Re:Looking at it from a different angle
on
Keeping the Lights On
·
· Score: 2, Interesting
I'm in my early forties, and I find it increasingly difficult to compete in today's job market
I had one interviewer say "well, I guess you don't know anything about Linux." when he saw I was mid-fourties. I told him I had floppies from waaaay back that said "Xenix - Microsoft Corp". He looked blank. Then I said "Yeah, I grok Unix, Xenix, Linux, Solaris. I've worked with DEC rainbows, 2b3's, Altos, RS6000's, SCO, Concurent..." he kept looking blank. I finally said, "I've been around the block. I have worked with a majority of variants of Unix, including Linux. I've got Linux experience since Kernal 0.96. through kernal 2.6"
Then he said, and I kid you not...... "What's this "kernel" stuff? I need L-I-N-U-X people."
My resume, right in the first sentence, says "7 years experience with Linux in current employment". The guy didn't read it, I guess, nor was I called again. I heard the project folded, so I guess it's all for the best.
TiVo recently changed their customer agreement, allowing them to institute service contracts with early cancellation fees.
I concluded two years ago when I was looking at Tivo that the company were b*stards. I didn't buy one. Now, with Digital Restrictions Management (DRM) in it, I see even less reason to own one, and fewer TV shows I'd care to watch.
Heck, with all the extra time I have NOT watching the boob toob, I have a LOT more fun, get a LOT more done, and don't pay cable/sat bills anymore. Screw TV. It's just another drug for the masses.
Tough call - DRM is coming (Or is already here), one way or another, and is better to work on creating something done right, or to object to it on moral grounds?
I'm sure Hollywood has only my best interests at heart when they cram their broken technology down my gullet. Personally, any equipment I pay that much for that refuses to let me do what I want is technology I'll take a pass on.
MPAA may have wet dreams about all the monet their feavored brain says is "lost" due to copyright infringement, but I haven't seen anything lately I'd pay monet to see, let alone the kind of money they want for HD-TV.
Not only will future HD content not play in pure HD on most existing monitors (it will be degraded, or not shown at all), but high-end monitors today don't support HDCP yet.
With block busters like the Dukes of Hazard, I'll just pass on the $7,000 monitor with the $2,000 add on tuner.
Dead Tree books don't have my rights "managed" for me. I like that about a technology.
The biggest threat to Linux is not Microsoft, but rather integration and interoperability issues among various Linux distributions and their applications.
What a moron. Windows is not the biggest threat to Linux. That I can agree with. Windows is the best reason to switch to Linux. Microsoft isn't a threat, obvious patents filed by Microsoft are the threat. Sure, the patents are bogus, but it takes lots of money to fight off the hydra.
I took the quote from someone else's posting. I refuse to give a hit to a site publishing her trash.
'Carper says the bill will keep kids away from X-rated material.'"
It's my experience that keeping kids away from anything is almost impossible. That said, I'd rather my kids (depending on age... 10 is too young, 18 and they are getting to be adults) get into porn than violence. Now, S&M, rape, and the other stuff that includes violence in the porn wouldn't be good, but just "normal" porn wouldn't bother me over much.
I kind of wish there was some porn out there about loving relationships. The "PIZZA BOY, AND HERE'S YOUR PEPIRONI!" type porn is just too corny to stand. Most porn is about the mechanics of power, not sex per-se. Almost all the porn I've seen is more about powertrips than sex, and it's about getting sex at any price rather than the relationship.
I'm not sure why we Americans are so obsessed with sex, though. It's pretty sick. I remember one righty wanted to punch me out because I told him that if he thought the human body was obsene, he should complain to the manufacturer.
What are the differences between Windows, Unix, and mainframe programmers?
A Windows programmer bangs and bangs away throwing all kinds of code (much of it provided by the IDE) at the problem until it is declared by Fiat to be solved (usually it isn't. Solved, that is.)
A mainframe programmer comes in early, carefully considers the problem, evaluates the business need, and spends weeks coding in RPG or COBOL to solve it, and stays late every night, and carefully updates the site log to add the new program. Once solved, it's solved! (It had better be!) Oh, and they have these nifty pocket protectors...
