I'm all for that. But how expensive is it to block port 23 and changing the BIOS of SCADA systems so that the first thing to be configured is a password?
I have seen power, water, sewer, and traffic systems put into production with an internet gateway that had telnet open, with default admin credentials that are well known.
I have a few "go to" things for the rare occasions I'll take a consulting gig on.
1. nmap the device. Secure the open ports. 2. No default passwords, and it's best if you can change the admin account name to something non-standard. 3. patch patch patch 4. Secure SSH so that only ssh key access is allowed. No username/password. 5. Create a key for each device. Best if you create the key with a password - I usually use the serial number of the device obfuscated. So if the serial number is 123, then the password for that key would be zyx or some simple transposition. I usually use a 10 letter word whose letters don't repeat. INTRODUCES, BLOCKHEADS, CORNFLAKES - and I usually say order them so it doesn't spell a word. EG: BLOCKHEADS to ABCDEHKLOS. And change the key based on the third or second to last number. 6 firewalls, firewalls firewalls. Limit port access to only those IP's you know and control. 7. Trust nothing completely. Defense in depth. 8. Construct "alarm" data and configure deep packet inspection to look for those alarm data and trigger an alert. 9. Ensure you have a panic button to shut down the network.
There are other things, a bit more subtle to go into.
What most seem to miss is a very simple concept, they are just too intent on taking private property (in this case, Google's) to see it.
1. Unlike Telecoms or, going back into history, railroads, or "the Seven Sisters" oil companies, Google does not prevent, nor do they present, a barrier to entry into their markets. Anyone can code up a search engine / index, Google won't stop you. Try opening a competing telephone or cable company, and the industry monopolists will tie you up in court before you can say "free markets". (Not that I'm a libertarian, or some sort of free market freak. It's just the way this rolls in this particular case. For monopolies, I'm in favor of tight regulation and oversight and I support net neutrality. )
2. Most seem to want to "tame" Google / Alphabet to their own needs. Sorry, without a monopoly that prevents others from competing, there is no moral or legal justification to grant this. Really dude.
3. Google has spent likely billions of dollars on their product. Unlike a monopoly, they have no power to stop someone else with a better idea. Ipso facto, if you want to beat out Google / Alphabet then your course is very, very simple. Give people a better experience then Google.
4. The reason Google / Alphabet is successful is because they give a better experience for more people than the likes of Bing, Duck Duck Go, or Yahoo.
As I see it, though I'm not in love with Google, is that those that want to see them brought under regulation and government oversight is because they have no other way to make Google do what they want. There's a word for that.
It's called "Communism" - and I'm fine with that if that's your opinion, but please, let's label it with the correct term before we go pelmell down that path.
Well, if they're so upset with Google, then the answer's pretty clear. Fire wall off Europe until they come to their senses. Should take, I don't know.... Three seconds?
Google is not a monopoly. There are other search engines. Use *them* if you don't like Google.
Opt out list are the grabbing the pig by the wrong leg. We could have gone with Opt In lists. But the best way to go about it is to have a way to set your own phone line to not accept telemarketing calls. Then when a telemarketer makes a call to that line, the phone switch simply drops that call. Marketers with an exsisting relation ship could over ride that by sending a counter signal that yes, they have a signed permission slip from the lessor of that number to make a marketing call. If they use the over ride signal, and the lessor doesn't agree, the lessor hangs up, dials a #XX number to say "Oh, no they didn't!" Then the caller has to provide evidence they did have permission. If they don't then it's a $10,000 fine per each call. And after 20 calls in 24 hours of folks say "Oh no they didn't!", the marketer's line gets automatically shut down.
Here's how I do it. for the past few years, I think 8 or so, I take my bonus check and buy 80% raspberry Pis, 20% add ons. Then I find a high school and middle school technology teacher, and give them the equipment. Then I schedule 3 days of vacation to go sit with the kids. Not all at once, but on the day they are given out, then half way through the school year, then a few weeks before the end of school. If the students want to come to my place for brain storming, they are welcome as long as one of their parents come too. I generally have two a month, on a Saturday or Sunday, and it generally lasts about 10 hours. NB: That's 10 hours here, not working. We also do things like BBQ or cook - which I encourage them to learn as well.
I worked with one of the recipients of this for 2 years. She recently left for a better offer. So empirical and limited evidence show this is working to an extent.
