"MasterCard said Saturday that 68,000 of its own account numbers were especially at risk because they were in a file found to have actually been "exported from the system."
So in reality, they are only saying that they know of 68k that were downloaded. I believe it should be treated as if the other 39 million were compromised. I mean if someone cracks a system on your network do you only consider passwords used on that machine to be compromised? No, you change them all!
Our NOC and Monitoring Facility is built on Linux. Up until 2000 we ran RedHat and we switched to Debian based on the recommendation of one of our senior programmers. Two years ago we began switching to Gentoo and today all of our workstations, most laptops, most of our servers, and monitoring cluster nodes are all running Gentoo. We have a lot of machines deployed including a lot of compact flash based remote monitoring nodes which are also running a heavily modified Gentoo install.
Why? Because of the big Sendmail exploit in early of 2003. We happened to be playing with Gentoo at the time on one soon to be mailserver. Running Debian Stable on our other inbound MXs, we waited and waited and waited for patched Sendmail packages. After 3 days we compiled our own binaries and replaced the existing ones until finally a patched Sendmail entered the Debian Stable tree almost TWO WEEKS LATE. The Gentoo box I was playing with had an ebuild for the patched sendmail source within three hours. We started our conversion to Gentoo that day, and we dropped out of Debian completely (I no longer even participate in the newsgroups or Debian Planet) because it takes SO STINKING LONG FOR ANYTHING TO CHANGE.
....but I'm quite happy and personally think I'm learning plenty. My father thinks otherwise, and the deadline for transferring successfully is approaching quickly.
Your father isn't the one who has to determine if you have learned enough for the jobs you want, your potential employers are.
What chance do I have in the real world with a not-so-prestigious degree?
As much as anyone else.
Am I likely to be learning what's important?
Probably not but it really donesn't have much to do with what institution is on your diploma. I'm a senior engineer and lead programmer in a network operations and monitoring center and am part of our interview team. In the last 5 years we have only hired one person based on their degree or certification, and that was for a specific contract period to complete a specific migration.
Of the CS grads and certification holders who come for interviews and pass (they get either probationary hiring or internship) less than 25% have necessary real world skills. We rarely hire anyone for any position except tier 1 unless they have at least 2-4 years experience in a real world enviornment. Unfortunately, most of the 'I have a BS in CS' and 'Hey, I have my CCNA, MCSE, and a CS major in programming' are not willing to work through a 6-12 month stint at Tier 1 or 1a (probationary tier 2).
Of our entire top engineering staff of about 20, only 3 have completed a CS degree. Of our developers and programmers (about 10), I'm the only one with ANY formal programming schooling at all.
I actually have taught classes at a local community college titled, "Problem solving and logic: Introduction to programming". Most colleges and schools no longer teach people how to think logically. The entire quarter is taught without using a computer. The gift for skillful programming in the real world has little to do with computers or languages.
Am I looking at a series of awful jobs if I don't transfer?"
Depends on how you define awful. Some people define Tier 1 (first to answer the phone, first to call someone and tell them their only BGP peer has gone down) as awful. The successful ones take it as an opportunity to learn the necessary skills they didn't learn in school. You are the one who determines what you get out of a job. Not to say that I haven't had my share of awful jobs, I've even been flat out fired a couple of times. But in almost every one, I have come away with some useful knowledge.
Just a side note here: We don't hire any engineer or programmer who can't learn Perl. We only have one programmer who only knows one language, most of the others have at least a basic working knowledge of three (including Perl).
...i.e...your power goes out...so does your phone.
So, how many wired phones do you have left? When power goes out your cordless phones die too. I know a number of people who don't even have a non-cordless phone left in their house.
...your net connection fails, so does your phone.
With more and more Telco carriers switching to VOIP internally, internet disruptions make this a systemic issue, not just limited to home VOIP. Most people will be facing this problem in the next 5 years or less, they just don't realize it.
...and there is the 9-1-1 situation that someone else pointed out.
Vonage (don't know about net2phone) has an effective and approved solution this this. I have tested it myself, and assuming you are capable of inputting the correct information about your physical address, the service works well.