A Unix programmer comes in late, kicks off his shoes, yawns, scratches, reads the email for the project out line, pounds out some code before lunch, takes a two hour lunch, leaves early, and right before he goes sends the email back saying "Check this and see if it's what you want, to be sent sometime after midnight.
Those are the chief differences between programmer types... Oh, yeah, none of the above can stand the others. The Unix admin is the hardest to tell, but check with the others to see if they are getting all their email, and you'll know, you'll know...
Truthfully, though, a PC programmer normally has a small outlook on the problem. If it's a large process, he may think in terms of server/client, EG: lots of clients pinging a server with results for colation. A mainframe programmer looks at a problem monolithically, EG: it's all done in one place. A Unix programmer tends to think in distributed/monolithic terms... parts are done with child processes/offloaded to other cpus, with the final results on one machine.
Of them all, I'd say that Unix programmers gennerally get huge multi-threaded projects done the best, mainframe programmers are great for business intelligence programs, and PC programmers are great for games and pretty pictures on the screen... You might say, call a Unix programmer to solve a problem, a mainframe programmer to report how it was solved, and a PC programmer for the PHB eyecandy/dumb salesclot interfaces.
WARNING: There is no known cure once a person has bitten by the model railroading bug.
Model railroading has gotten quite a bit of tech to it.
Used to be that you plonked the engine on the track, pushed some DC, and off you went.
That was then, this is now.
Digital Command Control (DCC) by Digitrax, EasyDCC, some pretty cool electronics interfacing stuff by Dr. Chubb (over at JLC Enterprises, or you can go with Protrak's system, Grapevine, and WOOT! WOOT! Some Open Source stuff from JMRI (and see the quote about controlling someone's layout from 600 miles away...)
Yeah, model railroading has gotten high tech alright. No, you can't run my stuff over the internet, yes, I could if I wanted to let you. No, you'll have to come to an open house sometime. If you think you might like to get involved with it, check out The NMRA and find a club local to your area... but the hobby shop might be a better bet.
I have to echo the above advice. Someone is always loading something you don't know about. Example: someone loaded awstats on a server and it got owned. The server WAS behind a firewall. The firewall did nothing to prevent it.
The other advice I have is to use a straight dnat-dpat proxy and don't allow anything in that didn't originate from inside. My opinion is that a firewall only gives you a false sense of security if there is any service presented to the untrusted side from the trusted side.
Nowadays, Hewlett-Packard sells ink for a living, Texas Instruments earns more from its legal department than from its engineering department, and policies like Google's sound like something from a Star Trek script. It seems that the best we can hope for is that the American technology industry as a whole relearns what it knew fifty years ago.
You mean that SCOX wasn't the first to come up with litigation as a business model? (grin)
Fifty years ago, corporate America didn't have as many MBA around pushing for ever higher stock prices.
Also look around today. Today, nothing is fundimentally different than fifty five years ago. All technology devemopments since then have been, for the most part, improvements rather than basic shifts in the underlying technology. What US government policy hasn't killed off in basic research, "free markets" and corporate interests have.
The way to fund basic research is to hand a bag of money to people that know a lot, then get out of the way. Don't tell them that you can't use that stem cell line, or that you can't go around carbon dating things that date back more than six thousand years because the world didn't exsist then. First, because it is just plain silly, second, the restrictions give false information that then points to false paths for further research. False paths and untrue 'facts' are great for religious beliefs, but not so good in science or the real world.
All this makes you wonder what other supercomputers are out there, not known to the press, and if it's time to increase the size of your private key and strengthen your encryption.
Real Security starts when you don't use computers to transfer the data. Very sensitive data (to the holder) frequently goes by encrypted, time limited, self destruct if handled wrong, media paths. Not over the Internet. Sneaker net on steriods, in other words.
What kind of data is handled that way? One time pad transfers for banking, [REDACTED], and [REDACTED], for starters.
Hmmm... ever get a creepy feeling between your sholder blades that someone is watching you....?
It really is that simple. Unless the district has cash problems (and all of them do with the silly spending sprees they go on for their favorite hobby-horse "vision" du-jour) then it is pretty solid that it'll be Microsoft. And they will count the education discount as "savings" too. Bet on it.
How do you handle these 3rd-party security people who make mountains out of every molehill?"
"Well," said I, "Tell me... exactly how much did you pay for this report?"
"What's that got to do with anything?!" the PHB said.