For the same reason there were over 60 "symbolic" votes in the House to repeal ACA. (For a total cost of 180 million dollars) - by the way, how's that repeal going for ya? For the same reason there were 13 investigations into Benghazi (One of which cost 13.8 million dollars). By the way - how many times was she found guilty? Oh yeah - none. Including the last investigation run by republicans. For the same reason there were redistricting in voting districts to ensure republicans won. For the same reason republicans push the false narrative that there is a lot of vote fraud going on - to disenfranchise those that won't vote republican.
You don't get to say 'really, we won
Ok. But 61% of the people don't think "We won" with Donald John Trump as president. This is the second time in 20 years America got a president the majority didn't want, policy not to their liking, and the minority republicans force their agenda on an unwilling nation.
The other odd thing to my mind is how frequently republicans fall into displacement/transference mental illness. EG: Obama is gonna declare martial law, oh noes! But here's trump, talking about "delaying the 2018 and 2020 elections to ensure that there isn't massive voter fraud again." and republicans are fine with that. You complain and shout down people over fears of what they might do, while they go about doing exactly what they accuse others of trying to pull.
1. They try to demand exclusive right to sell tickets*. 2. Prevent purchasing a ticket, then let someone else use it 3. Spamming. I've had employers order their netblocks dropped. 4. I don't believe that their added value is worth the cost - but sometimes you just have to deal with them*, or not see the event. I usually choose to not see it, and write to the act that "Sorry I missed you, but the only way to attend was via Ticketmaster, and I won't deal with them."
*If I recall correctly, but honestly, it's been a number of years so I could be mistaken.
Yes - that is my point exactly. Avoiding tax is legal. I'm saying that while it is within the letter of the law, it's the spirit of the law that is injured. Worse, it is a shareholder cause of action of the corporation does not do all it legally can to avoid a tax. I'm saying that we need to re-write the law so that "If you make a profit in the US, then you pay a tax in the US."
Are taxes too high? I think a 35% tax rate on profit does seem high to me. On the other hand, it doesn't matter what the tax rate is, if it can be avoided. Fix the avoidance, then fix the rate of tax. At it stands, corporations that move ownership of IP to Ireland avoid 100% of US taxes. That offends my sense of balance and justice when it's done simply to avoid (legally) US taxes.
We live in a state that is geared to support the military, our infrastructure, education, the poor, and the elderly. To do that takes money in the form of taxes we all agree to. When Apple, Burger King, and other corporations move their profit to be out of reach of US taxes, they gain the benefits of those improvements without supporting them.
I consider that not just a cheat, but dishonest - even if legal.
As to forgoing some write offs - I do. Because the reporting aspects offend my sense of honesty and privacy. I'm quite willing to pay taxes to support these (dis)united states, and to make sure our children get school, and our elderly have food, health care, and a dignified retirement. Beyond my taxes, I spend more in supporting causes I believe in. Read that again - I give to charity more than I pay in tax.
Why?
Because I have it, and it's needed. Can I solve all the world's problems? Oh, I only wish I could. But I do what I can with what I have when I have it. "Evil (and/or treason) prospers when good men do nothing." I support a few families that are staunch supporters of a party I absolutely do not support. But they are human beings in dire need that our system is failing through no fault of their own. I'm sure if I looked, I could find another family that supported my views. But that's not the eff'ing point. The point is to care for your fellow human being, even if you disagree with them. "Look not to your brother's plate to see if they have more than you do, look to see they have enough."
I am sure that you do what you can for your neighbors. "Life isn't fair" they say. I say, yeah, it isn't. Especially if we do nothing to correct it. Maybe that is why we are here - to share the joy of close family, and to share that with others. I have found no other reason that makes sense. Perhaps there is more than I see, and if so, I hope someone will share it with me. Money means little beyond what I need to survive. People mean everything to me, even when I don't agree with them.
Yup. Oh - how much does Apple pay in taxes again? Oh, yeah, that's right. The ship the money to Ireland to avoid US taxes. So we get screwed twice. No money from taxes, then pay for them to invest here. A two-fer.
"Make money here - pay taxes here." Once corporations do that, then we can take a look at how much the taxes are.
What planet do you live on? They get so much special treatment it's scary.
