"Well, the machine was all like, bam! bam bam! and that surprised me. Then I tried making it go again. That didn't work, 'cos it just sat there going ghh-ghh-ghh-ghh!"
"What?"
"It's a machine gun sound. Now it's just sitting there, all like, what the fuck?"
"Okay, what does that mean?"
"I said, first the machine was all--"
"Never mind. What were you doing when this happened?"
"I was running a test."
"And then what happened?"
"I started getting NFS errors."
"Aha. What kind of NFS errors?"
"You know, like, the file wasn't there."
"Okay. Then what happened?"
"The machine gun sound. Weren't you listening?"
----------------
"I'm heading out of town next week, and I'm going to need the notebook."
"Okay, when do you need it?"
"Oh, some time next week."
"I can do that. What do you need on it?"
"Foobleymatic 2.5, BarfTastic XP, and Crunchometer 2."
"Okay, that sounds good. How's Tuesday sound for you?"
"Today's Friday, right?"
"Yep. Why?"
"Well, I'm actually heading out of town on Monday."
"Aha. When on Monday?"
"Early."
"Early as in, you won't have time to come in here and pick up the
laptop, right?"
"Right."
"I see. So really, then, you need it today, don't you?"
"Yeah, I guess I do."
"I see. Well, thanks for telling me."
"Hey, no problem!"
----------------
"Have we thought about wireless access here?"
"I'm agin it. It's too easy to sniff traffic and there are lots of
data ports here."
"Well, has anyone ever sniffed traffic?"
"Absolutely. A guy got convicted in the US for sniffing credit card
numbers from a Home Depot. They were using encryption. The FBI
recently demonstrated how to crack encryption in about four minutes
using off-the-shelf software. It's not hard."
"Well, I don't think we have that many secrets."
"...Email? Our source code? Budgets?"
"Well, I'm only thinking of this as a way of getting the printer closer to my office."
"What, you don't print any secrets?"
"No."
"You've just picked up your printing, right? Look at what you have
in your hand: email, budget requests. Programmers print out code all
the time. Should we open the window and throw it all into the streets?"
"Well..."
"We have shredders for a reason."
"Well, maybe I should just get a printer and put it by my desk."
----------------
Yesterday:
A: Ever since I moved to Linux, I can't print these PDFs
any more. I think it's a font problem, just like B had. Have
you fixed that yet?
Me: No, but I don't know that you're having a font problem.
There are, like, four programs involved in printing that, and each
one of them is different now.
A: No, I think it's a font problem. I hate OpenOffice.
B: Fonts are screwed up in Debian. This never happens to me on my Fedora
Core machine at home.
Today:
Me: Well, I printed out seventeen pages from two different machines in
eight different ways using the printer on the floor above me, and as you
can see the crucial difference is the version of Acrobat Reader used to
print them. It's not a font problem. Those big black bars? It's a bug
in the latest version of Acrobat Reader.
A: Oh.
Me: Yep, the PDFs generated by OpenOffice were fine. Now, I'm
reluctant to install an older version of Acrobat because of security pr--
B (sitting right next to A all this time): Oh, you don't have that
problem if you use this PDF reader over here.
A: What?
Me: What?
B: Yep, just use the Gnome PDF reader and it prints just fine.
A: Why didn't you tell me yesterday?
B: You said it was a problem with OpenOffice, not PDFs.
CALGARY (ADP) - In a stunning development in the open source
movement, the OpenBSD project, led by developer Theo de Raadt, was
bombed and strafed by a hitherto-unknown air force belonging to
private software corporation Microsoft (NYSE:MSFT).
de Raadt's home, and the University of Alberta data center holding
the OpenBSD CVS servers, were attacked nearly simultaneously. Though
the attack only lasted fifteen minutes, it left hundreds of innocent
Windows users injured.
Canadian Prime Minister Stephen Harper has sent a "sharply worded"
protest to the United States government.
Shortly after the attack, Microsoft has released a publicity photo
of Bill Gates, standing on the deck of the USS Abraham Lincoln,
underneath a banner saying simply, "Mission Accomplished."
Free Software Foundation founder Richard Stallman could not be
reached for comment. Sources close to Stallman said he was "somewhere
underneath Cheyenne Mountain, importing the OpenBSD source tree into
the Hurd."
If you want to be an anti-spam advocate, if you want to write
software or maintain a list or provide a service that identifies spam
or blocks spam or targets spam in any way, you will be attacked. You
will be attacked by professionals who have more money than you, more
resources than you, better programmers than you, and no scruples at
all. They want to make money, this is how they have decided to make
money, they really can make a lot of money, and youre getting in
their way.