"You see, if you paid more than $1,000USD for it, well, the way I see it, the people have to find something to make you feel as if you got your monies worth. These "holes" and such are nothing more than just how a system works, you see. And the tools they used to do the report are all free tools that we could have used ourselves had you given us the time to do it." sezs I.
"You're just covering your incompentent backside!" growled the PHB.
"As for being incompentent, well, I'll take just a slight bit of umbrige at that. After all, when is the last time we fell down on the job for you? When were we hacked last, and the time before that? And how long did it take to recover?
"You see," I continue, "the problem here is that we simply cannot afford perfect security. Our staff would be four times larger, our ability to do things would be less than 10% of what we do now, and all for something that hardly ever happens. Now, I admit, there are some things we have to protect without fail, but we cannot protect everything without fail all the time, in all ways. We know what it is you need done, we know what limits you'll accept, and we work in those bounds to keep the plates spinning and the systems humming, and we plan for the times when our security will fail and be able to recover quickly."
"Well, these guys say you are falling down on the job! What about that!!!?" howls the PHB.
"Well, now, boss man, it's like this. When was the last time you turned on a news report and they said "Everything's fine, turn off the news and go back to your life."? Never, I'll bet. You see, security audits and news are a lot alike. There's more money in gloom and doom than ever there was in green fields and times of plenty. Jeffe, if these guys were so good, they'd be mewed up in some large corporate lab and would never, ever be allowed to speak with anyone, lest they violate some clause of their NDAs. God like security people simply DO NOT work freelance. Never. Any tyro can look at a masterpiece and see flaws, but a true Master can see past surface blemishes and capture the work of art. Now, I admit, there are lots of things I'd like to do if we had time, but, we have to keep the money flowing, the systems humming, and the work going. We simply cannot stop the whole company to fix things that are minor or very tough to crack instead of impossible. But I tell you what. Why don't you allow us 4 hours per person a week to work on the top priorities that report shows, and we'll crack that out."
"FOUR HOURS!! EVERY WEEK!!! FOR EVERY I.T. GUY!!!? ARE YOU NUTS!!! DO YOU THINK I AM!!!?" shreaked the PHB.
"Well, Sahbib, that's why we haven't already been jumping on those issues. I didn't feel you'd support the manpower cost, and let us put aside our current projects to address, what is after all, some minor problems. But we work for you, and if you want it done, by golly kingmosabe, we'll jump after it!" I exclaimed, almost saluting.
"Well, four hours a week is out of the question. I simply won't permit it!" bellows the big guy.
"Bigguy, we'll do the best we can with two hours a week..." I trail off...
"NO WAY. You slackers get no more than ONE man, ONE hour a week!"
"Well, your gold, we'll do the best we can." I sez.
"See that you do. Now get out of here and go do whatever it is I pay you to do." the PHB says, punctuation his dismissal with a distainful sniff.
I slink out of the office with rounded shoulders and the air of defeat about me. As soon as I turn the corner, I perk up, realizing that now I get off an hour early every Friday...
Months later, after the jerk of a PHB had run off anyone with any slight ability, he went out during the dot bomb bust. Word was he managed to hire some of those "security" people that felt that BGP announcements were a security risk and should be discontinued...
There is very little you can do if you can't get ICANN up off their butt. Since the time line is so short, a legal option may not work for you.
Now, I am not a lawyer, and I don't even play one on TV, but one option is to get an attorney. Take her/him the paperwork showing you purchased the domain, and write down what's going on. About your only hope is to get a temporary restraining order to ICANN not to allow the sale of the domain name to someone else until this gets sorted out. Depending on your area, expect to pay about $10,000 for the first stage.
If your domain name isn't worth $10KUSD to you, then use GoDaddy.com to "reserve" the domain.
You may not get it, but you'll spend $18USD on it.
I use GoDaddy and DomainDiscover for my registration needs. GoDaddy support is the BEST, but I use Domain Discover when some fuddyduddy says "How can we trust a company calling itself "GoDaddy?!""
First, because the EULA says you are.
Second, because it's in the 98 consent decree that you are entitled to a refund if you remove the software and do not agree to the license.
AvatarofVirgo wrote in to mention an article running on ZDNet in which the consulting firm The Yankee Group goes after folks in the Linux community who have been questioning their objectivity.