I took the original post to say not that they weren't getting special treatment (which they do), but that they were complaining they weren't getting more of it.
I'm of two minds about LinkedIn. In the first place, I'm required to have an account by my current employer. In the second place, LinkedIn in my opinion does a ton of scraping themselves (asking to access your mail box contacts, for instance.) But at least Linkedin ASKs to access it. Still, it feels creepy to me. The "psycho" girl friend kind of creepy.
On the third hand, LinkedIn told the to stop. So they should stop.
I heard about the Rumba mapping out the house. I heard the data was to be sold to deep data. What I don't understand is how anyone could think this could be monitized. Other than thiefs with way too much money to spend, anyway, and even there, it's not clear how that would be useful to them.
I asked my neighbor lady if she loaded up twitter to follow President Trump. Her answer: "If I wanted to listen to a fat, arrogant, crazy old man, I wouldn't have gotten a divorce."
As noted by many, many others, Slack is a resource hog. It's unusable in Firefox or Chrome in linux as it slows the whole machine down. Scrolling is sticky and laggy and a time sink because it takes so long. The client is a little better, not much. Also Slack forces you to have a General channel, which everyone is forced to use. With a few thousand people in it, it quickly because useless chatter that you can't shut out (you can mute it though).
I won't load the app on my phone. Others in my team have reported a "poor" experience and I need the phone for emergency systems down.
Overall, while Slack is pretty, I think older IRC client's with a bouncer are more suited to how I prefer to work. I'm guessing that Slack is more for people that don't want to learn how to run an IRC client and want a pretty front end to look at.
Here's a test I used to give people applying for a job as a programmer over the phone to get a "serious" interview.
1. Use pseudo code to display invoice transactions. Your data set is: Primary Key: Account number Secondary key: Transaction date/time 3rd key: transaction number (a hash of the account number, date/time) Note: Database returns are in ascending key order by default.
2. Use pseudo code to return a list of US coins to add up to $5 dollars.
3. You have 100 feet of property you want to erect a fence on. How many fence poles do you need if you place a post every 10 feet?
4. Describe how DNS works
5. What verbs are available for HTTP? \\\\\
Answers: 1. If not sorted in reverse date/time order, fail. When you need to look at an order, it is rarely the first one you ever had with us that is the issue. 2. Dollar coin, fifty cent coin frequently missed 3. 10 posts == fail, 11 posts == pass. 11 posts, but you might need another just in case == extra consideration as not all posts can be expected to preform 100% without inspection protocols or in case of error. So it may be worthwhile to have a spare around. 4. Look to see if they mention TCP at all. Most will forget that. If they do, ask when TCP will always be used (large zone file transfers is most common) 5. PUT, POST, GET, HEAD DELETE Meta: If I hear a lot of keyboard clicks in the background, I'm assuming they are using a search engine. Not bad in and of itself, it's sometimes faster to find out things via the web. But I will be digging in more for those folks.
They need to score 4 out of 5 to get a in person interview. These days, I'm no longer management and no longer am involved in hiring.
I don't report bugs to the company. I may report it to their ISP, but usually I don't bother in the sense I don't go looking for bugs.
I don't know, but isn't there a bug reporting system that will allow anonymous communication? If not, maybe that's something CERT could look into sponsoring. Sort of like the old abuse.net system, where you could register "Hey, this is where we take spam reports seriously." That way the clued in sites will let the whitehats know their reports are taken seriously, and the white hats know they at least have a simi-clued in contact and won't let slip the dogs of war because there's something wrong.
Again, all I'm interested in are my own sites, and I'll hardly dox myself.
Indeed. We've set up bastions to access these devices.
To the person that voted this as "flame bait": I can see how you would consider it so. I'm disappointed though. My comments were not submitted as a troll, but a plea to consider that there are those of us that simply do not have a choice to make sure the latest java and the latest codex's are installed. Not when there are hundreds of thousands of devices, and not when some of the gear is too old to support the newest versions, and not when federation for updates is impossible.
I would wish that all vendors of software consider "at scale" and at least have a plan for those cases.
I'm angry with FireFox. I have been using it for many years, and for a long time, I thought it to be the bee's knees, the cat's meow.
However, their high handed way with security and such has come to the point that I can't trust them. I use Firefox browser in my work. When they block things for security reasons, it stops me from being able to work. I have to manage over 250,000 devices on an internal and secure network. We don't have resources to upgrade those devices - indeed, many of them cannot be upgraded.
