That means if an enterprise needs technical support they won't get 'sorry, but we don't support running Linux on our product, so you're on your own'.
Don't be naive. They are putting Linux on a list of "supported" applications. It doesn't mean you can call Microsoft and have them show you how to switch between modes in vi. At most it means that they will show you where to click to start the Guest OS.
Amazingly, yes. Apparently, the original license did not specify a time frame, so it could be interpreted as valid for undetermined time. The revised license seems to specify 1 year as the no-compete clause.
But Larry McVoy revoked the license. Doesn't that mean that the no-compete clause has been revoked with the rest of the license?
Good point, forgot about that in my calculations. So I guess this means that fiber has about 30% higher latency than radio in the large vacuum that is space.
Since latency's going to be over lightyears away, and TCP's no good using standard broadcast methods...
Lightyear is not a metric for time time, it's a metric for distance. Light travels @ 186,000 miles per second, a light year is equivalent to 186,000 * (60sec*60min*24hrs*365.25days) or approximately 5,869,713,600,000 miles.
Right now we have copper, fiber, and radio. We need something that'll be as fast as fiber, but will stretch way way longer in distance.
As far as I know fiber (optics) use light to travel within the cable. This means that the fiber cable is limited to the speed of light. Radio broadcasts, much like visible light, are forms of energy (electromagnetic) that travel at the speed of (get ready for this) light.
If you had a fiber cable from here to Mars, the latency would be the same as radio. It would most certainly have better throughput, but that's another story.
Perhaps there is a problem with your local Charter provider, and not necessarily an issue with Charter.
It really sucks when their DNS is DOWN and I have to use my work server IP to get in, look up each address by hand and then modify my hosts file to browse stuff. Of course, my neighbors are DOWN at that point...
You could try running a local caching server, that should get at least your most common sites for the duration of the TTL.
To the best of my knowledge, all of the information you provided is BS.
Actually, he is correct. That is the behavior exhibited by most dns servers.
Can you point me to anywhere in RFC1034/RFC1035/RFC2308/etc that says that the SOA record has anything to do with the TTL?
I can't because it's not there. I can however point to where it says the Serial # in the SOA needs to be changed for every record update in a zone. The fact that DNS cache's rely on the SOA serial changing to determine whether to expire old records or honor the TTL does not go against the RFC, but it's not explicity stated.
I have read most of the DNS RFCs, and the important ones very closely. I have looked carefully at DNS packets and I am working on a proposed RFC that will create a new DNS record type (for SPF).
Might be a good idea to look at the DNS servers from an administrative point of view. There's a lot you don't get from just reading RFC's and looking at packets.
Sorry, but allofmp3 has no agreement in place with the record cartels and the artists do not see a penny from your downloads. Buying music from them is the on-line equivalent of buying $1 DVD bootlegs on the street.
Are you insinuating that allofmp3 doesn't actually pay ROMS per download as stated on their web page? I believe in Russia it is the responsibility of the creator to register with ROMS to get paid for the downloads.
If the US media cartels haven't done that, then it is no fault of mine that they aren't recieving payment. This is not akin to buying bootlegs on the street for $1, it's more akin to buying a cd on the streets of Russia for 50 Ruples without paying for the flight.
I'll stop taking advatage of loopholes in laws when the following happens:
1) The media cartels stop treating me like a thief! Get a clue assholes, I can get higher bit rate dupes off of KaZaA than I get from iTunes. Why is it that I have less access to my purchased music than my friends who pirate. I can't let my buddies at the office listen to my purchased music via iTunes built in Sharing without giving them my login/pass. I can't get Apple to deauthorize 1 of the machines in my account that no longer exists (formatted, installed YDL), yet supposedly I'm allowed to listen to my music on five computers!?!?
2) They need to stop pushing for bullshit legislation. As long as the media conglomerates keep passing laws to strip away my rights I won't buy from you!
3) They need to stop gouging me. When I was growing up, the cartels told us all that we would have cd's for five dollars as technology gets better and it gets cheaper to make. Now I can buy a dvd (w/ extras) for less than the soundtrack for the same movie. What in the fuck is that, are you telling me that the movie was cheaper to make than the goddamn soundtrack? If so, it's time to start changing the business to lower overhead, I mean seriously!?!?!?!?