...you may as well give up on the privacy concerns.Defeatist!:) Don't give up! Unfortunately those of us who DO care about their privacy seem to be in a shrinking minority. But that can be reversed.
What about the old cliche that "possession is nine-tenths of the law"? As long as only governments and large multi-national corporations have the resources to reach inner-solar space and field large enough security forces to protect their claim, who is going to effectively take their claim away ?
Once a group has a foothold in a region of space or another solar body, are any Earth based government leaders really going to risk their population, resources, and more importantly (or cynically) their political power to try and take it back?
Wow. That's pretty good. Is that US dollars? I spent nearly $350 US on my glasses last winter, and another $300 for prescription sunglasses which I needed since I have a 45 mile drive to work - drive east in the morning and west at night so I always have sun in my eyes.
I found it cheaper to get a single pair of good glasses that don't weigh a ton than to get cheap ones that I have to replace every year or two. I lead a fairly active lifestyle and so I tended to damage cheap glasses pretty quickly.
Most of the comments are pretty much what I expected to see when I saw the question.:)
I have worked (roughly in order) in the woods cutting cedar, landscaper's slave:), in a sawmill, as an apprentice chef (3 years), as a telemarketer, database administrator, financial and mutual fund portfolio analyst (i.e. slave number cruncher) for a financial management firm (for 8 years), a pc technician, tech manager, and now (for 5 years) as lead developer and senior network engineer.
I've owned two (failed) businesses - both in pc sales and consulting.
My current job is very high stress and long hours. One person said, "Compartmentalize." Well that doesn't always work. Another said, "You have no stress, only responsibility." I've heard people say that myself to me, but they don't know that our NOC handles PSAP - E911 traffie, PUD substation ethernet monitoring, etc. But I love my current job.
To all these people who are essentially calling him a whiner, you don't know what he's dealing with unless your in his shoes, so shut up unless you have some useful advice. =)
** ADVICE ** Every job I've had has had fairly high stress levels except for the cedar cutting. And eventually they all boil down to about the same level. If you don't want to leave your current job you need to find some activity outside of work that has NOTHING to do with work and uses preferably both physical and mental faculties. Take up a form of martial arts, or a musical instrument. Get involved in your home landscaping. Donate community service physical labor to the elderly in your community taking care or repairing their homes or yards. Get involved in a church that is *involved in your community*.
These things will help your stress level tremendously, lower your blood pressure, and you will find your job becomes much more pleasureable as well. And physical activity will help you retrain your thought patterns so that you aren't thinking about work all the time.
Small laptop (older one) with onboard NIC and PCMCIA NIC.
Ngrep, dnstop, nmap, tcpdump, iptraf, and we spent $99.00 for a license for nprobe which we use to export traffic patterns as netflow data.
I sometime use ethereal on a somewhat beefier system (dual 2.4 Xeon) to read in tcpdump files to analyze when I need to display something in a way that a PHB can understand.:)
Of all of these tools I think the nprobe, ngrep, iptraf, and dnstop are the ones I use the most. ngrep lets me grep an ethernet stream ("No, Mr Jones, it isn't sending the correct password to the mail server. No, I'm sure you put it correctly all four times. Yes, I'm sure that windows corrupted it in the registry again").
We use a mix of both. We run Gentoo on most of our SMP production servers (and unlike a previous post have never had any 'quality control' issues). Compile time on a good machine is minimal. A complete kernel build and building all programs necessary for a virtualhost mailserver takes under an hour for a Dual 2.4 Ghz Xeon with 2 GB RAM.
However for machines which need minimal clue level (i.e. for customer maintined machines we install into a customer network) we usually use Debian or RedHat unless there is a performance issue. The performance boost we see when comparing optimized source builds vs. generic architecture package builds (.deb,.rpm) is substantial.
We generally sit down internally and make a decision on which is going to provide the best performance:maintainence ratio.