[...]Someone challenged me, Well, how am I supposed to continue hosting
these low-barrier discussions? I'm sorry, but I don't know. To quote
Bruce Schneier, "I feel rather like the physicist who just explained
relativity to a group of would-be interstellar travelers, only to be
asked, 'How do you expect us to get to the stars, then?' I'm sorry,
but I don't know that, either."
I picked up this book maybe a month ago after a particularly stressful
week, and it (plus the new guy who just started) has made a big
difference for me. I feel more on top of things, and like I'm keeping
better track of what I've promised/delivered/need to work on.
As the reviewer said it may be less valuable for those of you that are
already doing something like this. And I'm not taking everything it
says as gospel. But you could do a hell of a lot worse than to
pick up this book, inhale it several times over a weekend (it's
short), and start using what it teaches.
And hey, he co-wrote The Practice of System and Network
Administration, another excellent book. I'll take a look at
anything he's got to show.
Your company's proxy policy is a
matter of policy at your company -- complain to them
about it! If it's preventing you from getting work done, you should
have no problem convincing them -- and if you do, light a fire under
your manager; that's what managers are there for.
"the sending of email via SMTP" -- Maybe I'm misinterpreting this,
but if you mean "our desktops and servers have to pass email to the
designated relay", then I'm completely unsympathetic. If your
complaint is about poor performance, complain about that -- but your
desktop and your production machines are not mail servers!
"forced to apply security patches with little or no notice" -- I
can guaran-fucking-tee you that each time that happens there is
a wave of complaints to your IT department. And yet they keep doing
it anyway. They're either heartless, bastard pyschopaths with no
concept of sympathy, or it's important to apply these patches.
Human nature being what it is, I'm willing to bet they think it's
important...no one lets themselves in for a shitstorm voluntarily just
'cos it's, you know, second Tuesday of the month.
And, why, yes I am a network administrator, thanks. I'm lucky
so far -- it's a small company, people are well-behaved, and I don't
have to implement the policies you describe. I set up times for
patches, there's no proxy yet and not too many firewall restrictions.
But if this place gets to be big enough that I can't count on
collective intelligence and/or social pressure to keep people doing
the right thing, I'm going to have to seriously consider
policies just like the ones you describe, in order to keep
things running as they need to -- because your complaints about
the network not working 'cos of the latest virus outbreak are going to
be a fuck of a lot louder than your complaints about your
desktop machine not being allowed to be a mail server.
I agree. I've been getting more, and better, and more frequent, information from F-Secure and the ISC than I have from MS.
Also worthy of note is the ISC's latest comments on all this:
And, somehow, as if by magic, all of this work will wind down at precisely the right moment so that the WMF patch doesn't have to be released "out of cycle." How convenient! Especially if you're wanting to avoid all of that nasty "Microsoft Releases Emergency Patch" publicity.
FTR, I've applied the patch on about 35 computers at work. Beyond a few complaints about thumbnails not working in Explorer any more, no problems at all^W^Wso far.
There is one important note in regards to ALL published signatures including this one. All these signatures will fail to detect the exploits when the http_inspect preprocessor is enabled with default settings. By default, the flow_depth of the preprocessor is 300 which is too short to cover the whole exploit. Should the exploit be transmitted on port 80 and http_inspect is enabled, no alert will occur. Note that it will still alert on any ports (using the all port sig below) that are not configured in http_inspect (ie FTP).
One solution is to add the statement "flow_depth 0" to the http_inspect preprocessor (actually the appropriate http_inspect_server line in the config). This will tell the preprocessor not to truncate the reassembled pseudo-packet, but it will have an adverse impact on performance. On busy networks, this will lead to 100% CPU utilization of the Snort process and major packet drops.
And you should've checked before saying it was all made up.
This is cool...but 'way out of my league. For those that
have got $10 million to spare, have fun. What I'd like is a picosatelliteo
coop.
These
students got theirs into space for $120,000. Sure, that
doesn't include "donated material, equipment and expertise", or the estimated
$40,000 launch cost, but let's be optimistic and call it $250,000
all told. Well, get 50 people in and it's only $5000 each -- less than
a good used car. Make it 500 people and you've got the cost down to
less than a trip for two to Vegas. And for this I get to help send a
satellite running Linux into space -- as close as I'm likely to come to
making the trip myself.