I am not a pirate and the first thing I use to do with iTunes songs was strip the DRM with jHymm. I hate how people automatically equate DRM stripping with piracy, as stated before higher quality rips are on KaZaA for free. if I wanted to pirate, I'd download from there!
Now I just stick with buying with allofmp3, it's legal and it's pretty untouchable. When the US based businesses want to come back to the table and negotiate the stuff on my list I'll be back as a consumer, until then I have allofmp3. Even the RIAA doesn't have enough balls to go against the goddamn Russian Mafia!
There lies the key to the conflict with Regular People and IT folks. You love it when the users you are servicing get screwed. And you really hate it when someone takes initiative and actually gets concerned about their network.
I don't love it when a user we are servicing gets screwed. In a perfect world the user would have came to us and I would have simply provided him access to our archived nessus scans and/or showed him how to safely conduct his own. We would have talked and it would have been over.
Going to upper management was his mistake, and when his foot was in his mouth he got in trouble for it. I was not involved in anything other than explaining the details of the results to management and why they were non-issues.
Both of those traits hinder your ability to do your job, ie, service the Money Making employees by keeping their network in peak usability.
Point of fact I bill 95% of my time to a project, same as him. I run HPC Clusters for scientists, he writes code for scientists. In this case for related projects.
While I'm on the subject, that does not mean by whatever obscure metric you use to measure network performance. It means seeing how the actual people using the network are getting along with it, and changing the network to meet their needs.
Perhaps you missed where we are a government installation. We can't just let users do whatever they want/need. It must be in line with the general rules dictated by our Government overlords. This gets annoying for us too, since we aren't always allowed to do what makes the most amount of sense. But that is the nature of our work.
You are in a service position. The janitor at a company plays an important role. But we dont cancel work Wednesday at 10am so they can wax the floor.
The janitors position is a nicety, not a requirement to get work done here. If the network isn't running here, we make $0 for the day.
For this analogy to make sense it would have to be slightly modified. Such as a small marketing firm which has a huge mess and a major client coming later that night. I guarantee that such a place would close down for a bit to let the janitor do what he does.
And no one gets suspended for a week for suggesting that the rug gets vaccuumed more often. Get off your horse. Your job is to service those very people you revile.
Don't tell me what my job is, because i guarantee you that you don't know. My job is to service the same people my co-worker services. We are a team, and he broke the rules.
Is jealousy or insecurity the motivation behind your IT attitude? Who knows. But stop whining about people suggesting you, the technical janitor, clean something up.
I wasn't bitching that someone asked me to clean something up. I was pissed that someone badmouthed our team to management about how our entire facility was such as mess while looking through broken night vision goggles. He doesn't know security, networks or systems like us sysadmins.
More importantly nessus has built in DoS's, had he misconfigured this and took down a production server he most certainly would have both affected business and/or gotten himself fired. These rules exist for a reason. Stop acting like an insecure two year old with a god complex.
If their suggestion doesnt make sense, laugh at them. But suspended for a week? Good thing that story isnt true, and its just your IT wet dream.
No, I prefer to spread education. Explain to the user why it doesn't make sense. However I wasn't given the opportunity. Also I didn't suspend anyone, my manager did. He wanted to be harsher and fire him in fact, I pushed hard to let the guy off, since he thought he was helping in some twisted roundabout way. In the end his manager and my manager compromised on a week suspension.
You have a seriously mixed up perspective on this situation. Personally at the end, I was happy because I got a strong ally. The user is very geeky and now we work together since he realized my job isn't as simple as he once thought. I've not run into a single user who has disliked the way IT is run here because we are very responsive to our users needs within reason (IE Government overlords allow it).
Good story. One question though: Why didn't you detect his scan, and shut him down before he finished.
Because he didn't scan any of the machines that I work on. We are an offsite Gubmint facility, with each project having their own administrators. I, myself, work on a project.
The other administrators did notice, but assumed it was my scan since it came from an internal IP. I did go over IT infrastructure policy where it states that all scans are come from itscan.domain!
Better yet, have security walk into his cube and escort him out as the scan is finishing.