Hey - Firefox folks - not every one is a security idiot, and not everyone has the dosh to replace still functioning equipment.
No matter. I've been reduced to using other browsers anyway because FireFox has become too resource intensive and intrusive. Yes, I know I'm a "special snowflake" but it is disheartening to have to discontinue using a tool I used to love so much.
I do still use it for my personal needs for the most part, but no longer for my banking or retirement sites. For work I no longer use it at all.
I had a really snarky and funny line to start this off with, simulating network lag, but Slashdot filters insist that I remove junk chars. from the post. sigh
I do work for people with no other access to internet other than cell they can afford. Most of them are elderly, and most of them have health monitors that report to their heath care professionals via Internet. Pacemakers are big, though there are some that use it for other health monitoring including checking to see if they've opened their medications for the day, and a few that are under court ordered monitoring while their cases are pending.
What I've noticed is that UDP packets seem to be targeted, but not TCP so much. I've started using Raspberry Pi's to wrap UDP, deliver it the cell network, then on to a cloud server, then use the cloud server to unwrap the UDP and forward it. It's not just Verizon I see this issue with, but all major carriers and some minor ones. I can't say the UDP packet loss is nefarious action by the ISP. After all, the advantage of UDP is not having the overhead of TCP. But it does seem odd.
Most of the people I help out are in small towns far from any metroplex. I am training my replacement though, because as I mentioned in another post my own health is declining. I will be putting up my scrips to github shortly so if you're interested in helping out folks, you don't have to re-invent what I've done. A lot of it is bash with standard utilities, but some of it is python or C programs. All of it is documented to the point of "A PHB can do this." because that's the way I document. Smart folks can scan it for nuggets, and those not well versed in the art can advance their skills.
Aside: One of the scripts had a one liner - but the documentation for that single line runs three pages. It has to do with taking a hundred lines of data, formatting it, wrapping it in JSON, and sending it on. I tell you exactly why each flag is used, why it's there and what it does, what to look for if there are errors, and where to find more information if I didn't cover it. Yeah - a bit of over kill. I'm trying to make it so that even the most inexperienced can help their loved ones if they have no other options.
I used to help set up CLECs for places without any internet, but in the past three years this have become impossible or too expensive due to changes in state law. I tired to get a pole permit (move other telecoms equipment - POTS line in this case) five years ago, and it's still pending approval. It's moot now - that pole no longer is there. It was removed when they pulled out the POTS wiring.
Anyway, Verizon isn't the most evil out there, though I don't think in any way they have a halo. AT&T in my opinion is far, far worse.
I was in charge of a very large library system. In 20xx (I don't want to be specific), the Chief Technical Archivist issued me a directive: Purge all logs with personally identifiable information after 7 days that the transaction closed. EG: Any books checked out, that record's PII was to be deleted after 7 days of checking it back in.
The patron's record showing how many books they checked out was to be purged as well - EG: reset to zero for any but books currently checked out.
Only aggregate data was to be retained. Daily transaction logs were to be purged immediately - which was a pain in the neck, because that meant the system had to be shut down for a full cold back up every day - which could not be kept for more than a few days. (I solved this issue by using RAID 50 and splitting the RAID mirror, then backing it up, then resyncing the mirror. That way it was "cold", but the system was down for only a few seconds.)
On my personal sites, I set the log files to/dev/null, and only log when I have a issue (technical or user).
Time to get our snoopy government out of our hair. They must be forced to stop shoving their nose in our crotch with indiscriminate abandon. Am I against prosecuting crime? Not at all. But I'm not in favor of our government being able to snoop into every breath we take, every penny we spend, every call we make, every text we have. "They hate us for our freedoms" - what a FSCK'ing JOKE.
Slashdot Mirror
Another tool I use to break in to things discovered. sigh Only 999,999,999 left.
And 9 million, 999 thousand people will yell "FAKE NEWS!". Overcoming set expectation of outcomes is a loosing business.
I'm all for that. But how expensive is it to block port 23 and changing the BIOS of SCADA systems so that the first thing to be configured is a password?
I have seen power, water, sewer, and traffic systems put into production with an internet gateway that had telnet open, with default admin credentials that are well known.