I know that ham radio folks are already doing this sort of thing,
but they've got their own goals. I admit, mine are a bit fuzzy beyond
"put this L33+ satellite into space", but that's kind of appealing too.
What could we cram on a picosatellite? What imaging can you do for cheap --
what resolution, what wavelengths? And of course, the question
everyone wants answered: Can you host a webserver in space,
and could it survive a Slashdotting?
I think something like this would be cool beyond measure. Who's in?
This is no joking matter, people!
on
How Zombies Work
·
· Score: 4, Funny
A recent report shows that Philadelphia is completely
unprepared for a
full-scale Zombie attack! From TFA:
Federal Undead Management Agency spokesperson Dr. Sheena
Aurora downplayed the ZPI report, arguing that zombies move
slowly and can be easily overpowered. Aurora advised citizens
to look over their shoulders frequently, adding that a large
shopping mall can serve as a "long-term, even fun" refuge
from zombies.
Such assertions alarm zombiologist Olivier Baptiste, who calls FUMA's information "hopelessly outdated."
"Dr. Aurora's claims are based on decades-old zombie models,"
Baptiste said. "Widely released evidence from recent years
clearly shows that zombies can run just as fast, if not
faster, than a living human."
Added Baptiste: "That FUMA trains its field agents to shoot
zombies in the torso, rather than the head, demonstrates
just how out of touch the government is."
An interesting response from the Promed moderator can be found here:
Clearly those involved are assuming that the mice have died, if they
were removed. Odd, but those with experience of such facilities probably have
plenty of pre-Homeland Security war stories. - Mod.MHJ
I'm not so sure. First off: yes, Earth will continue. We're not essential to the planet at all.
There may be debate over the source of this warming (and from what I've read, I'm bending over backwards to be fair), but the evidence seems pretty clear that it is happening. What worries me is how fragile our current societies will prove to be in the face of big, (relatively) sudden changes like the ones described here. You hit the nail on the head:
The fact of the matter is that we've been living cushy with our modern technology in our idea of what the climate should be like. We haven't considered that major climate shifts could be possible, and thus have done nothing to adapt our technology to the variety of conditions that may be faced in the centuries ahead.
In the long run Earth will be fine; in the long run, Homo Sapiens may be fine too. But in the short run, I think there are going to be some mighty big jolts and pains as we adapt to a warming planet. You'll only be able to summarize it as "the climate changed, and we adapted" many, many centuries after the fact, when it's easy to be blase because it all happened so long ago.
Right now we're far too used to easy, cheap, polluting fossil fuel energy sources to just switch on a dime. You simply can't make 6 - 10 billion people (allowing for pop. growth) turn around and start using solar cells or hydrogen or whatever. That goes double for people like us (yes, I'm in there as well) who've gotten damned used to cheap energy, and triple for those in the developing world who are looking enviously at us and wondering why the hell they shouldn't get a piece of the pie as well.
If it's this bad now, it's going to get a lot worse. By the looks of things, it's going to get a lot worse pretty damned soon. And I do not believe that our societies are resilient enough to just absorb this w/o problems. We'll adapt, but it'll take a few hundred years, and it is not going to be fun in the meantime.
Slashdot Mirror
No, of course not. That's why I tape the root password for the file server to users' monitors, but warn them strongly not to use it.
Bingo! Thanks for saying exactly what I was thinking, only 'way better.
Welcome back, you guys.
Signed,
The Free World
...by adding your own random jitter to outgoing packets? I'm thinking of something like an option in OpenBSD to do this for all TCP connections, say.
"There's something wrong with the network."
"Okay, what's going on?"
"Well, the machine was all like, bam! bam bam! and that surprised me. Then I tried making it go again. That didn't work, 'cos it just sat there going ghh-ghh-ghh-ghh!"
"What?"
"It's a machine gun sound. Now it's just sitting there, all like, what the fuck?"
"Okay, what does that mean?"
"I said, first the machine was all--"
"Never mind. What were you doing when this happened?"
"I was running a test."
"And then what happened?"
"I started getting NFS errors."
"Aha. What kind of NFS errors?"
"You know, like, the file wasn't there."
"Okay. Then what happened?"
"The machine gun sound. Weren't you listening?"
----------------
"I'm heading out of town next week, and I'm going to need the notebook."
"Okay, when do you need it?"
"Oh, some time next week."
"I can do that. What do you need on it?"
"Foobleymatic 2.5, BarfTastic XP, and Crunchometer 2."
"Okay, that sounds good. How's Tuesday sound for you?"
"Today's Friday, right?"
"Yep. Why?"