Evil forces? Wow. Isn't that a little harsh? Why is your perspective good and their's evil? Is Spamming really evil? Or cracking? Obviously hacking is evil of course....:)
We have to be tolerant of others' viewpoints you know...can't have any of this "evil" language...in fact, because you obviously wounded the self image of those who live an alternate internet morality in which spamming is good and anti-spamming is evil, I think we should declare a Day of Amnesty for Spammers, crackers, and Anna Kournikova. Let them all gather in one place and rejoice.....now where's that pocket nuke....
Though your employer probably didn't do anything illegal, assuming you were an 'at will' employee, I'm thinking they probably will not give you a glowing reference. You should consult with an attorney to see if there is any recourse you may have since the results were 'secret'. You may have a legal right to view your employee file (depending our your country of employment), and I would think that the cause of termination would be recorded, in which case you may want/need to keep a copy for future use.
At the least I would check and see if there is anything you can do to obtain a copy of those records.
Nuclear reactors do not generate electricity. They heat water which creates steam which turns turbines which turn generators which generate electricity.
We use an ASP hosted custom ticketing system called T'aira that has the following features (partial list):
Multiple input methods: (email, web based, automated)
Assignment directly to staff members or departments.
Multiple realms (aka departments)
Hierarchical tiers withing each department or even across departments (escalation). Tiers can be based on criteria you desire (skillset, dept, management level, etc). One individual can be in different 'tiers' in different departments.
Email notifications outbound directly from within the system.
Auditing of tickets. Changes to tickets are logged.
System wide (administrator determines ) priority weighting based on various criteria. e.g. an unacknowledged ticket reporting an outage (entire floor can't print for example) would show up at the top of everyone's list.
Solved ticket reporting.
Assignment/Checkout/Do Not release functions for tickets.
It works pretty well for us, and its pretty generic. Some of the other users are some smaller ISPs, a couple of Public Utility Districts, a some public safety groups, school districts, etc.
Don't forget the fines. If you ever have to get inspected (say if you ever have an issue where you need to have the PUD turn off commercial power) you could get hit with LARGE fines and OSHA violations. This should be a big incentive to your management to make sure not to cut corners.
One of our customers - a school - nearly burned to the ground this last year due to a mis-wiring of a new circuit panel which was apparently wired wrong and the ground bus was open.
Then explain to me why I can do a 2k install on several identical dell machines with all latest MS HCL certified drivers, installing nothing but 2k + SP3, Office 2k + SP, and certain hotfixes for 2k, and Visio 2k and within a few days of use I will begin getting lockups and STOPs ?
If I install Visio first, then Office + SP, then install SP3 + hotfixes it's fine.
There isnt's a single non-ms product on these boxes and we've had Dell send us 2 replacement machines.
I know, we'll propose this new protocol and call anyone who objects a 'pro-spammer'. Then we can begin identifying them and hunting them down....of course then they will be able to get 'minority' designation and beat me out of my next civil service job application with extra 'minority' points on the interview.....ah heck with it, lets just all go back to world wide open relays.....
Many parents of the 50's-70's generation have no idea what their kids are doing on the internet, and would like to know.
Download all the popular chat clients, some irc clients, and install all the common browsers.
Offer clases teaching parents how to find browser history, change their security and ratings settings. Show them how to review chat history and url history for IM clients. How to check file sharing folders and search their computer for images, movies, etc.
You'll find that (80%) disinterest or not, you'll draw quite a few attendees, especially if you repeat the course and offer a basic and advanced course.
In the last 20 years there has been a vast change in the amount of information available to the average individual, an increase in the ways that information can be used, and an continual - even accelerating - change in information distribution (since the internet is really in it's infancy.
Do you feel that the current legal basis and defination of fair use for copyrighted works needs to be re-examined at the legislative and/or judicial level?
Please elaborate on why you feel yes or no, and if yes, what (if any) specific issues have you seen develop over the last few years which you feel would benefit from this review?
Slashdot Mirror
"MasterCard said Saturday that 68,000 of its own account numbers were especially at risk because they were in a file found to have actually been "exported from the system."
So in reality, they are only saying that they know of 68k that were downloaded. I believe it should be treated as if the other 39 million were compromised. I mean if someone cracks a system on your network do you only consider passwords used on that machine to be compromised? No, you change them all!