I have a few "go to" things for the rare occasions I'll take a consulting gig on.
1. nmap the device. Secure the open ports.
2. No default passwords, and it's best if you can change the admin account name to something non-standard.
3. patch patch patch
4. Secure SSH so that only ssh key access is allowed. No username/password.
5. Create a key for each device. Best if you create the key with a password - I usually use the serial number of the device obfuscated. So if the serial number is 123, then the password for that key would be zyx or some simple transposition. I usually use a 10 letter word whose letters don't repeat. INTRODUCES, BLOCKHEADS, CORNFLAKES - and I usually say order them so it doesn't spell a word. EG: BLOCKHEADS to ABCDEHKLOS. And change the key based on the third or second to last number.
6 firewalls, firewalls firewalls. Limit port access to only those IP's you know and control.
7. Trust nothing completely. Defense in depth.
8. Construct "alarm" data and configure deep packet inspection to look for those alarm data and trigger an alert.
9. Ensure you have a panic button to shut down the network.
There are other things, a bit more subtle to go into.
There is always an alternative.
I thought I had made that abundantly clear.
What most seem to miss is a very simple concept, they are just too intent on taking private property (in this case, Google's) to see it.
1. Unlike Telecoms or, going back into history, railroads, or "the Seven Sisters" oil companies, Google does not prevent, nor do they present, a barrier to entry into their markets. Anyone can code up a search engine / index, Google won't stop you. Try opening a competing telephone or cable company, and the industry monopolists will tie you up in court before you can say "free markets". (Not that I'm a libertarian, or some sort of free market freak. It's just the way this rolls in this particular case. For monopolies, I'm in favor of tight regulation and oversight and I support net neutrality. )
2. Most seem to want to "tame" Google / Alphabet to their own needs. Sorry, without a monopoly that prevents others from competing, there is no moral or legal justification to grant this. Really dude.
3. Google has spent likely billions of dollars on their product. Unlike a monopoly, they have no power to stop someone else with a better idea. Ipso facto, if you want to beat out Google / Alphabet then your course is very, very simple. Give people a better experience then Google.
4. The reason Google / Alphabet is successful is because they give a better experience for more people than the likes of Bing, Duck Duck Go, or Yahoo.
As I see it, though I'm not in love with Google, is that those that want to see them brought under regulation and government oversight is because they have no other way to make Google do what they want. There's a word for that.
It's called "Communism" - and I'm fine with that if that's your opinion, but please, let's label it with the correct term before we go pelmell down that path.
Well, if they're so upset with Google, then the answer's pretty clear.
Fire wall off Europe until they come to their senses. Should take, I don't know.... Three seconds?
Google is not a monopoly. There are other search engines. Use *them* if you don't like Google.
Opt out list are the grabbing the pig by the wrong leg.
We could have gone with Opt In lists.
But the best way to go about it is to have a way to set your own phone line to not accept telemarketing calls. Then when a telemarketer makes a call to that line, the phone switch simply drops that call. Marketers with an exsisting relation ship could over ride that by sending a counter signal that yes, they have a signed permission slip from the lessor of that number to make a marketing call. If they use the over ride signal, and the lessor doesn't agree, the lessor hangs up, dials a #XX number to say "Oh, no they didn't!" Then the caller has to provide evidence they did have permission. If they don't then it's a $10,000 fine per each call. And after 20 calls in 24 hours of folks say "Oh no they didn't!", the marketer's line gets automatically shut down.
End of unsolicited telemarketing problem.
Here's how I do it. for the past few years, I think 8 or so, I take my bonus check and buy 80% raspberry Pis, 20% add ons.
Then I find a high school and middle school technology teacher, and give them the equipment. Then I schedule 3 days of vacation to go sit with the kids. Not all at once, but on the day they are given out, then half way through the school year, then a few weeks before the end of school. If the students want to come to my place for brain storming, they are welcome as long as one of their parents come too. I generally have two a month, on a Saturday or Sunday, and it generally lasts about 10 hours. NB: That's 10 hours here, not working. We also do things like BBQ or cook - which I encourage them to learn as well.
I worked with one of the recipients of this for 2 years. She recently left for a better offer. So empirical and limited evidence show this is working to an extent.
Why you libs insist on ignoring this is beyond me
For the same reason there were over 60 "symbolic" votes in the House to repeal ACA. (For a total cost of 180 million dollars) - by the way, how's that repeal going for ya?