I don't question DiDiot's objectivity, she has none. I don't question The Yankee Group's compentence for the same reason. I refuse to waste my time with either.
You're right, i don't. But isn't it better to deal with this internally than to use a shared blacklist? If one person can't manage it, hire more people.
It is impossible to deal with effectively internally. Spammers send through a handful of spams per zombie to each IP block. Therefore, all you see are low volume emails from thousands of IP addresses. However, if I get a spam and report it pronto, that IP won't be sending half a dozen spams to your domain. (Using the SpamCop model.)
Also, there is just so much a company can afford to spend on spam. The abuse desk I work at reports an average of 200 spams per hour (about a 1/3 of what we actually receive). (My users report any spam to our abuse desk for us to report to the sending ISP and entry into our local block list.) There are three people doing reports, and hundreds of spam trap accounts that report automatically without abuse desk intervention.
Using industry averages, a 100,000 user account customer sending/receiving 250,000 real messages per day can expect 200,000-300,000 blocked spam message per day and in the area of 21,000-25,000 spam messages that evade filters/block lists.
Having your email blocked for no good reason is irksome, yes. But most blocks have a good reason behind them. You may not agree with the reason, but the person that runs that server does, or (s)he changes the policies on the server.
"Recently, my co-location facility was hit by a massive blacklist by an over-zealous 'investigator' at MAPS. 180,210 IP addresses in total are included in the blacklist -- and all because of a few spam complaints that weren't dealt with quickly enough.
Define "quickly enough". If it's been more than 48 hours and the spammers are still there, that's too slow.
To make matters worse, they put this in effect either late Friday night, or early Saturday morning -- hours during which MAPS is not available for contact! (Mon-Fri, 9-5 only) How do people deal with MAPS and other RBL services who will not cooperate or be reasonable?
By not having a spam/virus transmisison problem. Works for me.
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?"
Yes.
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open.
When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly.
Impossible without using their web forms, that is.
And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs.
Lets see, you are a customer of the people with the problem, you are not in the loop with your ISP as to exactly what actions have been taken, you don't know exactly what customers were involved, nor any of the sensitive details someone is going to want to know when there has been a massive spam run. Gee, that's too bad poor baby.
Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend!
Never heard of snowshoe spamming? You live in a cave? News flash, many responsible systems admins block far more than just a/19. Many block/7's and/6's on private block lists.
I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone.
See link to web form above.
When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
See above about having "standing".
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue.
If you are a business owner and fail to understand exactly why email is not a garenteed delevery system, and your business depends on email, then you are very stupid and deserve to go broke.
I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
And spammers NEVER lie. They NEVER pose as someone else. They ALWAYS tell everybody what IP ranges they intend to use in their spam run two weeks before thay use it.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
Good for you. Now, when you get finished thinking about that, think about how you can make your small business profitible when you can't use email. It's obvious to me that you fail to understand what went wrong, who is to blame for it, and what to do about it.
I think in all we got 2 spamcop complaints and one complaint from a person so obviously there wasn't -that- much spam sent before we were notified and nuked the formmailer.
About 1 in 100,000 spam emails gets a complaint according to studys. Your three or four complaints represent up to half a million spam mesagess. Not a small problem.
Also, professional hosting services run find and grep to look for those vunerable form mail scrips that amature web masters seem to find all the time. Why did you have to receive a complaint at all?
If you think spammers don't vet their zombies against DNSbls, then you don't know spammers.
My opinion: if you have to depend on somebody else to compile a blacklist for you, you are lazy and shouldn't be running a mailserver in the first place.
Frist, I've not especially noted Yankee Group as a reliable source of information. And second, if Laura DiDio said the sun rose in the east, I'd call NASA to confirm. Everything I've read that she's written has had serious factual flaws.
There's a lot to like.
Not in my experience with multi-thousands of desktops. About all I can say is that it's better than nothing.
Heh. In case you haven't noticed, there's a severe shortage of people who know what the hell they're doing.