Because he is an awesome developer and to lose him would set back a major project. Got to pick your battles. Besides I don't want to get a guy fired, unless it's blatant abuse. In this case the guy did think he was doing a service. And since the fiasco, he's been one of our greatest supporters. He understands our work is more involved than he had originally suspected.
I'll grant that intrusion detection is hard. (and you have to deal with false positives from your department) There are valid reasons not to do it. I just want to know if you have a valid reason for not noticing his scan in real time.
Cite some examples, or else this looks like you're complaining that tightening security holes would be/whine "hard work." Well, it'll be harder after some n00b takes my personal information off your insecure system. Fix it, or consider changing careers instead of being yet another BOFH.
The poster had stated that the report came from "well-known open-source security scanner" which I can only assume means that it was generated from Nessus. As someone who runs Nessus on a regular basis for my company I have to say that the reports generated from nessus can be next to useless if not properly interpretted.
For example it will flag our RHEL boxes for running Apache 2.0.46 due to some obscure DoS or bug. Recommendation: Upgrade to latest. However it doesn't take into account that Red Hat has backported the fix into 2.0.46 and that RH Apache 2.0.46 is not vulnerable.
In addition, Nessus bitches about everything it sees, such as mail.domain.com is listening in on port 25. This is not a security risk, but rather intended behaviour.
I found myself in a similar position last year when a user brought in his home laptop and scanned the internal net with Nessus. This user brought the results to upper management at my company without even talking to us sysadmin folks. The manager freaked when she saw her servers so "vulnerable" and asked the sysadmin manager "what the hell is going on?".
Fortunately I had been conducting weekly Nessus scans myself. I showed my manager our archive dating back for months, and explained how this is prone to false positives. Explained how we had taken care of the real problems, and what can show as a false positive. He was impressed, went back to the other manager and explained the rest. In addition he had the user suspended for a week without pay for violating the terms of service for our network.
Long story short, cover your ass and run your own scans. Take care of issues as they come up. If a consulting company comes in and just runs a Nessus scan on your network, explain to your managers how the company is not offering anything new and how they haven't put any effort into interpretting the results.
It's not about spin, it's about interpretting what a security risk truly is.
1) Lossless compression: Think zip/rar/sit/tar.gz etc. These output the source file bit for bit when decompressed.
2) Lossy compression: Think JPEG/MPEG/MP3 etc. These output with a lot of data stripped off, the best lossy compression attempts to remove as much as possible without affecting quality too much.
Just because something is compressed doesn't mean anything is lost.
No DRM. I mean the format the music Industry WANTS us to use, the one they bemoan the loss of sales in, has no DRM whatsoever, *and* is higher quality than any of the DRM-protected formats. I mean if the Industry really thoughjt DRM was anything but a lever to control the market with they'd quit shipping CDs today!
Good point! I think the better point is that if one wanted to be a pirate, one would download from WinMX or BitTorrent. These places have higher bit rate downloads with no encryption. People purchase music because they want to be legal about things, and putting in artificial restrictions just limits my "fair use" rights to content I purchased.
Case in point, I love Apple's iTunes and iPod combo. Works great, but none of my friends at work can listen to my shared music without having my user/pass to iTunes. What the hell is that? It's limitations like this that make me jHymm my music upon download!
However, with datafiles (as opposed to a service like Steam or Tivo), we have the option of removing the DRM if such an occurance takes place.
Not always possible. Apple's DRM can't be stripped without Apple existing. You can burn to CD and re-rip, but that entails quality loss.
If Apple went belly-up tomorrow, We'd use Hymn on all of our music and be fine.
Seeing as how Hymm has to connect to Apple's servers to get keys to unlock your Music, if you were worried about Apple going belly-up (yeah right) or them retiring iTunes (possible, though unlikely) then you should unlock your music ASAP!
So while I would love to see open formats (I hate dealing with copy protected abandonware games), in this case the DRM is less burdensome.
I agree 100%. I hate having to download nocd patches, but it's the only way to run most games without having to deal with the DRM. At least some companies are getting the message, for example when Epic released Unreal Tournament 2004, they released a legit nocd patch for the original Unreal Tournament.
No, FreeBSD is more secure becuase it uses a very mature codebase and has much better quality control than Linux does.
Yes, listen to the Anonymous Coward, having a more mature codebase doesn't mean you're too slow/agile to implement new things. It mean's you're secure and have better quality control.