"Well, I'm actually heading out of town on Monday."
"Aha. When on Monday?"
"Early."
"Early as in, you won't have time to come in here and pick up the laptop, right?"
"Right."
"I see. So really, then, you need it today, don't you?"
"Yeah, I guess I do."
"I see. Well, thanks for telling me."
"Hey, no problem!"
----------------
"Have we thought about wireless access here?"
"I'm agin it. It's too easy to sniff traffic and there are lots of data ports here."
"Well, has anyone ever sniffed traffic?"
"Absolutely. A guy got convicted in the US for sniffing credit card numbers from a Home Depot. They were using encryption. The FBI recently demonstrated how to crack encryption in about four minutes using off-the-shelf software. It's not hard."
"Well, I don't think we have that many secrets."
"...Email? Our source code? Budgets?"
"Well, I'm only thinking of this as a way of getting the printer closer to my office."
"What, you don't print any secrets?"
"No."
"You've just picked up your printing, right? Look at what you have in your hand: email, budget requests. Programmers print out code all the time. Should we open the window and throw it all into the streets?"
"Well..."
"We have shredders for a reason."
"Well, maybe I should just get a printer and put it by my desk."
----------------
Yesterday:
A: Ever since I moved to Linux, I can't print these PDFs any more. I think it's a font problem, just like B had. Have you fixed that yet?
Me: No, but I don't know that you're having a font problem. There are, like, four programs involved in printing that, and each one of them is different now.
A: No, I think it's a font problem. I hate OpenOffice.
B: Fonts are screwed up in Debian. This never happens to me on my Fedora Core machine at home.
Today:
Me: Well, I printed out seventeen pages from two different machines in eight different ways using the printer on the floor above me, and as you can see the crucial difference is the version of Acrobat Reader used to print them. It's not a font problem. Those big black bars? It's a bug in the latest version of Acrobat Reader.
A: Oh.
Me: Yep, the PDFs generated by OpenOffice were fine. Now, I'm reluctant to install an older version of Acrobat because of security pr--
B (sitting right next to A all this time): Oh, you don't have that problem if you use this PDF reader over here.
A: What?
Me: What?
B: Yep, just use the Gnome PDF reader and it prints just fine.
A: Why didn't you tell me yesterday?
B: You said it was a problem with OpenOffice, not PDFs.
A:
Thanks!
CALGARY (ADP) - In a stunning development in the open source movement, the OpenBSD project, led by developer Theo de Raadt, was bombed and strafed by a hitherto-unknown air force belonging to private software corporation Microsoft (NYSE:MSFT).
de Raadt's home, and the University of Alberta data center holding the OpenBSD CVS servers, were attacked nearly simultaneously. Though the attack only lasted fifteen minutes, it left hundreds of innocent Windows users injured.
Canadian Prime Minister Stephen Harper has sent a "sharply worded" protest to the United States government.
Shortly after the attack, Microsoft has released a publicity photo of Bill Gates, standing on the deck of the USS Abraham Lincoln, underneath a banner saying simply, "Mission Accomplished."
Free Software Foundation founder Richard Stallman could not be reached for comment. Sources close to Stallman said he was "somewhere underneath Cheyenne Mountain, importing the OpenBSD source tree into the Hurd."
If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and youre getting in their way.
[...]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either."
From Dive Into Mark (which doesn't seem to be responding, so try Google's cache.)
As the reviewer said it may be less valuable for those of you that are already doing something like this. And I'm not taking everything it says as gospel. But you could do a hell of a lot worse than to pick up this book, inhale it several times over a weekend (it's short), and start using what it teaches.
And hey, he co-wrote The Practice of System and Network Administration, another excellent book. I'll take a look at anything he's got to show.
And, why, yes I am a network administrator, thanks. I'm lucky so far -- it's a small company, people are well-behaved, and I don't have to implement the policies you describe. I set up times for patches, there's no proxy yet and not too many firewall restrictions.
But if this place gets to be big enough that I can't count on collective intelligence and/or social pressure to keep people doing the right thing, I'm going to have to seriously consider policies just like the ones you describe, in order to keep things running as they need to -- because your complaints about the network not working 'cos of the latest virus outbreak are going to be a fuck of a lot louder than your complaints about your desktop machine not being allowed to be a mail server.