I noticed that at work, actually. Starting with the management and all the way down. Most of the people that actaully DO the work are pretty bright, or at minimum CAN do the work... This isn't the usual PHB gripe either. I mean, management seriously lacks clue, seriously avoids it, and selects software and future plans based on what slick salesmen and pretty brochures say. The manager that understands the most technically wouldn't qualify as a level I admin, but thinks he knows the technical end better than any of the admins. I'd go on, but there isn't any point, nor any hope.
with the aim of bringing management of Linux desktops and servers on par with that of Windows desktops and servers.
And why would we want to subject ourselves to that kind of difficulty, pain, and anguish? The tools that are already part and parcel of Unix/Linux are complete and useful for that. All it takes is someone that knows what the hell they are doing.
until I tried entering the Authentication Key found on the CD case. This produced an error that my key had already been used. Note that it says 'already been used,' not 'currently in use.
I'm glad this was posted. I was going out to buy one of Blizzards games, since I've heard so much about it, but now I'll know to go to a reputiable company for my needs.
The company I work for put out a 1.2 M USD bid for telecom service. MCI and SAVVIS both bid.
I printed a list of the spammers on both, set them in front of my boss along with the RBL entries for them, and told him I couldn't work for a company that would support these people with contracts, that I would have to leave if either bid was accepted. And I ment it. And he could tell.
End result: Both were disqualified from the bidding process.
MCI & SAVVIS: Get rid of your spammers. All of them.
Slashdot Mirror
I had one interviewer say "well, I guess you don't know anything about Linux." when he saw I was mid-fourties. I told him I had floppies from waaaay back that said "Xenix - Microsoft Corp". He looked blank. Then I said "Yeah, I grok Unix, Xenix, Linux, Solaris. I've worked with DEC rainbows, 2b3's, Altos, RS6000's, SCO, Concurent..." he kept looking blank. I finally said, "I've been around the block. I have worked with a majority of variants of Unix, including Linux. I've got Linux experience since Kernal 0.96. through kernal 2.6"
Then he said, and I kid you not...... "What's this "kernel" stuff? I need L-I-N-U-X people."
My resume, right in the first sentence, says "7 years experience with Linux in current employment". The guy didn't read it, I guess, nor was I called again. I heard the project folded, so I guess it's all for the best.
I concluded two years ago when I was looking at Tivo that the company were b*stards. I didn't buy one. Now, with Digital Restrictions Management (DRM) in it, I see even less reason to own one, and fewer TV shows I'd care to watch.
Heck, with all the extra time I have NOT watching the boob toob, I have a LOT more fun, get a LOT more done, and don't pay cable/sat bills anymore. Screw TV. It's just another drug for the masses.
I'm sure Hollywood has only my best interests at heart when they cram their broken technology down my gullet. Personally, any equipment I pay that much for that refuses to let me do what I want is technology I'll take a pass on.
MPAA may have wet dreams about all the monet their feavored brain says is "lost" due to copyright infringement, but I haven't seen anything lately I'd pay monet to see, let alone the kind of money they want for HD-TV.
Screw 'em.
With block busters like the Dukes of Hazard, I'll just pass on the $7,000 monitor with the $2,000 add on tuner.
Dead Tree books don't have my rights "managed" for me. I like that about a technology.
What a moron. Windows is not the biggest threat to Linux. That I can agree with. Windows is the best reason to switch to Linux. Microsoft isn't a threat, obvious patents filed by Microsoft are the threat. Sure, the patents are bogus, but it takes lots of money to fight off the hydra.
I took the quote from someone else's posting. I refuse to give a hit to a site publishing her trash.
It's my experience that keeping kids away from anything is almost impossible. That said, I'd rather my kids (depending on age... 10 is too young, 18 and they are getting to be adults) get into porn than violence. Now, S&M, rape, and the other stuff that includes violence in the porn wouldn't be good, but just "normal" porn wouldn't bother me over much.
I kind of wish there was some porn out there about loving relationships. The "PIZZA BOY, AND HERE'S YOUR PEPIRONI!" type porn is just too corny to stand. Most porn is about the mechanics of power, not sex per-se. Almost all the porn I've seen is more about powertrips than sex, and it's about getting sex at any price rather than the relationship.
I'm not sure why we Americans are so obsessed with sex, though. It's pretty sick. I remember one righty wanted to punch me out because I told him that if he thought the human body was obsene, he should complain to the manufacturer.
A Windows programmer bangs and bangs away throwing all kinds of code (much of it provided by the IDE) at the problem until it is declared by Fiat to be solved (usually it isn't. Solved, that is.)