Next thing you know they'll be protesting the round earth theory and saying the moon landing was a fake.....
Our NOC and Monitoring Facility is built on Linux. Up until 2000 we ran RedHat and we switched to Debian based on the recommendation of one of our senior programmers. Two years ago we began switching to Gentoo and today all of our workstations, most laptops, most of our servers, and monitoring cluster nodes are all running Gentoo. We have a lot of machines deployed including a lot of compact flash based remote monitoring nodes which are also running a heavily modified Gentoo install.
Why? Because of the big Sendmail exploit in early of 2003. We happened to be playing with Gentoo at the time on one soon to be mailserver. Running Debian Stable on our other inbound MXs, we waited and waited and waited for patched Sendmail packages. After 3 days we compiled our own binaries and replaced the existing ones until finally a patched Sendmail entered the Debian Stable tree almost TWO WEEKS LATE. The Gentoo box I was playing with had an ebuild for the patched sendmail source within three hours. We started our conversion to Gentoo that day, and we dropped out of Debian completely (I no longer even participate in the newsgroups or Debian Planet) because it takes SO STINKING LONG FOR ANYTHING TO CHANGE.
....but I'm quite happy and personally think I'm learning plenty. My father thinks otherwise, and the deadline for transferring successfully is approaching quickly.
Your father isn't the one who has to determine if you have learned enough for the jobs you want, your potential employers are.
What chance do I have in the real world with a not-so-prestigious degree?
As much as anyone else.
Am I likely to be learning what's important?
Probably not but it really donesn't have much to do with what institution is on your diploma. I'm a senior engineer and lead programmer in a network operations and monitoring center and am part of our interview team. In the last 5 years we have only hired one person based on their degree or certification, and that was for a specific contract period to complete a specific migration.
Of the CS grads and certification holders who come for interviews and pass (they get either probationary hiring or internship) less than 25% have necessary real world skills. We rarely hire anyone for any position except tier 1 unless they have at least 2-4 years experience in a real world enviornment. Unfortunately, most of the 'I have a BS in CS' and 'Hey, I have my CCNA, MCSE, and a CS major in programming' are not willing to work through a 6-12 month stint at Tier 1 or 1a (probationary tier 2).
Of our entire top engineering staff of about 20, only 3 have completed a CS degree. Of our developers and programmers (about 10), I'm the only one with ANY formal programming schooling at all.
I actually have taught classes at a local community college titled, "Problem solving and logic: Introduction to programming". Most colleges and schools no longer teach people how to think logically. The entire quarter is taught without using a computer. The gift for skillful programming in the real world has little to do with computers or languages.
Am I looking at a series of awful jobs if I don't transfer?"
Depends on how you define awful. Some people define Tier 1 (first to answer the phone, first to call someone and tell them their only BGP peer has gone down) as awful. The successful ones take it as an opportunity to learn the necessary skills they didn't learn in school. You are the one who determines what you get out of a job. Not to say that I haven't had my share of awful jobs, I've even been flat out fired a couple of times. But in almost every one, I have come away with some useful knowledge.
Just a side note here: We don't hire any engineer or programmer who can't learn Perl. We only have one programmer who only knows one language, most of the others have at least a basic working knowledge of three (including Perl).
...i.e...your power goes out...so does your phone.
...your net connection fails, so does your phone.
...and there is the 9-1-1 situation that someone else pointed out.
...you may as well give up on the privacy concerns.
Defeatist! :) Don't give up! Unfortunately those of us who DO care about their privacy seem to be in a shrinking minority. But that can be reversed.
So, how many wired phones do you have left? When power goes out your cordless phones die too. I know a number of people who don't even have a non-cordless phone left in their house.
With more and more Telco carriers switching to VOIP internally, internet disruptions make this a systemic issue, not just limited to home VOIP. Most people will be facing this problem in the next 5 years or less, they just don't realize it.
Vonage (don't know about net2phone) has an effective and approved solution this this. I have tested it myself, and assuming you are capable of inputting the correct information about your physical address, the service works well.
