OK start with the Red Hat License agreement. Have any of you read it? In a nutshell, it says that anywhere you run Red Hat on a server it requires purchase of a subscription. And you can't buy a workstation subscription for a server, it has to be a server subscription. Subscriptions are based on 'sockets', which means CPU in real terms.
A 2 socket RHEL license costs $349/year on the 'self-support' model, and a 4 socket license costs $1,598 per year for standard subscription. Compare that to Windows Server 2008. The cost is $722.99 on CDW right now for W2K8R2 Standard. BUT, that's a one-time cost. And you get patches for free, regardless if you have a support contract or not. Figure that a Windows Server version may be supported for 10 years or more (2003 will run through 2015.)
Red Hat: $350 per year for 12 years = $4,200 Windows Server: $722 total, for 12 years = $722
That ends up costing you six times as much in license and support to run RHEL. Extrapolate that across hundreds of servers, and it becomes a monstrous expense. 500 servers = $174,500 per year. And yes, I assume you are going to re-buy a license for the new Windows Server one or two revs into the future.
THIS is exactly why we are not using RHEL in a highly compliance-oriented industry, and why we elected to go with CentOS. In the end we're going to be doing the support ourselves anyway, and Red Hat's cost structure is outrageous for what you get.
Wiping your cookies, adblock, flashblock, etc - it's all worthless.
Even if you remove all cookies, the iframe that is the 'like' button will set a new cookie. Facebook tracks these new 'anonymous' cookies centrally, and then when you DO login to your actual account, they can read this cookie and marry up your previous behavioral habits and sites you visited. The advice here leads people to believe you can fight this simply by erasing cookies. The only way to really make that effective is:
1) Log out of Facebook 2) Remove all Facebook cookies 3) Browse around to other sites 4) Clear all Facebook cookies AGAIN 5) Log in to Facebook
Without step #4 the rest of it is not doing you any good.
The same is true of new signups, where your browsing history (before you even had an account!) is correlated to the new account to help build a profile of your activity.
I have no relationship to them other than a happy customer, but it took me WEEKS of effort to find a good mail relay from the cloud that could hit the inbox of all of the major e-mail providers (Gmail, Hotmail, Yahoo, etc.) They do it every time and for very little.
It sounds like you are interested in something more along the lines of batches of data and not a realtime API.
Banks / Credit Unions / FIs do this now to send transactions between their own networks. I'm not aware of a consumer-oriented version of this, but that's not to say it shouldn't exist. PayPal is starting to move that direction with their x.com API. But you are going to be hit with more charges routing through PayPal than you would otherwise.
* A solid and modern online banking application * Easily understood fee structures * Home/mobile capture * One time credit card purchasing
This is great from the perspective of a single 'end customer', but what I am getting at is more of an API that allows developers to tap in to certain types of information that might be stored at a financial institution. What type of APIs would be available, and what would be the use cases for each of them?
I'll state at a high level that I work for a Credit Union, and there are a lot of us that believe in a model such as the one you are describing. Can I take this discussion in a slightly different direction? Rather than "where can I get this today", how about "what would you want from a service like this"? Reply with a list of features and describe the problem you are trying to solve.
Do you want to only access your own account, or offer a service to multiple customers of the financial institution? Are you thinking along the lines of web services? What type of transactions would you want - realtime (i.e. what's my account balance now) or batch (show me all transactions for the last 6 months)? Are you talking about wire transfers, ACH, checks, etc? Are you thinking a pull model, where you query into the data or a push model, where you are alerted when things happen?
Don't get dragged down in any pricing or cost at this point - just tell me in more detail what you want.
There may be more than one answer, but this one would definitely go a long way in an interview.
The first thing I would do after arriving at the office is greet any members of the team who were already in the office. It goes a long way when a boss spends the time to interact with the team and employees always appreciate little things like that. It's not a flashy answer, but it demonstrates that you want to emphasize communication and teamwork.