A mainframe programmer comes in early, carefully considers the problem, evaluates the business need, and spends weeks coding in RPG or COBOL to solve it, and stays late every night, and carefully updates the site log to add the new program. Once solved, it's solved! (It had better be!) Oh, and they have these nifty pocket protectors...
A Unix programmer comes in late, kicks off his shoes, yawns, scratches, reads the email for the project out line, pounds out some code before lunch, takes a two hour lunch, leaves early, and right before he goes sends the email back saying "Check this and see if it's what you want, to be sent sometime after midnight.
Those are the chief differences between programmer types... Oh, yeah, none of the above can stand the others. The Unix admin is the hardest to tell, but check with the others to see if they are getting all their email, and you'll know, you'll know...
Truthfully, though, a PC programmer normally has a small outlook on the problem. If it's a large process, he may think in terms of server/client, EG: lots of clients pinging a server with results for colation. A mainframe programmer looks at a problem monolithically, EG: it's all done in one place. A Unix programmer tends to think in distributed/monolithic terms... parts are done with child processes/offloaded to other cpus, with the final results on one machine.
Of them all, I'd say that Unix programmers gennerally get huge multi-threaded projects done the best, mainframe programmers are great for business intelligence programs, and PC programmers are great for games and pretty pictures on the screen... You might say, call a Unix programmer to solve a problem, a mainframe programmer to report how it was solved, and a PC programmer for the PHB eyecandy/dumb salesclot interfaces.
Model railroading has gotten quite a bit of tech to it.
Used to be that you plonked the engine on the track, pushed some DC, and off you went.
That was then, this is now.
Digital Command Control (DCC) by Digitrax, EasyDCC, some pretty cool electronics interfacing stuff by Dr. Chubb (over at JLC Enterprises, or you can go with Protrak's system, Grapevine, and WOOT! WOOT! Some Open Source stuff from JMRI (and see the quote about controlling someone's layout from 600 miles away...)
You want sound with that? No Problem!
Yeah, model railroading has gotten high tech alright. No, you can't run my stuff over the internet, yes, I could if I wanted to let you. No, you'll have to come to an open house sometime. If you think you might like to get involved with it, check out The NMRA and find a club local to your area... but the hobby shop might be a better bet.
The other advice I have is to use a straight dnat-dpat proxy and don't allow anything in that didn't originate from inside. My opinion is that a firewall only gives you a false sense of security if there is any service presented to the untrusted side from the trusted side.
You mean that SCOX wasn't the first to come up with litigation as a business model? (grin)
Fifty years ago, corporate America didn't have as many MBA around pushing for ever higher stock prices.
Also look around today. Today, nothing is fundimentally different than fifty five years ago. All technology devemopments since then have been, for the most part, improvements rather than basic shifts in the underlying technology. What US government policy hasn't killed off in basic research, "free markets" and corporate interests have.
The way to fund basic research is to hand a bag of money to people that know a lot, then get out of the way. Don't tell them that you can't use that stem cell line, or that you can't go around carbon dating things that date back more than six thousand years because the world didn't exsist then. First, because it is just plain silly, second, the restrictions give false information that then points to false paths for further research. False paths and untrue 'facts' are great for religious beliefs, but not so good in science or the real world.
Real Security starts when you don't use computers to transfer the data. Very sensitive data (to the holder) frequently goes by encrypted, time limited, self destruct if handled wrong, media paths. Not over the Internet. Sneaker net on steriods, in other words.
What kind of data is handled that way? One time pad transfers for banking, [REDACTED], and [REDACTED], for starters.
Hmmm... ever get a creepy feeling between your sholder blades that someone is watching you....?
Nobody was ever fired for buying Microsoft.
It really is that simple. Unless the district has cash problems (and all of them do with the silly spending sprees they go on for their favorite hobby-horse "vision" du-jour) then it is pretty solid that it'll be Microsoft. And they will count the education discount as "savings" too. Bet on it.
Been there.
How do you handle these 3rd-party security people who make mountains out of every molehill?"
"Well," said I, "Tell me... exactly how much did you pay for this report?"
"What's that got to do with anything?!" the PHB said.