For the same reason there were 13 investigations into Benghazi (One of which cost 13.8 million dollars). By the way - how many times was she found guilty? Oh yeah - none. Including the last investigation run by republicans.
For the same reason there were redistricting in voting districts to ensure republicans won.
For the same reason republicans push the false narrative that there is a lot of vote fraud going on - to disenfranchise those that won't vote republican.
You don't get to say 'really, we won
Ok. But 61% of the people don't think "We won" with Donald John Trump as president. This is the second time in 20 years America got a president the majority didn't want, policy not to their liking, and the minority republicans force their agenda on an unwilling nation.
The other odd thing to my mind is how frequently republicans fall into displacement/transference mental illness. EG: Obama is gonna declare martial law, oh noes! But here's trump, talking about "delaying the 2018 and 2020 elections to ensure that there isn't massive voter fraud again." and republicans are fine with that. You complain and shout down people over fears of what they might do, while they go about doing exactly what they accuse others of trying to pull.
I dislike ticket master for various reasons.
1. They try to demand exclusive right to sell tickets*.
2. Prevent purchasing a ticket, then let someone else use it
3. Spamming. I've had employers order their netblocks dropped.
4. I don't believe that their added value is worth the cost - but sometimes you just have to deal with them*, or not see the event. I usually choose to not see it, and write to the act that "Sorry I missed you, but the only way to attend was via Ticketmaster, and I won't deal with them."
*If I recall correctly, but honestly, it's been a number of years so I could be mistaken.
LynnwoodRooster,
Yes - that is my point exactly. Avoiding tax is legal. I'm saying that while it is within the letter of the law, it's the spirit of the law that is injured.
Worse, it is a shareholder cause of action of the corporation does not do all it legally can to avoid a tax.
I'm saying that we need to re-write the law so that "If you make a profit in the US, then you pay a tax in the US."
Are taxes too high? I think a 35% tax rate on profit does seem high to me. On the other hand, it doesn't matter what the tax rate is, if it can be avoided. Fix the avoidance, then fix the rate of tax. At it stands, corporations that move ownership of IP to Ireland avoid 100% of US taxes. That offends my sense of balance and justice when it's done simply to avoid (legally) US taxes.
We live in a state that is geared to support the military, our infrastructure, education, the poor, and the elderly. To do that takes money in the form of taxes we all agree to. When Apple, Burger King, and other corporations move their profit to be out of reach of US taxes, they gain the benefits of those improvements without supporting them.
I consider that not just a cheat, but dishonest - even if legal.
As to forgoing some write offs - I do. Because the reporting aspects offend my sense of honesty and privacy. I'm quite willing to pay taxes to support these (dis)united states, and to make sure our children get school, and our elderly have food, health care, and a dignified retirement. Beyond my taxes, I spend more in supporting causes I believe in. Read that again - I give to charity more than I pay in tax.
Why?
Because I have it, and it's needed. Can I solve all the world's problems? Oh, I only wish I could. But I do what I can with what I have when I have it. "Evil (and/or treason) prospers when good men do nothing." I support a few families that are staunch supporters of a party I absolutely do not support. But they are human beings in dire need that our system is failing through no fault of their own. I'm sure if I looked, I could find another family that supported my views. But that's not the eff'ing point. The point is to care for your fellow human being, even if you disagree with them. "Look not to your brother's plate to see if they have more than you do, look to see they have enough."
I am sure that you do what you can for your neighbors. "Life isn't fair" they say. I say, yeah, it isn't. Especially if we do nothing to correct it. Maybe that is why we are here - to share the joy of close family, and to share that with others. I have found no other reason that makes sense. Perhaps there is more than I see, and if so, I hope someone will share it with me. Money means little beyond what I need to survive. People mean everything to me, even when I don't agree with them.
Treasury bonds are an investment instrument.
Yup. Oh - how much does Apple pay in taxes again? Oh, yeah, that's right. The ship the money to Ireland to avoid US taxes.
So we get screwed twice. No money from taxes, then pay for them to invest here. A two-fer.
"Make money here - pay taxes here." Once corporations do that, then we can take a look at how much the taxes are.
What planet do you live on? They get so much special treatment it's scary.