Just looking at the number of critical issues for an operating system is absurd. What about default configuration? OS X by default does not listen on any network ports. Scan a Windows XP system and you'll see MANY ports, including 137, 138, 139, and 445 - the NetBIOS services that are typically exploited by attackers. With those services you can launch remote password guessing and other attacks against the base system.
On anoter note, how about we tally the number of viruses and trojans for the different operating systems? This is one of the most important security problems facing businesses today. Gee, I think we'll see a MUCH different ratio for OS X vs. Windows XP.
I can't stand it when a security company comes up with skewed statistics in an effort to get press and web hits. The comparison of only the number and type of vendor bulletins is not an effective measurement of OS security.
It may be ugly, but it has a great OS, has expandable storage (which the 7650 does not), and has excellent bluetooth support. I can get online with my laptop via Bluetooth and GPRS. It's about the speed of a 33.6k modem, but hey I can be in the car or on a train when I use it. For the US, that's pretty impressive!:)
To me, the expandable storage is the key. With that feature, you can play movies, install tons of applications, and have a lot of games to play.
Round keys suck no doubt, but you can't knock the features of the phone.
You guys bashing the N-Gage are missing the point. I have a Nokia Series 60 3650 phone. It's based on the same Symbian OS that the N-Gage uses. I can use this on my phone. The 3650 is very widely deployed in the US and Europe. This is a great thing not just for the N-Gage folks, but regular guys like me who happen to own one of the Series 60 phones.
I can't wait to try it. My phone has a 128mb MMC that can store a ton of games. Should be a lot of fun.
It's not domains, this is based on networks / IP addresses. The systen traceroutes to every endpoint network on the Internet, saves it in a database, and maps the results. Then it repeats. The goal is to eventually have enough scanning nodes in the system that it is done in near-realtime.
You miss the point - the system will be able to map the entire net within one 24 hour period. It will create one map per day. None of them will be very outdated. Lots can be done with this - you can check historical patterns, route changes, etc. For instance, the automated system will take the data out of the database, use a new color scheme, and show major route changes or additions each day. I think that's pretty damn cool.
Also, the smallest BGP route is a/24, so your new/26 wouldn't show up in the map anyway. He's just tracerouting to each/24 on the network and stopping there.
Lastly, the system is using traceroute right now but will upgrade to Dan Kaminski's packetto which is much MUCH faster. Given the distributed nature of packetto, it may end up being an almost-realtime system.
I don't know about you, but I certainly see a lot more value in that than "look what I did."
I have been on the security consulting end of at least 4 of these over the past 12 months. The issue with many of the targets is that they can't use Akamai or a co-lo site because their businesses are illegal in many countries (i.e. no online gambling in the USA.) So the database and transaction servers must be located in their own country.
Here's my solution. Co-locate your primary web content, graphics, and other critical services on a high-bandwidth connection in the USA. Use a TopLayer Intrusion Prevention switch to defend the site from traditional and SYN-type attacks. For the back-end database, create either a VPN or PPP tunnel to your actual site in Costa Rica, the Caribbean, or wherever else you are located. The only IP addresses that you advertise will be the ones from the co-lo site - this includes all inbound email, web, DNS, and other traffic. You also want a sniffer at this location that has out-of-band access so you can get to it and create custom router/IDS filters if needed.
The strategy is that if the bad guys can't find your slow (but necessary) offshore connection, they can't launch DoS attacks against anything but your co-lo site.
The only way I can see to beat the problem is to hide from the bad guys. You can't get 3GB of bandwidth in Central America so you are pretty much out of luck if you try to use traditional DoS methods.
As a bit of background, I work for an established Check Point and Nokia partner. We regularly sell large numbers of these firewalls to enterprise customers. They are as reliable and full-featured as a firewall gets.
This article brings up the question: why would anyone consider installing Linux on the Nokia appliance? The answer: they wouldn't. Here are the reasons.
1. If the hardware is used/old, it is outdated by today's standards. For $800 including hardware support you can get a nice rackmount Dell server and run Linux on it. The performance boost would be many many times what you can get on the Nokia.