Also worthy of note is the ISC's latest comments on all this:
FTR, I've applied the patch on about 35 computers at work. Beyond a few complaints about thumbnails not working in Explorer any more, no problems at all^W^Wso far.There is one important note in regards to ALL published signatures including this one. All these signatures will fail to detect the exploits when the http_inspect preprocessor is enabled with default settings. By default, the flow_depth of the preprocessor is 300 which is too short to cover the whole exploit. Should the exploit be transmitted on port 80 and http_inspect is enabled, no alert will occur. Note that it will still alert on any ports (using the all port sig below) that are not configured in http_inspect (ie FTP).
One solution is to add the statement "flow_depth 0" to the http_inspect preprocessor (actually the appropriate http_inspect_server line in the config). This will tell the preprocessor not to truncate the reassembled pseudo-packet, but it will have an adverse impact on performance. On busy networks, this will lead to 100% CPU utilization of the Snort process and major packet drops.
And you should've checked before saying it was all made up.
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/s igs/CURRENT_EVENTS/CURRENT_WMF_Exploit
"going forward"...do you mean "in the future"?
The Globe and Mail already does this.
(With sincere apologies to Bryce Jasmer.)
The sort of asshat who would write this thing in the first place?
When's launch time?
Ha! Excellent idea.
These students got theirs into space for $120,000. Sure, that doesn't include "donated material, equipment and expertise", or the estimated $40,000 launch cost, but let's be optimistic and call it $250,000 all told. Well, get 50 people in and it's only $5000 each -- less than a good used car. Make it 500 people and you've got the cost down to less than a trip for two to Vegas. And for this I get to help send a satellite running Linux into space -- as close as I'm likely to come to making the trip myself.
I know that ham radio folks are already doing this sort of thing, but they've got their own goals. I admit, mine are a bit fuzzy beyond "put this L33+ satellite into space", but that's kind of appealing too. What could we cram on a picosatellite? What imaging can you do for cheap -- what resolution, what wavelengths? And of course, the question everyone wants answered: Can you host a webserver in space, and could it survive a Slashdotting?
I think something like this would be cool beyond measure. Who's in?
Federal Undead Management Agency spokesperson Dr. Sheena Aurora downplayed the ZPI report, arguing that zombies move slowly and can be easily overpowered. Aurora advised citizens to look over their shoulders frequently, adding that a large shopping mall can serve as a "long-term, even fun" refuge from zombies.
Such assertions alarm zombiologist Olivier Baptiste, who calls FUMA's information "hopelessly outdated."
"Dr. Aurora's claims are based on decades-old zombie models," Baptiste said. "Widely released evidence from recent years clearly shows that zombies can run just as fast, if not faster, than a living human."
Added Baptiste: "That FUMA trains its field agents to shoot zombies in the torso, rather than the head, demonstrates just how out of touch the government is."
Bingo! Thanks for saying it first and better.
There may be debate over the source of this warming (and from what I've read, I'm bending over backwards to be fair), but the evidence seems pretty clear that it is happening. What worries me is how fragile our current societies will prove to be in the face of big, (relatively) sudden changes like the ones described here. You hit the nail on the head:
The fact of the matter is that we've been living cushy with our modern technology in our idea of what the climate should be like. We haven't considered that major climate shifts could be possible, and thus have done nothing to adapt our technology to the variety of conditions that may be faced in the centuries ahead.
In the long run Earth will be fine; in the long run, Homo Sapiens may be fine too. But in the short run, I think there are going to be some mighty big jolts and pains as we adapt to a warming planet. You'll only be able to summarize it as "the climate changed, and we adapted" many, many centuries after the fact, when it's easy to be blase because it all happened so long ago.
Right now we're far too used to easy, cheap, polluting fossil fuel energy sources to just switch on a dime. You simply can't make 6 - 10 billion people (allowing for pop. growth) turn around and start using solar cells or hydrogen or whatever. That goes double for people like us (yes, I'm in there as well) who've gotten damned used to cheap energy, and triple for those in the developing world who are looking enviously at us and wondering why the hell they shouldn't get a piece of the pie as well.
If it's this bad now, it's going to get a lot worse. By the looks of things, it's going to get a lot worse pretty damned soon. And I do not believe that our societies are resilient enough to just absorb this w/o problems. We'll adapt, but it'll take a few hundred years, and it is not going to be fun in the meantime.
program? identity token? software? shelf? algorithm? application? office suite? server hardware? server software? virus scanner? product? network? method? word processor? network protocol? scheduling software? email client? vendor? invention? operating system? windows manager? website? web application? authoring software? network client? web browser? API? ABI? encoding standard? bug tracking software? revision control system? wiki? contact manager?
(Yep, stolen shamelessly from an earlier journal entry.)