As proof I'd like to offer sendmail (also from the BSD group)! Why I'd never trust that Johnny Come Lately's qmail or postfix for e-mail when a mature codebase such as sendmail has been around for so long. ..
And as we all know bind (once again BSD group) is damn near synonymous with DNS because it is also the most mature code base . ..
For all you that can't read between the lines I am being sarcastic.
So far my MP3 player is drag, burn and play. (CD based) but it doesn't dink with the files. It also does not do DRM, so that leaves me out of the legal download market and I just stay with ripped CD's.
Not true, iTunes can burn mp3 cd's without any flack. Including the legally purchased Music.
Simply hit CTRL-, and go to "Burning", select MP3 CD. Voila!
Oh, so you say that all those "Unix shell accounts" traded "you know where" are in fact Windows shell accounts?
I believe that's different. It's harder to run a secure service where people are given access vs. a home pc. For example if you sell shells for IRC bots, you are giving a number of possibly dubious folks access to your machine. If improperly administered this could be a nightmare.
On a typical home Linux box, the firewall is enabled by default and you are discouraged from running as root. That takes care of most of your target surface. It won't stop the terminally stupid who get e-mails that say "chmod +x file ;./file" at the terminal, but still highly protected.
I guess this is a true testament to Windows Admins, but a really telling tale of default Windows security.
My mom has a DI-524 at their house, and it works perfectly when I'm there. For the record, she used to have a Linksys that crashed every day. I finally got her to switch to D-Link by refusing to help her anymore until she got rid of the Linksys. Her boyfriend also has a DI-524 at his place, and it works perfectly.
I have a DI-524 and it is the biggest piece of shit ever created. The latest firmware (1.05) handles WPA properly, but can't do Mac address filtering and crashes every few minutes. The older firmware (1.03) doesn't handle wpa properly.
It's a shitty router that D-Link has pretty much given up on ever releasing working firmwares for. I hate the fact that ever wireless router I buy get's dumped shortly after.
I get plenty of calls from MCSE's telling me that our DHCP server is down, our internet connection is down because they can't ping outside of the gateway, etc. etc....and they didn't take 5 seconds to read the card in their room, or realize what having a 169 ip address means...
Typically having a 169 address means that the dhcp client timed out and assigned a zeroconf address. In some cases this means that the DHCP Server is down.
He could also be using the Mac... and thereby avoiding M$'s reverse engineering (badly) the windowing desktop interface as well.
What about the fact that the Mac reverse engineer'd Xerox's interface!?!?
Re:They just want better pricing from Intel
on
Dell Might do AMD
·
· Score: 1
I've had motherboards in the past that could handle both Intel and AMD, this use to be the norm. I once had a machine where everything but the sound card worked with an AMD chip, but with an Intel chip everything worked.
I've had random crashes back in the NT days. Major overheating issues and various other problems that I never had with any Intel (or even Cyrix) chips. I've even experienced random reboots and various other things in the Athlon series (not XP/MP or 64). AMD was always a sub par processor up until the advent of their 64 bit extensions.
I have worked as a sysadmin for 10 years now, and all of my co-workers had similar experiences. I do not believe I had too unusual of an experience, and I know many are still jaded from using AMD procs in anything that requires an uptime of more than 2 days.
Re:They just want better pricing from Intel
on
Dell Might do AMD
·
· Score: 2, Interesting
... the Athlon 64, while not priced as aggressively as AMD's chips in the past, ends up offering better performance than the Pentium 4, for less money. What more could you want?
Obviously some people want it to say Intel at any cost.
As someone who has been using computers since the late 80's, it should be noted that AMD was not always the pinnacle of quality that they are today. Anything from random crashes to peripherals not working properly were a sign of an AMD proc in my day.
A lot of us old fogies (I'm 24, just started early) are still a bit jaded from our previous experiences. I use to swear that I'd never buy an AMD again, along with Apple. I've now have both! The Linaire laptop and an iBook. Just saying, it takes time . . .
Slashdot Mirror
Of course I'd expect nothing else from Microsoft, but oh well, maybe Microsoft still feels threatened by OS/2?
More than likely, they just don't want to waste resources on an OS primarily used in ATM's these days . . .