"You see, if you paid more than $1,000USD for it, well, the way I see it, the people have to find something to make you feel as if you got your monies worth. These "holes" and such are nothing more than just how a system works, you see. And the tools they used to do the report are all free tools that we could have used ourselves had you given us the time to do it." sezs I.
"You're just covering your incompentent backside!" growled the PHB.
"As for being incompentent, well, I'll take just a slight bit of umbrige at that. After all, when is the last time we fell down on the job for you? When were we hacked last, and the time before that? And how long did it take to recover?
"You see," I continue, "the problem here is that we simply cannot afford perfect security. Our staff would be four times larger, our ability to do things would be less than 10% of what we do now, and all for something that hardly ever happens. Now, I admit, there are some things we have to protect without fail, but we cannot protect everything without fail all the time, in all ways. We know what it is you need done, we know what limits you'll accept, and we work in those bounds to keep the plates spinning and the systems humming, and we plan for the times when our security will fail and be able to recover quickly."
"Well, these guys say you are falling down on the job! What about that!!!?" howls the PHB.
"Well, now, boss man, it's like this. When was the last time you turned on a news report and they said "Everything's fine, turn off the news and go back to your life."? Never, I'll bet. You see, security audits and news are a lot alike. There's more money in gloom and doom than ever there was in green fields and times of plenty. Jeffe, if these guys were so good, they'd be mewed up in some large corporate lab and would never, ever be allowed to speak with anyone, lest they violate some clause of their NDAs. God like security people simply DO NOT work freelance. Never. Any tyro can look at a masterpiece and see flaws, but a true Master can see past surface blemishes and capture the work of art. Now, I admit, there are lots of things I'd like to do if we had time, but, we have to keep the money flowing, the systems humming, and the work going. We simply cannot stop the whole company to fix things that are minor or very tough to crack instead of impossible. But I tell you what. Why don't you allow us 4 hours per person a week to work on the top priorities that report shows, and we'll crack that out."
"FOUR HOURS!! EVERY WEEK!!! FOR EVERY I.T. GUY!!!? ARE YOU NUTS!!! DO YOU THINK I AM!!!?" shreaked the PHB.
"Well, Sahbib, that's why we haven't already been jumping on those issues. I didn't feel you'd support the manpower cost, and let us put aside our current projects to address, what is after all, some minor problems. But we work for you, and if you want it done, by golly kingmosabe, we'll jump after it!" I exclaimed, almost saluting.
"Well, four hours a week is out of the question. I simply won't permit it!" bellows the big guy.
"Bigguy, we'll do the best we can with two hours a week..." I trail off...
"NO WAY. You slackers get no more than ONE man, ONE hour a week!"
"Well, your gold, we'll do the best we can." I sez.
"See that you do. Now get out of here and go do whatever it is I pay you to do." the PHB says, punctuation his dismissal with a distainful sniff.
I slink out of the office with rounded shoulders and the air of defeat about me. As soon as I turn the corner, I perk up, realizing that now I get off an hour early every Friday...
Months later, after the jerk of a PHB had run off anyone with any slight ability, he went out during the dot bomb bust. Word was he managed to hire some of those "security" people that felt that BGP announcements were a security risk and should be discontinued...
Now, I am not a lawyer, and I don't even play one on TV, but one option is to get an attorney. Take her/him the paperwork showing you purchased the domain, and write down what's going on. About your only hope is to get a temporary restraining order to ICANN not to allow the sale of the domain name to someone else until this gets sorted out. Depending on your area, expect to pay about $10,000 for the first stage.
If your domain name isn't worth $10KUSD to you, then use GoDaddy.com to "reserve" the domain. You may not get it, but you'll spend $18USD on it.
I use GoDaddy and DomainDiscover for my registration needs. GoDaddy support is the BEST, but I use Domain Discover when some fuddyduddy says "How can we trust a company calling itself "GoDaddy?!""
Yes.
First, because the EULA says you are. Second, because it's in the 98 consent decree that you are entitled to a refund if you remove the software and do not agree to the license.
I don't question DiDiot's objectivity, she has none. I don't question The Yankee Group's compentence for the same reason. I refuse to waste my time with either.
It is impossible to deal with effectively internally. Spammers send through a handful of spams per zombie to each IP block. Therefore, all you see are low volume emails from thousands of IP addresses. However, if I get a spam and report it pronto, that IP won't be sending half a dozen spams to your domain. (Using the SpamCop model.)