2. The Nokias hold their resale value better than a system with the same hardware specs. An older 330 can still fetch a decent amount on Ebay. Right now, there is one that has a buy-it-now price of $1,199.00. Why do you want an AMD 233 with no hardware support when you can sell it and buy yourself an 850MHz Celeron with support and then pocket $300?? It doesn't make sense.
3. Presumably, if you already have the Nokia then you have Check Point as well. Why ditch it for a the Linux firewall? The management, logging, and OPSEC features of Check Point outweigh the benefits of switching to Linux.
I think the Nokia/Check Point solution is great. I just don't think that trying to run an unsupported OS on the platform is worth it. Look at the cost/benefit of a new system. It makes a lot more sense to "budget-strapped IT departments."
1. Resume is no longer than 2 pages. This is an absolute must.
2. Write a cover letter. Don't send me a random resume to the hr@ email address with no letter. Send a physical copy of your resume as well. Yes, it's more difficult but it shows that you took the time to do it and are really interested in the job.
3. Wear a suit to the interview. No matter what. If you don't wear a suit, you are instantly disqualified as a candidate.
4. Bring a pen, paper, 3 copies of your resume, a copy of your references, and a writing/coding sample if you have one. I can't overstate the importance of being prepared.
5. Take notes. It doesn't matter if you are interested in what you are writing. Just write something.
6. WRITE A PHYSICAL FOLLOW-UP LETTER AND MAIL IT RIGHT AWAY. Write and send this the same day. If you could not answer a question in the interview, look up the answer and put it in this letter. There is NO better way to impress a potential employer.
I've interviewed TONS of tech candidates and less than 1% of candidates followed these simple steps. Of course, we've ended up hiring that 1% and the rest are still out there looking.
Why do all of this? Because you need to set yourself apart from the other candidates. Here is a secret that employers know: Overcoming gaps in technical skills is easy. Overcoming bad work habits is difficult to impossible. You need to prove that you have great work habits to get in the door.
I wrote a white paper on the topic of Denial of Service attacks and presented it at the annual SANS Network Security Conference in October of 2001. I never released it publicly, but now seems to be a good time. My paper is now available for review at http://www.netpr.com/tools_resources/#netpr.
Please have a look. I think we provided a nice overview of some of the steps required from a high-level and low-level to combat DoS attacks.
If you'd like to email me about the paper, feel free to contact me at rjb@SPAMAWAYnetpr.com. Obviously remove the SPAMAWAY from the email.
-Robert
Uninstall Kazaa. Do it now. Then go to http://www.kazaalite.tk and get Kazaa lite. It is 100% the same - minus all of the spyware. It also removes the restriction on 128K bitrate among other things. If you currently use Kazaa, you should go to this page, follow the instructions, and get rid of the spyware crap on your system!
I'd love to see a first-person sports game built on an Unreal-type engine. Think of football, basketball, or soccer like that. It would REQUIRE a lot of folks to play but it would be way cool. It would be less fun for, say, the offensive lineman but hey it'd be true-to-life.
The solution to all of your problems is ZeroKnowledge Freedom. It supports regex expressions to disallow URLs of ads. I am almost 100% ad-free using it. So far, in about a month and a half of use, it has saved me from seeing 55,646 and has saved me 398870528 bytes worth of downloadable data that I didn't want in the first place. Oh, and add to the fact that it also allows you to manage your cookies on a per-profile basis (it creates "cookie jars" and you just switch to the right jar when needed) and it's a GREAT solution. I love it. Check out http://www.freedom.net.
Slashdot Mirror
OK start with the Red Hat License agreement. Have any of you read it? In a nutshell, it says that anywhere you run Red Hat on a server it requires purchase of a subscription. And you can't buy a workstation subscription for a server, it has to be a server subscription. Subscriptions are based on 'sockets', which means CPU in real terms.
A 2 socket RHEL license costs $349/year on the 'self-support' model, and a 4 socket license costs $1,598 per year for standard subscription. Compare that to Windows Server 2008. The cost is $722.99 on CDW right now for W2K8R2 Standard. BUT, that's a one-time cost. And you get patches for free, regardless if you have a support contract or not. Figure that a Windows Server version may be supported for 10 years or more (2003 will run through 2015.)