I took the original post to say not that they weren't getting special treatment (which they do), but that they were complaining they weren't getting more of it.
No, that is not correct.
I'm of two minds about LinkedIn.
In the first place, I'm required to have an account by my current employer.
In the second place, LinkedIn in my opinion does a ton of scraping themselves (asking to access your mail box contacts, for instance.) But at least Linkedin ASKs to access it. Still, it feels creepy to me. The "psycho" girl friend kind of creepy.
On the third hand, LinkedIn told the to stop. So they should stop.
By Saturday night they were tweeting video of a WinVote machine playing Rick Astley's "Never Gonna Give You Up."
So, you're saying America got Rick Rolled on November 8th, 2016.
Explains a lot.
I heard about the Rumba mapping out the house. I heard the data was to be sold to deep data. What I don't understand is how anyone could think this could be monitized. Other than thiefs with way too much money to spend, anyway, and even there, it's not clear how that would be useful to them.
In any case, I was just wondering.
I asked my neighbor lady if she loaded up twitter to follow President Trump.
Her answer: "If I wanted to listen to a fat, arrogant, crazy old man, I wouldn't have gotten a divorce."
As noted by many, many others, Slack is a resource hog.
It's unusable in Firefox or Chrome in linux as it slows the whole machine down. Scrolling is sticky and laggy and a time sink because it takes so long.
The client is a little better, not much.
Also Slack forces you to have a General channel, which everyone is forced to use. With a few thousand people in it, it quickly because useless chatter that you can't shut out (you can mute it though).
I won't load the app on my phone. Others in my team have reported a "poor" experience and I need the phone for emergency systems down.
Overall, while Slack is pretty, I think older IRC client's with a bouncer are more suited to how I prefer to work. I'm guessing that Slack is more for people that don't want to learn how to run an IRC client and want a pretty front end to look at.
Here's a test I used to give people applying for a job as a programmer over the phone to get a "serious" interview.
1. Use pseudo code to display invoice transactions. Your data set is:
Primary Key: Account number
Secondary key: Transaction date/time
3rd key: transaction number (a hash of the account number, date/time)
Note: Database returns are in ascending key order by default.
2. Use pseudo code to return a list of US coins to add up to $5 dollars.
3. You have 100 feet of property you want to erect a fence on. How many fence poles do you need if you place a post every 10 feet?
4. Describe how DNS works
5. What verbs are available for HTTP?
\\\\\
Answers:
1. If not sorted in reverse date/time order, fail. When you need to look at an order, it is rarely the first one you ever had with us that is the issue.
2. Dollar coin, fifty cent coin frequently missed
3. 10 posts == fail, 11 posts == pass. 11 posts, but you might need another just in case == extra consideration as not all posts can be expected to preform 100% without inspection protocols or in case of error. So it may be worthwhile to have a spare around.
4. Look to see if they mention TCP at all. Most will forget that. If they do, ask when TCP will always be used (large zone file transfers is most common)
5. PUT, POST, GET, HEAD DELETE
Meta:
If I hear a lot of keyboard clicks in the background, I'm assuming they are using a search engine. Not bad in and of itself, it's sometimes faster to find out things via the web. But I will be digging in more for those folks.
They need to score 4 out of 5 to get a in person interview. These days, I'm no longer management and no longer am involved in hiring.
I don't report bugs to the company. I may report it to their ISP, but usually I don't bother in the sense I don't go looking for bugs.
I don't know, but isn't there a bug reporting system that will allow anonymous communication? If not, maybe that's something CERT could look into sponsoring.
Sort of like the old abuse.net system, where you could register "Hey, this is where we take spam reports seriously." That way the clued in sites will let the whitehats know their reports are taken seriously, and the white hats know they at least have a simi-clued in contact and won't let slip the dogs of war because there's something wrong.
Again, all I'm interested in are my own sites, and I'll hardly dox myself.
Indeed. We've set up bastions to access these devices.
To the person that voted this as "flame bait": I can see how you would consider it so. I'm disappointed though. My comments were not submitted as a troll, but a plea to consider that there are those of us that simply do not have a choice to make sure the latest java and the latest codex's are installed. Not when there are hundreds of thousands of devices, and not when some of the gear is too old to support the newest versions, and not when federation for updates is impossible.
I would wish that all vendors of software consider "at scale" and at least have a plan for those cases.