That means if an enterprise needs technical support they won't get 'sorry, but we don't support running Linux on our product, so you're on your own'.
Don't be naive. They are putting Linux on a list of "supported" applications. It doesn't mean you can call Microsoft and have them show you how to switch between modes in vi. At most it means that they will show you where to click to start the Guest OS.
Amazingly, yes. Apparently, the original license did not specify a time frame, so it could be interpreted as valid for undetermined time. The revised license seems to specify 1 year as the no-compete clause.
But Larry McVoy revoked the license. Doesn't that mean that the no-compete clause has been revoked with the rest of the license?
Good point, forgot about that in my calculations. So I guess this means that fiber has about 30% higher latency than radio in the large vacuum that is space.
I expect to be modded as troll, but I must test your theory!?!?!
Since latency's going to be over lightyears away, and TCP's no good using standard broadcast methods...
Lightyear is not a metric for time time, it's a metric for distance. Light travels @ 186,000 miles per second, a light year is equivalent to 186,000 * (60sec*60min*24hrs*365.25days) or approximately 5,869,713,600,000 miles.
Right now we have copper, fiber, and radio. We need something that'll be as fast as fiber, but will stretch way way longer in distance.
As far as I know fiber (optics) use light to travel within the cable. This means that the fiber cable is limited to the speed of light. Radio broadcasts, much like visible light, are forms of energy (electromagnetic) that travel at the speed of (get ready for this) light.
If you had a fiber cable from here to Mars, the latency would be the same as radio. It would most certainly have better throughput, but that's another story.
Not all DNS servers listen in on tcp/53, remember that telnet establishes tcp only connections and dns is typically udp/53.
Also, I have charter and I just did this:Perhaps there is a problem with your local Charter provider, and not necessarily an issue with Charter.
It really sucks when their DNS is DOWN and I have to use my work server IP to get in, look up each address by hand and then modify my hosts file to browse stuff. Of course, my neighbors are DOWN at that point...
You could try running a local caching server, that should get at least your most common sites for the duration of the TTL.
To the best of my knowledge, all of the information you provided is BS.
Actually, he is correct. That is the behavior exhibited by most dns servers.
Can you point me to anywhere in RFC1034/RFC1035/RFC2308/etc that says that the SOA record has anything to do with the TTL?
I can't because it's not there. I can however point to where it says the Serial # in the SOA needs to be changed for every record update in a zone. The fact that DNS cache's rely on the SOA serial changing to determine whether to expire old records or honor the TTL does not go against the RFC, but it's not explicity stated.
I have read most of the DNS RFCs, and the important ones very closely. I have looked carefully at DNS packets and I am working on a proposed RFC that will create a new DNS record type (for SPF).
Might be a good idea to look at the DNS servers from an administrative point of view. There's a lot you don't get from just reading RFC's and looking at packets.
Sorry, but allofmp3 has no agreement in place with the record cartels and the artists do not see a penny from your downloads. Buying music from them is the on-line equivalent of buying $1 DVD bootlegs on the street.
Are you insinuating that allofmp3 doesn't actually pay ROMS per download as stated on their web page? I believe in Russia it is the responsibility of the creator to register with ROMS to get paid for the downloads.
If the US media cartels haven't done that, then it is no fault of mine that they aren't recieving payment. This is not akin to buying bootlegs on the street for $1, it's more akin to buying a cd on the streets of Russia for 50 Ruples without paying for the flight.
I'll stop taking advatage of loopholes in laws when the following happens:
1) The media cartels stop treating me like a thief! Get a clue assholes, I can get higher bit rate dupes off of KaZaA than I get from iTunes. Why is it that I have less access to my purchased music than my friends who pirate. I can't let my buddies at the office listen to my purchased music via iTunes built in Sharing without giving them my login/pass. I can't get Apple to deauthorize 1 of the machines in my account that no longer exists (formatted, installed YDL), yet supposedly I'm allowed to listen to my music on five computers!?!?
2) They need to stop pushing for bullshit legislation. As long as the media conglomerates keep passing laws to strip away my rights I won't buy from you!