What about the old cliche that "possession is nine-tenths of the law"? As long as only governments and large multi-national corporations have the resources to reach inner-solar space and field large enough security forces to protect their claim, who is going to effectively take their claim away ?
Once a group has a foothold in a region of space or another solar body, are any Earth based government leaders really going to risk their population, resources, and more importantly (or cynically) their political power to try and take it back?
Wow. That's pretty good. Is that US dollars? I spent nearly $350 US on my glasses last winter, and another $300 for prescription sunglasses which I needed since I have a 45 mile drive to work - drive east in the morning and west at night so I always have sun in my eyes.
I found it cheaper to get a single pair of good glasses that don't weigh a ton than to get cheap ones that I have to replace every year or two. I lead a fairly active lifestyle and so I tended to damage cheap glasses pretty quickly.
Most of the comments are pretty much what I expected to see when I saw the question. :)
:), in a sawmill, as an apprentice chef (3 years), as a telemarketer, database administrator, financial and mutual fund portfolio analyst (i.e. slave number cruncher) for a financial management firm (for 8 years), a pc technician, tech manager, and now (for 5 years) as lead developer and senior network engineer.
I have worked (roughly in order) in the woods cutting cedar, landscaper's slave
I've owned two (failed) businesses - both in pc sales and consulting.
My current job is very high stress and long hours. One person said, "Compartmentalize." Well that doesn't always work. Another said, "You have no stress, only responsibility." I've heard people say that myself to me, but they don't know that our NOC handles PSAP - E911 traffie, PUD substation ethernet monitoring, etc. But I love my current job.
To all these people who are essentially calling him a whiner, you don't know what he's dealing with unless your in his shoes, so shut up unless you have some useful advice. =)
** ADVICE ** Every job I've had has had fairly high stress levels except for the cedar cutting. And eventually they all boil down to about the same level. If you don't want to leave your current job you need to find some activity outside of work that has NOTHING to do with work and uses preferably both physical and mental faculties. Take up a form of martial arts, or a musical instrument. Get involved in your home landscaping. Donate community service physical labor to the elderly in your community taking care or repairing their homes or yards. Get involved in a church that is *involved in your community*.
These things will help your stress level tremendously, lower your blood pressure, and you will find your job becomes much more pleasureable as well. And physical activity will help you retrain your thought patterns so that you aren't thinking about work all the time.
Small laptop (older one) with onboard NIC and PCMCIA NIC.
:)
Ngrep, dnstop, nmap, tcpdump, iptraf, and we spent $99.00 for a license for nprobe which we use to export traffic patterns as netflow data.
I sometime use ethereal on a somewhat beefier system (dual 2.4 Xeon) to read in tcpdump files to analyze when I need to display something in a way that a PHB can understand.
Of all of these tools I think the nprobe, ngrep, iptraf, and dnstop are the ones I use the most. ngrep lets me grep an ethernet stream ("No, Mr Jones, it isn't sending the correct password to the mail server. No, I'm sure you put it correctly all four times. Yes, I'm sure that windows corrupted it in the registry again").
We use a mix of both. We run Gentoo on most of our SMP production servers (and unlike a previous post have never had any 'quality control' issues). Compile time on a good machine is minimal. A complete kernel build and building all programs necessary for a virtualhost mailserver takes under an hour for a Dual 2.4 Ghz Xeon with 2 GB RAM.
However for machines which need minimal clue level (i.e. for customer maintined machines we install into a customer network) we usually use Debian or RedHat unless there is a performance issue. The performance boost we see when comparing optimized source builds vs. generic architecture package builds (.deb,.rpm) is substantial.
We generally sit down internally and make a decision on which is going to provide the best performance:maintainence ratio.
Evil forces? Wow. Isn't that a little harsh? Why is your perspective good and their's evil? Is Spamming really evil? Or cracking? Obviously hacking is evil of course.... :)
We have to be tolerant of others' viewpoints you know...can't have any of this "evil" language...in fact, because you obviously wounded the self image of those who live an alternate internet morality in which spamming is good and anti-spamming is evil, I think we should declare a Day of Amnesty for Spammers, crackers, and Anna Kournikova. Let them all gather in one place and rejoice.....now where's that pocket nuke....