Red Hat: $350 per year for 12 years = $4,200
Windows Server: $722 total, for 12 years = $722
That ends up costing you six times as much in license and support to run RHEL. Extrapolate that across hundreds of servers, and it becomes a monstrous expense. 500 servers = $174,500 per year. And yes, I assume you are going to re-buy a license for the new Windows Server one or two revs into the future.
THIS is exactly why we are not using RHEL in a highly compliance-oriented industry, and why we elected to go with CentOS. In the end we're going to be doing the support ourselves anyway, and Red Hat's cost structure is outrageous for what you get.
Wiping your cookies, adblock, flashblock, etc - it's all worthless.
Even if you remove all cookies, the iframe that is the 'like' button will set a new cookie. Facebook tracks these new 'anonymous' cookies centrally, and then when you DO login to your actual account, they can read this cookie and marry up your previous behavioral habits and sites you visited. The advice here leads people to believe you can fight this simply by erasing cookies. The only way to really make that effective is:
1) Log out of Facebook
2) Remove all Facebook cookies
3) Browse around to other sites
4) Clear all Facebook cookies AGAIN
5) Log in to Facebook
Without step #4 the rest of it is not doing you any good.
The same is true of new signups, where your browsing history (before you even had an account!) is correlated to the new account to help build a profile of your activity.
Check out the password reset form in Chrome on a Mac - it's not rendering properly.
It does work, the theme is off.
All I have to say is http://www.authsmtp.com./
I have no relationship to them other than a happy customer, but it took me WEEKS of effort to find a good mail relay from the cloud that could hit the inbox of all of the major e-mail providers (Gmail, Hotmail, Yahoo, etc.) They do it every time and for very little.
It sounds like you are interested in something more along the lines of batches of data and not a realtime API.
Banks / Credit Unions / FIs do this now to send transactions between their own networks. I'm not aware of a consumer-oriented version of this, but that's not to say it shouldn't exist. PayPal is starting to move that direction with their x.com API. But you are going to be hit with more charges routing through PayPal than you would otherwise.
Drop me an e-mail. I'd like to hear more about it.
OK, but that's talking about a few things -
* A solid and modern online banking application
* Easily understood fee structures
* Home/mobile capture
* One time credit card purchasing
This is great from the perspective of a single 'end customer', but what I am getting at is more of an API that allows developers to tap in to certain types of information that might be stored at a financial institution. What type of APIs would be available, and what would be the use cases for each of them?
I'll state at a high level that I work for a Credit Union, and there are a lot of us that believe in a model such as the one you are describing. Can I take this discussion in a slightly different direction? Rather than "where can I get this today", how about "what would you want from a service like this"? Reply with a list of features and describe the problem you are trying to solve.
Do you want to only access your own account, or offer a service to multiple customers of the financial institution?
Are you thinking along the lines of web services?
What type of transactions would you want - realtime (i.e. what's my account balance now) or batch (show me all transactions for the last 6 months)?
Are you talking about wire transfers, ACH, checks, etc?
Are you thinking a pull model, where you query into the data or a push model, where you are alerted when things happen?
Don't get dragged down in any pricing or cost at this point - just tell me in more detail what you want.
There may be more than one answer, but this one would definitely go a long way in an interview.
The first thing I would do after arriving at the office is greet any members of the team who were already in the office. It goes a long way when a boss spends the time to interact with the team and employees always appreciate little things like that. It's not a flashy answer, but it demonstrates that you want to emphasize communication and teamwork.
They added a mirror for CSO online. Browse to the following URL and it all starts magicall working.
www.csoonline.prolexic.com
Just looking at the number of critical issues for an operating system is absurd. What about default configuration? OS X by default does not listen on any network ports. Scan a Windows XP system and you'll see MANY ports, including 137, 138, 139, and 445 - the NetBIOS services that are typically exploited by attackers. With those services you can launch remote password guessing and other attacks against the base system.