3) They need to stop gouging me. When I was growing up, the cartels told us all that we would have cd's for five dollars as technology gets better and it gets cheaper to make. Now I can buy a dvd (w/ extras) for less than the soundtrack for the same movie. What in the fuck is that, are you telling me that the movie was cheaper to make than the goddamn soundtrack? If so, it's time to start changing the business to lower overhead, I mean seriously!?!?!?!?
I am not a pirate and the first thing I use to do with iTunes songs was strip the DRM with jHymm. I hate how people automatically equate DRM stripping with piracy, as stated before higher quality rips are on KaZaA for free. if I wanted to pirate, I'd download from there!
Now I just stick with buying with allofmp3, it's legal and it's pretty untouchable. When the US based businesses want to come back to the table and negotiate the stuff on my list I'll be back as a consumer, until then I have allofmp3. Even the RIAA doesn't have enough balls to go against the goddamn Russian Mafia!
There lies the key to the conflict with Regular People and IT folks. You love it when the users you are servicing get screwed. And you really hate it when someone takes initiative and actually gets concerned about their network.
I don't love it when a user we are servicing gets screwed. In a perfect world the user would have came to us and I would have simply provided him access to our archived nessus scans and/or showed him how to safely conduct his own. We would have talked and it would have been over.
Going to upper management was his mistake, and when his foot was in his mouth he got in trouble for it. I was not involved in anything other than explaining the details of the results to management and why they were non-issues.
Both of those traits hinder your ability to do your job, ie, service the Money Making employees by keeping their network in peak usability.
Point of fact I bill 95% of my time to a project, same as him. I run HPC Clusters for scientists, he writes code for scientists. In this case for related projects.
While I'm on the subject, that does not mean by whatever obscure metric you use to measure network performance. It means seeing how the actual people using the network are getting along with it, and changing the network to meet their needs.
Perhaps you missed where we are a government installation. We can't just let users do whatever they want/need. It must be in line with the general rules dictated by our Government overlords. This gets annoying for us too, since we aren't always allowed to do what makes the most amount of sense. But that is the nature of our work.
You are in a service position. The janitor at a company plays an important role. But we dont cancel work Wednesday at 10am so they can wax the floor.
The janitors position is a nicety, not a requirement to get work done here. If the network isn't running here, we make $0 for the day.
For this analogy to make sense it would have to be slightly modified. Such as a small marketing firm which has a huge mess and a major client coming later that night. I guarantee that such a place would close down for a bit to let the janitor do what he does.
And no one gets suspended for a week for suggesting that the rug gets vaccuumed more often. Get off your horse. Your job is to service those very people you revile.
Don't tell me what my job is, because i guarantee you that you don't know. My job is to service the same people my co-worker services. We are a team, and he broke the rules.
Is jealousy or insecurity the motivation behind your IT attitude? Who knows. But stop whining about people suggesting you, the technical janitor, clean something up.
I wasn't bitching that someone asked me to clean something up. I was pissed that someone badmouthed our team to management about how our entire facility was such as mess while looking through broken night vision goggles. He doesn't know security, networks or systems like us sysadmins.
More importantly nessus has built in DoS's, had he misconfigured this and took down a production server he most certainly would have both affected business and/or gotten himself fired. These rules exist for a reason. Stop acting like an insecure two year old with a god complex.
If their suggestion doesnt make sense, laugh at them. But suspended for a week? Good thing that story isnt true, and its just your IT wet dream.
No, I prefer to spread education. Explain to the user why it doesn't make sense. However I wasn't given the opportunity. Also I didn't suspend anyone, my manager did. He wanted to be harsher and fire him in fact, I pushed hard to let the guy off, since he thought he was helping in some twisted roundabout way. In the end his manager and my manager compromised on a week suspension.
You have a seriously mixed up perspective on this situation. Personally at the end, I was happy because I got a strong ally. The user is very geeky and now we work together since he realized my job isn't as simple as he once thought. I've not run into a single user who has disliked the way IT is run here because we are very responsive to our users needs within reason (IE Government overlords allow it).
Can I place a formal request that you start hacking internet explorer?
No! That's a job best left to qualified scr1pt k1dd13s!
Good story. One question though: Why didn't you detect his scan, and shut him down before he finished.
Because he didn't scan any of the machines that I work on. We are an offsite Gubmint facility, with each project having their own administrators. I, myself, work on a project.
