I'm sure it's been done, but do it better.
Thank you very much sir/madam. We just let that domain expire, but a quick ln -s and a .sig change later, at least the link works again.
Y'all feel free to suggest a new domain name for an illustration site, that one was boring and in dire need of redesign.
x
Google, while not having a wealth of info on tdko.com, did have some useful bits: groups
I'd heard the name tdko before, I was pretty sure, in the context of a Bonza or Gator or something. They'll change your default search page in IE, etc, this sounds like just another dirty trick. I doubt they compromised the DHCP servers themselves, my guess is that some pop-up or spyware app changed your settings locally. If you did try it from multiple systems, well, they're several of YOUR systems, you may have visited to same site or installed the same spyware on each. I think eDonkey F'd with my default search page IIRC.
Active Dir Application Mode is backported to 2k as well though, so you don't need Win2k3 Server to get it. I was just offered this as a solution by MS, though in my case using a full-blown Domain was the better way, since I need it for authentication, not fancy directory lookups.
Can someone explain how ADAM is different from just running any LDAP server for this purpose? Not that they'll charge for ADAM, but it would be nice to know how cross-platform it is, or if LDAP is better for mixed environments.
I became a Sony Nazi years and years ago with my first Sony 17" Trinitron (For $1005!). Since then I've decided it's all I really want to look at. My wife and I have twin Sony 21" (one HP branded, one Dell), and they both rock. These monitors can be found on the cheap from dying DotComs, or from model retirement. I picked up the HP branded one for $350, brand new in the box from a local retailer who bought two entire skids of 'em when HP changed the bezel or something.
Both of these monsters do 2048x1536 @70hz (one does 75 I think), so you don't go flicker-blind, assuming you have a video card that can support this (ahem, not NVIDIA, they only do 16-bit color @60hz at that rez, all of them).
At work, I'm stuck with 17" Mitsubishi Diamond Plus 72's, and they've got similar quality to the Sony. I probably wouldn't hesitate in buying one of the larger models of Misubishi.
I do believe my next purchase will be a Sony W900 24" widescreen, my wife had one at one of her jobs and it's great for DVD's, since these are bigger than our TV anyway, and it allows you to have two pages open side by side in Quark.