On anoter note, how about we tally the number of viruses and trojans for the different operating systems? This is one of the most important security problems facing businesses today. Gee, I think we'll see a MUCH different ratio for OS X vs. Windows XP.
I can't stand it when a security company comes up with skewed statistics in an effort to get press and web hits. The comparison of only the number and type of vendor bulletins is not an effective measurement of OS security.
All of the tools to build an open-source SSL VPN exist, but nobody has put them together.
Apache
Apache_SSL/Mod_SSL
Apache proxy module
mod_security
LDAP (for tie-in with active directory)
Java-based SSH and telnet clients
Write a PHP based access control and management interface for the thing and voila! you have a hot new open source project.
If a few people had the time, they could give Juniper/Nokia/etc a run for their money.
It may be ugly, but it has a great OS, has expandable storage (which the 7650 does not), and has excellent bluetooth support. I can get online with my laptop via Bluetooth and GPRS. It's about the speed of a 33.6k modem, but hey I can be in the car or on a train when I use it. For the US, that's pretty impressive! :)
To me, the expandable storage is the key. With that feature, you can play movies, install tons of applications, and have a lot of games to play.
Round keys suck no doubt, but you can't knock the features of the phone.
You guys bashing the N-Gage are missing the point. I have a Nokia Series 60 3650 phone. It's based on the same Symbian OS that the N-Gage uses. I can use this on my phone. The 3650 is very widely deployed in the US and Europe. This is a great thing not just for the N-Gage folks, but regular guys like me who happen to own one of the Series 60 phones.
I can't wait to try it. My phone has a 128mb MMC that can store a ton of games. Should be a lot of fun.
It's not domains, this is based on networks / IP addresses. The systen traceroutes to every endpoint network on the Internet, saves it in a database, and maps the results. Then it repeats. The goal is to eventually have enough scanning nodes in the system that it is done in near-realtime.
You miss the point - the system will be able to map the entire net within one 24 hour period. It will create one map per day. None of them will be very outdated. Lots can be done with this - you can check historical patterns, route changes, etc. For instance, the automated system will take the data out of the database, use a new color scheme, and show major route changes or additions each day. I think that's pretty damn cool.
/24, so your new /26 wouldn't show up in the map anyway. He's just tracerouting to each /24 on the network and stopping there.
Also, the smallest BGP route is a
Lastly, the system is using traceroute right now but will upgrade to Dan Kaminski's packetto which is much MUCH faster. Given the distributed nature of packetto, it may end up being an almost-realtime system.
I don't know about you, but I certainly see a lot more value in that than "look what I did."
I have been on the security consulting end of at least 4 of these over the past 12 months. The issue with many of the targets is that they can't use Akamai or a co-lo site because their businesses are illegal in many countries (i.e. no online gambling in the USA.) So the database and transaction servers must be located in their own country.
Here's my solution. Co-locate your primary web content, graphics, and other critical services on a high-bandwidth connection in the USA. Use a TopLayer Intrusion Prevention switch to defend the site from traditional and SYN-type attacks. For the back-end database, create either a VPN or PPP tunnel to your actual site in Costa Rica, the Caribbean, or wherever else you are located. The only IP addresses that you advertise will be the ones from the co-lo site - this includes all inbound email, web, DNS, and other traffic. You also want a sniffer at this location that has out-of-band access so you can get to it and create custom router/IDS filters if needed.
The strategy is that if the bad guys can't find your slow (but necessary) offshore connection, they can't launch DoS attacks against anything but your co-lo site.
The only way I can see to beat the problem is to hide from the bad guys. You can't get 3GB of bandwidth in Central America so you are pretty much out of luck if you try to use traditional DoS methods.
As a bit of background, I work for an established Check Point and Nokia partner. We regularly sell large numbers of these firewalls to enterprise customers. They are as reliable and full-featured as a firewall gets.
This article brings up the question: why would anyone consider installing Linux on the Nokia appliance? The answer: they wouldn't. Here are the reasons.