The other administrators did notice, but assumed it was my scan since it came from an internal IP. I did go over IT infrastructure policy where it states that all scans are come from itscan.domain!
Better yet, have security walk into his cube and escort him out as the scan is finishing.
Because he is an awesome developer and to lose him would set back a major project. Got to pick your battles. Besides I don't want to get a guy fired, unless it's blatant abuse. In this case the guy did think he was doing a service. And since the fiasco, he's been one of our greatest supporters. He understands our work is more involved than he had originally suspected.
I'll grant that intrusion detection is hard. (and you have to deal with false positives from your department) There are valid reasons not to do it. I just want to know if you have a valid reason for not noticing his scan in real time.
See above!
Cite some examples, or else this looks like you're complaining that tightening security holes would be /whine "hard work." Well, it'll be harder after some n00b takes my personal information off your insecure system. Fix it, or consider changing careers instead of being yet another BOFH.
The poster had stated that the report came from "well-known open-source security scanner" which I can only assume means that it was generated from Nessus. As someone who runs Nessus on a regular basis for my company I have to say that the reports generated from nessus can be next to useless if not properly interpretted.
For example it will flag our RHEL boxes for running Apache 2.0.46 due to some obscure DoS or bug. Recommendation: Upgrade to latest. However it doesn't take into account that Red Hat has backported the fix into 2.0.46 and that RH Apache 2.0.46 is not vulnerable.
In addition, Nessus bitches about everything it sees, such as mail.domain.com is listening in on port 25. This is not a security risk, but rather intended behaviour.
I found myself in a similar position last year when a user brought in his home laptop and scanned the internal net with Nessus. This user brought the results to upper management at my company without even talking to us sysadmin folks. The manager freaked when she saw her servers so "vulnerable" and asked the sysadmin manager "what the hell is going on?".
Fortunately I had been conducting weekly Nessus scans myself. I showed my manager our archive dating back for months, and explained how this is prone to false positives. Explained how we had taken care of the real problems, and what can show as a false positive. He was impressed, went back to the other manager and explained the rest. In addition he had the user suspended for a week without pay for violating the terms of service for our network.
Long story short, cover your ass and run your own scans. Take care of issues as they come up. If a consulting company comes in and just runs a Nessus scan on your network, explain to your managers how the company is not offering anything new and how they haven't put any effort into interpretting the results.
It's not about spin, it's about interpretting what a security risk truly is.
What the hell do you mean CODEC and LOSSLESS?
You guys make everything way too complex.
There are two methods for compressing data:
1) Lossless compression: Think zip/rar/sit/tar.gz etc. These output the source file bit for bit when decompressed.
2) Lossy compression: Think JPEG/MPEG/MP3 etc. These output with a lot of data stripped off, the best lossy compression attempts to remove as much as possible without affecting quality too much.
Just because something is compressed doesn't mean anything is lost.
No DRM. I mean the format the music Industry WANTS us to use, the one they bemoan the loss of sales in, has no DRM whatsoever, *and* is higher quality than any of the DRM-protected formats. I mean if the Industry really thoughjt DRM was anything but a lever to control the market with they'd quit shipping CDs today!
Good point! I think the better point is that if one wanted to be a pirate, one would download from WinMX or BitTorrent. These places have higher bit rate downloads with no encryption. People purchase music because they want to be legal about things, and putting in artificial restrictions just limits my "fair use" rights to content I purchased.
Case in point, I love Apple's iTunes and iPod combo. Works great, but none of my friends at work can listen to my shared music without having my user/pass to iTunes. What the hell is that? It's limitations like this that make me jHymm my music upon download!
However, with datafiles (as opposed to a service like Steam or Tivo), we have the option of removing the DRM if such an occurance takes place.
Not always possible. Apple's DRM can't be stripped without Apple existing. You can burn to CD and re-rip, but that entails quality loss.
If Apple went belly-up tomorrow, We'd use Hymn on all of our music and be fine.
Seeing as how Hymm has to connect to Apple's servers to get keys to unlock your Music, if you were worried about Apple going belly-up (yeah right) or them retiring iTunes (possible, though unlikely) then you should unlock your music ASAP!
So while I would love to see open formats (I hate dealing with copy protected abandonware games), in this case the DRM is less burdensome.