There's not much you can do to stop it really.
Sorry, that's the way email works.
Have you tried ICMP? Actually, it didn't occur to me. So there's a major "derp" on my part. Thank you, I'll look into it.
I'm angry with FireFox. I have been using it for many years, and for a long time, I thought it to be the bee's knees, the cat's meow.
However, their high handed way with security and such has come to the point that I can't trust them. I use Firefox browser in my work. When they block things for security reasons, it stops me from being able to work. I have to manage over 250,000 devices on an internal and secure network. We don't have resources to upgrade those devices - indeed, many of them cannot be upgraded.
Hey - Firefox folks - not every one is a security idiot, and not everyone has the dosh to replace still functioning equipment.
No matter. I've been reduced to using other browsers anyway because FireFox has become too resource intensive and intrusive. Yes, I know I'm a "special snowflake" but it is disheartening to have to discontinue using a tool I used to love so much.
I do still use it for my personal needs for the most part, but no longer for my banking or retirement sites. For work I no longer use it at all.
I had a really snarky and funny line to start this off with, simulating network lag, but Slashdot filters insist that I remove junk chars. from the post. sigh
I do work for people with no other access to internet other than cell they can afford. Most of them are elderly, and most of them have health monitors that report to their heath care professionals via Internet. Pacemakers are big, though there are some that use it for other health monitoring including checking to see if they've opened their medications for the day, and a few that are under court ordered monitoring while their cases are pending.
What I've noticed is that UDP packets seem to be targeted, but not TCP so much. I've started using Raspberry Pi's to wrap UDP, deliver it the cell network, then on to a cloud server, then use the cloud server to unwrap the UDP and forward it. It's not just Verizon I see this issue with, but all major carriers and some minor ones. I can't say the UDP packet loss is nefarious action by the ISP. After all, the advantage of UDP is not having the overhead of TCP. But it does seem odd.
Most of the people I help out are in small towns far from any metroplex. I am training my replacement though, because as I mentioned in another post my own health is declining. I will be putting up my scrips to github shortly so if you're interested in helping out folks, you don't have to re-invent what I've done. A lot of it is bash with standard utilities, but some of it is python or C programs. All of it is documented to the point of "A PHB can do this." because that's the way I document. Smart folks can scan it for nuggets, and those not well versed in the art can advance their skills.
Aside: One of the scripts had a one liner - but the documentation for that single line runs three pages. It has to do with taking a hundred lines of data, formatting it, wrapping it in JSON, and sending it on. I tell you exactly why each flag is used, why it's there and what it does, what to look for if there are errors, and where to find more information if I didn't cover it. Yeah - a bit of over kill. I'm trying to make it so that even the most inexperienced can help their loved ones if they have no other options.
I used to help set up CLECs for places without any internet, but in the past three years this have become impossible or too expensive due to changes in state law. I tired to get a pole permit (move other telecoms equipment - POTS line in this case) five years ago, and it's still pending approval. It's moot now - that pole no longer is there. It was removed when they pulled out the POTS wiring.
Anyway, Verizon isn't the most evil out there, though I don't think in any way they have a halo. AT&T in my opinion is far, far worse.
I was in charge of a very large library system. In 20xx (I don't want to be specific), the Chief Technical Archivist issued me a directive: Purge all logs with personally identifiable information after 7 days that the transaction closed. EG: Any books checked out, that record's PII was to be deleted after 7 days of checking it back in.
The patron's record showing how many books they checked out was to be purged as well - EG: reset to zero for any but books currently checked out.
Only aggregate data was to be retained. Daily transaction logs were to be purged immediately - which was a pain in the neck, because that meant the system had to be shut down for a full cold back up every day - which could not be kept for more than a few days. (I solved this issue by using RAID 50 and splitting the RAID mirror, then backing it up, then resyncing the mirror. That way it was "cold", but the system was down for only a few seconds.)
On my personal sites, I set the log files to /dev/null, and only log when I have a issue (technical or user).
Time to get our snoopy government out of our hair. They must be forced to stop shoving their nose in our crotch with indiscriminate abandon. Am I against prosecuting crime? Not at all. But I'm not in favor of our government being able to snoop into every breath we take, every penny we spend, every call we make, every text we have. "They hate us for our freedoms" - what a FSCK'ing JOKE.