1. If the hardware is used/old, it is outdated by today's standards. For $800 including hardware support you can get a nice rackmount Dell server and run Linux on it. The performance boost would be many many times what you can get on the Nokia.
2. The Nokias hold their resale value better than a system with the same hardware specs. An older 330 can still fetch a decent amount on Ebay. Right now, there is one that has a buy-it-now price of $1,199.00. Why do you want an AMD 233 with no hardware support when you can sell it and buy yourself an 850MHz Celeron with support and then pocket $300?? It doesn't make sense.
3. Presumably, if you already have the Nokia then you have Check Point as well. Why ditch it for a the Linux firewall? The management, logging, and OPSEC features of Check Point outweigh the benefits of switching to Linux.
I think the Nokia/Check Point solution is great. I just don't think that trying to run an unsupported OS on the platform is worth it. Look at the cost/benefit of a new system. It makes a lot more sense to "budget-strapped IT departments."
-shox
1. Resume is no longer than 2 pages. This is an absolute must.
2. Write a cover letter. Don't send me a random resume to the hr@ email address with no letter. Send a physical copy of your resume as well. Yes, it's more difficult but it shows that you took the time to do it and are really interested in the job.
3. Wear a suit to the interview. No matter what. If you don't wear a suit, you are instantly disqualified as a candidate.
4. Bring a pen, paper, 3 copies of your resume, a copy of your references, and a writing/coding sample if you have one. I can't overstate the importance of being prepared.
5. Take notes. It doesn't matter if you are interested in what you are writing. Just write something.
6. WRITE A PHYSICAL FOLLOW-UP LETTER AND MAIL IT RIGHT AWAY. Write and send this the same day. If you could not answer a question in the interview, look up the answer and put it in this letter. There is NO better way to impress a potential employer.
I've interviewed TONS of tech candidates and less than 1% of candidates followed these simple steps. Of course, we've ended up hiring that 1% and the rest are still out there looking.
Why do all of this? Because you need to set yourself apart from the other candidates. Here is a secret that employers know: Overcoming gaps in technical skills is easy. Overcoming bad work habits is difficult to impossible. You need to prove that you have great work habits to get in the door.
Just my $0.02.
I wrote a white paper on the topic of Denial of Service attacks and presented it at the annual SANS Network Security Conference in October of 2001. I never released it publicly, but now seems to be a good time. My paper is now available for review at http://www.netpr.com/tools_resources/#netpr.
Please have a look. I think we provided a nice overview of some of the steps required from a high-level and low-level to combat DoS attacks.
If you'd like to email me about the paper, feel free to contact me at rjb@SPAMAWAYnetpr.com. Obviously remove the SPAMAWAY from the email. -Robert
Uninstall Kazaa. Do it now. Then go to http://www.kazaalite.tk and get Kazaa lite. It is 100% the same - minus all of the spyware. It also removes the restriction on 128K bitrate among other things. If you currently use Kazaa, you should go to this page, follow the instructions, and get rid of the spyware crap on your system!
The Symantec sales team has contacted the Red Cross and sent 25 client access licenses for the software.
I just wanted you all to know that Slashdot DID do something to help. I wouldn't have known about the need without this article.
I'd love to see a first-person sports game built on an Unreal-type engine. Think of football, basketball, or soccer like that. It would REQUIRE a lot of folks to play but it would be way cool. It would be less fun for, say, the offensive lineman but hey it'd be true-to-life.
The solution to all of your problems is ZeroKnowledge Freedom. It supports regex expressions to disallow URLs of ads. I am almost 100% ad-free using it. So far, in about a month and a half of use, it has saved me from seeing 55,646 and has saved me 398870528 bytes worth of downloadable data that I didn't want in the first place. Oh, and add to the fact that it also allows you to manage your cookies on a per-profile basis (it creates "cookie jars" and you just switch to the right jar when needed) and it's a GREAT solution. I love it. Check out http://www.freedom.net.
Here is the list of frequencies for each model of keyboard. This is direct from Logitech's web site:
http://www.logitech.com/cf/support/1029.cfm
It's nice when they make it easy for you.