I agree 100%. I hate having to download nocd patches, but it's the only way to run most games without having to deal with the DRM. At least some companies are getting the message, for example when Epic released Unreal Tournament 2004, they released a legit nocd patch for the original Unreal Tournament.
No, FreeBSD is more secure becuase it uses a very mature codebase and has much better quality control than Linux does.
.
.
Yes, listen to the Anonymous Coward, having a more mature codebase doesn't mean you're too slow/agile to implement new things. It mean's you're secure and have better quality control.
As proof I'd like to offer sendmail (also from the BSD group)! Why I'd never trust that Johnny Come Lately's qmail or postfix for e-mail when a mature codebase such as sendmail has been around for so long. .
And as we all know bind (once again BSD group) is damn near synonymous with DNS because it is also the most mature code base . .
For all you that can't read between the lines I am being sarcastic.
So far my MP3 player is drag, burn and play. (CD based) but it doesn't dink with the files. It also does not do DRM, so that leaves me out of the legal download market and I just stay with ripped CD's.
Not true, iTunes can burn mp3 cd's without any flack. Including the legally purchased Music.
Simply hit CTRL-, and go to "Burning", select MP3 CD. Voila!
Oh, so you say that all those "Unix shell accounts" traded "you know where" are in fact Windows shell accounts?
./file" at the terminal, but still highly protected.
I believe that's different. It's harder to run a secure service where people are given access vs. a home pc. For example if you sell shells for IRC bots, you are giving a number of possibly dubious folks access to your machine. If improperly administered this could be a nightmare.
On a typical home Linux box, the firewall is enabled by default and you are discouraged from running as root. That takes care of most of your target surface. It won't stop the terminally stupid who get e-mails that say "chmod +x file ;
I guess this is a true testament to Windows Admins, but a really telling tale of default Windows security.
My mom has a DI-524 at their house, and it works perfectly when I'm there. For the record, she used to have a Linksys that crashed every day. I finally got her to switch to D-Link by refusing to help her anymore until she got rid of the Linksys. Her boyfriend also has a DI-524 at his place, and it works perfectly.
I have a DI-524 and it is the biggest piece of shit ever created. The latest firmware (1.05) handles WPA properly, but can't do Mac address filtering and crashes every few minutes. The older firmware (1.03) doesn't handle wpa properly.
It's a shitty router that D-Link has pretty much given up on ever releasing working firmwares for. I hate the fact that ever wireless router I buy get's dumped shortly after.
I get plenty of calls from MCSE's telling me that our DHCP server is down, our internet connection is down because they can't ping outside of the gateway, etc. etc....and they didn't take 5 seconds to read the card in their room, or realize what having a 169 ip address means...
Typically having a 169 address means that the dhcp client timed out and assigned a zeroconf address. In some cases this means that the DHCP Server is down.
He could also be using the Mac... and thereby avoiding M$'s reverse engineering (badly) the windowing desktop interface as well.
What about the fact that the Mac reverse engineer'd Xerox's interface!?!?
I've had motherboards in the past that could handle both Intel and AMD, this use to be the norm. I once had a machine where everything but the sound card worked with an AMD chip, but with an Intel chip everything worked.
I've had random crashes back in the NT days. Major overheating issues and various other problems that I never had with any Intel (or even Cyrix) chips. I've even experienced random reboots and various other things in the Athlon series (not XP/MP or 64). AMD was always a sub par processor up until the advent of their 64 bit extensions.
I have worked as a sysadmin for 10 years now, and all of my co-workers had similar experiences. I do not believe I had too unusual of an experience, and I know many are still jaded from using AMD procs in anything that requires an uptime of more than 2 days.
Obviously some people want it to say Intel at any cost.
As someone who has been using computers since the late 80's, it should be noted that AMD was not always the pinnacle of quality that they are today. Anything from random crashes to peripherals not working properly were a sign of an AMD proc in my day.
A lot of us old fogies (I'm 24, just started early) are still a bit jaded from our previous experiences. I use to swear that I'd never buy an AMD again, along with Apple. I've now have both! The Linaire laptop and an iBook. Just saying, it takes time . . .
What about all the leet vhosts that will appear on irc, such as five.dollas.for.blow.jobs or the unforgettable shit.breath.comes.from.rim.jobs.