Though your employer probably didn't do anything illegal, assuming you were an 'at will' employee, I'm thinking they probably will not give you a glowing reference. You should consult with an attorney to see if there is any recourse you may have since the results were 'secret'. You may have a legal right to view your employee file (depending our your country of employment), and I would think that the cause of termination would be recorded, in which case you may want/need to keep a copy for future use.
At the least I would check and see if there is anything you can do to obtain a copy of those records.
So the HG2G "Don't Panic" sticker would be appropriate for your installation then? =)
No, they run up to X-10. Haven't you seen all the pop-unders about it? You can fry in the radiation and secretly watch your neighbor at the same time!
That this device is part of a vast right wing conspiracy to devise a machine to detect the presence of pr0n in your mail?
or wait...maybe it's a vast left wing conspiracy to detect the presence of the Rush Limbaugh newsletter.....
Archive Mirror (11 mB)
A copy of the 11 mB archive is mirrored here.
Nuclear reactors do not generate electricity. They heat water which creates steam which turns turbines which turn generators which generate electricity.
We use an ASP hosted custom ticketing system called T'aira that has the following features (partial list): Multiple input methods: (email, web based, automated) Assignment directly to staff members or departments. Multiple realms (aka departments) Hierarchical tiers withing each department or even across departments (escalation). Tiers can be based on criteria you desire (skillset, dept, management level, etc). One individual can be in different 'tiers' in different departments. Email notifications outbound directly from within the system. Auditing of tickets. Changes to tickets are logged. System wide (administrator determines ) priority weighting based on various criteria. e.g. an unacknowledged ticket reporting an outage (entire floor can't print for example) would show up at the top of everyone's list. Solved ticket reporting. Assignment/Checkout/Do Not release functions for tickets. It works pretty well for us, and its pretty generic. Some of the other users are some smaller ISPs, a couple of Public Utility Districts, a some public safety groups, school districts, etc.
Don't forget the fines. If you ever have to get inspected (say if you ever have an issue where you need to have the PUD turn off commercial power) you could get hit with LARGE fines and OSHA violations. This should be a big incentive to your management to make sure not to cut corners.
One of our customers - a school - nearly burned to the ground this last year due to a mis-wiring of a new circuit panel which was apparently wired wrong and the ground bus was open.
Then explain to me why I can do a 2k install on several identical dell machines with all latest MS HCL certified drivers, installing nothing but 2k + SP3, Office 2k + SP, and certain hotfixes for 2k, and Visio 2k and within a few days of use I will begin getting lockups and STOPs ?
If I install Visio first, then Office + SP, then install SP3 + hotfixes it's fine.
There isnt's a single non-ms product on these boxes and we've had Dell send us 2 replacement machines.
So it's a bi-directional mouse that swings both ways.....interesting.....
I wonder if we'll see discrimination lawsuits against companies that only provide uni-directional mice.
I know, we'll propose this new protocol and call anyone who objects a 'pro-spammer'. Then we can begin identifying them and hunting them down....of course then they will be able to get 'minority' designation and beat me out of my next civil service job application with extra 'minority' points on the interview.....ah heck with it, lets just all go back to world wide open relays.....
Many parents of the 50's-70's generation have no idea what their kids are doing on the internet, and would like to know.
Download all the popular chat clients, some irc clients, and install all the common browsers.
Offer clases teaching parents how to find browser history, change their security and ratings settings. Show them how to review chat history and url history for IM clients. How to check file sharing folders and search their computer for images, movies, etc.
You'll find that (80%) disinterest or not, you'll draw quite a few attendees, especially if you repeat the course and offer a basic and advanced course.
In the last 20 years there has been a vast change in the amount of information available to the average individual, an increase in the ways that information can be used, and an continual - even accelerating - change in information distribution (since the internet is really in it's infancy.
Do you feel that the current legal basis and defination of fair use for copyrighted works needs to be re-examined at the legislative and/or judicial level?
Please elaborate on why you feel yes or no, and if yes, what (if any) specific issues have you seen develop over the last few years which you feel would benefit from this review?