Also, there is just so much a company can afford to spend on spam. The abuse desk I work at reports an average of 200 spams per hour (about a 1/3 of what we actually receive). (My users report any spam to our abuse desk for us to report to the sending ISP and entry into our local block list.) There are three people doing reports, and hundreds of spam trap accounts that report automatically without abuse desk intervention. Using industry averages, a 100,000 user account customer sending/receiving 250,000 real messages per day can expect 200,000-300,000 blocked spam message per day and in the area of 21,000-25,000 spam messages that evade filters/block lists.
Having your email blocked for no good reason is irksome, yes. But most blocks have a good reason behind them. You may not agree with the reason, but the person that runs that server does, or (s)he changes the policies on the server.
Define "quickly enough". If it's been more than 48 hours and the spammers are still there, that's too slow.
To make matters worse, they put this in effect either late Friday night, or early Saturday morning -- hours during which MAPS is not available for contact! (Mon-Fri, 9-5 only) How do people deal with MAPS and other RBL services who will not cooperate or be reasonable?
By not having a spam/virus transmisison problem. Works for me.
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?"
Yes.
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open.
Their web forms are always open.
When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly.
Impossible without using their web forms, that is.
And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs.
Lets see, you are a customer of the people with the problem, you are not in the loop with your ISP as to exactly what actions have been taken, you don't know exactly what customers were involved, nor any of the sensitive details someone is going to want to know when there has been a massive spam run. Gee, that's too bad poor baby.
Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend!
Never heard of snowshoe spamming? You live in a cave? News flash, many responsible systems admins block far more than just a /19. Many block /7's and /6's on private block lists.
I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone.
See link to web form above.
When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
See above about having "standing".
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue.
If you are a business owner and fail to understand exactly why email is not a garenteed delevery system, and your business depends on email, then you are very stupid and deserve to go broke.
I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
And spammers NEVER lie. They NEVER pose as someone else. They ALWAYS tell everybody what IP ranges they intend to use in their spam run two weeks before thay use it.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
Good for you. Now, when you get finished thinking about that, think about how you can make your small business profitible when you can't use email. It's obvious to me that you fail to understand what went wrong, who is to blame for it, and what to do about it.
About 1 in 100,000 spam emails gets a complaint according to studys. Your three or four complaints represent up to half a million spam mesagess. Not a small problem.
Also, professional hosting services run find and grep to look for those vunerable form mail scrips that amature web masters seem to find all the time. Why did you have to receive a complaint at all?
If you think spammers don't vet their zombies against DNSbls, then you don't know spammers.
You obviously don't run a large mail server farm.
Frist, I've not especially noted Yankee Group as a reliable source of information. And second, if Laura DiDio said the sun rose in the east, I'd call NASA to confirm. Everything I've read that she's written has had serious factual flaws.
Yes.
There's a lot to like.
Not in my experience with multi-thousands of desktops. About all I can say is that it's better than nothing.
Heh. In case you haven't noticed, there's a severe shortage of people who know what the hell they're doing.
I noticed that at work, actually. Starting with the management and all the way down. Most of the people that actaully DO the work are pretty bright, or at minimum CAN do the work... This isn't the usual PHB gripe either. I mean, management seriously lacks clue, seriously avoids it, and selects software and future plans based on what slick salesmen and pretty brochures say. The manager that understands the most technically wouldn't qualify as a level I admin, but thinks he knows the technical end better than any of the admins. I'd go on, but there isn't any point, nor any hope.
And why would we want to subject ourselves to that kind of difficulty, pain, and anguish? The tools that are already part and parcel of Unix/Linux are complete and useful for that. All it takes is someone that knows what the hell they are doing.
I'm glad this was posted. I was going out to buy one of Blizzards games, since I've heard so much about it, but now I'll know to go to a reputiable company for my needs.
I printed a list of the spammers on both, set them in front of my boss along with the RBL entries for them, and told him I couldn't work for a company that would support these people with contracts, that I would have to leave if either bid was accepted. And I ment it. And he could tell.
End result: Both were disqualified from the bidding process.
MCI & SAVVIS: Get rid of your spammers. All of them.